An SQL injection issue was discovered in EaseProbe before 2.1.0 when using MySQL/PostgreSQL data checking. This problem has been fixed in v2.1.0; users should upgrade to this version.

The vulnerability was discovered by the [Oxeye research](https://www.oxeye.io/) team.


**SQL injection when using MySQL/PostgreSQL data checking**

High severity GitHub Reviewed Published May 30, 2023 in megaease/easeprobe • Updated Jun 6, 2023

GHSA-4c32-w6c7-77x4: SQL injection when using MySQL/PostgreSQL data checking

Categories: Exploits and vulnerabilities
Categories: News
Categories: Ransomware
Tags: Progress

Tags:  MOVEit

Tags:  Transfer

Tags:  CVE-2023-34362

Tags:  BBC

Tags:  Zellis

Tags:  BA

The first victims of the ongoing attacks on vulnerable MOVEit Transfer instances are coming forward. The Cl0p ransomware gang claims it is behind the attacks.



(Read more...)




The post Cl0p ransomware gang claims first victims of the MOVEit vulnerability appeared first on Malwarebytes Labs.

On Friday June 2, 2023 we reported about a MOVEit Transfer vulnerability that was actively being exploited. If your organization uses MOVEit Transfer and you haven’t patched yet, it really is time to move it.

Excuse the bad pun, but yesterday we saw the first victims of this vulnerability come forward. MOVEit Transfer is a widely used file transfer software which encrypts files and uses secure File Transfer Protocols to transfer data. As such, it has a large userbase in healthcare, education, US federal and state government, and financial institutions.

The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. On Friday the CVE had not been assigned yet, but now this vulnerability has now been listed as:

> CVE-2023-34362: In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g., 2020.0 and 2019x) before the five explicitly mentioned versions are affected, including older unsupported versions.

Microsoft says that the group behind the attacks on MOVEit instances is the Lace Tempest group, which is a known ransomware operator and runs the extortion website Cl0p. This was confirmed by a Cl0p representative to Bleeping Computer, who also said that the criminals started exploiting the vulnerability on May 27th, during the US Memorial Day holiday.

We saw a similar scenario unfold in March which caused Cl0p to occupy the first place as most used ransomware in our Ransomware Review for that month. Contributing to Cl0p's rise to the number one spot was its extensive GoAnywhere campaign. The group successfully breached over 104 organizations by taking advantage of a zero-day vulnerability in the widely-used managed file transfer software, GoAnywhere MFT.

As we have pointed out before, ransomware gangs can afford to play the long game now. And some of them do. When you have hundreds or maybe even thousands of victims to choose from, you start with the juiciest ones that are most likely to pay.

Payroll provider Zellis who serves British Airways and the BBC would be a good example of that. Pharmacy chain Boots, which employs more than 57,000 people in the UK and Ireland, has also announced that it has been impacted.

A Reuters reporter that has an inside contact in the Cl0p ransomware gang tweeted a screenshot of his contact saying that the military, gov(ernment), children’s hospitals, and police would not be attacked.

The same was repeated by BleepingComputer’s contact. But this is no guarantee, and in the end they may not be able to resist the urge to steal data from those networks anyway.

All this means that if your organization uses MOVEit Transfer and it is internet facing, you should assume that your network has been breached. The fact that you haven’t noticed anything yet probably means you are low on the list of desirable targets. It does NOT mean you got away lucky and simply patching the vulnerability is enough.

**What needs to be done**

First of all, MOVEit Transfer users should visit the Progress security bulletin about this vulnerability and bookmark it. You can find the latest advice, Indicators of Compromise (IOCs), affected versions, and available patches there.

Basically the advice, and you can find detailed instructions on the page, is to:

1.  Disable all HTTP and HTTPs traffic to your MOVEit Transfer environment.
2.  Delete unauthorized files and user accounts.
3.  Reset service account credentials for affected systems and the MOVEit Service Account.
4.  Apply the patch or upgrade.
5.  Verify to confirm the files have been successfully deleted and no unauthorized accounts remain.
6.  Re-enable all HTTP and HTTPs traffic to your MOVEit Transfer environment.
7.  Continue to monitor your network, endpoints, and logs for IoCs.

Additionally, users of MOVEit Transfer with Microsoft Azure integration should take immediate action to rotate their Azure storage keys.

In our previous post about this vulnerability I mentioned a few tools to help you find the malicious artifacts:

*   MoveIT-WebShellCheck a Python script by ZephrFish
*   Sigma rule by Florian Roth
*   Yara rule by Florian Roth
*   Sigma rule by tsale

Malwarebytes detects the malicious webshell C:\\MOVEitTransfer\\wwwroot\\human2.aspx as Exploit.Silock.MOVEit and blocks five malicious IP addresses—138.197.152.201, 209.97.137.33, 5.252.191.0/24, 148.113.152.144, 89.39.105.108—that were found to be looking for vulnerable systems.

Malwarebytes EDR and MDR removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW

Cl0p ransomware gang claims first victims of the MOVEit vulnerability

Minical 1.0.0 and earlier contains a CSV injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on the Customer Name field in the Accounting module that is used to construct a CSV file.

**  
miniCal**

**Open-source PMS** (http://www.minical.io)

**Table of Contents**

*   What is miniCal?
*   Features
*   Documentation
*   Installation
*   Demo
*   Code of conduct
*   Contribute
*   How to develop an extension
*   Join the Community
*   miniCal Marketplace
*   Versioning
*   License

**What is miniCal?**

miniCal is an open-source PMS (Property Management System). It was originally designed for hotel software companies, but other businesses like car rental businesses can use it also.

**Our mission**

We see hundreds of PMS companies developing the same features and integrations as everyone else, and we think it's a waste of resources. Our mission is to develop a single best technology that can perform better than most PMS companies' in-house developed products, and completely take the technical burden off of their shoulders.

**Documentation**

miniCal documentation is available here minical.doc.

**Features**

*   **Online Booking Engine :** Accept online bookings from 3rd party websites.
*   **Inventory :** Control room availabilities of your property.
*   **CRM :** Manage customer profiles along with their account balances.
*   **Intuitive Calendar :** Simple interface that provides quick overview of your property.
*   **Payment :** Accept secure payments online.

...and plenty more extensions to add from our marketplace !

