VARIoT IoT vulnerabilities database

Race condition in a subsystem in the Intel(R) LMS versions before 2039.1.0.0 may allow a privileged user to potentially enable escalation of privilege via local access. Intel(R) LMS Is vulnerable to a race condition.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Out of bound read in a subsystem in the Intel(R) CSME versions before 12.0.81, 13.0.47, 13.30.17, 14.1.53 and 14.5.32 may allow a privileged user to potentially enable information disclosure via local access. Intel(R) CSME Is vulnerable to an out-of-bounds read.Information may be obtained. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Improper initialization in a subsystem in the Intel(R) CSME versions before 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 13.30.17, 14.1.53, 14.5.32, 13.50.11 and 15.0.22 may allow a privileged user to potentially enable information disclosure via local access. Intel(R) CSME Contains an initialization vulnerability.Information may be obtained. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. plural Intel(R) Processor There is an initialization vulnerability in the firmware.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

An improper input validation vulnerability in the sniffer interface of FortiSandbox before 3.2.2 may allow an authenticated attacker to silently halt the sniffer via specifically crafted requests. FortiSandbox There is an input validation vulnerability in.Information is tampered with and service operation is interrupted (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software and Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges on an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input in the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands with elevated privileges on the underlying operating system. An attacker would need valid user credentials to exploit this vulnerability. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. A use-after-free security issue has been found in the MQTT sending component of curl prior to 7.79.0. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-03-14-4 macOS Monterey 12.3 macOS Monterey 12.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213183. Accelerate Framework Available for: macOS Monterey Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2022-22633: an anonymous researcher AMD Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22669: an anonymous researcher AppKit Available for: macOS Monterey Impact: A malicious application may be able to gain root privileges Description: A logic issue was addressed with improved validation. CVE-2022-22665: Lockheed Martin Red Team AppleGraphicsControl Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22631: an anonymous researcher AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro AppleScript Available for: macOS Monterey Impact: An application may be able to read restricted memory Description: This issue was addressed with improved checks. CVE-2022-22648: an anonymous researcher AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-22626: Mickey Jin (@patch1t) of Trend Micro CVE-2022-22627: Qi Sun and Robert Ai of Trend Micro AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2022-22597: Qi Sun and Robert Ai of Trend Micro BOM Available for: macOS Monterey Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley (@jbradley89) of Jamf Software, Mickey Jin (@patch1t) curl Available for: macOS Monterey Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.79.1. CVE-2021-22946 CVE-2021-22947 CVE-2021-22945 CVE-2022-22623 FaceTime Available for: macOS Monterey Impact: A user may send audio and video in a FaceTime call without knowing that they have done so Description: This issue was addressed with improved checks. CVE-2022-22643: Sonali Luthar of the University of Virginia, Michael Liao of the University of Illinois at Urbana-Champaign, Rohan Pahwa of Rutgers University, and Bao Nguyen of the University of Florida ImageIO Available for: macOS Monterey Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-22611: Xingyu Jin of Google ImageIO Available for: macOS Monterey Impact: Processing a maliciously crafted image may lead to heap corruption Description: A memory consumption issue was addressed with improved memory handling. CVE-2022-22612: Xingyu Jin of Google Intel Graphics Driver Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2022-22661: an anonymous researcher, Peterpan0927 of Alibaba Security Pandora Lab IOGPUFamily Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22641: Mohamed Ghannam (@_simo36) Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22613: Alex, an anonymous researcher Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22614: an anonymous researcher CVE-2022-22615: an anonymous researcher Kernel Available for: macOS Monterey Impact: A malicious application may be able to elevate privileges Description: A logic issue was addressed with improved state management. CVE-2022-22632: Keegan Saunders Kernel Available for: macOS Monterey Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A null pointer dereference was addressed with improved validation. CVE-2022-22638: derrek (@derrekr6) Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-22640: sqrtpwn libarchive Available for: macOS Monterey Impact: Multiple issues in libarchive Description: Multiple memory corruption issues existed in libarchive. These issues were addressed with improved input validation. CVE-2021-36976 Login Window Available for: macOS Monterey Impact: A person with access to a Mac may be able to bypass Login Window Description: This issue was addressed with improved checks. CVE-2022-22647: an anonymous researcher LoginWindow Available for: macOS Monterey Impact: A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen