VARIoT IoT vulnerabilities database
| VAR-202209-0060 | CVE-2022-34372 | Dell's powerprotect cyber recovery Authentication vulnerability in |
CVSS V2: - CVSS V3: 9.1 Severity: CRITICAL |
Dell PowerProtect Cyber Recovery versions before 19.11.0.2 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially access and interact with the docker registry API leading to an authentication bypass. The attacker may potentially alter the docker images leading to a loss of integrity and confidentiality
| VAR-202209-0061 | CVE-2022-34380 | Dell's CloudLink Authentication vulnerability in |
CVSS V2: - CVSS V3: 8.2 Severity: HIGH |
Dell CloudLink 7.1.3 and all earlier versions contain an Authentication Bypass Using an Alternate Path or Channel Vulnerability. A high privileged local attacker may potentially exploit this vulnerability leading to authentication bypass and access the CloudLink system console. This is critical severity vulnerability as it allows attacker to take control of the system. Dell's CloudLink There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202209-0018 | CVE-2022-36054 | Contiki-NG Out-of-bounds write vulnerability in |
CVSS V2: - CVSS V3: 8.8 Severity: HIGH |
Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The 6LoWPAN implementation in the Contiki-NG operating system (file os/net/ipv6/sicslowpan.c) contains an input function that processes incoming packets and copies them into a packet buffer. Because of a missing length check in the input function, it is possible to write outside the packet buffer's boundary. The vulnerability can be exploited by anyone who has the possibility to send 6LoWPAN packets to a Contiki-NG system. In particular, the vulnerability is exposed when sending either of two types of 6LoWPAN packets: an unfragmented packet or the first fragment of a fragmented packet. If the packet is sufficiently large, a subsequent memory copy will cause an out-of-bounds write with data supplied by the attacker. Contiki-NG Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202209-0024 | CVE-2022-34379 | Dell's CloudLink Authentication vulnerability in |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Dell EMC CloudLink 7.1.2 and all prior versions contain an Authentication Bypass Vulnerability. A remote attacker, with the knowledge of the active directory usernames, could potentially exploit this vulnerability to gain unauthorized access to the system. Dell's CloudLink There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202209-0044 | CVE-2022-36052 | Contiki-NG Out-of-bounds read vulnerability in |
CVSS V2: - CVSS V3: 8.8 Severity: HIGH |
Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The 6LoWPAN implementation in Contiki-NG may cast a UDP header structure at a certain offset in a packet buffer. The code does not check whether the packet buffer is large enough to fit a full UDP header structure from the offset where the casting is made. Hence, it is possible to cause an out-of-bounds read beyond the packet buffer. The problem affects anyone running devices with Contiki-NG versions previous to 4.8, and which may receive 6LoWPAN packets from external parties. The problem has been patched in Contiki-NG version 4.8. Contiki-NG Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202209-0090 | CVE-2022-36053 | Contiki-NG Out-of-bounds read vulnerability in |
CVSS V2: - CVSS V3: 8.8 Severity: HIGH |
Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The low-power IPv6 network stack of Contiki-NG has a buffer module (os/net/ipv6/uipbuf.c) that processes IPv6 extension headers in incoming data packets. As part of this processing, the function uipbuf_get_next_header casts a pointer to a uip_ext_hdr structure into the packet buffer at different offsets where extension headers are expected to be found, and then reads from this structure. Because of a lack of bounds checking, the casting can be done so that the structure extends beyond the packet's end. Hence, with a carefully crafted packet, it is possible to cause the Contiki-NG system to read data outside the packet buffer. A patch that fixes the vulnerability is included in Contiki-NG 4.8. Contiki-NG Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202209-0112 | CVE-2022-37435 | Apache Software Foundation of ShenYu Vulnerability in improper permission assignment for critical resources in |
CVSS V2: - CVSS V3: 8.8 Severity: HIGH |
Apache ShenYu Admin has insecure permissions, which may allow low-privilege administrators to modify high-privilege administrator's passwords. This issue affects Apache ShenYu 2.4.2 and 2.4.3. Apache Software Foundation of ShenYu Contains a vulnerability in improper permission assignment for critical resources.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202209-0069 | CVE-2022-2979 | Made by Omron CX-Programmer Freed memory usage in ( use-after-free ) vulnerability |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
