libdwarf 0.4.0 has a heap-based buffer over-read in _dwarf_check_string_valid in dwarf_util.c.

CVE-2022-32200: DA's Libdwarf Vulnerabilities

Couchbase Server before 7.1.0 has Incorrect Access Control.

CVE-2021-33504: Alerts | Couchbase

The TikTok application before 23.8.4 for Android allows account takeover. A crafted URL (unvalidated deeplink) can force the com.zhiliaoapp.musically WebView to load an arbitrary website. This may allow an attacker to leverage an attached JavaScript interface for the takeover with one click.

**Report security vulnerabilities**

****Report Security Vulnerabilities****

  
TikTok's mission is to inspire creativity and bring joy. The security and health of our platform closely tie to this mission. If things aren't working properly on TikTok, our dedicated security team is ready to respond and resolve those issues. In addition to our team of experienced security professionals and industry-leading security technologies, we rely on, and value, external input that flag technical security bugs on our platform. With that in mind, we have defined a set of policies to guide our external partners on properly reporting vulnerabilities. We welcome your input and appreciate your efforts to safeguard TikTok.

**

**Vulnerability Reporting Policy**

**

       •  For questions, concerns, or issues with your profile, please click here.  
       •  For questions, concerns, or issues with TikTok's privacy policy or fraud, please click here.  
       •  If someone is misusing your brand, contact us.

If you believe you have discovered a security bug or vulnerability on the TikTok app or website, please submit your report here. You will be redirected to the website of HackerOne, our trusted security bug bounty partner. HackerOne provides more information on submission guidelines and will allow you to submit a report.

TikTok follows a Coordinated Disclosure Policy. Please refer to the **Disclosure and Confidentiality Policy** defined in TikTok HackerOne Policy for more details.

**

**Guidelines**

**

  
Please visit the **Program Rules and Guidelines** section in TikTok HackerOne Policy for details.

**

**Frequently Asked Questions (FAQ)**

**

**What type of issues are considered security vulnerabilities and should be reported?**

Issues regarding technical security bugs affecting TikTok should be reported here. Issues include, but are not limited to the following:  
       •  XSS, CSRF, SSRF , SQL Injection, ROP, JOP, etc.       •  Leaked or hard coded sensitive credentials       •  Exploitable and dangerous APIs.  
       •  Control flow hijacking attacks  
       •  User data leaks  
       •  Issues listed in the OWASP Top Ten for Web Apps  
       •  Issues listed in the OWASP Top Ten for Mobile Apps  
       •  Authentication or authorization vulnerabilities  
       •  Access to internal TikTok resources like backend source code, database, etc.  
       •  Open redirect - if an additional security impact can be demonstrated  
       •  Anti-Automation security bypasses or lack of rate limiting on authenticated endpoints  
       •  Using the TikTok application for privilege escalation to attack the mobile operating system  
       •  Arbitrary code execution on TikTok servers/clients

**Is there a reward, bounty or CVE for confirmed vulnerabilities?**

Please visit **Rewards** & **Not Eligible for Reward** sections in TikTok HackerOne Policy for more details about bounty.

**How much time is needed before I can publish my findings?**

We request that security researchers follow the **Disclosure and Confidentiality Policy** defined in TikTok HackerOne Policy.

**Which web domains are within scope for TikTok?**

Please visit **In Scope** section in TikTok HackerOne Policy for details.

**How can I be notified that a security issue I've reported is being investigated?**

The security issues reported will be evaluated based on criticality and business priority and go through our investigation triage pipeline accordingly. We will keep you informed of the progress of the case to the best of our ability.

**Was this helpful?**

**Helpful links**

Creating an account

Setting up your profile

Creating a TikTok Video

CVE-2022-28799: Report security vulnerabilities | TikTok Help Center

Black Rainbow NIMBUS before 3.7.0 allows stored Cross-site Scripting (XSS).

*   Case Management
*   Orchestration & Automation
*   Quality Management System
*   Investigation Management
*   Phaneros Portal
*   Forensic Lab Management
*   Crime Scene Investigation
*   Resource (People, Process, Technology, Time, Data) Management
*   Nimbus Cloud & Saas
*   Nimbus Intelligence
*   Incident Response Lifecycle Management
*   Resource Library
*   Support
*   Contact

Skip to content

*   Government
*   Military
*   Corporate
*   Law enforcement

**COMPLEX OPERATIONS PLATFORM**

**VISUAL ANALYTICS**

**INVESTIGATION MANAGEMENT**

**On Prem - Cloud - SaaS**

**MODULAR DESIGN**

Corporate

**NIMBUS**

**Investigation Control**

NIMBUS provides total control and oversight to any investigation allowing USERS, PROCESS & TECHNOLOGY to seamlessly work together within the connected fabric of the COMPLEX OPERATIONS PLATFORM.

Explore the core NIMBUS modules.

**Investigation Management**

**Organised & Complex Investigation Lifecycle Platform**

Streamline complex Investigations by harnessing the Governance, Case Management, Quality Management, Orchestration and combine them with full disclosure management, Document Review and mark up, Actions management, Case analytics, Configurable Dashboards and management reporting to unravel any complexity in the  investigation along with full disclosure review and Digital Case file production.

**Investigation Management**

**Packed with features including:**

**Case Management**

**Digital & Traditional case management**

Solving everyday case management problems surrounding integrity, efficiency, evidence tracking, asset management, full management reporting and by combing solutions into a simple and intuitive user experience seamlessly integrating with all NIMBUS modules.

**Case Management**

**Packed with features including:**

**Orchestration & Automation**

**Orchestration & Automation Platform**

Visually digitise standard operating procedures, lab workflows or any playbook with ease allowing integration with forensic technologies, digital or traditional or external data sources. Orchestrate multiple automations, queue, prioritise, status controlled, workflow within workflow fully audited and reportable.

**Orchestration & Automation**

**Packed with features including:**

**NIMBUS Cloud & SaaS**

**Instant and flexible deployment**

Leverage the power, resilience, and speed of deployment of NIMBUS in the cloud environment of your choice as a true SaaS offering. Managed by an industry leading service delivery model, BlackRainbow removes the risk and complication of an on premise installation whilst delivering full functionality in an accelerated way.

**NIMBUS Cloud & SaaS**

**Packed with features including:**

**NIMBUS Incident Response Lifecycle Management Platform**

**Total Security Operations Management**

BlackRainbow’s incident response lifecycle management platform accelerates the incident response lifecycle, it is the connecting fabric for security infrastructure and teams. It offers entire incident management, intelligent automation and orchestration and interactive investigation. The platform has a focus on customisability and collaboration. This solution is available as a SaaS cloud-based solution, or it can be deployed on premise.

**NIMBUS Incident Response Lifecycle Management Platform**

**Packed with features including:**

**Would you like to see NIMBUS in action ?**

**PHANEROS Portal**

**Forensic requests submitted from anywhere on any platform**

PHANEROS the NIMBUS submission portal is an advanced configurable two-way electronic mobile submission management and production system for compiling, publishing, importing, and reviewing forensic case submissions. Remote users can add a case, build submissions to NIMBUS Core for authorisation, enter evidence, notes, and scene information with an on or offline capability with no need for a heavy local application install.

