Creating a new regulatory framework to better secure Oman's banking system against future attacks.

On the blissful dawn of Jan. 1, 2020, an unexpected menace in the form of a ransomware intrusion shattered the jubilant spirit of the IT department of Oman United Insurance Company SAOG. 

The attackers hit the main servers, and infected and encrypted their data, leading to a loss of data dated from Dec. 10, 2019, to the day of the attack. Luckily, the attack lasted only for one day, and by Thursday, Jan. 2, 2020, the company was able to recover lost data, all thanks to a robust backup system.    

The Oman Insurance Company SAOG was undeniably fortunate, considering that that same year, Oman recorded a staggering 123 million Web application attempts with over 417,000 confirmed attacks and over $1 million in losses. 

The alarming number of confirmed attacks mentioned above actually represents a 13% decrease compared with the nearly 500,000 confirmed attacks reported by the Oman government in 2019. According to the annual report posted by the Ministry of Technology and Communication, this improvement in Oman's cybersecurity stance was due to the intense security assessments that government websites were subjected to. This assessment exposed over 41,000 vulnerabilities and 13,000 Internet Protocol addresses that were discovered, analyzed, and fixed by the ministry. 

Oman is one of the few Persian Gulf countries known for its high-level cybersecurity strategy, which was put in place in 2010 when the Oman Computer Emergency Readiness Team (OCERT) was launched. This organization was tasked to detect and analyze cyber-risks in the country and to raise cyber awareness at the nation's fundamental level. It's no wonder the number of attempted cyberattacks in Oman plummeted from 880 million in 2017 to 12 million in 2022. 

**A New Cybersecurity Framework by the Central Bank of Oman**

Speaking of a cybersecurity strategy and master plan, the Central Bank of Oman recently issued a new security framework to make it difficult for cyberattackers to successfully defraud its banks and citizens.

In September 2023, the Central Bank of Oman (CBO) issued a new Regulatory Framework for cybersecurity and Resilience. This new regulation mandates banks, financing and leasing companies, payment service providers, and money exchange companies to meet a set of minimum requirements to build a financial industry resilient against cybersecurity risks.

This new regulation is organized into six fundamental categories, referred to as "Control Domains" or pillars. Each domain represents a distinct area of focus and guidelines for implementing security measures. They include:

1.  Governance
    
2.  Compliance & Audit
    
3.  Technology & Operations
    
4.  Third-Party Supply Chain Management
    
5.  Online Financial Services
    
6.  Risk Management
    

By implementing this new framework, the CBO intends to establish guidelines for licensed institutions to have the ability to handle cybersecurity risks. The goal is to maintain the same standard of cybersecurity controls across all licensed financial institutions operating in Oman, ensuring uniformity in their ability to manage such risks. 

**Impacts**

By implementing and adhering to the regulatory Framework for Cybersecurity and Resilience, banks and financial institutions in Oman will have enhanced capabilities to safeguard themselves from various types of cyber threats. Not only this, but if the set minimum requirements are met, financial institutions in Oman will have predefined protocols in place to help them swiftly respond to cyber incidents and minimize potential damage control.

Since this new framework will decrease the likelihood of successful cyberattacks, Oman's financial industry can avoid significant financial losses associated with data breaches and cybercrimes. Moreover, a secure financial sector fosters confidence among investors and the general public, so this new framework could promote stability in Oman's financial market. 

By implementing this new framework, Oman's finance industry is a step closer to meeting international security standards and possibly attract international investments and partnerships. Also, it enhances customer trust as security measures assure customers that their financial transactions and sensitive information are safe.

Strengthening Oman's Economic Backbone

WordPress LiteSpeed Cache plugin versions 5.6 and below suffer from a persistent cross site scripting vulnerability.

