Mozilla researchers found that apps often provide inaccurate data use disclosures, giving people “a false sense of security.”

It's basically impossible to keep track of what all your mobile apps are doing and what data they share with whom and when. So over the past couple of years, Apple and Google have both added mechanisms to their app stores meant to act as a sort of privacy nutrition label, giving users some insight into how apps behave and what information they may share. These transparency tools, though, are populated with self-reported information from app developers themselves. And a new study focused on the Data Safety information in Google Play indicates that the details developers are providing are often inaccurate.

Researchers from the nonprofit software group Mozilla looked at the Data Safety information of Google Play's top 40 most-downloaded apps and rated these privacy disclosures as “poor,” “needs improvement,” or “OK.” The assessments were based on the degree to which the Data Safety information did or did not align with the information in each app's privacy policy. Sixteen of the 40 apps, including Facebook and Minecraft, received the lowest grade for their Data Safety disclosures. Fifteen apps received the middle grade. These included the Meta-owned apps Instagram and WhatsApp, but also the Google-owned YouTube, Google Maps, and Gmail. Six of the apps were awarded the highest grade, including Google Play Games and _Candy Crush Saga_.

“When you land on Twitter’s app page or TikTok’s app page and click on Data Safety, the first thing you see is these companies declaring that they don’t share data with third parties. That’s ridiculous—you immediately know something is off,” says Jen Caltrider, Mozilla’s project lead. “As a privacy researcher, I could tell this information was not going to help people make informed decisions. What’s more, a regular person reading it would most certainly walk away with a false sense of security.”

Google mandates that all app developers submitting to Google Play complete the Data Safety form. The rationale is that the developers are the ones who have the information on how their product handles data and interacts with other parties, not the app store that facilitates distribution. 

“If we find that a developer has provided inaccurate information in their Data Safety form and is in violation of the policy, we will require the developer to correct the issue to comply. Apps that aren’t compliant are subject to enforcement actions,” Google told the Mozilla researchers. The company did not address questions from WIRED about the nature of these enforcement actions or how often they have been taken.

Google refutes the researchers' methodology, though. “This report conflates company-wide privacy policies that are meant to cover a variety of products and services with individual Data Safety labels, which inform users about the data that a specific app collects,” the company says in a statement. “The arbitrary grades Mozilla Foundation assigned to apps are not a helpful measure of the safety or accuracy of labels given the flawed methodology and lack of substantiating information.”

In other words, Google is saying that the Mozilla researchers misunderstood the scope of the privacy policies they were looking at or even consulted the wrong policies entirely. But the researchers say the privacy policies they used in their analysis are the exact policies each app developer links to on Google Play, indicating that they apply to the apps in question.

“Google's own response to our research highlights the exact problem we highlighted,” Mozilla's Caltrider says. “What information are consumers to trust and rely on if the self-reported information from app developers in the Data Safety section is different from the privacy policies linked on the same app page? Ultimately, our goal is to help Google give consumers what they need to make informed decisions about their privacy. This starts with Google improving their Data Safety information.”

The report also lays out how Google's current Data Safety form creates blind spots and opportunities for developers to leave out information about how their apps behave and share user data. For example,  the form has broad exemptions for app developers to report data sharing with “service providers” and for “specific legal purposes.” And the researchers found that the definitions Google uses for the words “collection” and “sharing” are narrow, meaning that developers may not be required to report activity that users would think of as data collection and sharing. Additionally, the researchers note that Google doesn't require app developers to disclose data collection when the information is being anonymized. This is noteworthy because of debates over whether it is possible to truly anonymize data as well as a long track record of app developers making mistakes or using flawed schemes in their attempts to anonymize data.

Both Google and Mozilla's researchers note that Google Play's Data Safety mechanism is still new. And the researchers say it can be refined to be a valuable indicator for users. Without urgent reform, though, they argue that the Data Safety information is currently doing more harm than good by giving users an inaccurate privacy picture of what's going on inside their apps.

You Can’t Trust App Developers’ Privacy Claims on Google Play

With Russia regularly knocking out Ukraine’s power grid, the country has turned to high-capacity batteries to keep it connected to the world—and itself.

In January 2022, Valeria Shashenok uploaded a TikTok video of herself playing tourist in Paris: red beret, fresh croissants, posing in front of the Eiffel Tower. A month later, her videos took on a much different character: Touring the bombed-out buildings of her town, Chernihiv, Ukraine; racing for cover as the air raid sirens sounded; reviewing the military rations served in her local bomb shelter.

Through the next year, Shashenok’s social media documented her life in the early days of the war, before seeking refuge in Western Europe—and then returning to Ukraine. In October, Shashenok uploaded a video promising to show her followers “how people live without electricity in Ukraine.” More than 3 million people watched the tour of her darkened city, all set to George Michael’s “Careless Whisper.”

Since Russia invaded Ukraine a year ago tomorrow, it has worked feverishly to stop Ukrainians like Shashenok from broadcasting to the world. Yet, even with the power out, Shashenok continued streaming to the world. The enormous work that has gone on behind the scenes to make that possible is a story of resiliency, planning, and batteries.

In the early days of the war, Russian airstrikes hit cell towers, hackers targeted Ukrainian internet service providers, and soldiers cut fiber optic cables. In the areas that Russian forces managed to occupy, internet traffic was rerouted through Russia’s heavily censored and aggressively monitored version of the internet. As the war raged on—and Moscow’s territorial ambitions were rebuffed by fierce Ukrainian resistance—Moscow resorted to even more desperate tactics, like shelling energy infrastructure, plunging Ukrainians like Shashenok into the dark.

