Gentoo Linux Security Advisory 202209-25 - A vulnerability has been discovered in Zutty which could allow for arbitrary code execution. Versions less than 0.13 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202209-25  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: Zutty: Arbitrary Code Execution  
     Date: September 29, 2022  
     Bugs: #868495  
       ID: 202209-25

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
A vulnerability has been discovered in Zutty which could allow for  
arbitrary code execution.

Background  
=========  
Zutty is an X terminal emulator rendering through OpenGL ES Compute  
Shaders.

Affected packages  
================  
    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  x11-terms/zutty            < 0.13                        >= 0.13

Description  
==========  
Zutty does not correctly handle invalid DECRQSS commands, which can be  
exploited to run arbitrary commands in the terminal.

Impact  
=====  
Untrusted text written to the Zutty terminal can achieve arbitrary code  
execution.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All Zutty users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=x11-terms/zutty-0.13"

References  
=========  
[ 1 ] CVE-2022-41138  
      https://nvd.nist.gov/vuln/detail/CVE-2022-41138

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202209-25

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202209-25

Gentoo Linux Security Advisory 202209-21 - A vulnerability has been discovered in Poppler which could allow for arbitrary code execution. Versions less than 22.09.0 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202209-21  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Poppler: Arbitrary Code Execution  
     Date: September 29, 2022  
     Bugs: #867958  
       ID: 202209-21

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
A vulnerability has been discovered in Poppler which could allow for  
arbitrary code execution.

Background  
=========  
Poppler is a PDF rendering library based on the xpdf-3.0 code base.

Affected packages  
================  
    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  app-text/poppler           < 22.09.0                  >= 22.09.0

Description  
==========  
Multiple vulnerabilities have been discovered in Poppler. Please review  
the CVE identifiers referenced below for details.

Impact  
=====  
Processing a specially crafted PDF file or JBIG2 image could lead to a  
crash or the execution of arbitrary code.

Workaround  
=========  
Avoid opening untrusted PDFs.

Resolution  
=========  
All Poppler users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-text/poppler-22.09.0"

References  
=========  
[ 1 ] CVE-2021-30860  
      https://nvd.nist.gov/vuln/detail/CVE-2021-30860  
[ 2 ] CVE-2022-38784  
      https://nvd.nist.gov/vuln/detail/CVE-2022-38784

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202209-21

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202209-21

Gentoo Linux Security Advisory 202209-19 - Multiple vulnerabilities have been discovered in GraphicsMagick, the worst of which are fuzzing issues presumed to allow for arbitrary code execution. Versions less than 1.3.38 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202209-19  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: GraphicsMagick: Multiple Vulnerabilities  
     Date: September 29, 2022  
     Bugs: #721328, #836283, #873367  
       ID: 202209-19

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in GraphicsMagick, the  
worst of which are fuzzing issues presumed to allow for arbitrary code  
execution.

Background  
=========  
GraphicsMagick is a collection of tools and libraries which support  
reading, writing, and manipulating images in many major formats.

Affected packages  
================  
    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  media-gfx/graphicsmagick   < 1.3.38                    >= 1.3.38

Description  
==========  
Multiple vulnerabilities have been discovered in GraphicsMagick. Please  
review the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All GraphicsMagick users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=media-gfx/graphicsmagick-1.3.38"

References  
=========  
[ 1 ] CVE-2020-12672  
      https://nvd.nist.gov/vuln/detail/CVE-2020-12672  
[ 2 ] CVE-2022-1270  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1270

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202209-19

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202209-19

Gentoo Linux Security Advisory 202209-18 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the world of which could result in arbitrary code execution. Versions less than 102.3.0 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202209-18  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Mozilla Thunderbird: Multiple Vulnerabilities  
     Date: September 29, 2022  
     Bugs: #872572  
       ID: 202209-18

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been found in Mozilla Thunderbird, the  
world of which could result in arbitrary code execution.

Background  
==========

Mozilla Thunderbird is a popular open-source email client from the  
Mozilla project.

