MOKOSmart MKGW1 Gateway devices with firmware version 1.1.1 or below do not provide an adequate session management for the administrative web interface. This allows adjacent attackers with access to the management network to read and modify the configuration of the device.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

# MOKOSmart MKGW1 Gateway Improper Session Management #

Link: https://github.com/sbaresearch/advisories/tree/public/2022/SBA-ADV-20220120-01_MOKOSmart_MKGW1_Gateway_Improper_Session_Management

## Vulnerability Overview ##

MOKOSmart MKGW1 Gateway devices with firmware version 1.1.1 or below do  
not provide an adequate session management for the administrative web  
interface. This allows adjacent attackers with access to the management  
network to read and modify the configuration of the device.

* **Identifier**            : SBA-ADV-20220120-01  
* **Type of Vulnerability** : Improper Authentication  
* **Software/Product Name** : [MOKOSmart MKGW1 BLE Gateway](https://www.mokosmart.com/mokosmart-mkgw1-gateway-iot-cloud-platform/)  
* **Vendor**                : [MOKO TECHNOLOGY LTD](https://www.mokosmart.com/)  
* **Affected Versions**     : <= 1.1.1  
* **Fixed in Version**      : Not yet  
* **CVE ID**                : Pending  
* **CVSS Vector**           : CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H  
* **CVSS Base Score**       : 8.0 (High)

## Vendor Description ##

> * MKGW1 Bluetooth gateway is mainly used for the MOKO Bluetooth products.  
> * It is convenient for users to get the data of the MOKO series Beacon,  
>   and advertising raw data of any Bluetooth device.  
> * It can upload the data to the server via MQTT (V3.1.1) or HTTP(S)  
>   protocol.  
> * MKGW1 was developed with MediaTek® MT7688AN relying on OpenWrt system  
>   and Nordic® nRF52 platform.  
> * MKGW1 can connect the standard MQTT Broker, Aws IOT, Azure IOT HUB,  
>   Aliyun IOT.

Source: <http://doc.mokotechnology.com/index.php?s=/page/108>

## Impact ##

By exploiting the documented vulnerability, an attacker can gain  
administrative access to the device. For example, this can be misused by  
altering the configuration of the device or by reading out the configured  
network credentials and therefore getting a foothold in the victim's network.

## Vulnerability Description ##

The gateway offers a web-based configuration interface that can be used to  
edit the configuration of the gateway. Username and password are requested  
to authenticate the administrator. After sending the correct credentials the  
device sets a global server-side state to "logged in" for 3600 seconds,  
rather than issuing a session ID. Now any device on the same network can  
access the configuration interface as administrator without any additional  
authentication and read and modify the configuration.

## Proof of Concept ##

Login with the admin credentials on the web interface from a legitimate  
client:

HTTP request:

```http  
POST /goform/login HTTP/1.1  
Host: 192.168.22.1  
Content-Type: application/json  
Content-Length: 39  
Origin: http://192.168.22.1  
Connection: close  
Referer: http://192.168.22.1/sign_in

{"username":"Admin","password":"[redacted]"}  
```

HTTP response:

```http  
HTTP/1.1 200 OK  
Content-type: application/json  
Pragma: no-cache  
Cache-Control: no-cache

{ "state": { "code": 2000, "msg": "ok" }, "data": { "activetime": "3600" } }  
```

The response shown above does not contain any session identifier.  
On another client that can reach the web interface, an attacker can read out  
the configuration without any authentication:

HTTP request:

```http  
GET /goform/get_wan HTTP/1.1  
Host: 192.168.22.1  
Connection: close  
```

HTTP response:

```http  
HTTP/1.1 200 OK  
Content-type: application/json

{ "state": { "code": 2000, "msg": "ok" }, "data": { "wanmode": "WIFI", "wanssid": "[redacted]", "wanencrypt": "[redacted]", "wanpassword": "[redacted]", "proto": "dhcp", "ipaddr": "", "netmask": "", "gateway": "", "firdns": "", "secdns": "" } }  
```

The above proof-of-concept shows that the MOKO gateway cannot distinguish  
between multiple sessions. Therefore, if a legitimate client is logged in,  
an attacker can read the configuration. Furthermore, an attacker can also  
modify the configuration by sending the appropriate `JSON` data to the  
respective `POST` endpoint. Changes to the network can trigger a reboot  
of the device.

