An issue was discovered in Online Diagnostic Lab Management System 1.0. There is a stored XSS vulnerability via firstname, address, middlename, lastname , gender, email, contact parameters.

**CVE-2022-37150**

Online Diagnostic Lab Management System Stored XSS

Vul name: odlms stored xss

Affected Product: Online Diagnostic Lab Management System v1.0

Affected or fixed version(s): At present, the manufacturer has not released an upgrade patch to fix this security problem

Vul Type:Cross-site script

Impact: The vulnerability can be used to excute any js script by hackers, which causes cookies disclosure, js script injection and phishing.

vul page: /fw.login.php

vul param: firstname, address, middlename, lastname , gender, email, contact

payload: 

Source Code: https://www.sourcecodester.com/php/15129/online-diagnostic-lab-management-system-php-free-source-code.html

CVE-2022-37150: GitHub - Fjowel/CVE-2022-37150: Online Diagnostic Lab Management System Stored XSS

OpenSSF welcomes Capital One as a premier member affirming its commitment to strengthening the open source software supply chain.

**SAN FRANCISCO, Aug. 24, 2022** — Capital One joins the Open Source Security Foundation (OpenSSF) as a premier member, affirming its commitment to strengthening the open source software supply chain. OpenSSF is a cross-industry organization hosted at the Linux Foundation, designed to inspire and enable the community to secure the open source software we all depend on, including development, testing, fundraising, infrastructure, and support initiatives.

Capital One joins the OpenSSF Governing Board in charge of leading the organization and providing strategic direction. “We are happy to welcome Capital One to the Open Source Security Foundation,” says Brian Behlendorf, General Manager of OpenSSF. “As a highly regulated company that has invested in technology, Capital One has experience building the governance structure, modern architecture and collaborative culture that is critical for well-managed open source software delivery. By joining the OpenSSF, Capital One is demonstrating a serious commitment to secure open source software that benefits our entire ecosystem.”

As one of the nation’s leading digital banks, technology is central to Capital One’s business strategy and how value is delivered to more than 100 million customers. The company began a technology transformation over a decade ago, which included an open source-first declaration in 2015. A modern architecture in the cloud is allowing Capital One to take advantage of the world’s innovations and accelerate delivery by committing to a collaborative software-building approach among the open source community.

“Today some of the most ground-breaking digital experiences created for customers are based on open source software. As a company that widely adopts this technology, Capital One is incredibly proud to join the OpenSSF and the world’s technology leaders as we collaborate to strengthen the software security supply chain,” said Chris Nims, EVP of Cloud & Productivity Engineering at Capital One. “As a highly-regulated company, we are seasoned in managing compliance and governance and advocate for standardization, automation and collaboration. We look forward to working together to identify solutions that advance the OpenOSSF mission and give back to the open source community.”

Earlier this year, the OpenSSF unveiled a 10-point plan at the Open Source Security Summit hosted in conjunction with the White House in May. The plan feeds into 10 different workstreams, like finding ways to reduce patching response times for open source software, developing new metrics to track code and components, moving the industry away from non-memory safe programming languages that make it difficult to find and fix vulnerabilities, establishing a framework for incident response teams that can be deployed across the open source community and conducting annual third-party reviews of the top 200 most critical open source security components.

More recently, the OpenSSF hosted a Town Hall especially for open source software maintainers, contributors, software developers, and open source software users who know security is important, but haven’t made the leap to join an OpenSSF Working Group or Project yet. On Tuesday, Sept. 13, they will be hosting an OpenSSF Day EU at the Open Source Summit Europe in Dublin, Ireland, and online.

Capital One joins other OpenSSF premier members 1Password, AWS, Atlassian, Cisco, Citi, Coinbase, Dell Technologies, Ericsson, Fidelity, GitHub, Google, Huawei, Intel, IBM, JFrog, JPMorgan Chase, Meta, Microsoft, Morgan Stanley, Oracle, Red Hat, Snyk, Sonatype, VMware, and Wipro.

