VARIoT IoT vulnerabilities database
| VAR-202206-2047 | CVE-2022-2143 | Advantech Co., Ltd. iView Vulnerability in |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code. Advantech Co., Ltd. iView Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. When parsing the backup_filename element of the backupDatabase action, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Advantech iView
| VAR-202206-2188 | CVE-2022-32092 | of D-Link Japan Co., Ltd. dir-645 in the firmware OS Command injection vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
D-Link DIR-645 v1.03 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter at __ajax_explorer.sgi. of D-Link Japan Co., Ltd. dir-645 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202206-2028 | CVE-2022-33005 | Delta Electronics, INC. of DIAEnergie Cross-site scripting vulnerability in |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
A cross-site scripting (XSS) vulnerability in the System Settings/IOT Settings module of Delta Electronics DIAEnergie v1.08.00 allows attackers to execute arbitrary web scripts via a crafted payload injected into the Name text field. Delta Electronics, INC. of DIAEnergie Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Delta Electronics DIAEnergie is an industrial energy management system for monitoring and analyzing energy consumption in real time, calculating energy consumption and load characteristics, optimizing equipment performance, improving production processes and maximizing energy efficiency
| VAR-202206-2024 | CVE-2022-33007 | TRENDnet of TEW-752DRU firmware and TEW-751DR Out-of-bounds write vulnerability in firmware |
CVSS V2: 5.8 CVSS V3: 8.8 Severity: HIGH |
TRENDnet Wi-Fi routers TEW751DR v1.03 and TEW-752DRU v1.03 were discovered to contain a stack overflow via the function genacgi_main. TRENDnet of TEW-752DRU firmware and TEW-751DR An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202206-2091 | CVE-2022-28172 | plural Hangzhou Hikvision Digital Technology Cross-site scripting vulnerability in the product |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to XSS attack by sending messages with malicious commands to the affected device. ds-a71024 firmware, ds-a71048 firmware, ds-a71072r firmware etc. Hangzhou Hikvision Digital Technology A cross-site scripting vulnerability exists in the product.Information may be obtained and information may be tampered with. Detailed Information
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Product Name: Hikvision
Vendor Home Page: https://www.hikvision.com
Fixed Version: fixed versions were released by Hikvision
Vulnerability Type: CWE-78,89 and 94
CVE Numbers: CVE-2022-28171-CVE-2022-28172
Author of Advisory: Thurein Soe
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Vendor Description:
Hikvision is a world-leading surveillance manufacturer and supplier of
video surveillance and Internet of Things (IoT) equipment for civilian and
military purposes.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Vulnerability description:
Some Hikvision Hybrid SAN Products were vulnerable to multiple remote code
execution (command injection) vulnerabilities, including Reflected XSS,
Ruby code injection, classic and blind SQL injection resulting in remote
code execution that allows an adversary to execute arbitrary operating
system commands etc. However, an adversary must be on the same network to
leverage this vulnerability to execute arbitrary commands.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Vulnerable Versions:
Ds-a71024 Firmware
Ds-a71024 Firmware
Ds-a71048r-cvs Firmware
Ds-a71048 Firmware
Ds-a71072r Firmware
Ds-a71072r Firmware
Ds-a72024 Firmware
Ds-a72024 Firmware
Ds-a72048r-cvs Firmware
Ds-a72072r Firmware
Ds-a80316s Firmware
Ds-a80624s Firmware
Ds-a81016s Firmware
Ds-a82024d Firmware
Ds-a71048r-cvs
Ds-a71024
Ds-a71048
Ds-a71072r
Ds-a80624s
Ds-a82024d
Ds-a80316s
Ds-a81016s
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Credits:
Thurein Soe
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
References:
https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-hybrid-san-products/
https://cve.report/CVE-2022-28171
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Timeline:
11 March 2022: Found security vulnerabilities in a few Hikvision Hybrid SAN
Products
23 March 2022: Reported the finding to Hikvision Security Response Center
(HSRC) team
24 March 2022: Hikvision Security Response Center (HSRC) team requested
further details of reproduction steps and remediation
25 March 2022: Further details of reproduction and remediation steps sent
to the Hikvision Security Response Center (HSRC) team
26 March 2022: Hikvision Security Response Center (HSRC) team agreed to
issue only two CVEs due to multiple vulnerabilities in a single parameter
22 June 2022: Hikvision Release the Initial fixed Version for the affected
products in June 2022.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
| VAR-202206-1963 | CVE-2022-32207 | curl Vulnerability regarding improper default permissions in |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended. curl There is a vulnerability in improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ==========================================================================
Ubuntu Security Notice USN-5495-1
June 27, 2022
curl vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 21.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in curl.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32205)
Harry Sintonen discovered that curl incorrectly handled certain HTTP compressions.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2022-32206)
Harry Sintonen incorrectly handled certain file permissions.
An attacker could possibly use this issue to expose sensitive information.
This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207)
Harry Sintonen discovered that curl incorrectly handled certain FTP-KRB messages.
An attacker could possibly use this to perform a machine-in-the-diddle attack.
(CVE-2022-32208)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS:
curl 7.81.0-1ubuntu1.3
libcurl3-gnutls 7.81.0-1ubuntu1.3
libcurl3-nss 7.81.0-1ubuntu1.3
libcurl4 7.81.0-1ubuntu1.3
Ubuntu 21.10:
curl 7.74.0-1.3ubuntu2.3
libcurl3-gnutls 7.74.0-1.3ubuntu2.3
libcurl3-nss 7.74.0-1.3ubuntu2.3
libcurl4 7.74.0-1.3ubuntu2.3
Ubuntu 20.04 LTS:
curl 7.68.0-1ubuntu2.12
libcurl3-gnutls 7.68.0-1ubuntu2.12
libcurl3-nss 7.68.0-1ubuntu2.12
libcurl4 7.68.0-1ubuntu2.12
Ubuntu 18.04 LTS:
curl 7.58.0-2ubuntu3.19
libcurl3-gnutls 7.58.0-2ubuntu3.19
libcurl3-nss 7.58.0-2ubuntu3.19
libcurl4 7.58.0-2ubuntu3.19
In general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202212-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: curl: Multiple Vulnerabilities
Date: December 19, 2022
Bugs: #803308, #813270, #841302, #843824, #854708, #867679, #878365
ID: 202212-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Multiple vulnerabilities have been found in curl, the worst of which
could result in arbitrary code execution.
Background
=========
A command line tool and library for transferring data with URLs.
Affected packages
================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/curl < 7.86.0 >= 7.86.0
Description
==========
Multiple vulnerabilities have been discovered in curl. Please review the
CVE identifiers referenced below for details.