Affected packages  
=================

    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  mail-client/thunderbird    < 102.3.0                  >= 102.3.0  
  2  mail-client/thunderbird-bin  < 102.3.0                >= 102.3.0

Description  
===========

Multiple vulnerabilities have been discovered in Mozilla Thunderbird.  
Please review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Mozilla Thunderbird users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-102.3.0"

All Mozilla Thunderbird binary users should upgrade to the latest  
version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-bin-102.3.0"

References  
==========

[ 1 ] CVE-2022-3155  
      https://nvd.nist.gov/vuln/detail/CVE-2022-3155  
[ 2 ] CVE-2022-40956  
      https://nvd.nist.gov/vuln/detail/CVE-2022-40956  
[ 3 ] CVE-2022-40957  
      https://nvd.nist.gov/vuln/detail/CVE-2022-40957  
[ 4 ] CVE-2022-40958  
      https://nvd.nist.gov/vuln/detail/CVE-2022-40958  
[ 5 ] CVE-2022-40959  
      https://nvd.nist.gov/vuln/detail/CVE-2022-40959  
[ 6 ] CVE-2022-40960  
      https://nvd.nist.gov/vuln/detail/CVE-2022-40960  
[ 7 ] CVE-2022-40962  
      https://nvd.nist.gov/vuln/detail/CVE-2022-40962

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202209-18

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202209-18

Gentoo Linux Security Advisory 202209-17 - Multiple vulnerabilities have been found in Redis, the worst of which could result in arbitrary code execution. Versions less than 7.0.5 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202209-17  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Redis: Multiple Vulnerabilities  
     Date: September 29, 2022  
     Bugs: #803302, #816282, #841404, #856040, #859181, #872278  
       ID: 202209-17

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been found in Redis, the worst of which  
could result in arbitrary code execution.

Background  
==========

Redis is an open source (BSD licensed), in-memory data structure store,  
used as a database, cache and message broker.

Affected packages  
=================

    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  dev-db/redis               < 7.0.5                      >= 7.0.5

Description  
===========

Multiple vulnerabilities have been discovered in Redis. Please review  
the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Redis users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=dev-db/redis-7.0.5"

References  
==========

[ 1 ] CVE-2021-32626  
      https://nvd.nist.gov/vuln/detail/CVE-2021-32626  
[ 2 ] CVE-2021-32627  
      https://nvd.nist.gov/vuln/detail/CVE-2021-32627  
[ 3 ] CVE-2021-32628  
      https://nvd.nist.gov/vuln/detail/CVE-2021-32628  
[ 4 ] CVE-2021-32672  
      https://nvd.nist.gov/vuln/detail/CVE-2021-32672  
[ 5 ] CVE-2021-32675  
      https://nvd.nist.gov/vuln/detail/CVE-2021-32675  
[ 6 ] CVE-2021-32687  
      https://nvd.nist.gov/vuln/detail/CVE-2021-32687  
[ 7 ] CVE-2021-32761  
      https://nvd.nist.gov/vuln/detail/CVE-2021-32761  
[ 8 ] CVE-2021-32762  
      https://nvd.nist.gov/vuln/detail/CVE-2021-32762  
[ 9 ] CVE-2021-41099  
      https://nvd.nist.gov/vuln/detail/CVE-2021-41099  
[ 10 ] CVE-2022-24735  
      https://nvd.nist.gov/vuln/detail/CVE-2022-24735  
[ 11 ] CVE-2022-24736  
      https://nvd.nist.gov/vuln/detail/CVE-2022-24736  
[ 12 ] CVE-2022-31144  
      https://nvd.nist.gov/vuln/detail/CVE-2022-31144  
[ 13 ] CVE-2022-33105  
      https://nvd.nist.gov/vuln/detail/CVE-2022-33105  
[ 14 ] CVE-2022-35951  
      https://nvd.nist.gov/vuln/detail/CVE-2022-35951

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202209-17

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202209-17

Gentoo Linux Security Advisory 202209-16 - Multiple vulnerabilities have been discovered in BlueZ, the worst of which could result in arbitrary code execution. Versions less than 5.63 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202209-16  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: BlueZ: Multiple Vulnerabilities  
     Date: September 29, 2022  
     Bugs: #797712, #835077  
       ID: 202209-16

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in BlueZ, the worst of  
which could result in arbitrary code execution.

Background  
==========

BlueZ is the canonical bluetooth tools and system daemons package for  
Linux.

Affected packages  
=================

    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  net-wireless/bluez         < 5.63                        >= 5.63

Description  
===========

Multiple vulnerabilities have been discovered in BlueZ. Please review  
the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All BlueZ users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-wireless/bluez-5.63"

References  
==========

[ 1 ] CVE-2020-26558  
      https://nvd.nist.gov/vuln/detail/CVE-2020-26558  
[ 2 ] CVE-2021-0129  
      https://nvd.nist.gov/vuln/detail/CVE-2021-0129  
[ 3 ] CVE-2021-3588  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3588  
[ 4 ] CVE-2022-0204  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0204