**Installation**

*   Fork the repository https://github.com/minical/minical or clone it locally.
*   Install the stable version of PHP 7.3.0, MySQL 5.0.4, and OS-specific dependency tools.
*   Create a MySql database with any name.
*   Do the basic configuration updates on the public->build.json file.
*   Create a new file named ".env" by copying the .env.example file which is located in the root.
*   Update database credentials in .env file in .env file
*   Set Environment variable to either 'development' or 'production' in .env file
*   Update Project URL (Url pointing to a public folder in minical project like http://localhost/minical/public) in .env file
*   Update API Url (Url pointing to API folder in minical project like http://localhost/minical/api) in .env file, for more details check the .env example.
*   Install composer dependencies by running the "composer install" command on your project root.
*   Install miniCal Database by going to http://localhost/minical/public/install.php in your browser, following the installation steps, and create an admin account.
*   That's it. You are done! Visit miniCal at http://localhost/minical/public

**Demo**

Visit miniCal Demo.

**Code of Conduct**

miniCal follows Codeigniter Style Guide.

**Contribute**

Any contribution for a new feature or an improvement will be appreciated.

**To make a contribution:**

1.  Fork the repository and edit.
2.  Submit the pull request, please provide a comprehensive description of PR as a commit message.
3.  Any pull request that the reviewers don't find useful to miniCal will be rejected. We recommend you to talk to us first before working on a PR. Also, please ensure your code is following Codeigniter Style Guide.

**How to develop an extension**

Do you have an idea of an extension that might be a great addon to the miniCal community? Follow Extension development guide.

**Join the Community**

Get support. exchange ideas with our growing dev community. Join us on Discord.

**miniCal Marketplace**

Explore the extension of miniCal on miniCal Marketplace.

**Versioning**

The version is broken down into 4 points e.g 1.2.3.4 We use MAJOR.MINOR.FEATURE.PATCH to describe the version numbers.

A MAJOR is very rare, it would only be considered if the source was effectively re-written or a clean break was desired for other reasons. This increment would likely break most 3rd party modules.

A MINOR is when there are significant changes that affect core structures. This increment would likely break some 3rd party modules.

A FEATURE version is when new extensions or features are added (such as a payment gateway, shipping module, etc). Updating a feature version is at a low risk of breaking 3rd party modules.

A PATCH version is when a fix is added, it should be considered safe to update patch versions e.g 1.2.3.4 to 1.2.3.5

**License**

The Open Software License 3.0 (OSL-3.0)

CVE-2023-33410: GitHub - minical/minical: Minical is an open-source PMS with extension management baked-in. It's designed for the companies looking for highly customizable property management software.

PrestaShop jmsmegamenu 1.1.x and 2.0.x is vulnerable to SQL Injection via ajax_jmsmegamenu.php.

The module Jms Vertical MegaMenu (jmsvermegamenu) from Joommasters contains a Blind SQL injection vulnerability. This module is for the PrestaShop e-commerce platform and mainly provided with joo masters PrestaShop themes

**Summary**

*   **CVE ID**: CVE-2023-29630
*   **Published at**: 2023-03-13
*   **Advisory source**: Friends-Of-Presta
*   **Platform**: PrestaShop
*   **Product**: jmsvermegamenu
*   **Impacted release**: at least 1.1.x and 2.0.x
*   **Product author**: Joommasters
*   **Weakness**: CWE-89
*   **Severity**: critical (9.8)

**Description**

ajax\_jmsvermegamenu.php hold sensitives SQL calls that can be executed with a trivial http call and exploited to forge a blind SQL injection.

**CVSS base metrics**

*   **Attack vector**: network
*   **Attack complexity**: low
*   **Privilege required**: none
*   **User interaction**: none
*   **Scope**: unchanged
*   **Confidentiality**: high
*   **Integrity**: high
*   **Availability**: high

**Vector string**: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

**Possible malicious usage**

*   Technical and personal data leaks
*   Obtain admin access
*   Remove all data of the linked PrestaShop
*   Display sensitives tables to front-office to unlock potential admin’s ajax scripts of modules protected by token on the ecosystem

**Patch**

    --- a/ajax_jmsvermegamenu.php
    +++ b/ajax_jmsvermegamenu.php
    @@ -29,1 +29,1 @@ function getPosts
    -        UPDATE `'._DB_PREFIX_.'jmsvermegamenu` SET `params` = \''.Tools::getValue('params').'\'
    +        UPDATE `'._DB_PREFIX_.'jmsvermegamenu` SET `params` = \''.pSQL(Tools::getValue('params')).'\'
    

**Timeline**

Date

Action

2022-09-01

Issue discovered during a pentest

2023-02-17

Contact the author

2023-03-13

Publish this security advisory

**Other recommandations**

*   Upgrade PrestaShop to the latest version to disable multiquery executions (separated by “;”)
*   Change the default database prefix ps_ by a new longer arbitrary prefix. Nethertheless, be warned that this is useless against blackhat with DBA senior skill because of a design vulnerability in DBMS
*   Activate OWASP 942’s rules on your WAF (Web application firewall), be warned that you will probably break your backoffice and you will need to pre-configure some bypasses against these set of rules.

**Links**

*   Joom masters web site

CVE-2023-29630: [CVE-2023-29630] Blind SQL injection vulnerability in Jms Vertical MegaMenu (jmsvermegamenu) PrestaShop module

PrestaShop jmsthemelayout 2.5.5 is vulnerable to SQL Injection via ajax_jmsvermegamenu.php.

The module Jms Theme Layout (jmsthemelayout) from Joommasters contains a Blind SQL injection vulnerability. This module is for the PrestaShop e-commerce platform and mainly provided with joo masters PrestaShop themes

**Summary**

*   **CVE ID**: CVE-2023-29629
*   **Published at**: 2023-03-13
*   **Advisory source**: Friends-Of-Presta
*   **Platform**: PrestaShop
*   **Product**: jmsthemelayout
*   **Impacted release**: at least 2.5.5
*   **Product author**: Joommasters
*   **Weakness**: CWE-89
*   **Severity**: critical (9.8)

**Description**

ajax\_jmsvermegamenu.php hold sensitives SQL calls that can be executed with a trivial http call and exploited to forge a blind SQL injection.