## Recommended Countermeasures ##

We are not aware of a vendor fix yet. Please contact the vendor.

We recommend to implement a proper session management for the  
administrative web interface of the device.

## Timeline ##

* `2022-01-20`: identification of vulnerability in version 1.1.1  
* `2022-01-27`: initial vendor contact  
* `2022-03-02`: disclosed vulnerability to vendor contact but received no reply  
* `2023-12-11`: request CVE from MITRE  
* `2023-12-12`: public disclosure

## References ##

* [Moko Gateway Documentation](https://www.mokosmart.com/wp-content/uploads/2019/10/GS-gateway.pdf)

## Credits ##

* Jakob Hagl ([SBA Research](https://www.sba-research.org/))  
* David Lisa Gnedt ([SBA Research](https://www.sba-research.org/))  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEL9Wp/yZWFD9OpIt6+7iGL1j3dbIFAmWB8iQACgkQ+7iGL1j3  
dbK0eg//atfWytZOUPJ3omp9Rjb9sMJwu1Z8LdEZZGsQdsmQXJLaKF3AUDnt2cBx  
CLPVDh32lFbszJiMrJrXjj5WxH8CUtNQFdj1WTN4Uv5MlaRRvipOz7/XTemqRwGP  
+nctTDZHLFCeli4ZD36tE4zKcP3vm+R4e7Zy5BIP74G2Dw2hmFreSt7CC5CqZT3K  
oPo1hMF9PD7WhjYK/lBaxeR+6FkiCm7p/thgyeShHMVygJJjmjF+k3GQ61NmoVXc  
IjwRs+WY8Y/X/SfPjM8tjW/gZFHdOv/r/Gcz1OJs2D2quqmiKuoOhS9b/F8LDHsf  
OnKTNBaWH2oTzmuh7zSan+kPYj42gjpp+aSSoWK7At78yFFvLilCcckwIpKagh4U  
b3W//s5BPKCXJ1a7yH3WYGjbDAOzGMq1g50X1ZDNQ7zdQbELobFSNLWsnPwfN64i  
ljq6tXTOYT+4Jg4hI5I+3vD4q7mf7O2CL4fk5pUHoKMy7P28sxa7wX2jH+02C07J  
PKkaU+V2v4Lvf3PQvGTeupo50bTZX0xYqdmjjr3G9SUD+jESMCHPGaXw/Zpau71U  
uKD9f9MbZ9v/XML3IsBvd22QkayL7eegvmweyLmchp/ppigp99IX3rA7EgGkauW7  
1W7YiybQOvo5xaCiMakIqHXZtFcWIEryT8FRMW5cyraExHGkPPk=  
=jrYM  
-----END PGP SIGNATURE-----

MOKOSmart MKGW1 Gateway Improper Session Management 

Gentoo Linux Security Advisory 202312-2 - A vulnerability has been found in Minecraft Server which leads to remote code execution. Versions greater than or equal to 1.18.1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202312-02  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Minecraft Server: Remote Code Execution  
     Date: December 20, 2023  
     Bugs: #828936  
       ID: 202312-02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been found in Minecraft Server which leads to remote  
code execution.

Background  
==========

Minecraft Server is the official server for the sandbox video game.

Affected packages  
=================

Package                        Vulnerable    Unaffected  
-----------------------------  ------------  ------------  
games-server/minecraft-server  < 1.18.1      >= 1.18.1

Description  
===========

A vulnerability has been discovered in Minecraft Server. Please review  
the CVE identifier referenced below for details.