**About OpenSSF**

The Open Source Security Foundation (OpenSSF) is a cross-industry organization hosted by the Linux Foundation that brings together the industry’s most important open source security initiatives and the individuals and companies that support them. The OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all. For more information, please visit us at: openssf.org.

**About the Linux Foundation**

Founded in 2000, the Linux Foundation and its projects are supported by more than 2,950 members. The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, ONAP, Hyperledger, RISC-V, and more. The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

Capital One Joins Open Source Security Foundation

Schema in lib/schema.js in Mongoose before 6.4.6 is vulnerable to prototype pollution.

CVE-2022-24304: mongoose/schema.js at 51e758541763b6f14569744ced15cc23ab8b50c6 · Automattic/mongoose

A reflected cross-site scripting (XSS) vulnerability exists in the iHistorian Data Display of WorkstationST (<v07.09.15) could allow an attacker to compromise a victim's browser. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantly higher than if the attack were conducted on the software in isolation. WorkstationST v07.09.15 can be found in ControlST v07.09.07 SP8 and greater.

%PDF-1.7 %���� 79 0 obj <> endobj xref 79 44 0000000016 00000 n 0000001648 00000 n 0000001794 00000 n 0000001836 00000 n 0000002248 00000 n 0000002507 00000 n 0000002672 00000 n 0000002984 00000 n 0000003157 00000 n 0000003393 00000 n 0000003717 00000 n 0000003970 00000 n 0000004021 00000 n 0000004072 00000 n 0000004239 00000 n 0000004816 00000 n 0000005466 00000 n 0000006277 00000 n 0000006414 00000 n 0000006436 00000 n 0000006658 00000 n 0000006953 00000 n 0000006980 00000 n 0000007105 00000 n 0000007265 00000 n 0000007935 00000 n 0000008564 00000 n 0000009361 00000 n 0000010171 00000 n 0000010931 00000 n 0000011160 00000 n 0000011194 00000 n 0000011349 00000 n 0000017467 00000 n 0000017537 00000 n 0000047173 00000 n 0000102203 00000 n 0000102273 00000 n 0000102527 00000 n 0000102866 00000 n 0000103033 00000 n 0000103060 00000 n 0000001478 00000 n 0000001176 00000 n trailer <<38D43D8DEAB4B2110A00F021DC6DFD7F>\]/Prev 120019/XRefStm 1478>> startxref 0 %%EOF 122 0 obj <>stream h�b\`\`\`�+l�@(������ð��?z��5��,l� TyYz�^�D���آ��d����2��6��\\�@�c\`alcx��Ϩ�0����sY �Ȥ�T�,�PTu��t�.