Red Hat Security Advisory 2023-7656-03 - An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include integer overflow and remote SQL injection vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7656.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: postgresql:12 security update  
Advisory ID:        RHSA-2023:7656-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7656  
Issue date:         2023-12-05  
Revision:           03  
CVE Names:          CVE-2023-5868  
====================================================================

Summary: 

An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

PostgreSQL is an advanced object-relational database management system (DBMS).

Security Fix(es):

* postgresql: Buffer overrun from integer overflow in array modification (CVE-2023-5869)

* postgresql: Memory disclosure in aggregate function calls (CVE-2023-5868)

* postgresql: extension script @substitutions@ within quoting allow SQL injection (CVE-2023-39417)

* postgresql: Role pg_signal_backend can signal certain superuser processes. (CVE-2023-5870)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-5868

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2228111  
https://bugzilla.redhat.com/show_bug.cgi?id=2247168  
https://bugzilla.redhat.com/show_bug.cgi?id=2247169  
https://bugzilla.redhat.com/show_bug.cgi?id=2247170

Red Hat Security Advisory 2023-7656-03

Ubuntu Security Notice 6529-1 - It was discovered that Request Tracker incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information.

==========================================================================  
Ubuntu Security Notice USN-6529-1  
December 04, 2023

request-tracker4 vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10  
- Ubuntu 23.04  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in Request Tracker.

Software Description:  
- request-tracker4: An enterprise-grade issue tracking system

Details:

It was discovered that Request Tracker incorrectly handled certain inputs. If  
a user or an automated system were tricked into opening a specially crafted  
input file, a remote attacker could possibly use this issue to obtain  
sensitive information. (CVE-2021-38562, CVE-2022-25802, CVE-2023-41259,  
CVE-2023-41260)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.10:  
   request-tracker4                4.4.4+dfsg-2ubuntu1.23.10.1  
   rt4-apache2                     4.4.4+dfsg-2ubuntu1.23.10.1  
   rt4-clients                     4.4.4+dfsg-2ubuntu1.23.10.1  
   rt4-db-mysql                    4.4.4+dfsg-2ubuntu1.23.10.1  
   rt4-db-postgresql               4.4.4+dfsg-2ubuntu1.23.10.1  
   rt4-db-sqlite                   4.4.4+dfsg-2ubuntu1.23.10.1  
   rt4-fcgi                        4.4.4+dfsg-2ubuntu1.23.10.1  
   rt4-standalone                  4.4.4+dfsg-2ubuntu1.23.10.1

Ubuntu 23.04:  
   request-tracker4                4.4.4+dfsg-2ubuntu1.23.04.1  
   rt4-apache2                     4.4.4+dfsg-2ubuntu1.23.04.1  
   rt4-clients                     4.4.4+dfsg-2ubuntu1.23.04.1  
   rt4-db-mysql                    4.4.4+dfsg-2ubuntu1.23.04.1  
   rt4-db-postgresql               4.4.4+dfsg-2ubuntu1.23.04.1  
   rt4-db-sqlite                   4.4.4+dfsg-2ubuntu1.23.04.1  
   rt4-fcgi                        4.4.4+dfsg-2ubuntu1.23.04.1  
   rt4-standalone                  4.4.4+dfsg-2ubuntu1.23.04.1

Ubuntu 22.04 LTS:  
   request-tracker4                4.4.4+dfsg-2ubuntu1.22.04.1  
   rt4-apache2                     4.4.4+dfsg-2ubuntu1.22.04.1  
   rt4-clients                     4.4.4+dfsg-2ubuntu1.22.04.1  
   rt4-db-mysql                    4.4.4+dfsg-2ubuntu1.22.04.1  
   rt4-db-postgresql               4.4.4+dfsg-2ubuntu1.22.04.1  
   rt4-db-sqlite                   4.4.4+dfsg-2ubuntu1.22.04.1  
   rt4-fcgi                        4.4.4+dfsg-2ubuntu1.22.04.1  
   rt4-standalone                  4.4.4+dfsg-2ubuntu1.22.04.1