    Vulnerability Summary from Wordfence IntelligenceDescription: LiteSpeed Cache <= 5.6 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected Plugin: LiteSpeed CachePlugin Slug: litespeed-cacheAffected Versions: <= 5.6CVE ID: CVE-2023-4372CVSS Score: 6.4 (Medium)CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:NResearcher/s: Lana Codes Fully Patched Version: <= 5.7The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘esi’ shortcode in versions up to, and including, 5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.Technical AnalysisThe LiteSpeed Cache is a site acceleration plugin with server-level cache and optimization. It provides a shortcode ([esi]) that can be used to cache blocks with Edge Side Includes technology when added to a WordPress page, if ESI was previously enabled in the settings.Unfortunately, insecure implementation of the plugin’s shortcode functionality allows for the injection of arbitrary web scripts into these pages. Examining the vulnerable code reveals that the shortcode method in the ESI class does not adequately sanitize the user-supplied ‘cache’ input, and then fails to escape the ‘control’ output derived from the ‘cache’ parameter when it builds the ESI block. This makes it possible to inject attribute-based Cross-Site Scripting payloads via the ‘cache’ attribute.[You can view these code snippets on the blog] This makes it possible for threat actors to carry out stored XSS attacks. Once a script is injected into a page or post, it will execute each time a user accesses the affected page. While this vulnerability does require that a trusted contributor account is compromised, or a user be able to register as a contributor, successful threat actors could steal sensitive information, manipulate site content, inject administrative users, edit files, or redirect users to malicious websites which are all severe consequences.Shortcode Exploit PossibilitiesPrevious versions of WordPress contained a vulnerability that allowed shortcodes supplied by unauthenticated commenters to be rendered in certain configurations. This would make it possible for unauthenticated attackers to exploit this Cross-Site Scripting vulnerability on vulnerable installations. Fortunately, however, a vast majority of sites have been automatically upgraded to a patched release of WordPress as of this writing, which means most site owners do not need to be concerned about this. We still strongly recommend verifying your site has been updated to one of the patched versions of WordPress core found here. Disclosure TimelineAugust 14, 2023 – Wordfence Threat Intelligence team discovers the stored XSS vulnerability in LiteSpeed Cache.August 14, 2023 – We initiate contact with the plugin vendor asking that they confirm the inbox for handling the discussion.August 14, 2023 – The vendor confirms the inbox for handling the discussion.August 14, 2023 – We send over the full disclosure details. The vendor acknowledges the report and begins working on a fix.August 16, 2023 – The vendor made the patch and sent us the GitHub commit.October 10, 2023 – The fully patched version, 5.7, is released.ConclusionIn this blog post, we have detailed a stored XSS vulnerability within the LiteSpeed Cache plugin affecting versions 5.6 and earlier. This vulnerability allows authenticated threat actors with contributor-level permissions or higher to inject malicious web scripts into pages that execute when a user accesses an affected page. The vulnerability has been fully addressed in version 5.7 of the plugin.We encourage WordPress users to verify that their sites are updated to the latest patched version of LiteSpeed Cache.All Wordfence users, including those running Wordfence Premium , Wordfence Care , and Wordfence Response , as well as sites still running the free version of Wordfence, are fully protected against this vulnerability.If you know someone who uses this plugin on their site, we recommend sharing this advisory with them to ensure their site remains secure, as this vulnerability poses a significant risk.For security researchers looking to disclose vulnerabilities responsibly and obtain a CVE ID, you can submit your findings to Wordfence Intelligence  and potentially earn a spot on our leaderboard .

WordPress LiteSpeed Cache 5.6 Cross Site Scripting

As the conflict in the Middle East rages, malicious actors look to exploit the situation with bogus charity sites encouraging donations.

Researchers have uncovered hundreds of cyber scams leveraging the Israeli-Hamas conflict, including more than 500 scam emails and fraudulent websites capitalizing on people's willingness to aid those affected by the war.

Many of these emails contain links to scam websites that provide information about the ongoing situation and encourage individuals to make contributions, with the added convenience of various cryptocurrency payment options, according to Kaspersky researchers.

By tracking the wallet addresses used, security experts found additional fraudulent Web pages claiming to collect aid for various groups within the conflict area.

Andrey Kovtun, security expert at Kaspersky, says attackers often attempt to intimidate recipients by threatening severe consequences, such as financial losses, account suspensions, or even legal action, if the potential victims fail to click links, open attachments, or call specified phone numbers.

"Urgency often compels recipients to act swiftly," he adds. "In some instances, such as the recent campaign exploiting the Israeli-Hamas conflict, scammers try to appeal to sympathy, soliciting funds while presenting their actions as noble endeavors."

Callie Guenther, senior manager of cyber threat research at Critical Start, says threat actors have an uncanny ability to adapt their tactics based on current events and societal concerns. This emotional appeal, rooted in compassion and moral responsibility, often overshadows rational decision-making, rendering potential victims more susceptible.

**A Multitude of Tactics**

Fake charity scams often emerge during real disasters, with scammers posing as charitable organizations and using emotional language to lure users in. Tactics include the common methods of multiple text variations to evade spam filters or altered links and sender addresses.