**PHANEROS Portal**

**Packed with features including:**

**NIMBUS Intelligence Management**

**Intelligence when you need it**

NIMBUS intelligence management and orchestration allows the ability to instigate, integrate or ‘reach out’ to the relevant intelligence resource needed for that stage of the investigation. It may be that OSINT, Dark web, local digital media seizure, external threat feeds, case metadata or external database information is needed to assist with the next stage of the investigation, NIMBUS manages the flow, automates workflow and notifications on watchlists and aggregates all of the intelligence in an authorised and auditable way.

**NIMBUS Investigation Management**

**Packed with features including:**

**Quality Management System**

**Integrated Quality Management System**

QMS aligns all the necessary areas to drive accreditation to any ISO standard or equivalent international standard. Manage and control your business performance, data and risks using our integrated quality management modules, non-conformance, actions, assets and more. When combined with NIMBUS CM it accelerates and governs the ability to obtain and maintain ISO accreditation, whilst removing administrative burdens associated to siloed systems.

**Quality Management System**

**Packed with features including:**

**Resource Library**

**Watch, read, and listen up**

All the latest videos, papers, articles, datasheets and updates from BlackRainbow

**BlackRainbow**

**Follow us**

Page load link

This website uses cookies for security and usage monitoring. You can accept or reject cookies or see the details and control which cookies are set using the buttons.

**Privacy Overview**

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyse and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie

Duration

Description

cookielawinfo-checbox-analytics

1 year

This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".

cookielawinfo-checkbox-necessary

1 year

This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".

viewed\_cookie\_policy

1 year

The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.

Cookie

Duration

Description

\_ga

2 years

This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.

\_gat\_gtag\_UA\_109233946\_1

1 minute

This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.

\_gid

1 day

This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.

Powered by

CVE-2022-24967: Corporate – BlackRainbow

In Afian Filerun 20220202 Changing the "search_tika_path" variable to a custom (and previously uploaded) jar file results in remote code execution in the context of the webserver user.

CVE-2022-30470: FileRun - Selfhosted File Manager with Sharing and Backup for Photos, Docs & More

An issue was discovered in FlightRadar24 v8.9.0, v8.10.0, v8.10.2, v8.10.3, v8.10.4 for Android, allows attackers to cause unspecified consequences due to being able to decompile a local application and extract their API keys.

**CVE-2021–43512:**

An issue was discovered in FlightRadar24 v8.9.0, v8.10.0, v8.10.2, v8.10.3, v8.10.4 for Android, allows attackers to cause unspecified consequences due to being able to decompile a local application and extract their API keys.

The issue was discovered by **Janmejaya Swain**(https://www.linkedin.com/in/janmejayaswainofficial) which is me 😅 by the way. Now the issue has been fixed properly by application team.

I don't have permission to disclose that vulnerability. As that issue was very sensitive for that organization. So I’m not disclosing about that vulnerability.

CVE-2021-43512: Advisory of CVE-2021–43512 - Janmejaya Swain - Medium

The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within the DNN CMS platform, formerly known as DotNetNuke. SSRF vulnerabilities allow the attacker to exploit the target system to make network requests on their behalf, allowing a range of possible attacks. In the most common scenario, the attacker exploits SSRF vulnerabilities to attack systems behind the firewall and access sensitive information from Cloud Provider metadata services.

The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within the DNN CMS platform, formerly known as DotNetNuke. SSRF vulnerabilities allow the attacker to exploit the target system to make network requests on their behalf, allowing a range of possible attacks. In the most common scenario, the attacker exploits SSRF vulnerabilities to attack systems behind the firewall and access sensitive information from Cloud Provider metadata services.

**Background**

The DNN CMS platform up to and including the latest version **9.10.2** is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability. In an SSRF attack, a vulnerability is exploited to cause the target system to connect to another system and return the response to the attacker. Typically, SSRF vulnerabilities allow the attacker to proxy HTTP requests through the vulnerable system to internal systems that would normally be inaccessible from the internet.

The impact of SSRF will vary depending on the location and configuration of the target environment. Commonly the following attacks are possible:

*   Access internal restricted systems such as internal admin interfaces, intranet servers and other HTTP interfaces that would normally only be accessible from behind the firewall. Even in relatively small hosting environments, its common to find poorly secured, administrative or development interfaces once behind the firewall.
*   Access cloud metadata services that are only accessible from cloud hosted systems. A popular target in SSRF is the AWS metadata service. If this service can be accessed, it can disclose sensitive information such as AWS keys and other configuration data.
*   Depending on the client used by the server to establish the connection, it may also be possible to emulate other protocols by exploiting URI schemes and legacy protocol such as Gopher that can be repurposed to emulate other protocols.

**Technical Analysis**

Image upload components used across DNN were found to be vulnerable to this issue, one common place to find an affected component is the profile edit page accessible to all registered users.

DNN users have 2 options to update their profile picture; uploading an image or providing a URL to an image which is then downloaded and stored by the system.

Both actions are handled by the FileUploadController; “_\\DNN Platform\\DotNetNuke.Web\\InternalServices\\FileUploadController.cs_” and in both cases the uploaded filename is validated to ensure it has a permitted extension.

This process was examined for vulnerabilities, our initial focus was around the file extension validation. This was found to be secure since the file name is validated using a signature that incorporates the local MachineKey, the value of which shouldn’t be known to the attacker . The situation would change significantly however if the attacker is, able to access the MachineKey via another vulnerability such as Local File Inclusion or Path Traversal.

As well as uploading files, the affected component also includes the ability to provide a URL and allow the server to download and store the image on the users behalf. This process is flawed since it allows **any** URL to be accessed and the response saved within an local file, regardless of whether the content is an image or not. Our only constraint is that the **_initial_** URL must appear to be referencing an image based on its file extension. A vulnerability occurs due to the fact the HTTP Request component (HttpWebRequest) used to download the image will follow HTTP redirects and does not validate the final URL, the affected code is listed below:

public HttpResponseMessage UploadFromUrl(UploadByUrlDto dto)
        {
            FileUploadDto result;
            WebResponse response = null;
            Stream responseStream = null;
            var mediaTypeFormatter = new JsonMediaTypeFormatter();
            mediaTypeFormatter.SupportedMediaTypes.Add(new MediaTypeHeaderValue("text/plain"));
            if (this.VerifySafeUrl(dto.Url) == false)   URL IS VALIDATED PROPERLY
            {
                return this.Request.CreateResponse(HttpStatusCode.BadRequest);
            }
            try
            {
                var request = (HttpWebRequest)WebRequest.Create(dto.Url); //  WILL REDIRECT TO ANY URL
                request.Credentials = CredentialCache.DefaultCredentials;
                response = request.GetResponse();
                responseStream = response.GetResponseStream();

To exploit this behavior, the attacker would create a remote endpoint that will accept a URL to an image file but then redirect to any URL of the attackers choosing.

To allow detection and safe exploitation of this flaw, AppCheck uses a special endpoint on our Out-of-Band monitoring system Sentinel to redirect inbound requests to another URL encoded within the request.