Ubuntu 20.04 LTS:  
   request-tracker4                4.4.3-2+deb10u3build0.20.04.1  
   rt4-apache2                     4.4.3-2+deb10u3build0.20.04.1  
   rt4-clients                     4.4.3-2+deb10u3build0.20.04.1  
   rt4-db-mysql                    4.4.3-2+deb10u3build0.20.04.1  
   rt4-db-postgresql               4.4.3-2+deb10u3build0.20.04.1  
   rt4-db-sqlite                   4.4.3-2+deb10u3build0.20.04.1  
   rt4-fcgi                        4.4.3-2+deb10u3build0.20.04.1  
   rt4-standalone                  4.4.3-2+deb10u3build0.20.04.1

Ubuntu 18.04 LTS (Available with Ubuntu Pro):  
   request-tracker4                4.4.2-2ubuntu0.1~esm1  
   rt4-apache2                     4.4.2-2ubuntu0.1~esm1  
   rt4-clients                     4.4.2-2ubuntu0.1~esm1  
   rt4-db-mysql                    4.4.2-2ubuntu0.1~esm1  
   rt4-db-postgresql               4.4.2-2ubuntu0.1~esm1  
   rt4-db-sqlite                   4.4.2-2ubuntu0.1~esm1  
   rt4-fcgi                        4.4.2-2ubuntu0.1~esm1  
   rt4-standalone                  4.4.2-2ubuntu0.1~esm1

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6529-1  
   CVE-2021-38562, CVE-2022-25802, CVE-2023-41259, CVE-2023-41260

Package Information:  
   https://launchpad.net/ubuntu/+source/request-tracker4/4.4.4+dfsg-2ubuntu1.23.10.1  
   https://launchpad.net/ubuntu/+source/request-tracker4/4.4.4+dfsg-2ubuntu1.23.04.1  
   https://launchpad.net/ubuntu/+source/request-tracker4/4.4.4+dfsg-2ubuntu1.22.04.1

 https://launchpad.net/ubuntu/+source/request-tracker4/4.4.3-2+deb10u3build0.20.04.1

Ubuntu Security Notice USN-6529-1

The WP Fastest Cache WordPress plugin before 1.2.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users.

CVE-2023-6063

The Easy Newsletter Signups WordPress plugin through 1.0.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin

CVE-2023-5108

October CMS version 3.4.0 suffers from a persistent cross site scripting vulnerability when a user has article posting capabilities.

    OctoberCMS v3.4.0 (Wiki_article) Stored Cross-Site Scripting VulnerabilityVendor: October CMSProduct web page: https://www.octobercms.comAffected version: 3.4.0Summary: OctoberCMS is a self-hosted content management system (CMS)based on the PHP programming language and Laravel web application framework.It supports MySQL, SQLite and PostgreSQL for the database back end anduses a flat file database for the front end structure. The October CMScovers a range of capabilities such as users, permissions, themes, andplugins, and is seen as a simpler alternative to WordPress.Desc: OctoberCMS suffers from stored cross-site scripting vulnerabilitywhen a user with the ability to create an article could perform a storedXSS attack against any other users with the ability to create an article.This can lead to execute arbitrary HTML/JS code in a user's browser sessionin context of an affected site.Tested on: macOS Monterey 12.6.3           Docker 4.12.0 (85629)           PHP/8.1.6Vulnerability discovered by Nazli Soysal Kuran                            @zeroscienceAdvisory ID: ZSL-2023-5807Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5807.php30.10.2023--Stored XSS (EntryRecord[content]):----------------------------------Endpoint: /backend/tailor/entries/wiki_articlePayload: EntryRecord%5Bcontent%5D="<script>alert(1)</script>"

October CMS 3.4.0 Wiki Article Cross Site Scripting

October CMS version 3.4.0 suffers from a persistent cross site scripting vulnerability when a user has category-creating capabilities.