��xfvf�G�xZ�/0��������-�DV�(�)3�n�\`\`ܦ�X�if� @7�%U�c@��+� endstream endobj 121 0 obj <>/Filter/FlateDecode/Index\[12 67\]/Length 22/Size 79/Type/XRef/W\[1 1 1\]>>stream h�bb�\`\`b\`\`��th� endstream endobj 80 0 obj <>/Metadata 10 0 R/Pages 9 0 R/StructTreeRoot 12 0 R/Type/Catalog/ViewerPreferences 81 0 R>> endobj 81 0 obj <> endobj 82 0 obj <>/MediaBox\[0 0 612 792\]/Parent 9 0 R/Resources<>/Font<>/ProcSet\[/PDF/Text/ImageB/ImageC/ImageI\]>>/Rotate 0/StructParents 0/Tabs/S/Type/Page>> endobj 83 0 obj <>/BS<>/F 4/Rect\[69.75 508.42 88.154 530.07\]/StructParent 1/Subtype/Link>> endobj 84 0 obj <>/BS<>/F 4/Rect\[300.75 161.06 463.91 182.72\]/StructParent 2/Subtype/Link>> endobj 85 0 obj \[226 0 0 0 0 0 0 221 303 303 0 0 0 306 252 0 507 0 507 507 0 507 0 507 0 507 268 0 0 0 0 0 0 579 0 533 615 488 0 631 623 252 0 0 0 855 646 0 517 0 543 459 487 0 567 890 519 0 0 0 0 0 0 0 0 479 525 423 525 498 305 471 525 230 239 455 230 799 525 527 525 0 349 391 335 525 452 715 0 453 395 0 460\] endobj 86 0 obj <> endobj 87 0 obj <> endobj 88 0 obj \[215 0 0 0 0 0 0 188 316 316 0 0 200 340 200 350 532 532 532 532 0 532 532 532 532 532 212 0 532 532 532 0 0 609 0 597 645 527 502 660 668 244 0 0 0 0 0 694 545 0 567 522 500 636 587 936 567 0 0 0 0 0 0 0 0 505 535 452 535 508 295 483 539 232 0 479 232 826 539 530 535 0 354 445 355 533 459 738 458 459 438\] endobj 89 0 obj <> endobj 90 0 obj <> endobj 91 0 obj <> endobj 92 0 obj <> endobj 93 0 obj <>stream H�ĕmk�@��~�y��}r����\\Z\\��B��;�\*MܫnZ��gWIC�Z�����p~;�3��ڔ{�5pvO�Q�/�n�\\7q~:�Z�J�RWq��ٸ��B���f�9|�=���RB��V����n�A�{����$A��|�{��a )���{��$�A\*$\`Ĺ�R�PZy�#\_�|�6X-!�@����6�G�{\[��lF�%Q͈(�2$�@�u�@;�Gd��g ӈ�aX ��N9�l G��#l�Ҝ\`F�\`��lt}�hy�/� ǈ<��ay�N���C�3>f�}�?A.�6�� y���� ��������@ݎ�!�84l�R<M{n ^�s5���c��#)E�?5 #��g%M���j׀7�v\`��א�q���M��=�\*ˇ����) b��ј(��$�&%E�p�kW�bF<(���m �0��ePVP:�t%n�Ht���c\[aU9ʽt凅��js�s� ���:t\_�< 0xy�\` endstream endobj 94 0 obj <>stream H�̕�o�0��#��G��vlK�� �Ti-�:i���C �%���������a9��|���l'{G�,����.�����J��m�5,�8�8�y��c��e�w�M�H��ƥ"5༦G6�P:�Qa,������e=G�ُ�G�J؀��EVJa�j��rS-�F�΋��^�& �n�wB�ijL��F$��\\�?) jKI�P)��mP�Q���2^��J�P%w�VH� � ��\`��-9u���Q�������m����A�I��JsVB��':Iq�Na���Fܲo��W�\]��rt�j���6������0n�H��8�O ������qʯ�wؘh-�ce�\[�U r�M��U�~ٹ�M0�}UӐo�r�L+��6gl�ܰ\[��PoN/׸���}/9

