Ubuntu Security Notice 6548-1 - It was discovered that Spectre-BHB mitigations were missing for Ampere processors. A local attacker could potentially use this to expose sensitive information. It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service.

    ==========================================================================Ubuntu Security Notice USN-6548-1December 11, 2023linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4,linux-bluefield, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-ibm,linux-ibm-5.4, linux-kvm, linux-xilinx-zynqmp vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTS- Ubuntu 18.04 LTS (Available with Ubuntu Pro)Summary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-azure: Linux kernel for Microsoft Azure Cloud systems- linux-bluefield: Linux kernel for NVIDIA BlueField platforms- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-ibm: Linux kernel for IBM cloud systems- linux-kvm: Linux kernel for cloud environments- linux-xilinx-zynqmp: Linux kernel for Xilinx ZynqMP processors- linux-aws-5.4: Linux kernel for Amazon Web Services (AWS) systems- linux-azure-5.4: Linux kernel for Microsoft Azure cloud systems- linux-gcp-5.4: Linux kernel for Google Cloud Platform (GCP) systems- linux-hwe-5.4: Linux hardware enablement (HWE) kernel- linux-ibm-5.4: Linux kernel for IBM cloud systemsDetails:It was discovered that Spectre-BHB mitigations were missing for Ampereprocessors. A local attacker could potentially use this to expose sensitiveinformation. (CVE-2023-3006)It was discovered that the USB subsystem in the Linux kernel contained arace condition while handling device descriptors in certain situations,leading to a out-of-bounds read vulnerability. A local attacker couldpossibly use this to cause a denial of service (system crash).(CVE-2023-37453)Lucas Leong discovered that the netfilter subsystem in the Linux kernel didnot properly validate some attributes passed from userspace. A localattacker could use this to cause a denial of service (system crash) orpossibly expose sensitive information (kernel memory). (CVE-2023-39189)Sunjoo Park discovered that the netfilter subsystem in the Linux kernel didnot properly validate u32 packets content, leading to an out-of-bounds readvulnerability. A local attacker could use this to cause a denial of service(system crash) or possibly expose sensitive information. (CVE-2023-39192)Lucas Leong discovered that the netfilter subsystem in the Linux kernel didnot properly validate SCTP data, leading to an out-of-bounds readvulnerability. A local attacker could use this to cause a denial of service(system crash) or possibly expose sensitive information. (CVE-2023-39193)Lucas Leong discovered that the Netlink Transformation (XFRM) subsystem inthe Linux kernel did not properly handle state filters, leading to an out-of-bounds read vulnerability. A privileged local attacker could use this tocause a denial of service (system crash) or possibly expose sensitiveinformation. (CVE-2023-39194)Kyle Zeng discovered that the IPv4 implementation in the Linux kernel didnot properly handle socket buffers (skb) when performing IP routing incertain circumstances, leading to a null pointer dereference vulnerability.A privileged attacker could use this to cause a denial of service (systemcrash). (CVE-2023-42754)Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kerneldid not properly handle queue initialization failures in certainsituations, leading to a use-after-free vulnerability. A remote attackercould use this to cause a denial of service (system crash) or possiblyexecute arbitrary code. (CVE-2023-5178)Budimir Markovic discovered that the perf subsystem in the Linux kernel didnot properly handle event groups, leading to an out-of-bounds writevulnerability. A local attacker could use this to cause a denial of service(system crash) or possibly execute arbitrary code. (CVE-2023-5717)It was discovered that the TLS subsystem in the Linux kernel did notproperly perform cryptographic operations in some situations, leading to anull pointer dereference vulnerability. A local attacker could use this tocause a denial of service (system crash) or possibly execute arbitrarycode. (CVE-2023-6176)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS:   linux-image-5.4.0-1035-xilinx-zynqmp  5.4.0-1035.39   linux-image-5.4.0-1063-ibm      5.4.0-1063.68   linux-image-5.4.0-1076-bluefield  5.4.0-1076.82   linux-image-5.4.0-1104-kvm      5.4.0-1104.111   linux-image-5.4.0-1116-aws      5.4.0-1116.126   linux-image-5.4.0-1120-gcp      5.4.0-1120.129   linux-image-5.4.0-1121-azure    5.4.0-1121.128   linux-image-5.4.0-169-generic   5.4.0-169.187   linux-image-5.4.0-169-generic-lpae  5.4.0-169.187   linux-image-5.4.0-169-lowlatency  5.4.0-169.187   linux-image-aws-lts-20.04       5.4.0.1116.113   linux-image-azure-lts-20.04     5.4.0.1121.114   linux-image-bluefield           5.4.0.1076.71   linux-image-gcp-lts-20.04       5.4.0.1120.122   linux-image-generic             5.4.0.169.167   linux-image-generic-lpae        5.4.0.169.167   linux-image-ibm-lts-20.04       5.4.0.1063.92   linux-image-kvm                 5.4.0.1104.100   linux-image-lowlatency          5.4.0.169.167   linux-image-oem                 5.4.0.169.167   linux-image-oem-osp1            5.4.0.169.167   linux-image-virtual             5.4.0.169.167   linux-image-xilinx-zynqmp       5.4.0.1035.35Ubuntu 18.04 LTS (Available with Ubuntu Pro):   linux-image-5.4.0-1063-ibm      5.4.0-1063.68~18.04.1   linux-image-5.4.0-1116-aws      5.4.0-1116.126~18.04.1   linux-image-5.4.0-1120-gcp      5.4.0-1120.129~18.04.1   linux-image-5.4.0-1121-azure    5.4.0-1121.128~18.04.1   linux-image-5.4.0-169-generic   5.4.0-169.187~18.04.1   linux-image-5.4.0-169-lowlatency  5.4.0-169.187~18.04.1   linux-image-aws                 5.4.0.1116.94   linux-image-azure               5.4.0.1121.94   linux-image-gcp                 5.4.0.1120.96   linux-image-generic-hwe-18.04   5.4.0.169.187~18.04.137   linux-image-ibm                 5.4.0.1063.73   linux-image-lowlatency-hwe-18.04  5.4.0.169.187~18.04.137   linux-image-oem                 5.4.0.169.187~18.04.137   linux-image-oem-osp1            5.4.0.169.187~18.04.137   linux-image-snapdragon-hwe-18.04  5.4.0.169.187~18.04.137   linux-image-virtual-hwe-18.04   5.4.0.169.187~18.04.137After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6548-1   CVE-2023-3006, CVE-2023-37453, CVE-2023-39189, CVE-2023-39192,   CVE-2023-39193, CVE-2023-39194, CVE-2023-42754, CVE-2023-5178,   CVE-2023-5717, CVE-2023-6176Package Information:   https://launchpad.net/ubuntu/+source/linux/5.4.0-169.187   https://launchpad.net/ubuntu/+source/linux-aws/5.4.0-1116.126   https://launchpad.net/ubuntu/+source/linux-azure/5.4.0-1121.128   https://launchpad.net/ubuntu/+source/linux-bluefield/5.4.0-1076.82   https://launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1120.129   https://launchpad.net/ubuntu/+source/linux-ibm/5.4.0-1063.68   https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1104.111   https://launchpad.net/ubuntu/+source/linux-xilinx-zynqmp/5.4.0-1035.39