    OctoberCMS v3.4.0 (Category) Stored Cross-Site Scripting VulnerabilityVendor: October CMSProduct web page: https://www.octobercms.comAffected version: 3.4.0Summary: OctoberCMS is a self-hosted content management system (CMS)based on the PHP programming language and Laravel web application framework.It supports MySQL, SQLite and PostgreSQL for the database back end anduses a flat file database for the front end structure. The October CMScovers a range of capabilities such as users, permissions, themes, andplugins, and is seen as a simpler alternative to WordPress.Desc: OctoberCMS suffers from stored cross-site scripting vulnerabilitywhen a user with the ability to a category-creating feature that storesdata persistently could create a stored XSS attack against any other usersvisiting the blog page. This can lead to execute arbitrary HTML/JS codein a user's browser session in context of an affected site.Tested on: macOS Monterey 12.6.3           Docker 4.12.0 (85629)           PHP/8.1.6Vulnerability discovered by Nazli Soysal Kuran                            @zeroscienceAdvisory ID: ZSL-2023-5806Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5806.php30.10.2023--Stored XSS (EntryRecord[title]):--------------------------------Endpoint: POST /backend/tailor/entries/blog_category/createPayload: EntryRecord%5Btitle%5D="</title><script>alert(1)</script>"

October CMS 3.4.0 Category Cross Site Scripting

October CMS version 3.4.0 suffers from a persistent cross site scripting vulnerability when a user has blog-creating capabilities.

    OctoberCMS v3.4.0 (Blog) Stored Cross-Site Scripting VulnerabilitiesVendor: October CMSProduct web page: https://www.octobercms.comAffected version: 3.4.0Summary: OctoberCMS is a self-hosted content management system (CMS)based on the PHP programming language and Laravel web application framework.It supports MySQL, SQLite and PostgreSQL for the database back end anduses a flat file database for the front end structure. The October CMScovers a range of capabilities such as users, permissions, themes, andplugins, and is seen as a simpler alternative to WordPress.Desc: OctoberCMS suffers from stored cross-site scripting vulnerabilitywhen a user with the ability to a blog-creating feature that stores datapersistently could perform a stored XSS attack against any other usersvisiting the blog page. This can lead to execute arbitrary HTML/JS codein a user's browser session in context of an affected site.Tested on: macOS Monterey 12.6.3           Docker 4.12.0 (85629)           PHP/8.1.6Vulnerability discovered by Nazli Soysal Kuran                            @zeroscienceAdvisory ID: ZSL-2023-5805Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5805.php30.10.2023--Stored XSS (GlobalRecord[blog_name]):-------------------------------------Endpoint: POST /backend/tailor/globals/blog_configPayload: GlobalRecord%5Bblog_name%5D="</title><script>alert(1)</script>"

October CMS 3.4.0 Blog Cross Site Scripting

October CMS version 3.4.0 suffers from a persistent cross site scripting vulnerability when a user has author posting capabilities.

    OctoberCMS v3.4.0 (Author) Stored Cross-Site Scripting VulnerabilityVendor: October CMSProduct web page: https://www.octobercms.comAffected version: 3.4.0Summary: OctoberCMS is a self-hosted content management system (CMS)based on the PHP programming language and Laravel web application framework.It supports MySQL, SQLite and PostgreSQL for the database back end anduses a flat file database for the front end structure. The October CMScovers a range of capabilities such as users, permissions, themes, andplugins, and is seen as a simpler alternative to WordPress.Desc: OctoberCMS suffers from stored cross-site scripting vulnerabilitywhen a user with the ability to be an author feature could perform a storedXSS attack against any other users visiting the posts by the author. Thiscan lead to execute arbitrary HTML/JS code in a user's browser sessionin context of an affected site.Tested on: macOS Monterey 12.6.3           Docker 4.12.0 (85629)           PHP/8.1.6Vulnerability discovered by Nazli Soysal Kuran                            @zeroscienceAdvisory ID: ZSL-2023-5804Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5804.php30.10.2023--Stored XSS (EntryRecord[title]):--------------------------------Endpoint: /backend/tailor/entries/blog_authorPayload: EntryRecord%5Btitle%5D ="</title><script>alert(1)</script>"

October CMS 3.4.0 Author Cross Site Scripting

October CMS version 3.4.0 suffers from a persistent cross site scripting vulnerability where a user has the ability to edit the landing/about page.

