Red Hat Security Advisory 2023-7656-03 - An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include integer overflow and remote SQL injection vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7656.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: postgresql:12 security update  
Advisory ID:        RHSA-2023:7656-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7656  
Issue date:         2023-12-05  
Revision:           03  
CVE Names:          CVE-2023-5868  
====================================================================

Summary: 

An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

PostgreSQL is an advanced object-relational database management system (DBMS).

Security Fix(es):

* postgresql: Buffer overrun from integer overflow in array modification (CVE-2023-5869)

* postgresql: Memory disclosure in aggregate function calls (CVE-2023-5868)

* postgresql: extension script @substitutions@ within quoting allow SQL injection (CVE-2023-39417)

* postgresql: Role pg_signal_backend can signal certain superuser processes. (CVE-2023-5870)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-5868

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2228111  
https://bugzilla.redhat.com/show_bug.cgi?id=2247168  
https://bugzilla.redhat.com/show_bug.cgi?id=2247169  
https://bugzilla.redhat.com/show_bug.cgi?id=2247170

Red Hat Security Advisory 2023-7656-03

Ubuntu Security Notice 6529-1 - It was discovered that Request Tracker incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information.

==========================================================================  
Ubuntu Security Notice USN-6529-1  
December 04, 2023

request-tracker4 vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10  
- Ubuntu 23.04  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in Request Tracker.

Software Description:  
- request-tracker4: An enterprise-grade issue tracking system

Details:

It was discovered that Request Tracker incorrectly handled certain inputs. If  
a user or an automated system were tricked into opening a specially crafted  
input file, a remote attacker could possibly use this issue to obtain  
sensitive information. (CVE-2021-38562, CVE-2022-25802, CVE-2023-41259,  
CVE-2023-41260)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.10:  
   request-tracker4                4.4.4+dfsg-2ubuntu1.23.10.1  
   rt4-apache2                     4.4.4+dfsg-2ubuntu1.23.10.1  
   rt4-clients                     4.4.4+dfsg-2ubuntu1.23.10.1  
   rt4-db-mysql                    4.4.4+dfsg-2ubuntu1.23.10.1  
   rt4-db-postgresql               4.4.4+dfsg-2ubuntu1.23.10.1  
   rt4-db-sqlite                   4.4.4+dfsg-2ubuntu1.23.10.1  
   rt4-fcgi                        4.4.4+dfsg-2ubuntu1.23.10.1  
   rt4-standalone                  4.4.4+dfsg-2ubuntu1.23.10.1

Ubuntu 23.04:  
   request-tracker4                4.4.4+dfsg-2ubuntu1.23.04.1  
   rt4-apache2                     4.4.4+dfsg-2ubuntu1.23.04.1  
   rt4-clients                     4.4.4+dfsg-2ubuntu1.23.04.1  
   rt4-db-mysql                    4.4.4+dfsg-2ubuntu1.23.04.1  
   rt4-db-postgresql               4.4.4+dfsg-2ubuntu1.23.04.1  
   rt4-db-sqlite                   4.4.4+dfsg-2ubuntu1.23.04.1  
   rt4-fcgi                        4.4.4+dfsg-2ubuntu1.23.04.1  
   rt4-standalone                  4.4.4+dfsg-2ubuntu1.23.04.1

Ubuntu 22.04 LTS:  
   request-tracker4                4.4.4+dfsg-2ubuntu1.22.04.1  
   rt4-apache2                     4.4.4+dfsg-2ubuntu1.22.04.1  
   rt4-clients                     4.4.4+dfsg-2ubuntu1.22.04.1  
   rt4-db-mysql                    4.4.4+dfsg-2ubuntu1.22.04.1  
   rt4-db-postgresql               4.4.4+dfsg-2ubuntu1.22.04.1  
   rt4-db-sqlite                   4.4.4+dfsg-2ubuntu1.22.04.1  
   rt4-fcgi                        4.4.4+dfsg-2ubuntu1.22.04.1  
   rt4-standalone                  4.4.4+dfsg-2ubuntu1.22.04.1