**WARNING** : This exploit is actively used to deploy webskimmer to massively stole credit cards.

**CVSS base metrics**

*   **Attack vector**: network
*   **Attack complexity**: low
*   **Privilege required**: none
*   **User interaction**: none
*   **Scope**: unchanged
*   **Confidentiality**: high
*   **Integrity**: high
*   **Availability**: high

**Vector string**: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

**Possible malicious usage**

*   Technical and personal data leaks
*   Obtain admin access
*   Remove all data of the linked PrestaShop
*   Display sensitives tables to front-office to unlock potential admin’s ajax scripts of modules protected by token on the ecosystem

**Patch**

    --- a/ajax_jmsthemelayout.php.php
    +++ b/ajax_jmsthemelayout.php.php
    @@ -102,2 +102,2 @@ function getPosts
    -        $query = 'UPDATE `'._DB_PREFIX_.'jmsadv_position` SET `col_lg` = '.$pos_obj[1].', `col_md` = '.$pos_obj[2].', `col_sm` = '.$pos_obj[3].', `col_xs` = '.$pos_obj[4].
    -		'	WHERE `id_position` = '.$pos_obj[0];
    +        $query = 'UPDATE `'._DB_PREFIX_.'jmsadv_position` SET `col_lg` = '. (int)$pos_obj[1].', `col_md` = '. (int)$pos_obj[2].', `col_sm` = '. (int)$pos_obj[3].', `col_xs` = '. (int)$pos_obj[4].
    +		'	WHERE `id_position` = '. (int)$pos_obj[0];
    

**Timeline**

Date

Action

2022-09-01

Issue discovered during a pentest

2023-02-17

Contact the author

2023-03-13

Publish this security advisory

**Other recommandations**

*   Upgrade PrestaShop to the latest version to disable multiquery executions (separated by “;”)
*   Change the default database prefix ps_ by a new longer arbitrary prefix. Nethertheless, be warned that this is useless against blackhat with DBA senior skill because of a design vulnerability in DBMS
*   Activate OWASP 942’s rules on your WAF (Web application firewall), be warned that you will probably break your backoffice and you will need to pre-configure some bypasses against these set of rules.

**Links**

*   Joom masters web site

CVE-2023-29629: [CVE-2023-29629] Blind SQL injection vulnerability in Jms Theme Layout (jmsthemelayout) PrestaShop module

Enrollment System Project version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    # Exploit Title: Enrollment System Project v1.0 - SQL Injection Authentication Bypass (SQLI)# Date of found: 18/05/2023# Exploit Author: VIVEK CHOUDHARY @sudovivek# Version: V1.0# Tested on: Windows 10# Vendor Homepage: https://www.sourcecodester.com# Software Link: https://www.sourcecodester.com/php/14444/enrollment-system-project-source-code-using-phpmysql.html# CVE: CVE-2023-33584# CVE URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33584Vulnerability Description -  Enrollment System Project V1.0, developed by Sourcecodester, has been found to be vulnerable to SQL Injection (SQLI) attacks. This vulnerability allows an attacker to manipulate the SQL queries executed by the application. The system fails to properly validate user-supplied input in the username and password fields during the login process, enabling an attacker to inject malicious SQL code. By exploiting this vulnerability, an attacker can bypass authentication and gain unauthorized access to the system.Steps to Reproduce -  The following steps outline the exploitation of the SQL Injection vulnerability in Enrollment System Project V1.0:      1.  Launch the Enrollment System Project V1.0 application.      2.  Open the login page by accessing the URL: http://localhost/enrollment/login.php.      3.  In the username and password fields, insert the following SQL Injection payload shown inside brackets to bypass authentication: {' or 1=1 #}.      4.  Click the login button to execute the SQL Injection payload.As a result of successful exploitation, the attacker gains unauthorized access to the system and is logged in with administrative privileges.

Enrollment System Project 1.0 Authentication Bypass / SQL Injection

Total CMS version 1.7.4 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://www.totalcms.co/                                                   ││  Vendor   : Joe Workman                                                                ││  Software : Total CMS 1.7.4                                                            ││  Vuln Type: Reflected XSS                                                              ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL            CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /blog/GET parameter 'search' is vulnerable to RXSShttps://website/blog/?search=yw1cz%22%3e%3cscript%3ealert(1)%3c%2fscript%3eeht7y[-] Done

Total CMS 1.7.4 Cross Site Scripting

Red Hat Security Advisory 2023-3360-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. "apr-util" is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: apr-util security update  
Advisory ID:       RHSA-2023:3360-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3360  
Issue date:        2023-05-31  
CVE Names:         CVE-2022-25147   
=====================================================================

1. Summary:

An update for apr-util is now available for Red Hat Enterprise Linux 8.4  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.4) - aarch64, ppc64le, s390x, x86_64

3. Description:

The Apache Portable Runtime (APR) is a portability library used by the  
Apache HTTP Server and other projects. "apr-util" is a library which  
provides additional utility interfaces for APR; including support for XML  
parsing, LDAP, database interfaces, URI parsing, and more

Security Fix(es):

* apr-util: out-of-bounds writes in the apr_base64 (CVE-2022-25147)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

Applications using the APR libraries, such as httpd, must be restarted for  
this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2169652 - CVE-2022-25147 apr-util: out-of-bounds writes in the apr_base64

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.4):

Source:  
apr-util-1.6.1-6.el8_4.1.src.rpm

aarch64:  
apr-util-1.6.1-6.el8_4.1.aarch64.rpm  
apr-util-bdb-1.6.1-6.el8_4.1.aarch64.rpm  
apr-util-bdb-debuginfo-1.6.1-6.el8_4.1.aarch64.rpm  
apr-util-debuginfo-1.6.1-6.el8_4.1.aarch64.rpm  
apr-util-debugsource-1.6.1-6.el8_4.1.aarch64.rpm  
apr-util-devel-1.6.1-6.el8_4.1.aarch64.rpm  
apr-util-ldap-1.6.1-6.el8_4.1.aarch64.rpm  
apr-util-ldap-debuginfo-1.6.1-6.el8_4.1.aarch64.rpm  
apr-util-mysql-1.6.1-6.el8_4.1.aarch64.rpm  
apr-util-mysql-debuginfo-1.6.1-6.el8_4.1.aarch64.rpm  
apr-util-odbc-1.6.1-6.el8_4.1.aarch64.rpm  
apr-util-odbc-debuginfo-1.6.1-6.el8_4.1.aarch64.rpm  
apr-util-openssl-1.6.1-6.el8_4.1.aarch64.rpm  
apr-util-openssl-debuginfo-1.6.1-6.el8_4.1.aarch64.rpm  
apr-util-pgsql-1.6.1-6.el8_4.1.aarch64.rpm  
apr-util-pgsql-debuginfo-1.6.1-6.el8_4.1.aarch64.rpm  
apr-util-sqlite-1.6.1-6.el8_4.1.aarch64.rpm  
apr-util-sqlite-debuginfo-1.6.1-6.el8_4.1.aarch64.rpm

