Ubuntu Security Notice 6737-1 - Charles Fol discovered that the GNU C Library iconv feature incorrectly handled certain input sequences. An attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-6737-1  
April 18, 2024

glibc vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

GNU C Library could be made to crash or run programs if it processed  
specially crafted data.

Software Description:  
- glibc: GNU C Library

Details:

Charles Fol discovered that the GNU C Library iconv feature incorrectly  
handled certain input sequences. An attacker could use this issue to cause  
the GNU C Library to crash, resulting in a denial of service, or possibly  
execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.10:  
   libc6                           2.38-1ubuntu6.2

Ubuntu 22.04 LTS:  
   libc6                           2.35-0ubuntu3.7

Ubuntu 20.04 LTS:  
   libc6                           2.31-0ubuntu9.15

After a standard system update you need to reboot your computer to make  
all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6737-1  
   CVE-2024-2961

Package Information:  
   https://launchpad.net/ubuntu/+source/glibc/2.38-1ubuntu6.2  
   https://launchpad.net/ubuntu/+source/glibc/2.35-0ubuntu3.7  
   https://launchpad.net/ubuntu/+source/glibc/2.31-0ubuntu9.15

Ubuntu Security Notice USN-6737-1

Ubuntu Security Notice 6729-2 - USN-6729-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks.

==========================================================================  
Ubuntu Security Notice USN-6729-2  
April 17, 2024

apache2 vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in Apache HTTP Server.

Software Description:  
- apache2: Apache HTTP server

Details:

USN-6729-1 fixed several vulnerabilities in Apache. This update provides  
the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

Original advisory details:

 Orange Tsai discovered that the Apache HTTP Server incorrectly handled  
 validating certain input. A remote attacker could possibly use this  
 issue to perform HTTP request splitting attacks. (CVE-2023-38709)

 Keran Mu and Jianjun Chen discovered that the Apache HTTP Server  
 incorrectly handled validating certain input. A remote attacker could  
 possibly use this issue to perform HTTP request splitting attacks.  
 (CVE-2024-24795)

 Bartek Nowotarski discovered that the Apache HTTP Server HTTP/2 module  
 incorrectly handled endless continuation frames. A remote attacker could  
 possibly use this issue to cause the server to consume resources, leading  
 to a denial of service. This issue was addressed only in Ubuntu 18.04 LTS.  
 (CVE-2024-27316)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 18.04 LTS (Available with Ubuntu Pro):  
  apache2                         2.4.29-1ubuntu4.27+esm2

Ubuntu 16.04 LTS (Available with Ubuntu Pro):  
  apache2                         2.4.18-2ubuntu3.17+esm12

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6729-2  
  https://ubuntu.com/security/notices/USN-6729-1  
  CVE-2023-38709, CVE-2024-24795, CVE-2024-27316

Ubuntu Security Notice USN-6729-2

Red Hat Security Advisory 2024-1904-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1904.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: firefox security updateAdvisory ID:        RHSA-2024:1904-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1904Issue date:         2024-04-18Revision:           03CVE Names:          CVE-2024-2609====================================================================Summary: An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.This update upgrades Firefox to version 115.10.0 ESR.Security Fix(es):  * GetBoundName in the JIT returned the wrong object (CVE-2024-3852)* Out-of-bounds-read after mis-optimized switch statement (CVE-2024-3854)* Incorrect JITting of arguments led to use-after-free during garbage collection (CVE-2024-3857)* Permission prompt input delay could expire when not in focus (CVE-2024-2609)* Integer-overflow led to out-of-bounds-read in the OpenType sanitizer (CVE-2024-3859)* Potential use-after-free due to AlignedBuffer self-move (CVE-2024-3861)* Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10 (CVE-2024-3864)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-2609References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2275547https://bugzilla.redhat.com/show_bug.cgi?id=2275549https://bugzilla.redhat.com/show_bug.cgi?id=2275550https://bugzilla.redhat.com/show_bug.cgi?id=2275551https://bugzilla.redhat.com/show_bug.cgi?id=2275552https://bugzilla.redhat.com/show_bug.cgi?id=2275553https://bugzilla.redhat.com/show_bug.cgi?id=2275555

Red Hat Security Advisory 2024-1904-03

Red Hat Security Advisory 2024-1901-03 - OpenShift container images for the Red Hat Service Interconnect 1.5 release.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1901.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: Red Hat Service Interconnect 1.5.3 Release (images)  
Advisory ID:        RHSA-2024:1901-03  
Product:            Red Hat Service Interconnect  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:1901  
Issue date:         2024-04-18  
Revision:           03  
CVE Names:          CVE-2023-39318  
====================================================================

Summary: 

OpenShift container images for the Red Hat Service Interconnect 1.5 release.

