USR IOT 4G LTE Industrial Cellular VPN Router v1.0.36 was discovered to contain hard-coded credentials for its highest privileged account. The credentials cannot be altered through normal operation of the device.

Title: USR IOT 4G LTE Industrial Cellular VPN Router 1.0.36 Remote Root Backdoor  
Advisory ID: ZSL-2022-5705  
Type: Local/Remote  
Impact: Exposure of Sensitive Information, Security Bypass, System Access, DoS  
Risk: (5/5)  
Release Date: 20.04.2022

**Summary**

USR-G806 is a industrial 4G wireless LTE router which provides a solution for users to connect own device to 4G network via WiFi interface or Ethernet interface. USR-G806 adopts high performance embedded CPU which can support 580MHz working frequency and can be widely used in Smart Grid, Smart Home, public bus and Vending machine for data transmission at high speed. USR-G806 supports various functions such as APN card, VPN, WIFIDOG, flow control and has many advantages including high reliability, simple operation, reasonable price. USR-G806 supports WAN interface, LAN interface, WLAN interface, 4G interface. USR-G806 provides various networking mode to help user establish own network.

**Description**

The USR IOT industrial router is vulnerable to hard-coded credentials within its Linux distribution image. These sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the device. The 'usr' account with password 'www.usr.cn' has the highest privileges on the device. The password is also the default WLAN password.

**Vendor**

Jinan USR IOT Technology Limited - https://www.pusr.com

**Affected Version**

1.0.36 (USR-G800V2, USR-G806, USR-G807, USR-G808)  
1.2.7 (USR-LG220-L)

**Tested On**

GNU/Linux 3.10.14 (mips)  
OpenWrt/Linaro GCC 4.8-2014.04  
Ralink SoC MT7628 PCIe RC mode  
BusyBox v1.22.1  
uhttpd  
Lua

**Vendor Status**

\[10.04.2022\] Vulnerability discovered.  
\[14.04.2022\] Vendor contacted.  
\[19.04.2022\] No response from the vendor.  
\[20.04.2022\] Public security advisory released.

**PoC**

usriot\_root.py

**Credits**

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk\>

**References**

\[1\] https://packetstormsecurity.com/files/166813/  
\[2\] https://cxsecurity.com/issue/WLB-2022040086  
\[3\] https://exchange.xforce.ibmcloud.com/vulnerabilities/224930  
\[4\] https://www.exploit-db.com/exploits/50894  
\[5\] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29730  
\[6\] https://nvd.nist.gov/vuln/detail/CVE-2022-29730

**Changelog**

\[20.04.2022\] - Initial release  
\[03.05.2022\] - Added reference \[1\], \[2\] and \[3\]  
\[13.05.2022\] - Added reference \[4\]  
\[29.05.2022\] - Added reference \[5\] and \[6\]

**Contact**

Zero Science Lab

Web: https://www.zeroscience.mk  
e-mail: lab@zeroscience.mk

CVE-2022-29730: Zero Science Lab » USR IOT 4G LTE Industrial Cellular VPN Router 1.0.36 Remote Root Backdoor

In Afian Filerun 20220202 Changing the "search_tika_path" variable to a custom (and previously uploaded) jar file results in remote code execution in the context of the webserver user.

CVE-2022-30470: FileRun - Selfhosted File Manager with Sharing and Backup for Photos, Docs & More

The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within the DNN CMS platform, formerly known as DotNetNuke. SSRF vulnerabilities allow the attacker to exploit the target system to make network requests on their behalf, allowing a range of possible attacks. In the most common scenario, the attacker exploits SSRF vulnerabilities to attack systems behind the firewall and access sensitive information from Cloud Provider metadata services.

The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within the DNN CMS platform, formerly known as DotNetNuke. SSRF vulnerabilities allow the attacker to exploit the target system to make network requests on their behalf, allowing a range of possible attacks. In the most common scenario, the attacker exploits SSRF vulnerabilities to attack systems behind the firewall and access sensitive information from Cloud Provider metadata services.

**Background**

The DNN CMS platform up to and including the latest version **9.10.2** is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability. In an SSRF attack, a vulnerability is exploited to cause the target system to connect to another system and return the response to the attacker. Typically, SSRF vulnerabilities allow the attacker to proxy HTTP requests through the vulnerable system to internal systems that would normally be inaccessible from the internet.

The impact of SSRF will vary depending on the location and configuration of the target environment. Commonly the following attacks are possible:

*   Access internal restricted systems such as internal admin interfaces, intranet servers and other HTTP interfaces that would normally only be accessible from behind the firewall. Even in relatively small hosting environments, its common to find poorly secured, administrative or development interfaces once behind the firewall.
*   Access cloud metadata services that are only accessible from cloud hosted systems. A popular target in SSRF is the AWS metadata service. If this service can be accessed, it can disclose sensitive information such as AWS keys and other configuration data.
*   Depending on the client used by the server to establish the connection, it may also be possible to emulate other protocols by exploiting URI schemes and legacy protocol such as Gopher that can be repurposed to emulate other protocols.

**Technical Analysis**

Image upload components used across DNN were found to be vulnerable to this issue, one common place to find an affected component is the profile edit page accessible to all registered users.

DNN users have 2 options to update their profile picture; uploading an image or providing a URL to an image which is then downloaded and stored by the system.

Both actions are handled by the FileUploadController; “_\\DNN Platform\\DotNetNuke.Web\\InternalServices\\FileUploadController.cs_” and in both cases the uploaded filename is validated to ensure it has a permitted extension.

This process was examined for vulnerabilities, our initial focus was around the file extension validation. This was found to be secure since the file name is validated using a signature that incorporates the local MachineKey, the value of which shouldn’t be known to the attacker . The situation would change significantly however if the attacker is, able to access the MachineKey via another vulnerability such as Local File Inclusion or Path Traversal.

As well as uploading files, the affected component also includes the ability to provide a URL and allow the server to download and store the image on the users behalf. This process is flawed since it allows **any** URL to be accessed and the response saved within an local file, regardless of whether the content is an image or not. Our only constraint is that the **_initial_** URL must appear to be referencing an image based on its file extension. A vulnerability occurs due to the fact the HTTP Request component (HttpWebRequest) used to download the image will follow HTTP redirects and does not validate the final URL, the affected code is listed below:

public HttpResponseMessage UploadFromUrl(UploadByUrlDto dto)
        {
            FileUploadDto result;
            WebResponse response = null;
            Stream responseStream = null;
            var mediaTypeFormatter = new JsonMediaTypeFormatter();
            mediaTypeFormatter.SupportedMediaTypes.Add(new MediaTypeHeaderValue("text/plain"));
            if (this.VerifySafeUrl(dto.Url) == false)   URL IS VALIDATED PROPERLY
            {
                return this.Request.CreateResponse(HttpStatusCode.BadRequest);
            }
            try
            {
                var request = (HttpWebRequest)WebRequest.Create(dto.Url); //  WILL REDIRECT TO ANY URL
                request.Credentials = CredentialCache.DefaultCredentials;
                response = request.GetResponse();
                responseStream = response.GetResponseStream();

To exploit this behavior, the attacker would create a remote endpoint that will accept a URL to an image file but then redirect to any URL of the attackers choosing.

To allow detection and safe exploitation of this flaw, AppCheck uses a special endpoint on our Out-of-Band monitoring system Sentinel to redirect inbound requests to another URL encoded within the request.

To use this endpoint, the final URL is first base64 encoded, for example, the URL https://appcheck-ng.com/ encodes as “aHR0cHM6Ly9hcHBjaGVjay1uZy5jb20v”. This value is then embedded within the Sentinel URL as a parameter to the “redir\_to\_path” API.

For example, the following URL appears to be loading an image named “avatar.png”, but will instead redirect to https://appcheck-ng.com/

**https://ptst.io/redir\_to\_path**/**aHR0cHM6Ly9hcHBjaGVjay1uZy5jb20v**/**avatar.png**

The Python code below can be used to generate URLS for use with this endpoint:

import base64
def generate\_redirect\_url(url, suffix="/avatar.png"):
    """
    Uses a special endpoint that redirects to the url embedded within the path.
    """
    return "https://sentineldnnpoc.ptst.io/redir\_to\_path/" + base64.urlsafe\_b64encode(bytes(url,encoding='utf8')).decode("utf8") + suffix

print(generate\_redirect\_url("http://target\_server:3000/"))

This URL can then be used within the “From URL” option when updating the user’s avatar image. The vulnerable DNN system will follow the redirect and download the response from the target server to the avatar.png file.

**Recreating the Vulnerability**

In this example, the DNN server is at http://targetdnn.appchecklabs:8099/ and our target system is on the internal network at http://192.168.0.87:3000/secret.txt

**1\. Login as a standard user and access the profile image upload page**

**2\. Create an image URL that redirects to our target system and submit it via the upload form.**

The following URL was generated using Python3 and the previously listed function

https://sentineldnnpoc.ptst.io/redir\_to\_path/aHR0cDovLzE5Mi4xNjguMC44NzozMDAwL3NlY3JldC50eHQ=/avatar3.png

Note, before submitting the URL, open the development tools (Chrome F12) in the browser and select the _Network_ tab. Submit the URL and identify the “UploadFromUrl” request, then select “Response” to view the response from the server.

Copy the response out so that you can extract the “path” property.

**3\. Access the “Path” URL to review the response from the target**

Using Chrome, prefix the URL with _view-source:_ and add the “Path” value from the DNN server response. In this example, the server is at http://targetdnn.appchecklabs:8099/ so the URL is:

**view-source:http://targetdnn.appchecklabs:8099/Portals/0/Users/005/05/5/avatar3.png**

The screenshot below shows the response from the SSRF attack:

**Note:** If the file already exists then you need to select to overwrite it. To avoid this issue, rename the .png file on the end of the URL to something different each time.

**Impact**

SSRF vulnerabilities are typically considered high impact. What the attacker can achieve depends on the target environment. For Cloud hosted systems the attacker may first aim to access metadata service endpoints to disclose sensitive information such as AWS keys. In on premise configurations the attacker would look at access internal systems behind the firewall that are typically insecure compared to externally accessible systems. There are many examples including Container Admin interfaces, Database admin interfaces and other web services that are normally inaccessible.

**Detection**

If you are currently using AppCheck this flaw is detected automatically via our Server Side Request Forgery detection module (enabled in all standard scan profiles). The flaw is detected via the Dynamic Application Security Testing (DAST) engine via a first principals approach, as well as being flagged by the CMS auditing module as specifically a DNN vulnerability.

AppCheck Finding & Safe Exploitation

**Solution**

Currently no official fix has been provided by the vendor.

AppCheck operates a responsible disclosure policy that allows 90 days following the report of a vulnerability before any technical details are published. We frequently work with vendors/developers to extend this deadline if a fix is being worked on or there are other mitigating circumstances. In this case around 10 months have passed and therefore the decision was taken to publish our findings so users can mitigate against the issue in lieu of an official fix.