Impact
=====
Please review the referenced CVE identifiers for details.
Workaround
=========
There is no known workaround at this time.
Resolution
=========
All curl users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/curl-7.86.0"
References
=========
[ 1 ] CVE-2021-22922
https://nvd.nist.gov/vuln/detail/CVE-2021-22922
[ 2 ] CVE-2021-22923
https://nvd.nist.gov/vuln/detail/CVE-2021-22923
[ 3 ] CVE-2021-22925
https://nvd.nist.gov/vuln/detail/CVE-2021-22925
[ 4 ] CVE-2021-22926
https://nvd.nist.gov/vuln/detail/CVE-2021-22926
[ 5 ] CVE-2021-22945
https://nvd.nist.gov/vuln/detail/CVE-2021-22945
[ 6 ] CVE-2021-22946
https://nvd.nist.gov/vuln/detail/CVE-2021-22946
[ 7 ] CVE-2021-22947
https://nvd.nist.gov/vuln/detail/CVE-2021-22947
[ 8 ] CVE-2022-22576
https://nvd.nist.gov/vuln/detail/CVE-2022-22576
[ 9 ] CVE-2022-27774
https://nvd.nist.gov/vuln/detail/CVE-2022-27774
[ 10 ] CVE-2022-27775
https://nvd.nist.gov/vuln/detail/CVE-2022-27775
[ 11 ] CVE-2022-27776
https://nvd.nist.gov/vuln/detail/CVE-2022-27776
[ 12 ] CVE-2022-27779
https://nvd.nist.gov/vuln/detail/CVE-2022-27779
[ 13 ] CVE-2022-27780
https://nvd.nist.gov/vuln/detail/CVE-2022-27780
[ 14 ] CVE-2022-27781
https://nvd.nist.gov/vuln/detail/CVE-2022-27781
[ 15 ] CVE-2022-27782
https://nvd.nist.gov/vuln/detail/CVE-2022-27782
[ 16 ] CVE-2022-30115
https://nvd.nist.gov/vuln/detail/CVE-2022-30115
[ 17 ] CVE-2022-32205
https://nvd.nist.gov/vuln/detail/CVE-2022-32205
[ 18 ] CVE-2022-32206
https://nvd.nist.gov/vuln/detail/CVE-2022-32206
[ 19 ] CVE-2022-32207
https://nvd.nist.gov/vuln/detail/CVE-2022-32207
[ 20 ] CVE-2022-32208
https://nvd.nist.gov/vuln/detail/CVE-2022-32208
[ 21 ] CVE-2022-32221
https://nvd.nist.gov/vuln/detail/CVE-2022-32221
[ 22 ] CVE-2022-35252
https://nvd.nist.gov/vuln/detail/CVE-2022-35252
[ 23 ] CVE-2022-35260
https://nvd.nist.gov/vuln/detail/CVE-2022-35260
[ 24 ] CVE-2022-42915
https://nvd.nist.gov/vuln/detail/CVE-2022-42915
[ 25 ] CVE-2022-42916
https://nvd.nist.gov/vuln/detail/CVE-2022-42916
Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202212-01
Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
======
Copyright 2022 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: curl security update
Advisory ID: RHSA-2022:6157-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:6157
Issue date: 2022-08-24
CVE Names: CVE-2022-32206 CVE-2022-32207 CVE-2022-32208
====================================================================
1. Summary:
An update for curl is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64
3. Description:
The curl packages provide the libcurl library and the curl utility for
downloading files from servers using various protocols, including HTTP,
FTP, and LDAP.
Security Fix(es):
* curl: HTTP compression denial of service (CVE-2022-32206)
* curl: Unpreserved file permissions (CVE-2022-32207)
* curl: FTP-KRB bad message verification (CVE-2022-32208)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
2099300 - CVE-2022-32206 curl: HTTP compression denial of service
2099305 - CVE-2022-32207 curl: Unpreserved file permissions
2099306 - CVE-2022-32208 curl: FTP-KRB bad message verification
6. Package List:
Red Hat Enterprise Linux AppStream (v. 9):
aarch64:
curl-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm
curl-debugsource-7.76.1-14.el9_0.5.aarch64.rpm
curl-minimal-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm
libcurl-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm
libcurl-devel-7.76.1-14.el9_0.5.aarch64.rpm
libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm
ppc64le:
curl-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm
curl-debugsource-7.76.1-14.el9_0.5.ppc64le.rpm
curl-minimal-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm
libcurl-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm
libcurl-devel-7.76.1-14.el9_0.5.ppc64le.rpm
libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm
s390x:
curl-debuginfo-7.76.1-14.el9_0.5.s390x.rpm
curl-debugsource-7.76.1-14.el9_0.5.s390x.rpm
curl-minimal-debuginfo-7.76.1-14.el9_0.5.s390x.rpm
libcurl-debuginfo-7.76.1-14.el9_0.5.s390x.rpm
libcurl-devel-7.76.1-14.el9_0.5.s390x.rpm
libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.s390x.rpm
x86_64:
curl-debuginfo-7.76.1-14.el9_0.5.i686.rpm
curl-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm
curl-debugsource-7.76.1-14.el9_0.5.i686.rpm
curl-debugsource-7.76.1-14.el9_0.5.x86_64.rpm
curl-minimal-debuginfo-7.76.1-14.el9_0.5.i686.rpm
curl-minimal-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm
libcurl-debuginfo-7.76.1-14.el9_0.5.i686.rpm
libcurl-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm
libcurl-devel-7.76.1-14.el9_0.5.i686.rpm
libcurl-devel-7.76.1-14.el9_0.5.x86_64.rpm
libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.i686.rpm
libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm
Red Hat Enterprise Linux BaseOS (v. 9):
Source:
curl-7.76.1-14.el9_0.5.src.rpm
aarch64:
curl-7.76.1-14.el9_0.5.aarch64.rpm
curl-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm
curl-debugsource-7.76.1-14.el9_0.5.aarch64.rpm
curl-minimal-7.76.1-14.el9_0.5.aarch64.rpm
curl-minimal-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm
libcurl-7.76.1-14.el9_0.5.aarch64.rpm
libcurl-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm
libcurl-minimal-7.76.1-14.el9_0.5.aarch64.rpm
libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm
ppc64le:
curl-7.76.1-14.el9_0.5.ppc64le.rpm
curl-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm
curl-debugsource-7.76.1-14.el9_0.5.ppc64le.rpm
curl-minimal-7.76.1-14.el9_0.5.ppc64le.rpm
curl-minimal-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm
libcurl-7.76.1-14.el9_0.5.ppc64le.rpm
libcurl-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm
libcurl-minimal-7.76.1-14.el9_0.5.ppc64le.rpm
libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm
s390x:
curl-7.76.1-14.el9_0.5.s390x.rpm
curl-debuginfo-7.76.1-14.el9_0.5.s390x.rpm
curl-debugsource-7.76.1-14.el9_0.5.s390x.rpm
curl-minimal-7.76.1-14.el9_0.5.s390x.rpm
curl-minimal-debuginfo-7.76.1-14.el9_0.5.s390x.rpm
libcurl-7.76.1-14.el9_0.5.s390x.rpm
libcurl-debuginfo-7.76.1-14.el9_0.5.s390x.rpm
libcurl-minimal-7.76.1-14.el9_0.5.s390x.rpm
libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.s390x.rpm
x86_64:
curl-7.76.1-14.el9_0.5.x86_64.rpm
curl-debuginfo-7.76.1-14.el9_0.5.i686.rpm
curl-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm
curl-debugsource-7.76.1-14.el9_0.5.i686.rpm
curl-debugsource-7.76.1-14.el9_0.5.x86_64.rpm
curl-minimal-7.76.1-14.el9_0.5.x86_64.rpm
curl-minimal-debuginfo-7.76.1-14.el9_0.5.i686.rpm
curl-minimal-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm
libcurl-7.76.1-14.el9_0.5.i686.rpm
libcurl-7.76.1-14.el9_0.5.x86_64.rpm
libcurl-debuginfo-7.76.1-14.el9_0.5.i686.rpm
libcurl-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm
libcurl-minimal-7.76.1-14.el9_0.5.i686.rpm
libcurl-minimal-7.76.1-14.el9_0.5.x86_64.rpm
libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.i686.rpm
libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2022-32206
https://access.redhat.com/security/cve/CVE-2022-32207
https://access.redhat.com/security/cve/CVE-2022-32208
https://access.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYwZpA9zjgjWX9erEAQjorQ/9G7KqpJrOkRXFM3iFlTVnUV/mGwdu4v5p
dru+hce/7sEETk1Er9JXSBIZvtCk31V7QxswgIpgAwCBX/Ie/wr+tosF3jE+4YjL
MCgtbk5Tzuak49Gsggz40GbvauEm3NiSyLPmG+A+tWrjqst3UWwobirEg7iVGUU1
OOWKhNPzAr0iWoY1z2EBvBl23Fo8gaMYX9dd8dhcGza2OVMwzywrNW69h6bsQhDp
Y5nAyBBCvwosqmDdIzZV5vDQEWoxb5uP+jnRgwtgJpaqdsn+ULkDuShIQZGntdA5
fSCM57aSEmOY0bx/fE3/Z1b8Si3+GJ+j688rSlcRwlaA+Bxo5Az+PUbe4eWwTc2B
vstfKWZHPLv/nyq+1JjV7/e+cuwAkn9YsT3/TUPlLtGjmg1x+4wytRXEF3uipFZR
P5TJGLIlvaQbnpNfVfkxefCvvGRuomILaP12rRYuKuI1CR+jRLu3jEmFfoSyJs/q
WR9OXuSQEFjTmLo3m8S7iRLN6bUWKItYhNmaSucZRgCvayT5BY54GbbssIAykQX8
zLXIbqHQJec8sJuIdSwDSAuxyhrq30kSk0WLpfkK/uw179XpUphNK9CHL7VnGiVj
haaef/yP7L12NBguJBmUnYWaWwa3sqepNQ3D8RQYXHrOmQ38VOjL76RQ0URYPkSB
pl2iagecnP0=fQUi
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
. These flaws may allow remote attackers to obtain sensitive
information, leak authentication or cookie header data or facilitate a
denial of service attack.
For the stable distribution (bullseye), these problems have been fixed in
version 7.74.0-1.3+deb11u2.
We recommend that you upgrade your curl packages.
For the detailed security status of curl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/curl
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmLoBaNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeTf9A//VWkco2gxCMMe8JDcL9sLD0B5L8KGRxbPBYmpE1l2kCpiW9QGVwCN3q2K
i8xo0jmRxSwSXDmAE17aTtGT66vU8vQSHewty031TcvWKBoAJpKRTbazfdOy/vDD
waofTEaUClFt3NNiR3gigRU6OFV/9MWlUWwCJ/Wgd5osJTQCyWV/iHz3FJluc1Gp
rXamYLnWGUJbIZgMFEo7TqIyb91P0PrX4hpnCcnhvY4ci5NWOj2qaoWGhgF+f9gz
Uao91GTOnuTyoY3apKzifdO5dih9zJttnRKUgHkn9YCGxanljoPjHRYOavWdN6bE
yIpT/Xw2dy05Fzydb73bDurQP+mkyWGZA+S8gxtbY7S7OylRS9iHSfyUpAVEM/Ab
SPkGQl6vBKr7dmyHkdIlbViste6kcmhQQete9E3tM18MkyK0NbBiUj+pShNPC+SF
REStal14ZE+DSwFKp5UA8izEh0G5RC5VUVhB/jtoxym2rvmIamk5YqCS1rupGP9R
1Y+Jm8CywBrKHl5EzAVUswC5xDAArWdXRvrgHCeElnkwuCwRC8AgRiYFFRulWKwt
TV5qveehnzSc2z5IDc/tdiPWNJhJu/blNN8BauG8zmJV4ZhZP9EO1FCLE7DpqQ38
EPtUTMXaMQR1W15He51auBQwJgSiX1II+5jh6PeZTKBKnJgLYNA=
=3E71
-----END PGP SIGNATURE-----
. This software, such as Apache HTTP Server, is
common to multiple JBoss middleware products, and is packaged under Red Hat
JBoss Core Services to allow for faster distribution of updates, and for a
more consistent update experience.
This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51
Service Pack 1 serves as a replacement for Red Hat JBoss Core Services
Apache HTTP Server 2.4.51, and includes bug fixes and enhancements, which
are documented in the Release Notes document linked to in the References. After installing the updated packages, the
httpd daemon will be restarted automatically
| VAR-202206-1900 | CVE-2022-32206 | Haxx of cURL Vulnerabilities related to unrestricted or throttled resource allocation in products from multiple other vendors |
CVSS V2: 4.3 CVSS V3: 6.5 Severity: MEDIUM |
curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors. Haxx of cURL Products from multiple other vendors are vulnerable to resource allocation without limits or throttling.Service operation interruption (DoS) It may be in a state. Harry Sintonen incorrectly handled certain file permissions.