To use this endpoint, the final URL is first base64 encoded, for example, the URL https://appcheck-ng.com/ encodes as “aHR0cHM6Ly9hcHBjaGVjay1uZy5jb20v”. This value is then embedded within the Sentinel URL as a parameter to the “redir\_to\_path” API.

For example, the following URL appears to be loading an image named “avatar.png”, but will instead redirect to https://appcheck-ng.com/

**https://ptst.io/redir\_to\_path**/**aHR0cHM6Ly9hcHBjaGVjay1uZy5jb20v**/**avatar.png**

The Python code below can be used to generate URLS for use with this endpoint:

import base64
def generate\_redirect\_url(url, suffix="/avatar.png"):
    """
    Uses a special endpoint that redirects to the url embedded within the path.
    """
    return "https://sentineldnnpoc.ptst.io/redir\_to\_path/" + base64.urlsafe\_b64encode(bytes(url,encoding='utf8')).decode("utf8") + suffix

print(generate\_redirect\_url("http://target\_server:3000/"))

This URL can then be used within the “From URL” option when updating the user’s avatar image. The vulnerable DNN system will follow the redirect and download the response from the target server to the avatar.png file.

**Recreating the Vulnerability**

In this example, the DNN server is at http://targetdnn.appchecklabs:8099/ and our target system is on the internal network at http://192.168.0.87:3000/secret.txt

**1\. Login as a standard user and access the profile image upload page**

**2\. Create an image URL that redirects to our target system and submit it via the upload form.**

The following URL was generated using Python3 and the previously listed function

https://sentineldnnpoc.ptst.io/redir\_to\_path/aHR0cDovLzE5Mi4xNjguMC44NzozMDAwL3NlY3JldC50eHQ=/avatar3.png

Note, before submitting the URL, open the development tools (Chrome F12) in the browser and select the _Network_ tab. Submit the URL and identify the “UploadFromUrl” request, then select “Response” to view the response from the server.

Copy the response out so that you can extract the “path” property.

**3\. Access the “Path” URL to review the response from the target**

Using Chrome, prefix the URL with _view-source:_ and add the “Path” value from the DNN server response. In this example, the server is at http://targetdnn.appchecklabs:8099/ so the URL is:

**view-source:http://targetdnn.appchecklabs:8099/Portals/0/Users/005/05/5/avatar3.png**

The screenshot below shows the response from the SSRF attack:

**Note:** If the file already exists then you need to select to overwrite it. To avoid this issue, rename the .png file on the end of the URL to something different each time.

**Impact**

SSRF vulnerabilities are typically considered high impact. What the attacker can achieve depends on the target environment. For Cloud hosted systems the attacker may first aim to access metadata service endpoints to disclose sensitive information such as AWS keys. In on premise configurations the attacker would look at access internal systems behind the firewall that are typically insecure compared to externally accessible systems. There are many examples including Container Admin interfaces, Database admin interfaces and other web services that are normally inaccessible.

**Detection**

If you are currently using AppCheck this flaw is detected automatically via our Server Side Request Forgery detection module (enabled in all standard scan profiles). The flaw is detected via the Dynamic Application Security Testing (DAST) engine via a first principals approach, as well as being flagged by the CMS auditing module as specifically a DNN vulnerability.

AppCheck Finding & Safe Exploitation

**Solution**

Currently no official fix has been provided by the vendor.

AppCheck operates a responsible disclosure policy that allows 90 days following the report of a vulnerability before any technical details are published. We frequently work with vendors/developers to extend this deadline if a fix is being worked on or there are other mitigating circumstances. In this case around 10 months have passed and therefore the decision was taken to publish our findings so users can mitigate against the issue in lieu of an official fix.

**Mitigation / Workaround**

If possible disabling image uploads for all users other than trusted to prevent the vulnerability being exploited. If this isn’t possible, a defense in depth approach could help mitigate the impact of exploitation.

Limit the “HTTP” services that can be accessed from the DNN server via the firewall, this includes any local HTTP services such as local management interfaces and any locally accessible hosts.

If hosting in the Cloud, ensure that cloud metadata services cannot be accessed from the affected DNN host. This can prevent a particularly powerful attack whereby the attacker is able to extract sensitive authentication tokens and other configuration information.

**Timeline**

**Date**

**Note**

**4th August 2021**

Reported to DNN with Proof of Concept

**4th August 2021**

Reported receipt confirmed by DNN

**10th August 2021**

DNN state that a fix will be included in version 9.10.1

**25th August 2021**

Retested version 9.10.1 and found vulnerability was not fixed. Reported to DNN.

**25th August 2021**

DNN response “There is not a fix currently in place for the SSRF issue, the initial review of the issue and it’s impact is limited”

**21st October 2021**

AppCheck contacted DNN to re-emphasise the impact of this finding with examples of full AWS environment compromises by exploiting it.

**1st November 2021**

DNN asked for further information

**2nd November 2021**

DNN Response: “Ok, this changes the internal classification of this, and I’m going to get this expedited for review”

**14th November 2021**

AppCheck requested an update (response: hopeful for end of the year)

**18th January 2022**

AppCheck requested an update (no updated available, aimed to fix in 9.11.0).

CVE-2021-40186: DNN CMS Server-Side Request Forgery (CVE-2021-40186)

Although organizations should perform proper risk analysis and patch as soon as practical after there's a fix for this vulnerability, defenders still have options before that's released.

On May 27, 2022, researchers from Japan-based nao\_sec identified a malicious document in a commercial malware repository, dubbed "Follina," that revealed the document employed a novel technique to achieve code execution. \[Note: Read Dark Reading's earlier coverage on Follina.\] While referencing a remote object, similar to techniques like template injection, the document retrieves the following URL:

_hXXps://www.xmlformats\[.\]com/office/word/2022/wordprocessingDrawing/RDF842l.html!_

When still active, the URL hosted content that included follow-on code to execute PowerShell via an explicit call to the application "ms-msdt":

    

MSDT is a diagnostic tool included in Windows. As shown above, MSDT can be used to parse and execute code, such as PowerShell, and can be called through parsing a malicious resource. Abuse of MSDT isn't new, as the technique previously has been documented among known "living off the land" binary (LOLBins) abuse. However, its use via a URL redirection called from Microsoft Office was previously unknown, expanding scope of potential MSDT abuse to remote mechanisms.

Since initial reporting, Microsoft issued CVE-2022-30190 to cover this remote code execution (RCE) possibility within MSDT when called through another application. While a patch for this vulnerability has not yet been released, several mitigation strategies exist (covered in greater detail below).

As of this writing, actual abuse of this technique appears to be limited, but with examples dating back to as early as April 2022. Public disclosure and researcher notes identify only a few instances of malicious use of MSDT via Microsoft Office applications. However, since public identification, multiple proofs of concept for this technique emerged, and Gigamon Applied Threat Research (ATR) anticipates that multiple threat actors will soon incorporate this technique into operations.