“One thing that was demonstrated by the war is how important communication is for us,” Yurii Shchyhol, the head of Ukraine’s State Service for Special Communications and Information Protection, said in a media briefing last month. “When it’s up and running, everyone thinks that everything is normal—and this is how things should be. But when the communication disappears, we realize that we cannot get in touch with our loved ones, with our relatives.”

From the first month of Russia’s full-scale invasion, SpaceX’s Starlink service helped keep Ukraine online, even as the country’s communication infrastructure was being knocked offline. “We cannot ignore the fact that Starlink has been the signal of life for Ukraine,” Olha Stefanishyna, a deputy prime minister of Ukraine, told journalists late last year. “Our government has been able to be operational because I had Starlink over my head.”

While Starlink has been a critical stopgap, Kyiv has turned its attention to getting its regular infrastructure back up and running—thanks in no small part to SpaceX CEO Elon Musk’s hot-and-cold routine with Ukraine. Just this month, SpaceX president and chief operating officer Gwynne Shotwell said the company cut off Ukraine from using Starlink to connect its fleet of drones.

“Given this huge range of instability in the position of the SpaceX CEO—from the willingness and then unwillingness to continue financial support—we’re doing contingency planning for ourselves,” Stefanishyna said.

That’s where Shchyhol’s ministry comes in. Working with private industry, his agency has laid or repaired 3,200 kilometers of fiber optic cable and built or rebuilt 1,500 mobile base stations—another name for cell towers—since the war began. That work has returned Ukraine’s mobile communications to about 77 percent of its pre-war capacity. The biggest problems are in the areas along the front lines, such as Zaporizhzhya and Odessa, and towns occupied by the Russians in Luhansk and Donetsk regions. 

Kherson, which was liberated in November, has had a particularly hard time getting back online. “When the occupiers leave the occupied areas of Ukraine, they destroy the base stations, they destroy the fiber optic cables. So in the south of the country, we rebuilt the internet from scratch,” Shchyhol said during the press conference, adding that they have managed to repair about 20 percent of Kherson’s infrastructure. That’s only one part of the challenge, Shchyhol said. There’s still “the issue of electric power supply.”

Mobile base stations are normally hooked up to the power grid, using that electricity to amplify the cell signal to the broader area. During a power outage, an on-site battery kicks in to keep the tower running. If the outage persists, a crew could arrive with a diesel generator to keep powering the tower. That means Shashenok can keep uploading TikToks by candlelight in her neighborhood restaurant.

But Ukraine hasn’t just experienced a few short outages. Since October, it has faced an onslaught of attacks against its power grid, causing long periods of darkness. Ukraine responded by outfitting around 5,000 base stations with better generators. But those generators, and the diesel they rely on, are increasingly scarce, expensive, and in high demand everywhere in Ukraine. But they’ve been necessary, as the old lead batteries attached to its base stations only run for two or three hours, if that.

So Kyiv has turned to a simple solution: better batteries.

High-capacity lithium-ion batteries mean the base stations, Shchyhol said, “should have reserve power sources for at least three days.” And they can recharge themselves when the power comes back online.

Two of the biggest telecommunications firms in Ukraine have, between them, already sourced and installed 22,000 new high-capacity batteries. Shchyhol said his ministry has identified another 8,000 base stations that need to become “energy independent.” With demand for those batteries only increasing as Russia mounts a more serious offensive to break a stalemate in eastern Ukraine, there is a scramble to source more. And not every cell company is about to source tens of thousands of those batteries on their own.

“The main reason why we can still talk and have access to the internet, first of all, is because we have a very diverse market of internet providers,” says Vitaliy Moroz, a Kyiv-based outreach and support consultant for cybersecurity firm eQualitie. “This is quite a good situation for the customers because they can switch from one ISP to another.”

The Montreal-based firm has stood up an array of tools to help Ukrainians defend themselves against Russian cyberattacks and connect Ukrainians living under occupation to uncensored news and information, creating peer-to-peer connections that aren’t reliant on local internet access.

Late last year, eQualitie began crowdfunding to source batteries for some smaller ISPs in Ukraine. The money they raised helped them buy 172 batteries from Poland—the shipment weighed about 6.5 tons. Some of those batteries went to a small ISP in Chernihiv, which services hundreds of large residential buildings in the north-central Ukrainian city. ”With just five batteries, which they received within this donation, it means that tens of thousands of residents of Chernihiv remain connected,” Moroz says—residents like Valeria Shashenok.

“The issue of connectivity is not very clear for everyone,” Moroz says the morning after another wave of airstrikes on the country’s energy grid. “Ukrainians have, for example, apps or websites where they can follow all the air alarms, which may happen almost every day.”

Internet and mobile service in Ukraine is surprisingly good, even by American standards. Moroz points out that for about $8 per month, Ukrainians can get download speeds of around 100 megabytes per second. “People now need immediate information. They want to know, right now, what's happening,” he says. “So access to internet … means security for people, it means being connected with their families and friends.”

Staying connected also means staying hopeful.

When the Ukrainian Army liberated Izium, which is near the border of Dontesk, they also liberated the residents from Russian propaganda—the only source of news for many in the city. “They believed Kharkiv was also surrounded by Russians. And it was under Russian control, which is not true,” Moroz says. 