An attacker could possibly use this issue to expose sensitive information.
This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207). Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container
Platform 4.11.3. See the following advisory for the RPM packages for this
release:
https://access.redhat.com/errata/RHBA-2022:6286
Space precludes documenting all of the container images in this advisory.
You may download the oc tool and use it to inspect release image metadata
as follows:
(For x86_64 architecture)
$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.11.3-x86_64
The image digest is
sha256:1ce5676839bca4f389cdc1c3ddc1a78ab033d4c554453ca7ef61a23e34da0803
(For s390x architecture)
$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.11.3-s390x
The image digest is
sha256:a1aa4c51af3b69b3dfc998c533b40ce7123f0a5e5e70910a4ea42e37493307b7
(For ppc64le architecture)
$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.11.3-ppc64le
The image digest is
sha256:b80afcee6747011412d703745acad28beacd6c659462fe341ffdb3fdb7fbb288
All OpenShift Container Platform 4.11 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift Console
or the CLI oc command. Instructions for upgrading a cluster are available
at
https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html
3. Solution:
For OpenShift Container Platform 4.11 see the following documentation,
which will be updated shortly for this release, for important instructions
on how to upgrade your cluster and fully apply this asynchronous errata
update:
https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html
Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html
4. Bugs fixed (https://bugzilla.redhat.com/):
1989398 - .indexignore is not ingore when opm command load dc configuration
2062152 - Azure CI can't provision volumes in parallel
2076402 - Don't warn on failure to create pod logical port when pod isn't scheduled
2096456 - [HyperShift] Election timeouts on OVNKube masters for Hypershift guests post statefulset recreation
2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS
2103127 - TechPreview feature is not enabled, but find "failed to list *v1alpha1.AlertingRule: alertingrules.monitoring.openshift.io is forbidden" in cmo logs
2105972 - [Azure-file CSI Driver] Read/Write permission denied for non-admin user on azure file csi provisioned volume with fsType=ext4,ext3,ext2,xfs
2107564 - [GCP] create gcpcluster get error
2108014 - Nutanix: the e2e-nutanix-operator webhooks test suite does not support provider Nutanix
2109642 - Fix two issues in hybrid overlay
2109943 - MetaLLB: Validation unable to create BGPPeers with spec.peerASN Value in OCP 4.10
2110407 - metal3-dnsmasq: workers are not provisioned during the cluster installation when BootMacAddress is not provided lower-case
2110524 - [AWS] CCM cannot work on Commercial Cloud Services (C2S) Top Secret Region
2111901 - Split the route controllers out from OCM
2114681 - Kernel parm needs to be added when a pao performance profile is applied, rcutree.kthread_prio
2115481 - ovnkube direct-lists pods on a node when the node object changes
2115561 - Pipelines (Multi-column table) column titles are not aligned with the column content (input fields) starting with 4.9
2115807 - OKD: update FCOS to latest stable
2116265 - Failed PipelineRun logs text is not visible in light mode
2116288 - Monitoring Alert decorator in Topology color is grey instead of red
2117462 - [4.11 backport] percpu Memory leak CRIO due to no garbage collection in /run/crio/exits for exited containers
2117594 - Upgrade golangci-lint to 1.47.3 in image-customization-controller
2117823 - oc adm release extract should handle ccoctl
5. JIRA issues fixed (https://issues.jboss.org/):
OCPBUGS-263 - [4.11] Tuned overwriting IRQBALANCE_BANNED_CPUS
OCPBUGS-306 - Cluster-version operator ClusterOperator checks are unecessarily slow on update
OCPBUGS-429 - Release 4.11 : Backport Insights Operator should collect helm upgrade and uninstall metric
OCPBUGS-433 - Nutanix platform validations run at `create manifests` stage
OCPBUGS-453 - [4.11] update ironic to latest available
OCPBUGS-465 - PDB warning alert when CR replica count is set to zero (edit)
OCPBUGS-515 - [OCPonRHV] CSI provisioned disks are effectively preallocated due to go-ovirt-client setting Provisioned and Initial size of the disk to the same value
OCPBUGS-516 - Setting a telemeter proxy in the cluster-monitoring-config config map does not work as expected
OCPBUGS-658 - [release-4.11] OVN master trying to deleteLogicalPort for object which is already gone
OCPBUGS-688 - Adding day2 remote worker node requires manually approving CSRs
OCPBUGS-727 - [4.11] Kubelet cannot be started on worker nodes after upgrade to OCP 4.11 (RHCOS 8.6) when custom SELinux policies are applied
OCPBUGS-737 - machineconfig service is failed to start because Podman storage gets corrupted
OCPBUGS-756 - MetaLLB: Validation unable to create BGPPeers with spec.peerASN Value in OCP 4.10
6. Summary:
OpenShift API for Data Protection (OADP) 1.1.0 is now available. Description:
OpenShift API for Data Protection (OADP) enables you to back up and restore
application resources, persistent volume data, and internal container
images to external backup storage. OADP enables both file system-based and
snapshot-based backups for persistent volumes. Bugs fixed (https://bugzilla.redhat.com/):
2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter
2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode
2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar
2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add
2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
5. JIRA issues fixed (https://issues.jboss.org/):
OADP-145 - Restic Restore stuck on InProgress status when app is deployed with DeploymentConfig
OADP-154 - Ensure support for backing up resources based on different label selectors
OADP-194 - Remove the registry dependency from OADP
OADP-199 - Enable support for restore of existing resources
OADP-224 - Restore silently ignore resources if they exist - restore log not updated
OADP-225 - Restore doesn't update velero.io/backup-name when a resource is updated
OADP-234 - Implementation of incremental restore
OADP-324 - Add label to Expired backups failing garbage collection
OADP-382 - 1.1: Update downstream OLM channels to support different x and y-stream releases
OADP-422 - [GCP] An attempt of snapshoting volumes on CSI storageclass using Velero-native snapshots fails because it's unable to find the zone