Description: An authentication issue was addressed with improved state management. CVE-2022-22656 GarageBand MIDI Available for: macOS Monterey Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory initialization issue was addressed with improved memory handling. CVE-2022-22657: Brandon Perry of Atredis Partners GarageBand MIDI Available for: macOS Monterey Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-22664: Brandon Perry of Atredis Partners NSSpellChecker Available for: macOS Monterey Impact: A malicious application may be able to access information about a user's contacts Description: A privacy issue existed in the handling of Contact cards. This was addressed with improved state management. CVE-2022-22644: an anonymous researcher PackageKit Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-22617: Mickey Jin (@patch1t) Preferences Available for: macOS Monterey Impact: A malicious application may be able to read other applications' settings Description: The issue was addressed with additional permissions checks. CVE-2022-22609: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) QuickTime Player Available for: macOS Monterey Impact: A plug-in may be able to inherit the application's permissions and access user data Description: This issue was addressed with improved checks. CVE-2022-22650: Wojciech Reguła (@_r3ggi) of SecuRing Safari Downloads Available for: macOS Monterey Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley (@jbradley89) of Jamf Software, Mickey Jin (@patch1t) Sandbox Available for: macOS Monterey Impact: A malicious application may be able to bypass certain Privacy preferences Description: The issue was addressed with improved permissions logic. CVE-2022-22600: Sudhakar Muthumani of Primefort Private Limited, Khiem Tran Siri Available for: macOS Monterey Impact: A person with physical access to a device may be able to use Siri to obtain some location information from the lock screen Description: A permissions issue was addressed with improved validation. CVE-2022-22599: Andrew Goldberg of the University of Texas at Austin, McCombs School of Business (linkedin.com/andrew-goldberg/) SMB Available for: macOS Monterey Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22651: Felix Poulin-Belanger SoftwareUpdate Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-22639: Mickey Jin (@patch1t) System Preferences Available for: macOS Monterey Impact: An app may be able to spoof system notifications and UI Description: This issue was addressed with a new entitlement. CVE-2022-22660: Guilherme Rambo of Best Buddy Apps (rambo.codes) UIKit Available for: macOS Monterey Impact: A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions Description: This issue was addressed with improved checks. CVE-2022-22621: Joey Hewitt Vim Available for: macOS Monterey Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2021-4136 CVE-2021-4166 CVE-2021-4173 CVE-2021-4187 CVE-2021-4192 CVE-2021-4193 CVE-2021-46059 CVE-2022-0128 CVE-2022-0156 CVE-2022-0158 VoiceOver Available for: macOS Monterey Impact: A user may be able to view restricted content from the lock screen Description: A lock screen issue was addressed with improved state management. CVE-2021-30918: an anonymous researcher WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A cookie management issue was addressed with improved state management. WebKit Bugzilla: 232748 CVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 232812 CVE-2022-22610: Quan Yin of Bigo Technology Live Client Team WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 233172 CVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab WebKit Bugzilla: 234147 CVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. WebKit Bugzilla: 234966 CVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro Zero Day Initiative WebKit Available for: macOS Monterey Impact: A malicious website may cause unexpected cross-origin behavior Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 235294 CVE-2022-22637: Tom McKee of Google Wi-Fi Available for: macOS Monterey Impact: A malicious application may be able to leak sensitive user information Description: A logic issue was addressed with improved restrictions. CVE-2022-22668: MrPhil17 xar Available for: macOS Monterey Impact: A local user may be able to write arbitrary files Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. CVE-2022-22582: Richard Warren of NCC Group Additional recognition AirDrop We would like to acknowledge Omar Espino (omespino.com), Ron Masas of BreakPoint.sh for their assistance. Bluetooth We would like to acknowledge an anonymous researcher, chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab for their assistance. Face Gallery We would like to acknowledge Tian Zhang (@KhaosT) for their assistance. Intel Graphics Driver We would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi Wu (@3ndy1) for their assistance. Local Authentication We would like to acknowledge an anonymous researcher for their assistance. Notes We would like to acknowledge Nathaniel Ekoniak of Ennate Technologies for their assistance. Password Manager We would like to acknowledge Maximilian Golla (@m33x) of Max Planck Institute for Security and Privacy (MPI-SP) for their assistance. Siri We would like to acknowledge an anonymous researcher for their assistance. syslog We would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for their assistance. TCC We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance. UIKit We would like to acknowledge Tim Shadel of Day Logger, Inc. for their assistance. WebKit We would like to acknowledge Abdullah Md Shaleh for their assistance. WebKit Storage We would like to acknowledge Martin Bajanik of FingerprintJS for their assistance. macOS Monterey 12.3 