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202209-16

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202209-16

Red Hat Security Advisory 2022-6753-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include buffer overflow, denial of service, information leakage, null pointer, out of bounds read, out of bounds write, and server-side request forgery vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: httpd24-httpd security and bug fix update  
Advisory ID:       RHSA-2022:6753-01  
Product:           Red Hat Software Collections  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6753  
Issue date:        2022-09-29  
CVE Names:         CVE-2021-33193 CVE-2021-34798 CVE-2021-36160   
                   CVE-2021-39275 CVE-2021-44224 CVE-2022-22719   
                   CVE-2022-22721 CVE-2022-23943 CVE-2022-26377   
                   CVE-2022-28614 CVE-2022-28615 CVE-2022-29404   
                   CVE-2022-30522 CVE-2022-30556 CVE-2022-31813   
=====================================================================

1. Summary:

An update for httpd24-httpd is now available for Red Hat Software  
Collections.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64le, s390x, x86_64  
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64

3. Description:

The httpd packages provide the Apache HTTP Server, a powerful, efficient,  
and extensible web server.

Security Fix(es):

* httpd: mod_sed: Read/write beyond bounds (CVE-2022-23943)

* httpd: Request splitting via HTTP/2 method injection and mod_proxy  
(CVE-2021-33193)

* httpd: NULL pointer dereference via malformed requests (CVE-2021-34798)

* httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path  
(CVE-2021-36160)

* httpd: Out-of-bounds write in ap_escape_quotes() via malicious input  
(CVE-2021-39275)

* httpd: possible NULL dereference or SSRF in forward proxy configurations  
(CVE-2021-44224)

* httpd: mod_lua: Use of uninitialized value of in r:parsebody  
(CVE-2022-22719)

* httpd: core: Possible buffer overflow with very large or unlimited  
LimitXMLRequestBody (CVE-2022-22721)

* httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-26377)

* httpd: mod_lua: DoS in r:parsebody (CVE-2022-29404)

* httpd: mod_sed: DoS vulnerability (CVE-2022-30522)

* httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism  
(CVE-2022-31813)

* httpd: out-of-bounds read via ap_rwrite() (CVE-2022-28614)

* httpd: out-of-bounds read in ap_strcmp_match() (CVE-2022-28615)

* httpd: mod_lua: Information disclosure with websockets (CVE-2022-30556)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* proxy rewrite to unix socket fails with CVE-2021-40438 fix (BZ#2022319)

Additional changes:

* To fix CVE-2022-29404, the default value for the "LimitRequestBody"  
directive in the Apache HTTP Server has been changed from 0 (unlimited) to  
1 GiB.

On systems where the value of "LimitRequestBody" is not explicitly  
specified in an httpd configuration file, updating the httpd package sets  
"LimitRequestBody" to the default value of 1 GiB. As a consequence, if the  
total size of the HTTP request body exceeds this 1 GiB default limit, httpd  
returns the 413 Request Entity Too Large error code.

If the new default allowed size of an HTTP request message body is  
insufficient for your use case, update your httpd configuration files  
within the respective context (server, per-directory, per-file, or  
per-location) and set your preferred limit in bytes. For example, to set a  
new 2 GiB limit, use:

LimitRequestBody 2147483648

Systems already configured to use any explicit value for the  
"LimitRequestBody" directive are unaffected by this change.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon will be restarted  
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1966728 - CVE-2021-33193 httpd: Request splitting via HTTP/2 method injection and mod_proxy  
2005119 - CVE-2021-39275 httpd: Out-of-bounds write in ap_escape_quotes() via malicious input  
2005124 - CVE-2021-36160 httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path  
2005128 - CVE-2021-34798 httpd: NULL pointer dereference via malformed requests  
2034672 - CVE-2021-44224 httpd: possible NULL dereference or SSRF in forward proxy configurations  
2064319 - CVE-2022-23943 httpd: mod_sed: Read/write beyond bounds  
2064320 - CVE-2022-22721 httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody  
2064322 - CVE-2022-22719 httpd: mod_lua: Use of uninitialized value of in r:parsebody  
2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request smuggling  
2095002 - CVE-2022-28614 httpd: out-of-bounds read via ap_rwrite()  
2095006 - CVE-2022-28615 httpd: out-of-bounds read in ap_strcmp_match()  
2095012 - CVE-2022-29404 httpd: mod_lua: DoS in r:parsebody  
2095015 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability  
2095018 - CVE-2022-30556 httpd: mod_lua: Information disclosure with websockets  
2095020 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism

6. Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source:  
httpd24-httpd-2.4.34-23.el7.5.src.rpm

noarch:  
httpd24-httpd-manual-2.4.34-23.el7.5.noarch.rpm

ppc64le:  
httpd24-httpd-2.4.34-23.el7.5.ppc64le.rpm  
httpd24-httpd-debuginfo-2.4.34-23.el7.5.ppc64le.rpm  
httpd24-httpd-devel-2.4.34-23.el7.5.ppc64le.rpm  
httpd24-httpd-tools-2.4.34-23.el7.5.ppc64le.rpm  
httpd24-mod_ldap-2.4.34-23.el7.5.ppc64le.rpm  
httpd24-mod_proxy_html-2.4.34-23.el7.5.ppc64le.rpm  
httpd24-mod_session-2.4.34-23.el7.5.ppc64le.rpm  
httpd24-mod_ssl-2.4.34-23.el7.5.ppc64le.rpm

s390x:  
httpd24-httpd-2.4.34-23.el7.5.s390x.rpm  
httpd24-httpd-debuginfo-2.4.34-23.el7.5.s390x.rpm  
httpd24-httpd-devel-2.4.34-23.el7.5.s390x.rpm  
httpd24-httpd-tools-2.4.34-23.el7.5.s390x.rpm  
httpd24-mod_ldap-2.4.34-23.el7.5.s390x.rpm  
httpd24-mod_proxy_html-2.4.34-23.el7.5.s390x.rpm  
httpd24-mod_session-2.4.34-23.el7.5.s390x.rpm  
httpd24-mod_ssl-2.4.34-23.el7.5.s390x.rpm

x86_64:  
httpd24-httpd-2.4.34-23.el7.5.x86_64.rpm  
httpd24-httpd-debuginfo-2.4.34-23.el7.5.x86_64.rpm  
httpd24-httpd-devel-2.4.34-23.el7.5.x86_64.rpm  
httpd24-httpd-tools-2.4.34-23.el7.5.x86_64.rpm  
httpd24-mod_ldap-2.4.34-23.el7.5.x86_64.rpm  
httpd24-mod_proxy_html-2.4.34-23.el7.5.x86_64.rpm  
httpd24-mod_session-2.4.34-23.el7.5.x86_64.rpm  
httpd24-mod_ssl-2.4.34-23.el7.5.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source:  
httpd24-httpd-2.4.34-23.el7.5.src.rpm

noarch:  
httpd24-httpd-manual-2.4.34-23.el7.5.noarch.rpm

x86_64:  
httpd24-httpd-2.4.34-23.el7.5.x86_64.rpm  
httpd24-httpd-debuginfo-2.4.34-23.el7.5.x86_64.rpm  
httpd24-httpd-devel-2.4.34-23.el7.5.x86_64.rpm  
httpd24-httpd-tools-2.4.34-23.el7.5.x86_64.rpm  
httpd24-mod_ldap-2.4.34-23.el7.5.x86_64.rpm  
httpd24-mod_proxy_html-2.4.34-23.el7.5.x86_64.rpm  
httpd24-mod_session-2.4.34-23.el7.5.x86_64.rpm  
httpd24-mod_ssl-2.4.34-23.el7.5.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-33193  
https://access.redhat.com/security/cve/CVE-2021-34798  
https://access.redhat.com/security/cve/CVE-2021-36160  
https://access.redhat.com/security/cve/CVE-2021-39275  
https://access.redhat.com/security/cve/CVE-2021-44224  
https://access.redhat.com/security/cve/CVE-2022-22719  
https://access.redhat.com/security/cve/CVE-2022-22721  
https://access.redhat.com/security/cve/CVE-2022-23943  
https://access.redhat.com/security/cve/CVE-2022-26377  
https://access.redhat.com/security/cve/CVE-2022-28614  
https://access.redhat.com/security/cve/CVE-2022-28615  
https://access.redhat.com/security/cve/CVE-2022-29404  
https://access.redhat.com/security/cve/CVE-2022-30522  
https://access.redhat.com/security/cve/CVE-2022-30556  
https://access.redhat.com/security/cve/CVE-2022-31813  
https://access.redhat.com/security/updates/classification/#moderate  
https://access.redhat.com/articles/6975397