"During conflicts or emergencies, situations can change rapidly, and news travels quickly," Kovtun says. "Fraudulent pages may adapt to the latest developments, such as incorporating current facts or photos to appear more credible."

They can also evolve with more sophisticated designs, aiming to resemble legitimate organizations — for example, they may replicate the visual layout of other well known charities or humanitarian organizations. "Additionally, scammers could add content to the fraudulent websites, for example, news updates, and more, to diversify it with pages other than a money transfer one," Kovtun adds.

**Ferreting Out the Fraud**

To protect against such scams, users are urged to thoroughly scrutinize websites before donating, as fake sites often lack essential information about the organizers, recipients, legitimacy, or transparency regarding fund usage.

"Apart from the simple use of a search engine to find reports of an organization being a scam, look up the provenance of the domain names involved using whois.com or another domain registrar's records," Hamilton advises. "If domains were recently registered it is less likely that the organizations are legitimate."

He also recommends looking for the owner of the IP address space used by the Web properties involved and the country where the hosting service originates.

"Legitimate charity organizations' websites rarely consist of a single page," Kovtun points outs. "Encountering such a landing page should prompt a search for the organization's name to explore the search results."

Upon discovering additional information in the search results, it is advisable to cross-reference the recipient's details on the website received in the email with the information on the official site from search results.

"Spelling or grammar errors often serve as indicators of fraudulent pages," Kovtun says. "If there is still uncertainty about the organizations you have checked, it is better to donate to well-known humanitarian support organizations."

Guenther says it's also beneficial to remember that while the guise may change — be it the Israeli-Hamas conflict, the Haiti earthquake, or the Syrian Refugee Crisis — the underlying strategies remain consistent. "Being informed and maintaining a healthy skepticism can be our strongest defenses against these opportunistic scams," she notes.

Israeli-Hamas Conflict Spells Opportunity for Online Scammers

Ubuntu Security Notice 6439-2 - It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service. Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in the Linux kernel contained a race condition, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service.

==========================================================================  
Ubuntu Security Notice USN-6439-2  
October 23, 2023

linux-aws vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:  
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems

Details:

It was discovered that the IPv6 implementation in the Linux kernel  
contained a high rate of hash collisions in connection lookup table. A  
remote attacker could use this to cause a denial of service (excessive CPU  
consumption). (CVE-2023-1206)

Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in  
the Linux kernel contained a race condition, leading to a null pointer  
dereference vulnerability. A local attacker could use this to cause a  
denial of service (system crash). (CVE-2023-31083)

Ross Lagerwall discovered that the Xen netback backend driver in the Linux  
kernel did not properly handle certain unusual packets from a  
paravirtualized network frontend, leading to a buffer overflow. An attacker  
in a guest VM could use this to cause a denial of service (host system  
crash) or possibly execute arbitrary code. (CVE-2023-34319)

Lin Ma discovered that the Netlink Transformation (XFRM) subsystem in the  
Linux kernel contained a null pointer dereference vulnerability in some  
situations. A local privileged attacker could use this to cause a denial of  
service (system crash). (CVE-2023-3772)

Kyle Zeng discovered that the networking stack implementation in the Linux  
kernel did not properly validate skb object size in certain conditions. An  
attacker could use this cause a denial of service (system crash) or  
possibly execute arbitrary code. (CVE-2023-42752)

Kyle Zeng discovered that the netfiler subsystem in the Linux kernel did  
not properly calculate array offsets, leading to a out-of-bounds write  
vulnerability. A local user could use this to cause a denial of service  
(system crash) or possibly execute arbitrary code. (CVE-2023-42753)

Kyle Zeng discovered that the IPv4 Resource Reservation Protocol (RSVP)  
classifier implementation in the Linux kernel contained an out-of-bounds  
read vulnerability. A local attacker could use this to cause a denial of  
service (system crash). Please note that kernel packet classifier support  
for RSVP has been removed to resolve this vulnerability. (CVE-2023-42755)

Bing-Jhong Billy Jheng discovered that the Unix domain socket  
implementation in the Linux kernel contained a race condition in certain  
situations, leading to a use-after-free vulnerability. A local attacker  
could use this to cause a denial of service (system crash) or possibly  
execute arbitrary code. (CVE-2023-4622)

Budimir Markovic discovered that the qdisc implementation in the Linux  
kernel did not properly validate inner classes, leading to a use-after-free  
vulnerability. A local user could use this to cause a denial of service  
(system crash) or possibly execute arbitrary code. (CVE-2023-4623)