CVE-2022-37952

Claroline 13.5.7 and prior is vulnerable to Remote code execution via arbitrary file upload.

**Remote code execution via arbitrary file upload (version : 13.5.7)**

Claroline Connect app presents a RCE vulnerability because of the possibility to upload an arbitrary php file. This vulnerability is present on many upload forms, so I've personnally choosed the resource icon section.

The route **core/Controller/APINew/FileController.php** filters the upload image type by using the getMimeType() function from Symfony :

public function uploadImage(Request $request): JsonResponse
    {
        $files = $request\->files\->all();

        $objects = \[\];
        foreach ($files as $file) {
            if (0 !== strpos($file\->getMimeType(), 'image')) {
                throw new InvalidDataException('Invalid image type.');
            }

            $object = $this\->crud\->create(PublicFile::class, \[\], \['file' => $file, Crud::THROW\_EXCEPTION\]);
            $objects\[\] = $this\->serializer\->serialize($object);
        }

        return new JsonResponse($objects);
    }

It is possible to trick this function by adding some magic bytes like GIF8; which corresponds to the GIF image file type. The mime type image/gif should be also applied.

Then it is possible to get RCE by using the upload php shell :

**Fix suggestions :** Enhance file upload checks by adding real mime type verification (file content, bytes, size, etc).

CVE-2022-37159: claroline-CVEs/rce_file_upload.md at main · matthieu-hackwitharts/claroline-CVEs

Red Hat Security Advisory 2022-6157-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: curl security update  
Advisory ID:       RHSA-2022:6157-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6157  
Issue date:        2022-08-24  
CVE Names:         CVE-2022-32206 CVE-2022-32207 CVE-2022-32208  
====================================================================  
1. Summary:

An update for curl is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

The curl packages provide the libcurl library and the curl utility for  
downloading files from servers using various protocols, including HTTP,  
FTP, and LDAP.

Security Fix(es):

* curl: HTTP compression denial of service (CVE-2022-32206)

* curl: Unpreserved file permissions (CVE-2022-32207)

* curl: FTP-KRB bad message verification (CVE-2022-32208)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2099300 - CVE-2022-32206 curl: HTTP compression denial of service  
2099305 - CVE-2022-32207 curl: Unpreserved file permissions  
2099306 - CVE-2022-32208 curl: FTP-KRB bad message verification

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

aarch64:  
curl-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm  
curl-debugsource-7.76.1-14.el9_0.5.aarch64.rpm  
curl-minimal-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm  
libcurl-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm  
libcurl-devel-7.76.1-14.el9_0.5.aarch64.rpm  
libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm

ppc64le:  
curl-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm  
curl-debugsource-7.76.1-14.el9_0.5.ppc64le.rpm  
curl-minimal-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm  
libcurl-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm  
libcurl-devel-7.76.1-14.el9_0.5.ppc64le.rpm  
libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm

s390x:  
curl-debuginfo-7.76.1-14.el9_0.5.s390x.rpm  
curl-debugsource-7.76.1-14.el9_0.5.s390x.rpm  
curl-minimal-debuginfo-7.76.1-14.el9_0.5.s390x.rpm  
libcurl-debuginfo-7.76.1-14.el9_0.5.s390x.rpm  
libcurl-devel-7.76.1-14.el9_0.5.s390x.rpm  
libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.s390x.rpm

x86_64:  
curl-debuginfo-7.76.1-14.el9_0.5.i686.rpm  
curl-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm  
curl-debugsource-7.76.1-14.el9_0.5.i686.rpm  
curl-debugsource-7.76.1-14.el9_0.5.x86_64.rpm  
curl-minimal-debuginfo-7.76.1-14.el9_0.5.i686.rpm  
curl-minimal-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm  
libcurl-debuginfo-7.76.1-14.el9_0.5.i686.rpm  
libcurl-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm  
libcurl-devel-7.76.1-14.el9_0.5.i686.rpm  
libcurl-devel-7.76.1-14.el9_0.5.x86_64.rpm  
libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.i686.rpm  
libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm

Red Hat Enterprise Linux BaseOS (v. 9):

Source:  
curl-7.76.1-14.el9_0.5.src.rpm

aarch64:  
curl-7.76.1-14.el9_0.5.aarch64.rpm  
curl-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm  
curl-debugsource-7.76.1-14.el9_0.5.aarch64.rpm  
curl-minimal-7.76.1-14.el9_0.5.aarch64.rpm  
curl-minimal-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm  
libcurl-7.76.1-14.el9_0.5.aarch64.rpm  
libcurl-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm  
libcurl-minimal-7.76.1-14.el9_0.5.aarch64.rpm  
libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm

ppc64le:  
curl-7.76.1-14.el9_0.5.ppc64le.rpm  
curl-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm  
curl-debugsource-7.76.1-14.el9_0.5.ppc64le.rpm  
curl-minimal-7.76.1-14.el9_0.5.ppc64le.rpm  
curl-minimal-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm  
libcurl-7.76.1-14.el9_0.5.ppc64le.rpm  
libcurl-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm  
libcurl-minimal-7.76.1-14.el9_0.5.ppc64le.rpm  
libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm

s390x:  
curl-7.76.1-14.el9_0.5.s390x.rpm  
curl-debuginfo-7.76.1-14.el9_0.5.s390x.rpm  
curl-debugsource-7.76.1-14.el9_0.5.s390x.rpm  
curl-minimal-7.76.1-14.el9_0.5.s390x.rpm  
curl-minimal-debuginfo-7.76.1-14.el9_0.5.s390x.rpm  
libcurl-7.76.1-14.el9_0.5.s390x.rpm  
libcurl-debuginfo-7.76.1-14.el9_0.5.s390x.rpm  
libcurl-minimal-7.76.1-14.el9_0.5.s390x.rpm  
libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.s390x.rpm

x86_64:  
curl-7.76.1-14.el9_0.5.x86_64.rpm  
curl-debuginfo-7.76.1-14.el9_0.5.i686.rpm  
curl-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm  
curl-debugsource-7.76.1-14.el9_0.5.i686.rpm  
curl-debugsource-7.76.1-14.el9_0.5.x86_64.rpm  
curl-minimal-7.76.1-14.el9_0.5.x86_64.rpm  
curl-minimal-debuginfo-7.76.1-14.el9_0.5.i686.rpm  
curl-minimal-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm  
libcurl-7.76.1-14.el9_0.5.i686.rpm  
libcurl-7.76.1-14.el9_0.5.x86_64.rpm  
libcurl-debuginfo-7.76.1-14.el9_0.5.i686.rpm  
libcurl-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm  
libcurl-minimal-7.76.1-14.el9_0.5.i686.rpm  
libcurl-minimal-7.76.1-14.el9_0.5.x86_64.rpm  
libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.i686.rpm  
libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-32206  
https://access.redhat.com/security/cve/CVE-2022-32207  
https://access.redhat.com/security/cve/CVE-2022-32208  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYwZpA9zjgjWX9erEAQjorQ/9G7KqpJrOkRXFM3iFlTVnUV/mGwdu4v5p  
dru+hce/7sEETk1Er9JXSBIZvtCk31V7QxswgIpgAwCBX/Ie/wr+tosF3jE+4YjL  
MCgtbk5Tzuak49Gsggz40GbvauEm3NiSyLPmG+A+tWrjqst3UWwobirEg7iVGUU1  
OOWKhNPzAr0iWoY1z2EBvBl23Fo8gaMYX9dd8dhcGza2OVMwzywrNW69h6bsQhDp  
Y5nAyBBCvwosqmDdIzZV5vDQEWoxb5uP+jnRgwtgJpaqdsn+ULkDuShIQZGntdA5  
fSCM57aSEmOY0bx/fE3/Z1b8Si3+GJ+j688rSlcRwlaA+Bxo5Az+PUbe4eWwTc2B  
vstfKWZHPLv/nyq+1JjV7/e+cuwAkn9YsT3/TUPlLtGjmg1x+4wytRXEF3uipFZR  
P5TJGLIlvaQbnpNfVfkxefCvvGRuomILaP12rRYuKuI1CR+jRLu3jEmFfoSyJs/q  
WR9OXuSQEFjTmLo3m8S7iRLN6bUWKItYhNmaSucZRgCvayT5BY54GbbssIAykQX8  
zLXIbqHQJec8sJuIdSwDSAuxyhrq30kSk0WLpfkK/uw179XpUphNK9CHL7VnGiVj  
haaef/yP7L12NBguJBmUnYWaWwa3sqepNQ3D8RQYXHrOmQ38VOjL76RQ0URYPkSB  
pl2iagecnP0=fQUi  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6157-01

Red Hat Security Advisory 2022-6178-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.13.0 ESR. Issues addressed include spoofing and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: firefox security update  
Advisory ID:       RHSA-2022:6178-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6178  
Issue date:        2022-08-24  
CVE Names:         CVE-2022-38472 CVE-2022-38473 CVE-2022-38476  
                   CVE-2022-38477 CVE-2022-38478  
====================================================================  
1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 8.1  
Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream E4S (v. 8.1) - ppc64le, x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards  
compliance, performance, and portability.

This update upgrades Firefox to version 91.13.0 ESR.

