Alternative cloud providers offer streamlined capabilities for penetration testing, including more accessible tools, easy deployment, and affordable pricing.

Cloud data breaches are on the rise. In 2022, 45% of organizations reported a breach or compliance audit failure, representing a 5% increase from the year before. And just 11% reported that more than 80% of their sensitive data in the cloud is encrypted. With the help of red-team penetration testing, infosec developers have the ability to patch vulnerabilities before they reach end users. And as attacks continue to expand, red-team activities in the cloud are an absolute must for most organizations, and take up a growing chunk of infosec developers' time.

As a crucial layer of protection for businesses, infosec teams need technologies that make their work easier. Yet today, many cloud providers make security complex by overcomplicating either the deployment of required infrastructure or the pricing structure. This has to change. It's time for cloud providers to empower infosec developers with the right tools, platforms, and pricing to support essential testing and security work. Or risk breaches that cost money, reputation, and time.

**Companies Deserve Full Capabilities and Affordable Costs**

Security starts with the right strategy and tool set. When it comes to red-team activities, Kali is a top choice. A lightweight Linux distribution, Kali is open source and Debian-based, with a full suite of security testing tools. But Kali can be hard to use on some of the most popular cloud providers, like Amazon Web Services (AWS).

For one thing, deploying Kali Linux onto a cloud instance can be tedious and time consuming, especially if installing directly from an ISO using workarounds or exporting from a local VM. For example, though a penetration tester can set up a Kali Linux instance on Amazon's cloud, it's only available as an Amazon Machine Image (AMI) that runs Kali Linux on the Amazon Marketplace. This image doesn't include the full range of Kali's capabilities.

In addition to a challenging manual setup process, companies also need to grapple with pricing complexity — a problem that doesn't just affect finance teams but trickles down to developers too. Depending on the scope, size, and thoroughness of the engagement, penetration testing may require many instances and significant amounts of egress. On major cloud providers, these needs can run up a large bill. On top of that, pricing complexity may make these costs difficult to accurately estimate, placing an unfair responsibility on infosec professionals, developers, and business owners that may be expected to foresee (and prevent) high price tags.

While enterprise companies may not be concerned about these factors — they may have massive infosec teams to handle setup and deep pockets to deal with costs — small businesses will likely be more wary. As they grapple with a talent shortage and relatively tight budgets, they need partners that can support them in a different, more holistic way. Enter alternative cloud providers.

Though Kali is widely available, deploying it with a partner that offers deeper functionality and more thorough support at a fair cost is simply more practical, especially for SMBs. For security professionals in the cloud space to get the most of Kali, it must be offered as an officially supported distribution that can easily be deployed on any cloud instance. This ensures that the full range of testing opportunities and configurations supported by Kali Linux can easily run in the cloud. Akamai Linode offers Kali this way, giving end users access not only via the distribution but also as an app in Linode's marketplace. Another key differentiator is that alternative providers typically offer a higher level of support than other providers, helping SMBs tackle that tough initial setup, often with no added costs.

Pricing in general, not just for support, is more accessible through alternative providers as well. These players not only have more predictable, transparent costs thanks to flat rates, but some — like Linode — have generous transfer allowances and comparatively low overage costs. That's game-changing for penetration testers that deal with plenty of egress. Without worry about incurring significant extra costs, they can freely run the testing they need to protect their organizations.

**Consider Alternative Cloud Providers for Security Testing**

Every organization using cloud, no matter how small, should be doing security testing: cloud misconfiguration is the initial attack vector for 15% of all data breaches. And with breaches costing companies as much as $4 million dollars, they simply can't afford the risk.

As threats continue to grow, thorough and well-honed penetration testing is more important now than ever. And infosec teams need support. Let's arm these vital teams with key tools, easier deployment, and clearer, more affordable pricing schemes.

**About the Author**

    

Billy Thompson is a Solutions Engineering Manager on Akamai, Linode Compute, helping customers design portable architectures, and deploy them at scale for technical and business teams. Billy holds a degree in information security and has a special interest in IaC, Kubernetes, big data engineering, and Python and Rust programming languages. He is a longtime Arch Linux user and vegan, and never knows which to tell people first. Outside of work, he studies jujitsu, muay thai, and boxing. He also volunteers at his home for fostering and acclimating rescue dogs.

For Penetration Security Testing, Alternative Cloud Offers Something Others Don't

By Deeba Ahmed
Other iPhone apps using in-app browsers were also tested in the research but TikTok was the only app to monitor keystrokes.
This is a post from HackRead.com Read the original post: TikTok’s In-App Browser Can Monitor Your Activity on External Websites

Security researcher and software engineer Felix Krause has revealed startling details about popular applications and explained how these apps track and collect user data through in-app browsers.

In his research, Krause examined the codes injected into a website to monitor user activity, including the links clicked or ads checked when the site is opened through an app.

**About Felix Krause**

The Vienna-based Krause is the founder of Fastlane- an app-testing company acquired by Google in 2017. The researcher is known for his research work highlighting privacy flaws in smartphone devices.

For instance, **in October 2017**, Krause revealed that any rogue app on iPhone could use the device’s camera to spy on the user secretly by abusing the permission by default and using both front and rear cameras for malicious purposes.

The same year, the **researcher revealed** how cybercriminals could use iPhone’s pop-up dialog boxes to carry out phishing attacks so that unsuspecting users could be tricked into providing their Apple ID passwords. 