**Impact**

At present, the impact of CVE-2022-30190 is largely notional given lack of identified widespread use by threat actors. Once this technique is absorbed into existing actor toolkits, however, circumstances will change, with the potential for use by multiple threat actors. On initial discovery, endpoint detection and response (EDR) solutions appeared largely blind to this execution mechanism, but as of this writing that is rapidly changing across multiple vendors and products. Furthermore, as explained in guidance from Microsoft, MSDT's capability to launch items as links can be disabled via changes to the Windows Registry, removing this intrusion vector (with the potential for unforeseen or undesired consequences) until a true patch is available.

More importantly, while much initial discussion focused on the Office mechanism for triggering this issue, CVE-2022-30190 is application-agnostic in functionality, which centers on passing code to MSDT for execution. While Office represents an obvious mechanism to reach this application through delivery of a document via phishing or malicious link, any mechanism of launching MSDT will work to enable follow-on RCE such as a malicious LNK file or via the implementation of "wget" in Windows. The Office route presents just one of many potential avenues for exploitation, with other possibilities of MSDT abuse publicly documented.

For defenders and end users, the risk is therefore not just a new malicious Office delivery vector but, rather, abuse of an internal Windows component (MSDT) for code execution via multiple potential vectors. As such, certain mitigations (such as stopping all child processes from Office applications) represent only partial fixes to one aspect of the problem. To appropriately determine the scope and risk of this scenario, defenders must orient how MSDT abuse, irrespective of vector, applies to adversary operations.

**Orienting to Adversary Operations**

As documented thus far, MSDT is leveraged in early phases of adversary operations as an initial access mechanism to victim machines. As noted by other researchers, MSDT abuse via Office results in follow-on execution with the same privileges as the active user. This is helpful if victims are running as unprivileged users, but given the wealth of mechanisms available to elevate privileges in Windows environments, this limitation would appear to be easily overcome by most adversaries.

However, even if an adversary can access and elevate privileges to a victim device, this specific action represents only one, relatively early step in the overall adversary life cycle, or "kill chain." Appropriately leveraging this vulnerability still requires follow-on actions, including command and control (C2) and lateral movement activity, that present options to defenders for identifying adversary operations. Furthermore, there are precursor actions to code execution via MSDT that defenders can leverage to identify suspicious behaviors leading to exploitation.

Overall, CVE-2022-30190 represents a concern, but only one of many potential avenues available to adversaries to achieve initial code execution in victim environments. By properly understanding how adversaries employ this technique and what are necessary pre- and post-exploit actions to achieve adversary objectives, defenders can begin identifying detection, response, and hunting strategies that work against multiple potential intrusion vectors.

**Detection and Mitigation Possibilities**

1.  **Focus on patching and host-based responses.** The initial security community focus for MSDT abuse mitigation focused on patching (or the inability to do so) and host-based responses. As a host-focused exploitation mechanism, such an approach appears reasonable, and patching will be the most effective way of addressing this specific security issue. Additionally, process parent-child relationship monitoring (or outright blocking) can significantly reduce attack surface by preventing entire categories of intrusion, such as Office or MSDT spawning child processes. Specifically unregistering the URI handler for MSDT in the Windows Registry, as outlined by Microsoft and security researchers, may also temporarily address the issue.
2.  **Look for pre- and post-exploitation activity.** As noted in the previous section though, defenders should strive for detections and mitigations that can apply irrespective of specific exploits by looking at required adversary actions pre- and post-exploitation. For example, in the case of CVE-2022-30190, current delivery mechanisms focus on Office implementations. Likely future implementations will probably expand to other file formats commonly distributed via email or malicious websites, such as LNK files, self-extracting archives, and optical disk images. Identifying and increasing visibility over these distribution pathways, limiting exposure to unknown or untrusted vectors, and similar actions may thus reduce attack surface against multiple types of delivery mechanisms that can be used for payloads beyond MSDT exploitation.
3.  **Identify potential C2 or lateral movement mechanisms**. Post-exploitation, various opportunities exist for identifying C2 or lateral movement mechanisms even if initial exploitation is missed. Following initial access, threat actors will in most cases need to migrate to other areas of the network: repositories of intellectual property or sensitive information, or critical network infrastructure such as domain controllers. The actions required to do so — such as enumerating Active Directory or remote process execution — present opportunities even without host monitoring to identify adversary operations.
4.  **Identify and classify network assets.** Further actions, such as identifying and (if possible) classifying newly observed network items (IP addresses and domain names) may allow for disclosure of unique C2 items. Where appropriate asset identification is enabled, identifying odd network traffic to new, unusual remote resources can further enable defenders to catch and categorize potentially malicious activity. Identifying unusual traffic based on User Agent strings when visible — such as a PowerShell-based User Agent string retrieving an executable file based on file MIME type or extension, as seen in the initial CVE-2022-30190 example — can further enhance visibility into insecure or undesirable network behaviors.

Overall, a variety of options remain available to network defenders even if the actual exploitation of a new, potentially unknown (or "zero-day") vulnerability takes place. Understanding one's own network and its characteristics combined with sufficient visibility into network and host behaviors allows defenders to ask (and answer) questions concerning activities of interest to flag the necessary preconditions and follow-on actions adhering to vulnerability exploitation. While not necessarily easy in all cases, proper investment in resources and people will allow organizations to achieve a redundant security posture capable of catching zero-day exploitation, supply chain intrusions, or state-sponsored attacks.

**Conclusion**

Software and application vulnerabilities are a continuous and ongoing problem in the information security space. CVE-2022-30190 represents just another example of such vulnerabilities that have the potential to facilitate adversary operations. While organizations should perform proper risk analysis and patch as soon as practical once there's a fix for this vulnerability, defenders are not lost prior to release.

Instead, by understanding how adversaries leverage exploits as part of the intrusion life cycle, defenders and network owners can structure detections and defense so that they are agnostic to specific vulnerabilities. Rather than continuously chasing specific weaknesses as they appear over time, such as specific defenses around CVE-2022-30190 weaponization, defenders can structure operations to look for necessary precursors to exploit development (reconnaissance, delivery) or required follow-on actions to achieve objectives (C2, lateral movement).

In building defense and response this way — focused on core behaviors and adversary dependencies — defenders can build a more sustainable security posture that can adapt to future, yet-to-be-discovered vulnerabilities along with current, known tradecraft. Through layering behavior-based detections along with patching, signatures, and other items, defenders can achieve the requisite defense-in-depth necessary to adapt to a dynamic threat environment, without relying on single-point-of-failure defenses easily evaded by capable adversaries.

Fighting Follina: Application Vulnerabilities and Detection Possibilities

Red Hat Security Advisory 2022-4855-01 - PostgreSQL is an advanced object-relational database management system.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: postgresql:13 security update  
Advisory ID:       RHSA-2022:4855-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:4855  
Issue date:        2022-06-01  
CVE Names:         CVE-2022-1552  
====================================================================  
1. Summary:

An update for the postgresql:13 module is now available for Red Hat  
Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

PostgreSQL is an advanced object-relational database management system  
(DBMS).

The following packages have been upgraded to a later upstream version:  
postgresql (13.7).

Security Fix(es):

* postgresql: Autovacuum, REINDEX, and others omit "security restricted  
operation" sandbox (CVE-2022-1552)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

If the postgresql service is running, it will be automatically restarted  
after installing this update.