**Mitigation / Workaround**

If possible disabling image uploads for all users other than trusted to prevent the vulnerability being exploited. If this isn’t possible, a defense in depth approach could help mitigate the impact of exploitation.

Limit the “HTTP” services that can be accessed from the DNN server via the firewall, this includes any local HTTP services such as local management interfaces and any locally accessible hosts.

If hosting in the Cloud, ensure that cloud metadata services cannot be accessed from the affected DNN host. This can prevent a particularly powerful attack whereby the attacker is able to extract sensitive authentication tokens and other configuration information.

**Timeline**

**Date**

**Note**

**4th August 2021**

Reported to DNN with Proof of Concept

**4th August 2021**

Reported receipt confirmed by DNN

**10th August 2021**

DNN state that a fix will be included in version 9.10.1

**25th August 2021**

Retested version 9.10.1 and found vulnerability was not fixed. Reported to DNN.

**25th August 2021**

DNN response “There is not a fix currently in place for the SSRF issue, the initial review of the issue and it’s impact is limited”

**21st October 2021**

AppCheck contacted DNN to re-emphasise the impact of this finding with examples of full AWS environment compromises by exploiting it.

**1st November 2021**

DNN asked for further information

**2nd November 2021**

DNN Response: “Ok, this changes the internal classification of this, and I’m going to get this expedited for review”

**14th November 2021**

AppCheck requested an update (response: hopeful for end of the year)

**18th January 2022**

AppCheck requested an update (no updated available, aimed to fix in 9.11.0).

CVE-2021-40186: DNN CMS Server-Side Request Forgery (CVE-2021-40186)

A Server-Side Template Injection (SSTI) was discovered in Form.io 2.0.0. This leads to Remote Code Execution during deletion of the default Email template URL.

 

**A combined form and API platform for Serverless applications**

Form.io is a revolutionary combined Form and API platform for Serverless applications. This repository serves as the core Form and API engine for https://form.io. This system allows you to build "serverless" data management applications using a simple drag-and-drop form builder interface. These forms can then easily be embedded within your Angular.js and React applications using the <formio> HTML element.

**Form.io is Hiring!**

If you like what you see, and would like to come and work for a cutting edge, Open Source core company, then please apply online @ https://form-talent.freshteam.com/jobs!

**Walkthrough video and tutorial**

For a walkthrough tutorial on how to use this Open Source platform to build a Serverless application, watch the video 0 to M.E.A.N in 30 minutes

**Form Building & Rendering Demo**

Here is a link to a demo of the Form Building and Form Rendering capability that can be hooked into this API platform.

http://codepen.io/travist/full/xVyMjo/

**Run with Docker Compose**

The fastest way to run this library locally is to use Docker.

*   Install Docker
    
*   Download and unzip this package to a local directory on your machine.
    
*   Open up your terminal and navigate to the unzipped folder of this library.
    
*   Type the following in your terminal
    
        npm install
        docker-compose up
        
    
*   Go to the following URL in your browser.
    
*   Use the following credentials to login.
    
    *   **email**: admin@example.com
    *   **password**: CHANGEME
*   To change the admin password.
    
    *   Once you login, click on the **Admin** resource
    *   Click **View Data**
    *   Click on the **admin@example.com** row
    *   Click **Edit Submission**
    *   Set the password field
    *   Click **Save Submission**
    *   Logout
*   Have fun!
    

**Manual Installation (Node + MongoDB)**

To get started you will first need the following installed on your machine.

*   Node.js - https://nodejs.org/en/
*   MongoDB - http://docs.mongodb.org/manual/installation/
    *   On Mac I recommend using Homebrew brew install mongodb-community
    *   On Windows, download and install the MSI package @ https://www.mongodb.org/downloads
*   You must then make sure you have MongoDB running by typing mongod in your terminal.

**Running with Node.js**

You can then download this repository, navigate to the folder in your Terminal, and then type the following.

This will walk you through the installation process. When it is done, you will have a running Form.io management application running at the following address in your browser.

The installation process will also ask if you would like to download an application. If selected, the application can be found at the following URL.

You can also see the contents of the application (for modification) within the app folder which exists inside of the folder where you downloaded this repository.

**Development**

To start server with auto restart capability for development simply run this command:

**Deploy to Hosted Form.io**

If you wish to deploy all of your forms and resources into the Form.io Hosted platform @ https://portal.form.io, you can do this by using the Form.io CLI command line tool.

    npm install -g formio-cli
    

Once you have this tool installed, you will need to follow these steps.

*   Create a new project within Form.io
*   Create an API Key within this project by going to the **Project Settings | Stage Settings | API Keys**
*   Next, you can execute the following command to deploy your local project into Hosted Form.io.

    formio deploy http://localhost:3001 https://{PROJECTNAME}.form.io --dst-key={APIKEY}
    

You will need to make sure you replace {PROJECTNAME} and {APIKEY} with your new Hosted Form.io project name (found in the API url), as well as the API key that was created in the second step above.

This will then ask you to log into the local Form.io server (which can be provided within the Admin resource), and then after it authenticates, it will export the project and deploy that project to the Form.io hosted form.

**License Change (March 8th, 2020)**

This library is now licensed under the OSL-v3 license, which is a copy-left OSI approved license. Please read the license @ https://opensource.org/licenses/OSL-3.0 for more information. Our goal for the change to OSLv3 from BSD is to ensure that appropriate Attribution is provided when creating proprietary products that leverage or extend this library.

**Help**

We will be updating the help guides found @ https://help.form.io as questions arise and also to help you get started with Form.io.

Thanks for using Form.io!

The Form.io Team.

**Security**

If you find and/or think you have found a Security issue, please quietly disclose it to security@form.io, and give us sufficient time to patch the issue before disclosing it publicly.

CVE-2020-28246: GitHub - formio/formio: A Form and Data Management Platform for Progressive Web Applications.

Although organizations should perform proper risk analysis and patch as soon as practical after there's a fix for this vulnerability, defenders still have options before that's released.

On May 27, 2022, researchers from Japan-based nao\_sec identified a malicious document in a commercial malware repository, dubbed "Follina," that revealed the document employed a novel technique to achieve code execution. \[Note: Read Dark Reading's earlier coverage on Follina.\] While referencing a remote object, similar to techniques like template injection, the document retrieves the following URL:

_hXXps://www.xmlformats\[.\]com/office/word/2022/wordprocessingDrawing/RDF842l.html!_

When still active, the URL hosted content that included follow-on code to execute PowerShell via an explicit call to the application "ms-msdt":

    

MSDT is a diagnostic tool included in Windows. As shown above, MSDT can be used to parse and execute code, such as PowerShell, and can be called through parsing a malicious resource. Abuse of MSDT isn't new, as the technique previously has been documented among known "living off the land" binary (LOLBins) abuse. However, its use via a URL redirection called from Microsoft Office was previously unknown, expanding scope of potential MSDT abuse to remote mechanisms.

Since initial reporting, Microsoft issued CVE-2022-30190 to cover this remote code execution (RCE) possibility within MSDT when called through another application. While a patch for this vulnerability has not yet been released, several mitigation strategies exist (covered in greater detail below).

As of this writing, actual abuse of this technique appears to be limited, but with examples dating back to as early as April 2022. Public disclosure and researcher notes identify only a few instances of malicious use of MSDT via Microsoft Office applications. However, since public identification, multiple proofs of concept for this technique emerged, and Gigamon Applied Threat Research (ATR) anticipates that multiple threat actors will soon incorporate this technique into operations.

**Impact**

At present, the impact of CVE-2022-30190 is largely notional given lack of identified widespread use by threat actors. Once this technique is absorbed into existing actor toolkits, however, circumstances will change, with the potential for use by multiple threat actors. On initial discovery, endpoint detection and response (EDR) solutions appeared largely blind to this execution mechanism, but as of this writing that is rapidly changing across multiple vendors and products. Furthermore, as explained in guidance from Microsoft, MSDT's capability to launch items as links can be disabled via changes to the Windows Registry, removing this intrusion vector (with the potential for unforeseen or undesired consequences) until a true patch is available.

More importantly, while much initial discussion focused on the Office mechanism for triggering this issue, CVE-2022-30190 is application-agnostic in functionality, which centers on passing code to MSDT for execution. While Office represents an obvious mechanism to reach this application through delivery of a document via phishing or malicious link, any mechanism of launching MSDT will work to enable follow-on RCE such as a malicious LNK file or via the implementation of "wget" in Windows. The Office route presents just one of many potential avenues for exploitation, with other possibilities of MSDT abuse publicly documented.

For defenders and end users, the risk is therefore not just a new malicious Office delivery vector but, rather, abuse of an internal Windows component (MSDT) for code execution via multiple potential vectors. As such, certain mitigations (such as stopping all child processes from Office applications) represent only partial fixes to one aspect of the problem. To appropriately determine the scope and risk of this scenario, defenders must orient how MSDT abuse, irrespective of vector, applies to adversary operations.

**Orienting to Adversary Operations**

As documented thus far, MSDT is leveraged in early phases of adversary operations as an initial access mechanism to victim machines. As noted by other researchers, MSDT abuse via Office results in follow-on execution with the same privileges as the active user. This is helpful if victims are running as unprivileged users, but given the wealth of mechanisms available to elevate privileges in Windows environments, this limitation would appear to be easily overcome by most adversaries.

However, even if an adversary can access and elevate privileges to a victim device, this specific action represents only one, relatively early step in the overall adversary life cycle, or "kill chain." Appropriately leveraging this vulnerability still requires follow-on actions, including command and control (C2) and lateral movement activity, that present options to defenders for identifying adversary operations. Furthermore, there are precursor actions to code execution via MSDT that defenders can leverage to identify suspicious behaviors leading to exploitation.

Overall, CVE-2022-30190 represents a concern, but only one of many potential avenues available to adversaries to achieve initial code execution in victim environments. By properly understanding how adversaries employ this technique and what are necessary pre- and post-exploit actions to achieve adversary objectives, defenders can begin identifying detection, response, and hunting strategies that work against multiple potential intrusion vectors.