Impact  
======

Vulnerable Minecraft Server versions include a bundled version of log4j  
which is vulnerable to remote code execution.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Minecraft Server users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=games-server/minecraft-server-1.18.1"

References  
==========

[ 1 ] CVE-2021-4104  
      https://nvd.nist.gov/vuln/detail/CVE-2021-4104

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202312-02

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202312-02

Ubuntu Security Notice 6560-1 - Fabian Bäumer, Marcus Brinkmann, Joerg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If a remote attacker was able to intercept SSH communications, extension negotiation messages could be truncated, possibly leading to certain algorithms and features being downgraded. This issue is known as the Terrapin attack. This update adds protocol extensions to mitigate this issue. Luci Stanescu discovered that OpenSSH incorrectly added destination constraints when smartcard keys were added to ssh-agent, contrary to expectations. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 23.04.

    ==========================================================================Ubuntu Security Notice USN-6560-1December 19, 2023openssh vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 23.10- Ubuntu 23.04- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:Several security issues were fixed in OpenSSH.Software Description:- openssh: secure shell (SSH) for secure access to remote machinesDetails:Fabian Bäumer, Marcus Brinkmann, Jörg Schwenk discovered that the SSHprotocol was vulnerable to a prefix truncation attack. If a remote attackerwas able to intercept SSH communications, extension negotiation messagescould be truncated, possibly leading to certain algorithms and featuresbeing downgraded. This issue is known as the Terrapin attack. This updateadds protocol extensions to mitigate this issue. (CVE-2023-48795)Luci Stanescu discovered that OpenSSH incorrectly added destinationconstraints when smartcard keys were added to ssh-agent, contrary toexpectations. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 23.04.(CVE-2023-28531)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 23.10:   openssh-client                  1:9.3p1-1ubuntu3.1   openssh-server                  1:9.3p1-1ubuntu3.1Ubuntu 23.04:   openssh-client                  1:9.0p1-1ubuntu8.6   openssh-server                  1:9.0p1-1ubuntu8.6Ubuntu 22.04 LTS:   openssh-client                  1:8.9p1-3ubuntu0.5   openssh-server                  1:8.9p1-3ubuntu0.5Ubuntu 20.04 LTS:   openssh-client                  1:8.2p1-4ubuntu0.10   openssh-server                  1:8.2p1-4ubuntu0.10In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6560-1   CVE-2023-28531, CVE-2023-48795Package Information:   https://launchpad.net/ubuntu/+source/openssh/1:9.3p1-1ubuntu3.1   https://launchpad.net/ubuntu/+source/openssh/1:9.0p1-1ubuntu8.6   https://launchpad.net/ubuntu/+source/openssh/1:8.9p1-3ubuntu0.5   https://launchpad.net/ubuntu/+source/openssh/1:8.2p1-4ubuntu0.10

Ubuntu Security Notice USN-6560-1

TYPO3 version 11.5.24 suffers from a path traversal vulnerability.

    # Exploit Title: TYPO3 11.5.24 Path Traversal Vulnerability (Authenticated)# Date: Apr 9, 2023# Exploit Author: Saeed reza Zamanian# Software Link: https://get.typo3.org/release-notes/11.5.24# Version: 11.5.24# Tested on: Kali 2022.3# CVE : CVE-2023-30451 In TYPO3 11.5.24, the filelist component allows attackers (with access to the administrator panel), to read arbitrary files by utilizing a directory traversal via the baseuri field, This is demonstrated through : POST /typo3/record/edit with ../../../ and the parameter  data[sys_file_storage]*[data][sDEF][lDEF][basePath][vDEF].  -----------------------------------------------------To exploit this vulnerability, follow these steps:1. Log in to the administrator panel.2. Navigate to 'file' > 'Filelist' section.3. Right-click on a file storage and select 'New.'4. Set the base URI to "../../../" and save.After creating the file storage, the final HTTP request should resemble the one below. Once the file storage is created, refresh the page, enabling you to browse any directory on the server.To access "/etc/passwd," browse to the '/etc/' directory, search for 'passwd,' and view the file.