OADP-423 - CSI Backup is not blocked and does not wait for snapshot to complete
OADP-478 - volumesnapshotcontent cannot be deleted; SnapshotDeleteError Failed to delete snapshot
OADP-528 - The volumesnapshotcontent is not removed for the synced backup
OADP-533 - OADP Backup via Ceph CSI snapshot hangs indefinitely on OpenShift v4.10
OADP-538 - typo on noDefaultBackupLocation error on DPA CR
OADP-552 - Validate OADP with 4.11 and Pod Security Admissions
OADP-558 - Empty Failed Backup CRs can't be removed
OADP-585 - OADP 1.0.3: CSI functionality is broken on OCP 4.11 due to missing v1beta1 API version
OADP-586 - registry deployment still exists on 1.1 build, and the registry pod gets recreated endlessly
OADP-592 - OADP must-gather add support for insecure tls
OADP-597 - BSL validation logs
OADP-598 - Data mover performance on backup blocks backup process
OADP-599 - [Data Mover] Datamover Restic secret cannot be configured per bsl
OADP-600 - Operator should validate volsync installation and raise warning if data mover is enabled
OADP-602 - Support GCP for openshift-velero-plugin registry
OADP-605 - [OCP 4.11] CSI restore fails with admission webhook \"volumesnapshotclasses.snapshot.storage.k8s.io\" denied
OADP-607 - DataMover: VSB is stuck on SnapshotBackupDone
OADP-610 - Data mover fails if a stale volumesnapshot exists in application namespace
OADP-613 - DataMover: upstream documentation refers wrong CRs
OADP-637 - Restic backup fails with CA certificate
OADP-643 - [Data Mover] VSB and VSR names are not unique
OADP-644 - VolumeSnapshotBackup and VolumeSnapshotRestore timeouts should be configurable
OADP-648 - Remove default limits for velero and restic pods
OADP-652 - Data mover VolSync pod errors with Noobaa
OADP-655 - DataMover: volsync-dst-vsr pod completes although not all items where restored in the namespace
OADP-660 - Data mover restic secret does not support Azure
OADP-698 - DataMover: volume-snapshot-mover pod points to upstream image
OADP-715 - Restic restore fails: restic-wait container continuously fails with "Not found: /restores/<pod-volume>/.velero/<restore-UID>"
OADP-716 - Incremental restore: second restore of a namespace partially fails
OADP-736 - Data mover VSB always fails with volsync 0.5
6. Bugs fixed (https://bugzilla.redhat.com/):
2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header
2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
5. JIRA issues fixed (https://issues.jboss.org/):
LOG-2647 - Add link to log console from pod views
LOG-2801 - After upgrade all logs are stored in app indices
LOG-2917 - Changing refresh interval throws error when the 'Query' field is empty
6. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: curl security update
Advisory ID: RHSA-2022:6157-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:6157
Issue date: 2022-08-24
CVE Names: CVE-2022-32206 CVE-2022-32207 CVE-2022-32208
====================================================================
1. Summary:
An update for curl is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64
3. Description:
The curl packages provide the libcurl library and the curl utility for
downloading files from servers using various protocols, including HTTP,
FTP, and LDAP.
Security Fix(es):
* curl: HTTP compression denial of service (CVE-2022-32206)
* curl: Unpreserved file permissions (CVE-2022-32207)
* curl: FTP-KRB bad message verification (CVE-2022-32208)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
2099300 - CVE-2022-32206 curl: HTTP compression denial of service
2099305 - CVE-2022-32207 curl: Unpreserved file permissions
2099306 - CVE-2022-32208 curl: FTP-KRB bad message verification
6. Package List:
Red Hat Enterprise Linux AppStream (v. 9):
aarch64:
curl-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm
curl-debugsource-7.76.1-14.el9_0.5.aarch64.rpm
curl-minimal-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm
libcurl-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm
libcurl-devel-7.76.1-14.el9_0.5.aarch64.rpm
libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm
ppc64le:
curl-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm
curl-debugsource-7.76.1-14.el9_0.5.ppc64le.rpm
curl-minimal-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm
libcurl-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm
libcurl-devel-7.76.1-14.el9_0.5.ppc64le.rpm
libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm
s390x:
curl-debuginfo-7.76.1-14.el9_0.5.s390x.rpm
curl-debugsource-7.76.1-14.el9_0.5.s390x.rpm
curl-minimal-debuginfo-7.76.1-14.el9_0.5.s390x.rpm
libcurl-debuginfo-7.76.1-14.el9_0.5.s390x.rpm
libcurl-devel-7.76.1-14.el9_0.5.s390x.rpm
libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.s390x.rpm
x86_64:
curl-debuginfo-7.76.1-14.el9_0.5.i686.rpm
curl-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm
curl-debugsource-7.76.1-14.el9_0.5.i686.rpm
curl-debugsource-7.76.1-14.el9_0.5.x86_64.rpm
curl-minimal-debuginfo-7.76.1-14.el9_0.5.i686.rpm
curl-minimal-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm
libcurl-debuginfo-7.76.1-14.el9_0.5.i686.rpm
libcurl-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm
libcurl-devel-7.76.1-14.el9_0.5.i686.rpm
libcurl-devel-7.76.1-14.el9_0.5.x86_64.rpm
libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.i686.rpm
libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm
Red Hat Enterprise Linux BaseOS (v. 9):
Source:
curl-7.76.1-14.el9_0.5.src.rpm
aarch64:
curl-7.76.1-14.el9_0.5.aarch64.rpm
curl-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm
curl-debugsource-7.76.1-14.el9_0.5.aarch64.rpm
curl-minimal-7.76.1-14.el9_0.5.aarch64.rpm
curl-minimal-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm
libcurl-7.76.1-14.el9_0.5.aarch64.rpm
libcurl-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm
libcurl-minimal-7.76.1-14.el9_0.5.aarch64.rpm
libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm
ppc64le:
curl-7.76.1-14.el9_0.5.ppc64le.rpm
curl-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm
curl-debugsource-7.76.1-14.el9_0.5.ppc64le.rpm
curl-minimal-7.76.1-14.el9_0.5.ppc64le.rpm
curl-minimal-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm
libcurl-7.76.1-14.el9_0.5.ppc64le.rpm
libcurl-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm
libcurl-minimal-7.76.1-14.el9_0.5.ppc64le.rpm
libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm
s390x:
curl-7.76.1-14.el9_0.5.s390x.rpm
curl-debuginfo-7.76.1-14.el9_0.5.s390x.rpm