Opening a specially crafted file could cause the affected product to fail to release its memory reference potentially resulting in arbitrary code execution. Provided by Omron Corporation CX-Programmer freed memory usage ( use-after-free ) vulnerability ( CWE-416 , CVE-2022-2979 ) Exists. This vulnerability information is provided by the developer for the purpose of disseminating it to product users. Omron CX-Programmer is a PLC (Programmable Logic Controller) programming software developed by Japan's Omron Corporation. Omron CX-Programmer
| VAR-202208-2352 | CVE-2022-34373 | Dell's command | integration suite for system center Past traversal vulnerability in |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
Dell Command | Integration Suite for System Center, versions prior to 6.2.0, contains arbitrary file write vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability in order to perform an arbitrary write as system. Dell's command | integration suite for system center Exists in a past traversal vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Used to configure and deploy your Dell client systems
| VAR-202208-2342 | CVE-2022-37123 | D-Link Systems, Inc. of DIR-816 in the firmware OS Command injection vulnerability |
CVSS V2: - CVSS V3: 8.8 Severity: HIGH |
D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/form2userconfig.cgi. D-Link Systems, Inc. of DIR-816 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202208-2263 | CVE-2022-35252 | Haxx of cURL Vulnerabilities in Products from Other Vendors |
CVSS V2: - CVSS V3: 3.7 Severity: LOW |
When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings. Haxx of cURL Products from other vendors have unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. A security vulnerability exists in curl versions 4.9 through 7.84. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202212-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: curl: Multiple Vulnerabilities
Date: December 19, 2022
Bugs: #803308, #813270, #841302, #843824, #854708, #867679, #878365
ID: 202212-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Multiple vulnerabilities have been found in curl, the worst of which
could result in arbitrary code execution.
Background
=========
A command line tool and library for transferring data with URLs.
Affected packages
================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/curl < 7.86.0 >= 7.86.0
Description
==========
Multiple vulnerabilities have been discovered in curl. Please review the
CVE identifiers referenced below for details.
Impact
=====
Please review the referenced CVE identifiers for details.
Workaround
=========
There is no known workaround at this time.
Resolution
=========
All curl users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/curl-7.86.0"
References
=========
[ 1 ] CVE-2021-22922
https://nvd.nist.gov/vuln/detail/CVE-2021-22922
[ 2 ] CVE-2021-22923
https://nvd.nist.gov/vuln/detail/CVE-2021-22923
[ 3 ] CVE-2021-22925
https://nvd.nist.gov/vuln/detail/CVE-2021-22925
[ 4 ] CVE-2021-22926
https://nvd.nist.gov/vuln/detail/CVE-2021-22926
[ 5 ] CVE-2021-22945
https://nvd.nist.gov/vuln/detail/CVE-2021-22945
[ 6 ] CVE-2021-22946
https://nvd.nist.gov/vuln/detail/CVE-2021-22946
[ 7 ] CVE-2021-22947
https://nvd.nist.gov/vuln/detail/CVE-2021-22947
[ 8 ] CVE-2022-22576
https://nvd.nist.gov/vuln/detail/CVE-2022-22576
[ 9 ] CVE-2022-27774
https://nvd.nist.gov/vuln/detail/CVE-2022-27774
[ 10 ] CVE-2022-27775
https://nvd.nist.gov/vuln/detail/CVE-2022-27775
[ 11 ] CVE-2022-27776
https://nvd.nist.gov/vuln/detail/CVE-2022-27776
[ 12 ] CVE-2022-27779
https://nvd.nist.gov/vuln/detail/CVE-2022-27779
[ 13 ] CVE-2022-27780
https://nvd.nist.gov/vuln/detail/CVE-2022-27780
[ 14 ] CVE-2022-27781
https://nvd.nist.gov/vuln/detail/CVE-2022-27781
[ 15 ] CVE-2022-27782
https://nvd.nist.gov/vuln/detail/CVE-2022-27782
[ 16 ] CVE-2022-30115
https://nvd.nist.gov/vuln/detail/CVE-2022-30115
[ 17 ] CVE-2022-32205
https://nvd.nist.gov/vuln/detail/CVE-2022-32205
[ 18 ] CVE-2022-32206
https://nvd.nist.gov/vuln/detail/CVE-2022-32206
[ 19 ] CVE-2022-32207
https://nvd.nist.gov/vuln/detail/CVE-2022-32207
[ 20 ] CVE-2022-32208
https://nvd.nist.gov/vuln/detail/CVE-2022-32208
[ 21 ] CVE-2022-32221
https://nvd.nist.gov/vuln/detail/CVE-2022-32221
[ 22 ] CVE-2022-35252
https://nvd.nist.gov/vuln/detail/CVE-2022-35252
[ 23 ] CVE-2022-35260
https://nvd.nist.gov/vuln/detail/CVE-2022-35260
[ 24 ] CVE-2022-42915
https://nvd.nist.gov/vuln/detail/CVE-2022-42915
[ 25 ] CVE-2022-42916
https://nvd.nist.gov/vuln/detail/CVE-2022-42916
Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202212-01
Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
======
Copyright 2022 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3
macOS Monterey 12.6.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213604.