Ubuntu Security Notice USN-6548-1

Red Hat Security Advisory 2023-7730-03 - An update for tracker-miners is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7730.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: tracker-miners security updateAdvisory ID:        RHSA-2023:7730-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7730Issue date:         2023-12-12Revision:           03CVE Names:          CVE-2023-5557====================================================================Summary: An update for tracker-miners is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Tracker is a powerful desktop-neutral first class object database, tag/metadata database and search tool. This package contains various miners and metadata extractors for tracker.Security Fix(es):* tracker-miners: sandbox escape (CVE-2023-5557)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-5557References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2243096

Red Hat Security Advisory 2023-7730-03

Red Hat Security Advisory 2023-7716-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8. Issues addressed include a code execution vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7716.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: webkit2gtk3 security updateAdvisory ID:        RHSA-2023:7716-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7716Issue date:         2023-12-11Revision:           03CVE Names:          CVE-2023-42917====================================================================Summary: An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.Security Fix(es):* webkitgtk: Arbitrary Remote Code Execution (CVE-2023-42917)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-42917References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2253058

Red Hat Security Advisory 2023-7716-03

Red Hat Security Advisory 2023-7715-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9. Issues addressed include a code execution vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7715.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: webkit2gtk3 security updateAdvisory ID:        RHSA-2023:7715-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7715Issue date:         2023-12-11Revision:           03CVE Names:          CVE-2023-42917====================================================================Summary: An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.Security Fix(es):* webkitgtk: Arbitrary Remote Code Execution (CVE-2023-42917)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-42917References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2253058

Red Hat Security Advisory 2023-7715-03

Red Hat Security Advisory 2023-7714-03 - An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8. Issues addressed include integer overflow and remote SQL injection vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7714.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: postgresql:12 security update  
Advisory ID:        RHSA-2023:7714-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7714  
Issue date:         2023-12-11  
Revision:           03  
CVE Names:          CVE-2023-5868  
====================================================================

Summary: 

An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

PostgreSQL is an advanced object-relational database management system (DBMS).