“So all this, the combined efforts to keep Ukraine connected, is because everyone understands that the ultimate goal of Russia is to demoralize civilians—because if civilians are demoralized, the government will lose support,” Moroz says. “Instead, it’s the opposite: Civilians realize they might have some hardship in their lives, but still they manage to build their lives around all these difficulties.”

eQualitie is still raising money to purchase a new shipment of batteries to Ukraine. Shchyhol, meanwhile, is bullish that he could get Ukraine’s mobile networks back to 100 percent.

But, like many aspects of this war, Ukraine continues preparing for the worst. Late last year, after waves of brutal assaults on Ukraine’s cities and critical infrastructure, president Volodmyr Zelensky announced the creation of thousands of Points of Invincibility across the country—in government buildings, pharmacies, gas stations, and banks.

“All basic services will be there, including electricity, mobile communications and the Internet, heat, water, and a first-aid kit,” Zelensky posted on Telegram. “Absolutely free and 24/7.” The sites will be powered by generators and connected to the world via Starlink.

“This is what the Russian flag means—complete desolation,” Zelensky said in another address in November. “There is no electricity, no communication, no internet, no television. The occupiers destroyed everything themselves—on purpose.”

Batteries Are Ukraine’s Secret Weapon Against Russia

Materials research organizations in Asia have been targeted by a previously unknown threat actor using a distinct set of tools.
Symantec, by Broadcom Software, is tracking the cluster under the moniker Clasiopa. The origins of the hacking group and its affiliations are currently unknown, but there are hints that suggest the adversary could have ties to India.
This includes references to "

Materials research organizations in Asia have been targeted by a previously unknown threat actor using a distinct set of tools.

Symantec, by Broadcom Software, is tracking the cluster under the moniker **Clasiopa**. The origins of the hacking group and its affiliations are currently unknown, but there are hints that suggest the adversary could have ties to India.

This includes references to "SAPTARISHI-ATHARVAN-101" in a custom backdoor and the use of the password "iloveindea1998^\_^" for a ZIP archive.

It's worth noting that Saptarishi, meaning "Seven sages" in Sanskrit, refers to a group of seers who are revered in Hindu literature. Atharvan was an ancient Hindu priest and is believed to have co-authored one of the four Vedas, a collection of religious scriptures in Hinduism.

"While these details could suggest that the group is based in India, it is also quite likely that the information was planted as false flags, with the password in particular seeming to be an overly obvious clue," Symantec said in a report shared with The Hacker News.

Also unclear is the exact means of initial access, although it's suspected that the cyber incursions take advantage of brute-force attacks on internet-facing servers.

Some of the key hallmarks of the intrusions involve clearing system monitor (Sysmon) and event logs as well as the deployment of the multiple backdoors, such as Atharvan and a modified version of the open source Lilith RAT, to gather and exfiltrate sensitive information.

Atharvan is further capable of contacting a hard-coded command-and-control (C&C) server to retrieve files and run arbitrary executables on the infected host.

"The hard-coded C&C addresses seen in one of the samples analyzed to date was for Amazon AWS South Korea (Seoul) region, which is not a common location for C&C infrastructure," the company pointed out.

The disclosure comes a day after the cybersecurity firm took the wraps off another hitherto undocumented threat group known as Hydrochasma that has been observed targeting shipping companies and medical laboratories in Asia.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

New Hacking Cluster 'Clasiopa' Targeting Materials Research Organizations in Asia

ThingsBoard 3.4.1 could allow a remote attacker to gain elevated privileges because hard-coded service credentials (usable for privilege escalation) are stored in an insecure format. (To read this stored data, the attacker needs access to the application server or its source code.)

CVE-2023-26462: ThingsBoard Release Notes

A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL server.

CVE-2023-22974: OpenEMR Patches - OpenEMR Project Wiki

Organizations are urged to update to the latest versions of FortiNAC to patch a flaw that allows unauthenticated attackers to write arbitrary files on the system.

Researchers have released details for how to exploit a critical remote code execution (RCE) bug in Fortinet's FortiNAC product, which allows an unauthenticated attacker to write arbitrary files on the system and achieve RCE as a root user.

Organizations use FortiNAC as a network access control solution to oversee and secure all digital assets connected to the enterprise network. The product can be used to manage a range of devices, including: corporate endpoints, Internet of Things (IoT), operational technology and industrial control systems (OT/ICS), and connected medical devices (IoMT), among others. The idea is to provide visibility, control, and automated response for everything that connects to the network, and as such, the device offers a golden opportunity for attackers to pivot and move deep into networks, enumerate environments, steal sensitive information, and more.

Researchers at Horizon3.ai released a blog post with a technical analysis of and proof of concept (POC) exploit for the vulnerability, tracked as CVE-2022-39952, and revealed and patched by Fortinet last week. They subsequently released the exploit code on GitHub.

Fortinet's Gwendal Guégniaud discovered the vulnerability, which earned a critical rating of 9.8 on the CVSS vulnerability-severity scale. The bug allows attackers to take external control of a file name or path vulnerability in the FortiNAC Web server, Fortinet said in its advisory, thus allowing unauthenticated arbitrary writes on the system.

Fortinet has patched in its affected product versions, with customers urged to update to FortiNAC version 9.4.1 or above, FortiNAC version 9.2.6 or above, FortiNAC version 9.1.8, or FortiNAC version 7.2.0 or above.

**How to Exploit the Fortinet FortiNAC Flaw**

While there are several ways for attackers to obtain RCE by exploiting arbitrary file write flaws, the researchers wrote what's called a "cron job to /etc/cron.d/" to take advantage of the vulnerability, they said.