**Research Analysis**

To validate his findings, Krause assessed several different apps, including TikTok. When he clicked a link in the TikTok app, it opened via the platform’s in-app browser instead of the default one. This indicated that TikTok’s in-app browser could monitor user activity on the external sites user access via TikTok.

What happens is that the app inserts a code into the site to modify its functionality, allowing it to monitor crucial user activities such as keystrokes or capture persona; data such as passwords or credit card numbers.

Credit: Felix Krause

Speaking with Forbes, Krause stated that this seems to be an “active choice” of the company. “This is a non-trivial engineering task. This does not happen by mistake or randomly,” Krause added.

Overall, Krause **examined** seven iPhone apps using in-app browsers, including Facebook, Instagram, Facebook Messenger, Snapchat, Robinhood, and Amazon, apart from TikTok. He identified that TikTok was the only app to monitor keystrokes, whereas Instagram could monitor phone taps and images the user clicks on.

However, TikTok claims this feature is disabled, and the in-app browser cannot log keystrokes. But this system’s presence is a red flag as it can pose a huge risk for users and impact their confidence in e-commerce.

Credit: Felix Krause

**TikTok’s Response**

TikTok is yet to respond to these findings. The company’s representative, Maureen Shanahan, admitted that these features are present in the app’s code, but TikTok never used them to monitor user activities.

Shanahan also stated that they use the in-app browser to enhance user experience, and the JavaScript code is used for “debugging troubleshooting, and performance monitoring of that experience.”

The rep claims that the in-app browser is there to check how fast a page loads and if it crashes or not.

Furthermore, the company stated that the code is part of a third-party SDK (software development kit) used to maintain/build apps. However, TikTok noted that they don’t use many of this SDK’s features.

This is not the first time when TikTok has made headlines over privacy concerns. **In August 2020**, Wall Street Journal accused the Chinese social media giant of collecting MAC addresses and unique identifiers of its users on Android devices and sending them to Byte Dance, its parent company.

1.  **US Military Bans TikTok over privacy concerns**
2.  **TikTok vulnerability allowed hackers to send SMS with malware**
3.  **New smishing scam spreads fake TikTok App loaded with malware**
4.  **TikTok vulnerability allowed hackers to access users’ phone numbers**
5.  **TikTokers promoted adware apps; earned half a million dollars in profit**

TikTok’s In-App Browser Can Monitor Your Activity on External Websites

Secureworks’ Nash Borges describes how his team has applied AI and ML to threat detection.

The marketing hyperbole is plenty loud when it comes to artificial intelligence and its subset, machine learning, in the SOC and data center, and Secureworks’ Nash Borges offers a reality check on the emerging technologies. Borges takes a deeper cut at what it takes to add AI into the technology mix in a SOC. In a practical example, he describes how his team has applied AI and ML to threat detection. Borges also addresses whether AI is the panacea it’s built up to be for security management.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Secureworks: How To Distinguish Hype From Reality With AI in SecOps

Gentoo Linux Security Advisory 202208-34 - Multiple vulnerabilities have been discovered in Apache Tomcat, the worst of which could result in denial of service. Versions less than 8.5.82:8.5 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202208-34  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Low  
    Title: Apache Tomcat: Multiple Vulnerabilities  
     Date: August 21, 2022  
     Bugs: #773571, #801916, #818160, #855971  
       ID: 202208-34

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in Apache Tomcat, the  
worst of which could result in denial of service.

Background  
=========  
Apache Tomcat is a Servlet-3.0/JSP-2.2 Container.

Affected packages  
================  
    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  www-servers/tomcat         < 8.5.82:8.5              >= 8.5.82:8.5  
                                < 9.0.65:9                >= 9.0.65:9  
                                < 10.0.23:10              >= 10.0.23:10

Description  
==========  
Multiple vulnerabilities have been discovered in Apache Tomcat. Please  
review the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All Apache Tomcat 10.x users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-servers/tomcat-10.0.23:10"

All Apache Tomcat 9.x users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-servers/tomcat-9.0.65:9"

All Apache Tomcat 8.5.x users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-servers/tomcat-8.5.82:8.5"

References  
=========  
[ 1 ] CVE-2021-25122  
      https://nvd.nist.gov/vuln/detail/CVE-2021-25122  
[ 2 ] CVE-2021-25329  
      https://nvd.nist.gov/vuln/detail/CVE-2021-25329  
[ 3 ] CVE-2021-30639  
      https://nvd.nist.gov/vuln/detail/CVE-2021-30639  
[ 4 ] CVE-2021-30640  
      https://nvd.nist.gov/vuln/detail/CVE-2021-30640  
[ 5 ] CVE-2021-33037  
      https://nvd.nist.gov/vuln/detail/CVE-2021-33037  
[ 6 ] CVE-2021-42340  
      https://nvd.nist.gov/vuln/detail/CVE-2021-42340  
[ 7 ] CVE-2022-34305  
      https://nvd.nist.gov/vuln/detail/CVE-2022-34305

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202208-34

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202208-34

Gentoo Linux Security Advisory 202208-35 - Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions less than 104.0.5112.101 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202208-35  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities  
     Date: August 21, 2022  
     Bugs: #858104, #859442, #863512, #865501, #864723  
       ID: 202208-35

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been found in Chromium and its  
derivatives, the worst of which could result in remote code execution.