ppc64le:  
apr-util-1.6.1-6.el8_4.1.ppc64le.rpm  
apr-util-bdb-1.6.1-6.el8_4.1.ppc64le.rpm  
apr-util-bdb-debuginfo-1.6.1-6.el8_4.1.ppc64le.rpm  
apr-util-debuginfo-1.6.1-6.el8_4.1.ppc64le.rpm  
apr-util-debugsource-1.6.1-6.el8_4.1.ppc64le.rpm  
apr-util-devel-1.6.1-6.el8_4.1.ppc64le.rpm  
apr-util-ldap-1.6.1-6.el8_4.1.ppc64le.rpm  
apr-util-ldap-debuginfo-1.6.1-6.el8_4.1.ppc64le.rpm  
apr-util-mysql-1.6.1-6.el8_4.1.ppc64le.rpm  
apr-util-mysql-debuginfo-1.6.1-6.el8_4.1.ppc64le.rpm  
apr-util-odbc-1.6.1-6.el8_4.1.ppc64le.rpm  
apr-util-odbc-debuginfo-1.6.1-6.el8_4.1.ppc64le.rpm  
apr-util-openssl-1.6.1-6.el8_4.1.ppc64le.rpm  
apr-util-openssl-debuginfo-1.6.1-6.el8_4.1.ppc64le.rpm  
apr-util-pgsql-1.6.1-6.el8_4.1.ppc64le.rpm  
apr-util-pgsql-debuginfo-1.6.1-6.el8_4.1.ppc64le.rpm  
apr-util-sqlite-1.6.1-6.el8_4.1.ppc64le.rpm  
apr-util-sqlite-debuginfo-1.6.1-6.el8_4.1.ppc64le.rpm

s390x:  
apr-util-1.6.1-6.el8_4.1.s390x.rpm  
apr-util-bdb-1.6.1-6.el8_4.1.s390x.rpm  
apr-util-bdb-debuginfo-1.6.1-6.el8_4.1.s390x.rpm  
apr-util-debuginfo-1.6.1-6.el8_4.1.s390x.rpm  
apr-util-debugsource-1.6.1-6.el8_4.1.s390x.rpm  
apr-util-devel-1.6.1-6.el8_4.1.s390x.rpm  
apr-util-ldap-1.6.1-6.el8_4.1.s390x.rpm  
apr-util-ldap-debuginfo-1.6.1-6.el8_4.1.s390x.rpm  
apr-util-mysql-1.6.1-6.el8_4.1.s390x.rpm  
apr-util-mysql-debuginfo-1.6.1-6.el8_4.1.s390x.rpm  
apr-util-odbc-1.6.1-6.el8_4.1.s390x.rpm  
apr-util-odbc-debuginfo-1.6.1-6.el8_4.1.s390x.rpm  
apr-util-openssl-1.6.1-6.el8_4.1.s390x.rpm  
apr-util-openssl-debuginfo-1.6.1-6.el8_4.1.s390x.rpm  
apr-util-pgsql-1.6.1-6.el8_4.1.s390x.rpm  
apr-util-pgsql-debuginfo-1.6.1-6.el8_4.1.s390x.rpm  
apr-util-sqlite-1.6.1-6.el8_4.1.s390x.rpm  
apr-util-sqlite-debuginfo-1.6.1-6.el8_4.1.s390x.rpm

x86_64:  
apr-util-1.6.1-6.el8_4.1.i686.rpm  
apr-util-1.6.1-6.el8_4.1.x86_64.rpm  
apr-util-bdb-1.6.1-6.el8_4.1.i686.rpm  
apr-util-bdb-1.6.1-6.el8_4.1.x86_64.rpm  
apr-util-bdb-debuginfo-1.6.1-6.el8_4.1.i686.rpm  
apr-util-bdb-debuginfo-1.6.1-6.el8_4.1.x86_64.rpm  
apr-util-debuginfo-1.6.1-6.el8_4.1.i686.rpm  
apr-util-debuginfo-1.6.1-6.el8_4.1.x86_64.rpm  
apr-util-debugsource-1.6.1-6.el8_4.1.i686.rpm  
apr-util-debugsource-1.6.1-6.el8_4.1.x86_64.rpm  
apr-util-devel-1.6.1-6.el8_4.1.i686.rpm  
apr-util-devel-1.6.1-6.el8_4.1.x86_64.rpm  
apr-util-ldap-1.6.1-6.el8_4.1.x86_64.rpm  
apr-util-ldap-debuginfo-1.6.1-6.el8_4.1.i686.rpm  
apr-util-ldap-debuginfo-1.6.1-6.el8_4.1.x86_64.rpm  
apr-util-mysql-1.6.1-6.el8_4.1.x86_64.rpm  
apr-util-mysql-debuginfo-1.6.1-6.el8_4.1.i686.rpm  
apr-util-mysql-debuginfo-1.6.1-6.el8_4.1.x86_64.rpm  
apr-util-odbc-1.6.1-6.el8_4.1.x86_64.rpm  
apr-util-odbc-debuginfo-1.6.1-6.el8_4.1.i686.rpm  
apr-util-odbc-debuginfo-1.6.1-6.el8_4.1.x86_64.rpm  
apr-util-openssl-1.6.1-6.el8_4.1.i686.rpm  
apr-util-openssl-1.6.1-6.el8_4.1.x86_64.rpm  
apr-util-openssl-debuginfo-1.6.1-6.el8_4.1.i686.rpm  
apr-util-openssl-debuginfo-1.6.1-6.el8_4.1.x86_64.rpm  
apr-util-pgsql-1.6.1-6.el8_4.1.x86_64.rpm  
apr-util-pgsql-debuginfo-1.6.1-6.el8_4.1.i686.rpm  
apr-util-pgsql-debuginfo-1.6.1-6.el8_4.1.x86_64.rpm  
apr-util-sqlite-1.6.1-6.el8_4.1.x86_64.rpm  
apr-util-sqlite-debuginfo-1.6.1-6.el8_4.1.i686.rpm  
apr-util-sqlite-debuginfo-1.6.1-6.el8_4.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-25147  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZHsDY9zjgjWX9erEAQiOixAAgUFkx3seD0pXpeuWES3JwBubOKzzfX39  
NrypEL3EGoox4GnWChVKAz4p7saQ6cvrxG3q9Cuku9r7LnufiR/t/AJqIGThqxRJ  
9l8MElAdGHim7niIp0Mahw4pg2au9E9B5oJM+SkD9OH1PlSadUERsqSsf1OkAJIF  
X81Spp21ixoSGx0ukBM3R8VrW3+fIBfAMeqOQz4dgG1DggPCB2pzU6fExPOzVFQa  
AbSPqzL6PAA9IPwUf5c7FCyciL6ElwbC9pHDAs3DsdcGiaOGjQ1Chq7Kx1AZlSHy  
mvkNFJ5zWnJFJ6rGCG3hFGLoNdQqsKJROlLqaxianN3MgYzX+ytO3hdBXrN/RiCv  
1wuEhRHIxI4Xm+rGHF+QdjM7w0cbZWuKGimdG5TSZP2ARuxnjvY114Tgj12WV2NB  
Z6XylLbO2ee9ws4howcZ27Nej5NU0MrOLT+Vwu3In3Lnhxxft7paJOs3WRGnhYNM  
nuJOrFHFhplKxO1qx6hYi/HTF9L6qjqILFunActDlj5/OZESXsZc1JoX1wxYdzHN  
RFw0Sf12nkJeDTmPxFEfo/nfFqZGJ5Y+Rc4HieMTr8meC/u3RgXYy+RUFeVOmth9  
Q6PLnnXSGdV2pn5r95FvnzkXnxXwUItK6ytjoQtG2a8FALnfGepozfaTx0bHZEup  
QtjoqJIewLw=  
=pJvs  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3360-01