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0O4ACgkQeC9qKD1p rhjGGRAAjqIyEzN+LAk+2uzHIMQNEwav9fqo/ZNoYAOzNgActK56PIC/PBM3SzHd LrGFKbBq/EMU4EqXT6ycB7/uZfaAZVCBDNo1qOoYNHXnKtGL2Z/96mV14qbSmRvC jfg1pC0G1jPTxJKvHhuQSZHDGj+BI458fwuTY48kjCnzlWf9dKr2kdjUjE38X9RM 0upKVKqY+oWdbn5jPwgZ408NOqzHrHDW1iIYd4v9UrKN3pfMGDzVZTr/offL6VFL osOVWv1IZvXrhPsrtd2KfG0hTHz71vShVZ7jGAsGEdC/mT79zwFbYuzBFy791xFa rizr/ZWGfWBSYy8O90d1l13lDlE739YPc/dt1mjcvP9FTnzMwBagy+6//zAVe0v/ KZOjmvtK5sRvrQH54E8qTYitdMpY2aZhfT6D8tcl+98TjxTDNXXj/gypdCXNWqyB L1PtFhTjQ0WnzUNB7sosM0zAjfZ1iPAZq0XHDQ6p6gEdVavNOHo/ekgibVm5f1pi kwBHkKyq55QbzipDWwXl6Owk/iaHPxgENYb78BpeUQSFei+IYDUsyLkPh3L95PHZ JSyKOtbBArlYOWcxlYHn+hDK8iotA1c/SHDefYOoNkp1uP853Ge09eWq+zMzUwEo GXXJYMi1Q8gmJ9wK/A3d/FKY4FBZxpByUUgjYhiMKTU5cSeihaI= =RiA+ -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202212-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: curl: Multiple Vulnerabilities Date: December 19, 2022 Bugs: #803308, #813270, #841302, #843824, #854708, #867679, #878365 ID: 202212-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution. Background ========= A command line tool and library for transferring data with URLs. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/curl < 7.86.0 >= 7.86.0 Description ========== Multiple vulnerabilities have been discovered in curl. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All curl users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.86.0" References ========= [ 1 ] CVE-2021-22922 https://nvd.nist.gov/vuln/detail/CVE-2021-22922 [ 2 ] CVE-2021-22923 https://nvd.nist.gov/vuln/detail/CVE-2021-22923 [ 3 ] CVE-2021-22925 https://nvd.nist.gov/vuln/detail/CVE-2021-22925 [ 4 ] CVE-2021-22926 https://nvd.nist.gov/vuln/detail/CVE-2021-22926 [ 5 ] CVE-2021-22945 https://nvd.nist.gov/vuln/detail/CVE-2021-22945 [ 6 ] CVE-2021-22946 https://nvd.nist.gov/vuln/detail/CVE-2021-22946 [ 7 ] CVE-2021-22947 https://nvd.nist.gov/vuln/detail/CVE-2021-22947 [ 8 ] CVE-2022-22576 https://nvd.nist.gov/vuln/detail/CVE-2022-22576 [ 9 ] CVE-2022-27774 https://nvd.nist.gov/vuln/detail/CVE-2022-27774 [ 10 ] CVE-2022-27775 https://nvd.nist.gov/vuln/detail/CVE-2022-27775 [ 11 ] CVE-2022-27776 https://nvd.nist.gov/vuln/detail/CVE-2022-27776 [ 12 ] CVE-2022-27779 https://nvd.nist.gov/vuln/detail/CVE-2022-27779 [ 13 ] CVE-2022-27780 https://nvd.nist.gov/vuln/detail/CVE-2022-27780 [ 14 ] CVE-2022-27781 https://nvd.nist.gov/vuln/detail/CVE-2022-27781 [ 15 ] CVE-2022-27782 https://nvd.nist.gov/vuln/detail/CVE-2022-27782 [ 16 ] CVE-2022-30115 https://nvd.nist.gov/vuln/detail/CVE-2022-30115 [ 17 ] CVE-2022-32205 https://nvd.nist.gov/vuln/detail/CVE-2022-32205 [ 18 ] CVE-2022-32206 https://nvd.nist.gov/vuln/detail/CVE-2022-32206 [ 19 ] CVE-2022-32207 https://nvd.nist.gov/vuln/detail/CVE-2022-32207 [ 20 ] CVE-2022-32208 https://nvd.nist.gov/vuln/detail/CVE-2022-32208 [ 21 ] CVE-2022-32221 https://nvd.nist.gov/vuln/detail/CVE-2022-32221 [ 22 ] CVE-2022-35252 https://nvd.nist.gov/vuln/detail/CVE-2022-35252 [ 23 ] CVE-2022-35260 https://nvd.nist.gov/vuln/detail/CVE-2022-35260 [ 24 ] CVE-2022-42915 https://nvd.nist.gov/vuln/detail/CVE-2022-42915 [ 25 ] CVE-2022-42916 https://nvd.nist.gov/vuln/detail/CVE-2022-42916 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202212-01 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . These flaws may allow remote attackers to obtain sensitive information, leak authentication or cookie header data or facilitate a denial of service attack. For the stable distribution (bullseye), these problems have been fixed in version 7.74.0-1.3+deb11u2. We recommend that you upgrade your curl packages. ========================================================================== Ubuntu Security Notice USN-5079-3 September 21, 2021 curl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS Summary: USN-5079-1 introduced a regression in curl. Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries Details: USN-5079-1 fixed vulnerabilities in curl. One of the fixes introduced a regression on Ubuntu 18.04 LTS. This update fixes the problem. We apologize for the inconvenience. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-22945) Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS. When receiving certain responses from servers, curl would continue without TLS even when the option to require a successful upgrade to TLS was specified. (CVE-2021-22946) Patrick Monnerat discovered that curl incorrectly handled responses received before STARTTLS. A remote attacker could possibly use this issue to inject responses and intercept communications. (CVE-2021-22947) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.16 libcurl3-gnutls 7.58.0-2ubuntu3.16 libcurl3-nss 7.58.0-2ubuntu3.16 libcurl4 7.58.0-2ubuntu3.16 In general, a standard system update will make all the necessary changes

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: "Changes in Native Network Encryption with the July 2021 Critical Patch Update" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. The database management system provides functions such as data management and distributed processing

When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apache Ant prior to 1.9.16 and 1.10.11 were affected. Apache Ant Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Apache Ant is a set of automation tools for Java software development developed by the Apache Foundation of the United States. This tool is mainly used for software compilation, testing and deployment. A resource management error vulnerability exists in Apache Ant due to the application's failure to properly control the consumption of internal resources when processing ZIP archives. An attacker could exploit this vulnerability to trigger resource exhaustion and perform a denial of service (DoS) attack