The researchers extracted filesystems from both the vulnerable and patched versions of the product to examine the flaw, finding that Fortinet removed an offending file called /bsc/campusMgr/ui/ROOT/configWizard/keyUpload.jsp in the update that patches the bug. It turns out that file allowed an unauthenticated endpoint to parse requests that supply a file in the key parameter and then write it to /bsc/campusMgr/config.applianceKey, the researchers said.

To exploit this flaw, researchers successfully wrote the file and made a call that executes a bash script, which in turn can unzip the file that was just written. The unzip process "will allow placing files in any paths as long as they do not traverse above the current working directory," Horizon3.ai's chief attack engineer Zach Hanley wrote in the blog post. "Because the working directory is /, the call unzip inside the bash script allows any arbitrary file to be written."

"Immediately, seeing this call on the attacker-controlled file gave us flashbacks to a few recent vulnerabilities we’ve looked at that have abused archive unpacking," he added.

Researchers used the aforementioned cron job — which entails using the code /etc/cron.d/payload — to weaponize the flaw. The job gets triggered every minute and initiates a reverse shell to the attacker. To do this, researchers created a zip archive that contains a file and specifies the path for extraction, and then sent the malicious zip file to the vulnerable endpoint in the key field, they said.

"Within a minute, we get a reverse shell as the root user," which then can allow for remote code to be executed, Hanley wrote.

**History of Attacker Interest**

Historically, attackers have had a tendency to pounce on Fortinet flaws — sometimes even before the company knows they exist. Since they offer a prime opportunity to gain a foothold on enterprise networks, it would be prudent for any organizations running affected versions of FortiNAC to update to the patched products ASAP. So far, neither Fortinet nor Horizon3.ai are aware of any instances of attackers taking advantage of the flaw, but now that the latter's proof of concept is released, with step-by-step details on how it can be exploited, this is likely to change. 

As recently as January, the researchers tied a sophisticated new backdoor dubbed BoldMove to a zero-day vulnerability that Fortinet discovered in multiple versions of its FortiOS and FortiProxy technologies in December. The flaw allowed an unauthenticated attacker to execute arbitrary code on affected systems. In the zero-day attack, a China-based threat actor engaged in cyber-espionage operations apparently had written the malware to run specifically on Fortinet's FortiGate firewalls even before the vulnerability was made public and patched, the researchers discovered.

In October, attackers also showed significant interest in a critical authentication bypass vulnerability in multiple versions of Fortinet's FortiOS, FortiProxy, and FortiSwitchManager technologies, particularly after exploit code for the flaw was released.

Exploit Code Released for Critical Fortinet RCE Bug

Apple has revised the security advisories it released last month to include three new vulnerabilities impacting iOS, iPadOS, and macOS.
The first flaw is a race condition in the Crash Reporter component (CVE-2023-23520) that could enable a malicious actor to read arbitrary files as root. The iPhone maker said it addressed the issue with additional validation.
The two other vulnerabilities,

Endpoint Security / Software Update

Apple has revised the security advisories it released last month to include three new vulnerabilities impacting iOS, iPadOS, and macOS.

The first flaw is a race condition in the Crash Reporter component (CVE-2023-23520) that could enable a malicious actor to read arbitrary files as root. The iPhone maker said it addressed the issue with additional validation.

The two other vulnerabilities, credited to Trellix researcher Austin Emmitt, reside in the Foundation framework (CVE-2023-23530 and CVE-2023-23531) and could be weaponized to achieve code execution.

"An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges," Apple said, adding it patched the issues with "improved memory handling."

The medium to high-severity vulnerabilities have been patched in iOS 16.3, iPadOS 16.3, and macOS Ventura 13.2 that were shipped on January 23, 2023.

Trellix, in its own report on Tuesday, classified the two flaws as a "new class of bugs that allow bypassing code signing to execute arbitrary code in the context of several platform applications, leading to escalation of privileges and sandbox escape on both macOS and iOS."

The bugs also bypass mitigations Apple put in place to address zero-click exploits like FORCEDENTRY that was leveraged by Israeli mercenary spyware vendor NSO Group to deploy Pegasus on targets' devices.

As a result, a threat actor could exploit these vulnerabilities to break out of the sandbox and execute malicious code with elevated permissions, potentially granting access to calendar, address book, messages, location data, call history, camera, microphone, and photos.

Even more troublingly, the security defects could be abused to install arbitrary applications or even wipe the device. That said, exploitation of the flaws requires an attacker to have already obtained an initial foothold into it.

"The vulnerabilities above represent a significant breach of the security model of macOS and iOS which relies on individual applications having fine-grained access to the subset of resources they need and querying higher privileged services to get anything else," Emmitt said.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Apple Warns of 3 New Vulnerabilities Affecting iPhone, iPad, and Mac Devices

Red Hat Security Advisory 2023-0856-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: kernel security update  
Advisory ID:       RHSA-2023:0856-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0856  
Issue date:        2023-02-21  
CVE Names:         CVE-2022-2964 CVE-2022-3564 CVE-2022-4378  
====================================================================  
1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 8.1  
Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS E4S (v. 8.1) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* kernel: memory corruption in AX88179_178A based USB ethernet device.  
(CVE-2022-2964)

* kernel: use-after-free caused by l2cap_reassemble_sdu() in  
net/bluetooth/l2cap_core.c (CVE-2022-3564)