Background  
=========  
Chromium is an open-source browser project that aims to build a safer,  
faster, and more stable way for all users to experience the web.

Google Chrome is one fast, simple, and secure browser for all your  
devices.

Microsoft Edge is a browser that combines a minimal design with  
sophisticated technology to make the web faster, safer, and easier.

Affected packages  
================  
    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  www-client/chromium        < 104.0.5112.101    >= 104.0.5112.101  
  2  www-client/chromium-bin    < 104.0.5112.101    >= 104.0.5112.101  
  3  www-client/google-chrome   < 104.0.5112.101    >= 104.0.5112.101  
  4  www-client/microsoft-edge  < 104.0.1293.63      >= 104.0.1293.63

Description  
==========  
Multiple vulnerabilities have been discovered in Chromium and its  
derivatives. Please review the CVE identifiers referenced below for  
details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All Chromium users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/chromium-104.0.5112.101"

All Chromium binary users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/chromium-bin-104.0.5112.101"

All Google Chrome users should upgrade to tha latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/google-chrome-104.0.5112.101"

All Microsoft Edge users should upgrade to tha latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/microsoft-edge-104.0.1293.63"

References  
=========  
[ 1 ] CVE-2022-2163  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2163  
[ 2 ] CVE-2022-2294  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2294  
[ 3 ] CVE-2022-2295  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2295  
[ 4 ] CVE-2022-2296  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2296  
[ 5 ] CVE-2022-2477  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2477  
[ 6 ] CVE-2022-2478  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2478  
[ 7 ] CVE-2022-2479  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2479  
[ 8 ] CVE-2022-2480  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2480  
[ 9 ] CVE-2022-2481  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2481  
[ 10 ] CVE-2022-2603  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2603  
[ 11 ] CVE-2022-2604  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2604  
[ 12 ] CVE-2022-2605  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2605  
[ 13 ] CVE-2022-2606  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2606  
[ 14 ] CVE-2022-2607  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2607  
[ 15 ] CVE-2022-2608  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2608  
[ 16 ] CVE-2022-2609  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2609  
[ 17 ] CVE-2022-2610  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2610  
[ 18 ] CVE-2022-2611  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2611  
[ 19 ] CVE-2022-2612  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2612  
[ 20 ] CVE-2022-2613  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2613  
[ 21 ] CVE-2022-2614  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2614  
[ 22 ] CVE-2022-2615  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2615  
[ 23 ] CVE-2022-2616  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2616  
[ 24 ] CVE-2022-2617  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2617  
[ 25 ] CVE-2022-2618  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2618  
[ 26 ] CVE-2022-2619  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2619  
[ 27 ] CVE-2022-2620  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2620  
[ 28 ] CVE-2022-2621  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2621  
[ 29 ] CVE-2022-2622  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2622  
[ 30 ] CVE-2022-2623  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2623  
[ 31 ] CVE-2022-2624  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2624  
[ 32 ] CVE-2022-2852  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2852  
[ 33 ] CVE-2022-2853  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2853  
[ 34 ] CVE-2022-2854  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2854  
[ 35 ] CVE-2022-2855  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2855  
[ 36 ] CVE-2022-2856  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2856  
[ 37 ] CVE-2022-2857  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2857  
[ 38 ] CVE-2022-2858  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2858  
[ 39 ] CVE-2022-2859  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2859  
[ 40 ] CVE-2022-2860  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2860  
[ 41 ] CVE-2022-2861  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2861  
[ 42 ] CVE-2022-33636  
      https://nvd.nist.gov/vuln/detail/CVE-2022-33636  
[ 43 ] CVE-2022-33649  
      https://nvd.nist.gov/vuln/detail/CVE-2022-33649  
[ 44 ] CVE-2022-35796  
      https://nvd.nist.gov/vuln/detail/CVE-2022-35796

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202208-35

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202208-35

Gentoo Linux Security Advisory 202208-33 - A vulnerability has been found in libcroco which could result in denial of service. Versions less than 0.6.13 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202208-33  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: Gnome Shell, gettext, libcroco: Multiple Vulnerabilities  
     Date: August 21, 2022  
     Bugs: #722752, #755848, #769998  
       ID: 202208-33

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
A vulnerability has been found in libcroco which could result in denial  
of service.

Background  
=========  
GNOME Shell provides core user interface functions for the GNOME  
desktop, like switching to windows and launching applications.

gettext contains the GNU locale utilities.

libcroco is a standalone CSS2 parsing and manipulation library.

Affected packages  
================  
    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  dev-libs/libcroco          < 0.6.13                    >= 0.6.13  
  2  gnome-base/gnome-shell     < 3.36.7                    >= 3.36.7  
  3  sys-devel/gettext          < 0.21                        >= 0.21

Description  
==========  
The cr_parser_parse_any_core function in libcroco's cr-parser.c does not  
limit recursion, leading to a denial of service via a stack overflow  
when trying to parse crafted CSS.

Gnome Shell and gettext bundle libcroco in their own sources and thus  
are potentially vulnerable as well.