Ubuntu 20.04 LTS:  
   request-tracker4                4.4.3-2+deb10u3build0.20.04.1  
   rt4-apache2                     4.4.3-2+deb10u3build0.20.04.1  
   rt4-clients                     4.4.3-2+deb10u3build0.20.04.1  
   rt4-db-mysql                    4.4.3-2+deb10u3build0.20.04.1  
   rt4-db-postgresql               4.4.3-2+deb10u3build0.20.04.1  
   rt4-db-sqlite                   4.4.3-2+deb10u3build0.20.04.1  
   rt4-fcgi                        4.4.3-2+deb10u3build0.20.04.1  
   rt4-standalone                  4.4.3-2+deb10u3build0.20.04.1

Ubuntu 18.04 LTS (Available with Ubuntu Pro):  
   request-tracker4                4.4.2-2ubuntu0.1~esm1  
   rt4-apache2                     4.4.2-2ubuntu0.1~esm1  
   rt4-clients                     4.4.2-2ubuntu0.1~esm1  
   rt4-db-mysql                    4.4.2-2ubuntu0.1~esm1  
   rt4-db-postgresql               4.4.2-2ubuntu0.1~esm1  
   rt4-db-sqlite                   4.4.2-2ubuntu0.1~esm1  
   rt4-fcgi                        4.4.2-2ubuntu0.1~esm1  
   rt4-standalone                  4.4.2-2ubuntu0.1~esm1

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6529-1  
   CVE-2021-38562, CVE-2022-25802, CVE-2023-41259, CVE-2023-41260

Package Information:  
   https://launchpad.net/ubuntu/+source/request-tracker4/4.4.4+dfsg-2ubuntu1.23.10.1  
   https://launchpad.net/ubuntu/+source/request-tracker4/4.4.4+dfsg-2ubuntu1.23.04.1  
   https://launchpad.net/ubuntu/+source/request-tracker4/4.4.4+dfsg-2ubuntu1.22.04.1

 https://launchpad.net/ubuntu/+source/request-tracker4/4.4.3-2+deb10u3build0.20.04.1

Ubuntu Security Notice USN-6529-1

October CMS version 3.4.0 suffers from a persistent cross site scripting vulnerability when a user has article posting capabilities.

    OctoberCMS v3.4.0 (Wiki_article) Stored Cross-Site Scripting VulnerabilityVendor: October CMSProduct web page: https://www.octobercms.comAffected version: 3.4.0Summary: OctoberCMS is a self-hosted content management system (CMS)based on the PHP programming language and Laravel web application framework.It supports MySQL, SQLite and PostgreSQL for the database back end anduses a flat file database for the front end structure. The October CMScovers a range of capabilities such as users, permissions, themes, andplugins, and is seen as a simpler alternative to WordPress.Desc: OctoberCMS suffers from stored cross-site scripting vulnerabilitywhen a user with the ability to create an article could perform a storedXSS attack against any other users with the ability to create an article.This can lead to execute arbitrary HTML/JS code in a user's browser sessionin context of an affected site.Tested on: macOS Monterey 12.6.3           Docker 4.12.0 (85629)           PHP/8.1.6Vulnerability discovered by Nazli Soysal Kuran                            @zeroscienceAdvisory ID: ZSL-2023-5807Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5807.php30.10.2023--Stored XSS (EntryRecord[content]):----------------------------------Endpoint: /backend/tailor/entries/wiki_articlePayload: EntryRecord%5Bcontent%5D="<script>alert(1)</script>"

October CMS 3.4.0 Wiki Article Cross Site Scripting

October CMS version 3.4.0 suffers from a persistent cross site scripting vulnerability when a user has category-creating capabilities.