* kernel: stack overflow in do_proc_dointvec and proc_skip_spaces  
(CVE-2022-4378)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2067482 - CVE-2022-2964 kernel: memory corruption in AX88179_178A based USB ethernet device.  
2150999 - CVE-2022-3564 kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c  
2152548 - CVE-2022-4378 kernel: stack overflow in do_proc_dointvec and proc_skip_spaces

6. Package List:

Red Hat Enterprise Linux BaseOS E4S (v. 8.1):

Source:  
kernel-4.18.0-147.80.1.el8_1.src.rpm

aarch64:  
bpftool-4.18.0-147.80.1.el8_1.aarch64.rpm  
bpftool-debuginfo-4.18.0-147.80.1.el8_1.aarch64.rpm  
kernel-4.18.0-147.80.1.el8_1.aarch64.rpm  
kernel-core-4.18.0-147.80.1.el8_1.aarch64.rpm  
kernel-cross-headers-4.18.0-147.80.1.el8_1.aarch64.rpm  
kernel-debug-4.18.0-147.80.1.el8_1.aarch64.rpm  
kernel-debug-core-4.18.0-147.80.1.el8_1.aarch64.rpm  
kernel-debug-debuginfo-4.18.0-147.80.1.el8_1.aarch64.rpm  
kernel-debug-devel-4.18.0-147.80.1.el8_1.aarch64.rpm  
kernel-debug-modules-4.18.0-147.80.1.el8_1.aarch64.rpm  
kernel-debug-modules-extra-4.18.0-147.80.1.el8_1.aarch64.rpm  
kernel-debuginfo-4.18.0-147.80.1.el8_1.aarch64.rpm  
kernel-debuginfo-common-aarch64-4.18.0-147.80.1.el8_1.aarch64.rpm  
kernel-devel-4.18.0-147.80.1.el8_1.aarch64.rpm  
kernel-headers-4.18.0-147.80.1.el8_1.aarch64.rpm  
kernel-modules-4.18.0-147.80.1.el8_1.aarch64.rpm  
kernel-modules-extra-4.18.0-147.80.1.el8_1.aarch64.rpm  
kernel-tools-4.18.0-147.80.1.el8_1.aarch64.rpm  
kernel-tools-debuginfo-4.18.0-147.80.1.el8_1.aarch64.rpm  
kernel-tools-libs-4.18.0-147.80.1.el8_1.aarch64.rpm  
perf-4.18.0-147.80.1.el8_1.aarch64.rpm  
perf-debuginfo-4.18.0-147.80.1.el8_1.aarch64.rpm  
python3-perf-4.18.0-147.80.1.el8_1.aarch64.rpm  
python3-perf-debuginfo-4.18.0-147.80.1.el8_1.aarch64.rpm

noarch:  
kernel-abi-whitelists-4.18.0-147.80.1.el8_1.noarch.rpm  
kernel-doc-4.18.0-147.80.1.el8_1.noarch.rpm

ppc64le:  
bpftool-4.18.0-147.80.1.el8_1.ppc64le.rpm  
bpftool-debuginfo-4.18.0-147.80.1.el8_1.ppc64le.rpm  
kernel-4.18.0-147.80.1.el8_1.ppc64le.rpm  
kernel-core-4.18.0-147.80.1.el8_1.ppc64le.rpm  
kernel-cross-headers-4.18.0-147.80.1.el8_1.ppc64le.rpm  
kernel-debug-4.18.0-147.80.1.el8_1.ppc64le.rpm  
kernel-debug-core-4.18.0-147.80.1.el8_1.ppc64le.rpm  
kernel-debug-debuginfo-4.18.0-147.80.1.el8_1.ppc64le.rpm  
kernel-debug-devel-4.18.0-147.80.1.el8_1.ppc64le.rpm  
kernel-debug-modules-4.18.0-147.80.1.el8_1.ppc64le.rpm  
kernel-debug-modules-extra-4.18.0-147.80.1.el8_1.ppc64le.rpm  
kernel-debuginfo-4.18.0-147.80.1.el8_1.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-4.18.0-147.80.1.el8_1.ppc64le.rpm  
kernel-devel-4.18.0-147.80.1.el8_1.ppc64le.rpm  
kernel-headers-4.18.0-147.80.1.el8_1.ppc64le.rpm  
kernel-modules-4.18.0-147.80.1.el8_1.ppc64le.rpm  
kernel-modules-extra-4.18.0-147.80.1.el8_1.ppc64le.rpm  
kernel-tools-4.18.0-147.80.1.el8_1.ppc64le.rpm  
kernel-tools-debuginfo-4.18.0-147.80.1.el8_1.ppc64le.rpm  
kernel-tools-libs-4.18.0-147.80.1.el8_1.ppc64le.rpm  
perf-4.18.0-147.80.1.el8_1.ppc64le.rpm  
perf-debuginfo-4.18.0-147.80.1.el8_1.ppc64le.rpm  
python3-perf-4.18.0-147.80.1.el8_1.ppc64le.rpm  
python3-perf-debuginfo-4.18.0-147.80.1.el8_1.ppc64le.rpm