**Detection and Mitigation Possibilities**

1.  **Focus on patching and host-based responses.** The initial security community focus for MSDT abuse mitigation focused on patching (or the inability to do so) and host-based responses. As a host-focused exploitation mechanism, such an approach appears reasonable, and patching will be the most effective way of addressing this specific security issue. Additionally, process parent-child relationship monitoring (or outright blocking) can significantly reduce attack surface by preventing entire categories of intrusion, such as Office or MSDT spawning child processes. Specifically unregistering the URI handler for MSDT in the Windows Registry, as outlined by Microsoft and security researchers, may also temporarily address the issue.
2.  **Look for pre- and post-exploitation activity.** As noted in the previous section though, defenders should strive for detections and mitigations that can apply irrespective of specific exploits by looking at required adversary actions pre- and post-exploitation. For example, in the case of CVE-2022-30190, current delivery mechanisms focus on Office implementations. Likely future implementations will probably expand to other file formats commonly distributed via email or malicious websites, such as LNK files, self-extracting archives, and optical disk images. Identifying and increasing visibility over these distribution pathways, limiting exposure to unknown or untrusted vectors, and similar actions may thus reduce attack surface against multiple types of delivery mechanisms that can be used for payloads beyond MSDT exploitation.
3.  **Identify potential C2 or lateral movement mechanisms**. Post-exploitation, various opportunities exist for identifying C2 or lateral movement mechanisms even if initial exploitation is missed. Following initial access, threat actors will in most cases need to migrate to other areas of the network: repositories of intellectual property or sensitive information, or critical network infrastructure such as domain controllers. The actions required to do so — such as enumerating Active Directory or remote process execution — present opportunities even without host monitoring to identify adversary operations.
4.  **Identify and classify network assets.** Further actions, such as identifying and (if possible) classifying newly observed network items (IP addresses and domain names) may allow for disclosure of unique C2 items. Where appropriate asset identification is enabled, identifying odd network traffic to new, unusual remote resources can further enable defenders to catch and categorize potentially malicious activity. Identifying unusual traffic based on User Agent strings when visible — such as a PowerShell-based User Agent string retrieving an executable file based on file MIME type or extension, as seen in the initial CVE-2022-30190 example — can further enhance visibility into insecure or undesirable network behaviors.

Overall, a variety of options remain available to network defenders even if the actual exploitation of a new, potentially unknown (or "zero-day") vulnerability takes place. Understanding one's own network and its characteristics combined with sufficient visibility into network and host behaviors allows defenders to ask (and answer) questions concerning activities of interest to flag the necessary preconditions and follow-on actions adhering to vulnerability exploitation. While not necessarily easy in all cases, proper investment in resources and people will allow organizations to achieve a redundant security posture capable of catching zero-day exploitation, supply chain intrusions, or state-sponsored attacks.

**Conclusion**

Software and application vulnerabilities are a continuous and ongoing problem in the information security space. CVE-2022-30190 represents just another example of such vulnerabilities that have the potential to facilitate adversary operations. While organizations should perform proper risk analysis and patch as soon as practical once there's a fix for this vulnerability, defenders are not lost prior to release.

Instead, by understanding how adversaries leverage exploits as part of the intrusion life cycle, defenders and network owners can structure detections and defense so that they are agnostic to specific vulnerabilities. Rather than continuously chasing specific weaknesses as they appear over time, such as specific defenses around CVE-2022-30190 weaponization, defenders can structure operations to look for necessary precursors to exploit development (reconnaissance, delivery) or required follow-on actions to achieve objectives (C2, lateral movement).

In building defense and response this way — focused on core behaviors and adversary dependencies — defenders can build a more sustainable security posture that can adapt to future, yet-to-be-discovered vulnerabilities along with current, known tradecraft. Through layering behavior-based detections along with patching, signatures, and other items, defenders can achieve the requisite defense-in-depth necessary to adapt to a dynamic threat environment, without relying on single-point-of-failure defenses easily evaded by capable adversaries.

Fighting Follina: Application Vulnerabilities and Detection Possibilities

Red Hat Security Advisory 2022-4855-01 - PostgreSQL is an advanced object-relational database management system.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: postgresql:13 security update  
Advisory ID:       RHSA-2022:4855-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:4855  
Issue date:        2022-06-01  
CVE Names:         CVE-2022-1552  
====================================================================  
1. Summary:

An update for the postgresql:13 module is now available for Red Hat  
Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

PostgreSQL is an advanced object-relational database management system  
(DBMS).

The following packages have been upgraded to a later upstream version:  
postgresql (13.7).

Security Fix(es):

* postgresql: Autovacuum, REINDEX, and others omit "security restricted  
operation" sandbox (CVE-2022-1552)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

If the postgresql service is running, it will be automatically restarted  
after installing this update.

5. Bugs fixed (https://bugzilla.redhat.com/):

2081126 - CVE-2022-1552 postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
pg_repack-1.4.6-3.module+el8.5.0+11357+bcc62552.src.rpm  
pgaudit-1.5.0-1.module+el8.4.0+8873+b821c30a.src.rpm  
postgres-decoderbufs-0.10.0-2.module+el8.4.0+8873+b821c30a.src.rpm  
postgresql-13.7-2.module+el8.6.0+15347+b8eabcef.src.rpm

aarch64:  
pg_repack-1.4.6-3.module+el8.5.0+11357+bcc62552.aarch64.rpm  
pg_repack-debuginfo-1.4.6-3.module+el8.5.0+11357+bcc62552.aarch64.rpm  
pg_repack-debugsource-1.4.6-3.module+el8.5.0+11357+bcc62552.aarch64.rpm  
pgaudit-1.5.0-1.module+el8.4.0+8873+b821c30a.aarch64.rpm  
pgaudit-debuginfo-1.5.0-1.module+el8.4.0+8873+b821c30a.aarch64.rpm  
pgaudit-debugsource-1.5.0-1.module+el8.4.0+8873+b821c30a.aarch64.rpm  
postgres-decoderbufs-0.10.0-2.module+el8.4.0+8873+b821c30a.aarch64.rpm  
postgres-decoderbufs-debuginfo-0.10.0-2.module+el8.4.0+8873+b821c30a.aarch64.rpm  
postgres-decoderbufs-debugsource-0.10.0-2.module+el8.4.0+8873+b821c30a.aarch64.rpm  
postgresql-13.7-2.module+el8.6.0+15347+b8eabcef.aarch64.rpm  
postgresql-contrib-13.7-2.module+el8.6.0+15347+b8eabcef.aarch64.rpm  
postgresql-contrib-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.aarch64.rpm  
postgresql-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.aarch64.rpm  
postgresql-debugsource-13.7-2.module+el8.6.0+15347+b8eabcef.aarch64.rpm  
postgresql-docs-13.7-2.module+el8.6.0+15347+b8eabcef.aarch64.rpm  
postgresql-docs-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.aarch64.rpm  
postgresql-plperl-13.7-2.module+el8.6.0+15347+b8eabcef.aarch64.rpm  
postgresql-plperl-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.aarch64.rpm  
postgresql-plpython3-13.7-2.module+el8.6.0+15347+b8eabcef.aarch64.rpm  
postgresql-plpython3-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.aarch64.rpm  
postgresql-pltcl-13.7-2.module+el8.6.0+15347+b8eabcef.aarch64.rpm  
postgresql-pltcl-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.aarch64.rpm  
postgresql-server-13.7-2.module+el8.6.0+15347+b8eabcef.aarch64.rpm  
postgresql-server-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.aarch64.rpm  
postgresql-server-devel-13.7-2.module+el8.6.0+15347+b8eabcef.aarch64.rpm  
postgresql-server-devel-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.aarch64.rpm  
postgresql-static-13.7-2.module+el8.6.0+15347+b8eabcef.aarch64.rpm  
postgresql-test-13.7-2.module+el8.6.0+15347+b8eabcef.aarch64.rpm  
postgresql-test-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.aarch64.rpm  
postgresql-upgrade-13.7-2.module+el8.6.0+15347+b8eabcef.aarch64.rpm  
postgresql-upgrade-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.aarch64.rpm  
postgresql-upgrade-devel-13.7-2.module+el8.6.0+15347+b8eabcef.aarch64.rpm  
postgresql-upgrade-devel-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.aarch64.rpm

noarch:  
postgresql-test-rpm-macros-13.7-2.module+el8.6.0+15347+b8eabcef.noarch.rpm

ppc64le:  
pg_repack-1.4.6-3.module+el8.5.0+11357+bcc62552.ppc64le.rpm  
pg_repack-debuginfo-1.4.6-3.module+el8.5.0+11357+bcc62552.ppc64le.rpm  
pg_repack-debugsource-1.4.6-3.module+el8.5.0+11357+bcc62552.ppc64le.rpm  
pgaudit-1.5.0-1.module+el8.4.0+8873+b821c30a.ppc64le.rpm  
pgaudit-debuginfo-1.5.0-1.module+el8.4.0+8873+b821c30a.ppc64le.rpm  
pgaudit-debugsource-1.5.0-1.module+el8.4.0+8873+b821c30a.ppc64le.rpm  
postgres-decoderbufs-0.10.0-2.module+el8.4.0+8873+b821c30a.ppc64le.rpm  
postgres-decoderbufs-debuginfo-0.10.0-2.module+el8.4.0+8873+b821c30a.ppc64le.rpm  
postgres-decoderbufs-debugsource-0.10.0-2.module+el8.4.0+8873+b821c30a.ppc64le.rpm  
postgresql-13.7-2.module+el8.6.0+15347+b8eabcef.ppc64le.rpm  
postgresql-contrib-13.7-2.module+el8.6.0+15347+b8eabcef.ppc64le.rpm  
postgresql-contrib-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.ppc64le.rpm  
postgresql-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.ppc64le.rpm  
postgresql-debugsource-13.7-2.module+el8.6.0+15347+b8eabcef.ppc64le.rpm  
postgresql-docs-13.7-2.module+el8.6.0+15347+b8eabcef.ppc64le.rpm  
postgresql-docs-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.ppc64le.rpm  
postgresql-plperl-13.7-2.module+el8.6.0+15347+b8eabcef.ppc64le.rpm  
postgresql-plperl-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.ppc64le.rpm  
postgresql-plpython3-13.7-2.module+el8.6.0+15347+b8eabcef.ppc64le.rpm  
postgresql-plpython3-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.ppc64le.rpm  
postgresql-pltcl-13.7-2.module+el8.6.0+15347+b8eabcef.ppc64le.rpm  
postgresql-pltcl-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.ppc64le.rpm  
postgresql-server-13.7-2.module+el8.6.0+15347+b8eabcef.ppc64le.rpm  
postgresql-server-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.ppc64le.rpm  
postgresql-server-devel-13.7-2.module+el8.6.0+15347+b8eabcef.ppc64le.rpm  
postgresql-server-devel-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.ppc64le.rpm  
postgresql-static-13.7-2.module+el8.6.0+15347+b8eabcef.ppc64le.rpm  
postgresql-test-13.7-2.module+el8.6.0+15347+b8eabcef.ppc64le.rpm  
postgresql-test-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.ppc64le.rpm  
postgresql-upgrade-13.7-2.module+el8.6.0+15347+b8eabcef.ppc64le.rpm  
postgresql-upgrade-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.ppc64le.rpm  
postgresql-upgrade-devel-13.7-2.module+el8.6.0+15347+b8eabcef.ppc64le.rpm  
postgresql-upgrade-devel-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.ppc64le.rpm