When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected. Apache Ant Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Apache Ant is a set of automation tools for Java software development developed by the Apache Foundation of the United States. This tool is mainly used for software compilation, testing and deployment. A resource management error vulnerability exists in Apache Ant due to the application's failure to properly control the consumption of internal resources when processing TAR archives. An attacker could exploit this vulnerability to trigger resource exhaustion and perform a denial of service (DoS) attack. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Process Automation Manager 7.13.0 security update Advisory ID: RHSA-2022:5903-01 Product: Red Hat Process Automation Manager Advisory URL: https://access.redhat.com/errata/RHSA-2022:5903 Issue date: 2022-08-04 CVE Names: CVE-2021-2471 CVE-2021-3642 CVE-2021-3644 CVE-2021-3717 CVE-2021-22569 CVE-2021-36373 CVE-2021-37136 CVE-2021-37137 CVE-2021-37714 CVE-2021-43797 CVE-2022-22950 CVE-2022-25647 ==================================================================== 1. Summary: An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This asynchronous security patch is an update to Red Hat Process Automation Manager 7. Security Fix(es): * com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson (CVE-2022-25647) * jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck (CVE-2021-37714) * netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136) * netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137) * protobuf-java: potential DoS in the parsing procedure for binary data (CVE-2021-22569) * spring-expression: Denial of service via specially crafted SpEL expression (CVE-2022-22950) * wildfly-elytron: possible timing attack in ScramServer (CVE-2021-3642) * wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users (CVE-2021-3717) * ant: excessive memory allocation when reading a specially crafted TAR archive (CVE-2021-36373) * mysql-connector-java: unauthorized access to critical (CVE-2021-2471) * netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797) * wildfly-core: Invalid Sensitivity Classification of Vault Expression (CVE-2021-3644) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 1976052 - CVE-2021-3644 wildfly-core: Invalid Sensitivity Classification of Vault Expression 1981407 - CVE-2021-3642 wildfly-elytron: possible timing attack in ScramServer 1982336 - CVE-2021-36373 ant: excessive memory allocation when reading a specially crafted TAR archive 1991305 - CVE-2021-3717 wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users 1995259 - CVE-2021-37714 jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck 2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2020583 - CVE-2021-2471 mysql-connector-java: unauthorized access to critical 2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling 2039903 - CVE-2021-22569 protobuf-java: potential DoS in the parsing procedure for binary data 2069414 - CVE-2022-22950 spring-expression: Denial of service via specially crafted SpEL expression 2080850 - CVE-2022-25647 com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson 5. References: https://access.redhat.com/security/cve/CVE-2021-2471 https://access.redhat.com/security/cve/CVE-2021-3642 https://access.redhat.com/security/cve/CVE-2021-3644 https://access.redhat.com/security/cve/CVE-2021-3717 https://access.redhat.com/security/cve/CVE-2021-22569 https://access.redhat.com/security/cve/CVE-2021-36373 https://access.redhat.com/security/cve/CVE-2021-37136 https://access.redhat.com/security/cve/CVE-2021-37137 https://access.redhat.com/security/cve/CVE-2021-37714 https://access.redhat.com/security/cve/CVE-2021-43797 https://access.redhat.com/security/cve/CVE-2022-22950 https://access.redhat.com/security/cve/CVE-2022-25647 https://access.redhat.com/security/updates/classification/#moderate 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYuthq9zjgjWX9erEAQgQEg/+JzQ2kFiUqqXTe4CScQ9mAeLZBXJhzO3R YXfJSCjuaa+Rs2xlatT73cIzSAyw/q2hNZjjcsdMdLtQaVPCeqg6dWHs9XORxHYi zmN5XjoUUgcXz8o4EovTNdvPZt5T16fnQ992+8VtGt9rXK+iWs/txzBLESTArCdD TZ8JWF09caN37s3OctjOAn3fYFHN9AjeiWlVP99VfCAHpooMX8eaCPcVEgMuMt1G u8KzNqkPjr/Mwfm5okRsQo6BkjgKoxRSqugW9YkurcvwK/4R4hCdRToC6Q2LvbzS lMdjGFYMmlrBPWtJ7JM/S/oAGwBO00tYbuhxpPtcJrDKWsDWSN0DZWhqWtjHspMt MAZZC7SCbnDzTlr52ReYuP8NqEwKNe0EO0MAu8W5EYfBDiZeP2f1lEH59OVOujLQ L2ghX/hZhM6npU1yHV+9SVKV33LkAyiyunBUPQnKJq0NfsIrLgRLBC00GIabYPSu 9wXhVJJMAaJr+HTvWut6QhJmF68zlio3Uvxh70c9gpejyYvwSUmA5UlHAJRkUTaI 5pzXH/1cDxTlJF1iMotIXyw7FQBi9nF/XOGFpNVc+O3Gt32IK4smbbgjMAJ9L0wI lbxnxfBsDeI3uG+AdPMkB8M8NOHp0ZbvDQF8YMzlQ/efLOsnuFOUBhdCa3Uj3abN PEkCgEOAjYs=WAVg -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce

When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package. Compress Contains an unspecified vulnerability.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: RHV Manager (ovirt-engine) [ovirt-4.5.1] security, bug fix and update Advisory ID: RHSA-2022:5555-01 Product: Red Hat Virtualization Advisory URL: https://access.redhat.com/errata/RHSA-2022:5555 Issue date: 2022-07-14 CVE Names: CVE-2021-3807 CVE-2021-33623 CVE-2021-35515 CVE-2021-35516 CVE-2021-35517 CVE-2021-36090 CVE-2022-22950 CVE-2022-31051 ==================================================================== 1. Summary: Updated ovirt-engine packages that fix several bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4 - noarch 3. Description: The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning. A list of bugs fixed in this update is available in the Technical Notes book: https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/2974891 5. Bugs fixed (https://bugzilla.redhat.com/): 1663217 - [RFE] Add RHV VM name to the matching between Satellite's content host to RHV (currently only VM FQDN is used) 1782077 - [RFE] More Flexible RHV CPU Allocation Policy with HyperThreading 1849045 - Differences between apidoc and REST API documentation about exporting VMs and templates to OVA 1852308 - Snapshot fails to create with 'Invalid parameter: 'capacity73741824'' Exception 1958032 - Live Storage Migration fails because replication filled the destination volume before extension. 