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYzXoqNzjgjWX9erEAQhSKA//d1V5w3Dbdd0R1QxlXMIweLpztJrkXpmN  
EY7WAFIMy0MG64KNjZFF5i4USpUlCm/tZX/fHZas4JjhZBqLxNSqsOdPeynDqp+8  
qZnnGiIhyO37S7x5v89VSaWngLpTi2f0d7RmJ05VJzAP8Q0a9cTqtIZiCsM18tTg  
BdoD1M/VWUhtPWCzgXiQVI8yF44IOenN2095OCv1Vxc3kiwQdbWcd7Uqz2TgVQ1m  
qeqh9AHqaDTwHVM9Ipj5oGp1Ue5zsyAEd77ClBCAzP3p7bWucfTErDrUSE3/hkDm  
H8BlPVPaOsRv0poFvvCODQhccC2bFc3uxoKzfSx+/WwkrU7vO/5/npmOfcwKfvBQ  
FYqhqADiUcfpJGENligpNAHLI+Pijrl2Tfwl0XbDa8+7KXQ0T75VG3Gq7dFlPcUm  
965hFguLI0es2FpGcJldEqsc1XJxdkPmzTYhqDWLLED5X72dwQdtKwhMaFFVctK+  
KyspQqaci6bVr9ETF89r0ZBmnxXjSIY7/ijySy0KnldW25t+ZGmLV4pM3CYb7ZVz  
qEm9I/oRD0JB/4C5Bk9j5nWF3gzE2MhYfeepqINGIbfvNPiP8G2LFL/CEz46isF9  
rFUT/az/p5mdNEwwe5GhEgLkpk0fhcZiAtJ4bGRcJ9YRURh5rrMPtXmXP5THoMau  
3VmN11LnfT4=  
=pvMD  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6753-01

Red Hat Security Advisory 2022-6755-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR5-FP15.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: java-1.7.1-ibm security update  
Advisory ID:       RHSA-2022:6755-01  
Product:           Red Hat Enterprise Linux Supplementary  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6755  
Issue date:        2022-09-29  
CVE Names:         CVE-2021-2163   
=====================================================================

1. Summary:

An update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux  
7 Supplementary.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client Supplementary (v. 7) - x86_64  
Red Hat Enterprise Linux ComputeNode Supplementary (v. 7) - x86_64  
Red Hat Enterprise Linux Server Supplementary (v. 7) - ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Workstation Supplementary (v. 7) - x86_64

3. Description:

IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment  
and the IBM Java Software Development Kit.

This update upgrades IBM Java SE 7 to version 7R1 SR5-FP15.

Security Fix(es):

* OpenJDK: Incomplete enforcement of JAR signing disabled algorithms  
(Libraries, 8249906) (CVE-2021-2163)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of IBM Java must be restarted for this update to take  
effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1951217 - CVE-2021-2163 OpenJDK: Incomplete enforcement of JAR signing disabled algorithms (Libraries, 8249906)

6. Package List:

Red Hat Enterprise Linux Client Supplementary (v. 7):

x86_64:  
java-1.7.1-ibm-1.7.1.5.15-1jpp.1.el7.x86_64.rpm  
java-1.7.1-ibm-demo-1.7.1.5.15-1jpp.1.el7.x86_64.rpm  
java-1.7.1-ibm-devel-1.7.1.5.15-1jpp.1.el7.x86_64.rpm  
java-1.7.1-ibm-jdbc-1.7.1.5.15-1jpp.1.el7.x86_64.rpm  
java-1.7.1-ibm-plugin-1.7.1.5.15-1jpp.1.el7.x86_64.rpm  
java-1.7.1-ibm-src-1.7.1.5.15-1jpp.1.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Supplementary (v. 7):

x86_64:  
java-1.7.1-ibm-1.7.1.5.15-1jpp.1.el7.x86_64.rpm  
java-1.7.1-ibm-demo-1.7.1.5.15-1jpp.1.el7.x86_64.rpm  
java-1.7.1-ibm-devel-1.7.1.5.15-1jpp.1.el7.x86_64.rpm  
java-1.7.1-ibm-src-1.7.1.5.15-1jpp.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 7):

ppc64:  
java-1.7.1-ibm-1.7.1.5.15-1jpp.1.el7.ppc64.rpm  
java-1.7.1-ibm-demo-1.7.1.5.15-1jpp.1.el7.ppc64.rpm  
java-1.7.1-ibm-devel-1.7.1.5.15-1jpp.1.el7.ppc64.rpm  
java-1.7.1-ibm-jdbc-1.7.1.5.15-1jpp.1.el7.ppc64.rpm  
java-1.7.1-ibm-src-1.7.1.5.15-1jpp.1.el7.ppc64.rpm

ppc64le:  
java-1.7.1-ibm-1.7.1.5.15-1jpp.1.el7.ppc64le.rpm  
java-1.7.1-ibm-demo-1.7.1.5.15-1jpp.1.el7.ppc64le.rpm  
java-1.7.1-ibm-devel-1.7.1.5.15-1jpp.1.el7.ppc64le.rpm  
java-1.7.1-ibm-jdbc-1.7.1.5.15-1jpp.1.el7.ppc64le.rpm  
java-1.7.1-ibm-src-1.7.1.5.15-1jpp.1.el7.ppc64le.rpm