Alex Birnberg discovered that the netfilter subsystem in the Linux kernel  
did not properly validate register length, leading to an out-of- bounds  
write vulnerability. A local attacker could possibly use this to cause a  
denial of service (system crash). (CVE-2023-4881)

It was discovered that the Quick Fair Queueing scheduler implementation in  
the Linux kernel did not properly handle network packets in certain  
conditions, leading to a use after free vulnerability. A local attacker  
could use this to cause a denial of service (system crash) or possibly  
execute arbitrary code. (CVE-2023-4921)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 14.04 LTS (Available with Ubuntu Pro):  
   linux-image-4.4.0-1124-aws      4.4.0-1124.130  
   linux-image-aws                 4.4.0.1124.121

After a standard system update you need to reboot your computer to make  
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have  
been given a new version number, which requires you to recompile and  
reinstall all third party kernel modules you might have installed.  
Unless you manually uninstalled the standard kernel metapackages  
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,  
linux-powerpc), a standard system upgrade will automatically perform  
this as well.

References:  
   https://ubuntu.com/security/notices/USN-6439-2  
   https://ubuntu.com/security/notices/USN-6439-1  
   CVE-2023-1206, CVE-2023-31083, CVE-2023-34319, CVE-2023-3772,  
   CVE-2023-42752, CVE-2023-42753, CVE-2023-42755, CVE-2023-4622,  
   CVE-2023-4623, CVE-2023-4881, CVE-2023-4921

Ubuntu Security Notice USN-6439-2

Red Hat Security Advisory 2023-6080-01 - Red Hat Integration Camel for Spring Boot 4.0.1 release and security update is now available. Issues addressed include a denial of service vulnerability.

The following data is constructed from data provided by Red Hat's json file at:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6080.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: Red Hat Integration Camel for Spring Boot 4.0.1 release security update  
Advisory ID:        RHSA-2023:6080-01  
Product:            Red Hat Integration  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:6080  
Issue date:         2023-10-24  
Revision:           01  
CVE Names:          CVE-2023-44487  
====================================================================

Summary: 

Red Hat Integration Camel for Spring Boot 4.0.1 release and security update is now available.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat Integration Camel for Spring Boot 4.0.1 release and security update is now available.

The purpose of this text-only errata is to inform you about the security issues fixed.

Security Fix(es):

* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-44487

References:

https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/security/vulnerabilities/RHSB-2023-003  
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version=2023-Q4

Red Hat Security Advisory 2023-6080-01

Red Hat Security Advisory 2023-6079-01 - Red Hat Integration Camel for Spring Boot 3.20.3 release and security update is now available. Issues addressed include a denial of service vulnerability.

    The following data is constructed from data provided by Red Hat's json file at:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6079.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: Red Hat Integration Camel for Spring Boot 3.20.3 release and security updateAdvisory ID:        RHSA-2023:6079-01Product:            Red Hat IntegrationAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:6079Issue date:         2023-10-24Revision:           01CVE Names:          CVE-2023-44487====================================================================Summary: Red Hat Integration Camel for Spring Boot 3.20.3 release and security update is now available.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:A security update for 3.20.3 is now available.The purpose of this text-only errata is to inform you about the security issues fixed.Security Fix(es):* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:CVEs:CVE-2023-44487References:https://access.redhat.com/security/updates/classification/#importanthttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version=2023-Q4

Red Hat Security Advisory 2023-6079-01

Red Hat Security Advisory 2023-6071-01 - Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes new features and bug fixes. Issues addressed include a denial of service vulnerability.

The following data is constructed from data provided by Red Hat's json file at:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6071.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: RHACS 4.0 enhancement and security update  
Advisory ID:        RHSA-2023:6071-01  
Product:            Red Hat Advanced Cluster Security for Kubernetes  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:6071  
Issue date:         2023-10-24  
Revision:           01  
CVE Names:          CVE-2023-39325  
====================================================================

Summary: 

Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes new features and bug fixes.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

This release of RHACS 4.0.5 includes fixes for the following security  
vulnerabilities:

* golang: net/http, x/net/http2: rapid stream resets can cause excessive work  
(CVE-2023-39325)

* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack  
(Rapid Reset Attack) (CVE-2023-44487)

* Various CVEs in containers for glibc security issues

A Red Hat Security Bulletin which addresses further details about this flaw is  
available in the References section.

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE page(s)  
listed in the References section.