Red Hat Product Security has rated this update as having a security impact of  
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives  
a detailed severity rating, is available for each vulnerability from the CVE  
link(s) in the References section.

Description:

Red Hat Service Interconnect 1.5 creates a service network, linking  
TCP and HTTP services across the hybrid cloud.  
A service network enables communication between services running in different network locations or sites.  
It allows geographically distributed services to connect as if they were all running in the same site.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-39318

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://access.redhat.com/documentation/en-us/red_hat_service_interconnect/  
https://bugzilla.redhat.com/show_bug.cgi?id=2237773  
https://bugzilla.redhat.com/show_bug.cgi?id=2237776  
https://bugzilla.redhat.com/show_bug.cgi?id=2237777  
https://bugzilla.redhat.com/show_bug.cgi?id=2237778  
https://bugzilla.redhat.com/show_bug.cgi?id=2253193  
https://bugzilla.redhat.com/show_bug.cgi?id=2253330  
https://issues.redhat.com/browse/SKUPPER-1304  
https://issues.redhat.com/browse/SKUPPER-1338  
https://issues.redhat.com/browse/SKUPPER-1463  
https://issues.redhat.com/browse/SKUPPER-976

Red Hat Security Advisory 2024-1901-03

Red Hat Security Advisory 2024-1883-03 - An update for shim is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include buffer overflow, bypass, integer overflow, and out of bounds read vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1883.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: shim security update  
Advisory ID:        RHSA-2024:1883-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:1883  
Issue date:         2024-04-18  
Revision:           03  
CVE Names:          CVE-2023-40546  
====================================================================

Summary: 

An update for shim is now available for Red Hat Enterprise Linux 8.8 Extended  
Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The shim package contains a first-stage UEFI boot loader that handles chaining  
to a trusted full boot loader under secure boot environments.

Security Fix(es):

* shim: RCE in http boot support may lead to Secure Boot bypass (CVE-2023-40547)

* shim: Interger overflow leads to heap buffer overflow in verify_sbat_section  
on 32-bits systems (CVE-2023-40548)

* shim: Out-of-bounds read printing error messages (CVE-2023-40546)

* shim: Out-of-bounds read in verify_buffer_authenticode() malformed PE file  
(CVE-2023-40549)

* shim: Out-of-bound read in verify_buffer_sbat() (CVE-2023-40550)

* shim: out of bounds read when parsing MZ binaries (CVE-2023-40551)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-40546

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2234589  
https://bugzilla.redhat.com/show_bug.cgi?id=2241782  
https://bugzilla.redhat.com/show_bug.cgi?id=2241796  
https://bugzilla.redhat.com/show_bug.cgi?id=2241797  
https://bugzilla.redhat.com/show_bug.cgi?id=2259915  
https://bugzilla.redhat.com/show_bug.cgi?id=2259918

Red Hat Security Advisory 2024-1883-03

Red Hat Security Advisory 2024-1882-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a use-after-free vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1882.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: kernel-rt security and bug fix update  
Advisory ID:        RHSA-2024:1882-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:1882  
Issue date:         2024-04-18  
Revision:           03  
CVE Names:          CVE-2023-6240  
====================================================================

Summary: 

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240)

* kernel: tls: use-after-free with partial reads and async decrypt (CVE-2024-26582)

* kernel: tls: handle backlogging of crypto requests (CVE-2024-26584)

* kernel: mlxsw: spectrum_acl_tcam: Fix stack corruption (CVE-2024-26586)

Bug Fix(es):

* kernel-rt: kernel: mlxsw: spectrum_acl_tcam: Fix stack corruption (JIRA:RHEL-29214)

* kernel-rt: update RT source tree to the latest RHEL-9.2 ad hoc schedule build (JIRA:RHEL-30439)

* kernel-rt: kernel: tls: use-after-free with partial reads and async decrypt (JIRA:RHEL-26399)

* kernel-rt: kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (JIRA:RHEL-29687)

* kernel-rt: kernel: tls: handle backlogging of crypto requests (JIRA:RHEL-30451)

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-6240

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2250843  
https://bugzilla.redhat.com/show_bug.cgi?id=2265518  
https://bugzilla.redhat.com/show_bug.cgi?id=2265519  
https://bugzilla.redhat.com/show_bug.cgi?id=2265645