1966615 - CVE-2021-33623 nodejs-trim-newlines: ReDoS in .end() method 1976607 - Deprecate QXL 1981895 - CVE-2021-35515 apache-commons-compress: infinite loop when reading a specially crafted 7Z archive 1981900 - CVE-2021-35516 apache-commons-compress: excessive memory allocation when reading a specially crafted 7Z archive 1981903 - CVE-2021-35517 apache-commons-compress: excessive memory allocation when reading a specially crafted TAR archive 1981909 - CVE-2021-36090 apache-commons-compress: excessive memory allocation when reading a specially crafted ZIP archive 1994144 - [RHV 4.4.6] Mail recipient is not updated while configuring Event Notifications 2001574 - Memory usage on Windows client browser while using move or copy disk operations on Admin web 2001923 - NPE during RemoveSnapshotSingleDisk command 2006625 - Engine generates VDS_HIGH_MEM_USE events for empty hosts that have most memory reserved by huge pages 2007557 - CVE-2021-3807 nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes 2030293 - VM in locked state forever if manager is rebooted while exporting VM as OVA 2068270 - RHV-M Admin Portal gives '500 - Internal Server Error" with command_entities in EXECUTION_FAILED status 2069414 - CVE-2022-22950 spring-expression: Denial of service via specially crafted SpEL expression 2070045 - UploadStreamVDSCommand fails with java.net.SocketTimeoutException after 20 seconds 2072626 - RHV-M generates SNMPv3 trap with msgAuthoritativeEngineBoots: 0 despite multiple engine restarts 2081241 - VFIO_MAP_DMA failed: Cannot allocate memory -12 (VM with GPU passthrough, Q35 machine and 16 vcpus) 2081559 - [RFE] discrepancy tool should detect preallocated cow images that were reduced 2089856 - [TestOnly] Bug 2015796 - [RFE] RHV Manager should support running on a host with DISA STIG security profile applied 2092885 - Please say "SP1" on the landing page 2093795 - Upgrade ovirt-log-collector to 4.4.6 2097414 - CVE-2022-31051 semantic-release: Masked secrets can be disclosed if they contain characters that are excluded from uri encoding 2099650 - Upgrade to latest version failed due to failed database schema refresh 2105296 - cannot live migrate vm from rhv-h 4.4.10 to 4.50 (4.4.11) 6. Package List: RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4: Source: apache-commons-compress-1.21-1.2.el8ev.src.rpm ovirt-dependencies-4.5.2-1.el8ev.src.rpm ovirt-engine-4.5.1.2-0.11.el8ev.src.rpm ovirt-engine-dwh-4.5.3-1.el8ev.src.rpm ovirt-engine-ui-extensions-1.3.4-1.el8ev.src.rpm ovirt-log-collector-4.4.6-1.el8ev.src.rpm ovirt-web-ui-1.9.0-1.el8ev.src.rpm postgresql-jdbc-42.2.14-1.el8ev.src.rpm rhv-log-collector-analyzer-1.0.14-1.el8ev.src.rpm rhvm-branding-rhv-4.5.0-1.el8ev.src.rpm noarch: apache-commons-compress-1.21-1.2.el8ev.noarch.rpm apache-commons-compress-javadoc-1.21-1.2.el8ev.noarch.rpm ovirt-dependencies-4.5.2-1.el8ev.noarch.rpm ovirt-engine-4.5.1.2-0.11.el8ev.noarch.rpm ovirt-engine-backend-4.5.1.2-0.11.el8ev.noarch.rpm ovirt-engine-dbscripts-4.5.1.2-0.11.el8ev.noarch.rpm ovirt-engine-dwh-4.5.3-1.el8ev.noarch.rpm ovirt-engine-dwh-grafana-integration-setup-4.5.3-1.el8ev.noarch.rpm ovirt-engine-dwh-setup-4.5.3-1.el8ev.noarch.rpm ovirt-engine-health-check-bundler-4.5.1.2-0.11.el8ev.noarch.rpm ovirt-engine-restapi-4.5.1.2-0.11.el8ev.noarch.rpm ovirt-engine-setup-4.5.1.2-0.11.el8ev.noarch.rpm ovirt-engine-setup-base-4.5.1.2-0.11.el8ev.noarch.rpm ovirt-engine-setup-plugin-cinderlib-4.5.1.2-0.11.el8ev.noarch.rpm ovirt-engine-setup-plugin-imageio-4.5.1.2-0.11.el8ev.noarch.rpm ovirt-engine-setup-plugin-ovirt-engine-4.5.1.2-0.11.el8ev.noarch.rpm ovirt-engine-setup-plugin-ovirt-engine-common-4.5.1.2-0.11.el8ev.noarch.rpm ovirt-engine-setup-plugin-vmconsole-proxy-helper-4.5.1.2-0.11.el8ev.noarch.rpm ovirt-engine-setup-plugin-websocket-proxy-4.5.1.2-0.11.el8ev.noarch.rpm ovirt-engine-tools-4.5.1.2-0.11.el8ev.noarch.rpm ovirt-engine-tools-backup-4.5.1.2-0.11.el8ev.noarch.rpm ovirt-engine-ui-extensions-1.3.4-1.el8ev.noarch.rpm ovirt-engine-vmconsole-proxy-helper-4.5.1.2-0.11.el8ev.noarch.rpm ovirt-engine-webadmin-portal-4.5.1.2-0.11.el8ev.noarch.rpm ovirt-engine-websocket-proxy-4.5.1.2-0.11.el8ev.noarch.rpm ovirt-log-collector-4.4.6-1.el8ev.noarch.rpm ovirt-web-ui-1.9.0-1.el8ev.noarch.rpm postgresql-jdbc-42.2.14-1.el8ev.noarch.rpm postgresql-jdbc-javadoc-42.2.14-1.el8ev.noarch.rpm python3-ovirt-engine-lib-4.5.1.2-0.11.el8ev.noarch.rpm rhv-log-collector-analyzer-1.0.14-1.el8ev.noarch.rpm rhvm-4.5.1.2-0.11.el8ev.noarch.rpm rhvm-branding-rhv-4.5.0-1.el8ev.