Red Hat Security Advisory 2023-3380-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: apr-util security update  
Advisory ID:       RHSA-2023:3380-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3380  
Issue date:        2023-05-31  
CVE Names:         CVE-2022-25147   
=====================================================================

1. Summary:

An update for apr-util is now available for Red Hat Enterprise Linux 8.2  
Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications  
Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP  
Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream AUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream E4S (v. 8.2) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream TUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64

3. Description:

The Apache Portable Runtime (APR) is a portability library used by the  
Apache HTTP Server and other projects. apr-util is a library which provides  
additional utility interfaces for APR; including support for XML parsing,  
LDAP, database interfaces, URI parsing, and more.

Security Fix(es):

* apr-util: out-of-bounds writes in the apr_base64 (CVE-2022-25147)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

Applications using the APR libraries, such as httpd, must be restarted for  
this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2169652 - CVE-2022-25147 apr-util: out-of-bounds writes in the apr_base64

6. Package List:

Red Hat Enterprise Linux AppStream AUS (v. 8.2):

Source:  
apr-util-1.6.1-6.el8_2.1.src.rpm

aarch64:  
apr-util-1.6.1-6.el8_2.1.aarch64.rpm  
apr-util-bdb-1.6.1-6.el8_2.1.aarch64.rpm  
apr-util-bdb-debuginfo-1.6.1-6.el8_2.1.aarch64.rpm  
apr-util-debuginfo-1.6.1-6.el8_2.1.aarch64.rpm  
apr-util-debugsource-1.6.1-6.el8_2.1.aarch64.rpm  
apr-util-devel-1.6.1-6.el8_2.1.aarch64.rpm  
apr-util-ldap-1.6.1-6.el8_2.1.aarch64.rpm  
apr-util-ldap-debuginfo-1.6.1-6.el8_2.1.aarch64.rpm  
apr-util-mysql-1.6.1-6.el8_2.1.aarch64.rpm  
apr-util-mysql-debuginfo-1.6.1-6.el8_2.1.aarch64.rpm  
apr-util-odbc-1.6.1-6.el8_2.1.aarch64.rpm  
apr-util-odbc-debuginfo-1.6.1-6.el8_2.1.aarch64.rpm  
apr-util-openssl-1.6.1-6.el8_2.1.aarch64.rpm  
apr-util-openssl-debuginfo-1.6.1-6.el8_2.1.aarch64.rpm  
apr-util-pgsql-1.6.1-6.el8_2.1.aarch64.rpm  
apr-util-pgsql-debuginfo-1.6.1-6.el8_2.1.aarch64.rpm  
apr-util-sqlite-1.6.1-6.el8_2.1.aarch64.rpm  
apr-util-sqlite-debuginfo-1.6.1-6.el8_2.1.aarch64.rpm

ppc64le:  
apr-util-1.6.1-6.el8_2.1.ppc64le.rpm  
apr-util-bdb-1.6.1-6.el8_2.1.ppc64le.rpm  
apr-util-bdb-debuginfo-1.6.1-6.el8_2.1.ppc64le.rpm  
apr-util-debuginfo-1.6.1-6.el8_2.1.ppc64le.rpm  
apr-util-debugsource-1.6.1-6.el8_2.1.ppc64le.rpm  
apr-util-devel-1.6.1-6.el8_2.1.ppc64le.rpm  
apr-util-ldap-1.6.1-6.el8_2.1.ppc64le.rpm  
apr-util-ldap-debuginfo-1.6.1-6.el8_2.1.ppc64le.rpm  
apr-util-mysql-1.6.1-6.el8_2.1.ppc64le.rpm  
apr-util-mysql-debuginfo-1.6.1-6.el8_2.1.ppc64le.rpm  
apr-util-odbc-1.6.1-6.el8_2.1.ppc64le.rpm  
apr-util-odbc-debuginfo-1.6.1-6.el8_2.1.ppc64le.rpm  
apr-util-openssl-1.6.1-6.el8_2.1.ppc64le.rpm  
apr-util-openssl-debuginfo-1.6.1-6.el8_2.1.ppc64le.rpm  
apr-util-pgsql-1.6.1-6.el8_2.1.ppc64le.rpm  
apr-util-pgsql-debuginfo-1.6.1-6.el8_2.1.ppc64le.rpm  
apr-util-sqlite-1.6.1-6.el8_2.1.ppc64le.rpm  
apr-util-sqlite-debuginfo-1.6.1-6.el8_2.1.ppc64le.rpm

s390x:  
apr-util-1.6.1-6.el8_2.1.s390x.rpm  
apr-util-bdb-1.6.1-6.el8_2.1.s390x.rpm  
apr-util-bdb-debuginfo-1.6.1-6.el8_2.1.s390x.rpm  
apr-util-debuginfo-1.6.1-6.el8_2.1.s390x.rpm  
apr-util-debugsource-1.6.1-6.el8_2.1.s390x.rpm  
apr-util-devel-1.6.1-6.el8_2.1.s390x.rpm  
apr-util-ldap-1.6.1-6.el8_2.1.s390x.rpm  
apr-util-ldap-debuginfo-1.6.1-6.el8_2.1.s390x.rpm  
apr-util-mysql-1.6.1-6.el8_2.1.s390x.rpm  
apr-util-mysql-debuginfo-1.6.1-6.el8_2.1.s390x.rpm  
apr-util-odbc-1.6.1-6.el8_2.1.s390x.rpm  
apr-util-odbc-debuginfo-1.6.1-6.el8_2.1.s390x.rpm  
apr-util-openssl-1.6.1-6.el8_2.1.s390x.rpm  
apr-util-openssl-debuginfo-1.6.1-6.el8_2.1.s390x.rpm  
apr-util-pgsql-1.6.1-6.el8_2.1.s390x.rpm  
apr-util-pgsql-debuginfo-1.6.1-6.el8_2.1.s390x.rpm  
apr-util-sqlite-1.6.1-6.el8_2.1.s390x.rpm  
apr-util-sqlite-debuginfo-1.6.1-6.el8_2.1.s390x.rpm