Security Fix(es):

* Mozilla: Address bar spoofing via XSLT error handling (CVE-2022-38472)

* Mozilla: Cross-origin XSLT Documents would have inherited the parent's  
permissions (CVE-2022-38473)

* Mozilla: Memory safety bugs fixed in Firefox 104 and Firefox ESR 102.2  
(CVE-2022-38477)

* Mozilla: Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2, and  
Firefox ESR 91.13 (CVE-2022-38478)

* Mozilla: Data race and potential use-after-free in PK11_ChangePW  
(CVE-2022-38476)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2120673 - CVE-2022-38472 Mozilla: Address bar spoofing via XSLT error handling  
2120674 - CVE-2022-38473 Mozilla: Cross-origin XSLT Documents would have inherited the parent's permissions  
2120678 - CVE-2022-38476 Mozilla: Data race and potential use-after-free in PK11_ChangePW  
2120695 - CVE-2022-38477 Mozilla: Memory safety bugs fixed in Firefox 104 and Firefox ESR 102.2  
2120696 - CVE-2022-38478 Mozilla: Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2, and Firefox ESR 91.13

6. Package List:

Red Hat Enterprise Linux AppStream E4S (v. 8.1):

Source:  
firefox-91.13.0-1.el8_1.src.rpm

ppc64le:  
firefox-91.13.0-1.el8_1.ppc64le.rpm  
firefox-debuginfo-91.13.0-1.el8_1.ppc64le.rpm  
firefox-debugsource-91.13.0-1.el8_1.ppc64le.rpm

x86_64:  
firefox-91.13.0-1.el8_1.x86_64.rpm  
firefox-debuginfo-91.13.0-1.el8_1.x86_64.rpm  
firefox-debugsource-91.13.0-1.el8_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-38472  
https://access.redhat.com/security/cve/CVE-2022-38473  
https://access.redhat.com/security/cve/CVE-2022-38476  
https://access.redhat.com/security/cve/CVE-2022-38477  
https://access.redhat.com/security/cve/CVE-2022-38478  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYwa9d9zjgjWX9erEAQhLCxAAi3vYj2HKA29pPYKEU+OkEdBllpI9UE4w  
OMDVmZ5Vq4B4UfP6iGQdyZKcK/WAbSKS03gYnFvIWBMcfAOpi1wqwZzosJVmxevx  
58XW1sH47bybiuOK4uWMflmlK3lxVppOCUEYu1ijmeEAgqlThAv11Ksiugfm7GFn  
hY/os3l4NvkmzA5ThssfAdcPigfSiJ52vSfurqL1HAaORN+9lZeOR2F73PgLVqMA  
CMj0gGVdXfSrkcZjqhu4+XFFsQ9xutcucN0dvqvgiqJDc3BeBWRSxL7GT6fENxBC  
1cyAiWj8ePTIlJIS7FqxNeo8Dr4ZoCLWyNPnKSPSa7DT0WV+Aw276BVOq+07BP69  
MEJpGMcJQtQoalXd8D4Jso5BsGWIoXLYCnKq15J8V5dexD370u/nRcPQFJ8vL1UZ  
ZiEZatmP0a4ZNffZWiSBjkVYVVOMpkWdFNqR21+9xzxAz6wzYUNY4EWMITLPvpBn  
FjyLjRRO8kKPbSDgnIps55JQmA41G27WILguF5i8RLd+2sQKmhvlA5G4R5aTu4Ks  
0Ggb4gWKqVPHGLGGejGZ/iU/uhD8wvOBttffP5aXf0UKiOhcykxI/ZCnkaT+Zyen  
CUOCyslTRUtTAkvL0Oh9Ys+nSPngOsSLpDmlXzOJDhTFKZegmi53dI74Jk6ZD4MW  
3fhovAeIFsk=2Xvf  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6178-01

Red Hat Security Advisory 2022-6165-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.13.0. Issues addressed include spoofing and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2022:6165-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6165  
Issue date:        2022-08-24  
CVE Names:         CVE-2022-38472 CVE-2022-38473 CVE-2022-38476  
                   CVE-2022-38477 CVE-2022-38478  
====================================================================  
1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 91.13.0.