Impact  
=====  
An attacker with control over the input to the library can cause a denial of service.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All gettext users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=sys-devel/gettext-0.21"

All Gnome Shell users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=gnome-base/gnome-shell-3.36.7"

All libcroco users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">Þv-libs/libcroco-0.6.13"

References  
=========  
[ 1 ] CVE-2020-12825  
      https://nvd.nist.gov/vuln/detail/CVE-2020-12825

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202208-33

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202208-33

Gentoo Linux Security Advisory 202208-32 - Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service. Versions less than 9.0.0060 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202208-32  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Low  
    Title: Vim, gVim: Multiple Vulnerabilities  
     Date: August 21, 2022  
     Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231  
       ID: 202208-32

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in Vim, the worst of which  
could result in denial of service.

Background  
=========  
Vim is an efficient, highly configurable improved version of the classic  
‘vi’ text editor. gVim is the GUI version of Vim.

Affected packages  
================  
    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  app-editors/gvim           < 9.0.0060                >= 9.0.0060  
  2  app-editors/vim            < 9.0.0060                >= 9.0.0060  
  3  app-editors/vim-core       < 9.0.0060                >= 9.0.0060

Description  
==========  
Multiple vulnerabilities have been discovered in Vim and gVim. Please  
review the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All Vim users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"

All gVim users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"

All vim-core users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"

References  
=========  
[ 1 ] CVE-2021-3770  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3770  
[ 2 ] CVE-2021-3778  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3778  
[ 3 ] CVE-2021-3796  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3796  
[ 4 ] CVE-2021-3872  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3872  
[ 5 ] CVE-2021-3875  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3875  
[ 6 ] CVE-2021-3927  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3927  
[ 7 ] CVE-2021-3928  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3928  
[ 8 ] CVE-2021-3968  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3968  
[ 9 ] CVE-2021-3973  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3973  
[ 10 ] CVE-2021-3974  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3974  
[ 11 ] CVE-2021-3984  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3984  
[ 12 ] CVE-2021-4019  
      https://nvd.nist.gov/vuln/detail/CVE-2021-4019  
[ 13 ] CVE-2021-4069  
      https://nvd.nist.gov/vuln/detail/CVE-2021-4069  
[ 14 ] CVE-2021-4136  
      https://nvd.nist.gov/vuln/detail/CVE-2021-4136  
[ 15 ] CVE-2021-4166  
      https://nvd.nist.gov/vuln/detail/CVE-2021-4166  
[ 16 ] CVE-2021-4173  
      https://nvd.nist.gov/vuln/detail/CVE-2021-4173  
[ 17 ] CVE-2021-4187  
      https://nvd.nist.gov/vuln/detail/CVE-2021-4187  
[ 18 ] CVE-2021-4192  
      https://nvd.nist.gov/vuln/detail/CVE-2021-4192  
[ 19 ] CVE-2021-4193  
      https://nvd.nist.gov/vuln/detail/CVE-2021-4193  
[ 20 ] CVE-2021-46059  
      https://nvd.nist.gov/vuln/detail/CVE-2021-46059  
[ 21 ] CVE-2022-0128  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0128  
[ 22 ] CVE-2022-0156  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0156  
[ 23 ] CVE-2022-0158  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0158  
[ 24 ] CVE-2022-0213  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0213  
[ 25 ] CVE-2022-0261  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0261  
[ 26 ] CVE-2022-0318  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0318  
[ 27 ] CVE-2022-0319  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0319  
[ 28 ] CVE-2022-0351  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0351  
[ 29 ] CVE-2022-0359  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0359  
[ 30 ] CVE-2022-0361  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0361  
[ 31 ] CVE-2022-0368  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0368  
[ 32 ] CVE-2022-0392  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0392  
[ 33 ] CVE-2022-0393  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0393  
[ 34 ] CVE-2022-0407  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0407  
[ 35 ] CVE-2022-0408  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0408  
[ 36 ] CVE-2022-0413  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0413  
[ 37 ] CVE-2022-0417  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0417  
[ 38 ] CVE-2022-0443  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0443  
[ 39 ] CVE-2022-0554  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0554  
[ 40 ] CVE-2022-0629  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0629  
[ 41 ] CVE-2022-0685  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0685  
[ 42 ] CVE-2022-0714  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0714  
[ 43 ] CVE-2022-0729  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0729  
[ 44 ] CVE-2022-0943  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0943  
[ 45 ] CVE-2022-1154  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1154  
[ 46 ] CVE-2022-1160  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1160  
[ 47 ] CVE-2022-1381  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1381  
[ 48 ] CVE-2022-1420  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1420  
[ 49 ] CVE-2022-1616  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1616  
[ 50 ] CVE-2022-1619  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1619  
[ 51 ] CVE-2022-1620  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1620  
[ 52 ] CVE-2022-1621  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1621  
[ 53 ] CVE-2022-1629  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1629  
[ 54 ] CVE-2022-1674  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1674  
[ 55 ] CVE-2022-1720  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1720  
[ 56 ] CVE-2022-1733  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1733  
[ 57 ] CVE-2022-1735  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1735  
[ 58 ] CVE-2022-1769  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1769  
[ 59 ] CVE-2022-1771  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1771  
[ 60 ] CVE-2022-1785  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1785  
[ 61 ] CVE-2022-1796  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1796  
[ 62 ] CVE-2022-1851  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1851  
[ 63 ] CVE-2022-1886  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1886  
[ 64 ] CVE-2022-1897  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1897  
[ 65 ] CVE-2022-1898  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1898  
[ 66 ] CVE-2022-1927  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1927  
[ 67 ] CVE-2022-1942  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1942  
[ 68 ] CVE-2022-1968  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1968  
[ 69 ] CVE-2022-2000  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2000  
[ 70 ] CVE-2022-2042  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2042  
[ 71 ] CVE-2022-2124  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2124  
[ 72 ] CVE-2022-2125  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2125  
[ 73 ] CVE-2022-2126  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2126  
[ 74 ] CVE-2022-2129  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2129  
[ 75 ] CVE-2022-2175  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2175  
[ 76 ] CVE-2022-2182  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2182  
[ 77 ] CVE-2022-2183  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2183  
[ 78 ] CVE-2022-2206  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2206  
[ 79 ] CVE-2022-2207  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2207  
[ 80 ] CVE-2022-2208  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2208  
[ 81 ] CVE-2022-2210  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2210  
[ 82 ] CVE-2022-2231  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2231  
[ 83 ] CVE-2022-2257  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2257  
[ 84 ] CVE-2022-2264  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2264  
[ 85 ] CVE-2022-2284  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2284  
[ 86 ] CVE-2022-2285  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2285  
[ 87 ] CVE-2022-2286  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2286  
[ 88 ] CVE-2022-2287  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2287  
[ 89 ] CVE-2022-2288  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2288  
[ 90 ] CVE-2022-2289  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2289  
[ 91 ] CVE-2022-2304  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2304  
[ 92 ] CVE-2022-2343  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2343  
[ 93 ] CVE-2022-2344  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2344  
[ 94 ] CVE-2022-2345  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2345