s390x:  
pg_repack-1.4.6-3.module+el8.5.0+11357+bcc62552.s390x.rpm  
pg_repack-debuginfo-1.4.6-3.module+el8.5.0+11357+bcc62552.s390x.rpm  
pg_repack-debugsource-1.4.6-3.module+el8.5.0+11357+bcc62552.s390x.rpm  
pgaudit-1.5.0-1.module+el8.4.0+8873+b821c30a.s390x.rpm  
pgaudit-debuginfo-1.5.0-1.module+el8.4.0+8873+b821c30a.s390x.rpm  
pgaudit-debugsource-1.5.0-1.module+el8.4.0+8873+b821c30a.s390x.rpm  
postgres-decoderbufs-0.10.0-2.module+el8.4.0+8873+b821c30a.s390x.rpm  
postgres-decoderbufs-debuginfo-0.10.0-2.module+el8.4.0+8873+b821c30a.s390x.rpm  
postgres-decoderbufs-debugsource-0.10.0-2.module+el8.4.0+8873+b821c30a.s390x.rpm  
postgresql-13.7-2.module+el8.6.0+15347+b8eabcef.s390x.rpm  
postgresql-contrib-13.7-2.module+el8.6.0+15347+b8eabcef.s390x.rpm  
postgresql-contrib-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.s390x.rpm  
postgresql-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.s390x.rpm  
postgresql-debugsource-13.7-2.module+el8.6.0+15347+b8eabcef.s390x.rpm  
postgresql-docs-13.7-2.module+el8.6.0+15347+b8eabcef.s390x.rpm  
postgresql-docs-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.s390x.rpm  
postgresql-plperl-13.7-2.module+el8.6.0+15347+b8eabcef.s390x.rpm  
postgresql-plperl-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.s390x.rpm  
postgresql-plpython3-13.7-2.module+el8.6.0+15347+b8eabcef.s390x.rpm  
postgresql-plpython3-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.s390x.rpm  
postgresql-pltcl-13.7-2.module+el8.6.0+15347+b8eabcef.s390x.rpm  
postgresql-pltcl-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.s390x.rpm  
postgresql-server-13.7-2.module+el8.6.0+15347+b8eabcef.s390x.rpm  
postgresql-server-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.s390x.rpm  
postgresql-server-devel-13.7-2.module+el8.6.0+15347+b8eabcef.s390x.rpm  
postgresql-server-devel-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.s390x.rpm  
postgresql-static-13.7-2.module+el8.6.0+15347+b8eabcef.s390x.rpm  
postgresql-test-13.7-2.module+el8.6.0+15347+b8eabcef.s390x.rpm  
postgresql-test-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.s390x.rpm  
postgresql-upgrade-13.7-2.module+el8.6.0+15347+b8eabcef.s390x.rpm  
postgresql-upgrade-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.s390x.rpm  
postgresql-upgrade-devel-13.7-2.module+el8.6.0+15347+b8eabcef.s390x.rpm  
postgresql-upgrade-devel-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.s390x.rpm

x86_64:  
pg_repack-1.4.6-3.module+el8.5.0+11357+bcc62552.x86_64.rpm  
pg_repack-debuginfo-1.4.6-3.module+el8.5.0+11357+bcc62552.x86_64.rpm  
pg_repack-debugsource-1.4.6-3.module+el8.5.0+11357+bcc62552.x86_64.rpm  
pgaudit-1.5.0-1.module+el8.4.0+8873+b821c30a.x86_64.rpm  
pgaudit-debuginfo-1.5.0-1.module+el8.4.0+8873+b821c30a.x86_64.rpm  
pgaudit-debugsource-1.5.0-1.module+el8.4.0+8873+b821c30a.x86_64.rpm  
postgres-decoderbufs-0.10.0-2.module+el8.4.0+8873+b821c30a.x86_64.rpm  
postgres-decoderbufs-debuginfo-0.10.0-2.module+el8.4.0+8873+b821c30a.x86_64.rpm  
postgres-decoderbufs-debugsource-0.10.0-2.module+el8.4.0+8873+b821c30a.x86_64.rpm  
postgresql-13.7-2.module+el8.6.0+15347+b8eabcef.x86_64.rpm  
postgresql-contrib-13.7-2.module+el8.6.0+15347+b8eabcef.x86_64.rpm  
postgresql-contrib-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.x86_64.rpm  
postgresql-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.x86_64.rpm  
postgresql-debugsource-13.7-2.module+el8.6.0+15347+b8eabcef.x86_64.rpm  
postgresql-docs-13.7-2.module+el8.6.0+15347+b8eabcef.x86_64.rpm  
postgresql-docs-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.x86_64.rpm  
postgresql-plperl-13.7-2.module+el8.6.0+15347+b8eabcef.x86_64.rpm  
postgresql-plperl-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.x86_64.rpm  
postgresql-plpython3-13.7-2.module+el8.6.0+15347+b8eabcef.x86_64.rpm  
postgresql-plpython3-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.x86_64.rpm  
postgresql-pltcl-13.7-2.module+el8.6.0+15347+b8eabcef.x86_64.rpm  
postgresql-pltcl-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.x86_64.rpm  
postgresql-server-13.7-2.module+el8.6.0+15347+b8eabcef.x86_64.rpm  
postgresql-server-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.x86_64.rpm  
postgresql-server-devel-13.7-2.module+el8.6.0+15347+b8eabcef.x86_64.rpm  
postgresql-server-devel-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.x86_64.rpm  
postgresql-static-13.7-2.module+el8.6.0+15347+b8eabcef.x86_64.rpm  
postgresql-test-13.7-2.module+el8.6.0+15347+b8eabcef.x86_64.rpm  
postgresql-test-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.x86_64.rpm  
postgresql-upgrade-13.7-2.module+el8.6.0+15347+b8eabcef.x86_64.rpm  
postgresql-upgrade-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.x86_64.rpm  
postgresql-upgrade-devel-13.7-2.module+el8.6.0+15347+b8eabcef.x86_64.rpm  
postgresql-upgrade-devel-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-1552  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYpgdwtzjgjWX9erEAQg+Gg/+O1VBRVhBxtEipbQ3BDMMBnGpTHNwcMM6  
RbliF6ItstLHH/tF5GV2yVOOP66fOCaHIOVgUzx42+bGCgOVd61F611rntI6++3f  
ZLhk4J0OsDHSa9Oi3kRwsfkwz8rYWpbW//4UvNHH1445isRVAwGFLxgtMqpDo6Ey  
m2lNg22ntXM7Unn7dVQKsstAkyza123TeyAfd/YG+HA2hpst3L1/kZYUVqmdJ4BF  
Ub5e4i0tP/jOjEgGEguDAZnP8fCcGEDFBkO8pCMkcMG/Bxr+NgQxDazzbiZPOAIU  
VRrByR8/NMR6aWlAeucJ8sVKABdpVrC4Pub0XG6DH3DdyBvus9fQ7pGOA/qazfpR  
YsfjfFr4wLK/4LVis5rlbNAPpea0YNx0UM+fV7mLyqv66JuAYEhYvqnZeA1apDqG  
o6k+LV5CIuTVgQjNQmiI5eYFB/qXIjoa+I95kJhieTpBpOj+Ow/iUsuh+ddwHWvC  
eHtcWz4y7Ca0srETnv70a1i2KENvCIyd8tS1j1WedZo7abiSrz7dnPVVKFUgDCel  
eSRZeeyXiXlM6J6uvcswMQnMs+k5+dtm5eW+aC0osbjPIai1lRIjI3FeCpGBBwmc  
/tIE7pgQfjymoABResaDBznliaLeJwbCVqS0PUnKqWQHO2Z2ikztutPEV/QXe5SW  
GRX904QBukU=LLYn  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-4855-01

Red Hat Security Advisory 2022-4857-01 - PostgreSQL is an advanced object-relational database management system.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: postgresql:13 security update  
Advisory ID:       RHSA-2022:4857-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:4857  
Issue date:        2022-06-01  
CVE Names:         CVE-2022-1552  
====================================================================  
1. Summary:

An update for the postgresql:13 module is now available for Red Hat  
Enterprise Linux 8.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.4) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

PostgreSQL is an advanced object-relational database management system  
(DBMS).

The following packages have been upgraded to a later upstream version:  
postgresql (13.7).

Security Fix(es):

* postgresql: Autovacuum, REINDEX, and others omit "security restricted  
operation" sandbox (CVE-2022-1552)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

If the postgresql service is running, it will be automatically restarted  
after installing this update.

5. Bugs fixed (https://bugzilla.redhat.com/):

2081126 - CVE-2022-1552 postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.4):

Source:  
pgaudit-1.5.0-1.module+el8.4.0+8873+b821c30a.src.rpm  
postgres-decoderbufs-0.10.0-2.module+el8.4.0+8873+b821c30a.src.rpm  
postgresql-13.7-2.module+el8.4.0+15346+22c653ca.src.rpm

aarch64:  
pgaudit-1.5.0-1.module+el8.4.0+8873+b821c30a.aarch64.rpm  
pgaudit-debuginfo-1.5.0-1.module+el8.4.0+8873+b821c30a.aarch64.rpm  
pgaudit-debugsource-1.5.0-1.module+el8.4.0+8873+b821c30a.aarch64.rpm  
postgres-decoderbufs-0.10.0-2.module+el8.4.0+8873+b821c30a.aarch64.rpm  
postgres-decoderbufs-debuginfo-0.10.0-2.module+el8.4.0+8873+b821c30a.aarch64.rpm  
postgres-decoderbufs-debugsource-0.10.0-2.module+el8.4.0+8873+b821c30a.aarch64.rpm  
postgresql-13.7-2.module+el8.4.0+15346+22c653ca.aarch64.rpm  
postgresql-contrib-13.7-2.module+el8.4.0+15346+22c653ca.aarch64.rpm  
postgresql-contrib-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.aarch64.rpm  
postgresql-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.aarch64.rpm  
postgresql-debugsource-13.7-2.module+el8.4.0+15346+22c653ca.aarch64.rpm  
postgresql-docs-13.7-2.module+el8.4.0+15346+22c653ca.aarch64.rpm  
postgresql-docs-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.aarch64.rpm  
postgresql-plperl-13.7-2.module+el8.4.0+15346+22c653ca.aarch64.rpm  
postgresql-plperl-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.aarch64.rpm  
postgresql-plpython3-13.7-2.module+el8.4.0+15346+22c653ca.aarch64.rpm  
postgresql-plpython3-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.aarch64.rpm  
postgresql-pltcl-13.7-2.module+el8.4.0+15346+22c653ca.aarch64.rpm  
postgresql-pltcl-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.aarch64.rpm  
postgresql-server-13.7-2.module+el8.4.0+15346+22c653ca.aarch64.rpm  
postgresql-server-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.aarch64.rpm  
postgresql-server-devel-13.7-2.module+el8.4.0+15346+22c653ca.aarch64.rpm  
postgresql-server-devel-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.aarch64.rpm  
postgresql-static-13.7-2.module+el8.4.0+15346+22c653ca.aarch64.rpm  
postgresql-test-13.7-2.module+el8.4.0+15346+22c653ca.aarch64.rpm  
postgresql-test-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.aarch64.rpm  
postgresql-upgrade-13.7-2.module+el8.4.0+15346+22c653ca.aarch64.rpm  
postgresql-upgrade-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.aarch64.rpm  
postgresql-upgrade-devel-13.7-2.module+el8.4.0+15346+22c653ca.aarch64.rpm  
postgresql-upgrade-devel-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.aarch64.rpm