    OctoberCMS v3.4.0 (About) Stored Cross-Site Scripting VulnerabilityVendor: October CMSProduct web page: https://www.octobercms.comAffected version: 3.4.0Summary: OctoberCMS is a self-hosted content management system (CMS)based on the PHP programming language and Laravel web application framework.It supports MySQL, SQLite and PostgreSQL for the database back end anduses a flat file database for the front end structure. The October CMScovers a range of capabilities such as users, permissions, themes, andplugins, and is seen as a simpler alternative to WordPress.Desc: OctoberCMS suffers from stored cross-site scripting vulnerabilitywhen a user with the ability to edit the landing/about page. This canlead to execute arbitrary HTML/JS code in a user's browser session incontext of an affected site.Tested on: macOS Monterey 12.6.3           Docker 4.12.0 (85629)           PHP/8.1.6Vulnerability discovered by Nazli Soysal Kuran                            @zeroscienceAdvisory ID: ZSL-2023-5803Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5803.php30.10.2023--Stored XSS (EntryRecord[blocks][1][content]):---------------------------------------------Endpoint: POST /backend/tailor/entries/landing_pagePayload: EntryRecord%5Bblocks%5D%5B1%5D%5Bcontent%5D="<script>alert(1)</script>"

October CMS 3.4.0 About Cross Site Scripting

Red Hat Security Advisory 2023-7633-01 - An update for rh-mariadb105-galera and rh-mariadb105-mariadb is now available for Red Hat Software Collections. Issues addressed include a null pointer vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7633.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: rh-mariadb105-galera and rh-mariadb105-mariadb security update  
Advisory ID:        RHSA-2023:7633-01  
Product:            Red Hat Software Collections  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7633  
Issue date:         2023-12-04  
Revision:           01  
CVE Names:          CVE-2022-32081  
====================================================================

Summary: 

An update for rh-mariadb105-galera and rh-mariadb105-mariadb is now available for Red Hat Software Collections.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL.

The following packages have been upgraded to a later upstream version: rh-mariadb105-galera (26.4.14), rh-mariadb105-mariadb (10.5.22). (BZ#2114888, BZ#2173013, BZ#2240558)

Security Fix(es):

* mariadb: node crashes with Transport endpoint is not connected mysqld got signal 6 (CVE-2023-5157)

* mariadb: use-after-poison in prepare_inplace_add_virtual in handler0alter.cc (CVE-2022-32081)

* mariadb: assertion failure at table->get_ref_count() == 0 in dict0dict.cc (CVE-2022-32082)

* mariadb: segmentation fault via the component sub_select (CVE-2022-32084)

* mariadb: server crash in st_select_lex_unit::exclude_level (CVE-2022-32089)

* mariadb: server crash in JOIN_CACHE::free or in copy_fields (CVE-2022-32091)

* mariadb: compress_write() fails to release mutex on failure (CVE-2022-38791)

* mariadb: NULL pointer dereference in spider_db_mbase::print_warnings() (CVE-2022-47015)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2022-32081

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2106028  
https://bugzilla.redhat.com/show_bug.cgi?id=2106030  
https://bugzilla.redhat.com/show_bug.cgi?id=2106034  
https://bugzilla.redhat.com/show_bug.cgi?id=2106035  
https://bugzilla.redhat.com/show_bug.cgi?id=2106042  
https://bugzilla.redhat.com/show_bug.cgi?id=2130105  
https://bugzilla.redhat.com/show_bug.cgi?id=2163609  
https://bugzilla.redhat.com/show_bug.cgi?id=2240246

Tag

#sql