RHACS 4.0.5 includes a new default policy called \"Rapid Reset: Denial of Service  
Vulnerability in HTTP/2 Protocol\". This policy alerts on deployments with images  
containing components that are susceptible to a Denial of Service (DoS)  
vulnerability for HTTP/2 servers, based on CVE-2023-44487 and CVE-2023-39325.  
This policy applies to the build or deploy life cycle stage.

Solution:

CVEs:

CVE-2023-39325

References:

https://access.redhat.com/security/updates/classification/#important  
https://docs.openshift.com/acs/4.0/release_notes/40-release-notes.html

Red Hat Security Advisory 2023-6071-01

Red Hat Security Advisory 2023-6061-01 - Red Hat OpenShift Pipelines 1.12.1 has been released. Issues addressed include a denial of service vulnerability.

The following data is constructed from data provided by Red Hat's json file at:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6061.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: Red Hat OpenShift Pipelines 1.12.1 release and security update  
Advisory ID:        RHSA-2023:6061-01  
Product:            Red Hat OpenShift Pipelines  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:6061  
Issue date:         2023-10-23  
Revision:           01  
CVE Names:          CVE-2023-39325  
====================================================================

Summary: 

Red Hat OpenShift Pipelines 1.12.1 has been released.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Pipelines is a cloud-native continuous integration and delivery (CI/CD) solution for building pipelines using Tekton. Tekton is a flexible, Kubernetes-native, open-source CI/CD framework which enables automating deployments across multiple platforms such as Kubernetes, Serverless, and VMs by abstracting away the underlying details.

Security Fix(es):

* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (Rapid Reset Attack) (CVE-2023-39325)

* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat OpenShift Pipelines consists of:

- Tekton Pipelines 0.50.x  
- Tekton Triggers 0.25.x  
- ClusterTasks based on Tekton Catalog  
- Tekton tkn CLI 0.32.x  
- Tekton Operator 0.68.x  
- Tekton Chains 0.17.x (GA)  
- Tekton Hub 1.14.x (TP)  
- Tekton Result 0.8.x (TP)  
- Pipelines-as-Code 0.21.x (GA)

For more information, see the Release Notes on any one of the following platforms:

- Customer Portal: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.13/html/cicd/pipelines#op-release-notes-1-12_op-release-notes

- OpenShift documentation: https://docs.openshift.com/container-platform/4.13/cicd/pipelines/op-release-notes.html#op-release-notes-1-12_op-release-notes

Solution:

https://docs.openshift.com/container-platform/4.10/operators/admin/olm-upgrading-operators.html#olm-approving-pending-up[…]e_olm-upgrading-operators

CVEs:

CVE-2023-39325

References:

https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/security/vulnerabilities/RHSB-2023-003  
https://docs.openshift.com/pipelines/1.12/about/understanding-openshift-pipelines.html

Red Hat Security Advisory 2023-6061-01

Red Hat Security Advisory 2023-6059-01 - Red Hat OpenShift Pipelines Client tkn for 1.12.1 has been released. Issues addressed include a denial of service vulnerability.

    The following data is constructed from data provided by Red Hat's json file at:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6059.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: Red Hat OpenShift Pipelines Client tkn for 1.12.1 release and security updateAdvisory ID:        RHSA-2023:6059-01Product:            Red Hat OpenShift PipelinesAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:6059Issue date:         2023-10-23Revision:           01CVE Names:          CVE-2023-39325====================================================================Summary: Red Hat OpenShift Pipelines Client tkn for 1.12.1 has been released.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Red Hat OpenShift Pipelines Client, tkn for the 1.12.1 release, provides a CLI  tool to interact with the Pipelines and Triggers components provided by Red Hat OpenShift Pipelines 1.12.1The tkn CLI tool is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms.Security Fix(es):* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (Rapid Reset Attack) (CVE-2023-39325)* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-39325References:https://access.redhat.com/security/updates/classification/#importanthttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003https://docs.openshift.com/container-platform/4.13/cli_reference/tkn_cli/installing-tkn.html

Red Hat Security Advisory 2023-6059-01

Red Hat Security Advisory 2023-6057-01 - An update for toolbox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a denial of service vulnerability.

    The following data is constructed from data provided by Red Hat's json file at:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6057.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Critical: toolbox security updateAdvisory ID:        RHSA-2023:6057-01Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:6057Issue date:         2023-10-23Revision:           01CVE Names:          CVE-2023-39325====================================================================Summary: An update for toolbox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI.Security Fix(es):* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-39325References:https://access.redhat.com/security/updates/classification/#criticalhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003

Tag

#web