s390x:  
java-1.7.1-ibm-1.7.1.5.15-1jpp.1.el7.s390x.rpm  
java-1.7.1-ibm-demo-1.7.1.5.15-1jpp.1.el7.s390x.rpm  
java-1.7.1-ibm-devel-1.7.1.5.15-1jpp.1.el7.s390x.rpm  
java-1.7.1-ibm-jdbc-1.7.1.5.15-1jpp.1.el7.s390x.rpm  
java-1.7.1-ibm-src-1.7.1.5.15-1jpp.1.el7.s390x.rpm

x86_64:  
java-1.7.1-ibm-1.7.1.5.15-1jpp.1.el7.x86_64.rpm  
java-1.7.1-ibm-demo-1.7.1.5.15-1jpp.1.el7.x86_64.rpm  
java-1.7.1-ibm-devel-1.7.1.5.15-1jpp.1.el7.x86_64.rpm  
java-1.7.1-ibm-jdbc-1.7.1.5.15-1jpp.1.el7.x86_64.rpm  
java-1.7.1-ibm-plugin-1.7.1.5.15-1jpp.1.el7.x86_64.rpm  
java-1.7.1-ibm-src-1.7.1.5.15-1jpp.1.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 7):

x86_64:  
java-1.7.1-ibm-1.7.1.5.15-1jpp.1.el7.x86_64.rpm  
java-1.7.1-ibm-demo-1.7.1.5.15-1jpp.1.el7.x86_64.rpm  
java-1.7.1-ibm-devel-1.7.1.5.15-1jpp.1.el7.x86_64.rpm  
java-1.7.1-ibm-jdbc-1.7.1.5.15-1jpp.1.el7.x86_64.rpm  
java-1.7.1-ibm-plugin-1.7.1.5.15-1jpp.1.el7.x86_64.rpm  
java-1.7.1-ibm-src-1.7.1.5.15-1jpp.1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-2163  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYzXoktzjgjWX9erEAQiErw//bfv2qMLbxalwolmuZf6CwMtjASrYej1Y  
eoK29TukbK9VlWclSIxhKkIsRJyO6QskB8tmAj+R93Kb+FvoWcGXxSXrPBFDTHjg  
Av9/gacyISbj4pvgGnfuAEq5OHIbhOG8N3VxeEMAFc+Gb+50mS7cVkrb57rGLbid  
3f8jTJrtzxekhhPc7cffJd44ef5TwtFip+u5lrEXS+JYnQpO9AeKv9GL7fvO+2eT  
+CDGrT5YVnZfNF48e8uQ1oiErNTO25ZXvdMCwBz6HhBt4mGne83Qah5Lq6xyh2vo  
EVYFUJZvqSXGKRj1uMhiP5rvfcnALNLLSDA5F95tunQ+VicN2sKM5Hz5XwnAbcYo  
dozIbWE3yvo1sVV1oTeRRuZJ/4MBkO9JQ7LwadY0ge1BQfmhfJqHztOSITKAPsYM  
HhWGz5BO0ogXPv1LE0MbifkLS6qsGdd/WWXJuDh4howpiwIm17fEB7DATA4tcZba  
EXXuBrKjtAUYEMLsP4ZwI8rU8MtbuW2O+HOiy308tJhE7dazpqyg9X3BivuO6vLe  
S2CP26SomuTJQoYu1NRp1PkLwzHLtZe7nf2W/10Z1MU/HD7mDQesgdYX5vnyusP6  
LMeHwUlel4a5x4wTM/eHBXegxskimA9ueiJAF314jSWFaEB5RcH1P5KRo5qlPzMe  
Wra6c6zvoGE=  
=WLeF  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6755-01

Red Hat Security Advisory 2022-6756-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR7-FP15.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: java-1.8.0-ibm security update  
Advisory ID:       RHSA-2022:6756-01  
Product:           Red Hat Enterprise Linux Supplementary  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6756  
Issue date:        2022-09-29  
CVE Names:         CVE-2021-2163   
=====================================================================

1. Summary:

An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux  
7 Supplementary.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client Supplementary (v. 7) - x86_64  
Red Hat Enterprise Linux ComputeNode Supplementary (v. 7) - x86_64  
Red Hat Enterprise Linux Server Supplementary (v. 7) - ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Workstation Supplementary (v. 7) - x86_64

3. Description:

IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM  
Java Software Development Kit.