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3807 https://access.redhat.com/security/cve/CVE-2021-33623 https://access.redhat.com/security/cve/CVE-2021-35515 https://access.redhat.com/security/cve/CVE-2021-35516 https://access.redhat.com/security/cve/CVE-2021-35517 https://access.redhat.com/security/cve/CVE-2021-36090 https://access.redhat.com/security/cve/CVE-2022-22950 https://access.redhat.com/security/cve/CVE-2022-31051 https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYuFkB9zjgjWX9erEAQhJEQ//eXBYq/X5gI7umxdyGiiBdWtu+p7OuQ65 fGKy0dmJSIB5IzbmSxekBwRn23cSbFtRQxm25RbE+AwxD7a57pPJXJy3Wjvz+MKl wGJADj6Ia+4APGc4D63vkFZb7e9beUX4ehIswzADD+eYdT6hSoxzeFCSoNVS52ih gjqZvAb5HoDHiqO5EZPyhnb29xwMVO4obMQlpVe4BcPBjIS4CkW9Uh7x4YB9/778 hGYqgzquGa1TEqChw8Hhy8TSmA3g5b66ywsxNrllHDgTN/hG8iEcWw3V+e23Ubbi zb8rpu1Lm/36RYMyYwUiLg/F8ePbNnIdb1bllFDAUq9M7lH5hs77KDPj00Ff7+xh nwOgG5ktIMP/7KNsKUxPf/W94Yi6R9pZH3J2PXV2YjpDd8L6LNXGK5q5A3yjGksr tXZmQ2+jckXeel1vDvJ3qlkfHHNS1gvcQvNWci5EBOoeqEKQUTJZJQoucTbrhp2M 8502HAzHGRinjVnLizT/6JnEuGvHVwy8O8yx/D2UEEz7FsCDxPG0bBb+8Iy+6ZZb /EcTamIUpmyxEZ9AdQxW++GoaGWckYaMEVjcIbWvExP1kAlWY2E5uuaizlrLh116 fonyYo2esLh8mFN8OmcZhPDwJGuzlFL+mhOn6OQi8/ZmfkHPItSWVv772vKA1zlT yetpCCo5iV4=Muhw -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Summary: A minor version update (from 7.10 to 7.11) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Description: This release of Red Hat Fuse 7.11.0 serves as a replacement for Red Hat Fuse 7.10 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References. Security Fix(es): * fastjson (CVE-2022-25845) * jackson-databind (CVE-2020-36518) * mysql-connector-java (CVE-2021-2471, CVE-2022-21363) * undertow (CVE-2022-1259, CVE-2021-3629, CVE-2022-1319) * wildfly-elytron (CVE-2021-3642) * nodejs-ansi-regex (CVE-2021-3807, CVE-2021-3807) * 3 qt (CVE-2021-3859) * kubernetes-client (CVE-2021-4178) * spring-security (CVE-2021-22119) * protobuf-java (CVE-2021-22569) * google-oauth-client (CVE-2021-22573) * XStream (CVE-2021-29505, CVE-2021-43859) * jdom (CVE-2021-33813, CVE-2021-33813) * apache-commons-compress (CVE-2021-35515, CVE-2021-35516, CVE-2021-35517, CVE-2021-36090) * Kafka (CVE-2021-38153) * xml-security (CVE-2021-40690) * logback (CVE-2021-42550) * netty (CVE-2021-43797) * xnio (CVE-2022-0084) * jdbc-postgresql (CVE-2022-21724) * spring-expression (CVE-2022-22950) * springframework (CVE-2021-22096, CVE-2021-22060, CVE-2021-22096, CVE-2022-22976, CVE-2022-22970, CVE-2022-22971, CVE-2022-22978) * h2 (CVE-2022-23221) * junrar (CVE-2022-23596) * artemis-commons (CVE-2022-23913) * elasticsearch (CVE-2020-7020) * tomcat (CVE-2021-24122, CVE-2021-25329, CVE-2020-9484, CVE-2021-25122, CVE-2021-33037, CVE-2021-30640, CVE-2021-41079, CVE-2021-42340, CVE-2022-23181) * junit4 (CVE-2020-15250) * wildfly-core (CVE-2020-25689, CVE-2021-3644) * kotlin (CVE-2020-29582) * karaf (CVE-2021-41766, CVE-2022-22932) * Spring Framework (CVE-2022-22968) * metadata-extractor (CVE-2022-24614) * poi-scratchpad (CVE-2022-26336) * postgresql-jdbc (CVE-2022-26520) * tika-core (CVE-2022-30126) For more details about the security issues, including the impact, CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.11.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/ 4. Bugs fixed (https://bugzilla.redhat.com/): 1838332 - CVE-2020-9484 tomcat: deserialization flaw in session persistence storage leading to RCE 1887810 - CVE-2020-15250 junit4: TemporaryFolder is shared between all users across system which could result in information disclosure 1893070 - CVE-2020-25689 wildfly-core: memory leak in WildFly host-controller in domain mode while not able to reconnect to domain-controller 1893125 - CVE-2020-7020 elasticsearch: not properly preserving security permissions when executing complex queries may lead to information disclosure 1917209 - CVE-2021-24122 tomcat: Information disclosure when using NTFS file system 1930291 - CVE-2020-29582 kotlin: vulnerable Java API was used for temporary file and folder creation which could result in information disclosure 1934032 - CVE-2021-25122 tomcat: Request mix-up with h2c 1934061 - CVE-2021-25329 tomcat: Incomplete fix for CVE-2020-9484 (RCE via session persistence) 1966735 - CVE-2021-29505 XStream: remote command execution attack by manipulating the processed input stream 1973413 - CVE-2021-33813 jdom: XXE allows attackers to cause a DoS via a crafted HTTP request 1976052 - CVE-2021-3644 wildfly-core: Invalid Sensitivity Classification of Vault Expression 1977064 - CVE-2021-22119 spring-security: Denial-of-Service (DoS) attack via initiation of Authorization Request 1977362 - CVE-2021-3629 undertow: potential security issue in flow control over HTTP/2 may lead to DOS 1981407 - CVE-2021-3642 wildfly-elytron: possible timing attack in ScramServer 1981533 - CVE-2021-33037 tomcat: HTTP request smuggling when used with a reverse proxy 1981544 - CVE-2021-30640 tomcat: JNDI realm authentication weakness 1981895 - CVE-2021-35515 apache-commons-compress: infinite loop when reading a specially crafted 7Z archive 1981900 - CVE-2021-35516 apache-commons-compress: excessive memory allocation when reading a specially crafted 7Z archive 1981903 - CVE-2021-35517 apache-commons-compress: excessive memory allocation when reading a specially crafted TAR archive 1981909 - CVE-2021-36090 apache-commons-compress: excessive memory allocation when reading a specially crafted ZIP archive 2004820 - CVE-2021-41079 tomcat: Infinite loop while reading an unexpected TLS packet when using OpenSSL JSSE engine 2007557 - CVE-2021-3807 nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes 2009041 - CVE-2021-38153 Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients 2010378 - CVE-2021-3859 undertow: client side invocation timeout raised when calling over HTTP2 2011190 - CVE-2021-40690 xml-security: XPath Transform abuse allows for information disclosure 2014356 - CVE-2021-42340 tomcat: OutOfMemoryError caused by HTTP upgrade connection leak could lead to DoS 2020583 - CVE-2021-2471 mysql-connector-java: unauthorized access to critical 2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling 2033560 - CVE-2021-42550 logback: remote code execution through JNDI call from within its configuration file 2034388 - CVE-2021-4178 kubernetes-client: Insecure deserialization in unmarshalYaml method 2034584 - CVE-2021-22096 springframework: malicious input leads to insertion of additional log entries 2039903 - CVE-2021-22569 protobuf-java: potential DoS in the parsing procedure for binary data 2044596 - CVE-2022-23221 h2: Loading of custom classes from remote servers through