Security Fix(es):

* postgresql: Buffer overrun from integer overflow in array modification (CVE-2023-5869)

* postgresql: Memory disclosure in aggregate function calls (CVE-2023-5868)

* postgresql: extension script @substitutions@ within quoting allow SQL injection (CVE-2023-39417)

* postgresql: Role pg_signal_backend can signal certain superuser processes. (CVE-2023-5870)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-5868

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2228111  
https://bugzilla.redhat.com/show_bug.cgi?id=2247168  
https://bugzilla.redhat.com/show_bug.cgi?id=2247169  
https://bugzilla.redhat.com/show_bug.cgi?id=2247170

Red Hat Security Advisory 2023-7714-03

Red Hat Security Advisory 2023-7713-03 - An update for tracker-miners is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7713.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: tracker-miners security updateAdvisory ID:        RHSA-2023:7713-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7713Issue date:         2023-12-11Revision:           03CVE Names:          CVE-2023-5557====================================================================Summary: An update for tracker-miners is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Tracker is a powerful desktop-neutral first class object database, tag/metadata database and search tool. This package contains various miners and metadata extractors for tracker.Security Fix(es):* tracker-miners: sandbox escape (CVE-2023-5557)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-5557References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2243096

Red Hat Security Advisory 2023-7713-03

Red Hat Security Advisory 2023-7712-03 - An update for tracker-miners is now available for Red Hat Enterprise Linux 9.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7712.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: tracker-miners security updateAdvisory ID:        RHSA-2023:7712-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7712Issue date:         2023-12-11Revision:           03CVE Names:          CVE-2023-5557====================================================================Summary: An update for tracker-miners is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Tracker is a powerful desktop-neutral first class object database, tag/metadata database and search tool. This package contains various miners and metadata extractors for tracker.Security Fix(es):* tracker-miners: sandbox escape (CVE-2023-5557)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-5557References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2243096

Red Hat Security Advisory 2023-7712-03

In Red Hat Advanced Cluster Security (RHACS), it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. An attacker could exploit this by convincing a valid RHACS user to visit an attacker-controlled web page, that deceptively points to valid RHACS endpoints, hijacking the user's account permissions to perform other actions.

Skip to navigation Skip to main content

**Utilities**

*   Subscriptions
*   Downloads
*   Containers
*   Support Cases

**Infrastructure and Management**

*   Red Hat Enterprise Linux
*   Red Hat Satellite
*   Red Hat Subscription Management
*   Red Hat Insights
*   Red Hat Ansible Automation Platform

**Cloud Computing**

*   Red Hat OpenShift
*   Red Hat OpenStack Platform
*   Red Hat OpenShift Container Platform
*   Red Hat OpenShift Data Science
*   Red Hat OpenShift Dedicated
*   Red Hat Advanced Cluster Security for Kubernetes
*   Red Hat Advanced Cluster Management for Kubernetes
*   Red Hat Quay
*   OpenShift Dev Spaces
*   Red Hat OpenShift Service on AWS

**Storage**

*   Red Hat Gluster Storage
*   Red Hat Hyperconverged Infrastructure
*   Red Hat Ceph Storage
*   Red Hat OpenShift Data Foundation

**Runtimes**

*   Red Hat Runtimes
*   Red Hat JBoss Enterprise Application Platform
*   Red Hat Data Grid
*   Red Hat JBoss Web Server
*   Red Hat Single Sign On
*   Red Hat support for Spring Boot
*   Red Hat build of Node.js
*   Red Hat build of Quarkus

**Integration and Automation**

All Products

Issued:

2023-09-18

Updated:

2023-09-18

**RHSA-2023:5206 - Security Advisory**

*   Overview
*   Updated Images

**Synopsis**

Moderate: RHACS 4.2 enhancement and security update

**Type/Severity**

Security Advisory: Moderate

**Topic**

Updated images are now available for Red Hat Advanced Cluster Security (RHACS).  

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

**Description**

The release of RHACS 4.2 provides these changes:  

Security Fix(es):  

*   stackrox: Missing HTTP security headers allows for clickjacking in web UI (CVE-2023-4958)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.  