5. Bugs fixed (https://bugzilla.redhat.com/):

2081126 - CVE-2022-1552 postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
pg_repack-1.4.6-3.module+el8.5.0+11357+bcc62552.src.rpm  
pgaudit-1.5.0-1.module+el8.4.0+8873+b821c30a.src.rpm  
postgres-decoderbufs-0.10.0-2.module+el8.4.0+8873+b821c30a.src.rpm  
postgresql-13.7-2.module+el8.6.0+15347+b8eabcef.src.rpm

aarch64:  
pg_repack-1.4.6-3.module+el8.5.0+11357+bcc62552.aarch64.rpm  
pg_repack-debuginfo-1.4.6-3.module+el8.5.0+11357+bcc62552.aarch64.rpm  
pg_repack-debugsource-1.4.6-3.module+el8.5.0+11357+bcc62552.aarch64.rpm  
pgaudit-1.5.0-1.module+el8.4.0+8873+b821c30a.aarch64.rpm  
pgaudit-debuginfo-1.5.0-1.module+el8.4.0+8873+b821c30a.aarch64.rpm  
pgaudit-debugsource-1.5.0-1.module+el8.4.0+8873+b821c30a.aarch64.rpm  
postgres-decoderbufs-0.10.0-2.module+el8.4.0+8873+b821c30a.aarch64.rpm  
postgres-decoderbufs-debuginfo-0.10.0-2.module+el8.4.0+8873+b821c30a.aarch64.rpm  
postgres-decoderbufs-debugsource-0.10.0-2.module+el8.4.0+8873+b821c30a.aarch64.rpm  
postgresql-13.7-2.module+el8.6.0+15347+b8eabcef.aarch64.rpm  
postgresql-contrib-13.7-2.module+el8.6.0+15347+b8eabcef.aarch64.rpm  
postgresql-contrib-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.aarch64.rpm  
postgresql-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.aarch64.rpm  
postgresql-debugsource-13.7-2.module+el8.6.0+15347+b8eabcef.aarch64.rpm  
postgresql-docs-13.7-2.module+el8.6.0+15347+b8eabcef.aarch64.rpm  
postgresql-docs-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.aarch64.rpm  
postgresql-plperl-13.7-2.module+el8.6.0+15347+b8eabcef.aarch64.rpm  
postgresql-plperl-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.aarch64.rpm  
postgresql-plpython3-13.7-2.module+el8.6.0+15347+b8eabcef.aarch64.rpm  
postgresql-plpython3-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.aarch64.rpm  
postgresql-pltcl-13.7-2.module+el8.6.0+15347+b8eabcef.aarch64.rpm  
postgresql-pltcl-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.aarch64.rpm  
postgresql-server-13.7-2.module+el8.6.0+15347+b8eabcef.aarch64.rpm  
postgresql-server-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.aarch64.rpm  
postgresql-server-devel-13.7-2.module+el8.6.0+15347+b8eabcef.aarch64.rpm  
postgresql-server-devel-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.aarch64.rpm  
postgresql-static-13.7-2.module+el8.6.0+15347+b8eabcef.aarch64.rpm  
postgresql-test-13.7-2.module+el8.6.0+15347+b8eabcef.aarch64.rpm  
postgresql-test-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.aarch64.rpm  
postgresql-upgrade-13.7-2.module+el8.6.0+15347+b8eabcef.aarch64.rpm  
postgresql-upgrade-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.aarch64.rpm  
postgresql-upgrade-devel-13.7-2.module+el8.6.0+15347+b8eabcef.aarch64.rpm  
postgresql-upgrade-devel-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.aarch64.rpm

noarch:  
postgresql-test-rpm-macros-13.7-2.module+el8.6.0+15347+b8eabcef.noarch.rpm

ppc64le:  
pg_repack-1.4.6-3.module+el8.5.0+11357+bcc62552.ppc64le.rpm  
pg_repack-debuginfo-1.4.6-3.module+el8.5.0+11357+bcc62552.ppc64le.rpm  
pg_repack-debugsource-1.4.6-3.module+el8.5.0+11357+bcc62552.ppc64le.rpm  
pgaudit-1.5.0-1.module+el8.4.0+8873+b821c30a.ppc64le.rpm  
pgaudit-debuginfo-1.5.0-1.module+el8.4.0+8873+b821c30a.ppc64le.rpm  
pgaudit-debugsource-1.5.0-1.module+el8.4.0+8873+b821c30a.ppc64le.rpm  
postgres-decoderbufs-0.10.0-2.module+el8.4.0+8873+b821c30a.ppc64le.rpm  
postgres-decoderbufs-debuginfo-0.10.0-2.module+el8.4.0+8873+b821c30a.ppc64le.rpm  
postgres-decoderbufs-debugsource-0.10.0-2.module+el8.4.0+8873+b821c30a.ppc64le.rpm  
postgresql-13.7-2.module+el8.6.0+15347+b8eabcef.ppc64le.rpm  
postgresql-contrib-13.7-2.module+el8.6.0+15347+b8eabcef.ppc64le.rpm  
postgresql-contrib-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.ppc64le.rpm  
postgresql-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.ppc64le.rpm  
postgresql-debugsource-13.7-2.module+el8.6.0+15347+b8eabcef.ppc64le.rpm  
postgresql-docs-13.7-2.module+el8.6.0+15347+b8eabcef.ppc64le.rpm  
postgresql-docs-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.ppc64le.rpm  
postgresql-plperl-13.7-2.module+el8.6.0+15347+b8eabcef.ppc64le.rpm  
postgresql-plperl-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.ppc64le.rpm  
postgresql-plpython3-13.7-2.module+el8.6.0+15347+b8eabcef.ppc64le.rpm  
postgresql-plpython3-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.ppc64le.rpm  
postgresql-pltcl-13.7-2.module+el8.6.0+15347+b8eabcef.ppc64le.rpm  
postgresql-pltcl-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.ppc64le.rpm  
postgresql-server-13.7-2.module+el8.6.0+15347+b8eabcef.ppc64le.rpm  
postgresql-server-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.ppc64le.rpm  
postgresql-server-devel-13.7-2.module+el8.6.0+15347+b8eabcef.ppc64le.rpm  
postgresql-server-devel-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.ppc64le.rpm  
postgresql-static-13.7-2.module+el8.6.0+15347+b8eabcef.ppc64le.rpm  
postgresql-test-13.7-2.module+el8.6.0+15347+b8eabcef.ppc64le.rpm  
postgresql-test-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.ppc64le.rpm  
postgresql-upgrade-13.7-2.module+el8.6.0+15347+b8eabcef.ppc64le.rpm  
postgresql-upgrade-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.ppc64le.rpm  
postgresql-upgrade-devel-13.7-2.module+el8.6.0+15347+b8eabcef.ppc64le.rpm  
postgresql-upgrade-devel-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.ppc64le.rpm