JNDI 2046279 - CVE-2022-22932 karaf: path traversal flaws 2046282 - CVE-2021-41766 karaf: insecure java deserialization 2047343 - CVE-2022-21363 mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors 2047417 - CVE-2022-23181 tomcat: local privilege escalation vulnerability 2049778 - CVE-2022-23596 junrar: A carefully crafted RAR archive can trigger an infinite loop while extracting 2049783 - CVE-2021-43859 xstream: Injecting highly recursive collections or maps can cause a DoS 2050863 - CVE-2022-21724 jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes 2055480 - CVE-2021-22060 springframework: Additional Log Injection in Spring Framework (follow-up to CVE-2021-22096) 2058763 - CVE-2022-24614 metadata-extractor: Out-of-memory when reading a specially crafted JPEG file 2063292 - CVE-2022-26336 poi-scratchpad: A carefully crafted TNEF file can cause an out of memory exception 2063601 - CVE-2022-23913 artemis-commons: Apache ActiveMQ Artemis DoS 2064007 - CVE-2022-26520 postgresql-jdbc: Arbitrary File Write Vulnerability 2064226 - CVE-2022-0084 xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr 2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects 2069414 - CVE-2022-22950 spring-expression: Denial of service via specially crafted SpEL expression 2072339 - CVE-2022-1259 undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629) 2073890 - CVE-2022-1319 undertow: Double AJP response for 400 from EAP 7 results in CPING failures 2075441 - CVE-2022-22968 Spring Framework: Data Binding Rules Vulnerability 2081879 - CVE-2021-22573 google-oauth-client: Token signature not verified 2087214 - CVE-2022-22976 springframework: BCrypt skips salt rounds for work factor of 31 2087272 - CVE-2022-22970 springframework: DoS via data binding to multipartFile or servlet part 2087274 - CVE-2022-22971 springframework: DoS with STOMP over WebSocket 2087606 - CVE-2022-22978 springframework: Authorization Bypass in RegexRequestMatcher 2088523 - CVE-2022-30126 tika-core: Regular Expression Denial of Service in standards extractor 2100654 - CVE-2022-25845 fastjson: autoType shutdown restriction bypass leads to deserialization 5

Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer (IXL) protocol perform various file operations in the file system. Since the parameter pointing to the file name is not checked for reserved characters, it is possible for a remote, unauthenticated attacker to traverse an application’s directory, which could lead to remote code execution. Rockwell Automation Provided by the company ISaGRAF5 Runtime contains multiple vulnerabilities: * relative path traversal (CWE-23) - CVE-2020-25176 It was * Plain text storage of authentication information (CWE-256) - CVE-2020-25184 It was * Sending important information in clear text (CWE-319) - CVE-2020-25178 It was * DLL File search paths are not properly controlled (CWE-427) - CVE-2020-25182 It was * Using hardcoded encryption keys (CWE-321) - CVE-2020-25180The expected impacts vary depending on the vulnerability, but some of the following may occur: * Arbitrary code is executed by a remote third party - CVE-2020-25176 It was * Passwords and information may be stolen by local users. - CVE-2020-25184 It was * Files can be uploaded, read, and deleted by a remote third party. - CVE-2020-25178 It was * ISaGRAF Runtime But Microsoft Windows If the vulnerability is running on a local machine, a local attacker may be able to execute arbitrary code. - CVE-2020-25182 It was * Information may be stolen by a remote third party. - CVE-2020-25180. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP. This communication protocol provides various file system operations, as well as the uploading of applications. Data is transferred over this protocol unencrypted, which could allow a remote unauthenticated attacker to upload, read, and delete files. Rockwell Automation Provided by the company ISaGRAF5 Runtime contains multiple vulnerabilities: * relative path traversal (CWE-23) - CVE-2020-25176 It was * Plain text storage of authentication information (CWE-256) - CVE-2020-25184 It was * Sending important information in clear text (CWE-319) - CVE-2020-25178 It was * DLL File search paths are not properly controlled (CWE-427) - CVE-2020-25182 It was * Using hardcoded encryption keys (CWE-321) - CVE-2020-25180The expected impacts vary depending on the vulnerability, but some of the following may occur: * Arbitrary code is executed by a remote third party - CVE-2020-25176 It was * Passwords and information may be stolen by local users. - CVE-2020-25178 It was * ISaGRAF Runtime But Microsoft Windows If the vulnerability is running on a local machine, a local attacker may be able to execute arbitrary code. - CVE-2020-25182 It was * Information may be stolen by a remote third party. - CVE-2020-25180. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Rockwell Automation ISaGRAF is an automation software technology developed by Rockwell Automation in the United States for creating integrated automation solutions. It is designed to be scalable and portable, suitable for developing small controllers and large distributed automation systems