curl-debugsource-7.76.1-14.el9_0.5.s390x.rpm
curl-minimal-7.76.1-14.el9_0.5.s390x.rpm
curl-minimal-debuginfo-7.76.1-14.el9_0.5.s390x.rpm
libcurl-7.76.1-14.el9_0.5.s390x.rpm
libcurl-debuginfo-7.76.1-14.el9_0.5.s390x.rpm
libcurl-minimal-7.76.1-14.el9_0.5.s390x.rpm
libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.s390x.rpm
x86_64:
curl-7.76.1-14.el9_0.5.x86_64.rpm
curl-debuginfo-7.76.1-14.el9_0.5.i686.rpm
curl-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm
curl-debugsource-7.76.1-14.el9_0.5.i686.rpm
curl-debugsource-7.76.1-14.el9_0.5.x86_64.rpm
curl-minimal-7.76.1-14.el9_0.5.x86_64.rpm
curl-minimal-debuginfo-7.76.1-14.el9_0.5.i686.rpm
curl-minimal-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm
libcurl-7.76.1-14.el9_0.5.i686.rpm
libcurl-7.76.1-14.el9_0.5.x86_64.rpm
libcurl-debuginfo-7.76.1-14.el9_0.5.i686.rpm
libcurl-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm
libcurl-minimal-7.76.1-14.el9_0.5.i686.rpm
libcurl-minimal-7.76.1-14.el9_0.5.x86_64.rpm
libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.i686.rpm
libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2022-32206
https://access.redhat.com/security/cve/CVE-2022-32207
https://access.redhat.com/security/cve/CVE-2022-32208
https://access.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYwZpA9zjgjWX9erEAQjorQ/9G7KqpJrOkRXFM3iFlTVnUV/mGwdu4v5p
dru+hce/7sEETk1Er9JXSBIZvtCk31V7QxswgIpgAwCBX/Ie/wr+tosF3jE+4YjL
MCgtbk5Tzuak49Gsggz40GbvauEm3NiSyLPmG+A+tWrjqst3UWwobirEg7iVGUU1
OOWKhNPzAr0iWoY1z2EBvBl23Fo8gaMYX9dd8dhcGza2OVMwzywrNW69h6bsQhDp
Y5nAyBBCvwosqmDdIzZV5vDQEWoxb5uP+jnRgwtgJpaqdsn+ULkDuShIQZGntdA5
fSCM57aSEmOY0bx/fE3/Z1b8Si3+GJ+j688rSlcRwlaA+Bxo5Az+PUbe4eWwTc2B
vstfKWZHPLv/nyq+1JjV7/e+cuwAkn9YsT3/TUPlLtGjmg1x+4wytRXEF3uipFZR
P5TJGLIlvaQbnpNfVfkxefCvvGRuomILaP12rRYuKuI1CR+jRLu3jEmFfoSyJs/q
WR9OXuSQEFjTmLo3m8S7iRLN6bUWKItYhNmaSucZRgCvayT5BY54GbbssIAykQX8
zLXIbqHQJec8sJuIdSwDSAuxyhrq30kSk0WLpfkK/uw179XpUphNK9CHL7VnGiVj
haaef/yP7L12NBguJBmUnYWaWwa3sqepNQ3D8RQYXHrOmQ38VOjL76RQ0URYPkSB
pl2iagecnP0=fQUi
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
. Description:
Multicluster Engine for Kubernetes 2.0.2 images
Multicluster engine for Kubernetes provides the foundational components
that are necessary for the centralized management of multiple
Kubernetes-based clusters across data centers, public clouds, and private
clouds. After the clusters are managed, you can use the APIs that
are provided by the engine to distribute configuration based on placement
policy.
Security updates:
* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
* vm2: Sandbox Escape in vm2 (CVE-2022-36067)
Bug fix:
* MCE 2.0.2 images (BZ# 2104569)
3. Solution:
For multicluster engine for Kubernetes, see the following documentation for
details on how to install the images:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html-single/multicluster_engine/index#installing-while-connected-online
4. Bugs fixed (https://bugzilla.redhat.com/):
2104569 - MCE 2.0.2 Images
2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS
2124794 - CVE-2022-36067 vm2: Sandbox Escape in vm2
5
| VAR-202206-1962 | CVE-2022-32205 | curl Vulnerability in resource allocation without restrictions or throttling in |
CVSS V2: 4.3 CVSS V3: 4.3 Severity: MEDIUM |
A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven't expired. Due to cookie matching rules, a server on `foo.example.com` can set cookies that also would match for `bar.example.com`, making it it possible for a "sister server" to effectively cause a denial of service for a sibling site on the same second level domain using this method. curl Exists in a vulnerability in resource allocation without restrictions or throttling.Service operation interruption (DoS) It may be in a state. ==========================================================================
Ubuntu Security Notice USN-5495-1
June 27, 2022
curl vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 21.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in curl.
Software Description:
- curl: HTTP, HTTPS, and FTP client and client libraries
Details:
Harry Sintonen discovered that curl incorrectly handled certain cookies.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32205)
Harry Sintonen discovered that curl incorrectly handled certain HTTP compressions.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2022-32206)
Harry Sintonen incorrectly handled certain file permissions.
An attacker could possibly use this issue to expose sensitive information.
This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207)
Harry Sintonen discovered that curl incorrectly handled certain FTP-KRB messages.
An attacker could possibly use this to perform a machine-in-the-diddle attack.
(CVE-2022-32208)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS:
curl 7.81.0-1ubuntu1.3
libcurl3-gnutls 7.81.0-1ubuntu1.3
libcurl3-nss 7.81.0-1ubuntu1.3
libcurl4 7.81.0-1ubuntu1.3
Ubuntu 21.10:
curl 7.74.0-1.3ubuntu2.3
libcurl3-gnutls 7.74.0-1.3ubuntu2.3
libcurl3-nss 7.74.0-1.3ubuntu2.3
libcurl4 7.74.0-1.3ubuntu2.3
Ubuntu 20.04 LTS:
curl 7.68.0-1ubuntu2.12
libcurl3-gnutls 7.68.0-1ubuntu2.12
libcurl3-nss 7.68.0-1ubuntu2.12
libcurl4 7.68.0-1ubuntu2.12
Ubuntu 18.04 LTS:
curl 7.58.0-2ubuntu3.19
libcurl3-gnutls 7.58.0-2ubuntu3.19
libcurl3-nss 7.58.0-2ubuntu3.19
libcurl4 7.58.0-2ubuntu3.19
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5495-1
CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208
Package Information:
https://launchpad.net/ubuntu/+source/curl/7.81.0-1ubuntu1.3
https://launchpad.net/ubuntu/+source/curl/7.74.0-1.3ubuntu2.3
https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.12
https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.19
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202212-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: curl: Multiple Vulnerabilities
Date: December 19, 2022
Bugs: #803308, #813270, #841302, #843824, #854708, #867679, #878365
ID: 202212-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Multiple vulnerabilities have been found in curl, the worst of which
could result in arbitrary code execution.
Background
=========
A command line tool and library for transferring data with URLs.
Affected packages
================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/curl < 7.86.0 >= 7.86.0
Description
==========
Multiple vulnerabilities have been discovered in curl. Please review the
CVE identifiers referenced below for details.