noarch:  
postgresql-test-rpm-macros-13.7-2.module+el8.4.0+15346+22c653ca.noarch.rpm

ppc64le:  
pgaudit-1.5.0-1.module+el8.4.0+8873+b821c30a.ppc64le.rpm  
pgaudit-debuginfo-1.5.0-1.module+el8.4.0+8873+b821c30a.ppc64le.rpm  
pgaudit-debugsource-1.5.0-1.module+el8.4.0+8873+b821c30a.ppc64le.rpm  
postgres-decoderbufs-0.10.0-2.module+el8.4.0+8873+b821c30a.ppc64le.rpm  
postgres-decoderbufs-debuginfo-0.10.0-2.module+el8.4.0+8873+b821c30a.ppc64le.rpm  
postgres-decoderbufs-debugsource-0.10.0-2.module+el8.4.0+8873+b821c30a.ppc64le.rpm  
postgresql-13.7-2.module+el8.4.0+15346+22c653ca.ppc64le.rpm  
postgresql-contrib-13.7-2.module+el8.4.0+15346+22c653ca.ppc64le.rpm  
postgresql-contrib-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.ppc64le.rpm  
postgresql-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.ppc64le.rpm  
postgresql-debugsource-13.7-2.module+el8.4.0+15346+22c653ca.ppc64le.rpm  
postgresql-docs-13.7-2.module+el8.4.0+15346+22c653ca.ppc64le.rpm  
postgresql-docs-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.ppc64le.rpm  
postgresql-plperl-13.7-2.module+el8.4.0+15346+22c653ca.ppc64le.rpm  
postgresql-plperl-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.ppc64le.rpm  
postgresql-plpython3-13.7-2.module+el8.4.0+15346+22c653ca.ppc64le.rpm  
postgresql-plpython3-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.ppc64le.rpm  
postgresql-pltcl-13.7-2.module+el8.4.0+15346+22c653ca.ppc64le.rpm  
postgresql-pltcl-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.ppc64le.rpm  
postgresql-server-13.7-2.module+el8.4.0+15346+22c653ca.ppc64le.rpm  
postgresql-server-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.ppc64le.rpm  
postgresql-server-devel-13.7-2.module+el8.4.0+15346+22c653ca.ppc64le.rpm  
postgresql-server-devel-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.ppc64le.rpm  
postgresql-static-13.7-2.module+el8.4.0+15346+22c653ca.ppc64le.rpm  
postgresql-test-13.7-2.module+el8.4.0+15346+22c653ca.ppc64le.rpm  
postgresql-test-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.ppc64le.rpm  
postgresql-upgrade-13.7-2.module+el8.4.0+15346+22c653ca.ppc64le.rpm  
postgresql-upgrade-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.ppc64le.rpm  
postgresql-upgrade-devel-13.7-2.module+el8.4.0+15346+22c653ca.ppc64le.rpm  
postgresql-upgrade-devel-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.ppc64le.rpm

s390x:  
pgaudit-1.5.0-1.module+el8.4.0+8873+b821c30a.s390x.rpm  
pgaudit-debuginfo-1.5.0-1.module+el8.4.0+8873+b821c30a.s390x.rpm  
pgaudit-debugsource-1.5.0-1.module+el8.4.0+8873+b821c30a.s390x.rpm  
postgres-decoderbufs-0.10.0-2.module+el8.4.0+8873+b821c30a.s390x.rpm  
postgres-decoderbufs-debuginfo-0.10.0-2.module+el8.4.0+8873+b821c30a.s390x.rpm  
postgres-decoderbufs-debugsource-0.10.0-2.module+el8.4.0+8873+b821c30a.s390x.rpm  
postgresql-13.7-2.module+el8.4.0+15346+22c653ca.s390x.rpm  
postgresql-contrib-13.7-2.module+el8.4.0+15346+22c653ca.s390x.rpm  
postgresql-contrib-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.s390x.rpm  
postgresql-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.s390x.rpm  
postgresql-debugsource-13.7-2.module+el8.4.0+15346+22c653ca.s390x.rpm  
postgresql-docs-13.7-2.module+el8.4.0+15346+22c653ca.s390x.rpm  
postgresql-docs-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.s390x.rpm  
postgresql-plperl-13.7-2.module+el8.4.0+15346+22c653ca.s390x.rpm  
postgresql-plperl-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.s390x.rpm  
postgresql-plpython3-13.7-2.module+el8.4.0+15346+22c653ca.s390x.rpm  
postgresql-plpython3-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.s390x.rpm  
postgresql-pltcl-13.7-2.module+el8.4.0+15346+22c653ca.s390x.rpm  
postgresql-pltcl-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.s390x.rpm  
postgresql-server-13.7-2.module+el8.4.0+15346+22c653ca.s390x.rpm  
postgresql-server-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.s390x.rpm  
postgresql-server-devel-13.7-2.module+el8.4.0+15346+22c653ca.s390x.rpm  
postgresql-server-devel-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.s390x.rpm  
postgresql-static-13.7-2.module+el8.4.0+15346+22c653ca.s390x.rpm  
postgresql-test-13.7-2.module+el8.4.0+15346+22c653ca.s390x.rpm  
postgresql-test-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.s390x.rpm  
postgresql-upgrade-13.7-2.module+el8.4.0+15346+22c653ca.s390x.rpm  
postgresql-upgrade-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.s390x.rpm  
postgresql-upgrade-devel-13.7-2.module+el8.4.0+15346+22c653ca.s390x.rpm  
postgresql-upgrade-devel-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.s390x.rpm

x86_64:  
pgaudit-1.5.0-1.module+el8.4.0+8873+b821c30a.x86_64.rpm  
pgaudit-debuginfo-1.5.0-1.module+el8.4.0+8873+b821c30a.x86_64.rpm  
pgaudit-debugsource-1.5.0-1.module+el8.4.0+8873+b821c30a.x86_64.rpm  
postgres-decoderbufs-0.10.0-2.module+el8.4.0+8873+b821c30a.x86_64.rpm  
postgres-decoderbufs-debuginfo-0.10.0-2.module+el8.4.0+8873+b821c30a.x86_64.rpm  
postgres-decoderbufs-debugsource-0.10.0-2.module+el8.4.0+8873+b821c30a.x86_64.rpm  
postgresql-13.7-2.module+el8.4.0+15346+22c653ca.x86_64.rpm  
postgresql-contrib-13.7-2.module+el8.4.0+15346+22c653ca.x86_64.rpm  
postgresql-contrib-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.x86_64.rpm  
postgresql-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.x86_64.rpm  
postgresql-debugsource-13.7-2.module+el8.4.0+15346+22c653ca.x86_64.rpm  
postgresql-docs-13.7-2.module+el8.4.0+15346+22c653ca.x86_64.rpm  
postgresql-docs-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.x86_64.rpm  
postgresql-plperl-13.7-2.module+el8.4.0+15346+22c653ca.x86_64.rpm  
postgresql-plperl-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.x86_64.rpm  
postgresql-plpython3-13.7-2.module+el8.4.0+15346+22c653ca.x86_64.rpm  
postgresql-plpython3-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.x86_64.rpm  
postgresql-pltcl-13.7-2.module+el8.4.0+15346+22c653ca.x86_64.rpm  
postgresql-pltcl-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.x86_64.rpm  
postgresql-server-13.7-2.module+el8.4.0+15346+22c653ca.x86_64.rpm  
postgresql-server-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.x86_64.rpm  
postgresql-server-devel-13.7-2.module+el8.4.0+15346+22c653ca.x86_64.rpm  
postgresql-server-devel-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.x86_64.rpm  
postgresql-static-13.7-2.module+el8.4.0+15346+22c653ca.x86_64.rpm  
postgresql-test-13.7-2.module+el8.4.0+15346+22c653ca.x86_64.rpm  
postgresql-test-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.x86_64.rpm  
postgresql-upgrade-13.7-2.module+el8.4.0+15346+22c653ca.x86_64.rpm  
postgresql-upgrade-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.x86_64.rpm  
postgresql-upgrade-devel-13.7-2.module+el8.4.0+15346+22c653ca.x86_64.rpm  
postgresql-upgrade-devel-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-1552  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYpgdvNzjgjWX9erEAQiPMQ//W6xy9WHzkkfQeNaFJ/TMzpUS5ws/MFKa  
8xwMl0D9lA1cauCGQso/AB+ei2jFlWr0DtjQ4Br5CRIx2TGLq7Q3vzjoyCxx/1rw  
uET6p/5EwtTDa4OTJagTZWPlmYwwX8ZO8AQc0SDrzzXHSlZ+N1MviOHRnjZmSJvo  
J+KB0NYEAuTVSiZaHk3+aUN8mP6ImPa3IxoGGwuecBNewDqB73mdYbR6K+mJdOvK  
Qf7PfiTVaPIZ0QvAR+S7enouX4q8GchlqAeAwt336hWQNs7WkOAtZPNhg0Z2vwln  
IT2mwyUYPvGZJqMnFP19WHJaCri/aQKVFe6gwd8qQY6mNXKbaEdTwSyHxpaEhF0m  
NJKU3vA+GsYJ4clr7cJjQyBZ/qLTD3ZjGYPppt/+h1C8xHiABsuYpSO6XdBTerQQ  
jKA8A0UQ7GzlMasaNnNPvIj6xzHmCXVSLiiOC/nCzok+qQw6XE+8vvwM3/m+eBuf  
t71z5tIz/EU0QYNjYDi37ePl3wpfiaOnTj5LeGMAsdspcu4mvx/VKl20mwVwBJ37  
z1MPnaZBaA0FqsVAmy0+ln0M5DzXGZTRv4SPIaFk0SQWu2k+L0avmLwcyqE3vW4u  
1kzwigWieAJZQfULydxsDcLbqQd28adAU6Yttjz3xy3N9OftA/S82zMtARqs1kdy  
TNjwXxXo7EA=LmL9  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-4857-01

Red Hat Security Advisory 2022-4854-01 - PostgreSQL is an advanced object-relational database management system.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: postgresql:10 security update  
Advisory ID:       RHSA-2022:4854-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:4854  
Issue date:        2022-06-01  
CVE Names:         CVE-2022-1552  
====================================================================  
1. Summary:

An update for the postgresql:10 module is now available for Red Hat  
Enterprise Linux 8.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.4) - aarch64, ppc64le, s390x, x86_64

3. Description:

PostgreSQL is an advanced object-relational database management system  
(DBMS).

The following packages have been upgraded to a later upstream version:  
postgresql (10.21).

Security Fix(es):

* postgresql: Autovacuum, REINDEX, and others omit "security restricted  
operation" sandbox (CVE-2022-1552)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

If the postgresql service is running, it will be automatically restarted  
after installing this update.