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202208-32

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202208-32

There is an out-of-bounds write vulnerability when decoding a certain flavor of RAW image files on macOS. The vulnerability has been confirmed on macOS 12.3.1. Although the advisory notes an attached poc, Google did not have one attached.

    MacOS: Out-of-bounds write in RawCameraThere is an out-of-bounds write vulnerability when decoding a certain flavor of RAW image files on macOS. The vulnerability has been confirmed on macOS 12.3.1.A zipped proof of concept file is attached. The easiest way to demonstrate the vulnerability is doubleclick the crash.raw file to open it in Preview, after which Preview will crash with the call stack provided below.Process 2146 stopped* thread #4, queue = 'ProviderImageSurfaceCacheQueue', stop reason = EXC_BAD_ACCESS (code=1, address=0x123971000)    frame #0: 0x00007ff91009f0a5 RawCamera`___lldb_unnamed_symbol2861$$RawCamera + 8643RawCamera`___lldb_unnamed_symbol2861$$RawCamera:->  0x7ff91009f0a5 <+8643>: movw   %ax, (%rcx)    0x7ff91009f0a8 <+8646>: movzbl -0x2(%rbx,%r14), %eax    0x7ff91009f0ae <+8652>: movzbl -0x2(%rbx,%r12), %ecx    0x7ff91009f0b4 <+8658>: shlq   $0x8, %raxTarget 0: (Preview) stopped.(lldb) bt* thread #4, queue = 'ProviderImageSurfaceCacheQueue', stop reason = EXC_BAD_ACCESS (code=1, address=0x123971000)  * frame #0: 0x00007ff91009f0a5 RawCamera`___lldb_unnamed_symbol2861$$RawCamera + 8643    frame #1: 0x00007ff9100a0047 RawCamera`___lldb_unnamed_symbol2866$$RawCamera + 563    frame #2: 0x00007ff90ffda53b RawCamera`___lldb_unnamed_symbol441$$RawCamera + 361    frame #3: 0x00007ff91006b69e RawCamera`___lldb_unnamed_symbol2032$$RawCamera + 109    frame #4: 0x00007ff80c733dfd CoreImage`__103-[CIImage(CIImageProvider) _initWithImageProvider:width:height:format:colorSpace:surfaceCache:options:]_block_invoke + 47    frame #5: 0x00007ff80c955f67 CoreImage`invocation function for block in CI::ProviderNode::surfaceForROI(CI::Context const*, CGRect const&) const + 197    frame #6: 0x00007ff80c6f2d80 CoreImage`SurfaceApplyPlaneBlock + 381    frame #7: 0x00007ff80c955e9c CoreImage`invocation function for block in CI::ProviderNode::surfaceForROI(CI::Context const*, CGRect const&) const + 87    frame #8: 0x00007ff80c725e89 CoreImage`invocation function for block in CI::SurfaceCacheEntry::fillAsync() + 114    frame #9: 0x00007ff8032920cc libdispatch.dylib`_dispatch_call_block_and_release + 12    frame #10: 0x00007ff803293317 libdispatch.dylib`_dispatch_client_callout + 8    frame #11: 0x00007ff803299317 libdispatch.dylib`_dispatch_lane_serial_drain + 672    frame #12: 0x00007ff803299e30 libdispatch.dylib`_dispatch_lane_invoke + 417    frame #13: 0x00007ff8032a3eee libdispatch.dylib`_dispatch_workloop_worker_thread + 753    frame #14: 0x00007ff80344afd0 libsystem_pthread.dylib`_pthread_wqthread + 326    frame #15: 0x00007ff803449f57 libsystem_pthread.dylib`start_wqthread + 15This bug is subject to a 90-day disclosure deadline. If a fix for thisissue is made available to users before the end of the 90-day deadline,this bug report will become public 30 days after the fix was madeavailable. Otherwise, this bug report will become public at the deadline.The scheduled deadline is 2022-07-27.Related CVE Numbers: CVE-2022-32802.Found by: ifratric@google.com

macOS RawCamera Out-Of-Bounds Write

A flaw was found in cluster-ingress-operator. A change to how the router-default service allows only certain IP source ranges could allow an attacker to access resources that would otherwise be restricted to specified IP ranges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability..