Red Hat Security Advisory 2024-1882-03

Red Hat Security Advisory 2024-1881-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include null pointer and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1881.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: kernel security and bug fix update  
Advisory ID:        RHSA-2024:1881-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:1881  
Issue date:         2024-04-18  
Revision:           03  
CVE Names:          CVE-2023-6240  
====================================================================

Summary: 

An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240)

* kernel: tls: use-after-free with partial reads and async decrypt (CVE-2024-26582)

* kernel: tls: handle backlogging of crypto requests (CVE-2024-26584)

* kernel: mlxsw: spectrum_acl_tcam: Fix stack corruption (CVE-2024-26586)

Bug Fix(es):

* [Lenovo RHEL9] Realtek patch for P1 G6 Audio (BZ#2208068)

* Please integrate commit b949ee6801f4 (\"powerpc/fadump: invoke ibm,os-term with rtas_call_unlocked()\") (JIRA:RHEL-17106)

* PVT:1050:XM:Nimitz Linux EEH Nimitz - After FATAL Injection BIT 13 on D10 Register, unable to see the htx traffic status after long time (JIRA:RHEL-22413)

* RHEL9.2 - Performance Degradation in the Case of Asymmetric Scheduler Domains in Linux (JIRA:RHEL-24862)

* kernel: mlxsw: spectrum_acl_tcam: Fix stack corruption (JIRA:RHEL-29186)

*  kernel NULL pointer dereference from nvme_fc_io_getuuid+0xc/0x30 [nvme_fc] (JIRA:RHEL-29221)

* sched_setaffinity(2) returns undocumented error ENODEV (JIRA:RHEL-21140)

* kernel: tls: use-after-free with partial reads and async decrypt (JIRA:RHEL-26396)

* kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (JIRA:RHEL-27840)

* sched_setaffinity(2) doesn't return -1 for an empty mask (JIRA:RHEL-29540)

* [EMR] [TBOOT OS] SUT could not go to S3 state with RHEL 9.2 Tboot OS One CPU return -16 running BUSY (JIRA:RHEL-29665)

* ipoib mcast lockup fix (JIRA:RHEL-29923)

* ice 0000:6f:00.0: PTP failed to get time (JIRA:RHEL-30108)

* blk-mq: don't schedule blk-mq kworkers on isolated CPUs (JIRA:RHEL-30418)

* kernel: tls: handle backlogging of crypto requests (JIRA:RHEL-30450)

* Kernel panic in skb_segment (JIRA:RHEL-30561)

* [IBM 9.4 FEAT] Update IBM vNIC Driver (ibmvnic) (JIRA:RHEL-28648)

* SCTP OOTB scenario in OVS/Netfilter where the SCTP connection can not be recovered by HB_REQ/HB_ACK (JIRA:RHEL-29949)

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-6240

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2250843  
https://bugzilla.redhat.com/show_bug.cgi?id=2265518  
https://bugzilla.redhat.com/show_bug.cgi?id=2265519  
https://bugzilla.redhat.com/show_bug.cgi?id=2265645

Red Hat Security Advisory 2024-1881-03

Red Hat Security Advisory 2024-1880-03 - An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include denial of service and privilege escalation vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1880.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: nodejs:18 security update  
Advisory ID:        RHSA-2024:1880-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:1880  
Issue date:         2024-04-18  
Revision:           03  
CVE Names:          CVE-2023-46809  
====================================================================

Summary: 

An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of  
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Node.js is a software development platform for building fast and scalable  
network applications in the JavaScript programming language.

Security Fix(es):

* nodejs:18/nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (CVE-2024-22019)

* nodejs:18/nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin) (CVE-2023-46809)

* nodejs:18/nodejs: code injection and privilege escalation through Linux capabilities (CVE-2024-21892)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-46809

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2264569  
https://bugzilla.redhat.com/show_bug.cgi?id=2264574  
https://bugzilla.redhat.com/show_bug.cgi?id=2264582

Red Hat Security Advisory 2024-1880-03

Red Hat Security Advisory 2024-1879-03 - An update for gnutls is now available for Red Hat Enterprise Linux 9. Issues addressed include an information leakage vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1879.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: gnutls security updateAdvisory ID:        RHSA-2024:1879-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1879Issue date:         2024-04-18Revision:           03CVE Names:          CVE-2024-28834====================================================================Summary: An update for gnutls is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.Security Fix(es):* gnutls: vulnerable to Minerva side-channel information leak (CVE-2024-28834)* gnutls: potential crash during chain building/verification (CVE-2024-28835)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-28834References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2269084https://bugzilla.redhat.com/show_bug.cgi?id=2269228