Impact
=====
Please review the referenced CVE identifiers for details.
Workaround
=========
There is no known workaround at this time.
Resolution
=========
All curl users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/curl-7.86.0"
References
=========
[ 1 ] CVE-2021-22922
https://nvd.nist.gov/vuln/detail/CVE-2021-22922
[ 2 ] CVE-2021-22923
https://nvd.nist.gov/vuln/detail/CVE-2021-22923
[ 3 ] CVE-2021-22925
https://nvd.nist.gov/vuln/detail/CVE-2021-22925
[ 4 ] CVE-2021-22926
https://nvd.nist.gov/vuln/detail/CVE-2021-22926
[ 5 ] CVE-2021-22945
https://nvd.nist.gov/vuln/detail/CVE-2021-22945
[ 6 ] CVE-2021-22946
https://nvd.nist.gov/vuln/detail/CVE-2021-22946
[ 7 ] CVE-2021-22947
https://nvd.nist.gov/vuln/detail/CVE-2021-22947
[ 8 ] CVE-2022-22576
https://nvd.nist.gov/vuln/detail/CVE-2022-22576
[ 9 ] CVE-2022-27774
https://nvd.nist.gov/vuln/detail/CVE-2022-27774
[ 10 ] CVE-2022-27775
https://nvd.nist.gov/vuln/detail/CVE-2022-27775
[ 11 ] CVE-2022-27776
https://nvd.nist.gov/vuln/detail/CVE-2022-27776
[ 12 ] CVE-2022-27779
https://nvd.nist.gov/vuln/detail/CVE-2022-27779
[ 13 ] CVE-2022-27780
https://nvd.nist.gov/vuln/detail/CVE-2022-27780
[ 14 ] CVE-2022-27781
https://nvd.nist.gov/vuln/detail/CVE-2022-27781
[ 15 ] CVE-2022-27782
https://nvd.nist.gov/vuln/detail/CVE-2022-27782
[ 16 ] CVE-2022-30115
https://nvd.nist.gov/vuln/detail/CVE-2022-30115
[ 17 ] CVE-2022-32205
https://nvd.nist.gov/vuln/detail/CVE-2022-32205
[ 18 ] CVE-2022-32206
https://nvd.nist.gov/vuln/detail/CVE-2022-32206
[ 19 ] CVE-2022-32207
https://nvd.nist.gov/vuln/detail/CVE-2022-32207
[ 20 ] CVE-2022-32208
https://nvd.nist.gov/vuln/detail/CVE-2022-32208
[ 21 ] CVE-2022-32221
https://nvd.nist.gov/vuln/detail/CVE-2022-32221
[ 22 ] CVE-2022-35252
https://nvd.nist.gov/vuln/detail/CVE-2022-35252
[ 23 ] CVE-2022-35260
https://nvd.nist.gov/vuln/detail/CVE-2022-35260
[ 24 ] CVE-2022-42915
https://nvd.nist.gov/vuln/detail/CVE-2022-42915
[ 25 ] CVE-2022-42916
https://nvd.nist.gov/vuln/detail/CVE-2022-42916
Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202212-01
Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
======
Copyright 2022 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
. These flaws may allow remote attackers to obtain sensitive
information, leak authentication or cookie header data or facilitate a
denial of service attack.
For the stable distribution (bullseye), these problems have been fixed in
version 7.74.0-1.3+deb11u2.
We recommend that you upgrade your curl packages.
For the detailed security status of curl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/curl
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmLoBaNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeTf9A//VWkco2gxCMMe8JDcL9sLD0B5L8KGRxbPBYmpE1l2kCpiW9QGVwCN3q2K
i8xo0jmRxSwSXDmAE17aTtGT66vU8vQSHewty031TcvWKBoAJpKRTbazfdOy/vDD
waofTEaUClFt3NNiR3gigRU6OFV/9MWlUWwCJ/Wgd5osJTQCyWV/iHz3FJluc1Gp
rXamYLnWGUJbIZgMFEo7TqIyb91P0PrX4hpnCcnhvY4ci5NWOj2qaoWGhgF+f9gz
Uao91GTOnuTyoY3apKzifdO5dih9zJttnRKUgHkn9YCGxanljoPjHRYOavWdN6bE
yIpT/Xw2dy05Fzydb73bDurQP+mkyWGZA+S8gxtbY7S7OylRS9iHSfyUpAVEM/Ab
SPkGQl6vBKr7dmyHkdIlbViste6kcmhQQete9E3tM18MkyK0NbBiUj+pShNPC+SF
REStal14ZE+DSwFKp5UA8izEh0G5RC5VUVhB/jtoxym2rvmIamk5YqCS1rupGP9R
1Y+Jm8CywBrKHl5EzAVUswC5xDAArWdXRvrgHCeElnkwuCwRC8AgRiYFFRulWKwt
TV5qveehnzSc2z5IDc/tdiPWNJhJu/blNN8BauG8zmJV4ZhZP9EO1FCLE7DpqQ38
EPtUTMXaMQR1W15He51auBQwJgSiX1II+5jh6PeZTKBKnJgLYNA=
=3E71
-----END PGP SIGNATURE-----
| VAR-202206-1989 | CVE-2022-28171 | plural Hangzhou Hikvision Digital Technology Command injection vulnerabilities in the product |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to execute restricted commands by sending messages with malicious commands to the affected device. ds-a71024 firmware, ds-a71048 firmware, ds-a71072r firmware etc. Hangzhou Hikvision Digital Technology The product contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Detailed Information
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Product Name: Hikvision
Vendor Home Page: https://www.hikvision.com
Fixed Version: fixed versions were released by Hikvision
Vulnerability Type: CWE-78,89 and 94
CVE Numbers: CVE-2022-28171-CVE-2022-28172
Author of Advisory: Thurein Soe
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Vendor Description:
Hikvision is a world-leading surveillance manufacturer and supplier of
video surveillance and Internet of Things (IoT) equipment for civilian and
military purposes.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Vulnerability description:
Some Hikvision Hybrid SAN Products were vulnerable to multiple remote code
execution (command injection) vulnerabilities, including Reflected XSS,
Ruby code injection, classic and blind SQL injection resulting in remote
code execution that allows an adversary to execute arbitrary operating
system commands etc. However, an adversary must be on the same network to
leverage this vulnerability to execute arbitrary commands.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Vulnerable Versions:
Ds-a71024 Firmware
Ds-a71024 Firmware
Ds-a71048r-cvs Firmware
Ds-a71048 Firmware
Ds-a71072r Firmware
Ds-a71072r Firmware
Ds-a72024 Firmware
Ds-a72024 Firmware
Ds-a72048r-cvs Firmware
Ds-a72072r Firmware
Ds-a80316s Firmware
Ds-a80624s Firmware
Ds-a81016s Firmware
Ds-a82024d Firmware
Ds-a71048r-cvs
Ds-a71024
Ds-a71048
Ds-a71072r
Ds-a80624s
Ds-a82024d
Ds-a80316s
Ds-a81016s
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Credits:
Thurein Soe
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
References:
https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-hybrid-san-products/
https://cve.report/CVE-2022-28171
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Timeline:
11 March 2022: Found security vulnerabilities in a few Hikvision Hybrid SAN
Products
23 March 2022: Reported the finding to Hikvision Security Response Center
(HSRC) team
24 March 2022: Hikvision Security Response Center (HSRC) team requested
further details of reproduction steps and remediation
25 March 2022: Further details of reproduction and remediation steps sent
to the Hikvision Security Response Center (HSRC) team