@@ -4,11 +4,7 @@ import ( "context" "fmt"  
"github.com/google/go-cmp/cmp" "github.com/google/go-cmp/cmp/cmpopts"  
operatorv1 "github.com/openshift/api/operator/v1"  
"github.com/openshift/cluster-ingress-operator/pkg/manifests" "github.com/openshift/cluster-ingress-operator/pkg/operator/controller" oputil "github.com/openshift/cluster-ingress-operator/pkg/util" @@ -20,8 +16,6 @@ import (  
"k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"  
crclient "sigs.k8s.io/controller-runtime/pkg/client" )  
const ( @@ -92,7 +86,7 @@ const ( )  
var ( // InternalLBAnnotations maps platform to the annotation name and value // internalLBAnnotations maps platform to the annotation name and value // that tell the cloud provider that is associated with the platform // that the load balancer is internal. // @@ -124,16 +118,6 @@ var ( iksLBScopeAnnotation: iksLBScopePrivate, }, } // externalLBAnnotations maps platform to the annotation name and value // that tell the cloud provider that is associated with the platform // that the load balancer is external. This is the default for most // platforms; only platforms for which it is not the default need // entries in this map. externalLBAnnotations = map\[configv1.PlatformType\]map\[string\]string{ configv1.IBMCloudPlatformType: { iksLBScopeAnnotation: iksLBScopePublic, }, } )  
// ensureLoadBalancerService creates an LB service if one is desired but absent. @@ -157,46 +141,16 @@ func (r \*reconciler) ensureLoadBalancerService(ci \*operatorv1.IngressController, if err != nil { return false, nil, err }  
switch { case !wantLBS && !haveLBS: return false, nil, nil case !wantLBS && haveLBS: if deletedFinalizer, err := r.deleteLoadBalancerServiceFinalizer(currentLBService); err != nil { return true, currentLBService, fmt.Errorf("failed to remove finalizer from load balancer service: %v", err) } else if deletedFinalizer { haveLBS, currentLBService, err = r.currentLoadBalancerService(ci) if err != nil { return haveLBS, currentLBService, err } } if err := r.deleteLoadBalancerService(currentLBService, &crclient.DeleteOptions{}); err != nil { return true, currentLBService, err } return false, nil, nil case wantLBS && !haveLBS: if err := r.createLoadBalancerService(desiredLBService); err != nil { return false, nil, err } return r.currentLoadBalancerService(ci) case wantLBS && haveLBS: if deletedFinalizer, err := r.deleteLoadBalancerServiceFinalizer(currentLBService); err != nil { return true, currentLBService, fmt.Errorf("failed to remove finalizer from load balancer service: %v", err) } else if deletedFinalizer { haveLBS, currentLBService, err = r.currentLoadBalancerService(ci) if err != nil { return haveLBS, currentLBService, err } } if updated, err := r.updateLoadBalancerService(currentLBService, desiredLBService, platform); err != nil { return true, currentLBService, fmt.Errorf("failed to update load balancer service: %v", err) } else if updated { log.Info("updated load balancer service", "namespace", desiredLBService.Namespace, "name", desiredLBService.Name) return r.currentLoadBalancerService(ci) if wantLBS && !haveLBS { if err := r.client.Create(context.TODO(), desiredLBService); err != nil { return false, nil, fmt.Errorf("failed to create load balancer service %s/%s: %v", desiredLBService.Namespace, desiredLBService.Name, err) } log.Info("created load balancer service", "namespace", desiredLBService.Namespace, "name", desiredLBService.Name) return true, desiredLBService, nil }  
return true, currentLBService, nil // return haveLBS instead of forcing true here since // there is no guarantee that currentLBService != nil return haveLBS, currentLBService, nil }  
// desiredLoadBalancerService returns the desired LB service for a @@ -238,11 +192,6 @@ func desiredLoadBalancerService(ci \*operatorv1.IngressController, deploymentRef for name, value := range annotation { service.Annotations\[name\] = value } } else { annotation := externalLBAnnotations\[platform.Type\] for name, value := range annotation { service.Annotations\[name\] = value } } switch platform.Type { case configv1.AWSPlatformType: @@ -258,12 +207,17 @@ func desiredLoadBalancerService(ci \*operatorv1.IngressController, deploymentRef service.Annotations\[awsLBHealthCheckTimeoutAnnotation\] = awsLBHealthCheckTimeoutDefault service.Annotations\[awsLBHealthCheckUnhealthyThresholdAnnotation\] = awsLBHealthCheckUnhealthyThresholdDefault service.Annotations\[awsLBHealthCheckHealthyThresholdAnnotation\] = awsLBHealthCheckHealthyThresholdDefault case configv1.IBMCloudPlatformType: if !isInternal { service.Annotations\[iksLBScopeAnnotation\] = iksLBScopePublic } } // Azure load balancers are not customizable and are set to (2 fail @ 5s interval, 2 healthy) // GCP load balancers are not customizable and are set to (3 fail @ 8s interval, 1 healthy) }  
service.SetOwnerReferences(\[\]metav1.OwnerReference{deploymentRef}) service.Finalizers = \[\]string{manifests.LoadBalancerServiceFinalizer} return true, service, nil }  
@@ -280,168 +234,11 @@ func (r \*reconciler) currentLoadBalancerService(ci \*operatorv1.IngressController return true, service, nil }  
// createLoadBalancerService creates a load balancer service. func (r \*reconciler) createLoadBalancerService(service \*corev1.Service) error { if err := r.client.Create(context.TODO(), service); err != nil { return fmt.Errorf("failed to create load balancer service %s/%s: %v", service.Namespace, service.Name, err) } log.Info("created load balancer service", "namespace", service.Namespace, "name", service.Name) return nil }  
// deleteLoadBalancerService deletes a load balancer service. func (r \*reconciler) deleteLoadBalancerService(service \*corev1.Service, options \*crclient.DeleteOptions) error { if err := r.client.Delete(context.TODO(), service, options); err != nil { if errors.IsNotFound(err) { return nil } return fmt.Errorf("failed to delete load balancer service %s/%s: %v", service.Namespace, service.Name, err) } log.Info("deleted load balancer service", "namespace", service.Namespace, "name", service.Name) return nil }  