5. Bugs fixed (https://bugzilla.redhat.com/):

2081126 - CVE-2022-1552 postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.4):

Source:  
postgresql-10.21-2.module+el8.4.0+15341+25c9f2fe.src.rpm

aarch64:  
postgresql-10.21-2.module+el8.4.0+15341+25c9f2fe.aarch64.rpm  
postgresql-contrib-10.21-2.module+el8.4.0+15341+25c9f2fe.aarch64.rpm  
postgresql-contrib-debuginfo-10.21-2.module+el8.4.0+15341+25c9f2fe.aarch64.rpm  
postgresql-debuginfo-10.21-2.module+el8.4.0+15341+25c9f2fe.aarch64.rpm  
postgresql-debugsource-10.21-2.module+el8.4.0+15341+25c9f2fe.aarch64.rpm  
postgresql-docs-10.21-2.module+el8.4.0+15341+25c9f2fe.aarch64.rpm  
postgresql-docs-debuginfo-10.21-2.module+el8.4.0+15341+25c9f2fe.aarch64.rpm  
postgresql-plperl-10.21-2.module+el8.4.0+15341+25c9f2fe.aarch64.rpm  
postgresql-plperl-debuginfo-10.21-2.module+el8.4.0+15341+25c9f2fe.aarch64.rpm  
postgresql-plpython3-10.21-2.module+el8.4.0+15341+25c9f2fe.aarch64.rpm  
postgresql-plpython3-debuginfo-10.21-2.module+el8.4.0+15341+25c9f2fe.aarch64.rpm  
postgresql-pltcl-10.21-2.module+el8.4.0+15341+25c9f2fe.aarch64.rpm  
postgresql-pltcl-debuginfo-10.21-2.module+el8.4.0+15341+25c9f2fe.aarch64.rpm  
postgresql-server-10.21-2.module+el8.4.0+15341+25c9f2fe.aarch64.rpm  
postgresql-server-debuginfo-10.21-2.module+el8.4.0+15341+25c9f2fe.aarch64.rpm  
postgresql-server-devel-10.21-2.module+el8.4.0+15341+25c9f2fe.aarch64.rpm  
postgresql-server-devel-debuginfo-10.21-2.module+el8.4.0+15341+25c9f2fe.aarch64.rpm  
postgresql-static-10.21-2.module+el8.4.0+15341+25c9f2fe.aarch64.rpm  
postgresql-test-10.21-2.module+el8.4.0+15341+25c9f2fe.aarch64.rpm  
postgresql-test-debuginfo-10.21-2.module+el8.4.0+15341+25c9f2fe.aarch64.rpm  
postgresql-test-rpm-macros-10.21-2.module+el8.4.0+15341+25c9f2fe.aarch64.rpm  
postgresql-upgrade-10.21-2.module+el8.4.0+15341+25c9f2fe.aarch64.rpm  
postgresql-upgrade-debuginfo-10.21-2.module+el8.4.0+15341+25c9f2fe.aarch64.rpm  
postgresql-upgrade-devel-10.21-2.module+el8.4.0+15341+25c9f2fe.aarch64.rpm  
postgresql-upgrade-devel-debuginfo-10.21-2.module+el8.4.0+15341+25c9f2fe.aarch64.rpm

ppc64le:  
postgresql-10.21-2.module+el8.4.0+15341+25c9f2fe.ppc64le.rpm  
postgresql-contrib-10.21-2.module+el8.4.0+15341+25c9f2fe.ppc64le.rpm  
postgresql-contrib-debuginfo-10.21-2.module+el8.4.0+15341+25c9f2fe.ppc64le.rpm  
postgresql-debuginfo-10.21-2.module+el8.4.0+15341+25c9f2fe.ppc64le.rpm  
postgresql-debugsource-10.21-2.module+el8.4.0+15341+25c9f2fe.ppc64le.rpm  
postgresql-docs-10.21-2.module+el8.4.0+15341+25c9f2fe.ppc64le.rpm  
postgresql-docs-debuginfo-10.21-2.module+el8.4.0+15341+25c9f2fe.ppc64le.rpm  
postgresql-plperl-10.21-2.module+el8.4.0+15341+25c9f2fe.ppc64le.rpm  
postgresql-plperl-debuginfo-10.21-2.module+el8.4.0+15341+25c9f2fe.ppc64le.rpm  
postgresql-plpython3-10.21-2.module+el8.4.0+15341+25c9f2fe.ppc64le.rpm  
postgresql-plpython3-debuginfo-10.21-2.module+el8.4.0+15341+25c9f2fe.ppc64le.rpm  
postgresql-pltcl-10.21-2.module+el8.4.0+15341+25c9f2fe.ppc64le.rpm  
postgresql-pltcl-debuginfo-10.21-2.module+el8.4.0+15341+25c9f2fe.ppc64le.rpm  
postgresql-server-10.21-2.module+el8.4.0+15341+25c9f2fe.ppc64le.rpm  
postgresql-server-debuginfo-10.21-2.module+el8.4.0+15341+25c9f2fe.ppc64le.rpm  
postgresql-server-devel-10.21-2.module+el8.4.0+15341+25c9f2fe.ppc64le.rpm  
postgresql-server-devel-debuginfo-10.21-2.module+el8.4.0+15341+25c9f2fe.ppc64le.rpm  
postgresql-static-10.21-2.module+el8.4.0+15341+25c9f2fe.ppc64le.rpm  
postgresql-test-10.21-2.module+el8.4.0+15341+25c9f2fe.ppc64le.rpm  
postgresql-test-debuginfo-10.21-2.module+el8.4.0+15341+25c9f2fe.ppc64le.rpm  
postgresql-test-rpm-macros-10.21-2.module+el8.4.0+15341+25c9f2fe.ppc64le.rpm  
postgresql-upgrade-10.21-2.module+el8.4.0+15341+25c9f2fe.ppc64le.rpm  
postgresql-upgrade-debuginfo-10.21-2.module+el8.4.0+15341+25c9f2fe.ppc64le.rpm  
postgresql-upgrade-devel-10.21-2.module+el8.4.0+15341+25c9f2fe.ppc64le.rpm  
postgresql-upgrade-devel-debuginfo-10.21-2.module+el8.4.0+15341+25c9f2fe.ppc64le.rpm

s390x:  
postgresql-10.21-2.module+el8.4.0+15341+25c9f2fe.s390x.rpm  
postgresql-contrib-10.21-2.module+el8.4.0+15341+25c9f2fe.s390x.rpm  
postgresql-contrib-debuginfo-10.21-2.module+el8.4.0+15341+25c9f2fe.s390x.rpm  
postgresql-debuginfo-10.21-2.module+el8.4.0+15341+25c9f2fe.s390x.rpm  
postgresql-debugsource-10.21-2.module+el8.4.0+15341+25c9f2fe.s390x.rpm  
postgresql-docs-10.21-2.module+el8.4.0+15341+25c9f2fe.s390x.rpm  
postgresql-docs-debuginfo-10.21-2.module+el8.4.0+15341+25c9f2fe.s390x.rpm  
postgresql-plperl-10.21-2.module+el8.4.0+15341+25c9f2fe.s390x.rpm  
postgresql-plperl-debuginfo-10.21-2.module+el8.4.0+15341+25c9f2fe.s390x.rpm  
postgresql-plpython3-10.21-2.module+el8.4.0+15341+25c9f2fe.s390x.rpm  
postgresql-plpython3-debuginfo-10.21-2.module+el8.4.0+15341+25c9f2fe.s390x.rpm  
postgresql-pltcl-10.21-2.module+el8.4.0+15341+25c9f2fe.s390x.rpm  
postgresql-pltcl-debuginfo-10.21-2.module+el8.4.0+15341+25c9f2fe.s390x.rpm  
postgresql-server-10.21-2.module+el8.4.0+15341+25c9f2fe.s390x.rpm  
postgresql-server-debuginfo-10.21-2.module+el8.4.0+15341+25c9f2fe.s390x.rpm  
postgresql-server-devel-10.21-2.module+el8.4.0+15341+25c9f2fe.s390x.rpm  
postgresql-server-devel-debuginfo-10.21-2.module+el8.4.0+15341+25c9f2fe.s390x.rpm  
postgresql-static-10.21-2.module+el8.4.0+15341+25c9f2fe.s390x.rpm  
postgresql-test-10.21-2.module+el8.4.0+15341+25c9f2fe.s390x.rpm  
postgresql-test-debuginfo-10.21-2.module+el8.4.0+15341+25c9f2fe.s390x.rpm  
postgresql-test-rpm-macros-10.21-2.module+el8.4.0+15341+25c9f2fe.s390x.rpm  
postgresql-upgrade-10.21-2.module+el8.4.0+15341+25c9f2fe.s390x.rpm  
postgresql-upgrade-debuginfo-10.21-2.module+el8.4.0+15341+25c9f2fe.s390x.rpm  
postgresql-upgrade-devel-10.21-2.module+el8.4.0+15341+25c9f2fe.s390x.rpm  
postgresql-upgrade-devel-debuginfo-10.21-2.module+el8.4.0+15341+25c9f2fe.s390x.rpm