x86_64:  
apr-util-1.6.1-6.el8_2.1.i686.rpm  
apr-util-1.6.1-6.el8_2.1.x86_64.rpm  
apr-util-bdb-1.6.1-6.el8_2.1.i686.rpm  
apr-util-bdb-1.6.1-6.el8_2.1.x86_64.rpm  
apr-util-bdb-debuginfo-1.6.1-6.el8_2.1.i686.rpm  
apr-util-bdb-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm  
apr-util-debuginfo-1.6.1-6.el8_2.1.i686.rpm  
apr-util-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm  
apr-util-debugsource-1.6.1-6.el8_2.1.i686.rpm  
apr-util-debugsource-1.6.1-6.el8_2.1.x86_64.rpm  
apr-util-devel-1.6.1-6.el8_2.1.i686.rpm  
apr-util-devel-1.6.1-6.el8_2.1.x86_64.rpm  
apr-util-ldap-1.6.1-6.el8_2.1.x86_64.rpm  
apr-util-ldap-debuginfo-1.6.1-6.el8_2.1.i686.rpm  
apr-util-ldap-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm  
apr-util-mysql-1.6.1-6.el8_2.1.x86_64.rpm  
apr-util-mysql-debuginfo-1.6.1-6.el8_2.1.i686.rpm  
apr-util-mysql-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm  
apr-util-odbc-1.6.1-6.el8_2.1.x86_64.rpm  
apr-util-odbc-debuginfo-1.6.1-6.el8_2.1.i686.rpm  
apr-util-odbc-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm  
apr-util-openssl-1.6.1-6.el8_2.1.i686.rpm  
apr-util-openssl-1.6.1-6.el8_2.1.x86_64.rpm  
apr-util-openssl-debuginfo-1.6.1-6.el8_2.1.i686.rpm  
apr-util-openssl-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm  
apr-util-pgsql-1.6.1-6.el8_2.1.x86_64.rpm  
apr-util-pgsql-debuginfo-1.6.1-6.el8_2.1.i686.rpm  
apr-util-pgsql-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm  
apr-util-sqlite-1.6.1-6.el8_2.1.x86_64.rpm  
apr-util-sqlite-debuginfo-1.6.1-6.el8_2.1.i686.rpm  
apr-util-sqlite-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm

Red Hat Enterprise Linux AppStream E4S (v. 8.2):

Source:  
apr-util-1.6.1-6.el8_2.1.src.rpm

aarch64:  
apr-util-1.6.1-6.el8_2.1.aarch64.rpm  
apr-util-bdb-1.6.1-6.el8_2.1.aarch64.rpm  
apr-util-bdb-debuginfo-1.6.1-6.el8_2.1.aarch64.rpm  
apr-util-debuginfo-1.6.1-6.el8_2.1.aarch64.rpm  
apr-util-debugsource-1.6.1-6.el8_2.1.aarch64.rpm  
apr-util-devel-1.6.1-6.el8_2.1.aarch64.rpm  
apr-util-ldap-1.6.1-6.el8_2.1.aarch64.rpm  
apr-util-ldap-debuginfo-1.6.1-6.el8_2.1.aarch64.rpm  
apr-util-mysql-1.6.1-6.el8_2.1.aarch64.rpm  
apr-util-mysql-debuginfo-1.6.1-6.el8_2.1.aarch64.rpm  
apr-util-odbc-1.6.1-6.el8_2.1.aarch64.rpm  
apr-util-odbc-debuginfo-1.6.1-6.el8_2.1.aarch64.rpm  
apr-util-openssl-1.6.1-6.el8_2.1.aarch64.rpm  
apr-util-openssl-debuginfo-1.6.1-6.el8_2.1.aarch64.rpm  
apr-util-pgsql-1.6.1-6.el8_2.1.aarch64.rpm  
apr-util-pgsql-debuginfo-1.6.1-6.el8_2.1.aarch64.rpm  
apr-util-sqlite-1.6.1-6.el8_2.1.aarch64.rpm  
apr-util-sqlite-debuginfo-1.6.1-6.el8_2.1.aarch64.rpm

ppc64le:  
apr-util-1.6.1-6.el8_2.1.ppc64le.rpm  
apr-util-bdb-1.6.1-6.el8_2.1.ppc64le.rpm  
apr-util-bdb-debuginfo-1.6.1-6.el8_2.1.ppc64le.rpm  
apr-util-debuginfo-1.6.1-6.el8_2.1.ppc64le.rpm  
apr-util-debugsource-1.6.1-6.el8_2.1.ppc64le.rpm  
apr-util-devel-1.6.1-6.el8_2.1.ppc64le.rpm  
apr-util-ldap-1.6.1-6.el8_2.1.ppc64le.rpm  
apr-util-ldap-debuginfo-1.6.1-6.el8_2.1.ppc64le.rpm  
apr-util-mysql-1.6.1-6.el8_2.1.ppc64le.rpm  
apr-util-mysql-debuginfo-1.6.1-6.el8_2.1.ppc64le.rpm  
apr-util-odbc-1.6.1-6.el8_2.1.ppc64le.rpm  
apr-util-odbc-debuginfo-1.6.1-6.el8_2.1.ppc64le.rpm  
apr-util-openssl-1.6.1-6.el8_2.1.ppc64le.rpm  
apr-util-openssl-debuginfo-1.6.1-6.el8_2.1.ppc64le.rpm  
apr-util-pgsql-1.6.1-6.el8_2.1.ppc64le.rpm  
apr-util-pgsql-debuginfo-1.6.1-6.el8_2.1.ppc64le.rpm  
apr-util-sqlite-1.6.1-6.el8_2.1.ppc64le.rpm  
apr-util-sqlite-debuginfo-1.6.1-6.el8_2.1.ppc64le.rpm