New Features  

RHACS 4.2 includes the following new features, improvements, and updates:  

Platform  

*   Bring your own PostgreSQL database for RHACS Central (Technology Preview)
*   The CORE BPF collection method is now GA
*   RHACS Product usage report
*   Performance improvements for the Compliance dashboard

Vulnerability management  

*   Vulnerability scanning support for Registry Mirrors in OpenShift Container Platform
*   Configure delegated image scanning in the RHACS portal
*   Define new system policies using CVE age or fixability
*   On-demand and downloadable CVE report in Vulnerability Management 2.0
*   Scanner supports additional operating systems

Network Security  

*   Improvements to runtime network policy generation
*   Build time Network Policy tools (Technology Preview)
*   New Listening Endpoints menu in the RHACS portal
*   Viewing network policy YAML files from a violation

For notable technical changes, deprecated and removed features, and bug fixes, see the Release Notes.

**Solution**

To take advantage of the new features, bug fixes, and enhancements in RHACS 4.2, you are advised to upgrade to RHACS 4.2.

**Affected Products**

*   Red Hat Advanced Cluster Security for Kubernetes 4 x86\_64
*   Red Hat Advanced Cluster Security for Kubernetes for IBM Z and LinuxONE 4 s390x
*   Red Hat Advanced Cluster Security for Kubernetes for IBM Power, little endian 4 ppc64le

**Fixes**

*   BZ - 1990363 - CVE-2023-4958 stackrox: Missing HTTP security headers allows for clickjacking in web UI
*   ROX-19688 - Release RHACS 4.2.0

**References**

*   https://access.redhat.com/security/updates/classification/#moderate
*   https://docs.openshift.com/acs/4.2/release\_notes/42-release-notes.html

**ppc64le**

advanced-cluster-security/rhacs-central-db-rhel8@sha256:a6f0560462f70d081ecd633dab7fe3812a9a05ede057dcfc85c78aebcbfcf7fb

advanced-cluster-security/rhacs-collector-rhel8@sha256:daec224b2d21db1d0f896c376bc57896f3d322699ea860c9af3daeb0fdf60c26

advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:99cea72009375b9fe0d351d2dc74d0b08f303daf8fd3d054f34301b2a7b9874e

advanced-cluster-security/rhacs-main-rhel8@sha256:e6cd211b07ec198e643043636bc43e32128a99a455594986f54d01f909eb97e1

advanced-cluster-security/rhacs-operator-bundle@sha256:e2262de639260486a1942d9c7a8be075a96888519c65b0ccd41f1360978300ac

advanced-cluster-security/rhacs-rhel8-operator@sha256:fa7fd49bfc458b712c26f122e22520e685b036dcf65c204f7b6385cd53cdc9b3

advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b3faa186bd4e7d7949314abb298b67fec93eba13c9028b2d597141f3ecfadaa8

advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a8010cccaa062270ae1c2214a46ebedbf9dd55caa848d2063ade69eed1cefcf

advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0bd96c2875a801820c1a042b854c903b7ff7f577f286d1b42688d084f4ac369b

advanced-cluster-security/rhacs-scanner-rhel8@sha256:491b67f1b2930996a975fe3b4088020538c78db6f3060447699795a30e74b54b

advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:df0d1098be46a3b4ab9374a3eff318410a955f014961b08ecaf416e9535f005a

**s390x**

advanced-cluster-security/rhacs-central-db-rhel8@sha256:655da98b70cce7d0d8eda8c8d13d13e4abb56d240a7dcc86c9a1ecf74524095f

advanced-cluster-security/rhacs-collector-rhel8@sha256:7d6b22c16ffc10dbe11d5d783e1c7efa7f39de054a3a2332c807bdf63bcd1c71

advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7cd77dd8ba37e7df2802ef44bda69e4305631729c981a673a0a31433f4d05663

advanced-cluster-security/rhacs-main-rhel8@sha256:64bef5c27321ed50c11018b32ae4d5de3490ad744a0f08e8e724432c75ffa775

advanced-cluster-security/rhacs-operator-bundle@sha256:85b9f7b20c8ad9552c30f6aaf772ceb5342bcf6ea90ea997eb614212fa57ed58

advanced-cluster-security/rhacs-rhel8-operator@sha256:d80fafb9e7fcd0fa9e4103ae929cfa9dc8b91851b50d17d377d8fbdf2dd0884f

advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c0cad154a2b2b90bf1ad022bfbc1edaee1d0d3ebbae99c296afbc4e423d49adc

advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:6c9a79f505c45e604b51ce9d29a7472e23da6f33011635afcac5dc96d3c8a413

advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:bc4c81fc092d4bffca4742030a197b79bc80565dc4d677d7344a7d91e592e735

advanced-cluster-security/rhacs-scanner-rhel8@sha256:d4efaf6561a45aa575870b3aefcc72838618ff411fdf4d8b6c23c92598400f44

advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:e9327bd5ebfcec5ec7c76d6e47be8dfe5fc48913859a36bb9d9ddafbc11b53fe