s390x:  
pg_repack-1.4.6-3.module+el8.5.0+11357+bcc62552.s390x.rpm  
pg_repack-debuginfo-1.4.6-3.module+el8.5.0+11357+bcc62552.s390x.rpm  
pg_repack-debugsource-1.4.6-3.module+el8.5.0+11357+bcc62552.s390x.rpm  
pgaudit-1.5.0-1.module+el8.4.0+8873+b821c30a.s390x.rpm  
pgaudit-debuginfo-1.5.0-1.module+el8.4.0+8873+b821c30a.s390x.rpm  
pgaudit-debugsource-1.5.0-1.module+el8.4.0+8873+b821c30a.s390x.rpm  
postgres-decoderbufs-0.10.0-2.module+el8.4.0+8873+b821c30a.s390x.rpm  
postgres-decoderbufs-debuginfo-0.10.0-2.module+el8.4.0+8873+b821c30a.s390x.rpm  
postgres-decoderbufs-debugsource-0.10.0-2.module+el8.4.0+8873+b821c30a.s390x.rpm  
postgresql-13.7-2.module+el8.6.0+15347+b8eabcef.s390x.rpm  
postgresql-contrib-13.7-2.module+el8.6.0+15347+b8eabcef.s390x.rpm  
postgresql-contrib-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.s390x.rpm  
postgresql-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.s390x.rpm  
postgresql-debugsource-13.7-2.module+el8.6.0+15347+b8eabcef.s390x.rpm  
postgresql-docs-13.7-2.module+el8.6.0+15347+b8eabcef.s390x.rpm  
postgresql-docs-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.s390x.rpm  
postgresql-plperl-13.7-2.module+el8.6.0+15347+b8eabcef.s390x.rpm  
postgresql-plperl-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.s390x.rpm  
postgresql-plpython3-13.7-2.module+el8.6.0+15347+b8eabcef.s390x.rpm  
postgresql-plpython3-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.s390x.rpm  
postgresql-pltcl-13.7-2.module+el8.6.0+15347+b8eabcef.s390x.rpm  
postgresql-pltcl-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.s390x.rpm  
postgresql-server-13.7-2.module+el8.6.0+15347+b8eabcef.s390x.rpm  
postgresql-server-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.s390x.rpm  
postgresql-server-devel-13.7-2.module+el8.6.0+15347+b8eabcef.s390x.rpm  
postgresql-server-devel-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.s390x.rpm  
postgresql-static-13.7-2.module+el8.6.0+15347+b8eabcef.s390x.rpm  
postgresql-test-13.7-2.module+el8.6.0+15347+b8eabcef.s390x.rpm  
postgresql-test-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.s390x.rpm  
postgresql-upgrade-13.7-2.module+el8.6.0+15347+b8eabcef.s390x.rpm  
postgresql-upgrade-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.s390x.rpm  
postgresql-upgrade-devel-13.7-2.module+el8.6.0+15347+b8eabcef.s390x.rpm  
postgresql-upgrade-devel-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.s390x.rpm

x86_64:  
pg_repack-1.4.6-3.module+el8.5.0+11357+bcc62552.x86_64.rpm  
pg_repack-debuginfo-1.4.6-3.module+el8.5.0+11357+bcc62552.x86_64.rpm  
pg_repack-debugsource-1.4.6-3.module+el8.5.0+11357+bcc62552.x86_64.rpm  
pgaudit-1.5.0-1.module+el8.4.0+8873+b821c30a.x86_64.rpm  
pgaudit-debuginfo-1.5.0-1.module+el8.4.0+8873+b821c30a.x86_64.rpm  
pgaudit-debugsource-1.5.0-1.module+el8.4.0+8873+b821c30a.x86_64.rpm  
postgres-decoderbufs-0.10.0-2.module+el8.4.0+8873+b821c30a.x86_64.rpm  
postgres-decoderbufs-debuginfo-0.10.0-2.module+el8.4.0+8873+b821c30a.x86_64.rpm  
postgres-decoderbufs-debugsource-0.10.0-2.module+el8.4.0+8873+b821c30a.x86_64.rpm  
postgresql-13.7-2.module+el8.6.0+15347+b8eabcef.x86_64.rpm  
postgresql-contrib-13.7-2.module+el8.6.0+15347+b8eabcef.x86_64.rpm  
postgresql-contrib-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.x86_64.rpm  
postgresql-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.x86_64.rpm  
postgresql-debugsource-13.7-2.module+el8.6.0+15347+b8eabcef.x86_64.rpm  
postgresql-docs-13.7-2.module+el8.6.0+15347+b8eabcef.x86_64.rpm  
postgresql-docs-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.x86_64.rpm  
postgresql-plperl-13.7-2.module+el8.6.0+15347+b8eabcef.x86_64.rpm  
postgresql-plperl-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.x86_64.rpm  
postgresql-plpython3-13.7-2.module+el8.6.0+15347+b8eabcef.x86_64.rpm  
postgresql-plpython3-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.x86_64.rpm  
postgresql-pltcl-13.7-2.module+el8.6.0+15347+b8eabcef.x86_64.rpm  
postgresql-pltcl-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.x86_64.rpm  
postgresql-server-13.7-2.module+el8.6.0+15347+b8eabcef.x86_64.rpm  
postgresql-server-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.x86_64.rpm  
postgresql-server-devel-13.7-2.module+el8.6.0+15347+b8eabcef.x86_64.rpm  
postgresql-server-devel-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.x86_64.rpm  
postgresql-static-13.7-2.module+el8.6.0+15347+b8eabcef.x86_64.rpm  
postgresql-test-13.7-2.module+el8.6.0+15347+b8eabcef.x86_64.rpm  
postgresql-test-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.x86_64.rpm  
postgresql-upgrade-13.7-2.module+el8.6.0+15347+b8eabcef.x86_64.rpm  
postgresql-upgrade-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.x86_64.rpm  
postgresql-upgrade-devel-13.7-2.module+el8.6.0+15347+b8eabcef.x86_64.rpm  
postgresql-upgrade-devel-debuginfo-13.7-2.module+el8.6.0+15347+b8eabcef.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-1552  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYpgdwtzjgjWX9erEAQg+Gg/+O1VBRVhBxtEipbQ3BDMMBnGpTHNwcMM6  
RbliF6ItstLHH/tF5GV2yVOOP66fOCaHIOVgUzx42+bGCgOVd61F611rntI6++3f  
ZLhk4J0OsDHSa9Oi3kRwsfkwz8rYWpbW//4UvNHH1445isRVAwGFLxgtMqpDo6Ey  
m2lNg22ntXM7Unn7dVQKsstAkyza123TeyAfd/YG+HA2hpst3L1/kZYUVqmdJ4BF  
Ub5e4i0tP/jOjEgGEguDAZnP8fCcGEDFBkO8pCMkcMG/Bxr+NgQxDazzbiZPOAIU  
VRrByR8/NMR6aWlAeucJ8sVKABdpVrC4Pub0XG6DH3DdyBvus9fQ7pGOA/qazfpR  
YsfjfFr4wLK/4LVis5rlbNAPpea0YNx0UM+fV7mLyqv66JuAYEhYvqnZeA1apDqG  
o6k+LV5CIuTVgQjNQmiI5eYFB/qXIjoa+I95kJhieTpBpOj+Ow/iUsuh+ddwHWvC  
eHtcWz4y7Ca0srETnv70a1i2KENvCIyd8tS1j1WedZo7abiSrz7dnPVVKFUgDCel  
eSRZeeyXiXlM6J6uvcswMQnMs+k5+dtm5eW+aC0osbjPIai1lRIjI3FeCpGBBwmc  
/tIE7pgQfjymoABResaDBznliaLeJwbCVqS0PUnKqWQHO2Z2ikztutPEV/QXe5SW  
GRX904QBukU=LLYn  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-4855-01

Red Hat Security Advisory 2022-4857-01 - PostgreSQL is an advanced object-relational database management system.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: postgresql:13 security update  
Advisory ID:       RHSA-2022:4857-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:4857  
Issue date:        2022-06-01  
CVE Names:         CVE-2022-1552  
====================================================================  
1. Summary:

An update for the postgresql:13 module is now available for Red Hat  
Enterprise Linux 8.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.4) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

PostgreSQL is an advanced object-relational database management system  
(DBMS).