s390x:  
bpftool-4.18.0-147.80.1.el8_1.s390x.rpm  
bpftool-debuginfo-4.18.0-147.80.1.el8_1.s390x.rpm  
kernel-4.18.0-147.80.1.el8_1.s390x.rpm  
kernel-core-4.18.0-147.80.1.el8_1.s390x.rpm  
kernel-cross-headers-4.18.0-147.80.1.el8_1.s390x.rpm  
kernel-debug-4.18.0-147.80.1.el8_1.s390x.rpm  
kernel-debug-core-4.18.0-147.80.1.el8_1.s390x.rpm  
kernel-debug-debuginfo-4.18.0-147.80.1.el8_1.s390x.rpm  
kernel-debug-devel-4.18.0-147.80.1.el8_1.s390x.rpm  
kernel-debug-modules-4.18.0-147.80.1.el8_1.s390x.rpm  
kernel-debug-modules-extra-4.18.0-147.80.1.el8_1.s390x.rpm  
kernel-debuginfo-4.18.0-147.80.1.el8_1.s390x.rpm  
kernel-debuginfo-common-s390x-4.18.0-147.80.1.el8_1.s390x.rpm  
kernel-devel-4.18.0-147.80.1.el8_1.s390x.rpm  
kernel-headers-4.18.0-147.80.1.el8_1.s390x.rpm  
kernel-modules-4.18.0-147.80.1.el8_1.s390x.rpm  
kernel-modules-extra-4.18.0-147.80.1.el8_1.s390x.rpm  
kernel-tools-4.18.0-147.80.1.el8_1.s390x.rpm  
kernel-tools-debuginfo-4.18.0-147.80.1.el8_1.s390x.rpm  
kernel-zfcpdump-4.18.0-147.80.1.el8_1.s390x.rpm  
kernel-zfcpdump-core-4.18.0-147.80.1.el8_1.s390x.rpm  
kernel-zfcpdump-debuginfo-4.18.0-147.80.1.el8_1.s390x.rpm  
kernel-zfcpdump-devel-4.18.0-147.80.1.el8_1.s390x.rpm  
kernel-zfcpdump-modules-4.18.0-147.80.1.el8_1.s390x.rpm  
kernel-zfcpdump-modules-extra-4.18.0-147.80.1.el8_1.s390x.rpm  
perf-4.18.0-147.80.1.el8_1.s390x.rpm  
perf-debuginfo-4.18.0-147.80.1.el8_1.s390x.rpm  
python3-perf-4.18.0-147.80.1.el8_1.s390x.rpm  
python3-perf-debuginfo-4.18.0-147.80.1.el8_1.s390x.rpm

x86_64:  
bpftool-4.18.0-147.80.1.el8_1.x86_64.rpm  
bpftool-debuginfo-4.18.0-147.80.1.el8_1.x86_64.rpm  
kernel-4.18.0-147.80.1.el8_1.x86_64.rpm  
kernel-core-4.18.0-147.80.1.el8_1.x86_64.rpm  
kernel-cross-headers-4.18.0-147.80.1.el8_1.x86_64.rpm  
kernel-debug-4.18.0-147.80.1.el8_1.x86_64.rpm  
kernel-debug-core-4.18.0-147.80.1.el8_1.x86_64.rpm  
kernel-debug-debuginfo-4.18.0-147.80.1.el8_1.x86_64.rpm  
kernel-debug-devel-4.18.0-147.80.1.el8_1.x86_64.rpm  
kernel-debug-modules-4.18.0-147.80.1.el8_1.x86_64.rpm  
kernel-debug-modules-extra-4.18.0-147.80.1.el8_1.x86_64.rpm  
kernel-debuginfo-4.18.0-147.80.1.el8_1.x86_64.rpm  
kernel-debuginfo-common-x86_64-4.18.0-147.80.1.el8_1.x86_64.rpm  
kernel-devel-4.18.0-147.80.1.el8_1.x86_64.rpm  
kernel-headers-4.18.0-147.80.1.el8_1.x86_64.rpm  
kernel-modules-4.18.0-147.80.1.el8_1.x86_64.rpm  
kernel-modules-extra-4.18.0-147.80.1.el8_1.x86_64.rpm  
kernel-tools-4.18.0-147.80.1.el8_1.x86_64.rpm  
kernel-tools-debuginfo-4.18.0-147.80.1.el8_1.x86_64.rpm  
kernel-tools-libs-4.18.0-147.80.1.el8_1.x86_64.rpm  
perf-4.18.0-147.80.1.el8_1.x86_64.rpm  
perf-debuginfo-4.18.0-147.80.1.el8_1.x86_64.rpm  
python3-perf-4.18.0-147.80.1.el8_1.x86_64.rpm  
python3-perf-debuginfo-4.18.0-147.80.1.el8_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2964  
https://access.redhat.com/security/cve/CVE-2022-3564  
https://access.redhat.com/security/cve/CVE-2022-4378  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY/S5BtzjgjWX9erEAQixkQ/+OcAAg7yLEaB5GH71rCSH1DsWYVfHzwM2  
bjGZsGltWHbF/M8KQnf1k/bup/5bugq1Eaf6ICseroDPs4VtvitE+MeUP7J+7LD+  
hovfavVkZWCtw+fqpbbkWD5eGSGWkfFB1lAOnV2w7dy3N+FHrSDxMqx5pfNLCNtg  
crFm7/LbNLz0g2qfL7pNK83LxuwLAK7uZjskgKMDaIm1eyTdjsWTyqc6g8duwS7Y  
+YRwUnna6MMwaC5mu1CL65zCth0YvVB5BHTbQg4VBI7IfAssZl+YKidJfSJLSeX9  
VfgMd8DK215xjDh3kinxZ4HwOqX3DI1vLudBMXpAjZff+ncrVVsFxeFlaymkgEGq  
it6XhwEB3Z/bEu6J3tobfjZO1sLb677MeiBiTd2b8k3luLze4IpQACJIKlj6gzHL  
nNvSD8Qu0tixaThIFrTQXpTQAxfAYuJP3c2h9d2s5U7dkRCOs3ar6PCEj28+N9h3  
DXG0b4ttgTmChc8Np+MPRo9FlgIS9PpHwE9mTTKh3LV5EIXfLZ4bgBOVyIWAZFtj  
/ntMQFj1q0/nKdQ9dtv/Pt3p9Uq1IPDBn6zEfWUBzbGQ0rZyfwoZJ8gIV10AqF5u  
T/vHXnFqhiJtxE/IRHBTsx6YRveq0zO9XsOXLoTM8E3UWIYcra94WLYQms6yXHAj  
qzdar0rOwuU=n34T  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0856-01