// updateLoadBalancerService updates a load balancer service. Returns a Boolean // indicating whether the service was updated, and an error value. func (r \*reconciler) updateLoadBalancerService(current, desired \*corev1.Service, platform \*configv1.PlatformStatus) (bool, error) { changed, updated, needRecreate := loadBalancerServiceChanged(current, desired, platform) if !changed { return false, nil }  
if needRecreate { log.Info("load balancer scope changed, which requires deleting and recreating the load balancer", "namespace", updated.Namespace, "name", updated.Name, "platform", platform.Type) foreground := metav1.DeletePropagationForeground deleteOptions := crclient.DeleteOptions{PropagationPolicy: &foreground} if err := r.deleteLoadBalancerService(current, &deleteOptions); err != nil { return false, err } if err := r.createLoadBalancerService(updated); err != nil { return false, err } return true, nil }  
if err := r.client.Update(context.TODO(), updated); err != nil { return false, err } return true, nil }  
// loadBalancerServiceScopeChanged checks if the load balancer scope changed. func loadBalancerServiceScopeChanged(current, expected \*corev1.Service, platform \*configv1.PlatformStatus) bool { currentAnnotations := current.Annotations if currentAnnotations == nil { currentAnnotations = map\[string\]string{} } expectedAnnotations := expected.Annotations if expectedAnnotations == nil { expectedAnnotations = map\[string\]string{} } for name := range InternalLBAnnotations\[platform.Type\] { if currentAnnotations\[name\] != expectedAnnotations\[name\] { return true } } return false }  
// loadBalancerServiceChanged checks if the current load balancer service spec // matches the expected spec and if not returns an updated one. func loadBalancerServiceChanged(current, expected \*corev1.Service, platform \*configv1.PlatformStatus) (bool, \*corev1.Service, bool) { scopeChanged := loadBalancerServiceScopeChanged(current, expected, platform)  
serviceCmpOpts := \[\]cmp.Option{ // Ignore fields that the API, other controllers, or user may // have modified. cmpopts.IgnoreFields(corev1.ServicePort{}, "NodePort"), cmpopts.IgnoreFields(corev1.ServiceSpec{}, "ClusterIP", "ExternalIPs", "HealthCheckNodePort"), cmp.Comparer(cmpServiceAffinity), cmpopts.EquateEmpty(), } if !scopeChanged && cmp.Equal(current.Spec, expected.Spec, serviceCmpOpts...) { return false, nil, false }  
updated := current.DeepCopy() if updated.Annotations == nil { updated.Annotations = map\[string\]string{} } for name := range InternalLBAnnotations\[platform.Type\] { if v, ok := expected.Annotations\[name\]; ok { updated.Annotations\[name\] = v } else { delete(updated.Annotations, name) } }  
updated.Spec = expected.Spec  
// Preserve fields that the API, other controllers, or user may have // modified. updated.Spec.ClusterIP = current.Spec.ClusterIP updated.Spec.ExternalIPs = current.Spec.ExternalIPs updated.Spec.HealthCheckNodePort = current.Spec.HealthCheckNodePort for i, updatedPort := range updated.Spec.Ports { for \_, currentPort := range current.Spec.Ports { if currentPort.Name == updatedPort.Name { updated.Spec.Ports\[i\].NodePort = currentPort.NodePort } } }  
// When switching between internal scope and external scope, it may be // necessary to delete and recreate the service, depending on the cloud // provider implementation: // // \* Azure and GCE can handle changing scope, so updating the annotation // on the service suffices. // // \* AWS cannot handle changing scope, so the service needs to be // recreated. // // \* IBM Cloud may or may not handle scope change, so recreate the // service to be safe. needsRecreate := false if scopeChanged { switch platform.Type { case configv1.AWSPlatformType, configv1.IBMCloudPlatformType: needsRecreate = true } }  
return true, updated, needsRecreate }  
// deleteLoadBalancerServiceFinalizer removes the // "ingress.openshift.io/operator" finalizer from the provided load balancer // service. This finalizer used to be needed for helping with DNS cleanup, but // that's no longer necessary. We just need to clear the finalizer which might // exist on existing resources. // // TODO: Delete this method and all calls to it after 4.7. func (r \*reconciler) deleteLoadBalancerServiceFinalizer(service \*corev1.Service) (bool, error) { if !slice.ContainsString(service.Finalizers, manifests.LoadBalancerServiceFinalizer) { return false, nil }  
// Mutate a copy to avoid assuming we know where the current one came from // (i.e. it could have been from a cache). updated := service.DeepCopy() updated.Finalizers = slice.RemoveString(updated.Finalizers, manifests.LoadBalancerServiceFinalizer) if err := r.client.Update(context.TODO(), updated); err != nil { return false, fmt.Errorf("failed to remove finalizer from service %s/%s: %v", service.Namespace, service.Name, err) }  
log.Info("removed finalizer from load balancer service", "namespace", service.Namespace, "name", service.Name)  
return true, nil }  
// finalizeLoadBalancerService removes the "ingress.openshift.io/operator" finalizer // from the load balancer service of ci. This was for helping with DNS cleanup, but // that's no longer necessary. We just need to clear the finalizer which might exist // on existing resources. // TODO: How can we delete this code? func (r \*reconciler) finalizeLoadBalancerService(ci \*operatorv1.IngressController) (bool, error) { haveLBS, service, err := r.currentLoadBalancerService(ci) if err != nil { @@ -450,6 +247,16 @@ func (r \*reconciler) finalizeLoadBalancerService(ci \*operatorv1.IngressControlle if !haveLBS { return false, nil } \_, err = r.deleteLoadBalancerServiceFinalizer(service) return true, err // Mutate a copy to avoid assuming we know where the current one came from // (i.e. it could have been from a cache). updated := service.DeepCopy() if slice.ContainsString(updated.Finalizers, manifests.LoadBalancerServiceFinalizer) { updated.Finalizers = slice.RemoveString(updated.Finalizers, manifests.LoadBalancerServiceFinalizer) if err := r.client.Update(context.TODO(), updated); err != nil { return true, fmt.Errorf("failed to remove finalizer from service %s/%s for ingress %s/%s: %v", service.Namespace, service.Name, ci.Namespace, ci.Name, err) } } log.Info("finalized load balancer service for ingress", "namespace", ci.Namespace, "name", ci.Name) return true, nil }