The following packages have been upgraded to a later upstream version:  
postgresql (13.7).

Security Fix(es):

* postgresql: Autovacuum, REINDEX, and others omit "security restricted  
operation" sandbox (CVE-2022-1552)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

If the postgresql service is running, it will be automatically restarted  
after installing this update.

5. Bugs fixed (https://bugzilla.redhat.com/):

2081126 - CVE-2022-1552 postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.4):

Source:  
pgaudit-1.5.0-1.module+el8.4.0+8873+b821c30a.src.rpm  
postgres-decoderbufs-0.10.0-2.module+el8.4.0+8873+b821c30a.src.rpm  
postgresql-13.7-2.module+el8.4.0+15346+22c653ca.src.rpm

aarch64:  
pgaudit-1.5.0-1.module+el8.4.0+8873+b821c30a.aarch64.rpm  
pgaudit-debuginfo-1.5.0-1.module+el8.4.0+8873+b821c30a.aarch64.rpm  
pgaudit-debugsource-1.5.0-1.module+el8.4.0+8873+b821c30a.aarch64.rpm  
postgres-decoderbufs-0.10.0-2.module+el8.4.0+8873+b821c30a.aarch64.rpm  
postgres-decoderbufs-debuginfo-0.10.0-2.module+el8.4.0+8873+b821c30a.aarch64.rpm  
postgres-decoderbufs-debugsource-0.10.0-2.module+el8.4.0+8873+b821c30a.aarch64.rpm  
postgresql-13.7-2.module+el8.4.0+15346+22c653ca.aarch64.rpm  
postgresql-contrib-13.7-2.module+el8.4.0+15346+22c653ca.aarch64.rpm  
postgresql-contrib-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.aarch64.rpm  
postgresql-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.aarch64.rpm  
postgresql-debugsource-13.7-2.module+el8.4.0+15346+22c653ca.aarch64.rpm  
postgresql-docs-13.7-2.module+el8.4.0+15346+22c653ca.aarch64.rpm  
postgresql-docs-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.aarch64.rpm  
postgresql-plperl-13.7-2.module+el8.4.0+15346+22c653ca.aarch64.rpm  
postgresql-plperl-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.aarch64.rpm  
postgresql-plpython3-13.7-2.module+el8.4.0+15346+22c653ca.aarch64.rpm  
postgresql-plpython3-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.aarch64.rpm  
postgresql-pltcl-13.7-2.module+el8.4.0+15346+22c653ca.aarch64.rpm  
postgresql-pltcl-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.aarch64.rpm  
postgresql-server-13.7-2.module+el8.4.0+15346+22c653ca.aarch64.rpm  
postgresql-server-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.aarch64.rpm  
postgresql-server-devel-13.7-2.module+el8.4.0+15346+22c653ca.aarch64.rpm  
postgresql-server-devel-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.aarch64.rpm  
postgresql-static-13.7-2.module+el8.4.0+15346+22c653ca.aarch64.rpm  
postgresql-test-13.7-2.module+el8.4.0+15346+22c653ca.aarch64.rpm  
postgresql-test-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.aarch64.rpm  
postgresql-upgrade-13.7-2.module+el8.4.0+15346+22c653ca.aarch64.rpm  
postgresql-upgrade-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.aarch64.rpm  
postgresql-upgrade-devel-13.7-2.module+el8.4.0+15346+22c653ca.aarch64.rpm  
postgresql-upgrade-devel-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.aarch64.rpm

noarch:  
postgresql-test-rpm-macros-13.7-2.module+el8.4.0+15346+22c653ca.noarch.rpm

ppc64le:  
pgaudit-1.5.0-1.module+el8.4.0+8873+b821c30a.ppc64le.rpm  
pgaudit-debuginfo-1.5.0-1.module+el8.4.0+8873+b821c30a.ppc64le.rpm  
pgaudit-debugsource-1.5.0-1.module+el8.4.0+8873+b821c30a.ppc64le.rpm  
postgres-decoderbufs-0.10.0-2.module+el8.4.0+8873+b821c30a.ppc64le.rpm  
postgres-decoderbufs-debuginfo-0.10.0-2.module+el8.4.0+8873+b821c30a.ppc64le.rpm  
postgres-decoderbufs-debugsource-0.10.0-2.module+el8.4.0+8873+b821c30a.ppc64le.rpm  
postgresql-13.7-2.module+el8.4.0+15346+22c653ca.ppc64le.rpm  
postgresql-contrib-13.7-2.module+el8.4.0+15346+22c653ca.ppc64le.rpm  
postgresql-contrib-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.ppc64le.rpm  
postgresql-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.ppc64le.rpm  
postgresql-debugsource-13.7-2.module+el8.4.0+15346+22c653ca.ppc64le.rpm  
postgresql-docs-13.7-2.module+el8.4.0+15346+22c653ca.ppc64le.rpm  
postgresql-docs-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.ppc64le.rpm  
postgresql-plperl-13.7-2.module+el8.4.0+15346+22c653ca.ppc64le.rpm  
postgresql-plperl-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.ppc64le.rpm  
postgresql-plpython3-13.7-2.module+el8.4.0+15346+22c653ca.ppc64le.rpm  
postgresql-plpython3-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.ppc64le.rpm  
postgresql-pltcl-13.7-2.module+el8.4.0+15346+22c653ca.ppc64le.rpm  
postgresql-pltcl-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.ppc64le.rpm  
postgresql-server-13.7-2.module+el8.4.0+15346+22c653ca.ppc64le.rpm  
postgresql-server-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.ppc64le.rpm  
postgresql-server-devel-13.7-2.module+el8.4.0+15346+22c653ca.ppc64le.rpm  
postgresql-server-devel-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.ppc64le.rpm  
postgresql-static-13.7-2.module+el8.4.0+15346+22c653ca.ppc64le.rpm  
postgresql-test-13.7-2.module+el8.4.0+15346+22c653ca.ppc64le.rpm  
postgresql-test-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.ppc64le.rpm  
postgresql-upgrade-13.7-2.module+el8.4.0+15346+22c653ca.ppc64le.rpm  
postgresql-upgrade-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.ppc64le.rpm  
postgresql-upgrade-devel-13.7-2.module+el8.4.0+15346+22c653ca.ppc64le.rpm  
postgresql-upgrade-devel-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.ppc64le.rpm