This update upgrades IBM Java SE 8 to version 8 SR7-FP15.

Security Fix(es):

* OpenJDK: Incomplete enforcement of JAR signing disabled algorithms  
(Libraries, 8249906) (CVE-2021-2163)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of IBM Java must be restarted for this update to take  
effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1951217 - CVE-2021-2163 OpenJDK: Incomplete enforcement of JAR signing disabled algorithms (Libraries, 8249906)

6. Package List:

Red Hat Enterprise Linux Client Supplementary (v. 7):

x86_64:  
java-1.8.0-ibm-1.8.0.7.15-1jpp.1.el7.x86_64.rpm  
java-1.8.0-ibm-demo-1.8.0.7.15-1jpp.1.el7.x86_64.rpm  
java-1.8.0-ibm-devel-1.8.0.7.15-1jpp.1.el7.x86_64.rpm  
java-1.8.0-ibm-jdbc-1.8.0.7.15-1jpp.1.el7.x86_64.rpm  
java-1.8.0-ibm-plugin-1.8.0.7.15-1jpp.1.el7.x86_64.rpm  
java-1.8.0-ibm-src-1.8.0.7.15-1jpp.1.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Supplementary (v. 7):

x86_64:  
java-1.8.0-ibm-1.8.0.7.15-1jpp.1.el7.x86_64.rpm  
java-1.8.0-ibm-demo-1.8.0.7.15-1jpp.1.el7.x86_64.rpm  
java-1.8.0-ibm-devel-1.8.0.7.15-1jpp.1.el7.x86_64.rpm  
java-1.8.0-ibm-src-1.8.0.7.15-1jpp.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 7):

ppc64:  
java-1.8.0-ibm-1.8.0.7.15-1jpp.1.el7.ppc64.rpm  
java-1.8.0-ibm-demo-1.8.0.7.15-1jpp.1.el7.ppc64.rpm  
java-1.8.0-ibm-devel-1.8.0.7.15-1jpp.1.el7.ppc64.rpm  
java-1.8.0-ibm-jdbc-1.8.0.7.15-1jpp.1.el7.ppc64.rpm  
java-1.8.0-ibm-plugin-1.8.0.7.15-1jpp.1.el7.ppc64.rpm  
java-1.8.0-ibm-src-1.8.0.7.15-1jpp.1.el7.ppc64.rpm

ppc64le:  
java-1.8.0-ibm-1.8.0.7.15-1jpp.1.el7.ppc64le.rpm  
java-1.8.0-ibm-demo-1.8.0.7.15-1jpp.1.el7.ppc64le.rpm  
java-1.8.0-ibm-devel-1.8.0.7.15-1jpp.1.el7.ppc64le.rpm  
java-1.8.0-ibm-jdbc-1.8.0.7.15-1jpp.1.el7.ppc64le.rpm  
java-1.8.0-ibm-src-1.8.0.7.15-1jpp.1.el7.ppc64le.rpm

s390x:  
java-1.8.0-ibm-1.8.0.7.15-1jpp.1.el7.s390x.rpm  
java-1.8.0-ibm-demo-1.8.0.7.15-1jpp.1.el7.s390x.rpm  
java-1.8.0-ibm-devel-1.8.0.7.15-1jpp.1.el7.s390x.rpm  
java-1.8.0-ibm-jdbc-1.8.0.7.15-1jpp.1.el7.s390x.rpm  
java-1.8.0-ibm-src-1.8.0.7.15-1jpp.1.el7.s390x.rpm

x86_64:  
java-1.8.0-ibm-1.8.0.7.15-1jpp.1.el7.x86_64.rpm  
java-1.8.0-ibm-demo-1.8.0.7.15-1jpp.1.el7.x86_64.rpm  
java-1.8.0-ibm-devel-1.8.0.7.15-1jpp.1.el7.x86_64.rpm  
java-1.8.0-ibm-jdbc-1.8.0.7.15-1jpp.1.el7.x86_64.rpm  
java-1.8.0-ibm-plugin-1.8.0.7.15-1jpp.1.el7.x86_64.rpm  
java-1.8.0-ibm-src-1.8.0.7.15-1jpp.1.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 7):

