Red Hat Security Advisory 2022-6915-01

Red Hat Security Advisory 2022-6915-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.110 and .NET Runtime 6.0.10.

Ubuntu Security Notice USN-5570-2

Ubuntu Security Notice 5570-2 - USN-5570-1 fixed a vulnerability in zlib. This update provides the corresponding update for Ubuntu 22.04 LTS and Ubuntu 20.04 LTS. Evgeny Legerov discovered that zlib incorrectly handled memory when performing certain inflate operations. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code.

[webapps] Wordpress Plugin ImageMagick-Engine 1.7.4 - Remote Code Execution (RCE) (Authenticated)

Wordpress Plugin ImageMagick-Engine 1.7.4 - Remote Code Execution (RCE) (Authenticated)

Backdoor.Win32.DarkSky.23 / Remote Stack Buffer Overflow (SEH)

Posted by malvuln on Oct 16

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/1164ef21ef2af97e0339359c0dce5e7d.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.DarkSky.23
Vulnerability: Remote Stack Buffer Overflow (SEH)
Description: The malware listens on TCP port 5418. Third-party adversaries
who can reach the server can send a specially crafted payload triggering a
stack...

CyberDanube Security Research 20221009-0 | Authenticated Command Injection in Intelbras WiFiber 120AC inMesh

Posted by Thomas Weber on Oct 16

CyberDanube Security Research 20221009-0
-------------------------------------------------------------------------------
               title| Authenticated Command Injection
             product| Intelbras WiFiber 120AC inMesh
  vulnerable version| 1.1-220216
       fixed version| 1-1-220826
          CVE number|
              impact| High
            homepage|...

Re: over 2000 packages depend on abort()ing libgmp

Posted by Georgi Guninski on Oct 16

Observe that ubuntu issue advisory about libgmp crash
without mentioning potential exploitability.

quote:
https://ubuntu.com/security/notices/USN-5672-1

Details
12 October 2022

It was discovered that GMP did not properly manage memory
on 32-bit platforms when processing a specially crafted
input. An attacker could possibly use this issue to cause
applications using GMP to crash, resulting in a denial of
service.

References
CVE-2021-43618

APPLE-SA-2022-10-10-1 iOS 16.0.3

Posted by Apple Product Security via Fulldisclosure on Oct 16

APPLE-SA-2022-10-10-1 iOS 16.0.3

iOS 16.0.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213480.

Mail
Available for: iPhone 8 and later
Impact: Processing a maliciously crafted email message may lead to a
denial-of-service
Description: An input validation issue was addressed with improved
input validation.
CVE-2022-22658

This update is available through iTunes and...

Re: over 2000 packages depend on abort()ing libgmp

Posted by Matthew Fernandez on Oct 16

I am not quite sure what point you’re making. CVE-2021-43618 is a
different issue; a programming error that results in a segfault. I.e.
even if an application using libgmp supplied their own allocator,¹ they
could still experience segfaults when dealing with malicious input.

The case you brought to FD (IIUC) is an input including large numbers
that causes libgmp to exhaust memory when dealing with them. In this
case, an application...

Apple Music Android Application - MITM SSL Certificate Vulnerability (CVE-2022-32906)

Posted by David Coomber on Oct 16

Apple Music Android Application - MITM SSL Certificate Vulnerability
(CVE-2022-32906)

https://www.info-sec.ca/advisories/Apple-Music-Android.html

Overview

"Stream over 90 million songs, all ad-free."

(https://play.google.com/store/apps/details?id=com.apple.android.music)

Issue

The Apple Music Android application (versions 3.8.0 - 3.10.2 were
tested, versions 2.0.1 - 3.7.2 have not been tested
[...

Red Hat Security Advisory 2022-6941-01

Red Hat Security Advisory 2022-6941-01 - This release of Red Hat build of Quarkus 2.7.6.SP1 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-6921-01

Red Hat Security Advisory 2022-6921-01 - Expat is a C library for parsing XML documents. Issues addressed include a use-after-free vulnerability.

Ubuntu Security Notice USN-5672-1

Ubuntu Security Notice 5672-1 - It was discovered that GMP did not properly manage memory on 32-bit platforms when processing a specially crafted input. An attacker could possibly use this issue to cause applications using GMP to crash, resulting in a denial of service.

Red Hat Security Advisory 2022-6801-01

Red Hat Security Advisory 2022-6801-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.8.51. Issues addressed include a code execution vulnerability.