AppleMobileFileIntegrity
Available for: macOS Monterey
Impact: An app may be able to access user-sensitive data
Description: This issue was addressed by enabling hardened runtime.
CVE-2023-23499: Wojciech Reguła (@_r3ggi) of SecuRing
(wojciechregula.blog)
curl
Available for: macOS Monterey
Impact: Multiple issues in curl
Description: Multiple issues were addressed by updating to curl
version 7.86.0.
CVE-2022-42915
CVE-2022-42916
CVE-2022-32221
CVE-2022-35260
curl
Available for: macOS Monterey
Impact: Multiple issues in curl
Description: Multiple issues were addressed by updating to curl
version 7.85.0.
CVE-2022-35252
dcerpc
Available for: macOS Monterey
Impact: Mounting a maliciously crafted Samba network share may lead
to arbitrary code execution
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2023-23513: Dimitrios Tatsis and Aleksandar Nikolic of Cisco
Talos
DiskArbitration
Available for: macOS Monterey
Impact: An encrypted volume may be unmounted and remounted by a
different user without prompting for the password
Description: A logic issue was addressed with improved state
management.
CVE-2023-23493: Oliver Norpoth (@norpoth) of KLIXX GmbH (klixx.com)
DriverKit
Available for: macOS Monterey
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A type confusion issue was addressed with improved
checks.
CVE-2022-32915: Tommy Muir (@Muirey03)
Intel Graphics Driver
Available for: macOS Monterey
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved bounds checks.
CVE-2023-23507: an anonymous researcher
Kernel
Available for: macOS Monterey
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2023-23504: Adam Doupé of ASU SEFCOM
Kernel
Available for: macOS Monterey
Impact: An app may be able to determine kernel memory layout
Description: An information disclosure issue was addressed by
removing the vulnerable code.
CVE-2023-23502: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. (@starlabs_sg)
PackageKit
Available for: macOS Monterey
Impact: An app may be able to gain root privileges
Description: A logic issue was addressed with improved state
management.
CVE-2023-23497: Mickey Jin (@patch1t)
Screen Time
Available for: macOS Monterey
Impact: An app may be able to access information about a user’s
contacts
Description: A privacy issue was addressed with improved private data
redaction for log entries.
CVE-2023-23505: Wojciech Regula of SecuRing (wojciechregula.blog)
Weather
Available for: macOS Monterey
Impact: An app may be able to bypass Privacy preferences
Description: The issue was addressed with improved memory handling.
CVE-2023-23511: Wojciech Regula of SecuRing (wojciechregula.blog), an
anonymous researcher
WebKit
Available for: macOS Monterey
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 248268
CVE-2023-23518: YeongHyeon Choi (@hyeon101010), Hyeon Park
(@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung),
JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE
WebKit Bugzilla: 248268
CVE-2023-23517: YeongHyeon Choi (@hyeon101010), Hyeon Park
(@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung),
JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE
Windows Installer
Available for: macOS Monterey
Impact: An app may be able to bypass Privacy preferences
Description: The issue was addressed with improved memory handling.