Security Fix(es):

* Mozilla: Address bar spoofing via XSLT error handling (CVE-2022-38472)

* Mozilla: Cross-origin XSLT Documents would have inherited the parent's  
permissions (CVE-2022-38473)

* Mozilla: Memory safety bugs fixed in Firefox 104 and Firefox ESR 102.2  
(CVE-2022-38477)

* Mozilla: Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2, and  
Firefox ESR 91.13 (CVE-2022-38478)

* Mozilla: Data race and potential use-after-free in PK11_ChangePW  
(CVE-2022-38476)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2120673 - CVE-2022-38472 Mozilla: Address bar spoofing via XSLT error handling  
2120674 - CVE-2022-38473 Mozilla: Cross-origin XSLT Documents would have inherited the parent's permissions  
2120678 - CVE-2022-38476 Mozilla: Data race and potential use-after-free in PK11_ChangePW  
2120695 - CVE-2022-38477 Mozilla: Memory safety bugs fixed in Firefox 104 and Firefox ESR 102.2  
2120696 - CVE-2022-38478 Mozilla: Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2, and Firefox ESR 91.13

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
thunderbird-91.13.0-1.el9_0.src.rpm

aarch64:  
thunderbird-91.13.0-1.el9_0.aarch64.rpm  
thunderbird-debuginfo-91.13.0-1.el9_0.aarch64.rpm  
thunderbird-debugsource-91.13.0-1.el9_0.aarch64.rpm

ppc64le:  
thunderbird-91.13.0-1.el9_0.ppc64le.rpm  
thunderbird-debuginfo-91.13.0-1.el9_0.ppc64le.rpm  
thunderbird-debugsource-91.13.0-1.el9_0.ppc64le.rpm

s390x:  
thunderbird-91.13.0-1.el9_0.s390x.rpm  
thunderbird-debuginfo-91.13.0-1.el9_0.s390x.rpm  
thunderbird-debugsource-91.13.0-1.el9_0.s390x.rpm

x86_64:  
thunderbird-91.13.0-1.el9_0.x86_64.rpm  
thunderbird-debuginfo-91.13.0-1.el9_0.x86_64.rpm  
thunderbird-debugsource-91.13.0-1.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-38472  
https://access.redhat.com/security/cve/CVE-2022-38473  
https://access.redhat.com/security/cve/CVE-2022-38476  
https://access.redhat.com/security/cve/CVE-2022-38477  
https://access.redhat.com/security/cve/CVE-2022-38478  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYwa9ttzjgjWX9erEAQhIYg//d/FBLsCJ0qFFYr8yEPLHSeiX7BNYCCKW  
mBqag7ynhJ2e0BeuLXyeijIkRW8RcnykVT+uaU8sVzr+FcgsqTD4v1tvdWvK/Pin  
h5ftKCpBvDLfngDq4c68xegIlakJJwChHdhUXtHDjZf00IMPsDTqesmts3H0oPOK  
DR205FzfCGhS/riRry2m03kynfgXtSTly8MMWbwGjXzFCcliECr3IoBkvUQ03D5r  
93wUhaQh+BNtsUZwadEuip2OEwEDJXKB8821s89jv2wiINllPJs6tJWTgN5B7Xgr  
67k2+jaC+ObhMteCGLGgVHGXuy319zouVHjK4tu++WH2rGJXrHWsrHgmT2Suwpeh  
I35OfUxn9Ha7zLqjsr7sArkmnfLov1Jas5HJE2d7Hf6BrdsiayOR1jiHDkYJdxdF  
dMYjni7EvemalzyvX/VjQ6EN9alcPZltxHFoZeYPD7ALuFheM+cbpkIjbgBjM1Zc  
TZInMd+/w58ISSd5BJU0n2i6IPUP4MNfmghq5jyYSz3VHw3tS1MPLqqysNuGFXeb  
mdCQNKWWuKMEZ4XtWjO4nh4ys5vPKxqKipUeI65Y7D9FtzwAvbuEqBgesMBZNj6y  
ymSXC3bic2XHKIUCAQ5V47Oua/+QJIOpH4XioIV6ulfjKth4QcZL/uh8aqElfnfm  
RoU8rhR4GG8=7S7L  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6165-01