s390x:  
pgaudit-1.5.0-1.module+el8.4.0+8873+b821c30a.s390x.rpm  
pgaudit-debuginfo-1.5.0-1.module+el8.4.0+8873+b821c30a.s390x.rpm  
pgaudit-debugsource-1.5.0-1.module+el8.4.0+8873+b821c30a.s390x.rpm  
postgres-decoderbufs-0.10.0-2.module+el8.4.0+8873+b821c30a.s390x.rpm  
postgres-decoderbufs-debuginfo-0.10.0-2.module+el8.4.0+8873+b821c30a.s390x.rpm  
postgres-decoderbufs-debugsource-0.10.0-2.module+el8.4.0+8873+b821c30a.s390x.rpm  
postgresql-13.7-2.module+el8.4.0+15346+22c653ca.s390x.rpm  
postgresql-contrib-13.7-2.module+el8.4.0+15346+22c653ca.s390x.rpm  
postgresql-contrib-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.s390x.rpm  
postgresql-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.s390x.rpm  
postgresql-debugsource-13.7-2.module+el8.4.0+15346+22c653ca.s390x.rpm  
postgresql-docs-13.7-2.module+el8.4.0+15346+22c653ca.s390x.rpm  
postgresql-docs-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.s390x.rpm  
postgresql-plperl-13.7-2.module+el8.4.0+15346+22c653ca.s390x.rpm  
postgresql-plperl-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.s390x.rpm  
postgresql-plpython3-13.7-2.module+el8.4.0+15346+22c653ca.s390x.rpm  
postgresql-plpython3-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.s390x.rpm  
postgresql-pltcl-13.7-2.module+el8.4.0+15346+22c653ca.s390x.rpm  
postgresql-pltcl-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.s390x.rpm  
postgresql-server-13.7-2.module+el8.4.0+15346+22c653ca.s390x.rpm  
postgresql-server-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.s390x.rpm  
postgresql-server-devel-13.7-2.module+el8.4.0+15346+22c653ca.s390x.rpm  
postgresql-server-devel-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.s390x.rpm  
postgresql-static-13.7-2.module+el8.4.0+15346+22c653ca.s390x.rpm  
postgresql-test-13.7-2.module+el8.4.0+15346+22c653ca.s390x.rpm  
postgresql-test-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.s390x.rpm  
postgresql-upgrade-13.7-2.module+el8.4.0+15346+22c653ca.s390x.rpm  
postgresql-upgrade-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.s390x.rpm  
postgresql-upgrade-devel-13.7-2.module+el8.4.0+15346+22c653ca.s390x.rpm  
postgresql-upgrade-devel-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.s390x.rpm

x86_64:  
pgaudit-1.5.0-1.module+el8.4.0+8873+b821c30a.x86_64.rpm  
pgaudit-debuginfo-1.5.0-1.module+el8.4.0+8873+b821c30a.x86_64.rpm  
pgaudit-debugsource-1.5.0-1.module+el8.4.0+8873+b821c30a.x86_64.rpm  
postgres-decoderbufs-0.10.0-2.module+el8.4.0+8873+b821c30a.x86_64.rpm  
postgres-decoderbufs-debuginfo-0.10.0-2.module+el8.4.0+8873+b821c30a.x86_64.rpm  
postgres-decoderbufs-debugsource-0.10.0-2.module+el8.4.0+8873+b821c30a.x86_64.rpm  
postgresql-13.7-2.module+el8.4.0+15346+22c653ca.x86_64.rpm  
postgresql-contrib-13.7-2.module+el8.4.0+15346+22c653ca.x86_64.rpm  
postgresql-contrib-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.x86_64.rpm  
postgresql-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.x86_64.rpm  
postgresql-debugsource-13.7-2.module+el8.4.0+15346+22c653ca.x86_64.rpm  
postgresql-docs-13.7-2.module+el8.4.0+15346+22c653ca.x86_64.rpm  
postgresql-docs-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.x86_64.rpm  
postgresql-plperl-13.7-2.module+el8.4.0+15346+22c653ca.x86_64.rpm  
postgresql-plperl-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.x86_64.rpm  
postgresql-plpython3-13.7-2.module+el8.4.0+15346+22c653ca.x86_64.rpm  
postgresql-plpython3-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.x86_64.rpm  
postgresql-pltcl-13.7-2.module+el8.4.0+15346+22c653ca.x86_64.rpm  
postgresql-pltcl-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.x86_64.rpm  
postgresql-server-13.7-2.module+el8.4.0+15346+22c653ca.x86_64.rpm  
postgresql-server-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.x86_64.rpm  
postgresql-server-devel-13.7-2.module+el8.4.0+15346+22c653ca.x86_64.rpm  
postgresql-server-devel-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.x86_64.rpm  
postgresql-static-13.7-2.module+el8.4.0+15346+22c653ca.x86_64.rpm  
postgresql-test-13.7-2.module+el8.4.0+15346+22c653ca.x86_64.rpm  
postgresql-test-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.x86_64.rpm  
postgresql-upgrade-13.7-2.module+el8.4.0+15346+22c653ca.x86_64.rpm  
postgresql-upgrade-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.x86_64.rpm  
postgresql-upgrade-devel-13.7-2.module+el8.4.0+15346+22c653ca.x86_64.rpm  
postgresql-upgrade-devel-debuginfo-13.7-2.module+el8.4.0+15346+22c653ca.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-1552  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYpgdvNzjgjWX9erEAQiPMQ//W6xy9WHzkkfQeNaFJ/TMzpUS5ws/MFKa  
8xwMl0D9lA1cauCGQso/AB+ei2jFlWr0DtjQ4Br5CRIx2TGLq7Q3vzjoyCxx/1rw  
uET6p/5EwtTDa4OTJagTZWPlmYwwX8ZO8AQc0SDrzzXHSlZ+N1MviOHRnjZmSJvo  
J+KB0NYEAuTVSiZaHk3+aUN8mP6ImPa3IxoGGwuecBNewDqB73mdYbR6K+mJdOvK  
Qf7PfiTVaPIZ0QvAR+S7enouX4q8GchlqAeAwt336hWQNs7WkOAtZPNhg0Z2vwln  
IT2mwyUYPvGZJqMnFP19WHJaCri/aQKVFe6gwd8qQY6mNXKbaEdTwSyHxpaEhF0m  
NJKU3vA+GsYJ4clr7cJjQyBZ/qLTD3ZjGYPppt/+h1C8xHiABsuYpSO6XdBTerQQ  
jKA8A0UQ7GzlMasaNnNPvIj6xzHmCXVSLiiOC/nCzok+qQw6XE+8vvwM3/m+eBuf  
t71z5tIz/EU0QYNjYDi37ePl3wpfiaOnTj5LeGMAsdspcu4mvx/VKl20mwVwBJ37  
z1MPnaZBaA0FqsVAmy0+ln0M5DzXGZTRv4SPIaFk0SQWu2k+L0avmLwcyqE3vW4u  
1kzwigWieAJZQfULydxsDcLbqQd28adAU6Yttjz3xy3N9OftA/S82zMtARqs1kdy  
TNjwXxXo7EA=LmL9  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#perl