Ubuntu Security Notice USN-5673-1

Ubuntu Security Notice 5673-1 - It was discovered that unzip did not properly handle unicode strings under certain circumstances. If a user were tricked into opening a specially crafted zip file, an attacker could possibly use this issue to cause unzip to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that unzip did not properly perform bounds checking while converting wide strings to local strings. If a user were tricked into opening a specially crafted zip file, an attacker could possibly use this issue to cause unzip to crash, resulting in a denial of service, or possibly execute arbitrary code.

Red Hat Security Advisory 2022-6805-01

Red Hat Security Advisory 2022-6805-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.36. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2022-6916-01

Red Hat Security Advisory 2022-6916-01 - AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.10.1 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include a html injection vulnerability.

Ubuntu Security Notice USN-5670-1

Ubuntu Security Notice 5670-1 - Edward Thomson discovered that .NET 6 incorrectly handled permissions for local NuGet cache. A local attacker could possibly use this issue to execute arbitrary code.

Ubuntu Security Notice USN-5671-1

Ubuntu Security Notice 5671-1 - It was discovered that AdvanceCOMP did not properly manage memory of function be_uint32_read under certain circumstances. If a user were tricked into opening a specially crafted binary file, a remote attacker could possibly use this issue to cause AdvanceCOMP to crash, resulting in a denial of service. It was discovered that AdvanceCOMP did not properly manage memory of function adv_png_unfilter_8 under certain circumstances. If a user were tricked into opening a specially crafted PNG file, a remote attacker could possibly use this issue to cause AdvanceCOMP to crash, resulting in a denial of service.

Red Hat Security Advisory 2022-6890-01

Red Hat Security Advisory 2022-6890-01 - Red Hat OpenShift Virtualization release 4.8.7 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Security Advisory 2022-6875-01

Red Hat Security Advisory 2022-6875-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.

Red Hat Security Advisory 2022-6878-01

Red Hat Security Advisory 2022-6878-01 - Expat is a C library for parsing XML documents. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2022-6872-01

Red Hat Security Advisory 2022-6872-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.

Ubuntu Security Notice USN-5669-1

Ubuntu Security Notice 5669-1 - It was discovered that the SUNRPC RDMA protocol implementation in the Linux kernel did not properly calculate the header size of a RPC message payload. A local attacker could use this to expose sensitive information. Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.

Red Hat Security Advisory 2022-6854-01

Red Hat Security Advisory 2022-6854-01 - The gnutls packages provide the GNU Transport Layer Security library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like LSH or GNUPG, or even in kernel space. Issues addressed include a double free vulnerability.

Red Hat Security Advisory 2022-6856-01

Red Hat Security Advisory 2022-6856-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include buffer overflow, denial of service, and spoofing vulnerabilities.

Red Hat Security Advisory 2022-6855-01

Red Hat Security Advisory 2022-6855-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include buffer overflow, denial of service, double free, and spoofing vulnerabilities.

Ubuntu Security Notice USN-5667-1

Ubuntu Security Notice 5667-1 - Selim Enes Karaduman discovered that a race condition existed in the General notification queue implementation of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Pawan Kumar Gupta, Alyssa Milburn, Amit Peled, Shani Rehana, Nir Shildan and Ariel Sabba discovered that some Intel processors with Enhanced Indirect Branch Restricted Speculation did not properly handle RET instructions after a VM exits. A local attacker could potentially use this to expose sensitive information.

Ubuntu Security Notice USN-5668-1

Ubuntu Security Notice 5668-1 - It was discovered that the BPF verifier in the Linux kernel did not properly handle internal data structures. A local attacker could use this to expose sensitive information. It was discovered that an out-of-bounds write vulnerability existed in the Video for Linux 2 implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-5657-1

Ubuntu Security Notice 5657-1 - It was discovered that Graphite2 mishandled specially crafted files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.

Ubuntu Security Notice USN-5669-2

Ubuntu Security Notice 5669-2 - It was discovered that the SUNRPC RDMA protocol implementation in the Linux kernel did not properly calculate the header size of a RPC message payload. A local attacker could use this to expose sensitive information. Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.

Ubuntu Security Notice USN-5666-1

Ubuntu Security Notice 5666-1 - It was discovered that OpenSSH incorrectly handled certain helper programs. An attacker could possibly use this issue to arbitrary code execution.