Red Hat Security Advisory 2022-6158-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

Red Hat Security Advisory 2022-6158-01

Red Hat Security Advisory 2022-6180-01 - The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: rsync security update  
Advisory ID:       RHSA-2022:6180-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6180  
Issue date:        2022-08-24  
CVE Names:         CVE-2022-29154  
====================================================================  
1. Summary:

An update for rsync is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The rsync utility enables the users to copy and synchronize files locally  
or across a network. Synchronization with rsync is fast because rsync only  
sends the differences in files over the network instead of sending whole  
files. The rsync utility is also used as a mirroring tool.

Security Fix(es):

* rsync: remote arbitrary files write inside the directories of connecting  
peers (CVE-2022-29154)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2110928 - CVE-2022-29154 rsync: remote arbitrary files write inside the directories of connecting peers

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 8):

Source:  
rsync-3.1.3-14.el8_6.3.src.rpm

aarch64:  
rsync-3.1.3-14.el8_6.3.aarch64.rpm  
rsync-debuginfo-3.1.3-14.el8_6.3.aarch64.rpm  
rsync-debugsource-3.1.3-14.el8_6.3.aarch64.rpm

noarch:  
rsync-daemon-3.1.3-14.el8_6.3.noarch.rpm

ppc64le:  
rsync-3.1.3-14.el8_6.3.ppc64le.rpm  
rsync-debuginfo-3.1.3-14.el8_6.3.ppc64le.rpm  
rsync-debugsource-3.1.3-14.el8_6.3.ppc64le.rpm

s390x:  
rsync-3.1.3-14.el8_6.3.s390x.rpm  
rsync-debuginfo-3.1.3-14.el8_6.3.s390x.rpm  
rsync-debugsource-3.1.3-14.el8_6.3.s390x.rpm

x86_64:  
rsync-3.1.3-14.el8_6.3.x86_64.rpm  
rsync-debuginfo-3.1.3-14.el8_6.3.x86_64.rpm  
rsync-debugsource-3.1.3-14.el8_6.3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-29154  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYwa9ZtzjgjWX9erEAQgmvQ/9FmzM7Jmz920bmACXLim9ggjCj2OqLSH5  
WC5//7e33xjwaslv3v9qNatPmTnW/UBNgrm3ddU+mT8YqAeStm6GO9PjpswHTNvX  
ROlVLsOqWHSyiHaPuBE6pfug7+dM0BlDtGRzkympqeeIN6Bqjs2tLkQ05qWngvj3  
g/6rNNL/N72+qfNYlLetfhDQtel1qAbu1RokYuMC9p3zRPdrvOMEuDE5bWxpZF0J  
hl/1B994ZbqVqg/Azgt5BjanRcg6w/fp7Vc0FwwQKnS12c++oe95PokM+/wIycfs  
naljKis0qHVhsTnTB699ci2cQ2u/yiIA91GB9bXpRlFiI2FTQz9M7tr909TRHDnx  
F/xHYFaoyQWqDuy/yA2zX7+sB5Jyh9IBWh3/44aKOxuzekfFTvThbcPtlMrSup/w  
wI6X55kB6s1BuJ8sToRiJAOotHqmlReayMEq7Yf2ppaC+oyQ6tK22uKltCOc80qO  
kgwIJMDF4M/AEOu7fiDQyV0yK87ZheFs4ZCtYU7Jp8fwBESrGEbiX0feD8I4HWSO  
iEC6BGtFoXNHQ/4hvxf8RFEm/FWLsnKSSbilgLns8UMveMwq+sob2Pqfru2VqwN6  
AoEimi24ZjyBzYIkTHb4GWGM7ON6kPSxAzP6H82ONeZyQeVjnj4rX3Px7Ja5Bxzr  
OSJSjw9dIpU=PuHU  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#js