x86_64:  
postgresql-10.21-2.module+el8.4.0+15341+25c9f2fe.x86_64.rpm  
postgresql-contrib-10.21-2.module+el8.4.0+15341+25c9f2fe.x86_64.rpm  
postgresql-contrib-debuginfo-10.21-2.module+el8.4.0+15341+25c9f2fe.x86_64.rpm  
postgresql-debuginfo-10.21-2.module+el8.4.0+15341+25c9f2fe.x86_64.rpm  
postgresql-debugsource-10.21-2.module+el8.4.0+15341+25c9f2fe.x86_64.rpm  
postgresql-docs-10.21-2.module+el8.4.0+15341+25c9f2fe.x86_64.rpm  
postgresql-docs-debuginfo-10.21-2.module+el8.4.0+15341+25c9f2fe.x86_64.rpm  
postgresql-plperl-10.21-2.module+el8.4.0+15341+25c9f2fe.x86_64.rpm  
postgresql-plperl-debuginfo-10.21-2.module+el8.4.0+15341+25c9f2fe.x86_64.rpm  
postgresql-plpython3-10.21-2.module+el8.4.0+15341+25c9f2fe.x86_64.rpm  
postgresql-plpython3-debuginfo-10.21-2.module+el8.4.0+15341+25c9f2fe.x86_64.rpm  
postgresql-pltcl-10.21-2.module+el8.4.0+15341+25c9f2fe.x86_64.rpm  
postgresql-pltcl-debuginfo-10.21-2.module+el8.4.0+15341+25c9f2fe.x86_64.rpm  
postgresql-server-10.21-2.module+el8.4.0+15341+25c9f2fe.x86_64.rpm  
postgresql-server-debuginfo-10.21-2.module+el8.4.0+15341+25c9f2fe.x86_64.rpm  
postgresql-server-devel-10.21-2.module+el8.4.0+15341+25c9f2fe.x86_64.rpm  
postgresql-server-devel-debuginfo-10.21-2.module+el8.4.0+15341+25c9f2fe.x86_64.rpm  
postgresql-static-10.21-2.module+el8.4.0+15341+25c9f2fe.x86_64.rpm  
postgresql-test-10.21-2.module+el8.4.0+15341+25c9f2fe.x86_64.rpm  
postgresql-test-debuginfo-10.21-2.module+el8.4.0+15341+25c9f2fe.x86_64.rpm  
postgresql-test-rpm-macros-10.21-2.module+el8.4.0+15341+25c9f2fe.x86_64.rpm  
postgresql-upgrade-10.21-2.module+el8.4.0+15341+25c9f2fe.x86_64.rpm  
postgresql-upgrade-debuginfo-10.21-2.module+el8.4.0+15341+25c9f2fe.x86_64.rpm  
postgresql-upgrade-devel-10.21-2.module+el8.4.0+15341+25c9f2fe.x86_64.rpm  
postgresql-upgrade-devel-debuginfo-10.21-2.module+el8.4.0+15341+25c9f2fe.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-1552  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYpgdsNzjgjWX9erEAQj9vw/+M74nNXg+gDraQPuEeoAGn13j5vtAwWDC  
bnvUWa43XC7EBP3qXbR21xAbz+IntQ5YYllGXcFrmimbqlZAmhPHea5dGI8z2GaI  
tbq+/4YI4G47PicU5D2Qrtd2HzDqAJgOk8MG/8LeG5kjQxegBnW1eNqmuV1+jWfM  
V6ikG1z8SODuImgiLQxe/Q6uesLVP4SbzJ6lIs0ya9e+C/IJsgTf/1No77QQYSNO  
K8hDJY6+KWnzz0ZTjCfVMHOJ7PcDGM+yk42lDkv5xVRLBLJgSRU3Xrsyn3oB/MAp  
Ui5j0P1FhF0Btqd+20BIEET9TEaqD3hcdVsN/cYUueoURFsUKFFDGFZQ1X3j9HdX  
+VMYOnYDFiN09SMXK+CRtBJVS/wnm1+2F46WLRC3N3HoomhgU/AgTCmZrD7CDMfh  
waQNJKhItKG4RA086AkG7Rwq+QODXSGms1jUyMGi1dNdme/dWE8tsfO0jjmNZ3oZ  
bPyymNJRJK9VgXbGNJsrgWZZa8mst9uLV9AXcD1drG6Qj1GQogApYzvc31xN3K3G  
IvIww1LnM89WB/SQ43al9VtLlXbIqBSZG0DYGnobFTc6VC5BvPIZnm/OeAewP0p7  
GCTWGpGFnd8yL6+Y+rYsoyJxlFQnwl6YiUx72vmstqKfre95UPxXNeIALtKbFijV  
t4qNNY5hl+8=0kZx  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-4854-01

Red Hat Security Advisory 2022-4856-01 - PostgreSQL is an advanced object-relational database management system.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: postgresql:12 security update  
Advisory ID:       RHSA-2022:4856-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:4856  
Issue date:        2022-06-01  
CVE Names:         CVE-2022-1552  
====================================================================  
1. Summary:

An update for the postgresql:12 module is now available for Red Hat  
Enterprise Linux 8.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.4) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

PostgreSQL is an advanced object-relational database management system  
(DBMS).

The following packages have been upgraded to a later upstream version:  
postgresql (12.11).

Security Fix(es):

* postgresql: Autovacuum, REINDEX, and others omit "security restricted  
operation" sandbox (CVE-2022-1552)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

If the postgresql service is running, it will be automatically restarted  
after installing this update.

5. Bugs fixed (https://bugzilla.redhat.com/):

2081126 - CVE-2022-1552 postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.4):

Source:  
pgaudit-1.4.0-6.module+el8.4.0+11288+c193d6d7.src.rpm  
postgres-decoderbufs-0.10.0-2.module+el8.4.0+11288+c193d6d7.src.rpm  
postgresql-12.11-2.module+el8.4.0+15406+aeb4ae67.src.rpm

aarch64:  
pgaudit-1.4.0-6.module+el8.4.0+11288+c193d6d7.aarch64.rpm  
pgaudit-debuginfo-1.4.0-6.module+el8.4.0+11288+c193d6d7.aarch64.rpm  
pgaudit-debugsource-1.4.0-6.module+el8.4.0+11288+c193d6d7.aarch64.rpm  
postgres-decoderbufs-0.10.0-2.module+el8.4.0+11288+c193d6d7.aarch64.rpm  
postgres-decoderbufs-debuginfo-0.10.0-2.module+el8.4.0+11288+c193d6d7.aarch64.rpm  
postgres-decoderbufs-debugsource-0.10.0-2.module+el8.4.0+11288+c193d6d7.aarch64.rpm  
postgresql-12.11-2.module+el8.4.0+15406+aeb4ae67.aarch64.rpm  
postgresql-contrib-12.11-2.module+el8.4.0+15406+aeb4ae67.aarch64.rpm  
postgresql-contrib-debuginfo-12.11-2.module+el8.4.0+15406+aeb4ae67.aarch64.rpm  
postgresql-debuginfo-12.11-2.module+el8.4.0+15406+aeb4ae67.aarch64.rpm  
postgresql-debugsource-12.11-2.module+el8.4.0+15406+aeb4ae67.aarch64.rpm  
postgresql-docs-12.11-2.module+el8.4.0+15406+aeb4ae67.aarch64.rpm  
postgresql-docs-debuginfo-12.11-2.module+el8.4.0+15406+aeb4ae67.aarch64.rpm  
postgresql-plperl-12.11-2.module+el8.4.0+15406+aeb4ae67.aarch64.rpm  
postgresql-plperl-debuginfo-12.11-2.module+el8.4.0+15406+aeb4ae67.aarch64.rpm  
postgresql-plpython3-12.11-2.module+el8.4.0+15406+aeb4ae67.aarch64.rpm  
postgresql-plpython3-debuginfo-12.11-2.module+el8.4.0+15406+aeb4ae67.aarch64.rpm  
postgresql-pltcl-12.11-2.module+el8.4.0+15406+aeb4ae67.aarch64.rpm  
postgresql-pltcl-debuginfo-12.11-2.module+el8.4.0+15406+aeb4ae67.aarch64.rpm  
postgresql-server-12.11-2.module+el8.4.0+15406+aeb4ae67.aarch64.rpm  
postgresql-server-debuginfo-12.11-2.module+el8.4.0+15406+aeb4ae67.aarch64.rpm  
postgresql-server-devel-12.11-2.module+el8.4.0+15406+aeb4ae67.aarch64.rpm  
postgresql-server-devel-debuginfo-12.11-2.module+el8.4.0+15406+aeb4ae67.aarch64.rpm  
postgresql-static-12.11-2.module+el8.4.0+15406+aeb4ae67.aarch64.rpm  
postgresql-test-12.11-2.module+el8.4.0+15406+aeb4ae67.aarch64.rpm  
postgresql-test-debuginfo-12.11-2.module+el8.4.0+15406+aeb4ae67.aarch64.rpm  
postgresql-upgrade-12.11-2.module+el8.4.0+15406+aeb4ae67.aarch64.rpm  
postgresql-upgrade-debuginfo-12.11-2.module+el8.4.0+15406+aeb4ae67.aarch64.rpm  
postgresql-upgrade-devel-12.11-2.module+el8.4.0+15406+aeb4ae67.aarch64.rpm  
postgresql-upgrade-devel-debuginfo-12.11-2.module+el8.4.0+15406+aeb4ae67.aarch64.rpm

noarch:  
postgresql-test-rpm-macros-12.11-2.module+el8.4.0+15406+aeb4ae67.noarch.rpm

ppc64le:  
pgaudit-1.4.0-6.module+el8.4.0+11288+c193d6d7.ppc64le.rpm  
pgaudit-debuginfo-1.4.0-6.module+el8.4.0+11288+c193d6d7.ppc64le.rpm  
pgaudit-debugsource-1.4.0-6.module+el8.4.0+11288+c193d6d7.ppc64le.rpm  
postgres-decoderbufs-0.10.0-2.module+el8.4.0+11288+c193d6d7.ppc64le.rpm  
postgres-decoderbufs-debuginfo-0.10.0-2.module+el8.4.0+11288+c193d6d7.ppc64le.rpm  
postgres-decoderbufs-debugsource-0.10.0-2.module+el8.4.0+11288+c193d6d7.ppc64le.rpm  
postgresql-12.11-2.module+el8.4.0+15406+aeb4ae67.ppc64le.rpm  
postgresql-contrib-12.11-2.module+el8.4.0+15406+aeb4ae67.ppc64le.rpm  
postgresql-contrib-debuginfo-12.11-2.module+el8.4.0+15406+aeb4ae67.ppc64le.rpm  
postgresql-debuginfo-12.11-2.module+el8.4.0+15406+aeb4ae67.ppc64le.rpm  
postgresql-debugsource-12.11-2.module+el8.4.0+15406+aeb4ae67.ppc64le.rpm  
postgresql-docs-12.11-2.module+el8.4.0+15406+aeb4ae67.ppc64le.rpm  
postgresql-docs-debuginfo-12.11-2.module+el8.4.0+15406+aeb4ae67.ppc64le.rpm  
postgresql-plperl-12.11-2.module+el8.4.0+15406+aeb4ae67.ppc64le.rpm  
postgresql-plperl-debuginfo-12.11-2.module+el8.4.0+15406+aeb4ae67.ppc64le.rpm  
postgresql-plpython3-12.11-2.module+el8.4.0+15406+aeb4ae67.ppc64le.rpm  
postgresql-plpython3-debuginfo-12.11-2.module+el8.4.0+15406+aeb4ae67.ppc64le.rpm  
postgresql-pltcl-12.11-2.module+el8.4.0+15406+aeb4ae67.ppc64le.rpm  
postgresql-pltcl-debuginfo-12.11-2.module+el8.4.0+15406+aeb4ae67.ppc64le.rpm  
postgresql-server-12.11-2.module+el8.4.0+15406+aeb4ae67.ppc64le.rpm  
postgresql-server-debuginfo-12.11-2.module+el8.4.0+15406+aeb4ae67.ppc64le.rpm  
postgresql-server-devel-12.11-2.module+el8.4.0+15406+aeb4ae67.ppc64le.rpm  
postgresql-server-devel-debuginfo-12.11-2.module+el8.4.0+15406+aeb4ae67.ppc64le.rpm  
postgresql-static-12.11-2.module+el8.4.0+15406+aeb4ae67.ppc64le.rpm  
postgresql-test-12.11-2.module+el8.4.0+15406+aeb4ae67.ppc64le.rpm  
postgresql-test-debuginfo-12.11-2.module+el8.4.0+15406+aeb4ae67.ppc64le.rpm  
postgresql-upgrade-12.11-2.module+el8.4.0+15406+aeb4ae67.ppc64le.rpm  
postgresql-upgrade-debuginfo-12.11-2.module+el8.4.0+15406+aeb4ae67.ppc64le.rpm  
postgresql-upgrade-devel-12.11-2.module+el8.4.0+15406+aeb4ae67.ppc64le.rpm  
postgresql-upgrade-devel-debuginfo-12.11-2.module+el8.4.0+15406+aeb4ae67.ppc64le.rpm