    OctoberCMS v3.4.0 (Category) Stored Cross-Site Scripting VulnerabilityVendor: October CMSProduct web page: https://www.octobercms.comAffected version: 3.4.0Summary: OctoberCMS is a self-hosted content management system (CMS)based on the PHP programming language and Laravel web application framework.It supports MySQL, SQLite and PostgreSQL for the database back end anduses a flat file database for the front end structure. The October CMScovers a range of capabilities such as users, permissions, themes, andplugins, and is seen as a simpler alternative to WordPress.Desc: OctoberCMS suffers from stored cross-site scripting vulnerabilitywhen a user with the ability to a category-creating feature that storesdata persistently could create a stored XSS attack against any other usersvisiting the blog page. This can lead to execute arbitrary HTML/JS codein a user's browser session in context of an affected site.Tested on: macOS Monterey 12.6.3           Docker 4.12.0 (85629)           PHP/8.1.6Vulnerability discovered by Nazli Soysal Kuran                            @zeroscienceAdvisory ID: ZSL-2023-5806Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5806.php30.10.2023--Stored XSS (EntryRecord[title]):--------------------------------Endpoint: POST /backend/tailor/entries/blog_category/createPayload: EntryRecord%5Btitle%5D="</title><script>alert(1)</script>"

October CMS 3.4.0 Category Cross Site Scripting

October CMS version 3.4.0 suffers from a persistent cross site scripting vulnerability when a user has blog-creating capabilities.

    OctoberCMS v3.4.0 (Blog) Stored Cross-Site Scripting VulnerabilitiesVendor: October CMSProduct web page: https://www.octobercms.comAffected version: 3.4.0Summary: OctoberCMS is a self-hosted content management system (CMS)based on the PHP programming language and Laravel web application framework.It supports MySQL, SQLite and PostgreSQL for the database back end anduses a flat file database for the front end structure. The October CMScovers a range of capabilities such as users, permissions, themes, andplugins, and is seen as a simpler alternative to WordPress.Desc: OctoberCMS suffers from stored cross-site scripting vulnerabilitywhen a user with the ability to a blog-creating feature that stores datapersistently could perform a stored XSS attack against any other usersvisiting the blog page. This can lead to execute arbitrary HTML/JS codein a user's browser session in context of an affected site.Tested on: macOS Monterey 12.6.3           Docker 4.12.0 (85629)           PHP/8.1.6Vulnerability discovered by Nazli Soysal Kuran                            @zeroscienceAdvisory ID: ZSL-2023-5805Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5805.php30.10.2023--Stored XSS (GlobalRecord[blog_name]):-------------------------------------Endpoint: POST /backend/tailor/globals/blog_configPayload: GlobalRecord%5Bblog_name%5D="</title><script>alert(1)</script>"

October CMS 3.4.0 Blog Cross Site Scripting

October CMS version 3.4.0 suffers from a persistent cross site scripting vulnerability when a user has author posting capabilities.

    OctoberCMS v3.4.0 (Author) Stored Cross-Site Scripting VulnerabilityVendor: October CMSProduct web page: https://www.octobercms.comAffected version: 3.4.0Summary: OctoberCMS is a self-hosted content management system (CMS)based on the PHP programming language and Laravel web application framework.It supports MySQL, SQLite and PostgreSQL for the database back end anduses a flat file database for the front end structure. The October CMScovers a range of capabilities such as users, permissions, themes, andplugins, and is seen as a simpler alternative to WordPress.Desc: OctoberCMS suffers from stored cross-site scripting vulnerabilitywhen a user with the ability to be an author feature could perform a storedXSS attack against any other users visiting the posts by the author. Thiscan lead to execute arbitrary HTML/JS code in a user's browser sessionin context of an affected site.Tested on: macOS Monterey 12.6.3           Docker 4.12.0 (85629)           PHP/8.1.6Vulnerability discovered by Nazli Soysal Kuran                            @zeroscienceAdvisory ID: ZSL-2023-5804Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5804.php30.10.2023--Stored XSS (EntryRecord[title]):--------------------------------Endpoint: /backend/tailor/entries/blog_authorPayload: EntryRecord%5Btitle%5D ="</title><script>alert(1)</script>"

October CMS 3.4.0 Author Cross Site Scripting

October CMS version 3.4.0 suffers from a persistent cross site scripting vulnerability where a user has the ability to edit the landing/about page.