Red Hat Security Advisory 2023-0858-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: kpatch-patch security update  
Advisory ID:       RHSA-2023:0858-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0858  
Issue date:        2023-02-21  
CVE Names:         CVE-2022-2964 CVE-2022-3564 CVE-2022-4378  
====================================================================  
1. Summary:

An update for kpatch-patch is now available for Red Hat Enterprise Linux  
8.1 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS E4S (v. 8.1) - ppc64le, x86_64

3. Description:

This is a kernel live patch module which is automatically loaded by the RPM  
post-install script to modify the code of a running kernel.

Security Fix(es):

* kernel: memory corruption in AX88179_178A based USB ethernet device.  
(CVE-2022-2964)

* kernel: use-after-free caused by l2cap_reassemble_sdu() in  
net/bluetooth/l2cap_core.c (CVE-2022-3564)

* kernel: stack overflow in do_proc_dointvec and proc_skip_spaces  
(CVE-2022-4378)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2067482 - CVE-2022-2964 kernel: memory corruption in AX88179_178A based USB ethernet device.  
2150999 - CVE-2022-3564 kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c  
2152548 - CVE-2022-4378 kernel: stack overflow in do_proc_dointvec and proc_skip_spaces

6. Package List:

Red Hat Enterprise Linux BaseOS E4S (v. 8.1):

Source:  
kpatch-patch-4_18_0-147_70_1-1-3.el8_1.src.rpm  
kpatch-patch-4_18_0-147_74_1-1-3.el8_1.src.rpm  
kpatch-patch-4_18_0-147_76_1-1-2.el8_1.src.rpm  
kpatch-patch-4_18_0-147_77_1-1-2.el8_1.src.rpm  
kpatch-patch-4_18_0-147_78_1-1-1.el8_1.src.rpm

ppc64le:  
kpatch-patch-4_18_0-147_70_1-1-3.el8_1.ppc64le.rpm  
kpatch-patch-4_18_0-147_70_1-debuginfo-1-3.el8_1.ppc64le.rpm  
kpatch-patch-4_18_0-147_70_1-debugsource-1-3.el8_1.ppc64le.rpm  
kpatch-patch-4_18_0-147_74_1-1-3.el8_1.ppc64le.rpm  
kpatch-patch-4_18_0-147_74_1-debuginfo-1-3.el8_1.ppc64le.rpm  
kpatch-patch-4_18_0-147_74_1-debugsource-1-3.el8_1.ppc64le.rpm  
kpatch-patch-4_18_0-147_76_1-1-2.el8_1.ppc64le.rpm  
kpatch-patch-4_18_0-147_76_1-debuginfo-1-2.el8_1.ppc64le.rpm  
kpatch-patch-4_18_0-147_76_1-debugsource-1-2.el8_1.ppc64le.rpm  
kpatch-patch-4_18_0-147_77_1-1-2.el8_1.ppc64le.rpm  
kpatch-patch-4_18_0-147_77_1-debuginfo-1-2.el8_1.ppc64le.rpm  
kpatch-patch-4_18_0-147_77_1-debugsource-1-2.el8_1.ppc64le.rpm  
kpatch-patch-4_18_0-147_78_1-1-1.el8_1.ppc64le.rpm  
kpatch-patch-4_18_0-147_78_1-debuginfo-1-1.el8_1.ppc64le.rpm  
kpatch-patch-4_18_0-147_78_1-debugsource-1-1.el8_1.ppc64le.rpm