s390x:  
pgaudit-1.4.0-6.module+el8.4.0+11288+c193d6d7.s390x.rpm  
pgaudit-debuginfo-1.4.0-6.module+el8.4.0+11288+c193d6d7.s390x.rpm  
pgaudit-debugsource-1.4.0-6.module+el8.4.0+11288+c193d6d7.s390x.rpm  
postgres-decoderbufs-0.10.0-2.module+el8.4.0+11288+c193d6d7.s390x.rpm  
postgres-decoderbufs-debuginfo-0.10.0-2.module+el8.4.0+11288+c193d6d7.s390x.rpm  
postgres-decoderbufs-debugsource-0.10.0-2.module+el8.4.0+11288+c193d6d7.s390x.rpm  
postgresql-12.11-2.module+el8.4.0+15406+aeb4ae67.s390x.rpm  
postgresql-contrib-12.11-2.module+el8.4.0+15406+aeb4ae67.s390x.rpm  
postgresql-contrib-debuginfo-12.11-2.module+el8.4.0+15406+aeb4ae67.s390x.rpm  
postgresql-debuginfo-12.11-2.module+el8.4.0+15406+aeb4ae67.s390x.rpm  
postgresql-debugsource-12.11-2.module+el8.4.0+15406+aeb4ae67.s390x.rpm  
postgresql-docs-12.11-2.module+el8.4.0+15406+aeb4ae67.s390x.rpm  
postgresql-docs-debuginfo-12.11-2.module+el8.4.0+15406+aeb4ae67.s390x.rpm  
postgresql-plperl-12.11-2.module+el8.4.0+15406+aeb4ae67.s390x.rpm  
postgresql-plperl-debuginfo-12.11-2.module+el8.4.0+15406+aeb4ae67.s390x.rpm  
postgresql-plpython3-12.11-2.module+el8.4.0+15406+aeb4ae67.s390x.rpm  
postgresql-plpython3-debuginfo-12.11-2.module+el8.4.0+15406+aeb4ae67.s390x.rpm  
postgresql-pltcl-12.11-2.module+el8.4.0+15406+aeb4ae67.s390x.rpm  
postgresql-pltcl-debuginfo-12.11-2.module+el8.4.0+15406+aeb4ae67.s390x.rpm  
postgresql-server-12.11-2.module+el8.4.0+15406+aeb4ae67.s390x.rpm  
postgresql-server-debuginfo-12.11-2.module+el8.4.0+15406+aeb4ae67.s390x.rpm  
postgresql-server-devel-12.11-2.module+el8.4.0+15406+aeb4ae67.s390x.rpm  
postgresql-server-devel-debuginfo-12.11-2.module+el8.4.0+15406+aeb4ae67.s390x.rpm  
postgresql-static-12.11-2.module+el8.4.0+15406+aeb4ae67.s390x.rpm  
postgresql-test-12.11-2.module+el8.4.0+15406+aeb4ae67.s390x.rpm  
postgresql-test-debuginfo-12.11-2.module+el8.4.0+15406+aeb4ae67.s390x.rpm  
postgresql-upgrade-12.11-2.module+el8.4.0+15406+aeb4ae67.s390x.rpm  
postgresql-upgrade-debuginfo-12.11-2.module+el8.4.0+15406+aeb4ae67.s390x.rpm  
postgresql-upgrade-devel-12.11-2.module+el8.4.0+15406+aeb4ae67.s390x.rpm  
postgresql-upgrade-devel-debuginfo-12.11-2.module+el8.4.0+15406+aeb4ae67.s390x.rpm

x86_64:  
pgaudit-1.4.0-6.module+el8.4.0+11288+c193d6d7.x86_64.rpm  
pgaudit-debuginfo-1.4.0-6.module+el8.4.0+11288+c193d6d7.x86_64.rpm  
pgaudit-debugsource-1.4.0-6.module+el8.4.0+11288+c193d6d7.x86_64.rpm  
postgres-decoderbufs-0.10.0-2.module+el8.4.0+11288+c193d6d7.x86_64.rpm  
postgres-decoderbufs-debuginfo-0.10.0-2.module+el8.4.0+11288+c193d6d7.x86_64.rpm  
postgres-decoderbufs-debugsource-0.10.0-2.module+el8.4.0+11288+c193d6d7.x86_64.rpm  
postgresql-12.11-2.module+el8.4.0+15406+aeb4ae67.x86_64.rpm  
postgresql-contrib-12.11-2.module+el8.4.0+15406+aeb4ae67.x86_64.rpm  
postgresql-contrib-debuginfo-12.11-2.module+el8.4.0+15406+aeb4ae67.x86_64.rpm  
postgresql-debuginfo-12.11-2.module+el8.4.0+15406+aeb4ae67.x86_64.rpm  
postgresql-debugsource-12.11-2.module+el8.4.0+15406+aeb4ae67.x86_64.rpm  
postgresql-docs-12.11-2.module+el8.4.0+15406+aeb4ae67.x86_64.rpm  
postgresql-docs-debuginfo-12.11-2.module+el8.4.0+15406+aeb4ae67.x86_64.rpm  
postgresql-plperl-12.11-2.module+el8.4.0+15406+aeb4ae67.x86_64.rpm  
postgresql-plperl-debuginfo-12.11-2.module+el8.4.0+15406+aeb4ae67.x86_64.rpm  
postgresql-plpython3-12.11-2.module+el8.4.0+15406+aeb4ae67.x86_64.rpm  
postgresql-plpython3-debuginfo-12.11-2.module+el8.4.0+15406+aeb4ae67.x86_64.rpm  
postgresql-pltcl-12.11-2.module+el8.4.0+15406+aeb4ae67.x86_64.rpm  
postgresql-pltcl-debuginfo-12.11-2.module+el8.4.0+15406+aeb4ae67.x86_64.rpm  
postgresql-server-12.11-2.module+el8.4.0+15406+aeb4ae67.x86_64.rpm  
postgresql-server-debuginfo-12.11-2.module+el8.4.0+15406+aeb4ae67.x86_64.rpm  
postgresql-server-devel-12.11-2.module+el8.4.0+15406+aeb4ae67.x86_64.rpm  
postgresql-server-devel-debuginfo-12.11-2.module+el8.4.0+15406+aeb4ae67.x86_64.rpm  
postgresql-static-12.11-2.module+el8.4.0+15406+aeb4ae67.x86_64.rpm  
postgresql-test-12.11-2.module+el8.4.0+15406+aeb4ae67.x86_64.rpm  
postgresql-test-debuginfo-12.11-2.module+el8.4.0+15406+aeb4ae67.x86_64.rpm  
postgresql-upgrade-12.11-2.module+el8.4.0+15406+aeb4ae67.x86_64.rpm  
postgresql-upgrade-debuginfo-12.11-2.module+el8.4.0+15406+aeb4ae67.x86_64.rpm  
postgresql-upgrade-devel-12.11-2.module+el8.4.0+15406+aeb4ae67.x86_64.rpm  
postgresql-upgrade-devel-debuginfo-12.11-2.module+el8.4.0+15406+aeb4ae67.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-1552  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYpgdttzjgjWX9erEAQgakw//YH7kHBKhs5ljsjOLXyYL3bNo72AOpkTb  
TQ9TWOehJYJ4qeNu/FH6o1OXb13ZJs5IdAseipFd6U/ruV7o/UT/3/X1T4kvfV7Z  
WDcy6aMvRzjXXgia54qjmVW+2446xS1cBdYp6IzbaupZ4Rkb30BadHXn4nJWqX01  
ZU/wt7R/K3IhlQhVF3+0v7i4T7SzrC4DO13Q+Nz0Sw34ccQA6RpCLGrIkZKgDY7F  
EoQ7W9zCn3t/a6n5nzkdu7uu03FGWf5mVkFRTtWUDtFXwirmRMKpil7aRiVWwFiU  
VyKQ5YgitKzwQ+nIYvpjPmzdwwQq22YghVz8rBQHpK2Mw4tbmzhExYPziwx88tdd  
IAe79Xwh30HQ5wnvTyLn2KxXZaG01xKxN2z/Wi1jxKHRa2HbDBWxU/YRrCdm1PAJ  
q7p14/PDLK1opO/oAD3qW2NEI1yEkRNmspXwe59rTQ7j5jYx4bCyE01M8BN4XaYu  
5xzS+aSjeHQ3jxmVU5iJqb8YP548f24HIsj/lXiV8zUqZpPRbIW022nSQvetoBcu  
rp5f0YeFB0uyrh2mQPZfsKuULBRt+Z3fU76XXoR3vGaLtoV3JF8uhbIxpOKNadgD  
fby1+3pMkLWTMIKZzscM3CNng3QR9DYRpo6BmH8Q+AE3HuWjiO+QDy5tfCPYZVAa  
lRcB6YF6bPA=PZmd  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-4856-01

As ransomware infections have evolved from purely encrypting data to schemes such as double and triple extortion, a new attack vector is likely to set the stage for future campaigns.
Called Ransomware for IoT or R4IoT by Forescout, it's a "novel, proof-of-concept ransomware that exploits an IoT device to gain access and move laterally in an IT [information technology] network and impact the OT [

As ransomware infections have evolved from purely encrypting data to schemes such as double and triple extortion, a new attack vector is likely to set the stage for future campaigns.

Called Ransomware for IoT or **R4IoT** by Forescout, it's a "novel, proof-of-concept ransomware that exploits an IoT device to gain access and move laterally in an IT \[information technology\] network and impact the OT \[operational technology\] network."

This potential pivot is based on the rapid growth in the number of IoT devices as well as the convergence of IT and OT networks in organizations.

The ultimate goal of R4IoT is to leverage exposed and vulnerable IoT devices such as IP cameras to gain an initial foothold, followed by deploying ransomware in the IT network and taking advantage of poor operational security practices to hold mission-critical processes hostage.

"By compromising IoT, IT, and OT assets, R4IoT goes beyond the usual encryption and data exfiltration to cause physical disruption of business operations," the researchers said, thereby adding an additional layer of extortion to a traditional ransomware attack.

Put differently, R4IoT is a new kind of malware that brings together an IoT entry point and ransomware-related lateral movement and encryption on an IT network, causing an extended impact on both IT and OT networks.

In a hypothetical scenario, this could entail compromising a machine in the corporate network to not only drop ransomware but also retrieve additional payloads from a remote server to deploy cryptocurrency miners and launch denial-of-service (DoS) attacks against OT assets.

To mitigate both the likelihood and the impact of potential R4IoT incidents, organizations are recommended to identify and patch vulnerable devices, enforce network segmentation, implement strong password policies, and monitor HTTPS connections, FTP sessions, and network traffic.

"Ransomware has been the most prevalent threat of the past few years, and so far, it has mostly leveraged vulnerabilities in traditional IT equipment to cripple organizations," the researchers concluded.

"But new connectivity trends have added a number and a diversity of OT and IoT devices that have increased risk in nearly every business."

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Tag

#mac