Ubuntu Security Notice USN-5665-1

Ubuntu Security Notice 5665-1 - It was discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service. It was discovered that PCRE incorrectly handled certain Unicode encoding. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service.

Verbatim Store 'n' Go Secure Portable SSD Behavior Violation

When analyzing the external data storage Verbatim Store 'n' Go Secure Portable SSD, Matthias Deeg found out that the device will not lock and require reformatting after 20 failed passcode attempts, as described in the product description and the corresponding user manual.

Verbatim Store 'n' Go Secure Portable SSD Missing Trust

When analyzing the external data storage Verbatim Store 'n' Go Secure Portable SSD, Matthias Deeg found out that the validation of the firmware for the USB-to-SATA bridge controller INIC-3637EN only consists of a simple CRC-16 check (XMODEM CRC-16).

Verbatim Store 'n' Go Secure Portable SSD Weak Cryptography

When analyzing the external storage device Verbatim Store 'n' Go Secure Portable SSD, Matthias Deeg found out that the firmware of the USB-to-SATA bridge controller INIC-3637EN uses AES-256 with the ECB (Electronic Codebook) mode.

Verbatim Store 'n' Go Secure Portable SSD Weak Cryptography

When analyzing the external storage device Verbatim Store 'n' Go Secure Portable SSD, Matthias Deeg found out that it uses an insecure design which allows for offline brute-force attacks against the passcode.

Ubuntu Security Notice USN-5663-1

Ubuntu Security Notice 5663-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, spoof the mouse pointer position, obtain sensitive information, spoof the contents of the addressbar, bypass security restrictions, or execute arbitrary code.

Ubuntu Security Notice USN-5371-3

Ubuntu Security Notice 5371-3 - USN-5371-1 and USN-5371-2 fixed several vulnerabilities in nginx. This update provides the corresponding update for CVE-2020-11724 for Ubuntu 16.04 ESM. It was discovered that nginx Lua module mishandled certain inputs. An attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue was fixed for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that nginx Lua module mishandled certain inputs. An attacker could possibly use this issue to disclose sensitive information. This issue only affects Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that nginx mishandled the use of compatible certificates among multiple encryption protocols. If a remote attacker were able to intercept the communication, this issue could be used to redirect traffic between subdomains.

[SYSS-2022-045]: Verbatim Store 'n' Go Secure Portable SSD - Missing Immutable Root of Trust in Hardware (CWE-1326) (CVE-2022-28383)

Posted by Matthias Deeg on Oct 08

Advisory ID: SYSS-2022-045
Product: Store 'n' Go Secure Portable SSD
Manufacturer: Verbatim
Affected Version(s): #53402 (GDMSLK02 C-INIC3637-V1.1)
Tested Version(s): #53402 (GDMSLK02 C-INIC3637-V1.1)
Vulnerability Type: Missing Immutable Root of Trust in Hardware
(CWE-1326)
Risk Level: Medium
Solution Status: Fixed
Manufacturer Notification:...

[SYSS-2022-046]: Verbatim Store 'n' Go Secure Portable SSD - Expected Behavior Violation (CWE-440) (CVE-2022-28386)

Posted by Matthias Deeg on Oct 08

Advisory ID: SYSS-2022-046
Product: Store 'n' Go Secure Portable SSD
Manufacturer: Verbatim
Affected Version(s): #53402 (GDMSLK02 C-INIC3637-V1.1)
Tested Version(s): #53402 (GDMSLK02 C-INIC3637-V1.1)
Vulnerability Type: Expected Behavior Violation (CWE-440)
Risk Level: Low
Solution Status: Open
Manufacturer Notification: 2022-06-29
Solution Date:...

[SYSS-2022-043]: Verbatim Store 'n' Go Secure Portable SSD - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28384)

Posted by Matthias Deeg on Oct 08

Advisory ID: SYSS-2022-043
Product: Store 'n' Go Secure Portable SSD
Manufacturer: Verbatim
Affected Version(s): #53402 (GDMSLK02 C-INIC3637-V1.1)
Tested Version(s): #53402 (GDMSLK02 C-INIC3637-V1.1)
Vulnerability Type: Use of a Cryptographic Primitive with a Risky
Implementation (CWE-1240)
Risk Level: High
Solution Status:...