x86_64:  
java-1.8.0-ibm-1.8.0.7.15-1jpp.1.el7.x86_64.rpm  
java-1.8.0-ibm-demo-1.8.0.7.15-1jpp.1.el7.x86_64.rpm  
java-1.8.0-ibm-devel-1.8.0.7.15-1jpp.1.el7.x86_64.rpm  
java-1.8.0-ibm-jdbc-1.8.0.7.15-1jpp.1.el7.x86_64.rpm  
java-1.8.0-ibm-plugin-1.8.0.7.15-1jpp.1.el7.x86_64.rpm  
java-1.8.0-ibm-src-1.8.0.7.15-1jpp.1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-2163  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYzXohdzjgjWX9erEAQjSIQ/+JPChI4owRfqyX9VBJHefA8NmSeaAUZ/v  
RBlnbwb1uXexx+o/1FmpS/k8Ek+zoSXrSyUFXzyrUf15ID2dE2zFRfeQCJPdYQBP  
KKIwVBA3xdEJYSDfa79UTrH6P+GkFLUM7guBi76oDlxCS9Bh1UTXX+b330JfphvI  
wbAMG1/19phYpsiTAkYoEIQ/bm/mFJ357wOUQ/KT/PmIYUWWyK3707I5lMfb2Upl  
3keXXpdpF0YkAbNsvNv3TXi3IDVcr6HlOtfcfFQGOXxGwiBn1Q/xovjssB7WIKRV  
BKDV2fQpJmpWOpOZ1xyqcgRKvOXJNTcfZpMJ9tVYZUOZ4XcSGIZYGnD91hlaRruu  
n4Zcs72tokXejzo/Ud/CttPUOeYzgzuBF0eH0CBpBXLDrTt1BrZjzo2HQPCF/Qw1  
Sg3odEw3mThhKHaxi7y7JVD8aQgPARc/7fLbhSItVTFHDvu74AMWEDKbgwQiQHuZ  
U6VUkTwNIsFTn6GLlGrhfKDg/UxcLd1nGlN02Cd0AesxZHCQVTtSxTXDXIuIR2j8  
aUy49//IiAiWOYCSWPHZUUjZh3csszK6mHy+D8qN8fS/1EItDJXpqauaCvwg3Rt4  
+gWKu4OlbY5UnjX31Ql5LMZGVWK0fq6CKKBFg7SvxeK6EGgHVKpppJ+0wLfMhtGJ  
AxE+e0NaLOU=  
=E3UK  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6756-01

Threat actors have been found deploying never-before-seen post-compromise implants in VMware's virtualization software to seize control of infected systems and evade detection.
Google's Mandiant threat intelligence division referred to it as a "novel malware ecosystem" that impacts VMware ESXi, Linux vCenter servers, and Windows virtual machines, allowing attackers to maintain persistent access

Threat actors have been found deploying never-before-seen post-compromise implants in VMware's virtualization software to seize control of infected systems and evade detection.

Google's Mandiant threat intelligence division referred to it as a "novel malware ecosystem" that impacts VMware ESXi, Linux vCenter servers, and Windows virtual machines, allowing attackers to maintain persistent access to the hypervisor as well as execute arbitrary commands.

The hyperjacking attacks, per the cybersecurity vendor, involved the use of malicious vSphere Installation Bundles (VIBs) to sneak in two implants, dubbed VIRTUALPITA and VIRTUALPIE, on the ESXi hypervisors.

"It is important to highlight that this is not an external remote code execution vulnerability; the attacker needs admin-level privileges to the ESXi hypervisor before they can deploy malware," Mandiant researchers Alexander Marvi, Jeremy Koppen, Tufail Ahmed, and Jonathan Lepore said in an exhaustive two-part report.

There is no evidence that a zero-day vulnerability was exploited to gain access to ESXi servers. That said, the use of trojanized VIBs, a software package format used to facilitate software distribution and virtual machine management, points to a new level of sophistication.

"This malware differs in that it supports remaining both persistent and covert, which is consistent with the goals of larger threat actors and APT groups who target strategic institutions with the intention of dwelling undetected for some time," VMware disclosed.

While VIRTUALPITA comes with capabilities to execute commands as well as carry out file upload and download, VIRTUALPIE is a Python backdoor with support for command line execution, file transfer, and reverse shell features.

Also uncovered is a malware sample called VIRTUALGATE in Windows guest virtual machines, which is a C-based utility program that executes an embedded payload capable of using VMware's virtual machine communication interface (VMCI) sockets to run commands on a guest virtual machine from a hypervisor host.

Mandiant also warned that the campaign's techniques to get around traditional security controls by exploiting virtualization software represent a new attack surface that's likely to be picked up by other hacker groups.

The attacks have been attributed to an uncategorized, emerging threat cluster codenamed UNC3886, whose motivation is likely to be espionage-driven considering the highly targeted nature of the intrusions. It further assessed with low confidence that UNC3886 has a China-nexus.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Tag

#linux