Red Hat Security Advisory 2024-1879-03

Red Hat Security Advisory 2024-1878-03 - An updated version of Red Hat Update Infrastructure is now available. RHUI 4.8 fixes several security an operational bugs, adds some new features and upgrades the underlying Pulp to a newer version. Issues addressed include HTTP request smuggling, crlf injection, denial of service, and traversal vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1878.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: RHUI 4.8 Release - Security Updates, Bug Fixes, and Enhancements  
Advisory ID:        RHSA-2024:1878-03  
Product:            Red Hat Update Infrastructure  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:1878  
Issue date:         2024-04-18  
Revision:           03  
CVE Names:          CVE-2023-36053  
====================================================================

Summary: 

An updated version of Red Hat Update Infrastructure (RHUI) is now available. RHUI 4.8 fixes several security an operational bugs, adds some new features and upgrades the underlying Pulp to a newer version.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat Update Infrastructure (RHUI) offers a highly scalable, highly redundant  
framework that enables you to manage repositories and content. It also enables  
cloud providers to deliver content and updates to Red Hat Enterprise Linux  
(RHEL) instances.

Security Fix(es):

* python-django: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator (CVE-2023-36053)

* python-aiohttp: HTTP request smuggling via llhttp HTTP request parser (CVE-2023-37276)

* python-django: Potential denial of service vulnerability in ``django.utils.encoding.uri_to_iri()`` (CVE-2023-41164)

* python-django: Denial-of-service possibility in django.utils.text.Truncator (CVE-2023-43665)

* python-aiohttp: numerous issues in HTTP parser with header parsing (CVE-2023-47627)

* aiohttp: HTTP request modification (CVE-2023-49081)

* python-cryptography: NULL-dereference when loading PKCS7 certificates (CVE-2023-49083)

* jinja2: HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-22195)

* aiohttp: follow_symlinks directory traversal vulnerability (CVE-2024-23334)

* python-ecdsa: vulnerable to the Minerva attack (CVE-2024-23342)

* python-aiohttp: http request smuggling (CVE-2024-23829)

* Django: denial-of-service in ``intcomma`` template filter (CVE-2024-24680)

* python-django: Potential regular expression denial-of-service in django.utils.text.Truncator.words() (CVE-2024-27351)

* aiohttp: CRLF injection if user controls the HTTP method using aiohttp client (CVE-2023-49082)

This RHUI update fixes the following bugs:

* The rhui-installer failed on RHEL 8.10 Beta due to the use of distutils. This has been addressed by updating to a newer version of ansible-collection-community-crypto which does not use the distutils.

This RHUI update introduces the following enhancements:

* A native Ansible module is now used to update the packages on the RHUA server when the RHUI installer is run for the first time or rerun at any time. This update can be prevented by using the --ignore-newer-rhel-packages flag on the rhui-installer command line.

* PulpCore has been updated to version 3.39.

Solution:

https://access.redhat.com/documentation/en-us/red_hat_update_infrastructure/4/html/migrating_red_hat_update_infrastructure/assembly_upgrading-red-hat-update-infrastructure_migrating-red-hat-update-infrastructure

https://access.redhat.com/documentation/en-us/red_hat_update_infrastructure/4

CVEs:

CVE-2023-36053

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2218004  
https://bugzilla.redhat.com/show_bug.cgi?id=2224185  
https://bugzilla.redhat.com/show_bug.cgi?id=2227307  
https://bugzilla.redhat.com/show_bug.cgi?id=2237258  
https://bugzilla.redhat.com/show_bug.cgi?id=2241046  
https://bugzilla.redhat.com/show_bug.cgi?id=2249825  
https://bugzilla.redhat.com/show_bug.cgi?id=2252235  
https://bugzilla.redhat.com/show_bug.cgi?id=2252248  
https://bugzilla.redhat.com/show_bug.cgi?id=2255331  
https://bugzilla.redhat.com/show_bug.cgi?id=2257854  
https://bugzilla.redhat.com/show_bug.cgi?id=2259780  
https://bugzilla.redhat.com/show_bug.cgi?id=2261856  
https://bugzilla.redhat.com/show_bug.cgi?id=2261887  
https://bugzilla.redhat.com/show_bug.cgi?id=2261909  
https://bugzilla.redhat.com/show_bug.cgi?id=2266045  
https://issues.redhat.com/browse/RHUI-434  
https://issues.redhat.com/browse/RHUI-514  
https://issues.redhat.com/browse/RHUI-516

Tag

#vulnerability