CVE-2020-27836: Bug 1905490: Revert "Support changing ingresscontroller load balancer scope" by Miciah · Pull Request #507 · openshift/cluster-ingress-operator

Categories: Exploits and vulnerabilities
Categories: News
CISA updated its catalog of actively exploited vulnerabilities. Make sure you update your software before the due date!



(Read more...)




The post CISA wants you to patch these actively exploited vulnerabilities before September 8 appeared first on Malwarebytes Labs.

On Thursday, CISA (the US Cybersecurity and Infrastructure Security Agency) updated its catalog of actively exploited vulnerabilities by adding seven new entries. These flaws were found in Apple, Google, Microsoft, Palo Alto Networks, and SAP products. CISA set the due date for everyone to patch the weaknesses by September 8, 2022.

CVE-2022-22536, an SAP flaw with the highest risk score of 10, is one of the seven. We wrote about it in February, and thankfully, SAP addressed the issue fairly quickly, too, by issuing a patch. CISA even mentioned that if customers fail to patch CVE-2022-22536, they could be exposed to ransomware attacks, data theft, financial fraud, and other business disruptions that'd cost them millions.

**CVE-2022-32893** and **CVE-2022-32894**, the two zero-day, out-of-bounds write vulnerabilities affecting iOS, iPadOS, and macOS, continue to headline as of this writing. These are serious flaws that, if left unpatched, could allow anyone to take control of vulnerable Apple systems. Apple already released fixes for these from the following support pages:

*   About the security content of iOS 15.6.1 and iPadOS 15.6.1
*   About the security content of macOS Monterey 12.5.1
*   About the security content of Safari 15.6.1

The Google Chrome flaw with high severity, **CVE-2022-2856**, is also confirmed to be targeted by hackers. As with other zero-days, technical details about it are light, but the advisory states that the flaw is an "insufficient validation of untrusted input in Intents." The Intents technology works in the background and is involved in processing user input or handling a system event. If this flaw is exploited, anyone could create a malicious input that Chrome may validate incorrectly, leading to arbitrary code execution or system takeover.

Google already patched this. While Chrome should've updated automatically, it is recommended to force an update check to ensure the patch is applied.

Microsoft also has patches available for **CVE-2022-21971** and **CVE-2022-26923** in February and May, respectively. The former was given an "exploitation less likely" probability, but that has already changed—a proof-of-concept (PoC) has been available since March. PoC exploits were also made public for the latter Microsoft flaw. However, these were released after Microsoft had already pushed out a patch.

Palo Alto Networks's is the oldest among the new vulnerabilities added to the catalog. Discovered in 2017, **CVE-2017-15944** has a severity rating of 9.8 (Critical). Once exploited, attackers could perform remote code execution on affected systems. You can read more about this flaw on Palo Alto's advisory page.

Malwarebytes advises readers to apply patches to these flaws if they use products of the companies we mentioned. You don't have to wait for the due date before you act.

Tag

#mac