CVE-2023-23508: Mickey Jin (@patch1t)
Additional recognition
Kernel
We would like to acknowledge Nick Stenning of Replicate for their
assistance.
macOS Monterey 12.6.3 may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222. This software, such as Apache HTTP Server, is
common to multiple JBoss middleware products, and is packaged under Red Hat
JBoss Core Services to allow for faster distribution of updates, and for a
more consistent update experience. After installing the updated packages, the
httpd daemon will be restarted automatically. Bugs fixed (https://bugzilla.redhat.com/):
2064319 - CVE-2022-23943 httpd: mod_sed: Read/write beyond bounds
2064320 - CVE-2022-22721 httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody
2081494 - CVE-2022-1292 openssl: c_rehash script allows command injection
2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request smuggling
2095000 - CVE-2022-28330 httpd: mod_isapi: out-of-bounds read
2095002 - CVE-2022-28614 httpd: Out-of-bounds read via ap_rwrite()
2095006 - CVE-2022-28615 httpd: Out-of-bounds read in ap_strcmp_match()
2095015 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability
2095020 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism
2097310 - CVE-2022-2068 openssl: the c_rehash script allows command injection
2099300 - CVE-2022-32206 curl: HTTP compression denial of service
2099305 - CVE-2022-32207 curl: Unpreserved file permissions
2099306 - CVE-2022-32208 curl: FTP-KRB bad message verification
2120718 - CVE-2022-35252 curl: control code in cookie denial of service
2135411 - CVE-2022-32221 curl: POST following PUT confusion
2135413 - CVE-2022-42915 curl: HTTP proxy double-free
2135416 - CVE-2022-42916 curl: HSTS bypass via IDN
6. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Low: curl security update
Advisory ID: RHSA-2023:2478-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2023:2478
Issue date: 2023-05-09
CVE Names: CVE-2022-35252 CVE-2022-43552
====================================================================
1. Summary:
An update for curl is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact
of Low. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64
3. Description:
The curl packages provide the libcurl library and the curl utility for
downloading files from servers using various protocols, including HTTP,
FTP, and LDAP.
Security Fix(es):
* curl: Incorrect handling of control code characters in cookies
(CVE-2022-35252)
* curl: Use-after-free triggered by an HTTP proxy deny response
(CVE-2022-43552)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 9.2 Release Notes linked from the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
2120718 - CVE-2022-35252 curl: Incorrect handling of control code characters in cookies
2152652 - CVE-2022-43552 curl: Use-after-free triggered by an HTTP proxy deny response
6. Package List:
Red Hat Enterprise Linux AppStream (v. 9):
aarch64:
curl-debuginfo-7.76.1-23.el9.aarch64.rpm
curl-debugsource-7.76.1-23.el9.aarch64.rpm
curl-minimal-debuginfo-7.76.1-23.el9.aarch64.rpm
libcurl-debuginfo-7.76.1-23.el9.aarch64.rpm
libcurl-devel-7.76.1-23.el9.aarch64.rpm
libcurl-minimal-debuginfo-7.76.1-23.el9.aarch64.rpm
ppc64le:
curl-debuginfo-7.76.1-23.el9.ppc64le.rpm
curl-debugsource-7.76.1-23.el9.ppc64le.rpm
curl-minimal-debuginfo-7.76.1-23.el9.ppc64le.rpm
libcurl-debuginfo-7.76.1-23.el9.ppc64le.rpm
libcurl-devel-7.76.1-23.el9.ppc64le.rpm
libcurl-minimal-debuginfo-7.76.1-23.el9.ppc64le.rpm
s390x:
curl-debuginfo-7.76.1-23.el9.s390x.rpm
curl-debugsource-7.76.1-23.el9.s390x.rpm
curl-minimal-debuginfo-7.76.1-23.el9.s390x.rpm
libcurl-debuginfo-7.76.1-23.el9.s390x.rpm
libcurl-devel-7.76.1-23.el9.s390x.rpm
libcurl-minimal-debuginfo-7.76.1-23.el9.s390x.rpm
x86_64:
curl-debuginfo-7.76.1-23.el9.i686.rpm
curl-debuginfo-7.76.1-23.el9.x86_64.rpm