26 March 2022: Hikvision Security Response Center (HSRC) team agreed to
issue only two CVEs due to multiple vulnerabilities in a single parameter
22 June 2022: Hikvision Release the Initial fixed Version for the affected
products in June 2022.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
| VAR-202206-2014 | CVE-2022-33128 | ruijienetworks of rg-eg350 in the firmware SQL Injection vulnerability |
CVSS V2: 6.4 CVSS V3: 9.1 Severity: CRITICAL |
RG-EG series gateway EG350 EG_RGOS 11.1(6) was discovered to contain a SQL injection vulnerability via the function get_alarmAction at /alarm_pi/alarmService.php. ruijienetworks of rg-eg350 The firmware has SQL There is an injection vulnerability.Information may be obtained and information may be tampered with. Ruijie RG-EG series gateway EG350 is a Ruijie gateway product
| VAR-202206-1903 | CVE-2022-29931 | raytion of custom security manager Cross-site scripting vulnerability in |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
The administration interface of the Raytion Custom Security Manager (Raytion CSM) in Version 7.2.0 allows reflected Cross-site Scripting (XSS). Raytion is a search connector from German company Raytion.
Raytion version 7.2.0 has a cross-site scripting vulnerability. The vulnerability stems from the program's lack of data validation and filtering of user-supplied data and output. Attackers can exploit this vulnerability to execute JavaScript code on the client
| VAR-202206-2160 | CVE-2022-24893 | Espressif Systems of ESP-IDF Out-of-bounds write vulnerability in |
CVSS V2: 8.3 CVSS V3: 8.8 Severity: HIGH |
ESP-IDF is the official development framework for Espressif SoCs. In Espressif’s Bluetooth Mesh SDK (`ESP-BLE-MESH`), a memory corruption vulnerability can be triggered during provisioning, because there is no check for the `SegN` field of the Transaction Start PDU. This can result in memory corruption related attacks and potentially attacker gaining control of the entire system. Patch commits are available on the 4.1, 4.2, 4.3 and 4.4 branches and users are recommended to upgrade. The upgrade is applicable for all applications and users of `ESP-BLE-MESH` component from `ESP-IDF`. As it is implemented in the Bluetooth Mesh stack, there is no workaround for the user to fix the application layer without upgrading the underlying firmware. Espressif Systems of ESP-IDF Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202206-2040 | CVE-2022-31803 | CODESYS GmbH of CODESYS Gateway Resource exhaustion vulnerability in |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
In CODESYS Gateway Server V2 an insufficient check for the activity of TCP client connections allows an unauthenticated attacker to consume all available TCP connections and prevent legitimate users or clients from establishing a new connection to the CODESYS Gateway Server V2. Existing connections are not affected and therefore remain intact. CODESYS GmbH of CODESYS Gateway Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state
| VAR-202206-1856 | CVE-2021-20551 | IBM Jazz Team Server Vulnerability in leaking resources to the wrong area in |
CVSS V2: 2.1 CVSS V3: 3.3 Severity: LOW |
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 199149. Vendor exploits this vulnerability IBM X-Force ID: 199149 It is published as.Information may be obtained
| VAR-202206-2017 | CVE-2021-41636 | melag of ftp server Past traversal vulnerability in |
CVSS V2: 6.8 CVSS V3: 6.5 Severity: MEDIUM |
MELAG FTP Server 2.2.0.4 allows an attacker to use the CWD command to break out of the FTP servers root directory and operate on the entire operating system, while the access restrictions of the user running the FTP server apply. melag of ftp server Exists in a past traversal vulnerability.Information may be obtained
| VAR-202206-1952 | CVE-2021-41639 | melag of ftp server Vulnerability in plaintext storage of important information in |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
MELAG FTP Server 2.2.0.4 stores unencrpyted passwords of FTP users in a local configuration file. melag of ftp server There is a vulnerability in plaintext storage of important information.Information may be obtained
| VAR-202206-1951 | CVE-2021-41635 | melag of ftp server Vulnerability regarding improper default permissions in |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: HIGH |
When installed as Windows service MELAG FTP Server 2.2.0.4 is run as SYSTEM user, which grants remote attackers to abuse misconfigurations or vulnerabilities with administrative access over the entire host system. melag of ftp server There is a vulnerability in improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202206-1828 | CVE-2021-41634 | melag of ftp server Vulnerability regarding observable inconsistencies in |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
A user enumeration vulnerability in MELAG FTP Server 2.2.0.4 allows an attacker to identify valid FTP usernames. melag of ftp server Exists in observable mismatch vulnerabilities.Information may be obtained. MELAG FTP Server is an FTP server of MELAG, Germany. The vulnerability arises from the fact that the program presents different responses to users and non-users
| VAR-202206-1859 | CVE-2021-41637 | melag of ftp server Vulnerability regarding improper default permissions in |
CVSS V2: 3.6 CVSS V3: 7.1 Severity: HIGH |
Weak access control permissions in MELAG FTP Server 2.2.0.4 allow the "Everyone" group to read the local FTP configuration file, which includes among other information the unencrypted passwords of all FTP users. melag of ftp server There is a vulnerability in improper default permissions.Information may be obtained and information may be tampered with. MELAG FTP Server is an FTP server of MELAG, Germany. The vulnerability stems from improper permission management of files. information
| VAR-202206-1905 | CVE-2021-20543 | IBM Jazz Team Server Cross-site scripting vulnerability in |
CVSS V2: 3.5 CVSS V3: 5.4 Severity: MEDIUM |
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 198929. Vendor exploits this vulnerability IBM X-Force ID: 198929 It is published as.Information may be obtained and information may be tampered with