    OctoberCMS v3.4.0 (About) Stored Cross-Site Scripting VulnerabilityVendor: October CMSProduct web page: https://www.octobercms.comAffected version: 3.4.0Summary: OctoberCMS is a self-hosted content management system (CMS)based on the PHP programming language and Laravel web application framework.It supports MySQL, SQLite and PostgreSQL for the database back end anduses a flat file database for the front end structure. The October CMScovers a range of capabilities such as users, permissions, themes, andplugins, and is seen as a simpler alternative to WordPress.Desc: OctoberCMS suffers from stored cross-site scripting vulnerabilitywhen a user with the ability to edit the landing/about page. This canlead to execute arbitrary HTML/JS code in a user's browser session incontext of an affected site.Tested on: macOS Monterey 12.6.3           Docker 4.12.0 (85629)           PHP/8.1.6Vulnerability discovered by Nazli Soysal Kuran                            @zeroscienceAdvisory ID: ZSL-2023-5803Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5803.php30.10.2023--Stored XSS (EntryRecord[blocks][1][content]):---------------------------------------------Endpoint: POST /backend/tailor/entries/landing_pagePayload: EntryRecord%5Bblocks%5D%5B1%5D%5Bcontent%5D="<script>alert(1)</script>"

October CMS 3.4.0 About Cross Site Scripting

OctoberCMS suffers from stored cross-site scripting vulnerability when a user with the ability to edit the landing/about page. This can lead to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.

Title: OctoberCMS v3.4.0 (About) Stored Cross-Site Scripting Vulnerability  
Advisory ID: ZSL-2023-5803  
Type: Local/Remote  
Impact: Cross-Site Scripting  
Risk: (3/5)  
Release Date: 03.12.2023

**Summary**

OctoberCMS is a self-hosted content management system (CMS) based on the PHP programming language and Laravel web application framework. It supports MySQL, SQLite and PostgreSQL for the database back end and uses a flat file database for the front end structure. The October CMS covers a range of capabilities such as users, permissions, themes, and plugins, and is seen as a simpler alternative to WordPress.

**Description**

OctoberCMS suffers from stored cross-site scripting vulnerability when a user with the ability to edit the landing/about page. This can lead to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.

**Vendor**

October CMS - https://www.octobercms.com

**Affected Version**

3.4.0

**Tested On**

macOS Monterey 12.6.3  
Docker 4.12.0 (85629)  
PHP/8.1.6

**Vendor Status**

\[30.10.2023\] Vulnerability discovered.  
\[31.10.2023\] Contact with the vendor.  
\[06.11.2023\] Vendor asked for the details.  
\[07.11.2023\] Sent details to the vendor.  
\[11.11.2023\] Vendor asked for confirmation if the findings were within their scope.  
\[14.11.2023\] Confirmed the issues are within the scope.  
\[20.11.2023\] Vendor asked for further information on how exploits affect a public-facing website.  
\[22.11.2023\] Explained about impact of the findings in detail.  
\[29.11.2023\] Vendor didn't consider the findings as vulnerabilities.  
\[03.12.2023\] Public security advisory released.

**PoC**

octobercms\_xss(about).txt

**Credits**

Vulnerability discovered by Nazli Soysal Kuran - <nazli@zeroscience.mk\>

**References**

N/A

**Changelog**

\[03.12.2023\] - Initial release

**Contact**

Zero Science Lab

Web: https://www.zeroscience.mk  
e-mail: lab@zeroscience.mk

OctoberCMS v3.4.0 (About) Stored Cross-Site Scripting Vulnerability

OctoberCMS suffers from stored cross-site scripting vulnerability when a user with the ability to a category-creating feature that stores data persistently could create a stored XSS attack against any other users visiting the blog page. This can lead to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.

Title: OctoberCMS v3.4.0 (Category) Stored Cross-Site Scripting Vulnerability  
Advisory ID: ZSL-2023-5806  
Type: Local/Remote  
Impact: Cross-Site Scripting  
Risk: (3/5)  
Release Date: 03.12.2023

**Summary**

OctoberCMS is a self-hosted content management system (CMS) based on the PHP programming language and Laravel web application framework. It supports MySQL, SQLite and PostgreSQL for the database back end and uses a flat file database for the front end structure. The October CMS covers a range of capabilities such as users, permissions, themes, and plugins, and is seen as a simpler alternative to WordPress.