x86_64:  
kpatch-patch-4_18_0-147_70_1-1-3.el8_1.x86_64.rpm  
kpatch-patch-4_18_0-147_70_1-debuginfo-1-3.el8_1.x86_64.rpm  
kpatch-patch-4_18_0-147_70_1-debugsource-1-3.el8_1.x86_64.rpm  
kpatch-patch-4_18_0-147_74_1-1-3.el8_1.x86_64.rpm  
kpatch-patch-4_18_0-147_74_1-debuginfo-1-3.el8_1.x86_64.rpm  
kpatch-patch-4_18_0-147_74_1-debugsource-1-3.el8_1.x86_64.rpm  
kpatch-patch-4_18_0-147_76_1-1-2.el8_1.x86_64.rpm  
kpatch-patch-4_18_0-147_76_1-debuginfo-1-2.el8_1.x86_64.rpm  
kpatch-patch-4_18_0-147_76_1-debugsource-1-2.el8_1.x86_64.rpm  
kpatch-patch-4_18_0-147_77_1-1-2.el8_1.x86_64.rpm  
kpatch-patch-4_18_0-147_77_1-debuginfo-1-2.el8_1.x86_64.rpm  
kpatch-patch-4_18_0-147_77_1-debugsource-1-2.el8_1.x86_64.rpm  
kpatch-patch-4_18_0-147_78_1-1-1.el8_1.x86_64.rpm  
kpatch-patch-4_18_0-147_78_1-debuginfo-1-1.el8_1.x86_64.rpm  
kpatch-patch-4_18_0-147_78_1-debugsource-1-1.el8_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2964  
https://access.redhat.com/security/cve/CVE-2022-3564  
https://access.redhat.com/security/cve/CVE-2022-4378  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY/S5GtzjgjWX9erEAQjDaQ/+K2/JSQxHF70CNS0vPeYEr/ouzFTw7W5p  
qmKneaSyCgiRNWzTlWIogciiVFbjsQTQVT09bi3zAV9RJ38x9NRljvFPrp3MkZ0P  
JxidOho1+EhUYi0VT+vxEZw56UyEliIzHC7flka9WagAUb58VlymdH9lsLpRkZdc  
LZIOgEhvN99X8161kfmX95VdnrOCVl9dqCHTvAt7DeNkKLFXjnFGrkbysrfZ0jBD  
UZNkygV8S2eGLs6jPVsWO+lyiBR3WyEmYXrN1UPg2t6T57jw/nPZMguGWKVp5n2b  
hAK+ngZLmVBtuDwqIQUU1XCFV79cN5ImoeP5AxG7rh2YxQLOQZG+t8z7FmGf9ux7  
vV9y1eoqUTDEGLyXC83ulc33C1zX1+juFX2NUY56Ojidsnruq+hCHwE3DZzl8R9C  
FIIPwzOGAwIhZWMcxTz9yBZTphlrlnWoMXBe+fE7pl5SH+gfE/KqMA7bh3g0PA9/  
jZuQod7arkIBnPI6z1wgY3mBpOwgAO072qQhn+JjTsJvVenMH2c//fiDjPw5V6hf  
rxi/fcT9zZPQpYveYMiQZmFh/wnSqTaG1o4EF6gz1cSuDupOEXo1JX07o4x44nQX  
ThdiYXQM+zzdm7p3Nbm3HWHxw0oNbhCrbKSAKbhNWyvfTe4PZ2VqUAhA+W9wV1hJ  
6JxZknfHE4Y=sbYl  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0858-01

Red Hat Security Advisory 2023-0857-01 - The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Issues addressed include a file download vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: pcs security update  
Advisory ID:       RHSA-2023:0857-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0857  
Issue date:        2023-02-21  
CVE Names:         CVE-2022-45442  
====================================================================  
1. Summary:

An update for pcs is now available for Red Hat Enterprise Linux 8.1 Update  
Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux High Availability E4S (v. 8.1) - aarch64, ppc64le, s390x, x86_64

3. Description:

The pcs packages provide a command-line configuration system for the  
Pacemaker and Corosync utilities.

Security Fix(es):

* sinatra: Reflected File Download attack (CVE-2022-45442)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2153363 - CVE-2022-45442 sinatra: Reflected File Download attack

6. Package List:

Red Hat Enterprise Linux High Availability E4S (v. 8.1):

Source:  
pcs-0.10.2-4.el8_1.3.src.rpm

aarch64:  
pcs-0.10.2-4.el8_1.3.aarch64.rpm  
pcs-snmp-0.10.2-4.el8_1.3.aarch64.rpm

ppc64le:  
pcs-0.10.2-4.el8_1.3.ppc64le.rpm  
pcs-snmp-0.10.2-4.el8_1.3.ppc64le.rpm

s390x:  
pcs-0.10.2-4.el8_1.3.s390x.rpm  
pcs-snmp-0.10.2-4.el8_1.3.s390x.rpm

x86_64:  
pcs-0.10.2-4.el8_1.3.x86_64.rpm  
pcs-snmp-0.10.2-4.el8_1.3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-45442  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY/S5F9zjgjWX9erEAQhzUxAAi8UkJNwV5jCQoZK3b5TdAIzRTWBJP6e9  
Nm+TNfORMSjIiucmyDpHpOfbhQKeyA/IAIQ5zUf1WKRkERyB4XTYAtOOYsHNp8aZ  
a6KiQBtjHdB85v7Ued9k6hcmWpLdMdZtcop22s+Ox6xi9zApHThuxiY4cwGCGoJ1  
BcRh6bsTp+gGTpSjUXWTJALzojZeZYKVZyabIpUDuebmtq9jvfamhjQ83TrgwyvZ  
g47474ca1cXbmRUpyDwtnW0pZO/cHJJnZpVCPMP6c+aeO2XEhSPTjB7NsSIFZB47  
5M6TTOKfpsLpudJ1IY5XFOE4xggjB9qk76Ag2jDAe0Oa+AWgQ9B7nBeqMxJjQnWv  
i5Su/qIogWEmVLd5fsfrs3LbVaGrj9pNBQoEci1e5R+kqk4hHEpbmm6VvGmYcRPF  
vhRgfL1CMYMSv0u3ypjH7BZshxmIkaela6m95HW8mZDiG8xeeRQwA9kITmSv0od1  
C10AUDq23HuEPFvbvOlX0zBCa6XrmJlOIH5LfOQwo7x/xxL488KPkarWxIDMxjJS  
IkIZBXc5u8jl2YEfoqNSD052Tj/gz4+G7Jt1+JUUA4y51kZ/o4Rp1RMblzOixE7x  
qwl7Ctx7UKaSf4CCBJkmR1FOFSltu20idoM2rdAdn87xtUg/UdKmY9EHJhITGmK3  
APs39EHbJzk=k0Ul  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#sap