TYPO3 11.5.24 Path Traversal

MajorDoMo versions prior to 0662e5e suffer from an unauthenticated remote code execution vulnerability.

    **Introduction**MajorDoMo, a beacon in Russian home automation and particularly favored by Raspberry Pi aficionados, has been a trusted name for over a decade. With over 380 stars on its official GitHub repository at the time of writing (https://github.com/sergejey/majordomo), its popularity is evident. However, lurking within its `thumb.php` module is a severe unauthenticated Remote Code Execution (RCE) vulnerability before 0662e5e.NOTE: this is unrelated to the Majordomo mailing-list manager.**Disclosure Timeline:**- October 28, 2023: Initial discovery of the vulnerability (CVE-2023-50917).- October 29, 2023: Contacted MajorDoMo team detailing the vulnerability.- November 6, 2023: After no response from MajorDoMo's team for over a week, submitted a CVE request to the appropriate CNA.- November 14, 2023: New attempt to contact the MajorDoMo team. Received a response from the team within a few hours. The patch has been applied.- December 15, 2023: Public disclosure of CVE-2023-50917.**Technical Background: The Vulnerable Code**The script `/modules/thumb/thumb.php` is primarily designed for thumbnail generation in MajorDoMo. It serves to facilitate the creation of thumbnails from various media sources. But within this benign purpose lies a significant vulnerability:**Key Code Snippets and Analysis:**1. **URL Decoding:**PHP code: $url = base64_decode($url);The script takes a base64 encoded `url` parameter and decodes it. This decoding process is pivotal, as it allows attackers to obfuscate their payloads, skirting around simple checks.2. **Pattern Checks:**PHP code: if (preg_match('/^rtsp:/is', $url) || preg_match('/\/dev/', $url)) { ... }The script then checks if the decoded `url` adheres to specific patterns (`rtsp:` or `/dev`). This is a rudimentary check to decide whether to process the URL. With the help of base64 encoding, it becomes trivial for attackers to bypass this verification.3. **Direct Command Construction:**PHP code: if ($_GET['transport']) { $stream_options = '-rtsp_transport ' . $_GET['transport'] . ' ' . $stream_options; }Here lies the crux of the vulnerability. The `transport` parameter is taken directly and embedded within a system command without adequate sanitization. This glaring oversight allows for arbitrary command injections. By crafting the `transport` parameter, an attacker can introduce and execute arbitrary commands. The subsequent command is executed via the `exec` function, which poses a significant security risk.**The Core Vulnerability**The vulnerability's essence is the unchecked and unsanitized user input (from the `transport` parameter) that gets directly incorporated into a system command. This allows attackers to run arbitrary commands on the server, potentially taking full control of the MajorDoMo instance.**Exploitation Avenues:**1. **Bypassing URL Validation:**The script's initial validation checks for patterns such as `rtsp:` or `/dev`. By using base64 encoded strings like `cnRzcDovL2EK` (decoding to `rtsp://a`), these checks can be easily bypassed.2. **Command Injection via the `transport` Parameter:**The `transport` parameter is used directly within a system command. With no sanitization in place, this can be exploited for command injections, leading to RCE. For instance, the command `||echo; echo $(command_here)` can be used to break out of the intended command and execute any arbitrary command.**Potential Impact**The severity of this RCE vulnerability is high. Given MajorDoMo's integral role in home automation, successful exploitation can result in an attacker compromising physical security systems, gaining access to surveillance cameras, or even taking control of other connected IoT devices.**Recommendations for Mitigation**- Thorough Input Validation: It is essential to rigorously validate all inputs. This can prevent malicious payloads from being processed.- Sanitize Before Execution: Inputs should be sanitized before being incorporated into any system commands.- Limit Direct Command Execution: Prefer using built-in PHP functions or secure APIs over direct system command execution.**Conclusion**This vulnerability underscores the importance of thorough code reviews and robust input validation. Even established software projects like MajorDoMo are not immune to critical vulnerabilities. The discovery serves as a reminder of the ever-present need for diligence and a proactive approach to security in all software development stages.Please refer to https://nvd.nist.gov/vuln/detail/CVE-2023-50917Valentin Lobstein