**Description**

OctoberCMS suffers from stored cross-site scripting vulnerability when a user with the ability to a category-creating feature that stores data persistently could create a stored XSS attack against any other users visiting the blog page. This can lead to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.

**Vendor**

October CMS - https://www.octobercms.com

**Affected Version**

3.4.0

**Tested On**

macOS Monterey 12.6.3  
Docker 4.12.0 (85629)  
PHP/8.1.6

**Vendor Status**

\[30.10.2023\] Vulnerability discovered.  
\[31.10.2023\] Contact with the vendor.  
\[06.11.2023\] Vendor asked for the details.  
\[07.11.2023\] Sent details to the vendor.  
\[11.11.2023\] Vendor asked for confirmation if the findings were within their scope.  
\[14.11.2023\] Confirmed the issues are within the scope.  
\[20.11.2023\] Vendor asked for further information on how exploits affect a public-facing website.  
\[22.11.2023\] Explained about impact of the findings in detail.  
\[29.11.2023\] Vendor didn't consider the findings as vulnerabilities.  
\[03.12.2023\] Public security advisory released.

**PoC**

octobercms\_xss(category).txt

**Credits**

Vulnerability discovered by Nazli Soysal Kuran - <nazli@zeroscience.mk\>

**References**

N/A

**Changelog**

\[03.12.2023\] - Initial release

**Contact**

Zero Science Lab

Web: https://www.zeroscience.mk  
e-mail: lab@zeroscience.mk

OctoberCMS v3.4.0 (Category) Stored Cross-Site Scripting Vulnerability

OctoberCMS suffers from stored cross-site scripting vulnerability when a user with the ability to a blog-creating feature that stores data persistently could perform a stored XSS attack against any other users visiting the blog page. This can lead to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.

Title: OctoberCMS v3.4.0 (Blog) Stored Cross-Site Scripting Vulnerabilities  
Advisory ID: ZSL-2023-5805  
Type: Local/Remote  
Impact: Cross-Site Scripting  
Risk: (3/5)  
Release Date: 03.12.2023

**Summary**

OctoberCMS is a self-hosted content management system (CMS) based on the PHP programming language and Laravel web application framework. It supports MySQL, SQLite and PostgreSQL for the database back end and uses a flat file database for the front end structure. The October CMS covers a range of capabilities such as users, permissions, themes, and plugins, and is seen as a simpler alternative to WordPress.

**Description**

OctoberCMS suffers from stored cross-site scripting vulnerability when a user with the ability to a blog-creating feature that stores data persistently could perform a stored XSS attack against any other users visiting the blog page. This can lead to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.

**Vendor**

October CMS - https://www.octobercms.com

**Affected Version**

3.4.0

**Tested On**

macOS Monterey 12.6.3  
Docker 4.12.0 (85629)  
PHP/8.1.6

**Vendor Status**

\[30.10.2023\] Vulnerability discovered.  
\[31.10.2023\] Contact with the vendor.  
\[06.11.2023\] Vendor asked for the details.  
\[07.11.2023\] Sent details to the vendor.  
\[11.11.2023\] Vendor asked for confirmation if the findings were within their scope.  
\[14.11.2023\] Confirmed the issues are within the scope.  
\[20.11.2023\] Vendor asked for further information on how exploits affect a public-facing website.  
\[22.11.2023\] Explained about impact of the findings in detail.  
\[29.11.2023\] Vendor didn't consider the findings as vulnerabilities.  
\[03.12.2023\] Public security advisory released.

**PoC**

octobercms\_xss(blog).txt

**Credits**

Vulnerability discovered by Nazli Soysal Kuran - <nazli@zeroscience.mk\>

**References**

N/A

**Changelog**

\[03.12.2023\] - Initial release

**Contact**

Zero Science Lab

Web: https://www.zeroscience.mk  
e-mail: lab@zeroscience.mk

Tag

#postgres