curl-debugsource-7.76.1-23.el9.i686.rpm
curl-debugsource-7.76.1-23.el9.x86_64.rpm
curl-minimal-debuginfo-7.76.1-23.el9.i686.rpm
curl-minimal-debuginfo-7.76.1-23.el9.x86_64.rpm
libcurl-debuginfo-7.76.1-23.el9.i686.rpm
libcurl-debuginfo-7.76.1-23.el9.x86_64.rpm
libcurl-devel-7.76.1-23.el9.i686.rpm
libcurl-devel-7.76.1-23.el9.x86_64.rpm
libcurl-minimal-debuginfo-7.76.1-23.el9.i686.rpm
libcurl-minimal-debuginfo-7.76.1-23.el9.x86_64.rpm
Red Hat Enterprise Linux BaseOS (v. 9):
Source:
curl-7.76.1-23.el9.src.rpm
aarch64:
curl-7.76.1-23.el9.aarch64.rpm
curl-debuginfo-7.76.1-23.el9.aarch64.rpm
curl-debugsource-7.76.1-23.el9.aarch64.rpm
curl-minimal-7.76.1-23.el9.aarch64.rpm
curl-minimal-debuginfo-7.76.1-23.el9.aarch64.rpm
libcurl-7.76.1-23.el9.aarch64.rpm
libcurl-debuginfo-7.76.1-23.el9.aarch64.rpm
libcurl-minimal-7.76.1-23.el9.aarch64.rpm
libcurl-minimal-debuginfo-7.76.1-23.el9.aarch64.rpm
ppc64le:
curl-7.76.1-23.el9.ppc64le.rpm
curl-debuginfo-7.76.1-23.el9.ppc64le.rpm
curl-debugsource-7.76.1-23.el9.ppc64le.rpm
curl-minimal-7.76.1-23.el9.ppc64le.rpm
curl-minimal-debuginfo-7.76.1-23.el9.ppc64le.rpm
libcurl-7.76.1-23.el9.ppc64le.rpm
libcurl-debuginfo-7.76.1-23.el9.ppc64le.rpm
libcurl-minimal-7.76.1-23.el9.ppc64le.rpm
libcurl-minimal-debuginfo-7.76.1-23.el9.ppc64le.rpm
s390x:
curl-7.76.1-23.el9.s390x.rpm
curl-debuginfo-7.76.1-23.el9.s390x.rpm
curl-debugsource-7.76.1-23.el9.s390x.rpm
curl-minimal-7.76.1-23.el9.s390x.rpm
curl-minimal-debuginfo-7.76.1-23.el9.s390x.rpm
libcurl-7.76.1-23.el9.s390x.rpm
libcurl-debuginfo-7.76.1-23.el9.s390x.rpm
libcurl-minimal-7.76.1-23.el9.s390x.rpm
libcurl-minimal-debuginfo-7.76.1-23.el9.s390x.rpm
x86_64:
curl-7.76.1-23.el9.x86_64.rpm
curl-debuginfo-7.76.1-23.el9.i686.rpm
curl-debuginfo-7.76.1-23.el9.x86_64.rpm
curl-debugsource-7.76.1-23.el9.i686.rpm
curl-debugsource-7.76.1-23.el9.x86_64.rpm
curl-minimal-7.76.1-23.el9.x86_64.rpm
curl-minimal-debuginfo-7.76.1-23.el9.i686.rpm
curl-minimal-debuginfo-7.76.1-23.el9.x86_64.rpm
libcurl-7.76.1-23.el9.i686.rpm
libcurl-7.76.1-23.el9.x86_64.rpm
libcurl-debuginfo-7.76.1-23.el9.i686.rpm
libcurl-debuginfo-7.76.1-23.el9.x86_64.rpm
libcurl-minimal-7.76.1-23.el9.i686.rpm
libcurl-minimal-7.76.1-23.el9.x86_64.rpm
libcurl-minimal-debuginfo-7.76.1-23.el9.i686.rpm
libcurl-minimal-debuginfo-7.76.1-23.el9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2022-35252
https://access.redhat.com/security/cve/CVE-2022-43552
https://access.redhat.com/security/updates/classification/#low
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBZFo0V9zjgjWX9erEAQhmTw/9FUwLCGRKCmddNVTMAaay54EPggJFOPKx
nN06YIqiK5arkX4SD58YZrX9J0gUZcwGs6s5WO35pG3F+qJXhe8E8fbzavqRG5NB
oxG+pDC5+6xQxK41tkuLYJoUhF1w4yG8SuMSzroLcpbut/MAjKGGw4qgyNGit1Su
xFGrDTyFxtj+tUZIQCil0HAqlXswQ7G2ukB9kQBpxNRfR0V2ANfmfkkGj8+xWauh
L1PcaDezNWgAbgWbuf3mHNiwDMxWsNfcwCbx3P8sF+vRe7q5RdIFNL1oXJkPxQVy
C6L29KcaLYxToNmUNyrOncWAj8KSlrDngVq3NXnG34lVzqz2t/ouc/0lX4Jc9qTL
mGwYoXvlTqQgV4hGQPfDufApaukxgZfcSidSfqlNt1amYYNiYcvIyf15dht87ipB
27ahZWDKvunB4gqMG62XNHyiu9bKmDCyL57ggUBt3wxJ7H9M/OgjsI7C/i/10SMT
D75GjYaU2TWyGLd4SvbV6/3pA3zAZ0Ffqc66uANwfBXC7jFd2/ykEBir3vJYTq17
r2YWYgH2sma5kwb7ZHQhLKk+N2a0g1KX+Mr0V2wJ+yAYwkbz6wu/BVDXstBFkumJ
/iKmtOn0Mk07wo/3wvWu5M4tk4kZzmLzs1/ybH3GWOUbFUxbqgOos3/0Vi/uSW88
Yxf4bV/uBmU=HlZ2
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
. This product release includes bug fixes and security
update for the following packages: windows-machine-config-operator and
windows-machine-config-operator-bundle. Description:
Red Hat OpenShift support for Windows Containers allows you to deploy
Windows container workloads running on Windows Server containers. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):
2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server
2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add
2174485 - CVE-2023-25173 containerd: Supplementary groups are not set up properly