[SYSS-2022-044]: Verbatim Store 'n' Go Secure Portable SSD - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28382)

Posted by Matthias Deeg on Oct 08

Advisory ID: SYSS-2022-044
Product: Store 'n' Go Secure Portable SSD
Manufacturer: Verbatim
Affected Version(s): #53402 (GDMSLK02 C-INIC3637-V1.1)
Tested Version(s): #53402 (GDMSLK02 C-INIC3637-V1.1)
Vulnerability Type: Use of a Cryptographic Primitive with a Risky
Implementation (CWE-1240)
Risk Level: Low
Solution Status:...

Red Hat Security Advisory 2022-6838-01

Red Hat Security Advisory 2022-6838-01 - Expat is a C library for parsing XML documents. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2022-6831-01

Red Hat Security Advisory 2022-6831-01 - Expat is a C library for parsing XML documents. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2022-6850-01

Red Hat Security Advisory 2022-6850-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-6839-01

Red Hat Security Advisory 2022-6839-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.

Red Hat Security Advisory 2022-6833-01

Red Hat Security Advisory 2022-6833-01 - Expat is a C library for parsing XML documents. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2022-6834-01

Red Hat Security Advisory 2022-6834-01 - Expat is a C library for parsing XML documents. Issues addressed include a use-after-free vulnerability.

Ubuntu Security Notice USN-5661-1

Ubuntu Security Notice 5661-1 - It was discovered that LibreOffice incorrectly validated macro signatures. If a user were tricked into opening a specially crafted document, a remote attacker could possibly use this issue to execute arbitrary macros. It was discovered that Libreoffice incorrectly handled encrypting the master key provided by the user for storing passwords for web connections. A local attacker could possibly use this issue to obtain access to passwords stored in the user's configuration data.

Red Hat Security Advisory 2022-6835-01

Red Hat Security Advisory 2022-6835-01 - This release of Red Hat Integration - Service registry 2.3.0.GA serves as a replacement for 2.0.3.GA, and includes the below security fixes. Issues addressed include code execution, cross site scripting, denial of service, deserialization, and privilege escalation vulnerabilities.

Red Hat Security Advisory 2022-6832-01

Red Hat Security Advisory 2022-6832-01 - Expat is a C library for parsing XML documents. Issues addressed include a use-after-free vulnerability.

Hashicorp Boundary Clickjacking

Hashicorp Boundary versions prior to 0.9.1 suffer from a clickjacking vulnerability.

[webapps] Wordpress Plugin Zephyr Project Manager 3.2.42 - Multiple SQLi

Wordpress Plugin Zephyr Project Manager 3.2.42 - Multiple SQLi

Ubuntu Security Notice USN-5660-1

Ubuntu Security Notice 5660-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.

Ubuntu Security Notice USN-5659-1

Ubuntu Security Notice 5659-1 - Stephane Chauveau discovered that kitty incorrectly handled image filenames with special characters in error messages. A remote attacker could possibly use this to execute arbitrary commands. This issue only affected Ubuntu 20.04 LTS. Carter Sande discovered that kitty incorrectly handled escape sequences in desktop notifications. A remote attacker could possibly use this to execute arbitrary commands. This issue only affected Ubuntu 22.04 LTS.

Red Hat Security Advisory 2022-6820-01

Red Hat Security Advisory 2022-6820-01 - Prometheus JMX Exporter is a JMX to Prometheus exporter: a collector that can be configured to scrape and expose MBeans of a JMX target. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-6757-01

Red Hat Security Advisory 2022-6757-01 - This release of Red Hat build of Eclipse Vert.x 4.3.3 GA includes security updates. For more information, see the release notes listed in the References section. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-6819-01

Red Hat Security Advisory 2022-6819-01 - Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. This release of Red Hat AMQ Streams 2.2.0 serves as a replacement for Red Hat AMQ Streams 2.1.0, and includes security and bug fixes, and enhancements. Issues addressed include denial of service and deserialization vulnerabilities.

Ubuntu Security Notice USN-5658-1

Ubuntu Security Notice 5658-1 - It was discovered that DHCP incorrectly handled option reference counting. A remote attacker could possibly use this issue to cause DHCP servers to crash, resulting in a denial of service. It was discovered that DHCP incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause DHCP clients and servers to consume resources, leading to a denial of service.

Red Hat Security Advisory 2022-6821-01

Red Hat Security Advisory 2022-6821-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.7 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.6, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.7 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include a denial of service vulnerability.