**x86\_64**

advanced-cluster-security/rhacs-central-db-rhel8@sha256:d53ebe7252d7414e0dc756d48d806504993d43f8c3de2eebed0e1f74749cd2de

advanced-cluster-security/rhacs-collector-rhel8@sha256:11ba7bb24a938e34ca077b77730cd1524dee6d81157b7309b0725bde1dc1a658

advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8844ee1cf02d8038e8b156bc856f3f6bbe1cdca160ec79f30da39ef826d897f2

advanced-cluster-security/rhacs-main-rhel8@sha256:301a89cdc5a6aa6cc807851082a0ed58580547098c8fe35e000fe54ecbefcd1e

advanced-cluster-security/rhacs-operator-bundle@sha256:de3b2e28150c6428864fe8dd7ef325b806bc9e9881d883ba3335e00b6593618c

advanced-cluster-security/rhacs-rhel8-operator@sha256:696ef8ccb59d3f34a640ffdc18b089680a2a28189b388450080454865ce5b12e

advanced-cluster-security/rhacs-roxctl-rhel8@sha256:61efe4f465be5ac4c3ddf6a5c452d5dc7d250b8a842ec36b7cf44272de146e15

advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4f5bc6377f8b81ca0f0bebfd4cafdc7d17029e702861f7159a38bccc3e7a21c3

advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:1971e8fe13c51e6be8dd497b8ca99c8282425a6cd9735771ab6fd39a11616086

advanced-cluster-security/rhacs-scanner-rhel8@sha256:756151367af2d9ee8ba0ad7537c17841f800c2828f440baa6d73b5a071d29638

advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:97e5a3c6af61067119e6b6d7fd46b64569f06e311c21596af430e648b237b59b

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

CVE-2023-4958

A Huawei data communication product has a command injection vulnerability. Successful exploitation of this vulnerability may allow attackers to gain higher privileges.

CVE-2022-48616: Huawei NetEngine AR617VW Authenticated Root RaCE

Directory traversal in the log-download REST API endpoint in ProLion CryptoSpike 3.0.15P2 allows remote authenticated attackers to download host server SSH private keys (associated with a Linux root user) by injecting paths inside REST API endpoint parameters.

Directory traversal in the log-download REST API endpoint in ProLion CryptoSpike 3.0.15P2 allows remote authenticated attackers to download host server SSH private keys (associated with a Linux root user) by injecting paths inside REST API endpoint parameters.  
 

**Introduction**

CryptoSpike allows operators to download logs from the system through a dedicated section of the web management interface. In order to download logs, the web application leverages a REST API endpoint that is vulnerable to Directory Traversal when using as parameter a traversal path (i.e. containing "../"), thus also allowing a malicious user to access confidential data not intended to be downloaded (e.g. private SSH keys that can be used to access all system host servers with highest privileges).

**Steps to reproduce**

To consume the vulnerable REST API endpoint, a valid JWT Bearer Token belonging to a CryptoSpike user is required. For the invocation to succeed, it is required the operator only having a role with the "Logs / DOWNLOAD" permission set to READ.

The REST API endpoint is named /logs/:filename under the "API-Gateway" service on the leader node (https://leaderhostname/api/v1/Server/logs/:filename) and will be invoked using a GET http request.

Specifying a nonexistent filename as :filename parameter will lead the system to return a low level error message containing the absolute path of the required file, thus revealing the potential directory traversal vulnerability on the endpoint:

In order to confirm this, it is possible to send another request with the same filename but with relative path (input string "../downloads/NONEXISTENT" with URL encoding on all special characters), resulting in the same error message, with the same absolute path specified:

This confirms that the API is vulnerable to Directory Traversal attacks. Moreover, by analyzing the relevant Docker container filesystem being accessible via directory traversal, a sensitive file containing an unprotected SSH private key (input string "../../ssh/update_key" URL encoded as %2E%2E%2F%2E%2E%2Fssh%2Fupdate%5Fkey) has been detected, accessible via directory traversal:

By using this private key with an SSH command line client to connect to the host servers of CryptoSpike infrastructure (in the testing environment one Leader server and two Agent servers), the connection is correctly established without inputting a password and a remote shell is obtained as a user with the root privileges:

Tag

#linux