s390x:  
apr-util-1.6.1-6.el8_2.1.s390x.rpm  
apr-util-bdb-1.6.1-6.el8_2.1.s390x.rpm  
apr-util-bdb-debuginfo-1.6.1-6.el8_2.1.s390x.rpm  
apr-util-debuginfo-1.6.1-6.el8_2.1.s390x.rpm  
apr-util-debugsource-1.6.1-6.el8_2.1.s390x.rpm  
apr-util-devel-1.6.1-6.el8_2.1.s390x.rpm  
apr-util-ldap-1.6.1-6.el8_2.1.s390x.rpm  
apr-util-ldap-debuginfo-1.6.1-6.el8_2.1.s390x.rpm  
apr-util-mysql-1.6.1-6.el8_2.1.s390x.rpm  
apr-util-mysql-debuginfo-1.6.1-6.el8_2.1.s390x.rpm  
apr-util-odbc-1.6.1-6.el8_2.1.s390x.rpm  
apr-util-odbc-debuginfo-1.6.1-6.el8_2.1.s390x.rpm  
apr-util-openssl-1.6.1-6.el8_2.1.s390x.rpm  
apr-util-openssl-debuginfo-1.6.1-6.el8_2.1.s390x.rpm  
apr-util-pgsql-1.6.1-6.el8_2.1.s390x.rpm  
apr-util-pgsql-debuginfo-1.6.1-6.el8_2.1.s390x.rpm  
apr-util-sqlite-1.6.1-6.el8_2.1.s390x.rpm  
apr-util-sqlite-debuginfo-1.6.1-6.el8_2.1.s390x.rpm

x86_64:  
apr-util-1.6.1-6.el8_2.1.i686.rpm  
apr-util-1.6.1-6.el8_2.1.x86_64.rpm  
apr-util-bdb-1.6.1-6.el8_2.1.i686.rpm  
apr-util-bdb-1.6.1-6.el8_2.1.x86_64.rpm  
apr-util-bdb-debuginfo-1.6.1-6.el8_2.1.i686.rpm  
apr-util-bdb-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm  
apr-util-debuginfo-1.6.1-6.el8_2.1.i686.rpm  
apr-util-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm  
apr-util-debugsource-1.6.1-6.el8_2.1.i686.rpm  
apr-util-debugsource-1.6.1-6.el8_2.1.x86_64.rpm  
apr-util-devel-1.6.1-6.el8_2.1.i686.rpm  
apr-util-devel-1.6.1-6.el8_2.1.x86_64.rpm  
apr-util-ldap-1.6.1-6.el8_2.1.x86_64.rpm  
apr-util-ldap-debuginfo-1.6.1-6.el8_2.1.i686.rpm  
apr-util-ldap-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm  
apr-util-mysql-1.6.1-6.el8_2.1.x86_64.rpm  
apr-util-mysql-debuginfo-1.6.1-6.el8_2.1.i686.rpm  
apr-util-mysql-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm  
apr-util-odbc-1.6.1-6.el8_2.1.x86_64.rpm  
apr-util-odbc-debuginfo-1.6.1-6.el8_2.1.i686.rpm  
apr-util-odbc-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm  
apr-util-openssl-1.6.1-6.el8_2.1.i686.rpm  
apr-util-openssl-1.6.1-6.el8_2.1.x86_64.rpm  
apr-util-openssl-debuginfo-1.6.1-6.el8_2.1.i686.rpm  
apr-util-openssl-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm  
apr-util-pgsql-1.6.1-6.el8_2.1.x86_64.rpm  
apr-util-pgsql-debuginfo-1.6.1-6.el8_2.1.i686.rpm  
apr-util-pgsql-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm  
apr-util-sqlite-1.6.1-6.el8_2.1.x86_64.rpm  
apr-util-sqlite-debuginfo-1.6.1-6.el8_2.1.i686.rpm  
apr-util-sqlite-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm

Red Hat Enterprise Linux AppStream TUS (v. 8.2):

Source:  
apr-util-1.6.1-6.el8_2.1.src.rpm

aarch64:  
apr-util-1.6.1-6.el8_2.1.aarch64.rpm  
apr-util-bdb-1.6.1-6.el8_2.1.aarch64.rpm  
apr-util-bdb-debuginfo-1.6.1-6.el8_2.1.aarch64.rpm  
apr-util-debuginfo-1.6.1-6.el8_2.1.aarch64.rpm  
apr-util-debugsource-1.6.1-6.el8_2.1.aarch64.rpm  
apr-util-devel-1.6.1-6.el8_2.1.aarch64.rpm  
apr-util-ldap-1.6.1-6.el8_2.1.aarch64.rpm  
apr-util-ldap-debuginfo-1.6.1-6.el8_2.1.aarch64.rpm  
apr-util-mysql-1.6.1-6.el8_2.1.aarch64.rpm  
apr-util-mysql-debuginfo-1.6.1-6.el8_2.1.aarch64.rpm  
apr-util-odbc-1.6.1-6.el8_2.1.aarch64.rpm  
apr-util-odbc-debuginfo-1.6.1-6.el8_2.1.aarch64.rpm  
apr-util-openssl-1.6.1-6.el8_2.1.aarch64.rpm  
apr-util-openssl-debuginfo-1.6.1-6.el8_2.1.aarch64.rpm  
apr-util-pgsql-1.6.1-6.el8_2.1.aarch64.rpm  
apr-util-pgsql-debuginfo-1.6.1-6.el8_2.1.aarch64.rpm  
apr-util-sqlite-1.6.1-6.el8_2.1.aarch64.rpm  
apr-util-sqlite-debuginfo-1.6.1-6.el8_2.1.aarch64.rpm

ppc64le:  
apr-util-1.6.1-6.el8_2.1.ppc64le.rpm  
apr-util-bdb-1.6.1-6.el8_2.1.ppc64le.rpm  
apr-util-bdb-debuginfo-1.6.1-6.el8_2.1.ppc64le.rpm  
apr-util-debuginfo-1.6.1-6.el8_2.1.ppc64le.rpm  
apr-util-debugsource-1.6.1-6.el8_2.1.ppc64le.rpm  
apr-util-devel-1.6.1-6.el8_2.1.ppc64le.rpm  
apr-util-ldap-1.6.1-6.el8_2.1.ppc64le.rpm  
apr-util-ldap-debuginfo-1.6.1-6.el8_2.1.ppc64le.rpm  
apr-util-mysql-1.6.1-6.el8_2.1.ppc64le.rpm  
apr-util-mysql-debuginfo-1.6.1-6.el8_2.1.ppc64le.rpm  
apr-util-odbc-1.6.1-6.el8_2.1.ppc64le.rpm  
apr-util-odbc-debuginfo-1.6.1-6.el8_2.1.ppc64le.rpm  
apr-util-openssl-1.6.1-6.el8_2.1.ppc64le.rpm  
apr-util-openssl-debuginfo-1.6.1-6.el8_2.1.ppc64le.rpm  
apr-util-pgsql-1.6.1-6.el8_2.1.ppc64le.rpm  
apr-util-pgsql-debuginfo-1.6.1-6.el8_2.1.ppc64le.rpm  
apr-util-sqlite-1.6.1-6.el8_2.1.ppc64le.rpm  
apr-util-sqlite-debuginfo-1.6.1-6.el8_2.1.ppc64le.rpm