MajorDoMo Remote Code Execution

Red Hat Security Advisory 2023-7879-03 - An update for opensc is now available for Red Hat Enterprise Linux 9. Issues addressed include bypass and out of bounds read vulnerabilities.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7879.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: opensc security updateAdvisory ID:        RHSA-2023:7879-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7879Issue date:         2023-12-19Revision:           03CVE Names:          CVE-2023-4535====================================================================Summary: An update for opensc is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on cards that support cryptographic operations and enables their use for authentication, mail encryption, or digital signatures.Security Fix(es):* OpenSC: Potential PIN bypass when card tracks its own login state (CVE-2023-40660)* OpenSC: multiple memory issues with pkcs15-init (enrollment tool) (CVE-2023-40661)* OpenSC: out-of-bounds read in MyEID driver handling encryption using symmetric keys (CVE-2023-4535)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-4535References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2240912https://bugzilla.redhat.com/show_bug.cgi?id=2240913https://bugzilla.redhat.com/show_bug.cgi?id=2240914

Red Hat Security Advisory 2023-7879-03

Red Hat Security Advisory 2023-7877-03 - An update for openssl is now available for Red Hat Enterprise Linux 8.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7877.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Low: openssl security updateAdvisory ID:        RHSA-2023:7877-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7877Issue date:         2023-12-19Revision:           03CVE Names:          CVE-2023-3446====================================================================Summary: An update for openssl is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.Security Fix(es):* openssl: Excessive time spent checking DH keys and parameters (CVE-2023-3446)* OpenSSL: Excessive time spent checking DH q parameter value (CVE-2023-3817)* openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow (CVE-2023-5678)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-3446References:https://access.redhat.com/security/updates/classification/#lowhttps://bugzilla.redhat.com/show_bug.cgi?id=2224962https://bugzilla.redhat.com/show_bug.cgi?id=2227852https://bugzilla.redhat.com/show_bug.cgi?id=2248616

Red Hat Security Advisory 2023-7877-03

Red Hat Security Advisory 2023-7876-03 - An update for opensc is now available for Red Hat Enterprise Linux 8. Issues addressed include a bypass vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7876.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: opensc security updateAdvisory ID:        RHSA-2023:7876-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7876Issue date:         2023-12-19Revision:           03CVE Names:          CVE-2023-40660====================================================================Summary: An update for opensc is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on cards that support cryptographic operations and enables their use for authentication, mail encryption, or digital signatures.Security Fix(es):* OpenSC: Potential PIN bypass when card tracks its own login state (CVE-2023-40660)* OpenSC: multiple memory issues with pkcs15-init (enrollment tool) (CVE-2023-40661)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-40660References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2240912https://bugzilla.redhat.com/show_bug.cgi?id=2240913

Red Hat Security Advisory 2023-7876-03

Red Hat Security Advisory 2023-7875-03 - An update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7875.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: gstreamer1-plugins-bad-free security updateAdvisory ID:        RHSA-2023:7875-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7875Issue date:         2023-12-19Revision:           03CVE Names:          CVE-2023-44446====================================================================Summary: An update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer.Security Fix(es):* gstreamer: MXF demuxer use-after-free vulnerability (CVE-2023-44446)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-44446References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2250249

Red Hat Security Advisory 2023-7875-03

Red Hat Security Advisory 2023-7874-03 - An update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7874.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: gstreamer1-plugins-bad-free security updateAdvisory ID:        RHSA-2023:7874-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7874Issue date:         2023-12-19Revision:           03CVE Names:          CVE-2023-44446====================================================================Summary: An update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer.Security Fix(es):* gstreamer: MXF demuxer use-after-free vulnerability (CVE-2023-44446)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-44446References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2250249

Tag

#vulnerability