5. JIRA issues fixed (https://issues.redhat.com/):
OCPBUGS-10418 - Case sensitivity issue when label "openshift.io/cluster-monitoring" set to 'True' on openshift-windows-machine-config-operator namespace
OCPBUGS-11831 - oc adm node-logs failing in vSphere CI
OCPBUGS-15435 - Instance configurations fails on Windows Server 2019 without the container feature
OCPBUGS-3572 - Check if Windows defender is running doesnt work
OCPBUGS-4247 - Load balancer shows connectivity outage during Windows nodes upgrade
OCPBUGS-5894 - Windows nodes do not get drained (deconfigure) during the upgrade process
OCPBUGS-7726 - WMCO kubelet version not matching OCP payload's one
OCPBUGS-8055 - containerd version is being misreported
WINC-818 - Investigate if the Upgradeable condition is being tested in e2e suite
WINC-823 - Test generated community manifests in WMCO e2e
6. Description:
VolSync is a Kubernetes operator that enables asynchronous replication of
persistent volumes within a cluster, or across clusters. After deploying
the VolSync operator, it can create and maintain copies of your persistent
data.
For more information about VolSync, see:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.7/html/add-ons/add-ons-overview#volsync
or the VolSync open source community website at:
https://volsync.readthedocs.io/en/stable/.
This advisory contains enhancements and updates to the VolSync container
images.
Security fix(es): * CVE-2023-3089 openshift: OCP & FIPS mode
3. Bugs fixed (https://bugzilla.redhat.com/):
2212085 - CVE-2023-3089 openshift: OCP & FIPS mode
5
| VAR-202208-2272 | CVE-2022-36570 | Shenzhen Tenda Technology Co.,Ltd. of AC9 Out-of-bounds write vulnerability in firmware |
CVSS V2: - CVSS V3: 7.2 Severity: HIGH |
Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the time parameter at /goform/SetLEDCfg. Shenzhen Tenda Technology Co.,Ltd. of AC9 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202208-2222 | CVE-2022-37130 | D-Link Systems, Inc. of DIR-816 in the firmware OS Command injection vulnerability |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
In D-Link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img a command injection vulnerability occurs in /goform/Diagnosis, after the condition is met, setnum will be spliced into v10 by snprintf, and the system will be executed, resulting in a command injection vulnerability. D-Link Systems, Inc. of DIR-816 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202208-2309 | CVE-2022-36619 | D-Link Systems, Inc. of DIR-816 Vulnerability related to lack of authentication for critical functions in firmware |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
In D-link DIR-816 A2_v1.10CNB04.img,the network can be reset without authentication via /goform/setMAC. D-Link Systems, Inc. of DIR-816 Firmware has a lack of authentication vulnerability for critical functionality.Service operation interruption (DoS) It may be in a state
| VAR-202208-2266 | CVE-2022-37128 | D-Link Systems, Inc. of DIR-816 Firmware initialization vulnerability |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
In D-Link DIR-816 A2_v1.10CNB04.img the network can be initialized without authentication via /goform/wizard_end. D-Link Systems, Inc. of DIR-816 An initialization vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202208-2363 | CVE-2022-37347 | Trend Micro antivirus Multiple vulnerabilities in the cloud |
CVSS V2: - CVSS V3: 5.5 Severity: MEDIUM |
Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory locations and cause a crash on an affected machine. This vulnerability is similar to, but not the same as CVE-2022-35234. Virus Buster from Trend Micro Inc. An update for the cloud has been released. This vulnerability information is provided by the developer for the purpose of dissemination to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.The potential impact will vary for each vulnerability, but you may be impacted by: Please refer to the respective advisory provided by the developer for details. Cloud version 17.7 It was * Arbitrary file deletion due to link interpretation problem when accessing file in data erasure tool - CVE-2022-30687 It was * Privilege escalation due to link interpretation problems when accessing files - CVE-2022-34893 It was * Information Disclosure via Out-of-Bounds Read Vulnerability - CVE-2022-35234 , CVE-2022-37347 , CVE-2022-37348 It was * Time-of-check Time-of-use (( TOCTOU ) Privilege escalation due to race condition vulnerability - CVE-2022-48191 virus buster Cloud version 17.0 It was * Information Disclosure via Out-of-Bounds Read Vulnerability - CVE-2022-35234 , CVE-2022-37347 , CVE-2022-37348. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the User Mode Hooking Monitor Engine. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of SYSTEM
| VAR-202208-2248 | CVE-2022-36620 | D-Link Systems, Inc. of DIR-816 Vulnerability in firmware related to improper validation of quantities specified in inputs |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
D-link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img is vulnerable to Buffer Overflow via /goform/addRouting. D-Link Systems, Inc. of DIR-816 A vulnerability exists in the firmware related to improper validation of quantities specified in input.Service operation interruption (DoS) It may be in a state
| VAR-202208-2362 | CVE-2022-37348 | Trend Micro antivirus Multiple vulnerabilities in the cloud |
CVSS V2: - CVSS V3: 5.5 Severity: MEDIUM |
Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory locations and cause a crash on an affected machine. This vulnerability is similar to, but not the same as CVE-2022-37347. Virus Buster from Trend Micro Inc. An update for the cloud has been released. This vulnerability information is provided by the developer for the purpose of dissemination to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.The potential impact will vary for each vulnerability, but you may be impacted by: Please refer to the respective advisory provided by the developer for details. Cloud version 17.7 It was * Arbitrary file deletion due to link interpretation problem when accessing file in data erasure tool - CVE-2022-30687 It was * Privilege escalation due to link interpretation problems when accessing files - CVE-2022-34893 It was * Information Disclosure via Out-of-Bounds Read Vulnerability - CVE-2022-35234 , CVE-2022-37347 , CVE-2022-37348 It was * Time-of-check Time-of-use (( TOCTOU ) Privilege escalation due to race condition vulnerability - CVE-2022-48191 virus buster Cloud version 17.0 It was * Information Disclosure via Out-of-Bounds Read Vulnerability - CVE-2022-35234 , CVE-2022-37347 , CVE-2022-37348. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the User Mode Hooking Monitor Engine. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of SYSTEM
| VAR-202208-2223 | CVE-2022-37125 | D-Link Systems, Inc. of DIR-816 Command injection vulnerability in firmware |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/NTPSyncWithHost. D-Link Systems, Inc. of DIR-816 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202208-2225 | CVE-2021-46835 | Huawei of WS7200-10 Firmware vulnerabilities |
CVSS V2: 3.3 CVSS V3: 4.3 Severity: MEDIUM |
There is a traffic hijacking vulnerability in WS7200-10 11.0.2.13. Successful exploitation of this vulnerability can cause packets to be hijacked by attackers. Huawei of WS7200-10 There are unspecified vulnerabilities in the firmware.Information may be tampered with. HUAWEI WS7200-10 is a wireless router of China Huawei (HUAWEI).
HUAWEI WS7200-10 has security vulnerabilities