s390x:  
apr-util-1.6.1-6.el8_2.1.s390x.rpm  
apr-util-bdb-1.6.1-6.el8_2.1.s390x.rpm  
apr-util-bdb-debuginfo-1.6.1-6.el8_2.1.s390x.rpm  
apr-util-debuginfo-1.6.1-6.el8_2.1.s390x.rpm  
apr-util-debugsource-1.6.1-6.el8_2.1.s390x.rpm  
apr-util-devel-1.6.1-6.el8_2.1.s390x.rpm  
apr-util-ldap-1.6.1-6.el8_2.1.s390x.rpm  
apr-util-ldap-debuginfo-1.6.1-6.el8_2.1.s390x.rpm  
apr-util-mysql-1.6.1-6.el8_2.1.s390x.rpm  
apr-util-mysql-debuginfo-1.6.1-6.el8_2.1.s390x.rpm  
apr-util-odbc-1.6.1-6.el8_2.1.s390x.rpm  
apr-util-odbc-debuginfo-1.6.1-6.el8_2.1.s390x.rpm  
apr-util-openssl-1.6.1-6.el8_2.1.s390x.rpm  
apr-util-openssl-debuginfo-1.6.1-6.el8_2.1.s390x.rpm  
apr-util-pgsql-1.6.1-6.el8_2.1.s390x.rpm  
apr-util-pgsql-debuginfo-1.6.1-6.el8_2.1.s390x.rpm  
apr-util-sqlite-1.6.1-6.el8_2.1.s390x.rpm  
apr-util-sqlite-debuginfo-1.6.1-6.el8_2.1.s390x.rpm

x86_64:  
apr-util-1.6.1-6.el8_2.1.i686.rpm  
apr-util-1.6.1-6.el8_2.1.x86_64.rpm  
apr-util-bdb-1.6.1-6.el8_2.1.i686.rpm  
apr-util-bdb-1.6.1-6.el8_2.1.x86_64.rpm  
apr-util-bdb-debuginfo-1.6.1-6.el8_2.1.i686.rpm  
apr-util-bdb-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm  
apr-util-debuginfo-1.6.1-6.el8_2.1.i686.rpm  
apr-util-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm  
apr-util-debugsource-1.6.1-6.el8_2.1.i686.rpm  
apr-util-debugsource-1.6.1-6.el8_2.1.x86_64.rpm  
apr-util-devel-1.6.1-6.el8_2.1.i686.rpm  
apr-util-devel-1.6.1-6.el8_2.1.x86_64.rpm  
apr-util-ldap-1.6.1-6.el8_2.1.x86_64.rpm  
apr-util-ldap-debuginfo-1.6.1-6.el8_2.1.i686.rpm  
apr-util-ldap-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm  
apr-util-mysql-1.6.1-6.el8_2.1.x86_64.rpm  
apr-util-mysql-debuginfo-1.6.1-6.el8_2.1.i686.rpm  
apr-util-mysql-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm  
apr-util-odbc-1.6.1-6.el8_2.1.x86_64.rpm  
apr-util-odbc-debuginfo-1.6.1-6.el8_2.1.i686.rpm  
apr-util-odbc-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm  
apr-util-openssl-1.6.1-6.el8_2.1.i686.rpm  
apr-util-openssl-1.6.1-6.el8_2.1.x86_64.rpm  
apr-util-openssl-debuginfo-1.6.1-6.el8_2.1.i686.rpm  
apr-util-openssl-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm  
apr-util-pgsql-1.6.1-6.el8_2.1.x86_64.rpm  
apr-util-pgsql-debuginfo-1.6.1-6.el8_2.1.i686.rpm  
apr-util-pgsql-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm  
apr-util-sqlite-1.6.1-6.el8_2.1.x86_64.rpm  
apr-util-sqlite-debuginfo-1.6.1-6.el8_2.1.i686.rpm  
apr-util-sqlite-debuginfo-1.6.1-6.el8_2.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-25147  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZHsDUtzjgjWX9erEAQjs3w//d6fKmYkxIELoR2VpUX0+lyvN77r0lvOe  
/SyRy46qD+wGoZTO/uePXN1AScANafjQpVWJCnRTsj7PE3kpizZnZngrwht1tcjX  
zuJsykehMdhelTljY1HdBrs4yn/Aqkra6YA8h8WKc/tlG/o1X2i1qxbtK+GIN0y9  
Bd+tG5tn4h5AIRJ7rhIDUYGlMGOJzzdCFCHyidcHeybxA+INM5ZbtFICCLaV4ygj  
2JpzM4cGlNGmM1cbu2heB/6/Kfrg9AJGMVIeb6yIqhOlse/b94pf8Oa5gWgdQGbU  
NF+15UfIHlFPCORDf91XEmbYIf/FTVVPd9emzEvJT2VFdoxRLDNSADQirvcFNPZL  
RYEdc5dQ3etjGFnhaKjaCKSFxTqPMGN9Vv2mLd2Rb2FEqwO2BIHlmOlh9LKcEQRh  
FnlSjyZuE+NcPk6MmjbhgV4Ipa0az5EDJIsuljX7YDIcL0C/9iZKyM/IqQnLKOxH  
Vpt3wSjrLuiAkr/XC5afhy8AfXnHAiq1QPnjlCY5a9wc0SRiUTCzZG5STxO/FhOO  
q7Xwm4YupsqL4fwkzNYXP3T+Jb1cKCe4+140LbNsufeht+MEfUbTTEG1He2/um3C  
03YdaglaSQQf1AXU2PyohwdVeoUlWeiAsqA/yijmxt3QdrD6uePudrrIqMdjKdNL  
7IhPZ6TKoQk=  
=NNrR  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3380-01

The Pricing Table Builder WordPress plugin through 1.1.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admins.

Tag

#sql