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the functionality of setting a password that is required to execute privileged commands. The password value passed to ISaGRAF Runtime is the result of encryption performed with a fixed key value using the tiny encryption algorithm (TEA) on an entered or saved password. A remote, unauthenticated attacker could pass their own encrypted password to the ISaGRAF 5 Runtime, which may result in information disclosure on the device. Rockwell Automation Provided by the company ISaGRAF5 Runtime contains multiple vulnerabilities: * relative path traversal (CWE-23) - CVE-2020-25176 It was * Plain text storage of authentication information (CWE-256) - CVE-2020-25184 It was * Sending important information in clear text (CWE-319) - CVE-2020-25178 It was * DLL File search paths are not properly controlled (CWE-427) - CVE-2020-25182 It was * Using hardcoded encryption keys (CWE-321) - CVE-2020-25180The expected impacts vary depending on the vulnerability, but some of the following may occur: * Arbitrary code is executed by a remote third party - CVE-2020-25176 It was * Passwords and information may be stolen by local users. - CVE-2020-25184 It was * Files can be uploaded, read, and deleted by a remote third party. - CVE-2020-25178 It was * ISaGRAF Runtime But Microsoft Windows If the vulnerability is running on a local machine, a local attacker may be able to execute arbitrary code. - CVE-2020-25182 It was * Information may be stolen by a remote third party. - CVE-2020-25180. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Rockwell Automation ISaGRAF is an automation software technology developed by Rockwell Automation in the United States for creating integrated automation solutions. It is designed to be scalable and portable, suitable for developing small controllers and large distributed automation systems

Rockwell Automation FactoryTalk Services Platform v6.11 and earlier, if FactoryTalk Security is enabled and deployed contains a vulnerability that may allow a remote, authenticated attacker to bypass FactoryTalk Security policies based on the computer name. If successfully exploited, this may allow an attacker to have the same privileges as if they were logged on to the client machine. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Rockwell Automation FactoryTalk Services Platform is a service platform composed of multiple products of Rockwell Automation in the United States. It provides routine services for applications, such as diagnostic information, health monitoring and real-time data access

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft Windows systems. Rockwell Automation Provided by the company ISaGRAF5 Runtime contains multiple vulnerabilities: * relative path traversal (CWE-23) - CVE-2020-25176 It was * Plain text storage of authentication information (CWE-256) - CVE-2020-25184 It was * Sending important information in clear text (CWE-319) - CVE-2020-25178 It was * DLL File search paths are not properly controlled (CWE-427) - CVE-2020-25182 It was * Using hardcoded encryption keys (CWE-321) - CVE-2020-25180The expected impacts vary depending on the vulnerability, but some of the following may occur: * Arbitrary code is executed by a remote third party - CVE-2020-25176 It was * Passwords and information may be stolen by local users. - CVE-2020-25184 It was * Files can be uploaded, read, and deleted by a remote third party. - CVE-2020-25182 It was * Information may be stolen by a remote third party. - CVE-2020-25180. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

An issue was discovered in Wind River VxWorks before 6.5. There is a possible heap overflow in dhcp client. Wind River VxWorks Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Cesanta Software Mongoose-OS v2.17.0 is vulnerable to integer wrap-around in function mm_malloc. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. Cesanta of Mongoose OS Exists in an integer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Mongoose-OS is an application system. A platform for managing IoT projects. Cesanta Software Mongoose-OS v2.17.0 has an input validation error vulnerability. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5. Eclipse Jetty Contains an improper authentication vulnerability.Information may be obtained. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Eclipse Jetty is an open source, Java-based Web server and Java Servlet container from the Eclipse Foundation. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat AMQ Broker 7.9.0 release and security update Advisory ID: RHSA-2021:3700-01 Product: Red Hat JBoss AMQ Advisory URL: https://access.redhat.com/errata/RHSA-2021:3700 Issue date: 2021-09-30 Keywords: amq,messaging,integration,broker CVE Names: CVE-2020-13956 CVE-2020-27223 CVE-2021-3425 CVE-2021-3763 CVE-2021-20289 CVE-2021-21290 CVE-2021-21295 CVE-2021-21409 CVE-2021-28163 CVE-2021-28164 CVE-2021-28165 CVE-2021-28169 CVE-2021-29425 CVE-2021-34428 CVE-2021-34429 ===================================================================== 1. Summary: Red Hat AMQ Broker 7.9.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.9.0 serves as a replacement for Red Hat AMQ Broker 7.8.2, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Security Fix(es): * httpclient: apache-httpclient: incorrect handling of malformed authority component in request URIs (CVE-2020-13956) * jetty: request containing multiple Accept headers with a large number of "quality" parameters may lead to DoS (CVE-2020-27223) * resteasy-jaxrs: resteasy: Error message exposes endpoint class information (CVE-2021-20289) * netty: Information disclosure via the local system temporary directory (CVE-2021-21290) * netty: possible request smuggling in HTTP/2 due missing validation (CVE-2021-21295) * netty: Request smuggling via content-length header (CVE-2021-21409) * jetty-server: jetty: Symlink directory exposes webapp directory contents (CVE-2021-28163) * jetty-server: jetty: Ambiguous paths can access WEB-INF (CVE-2021-28164) * jetty-server: jetty: Resource exhaustion when receiving an invalid large TLS frame (CVE-2021-28165) * jetty-server: jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory (CVE-2021-28169) * commons-io: apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6 (CVE-2021-29425) * broker: Red Hat AMQ Broker: discloses JDBC username and password in the application log file (CVE-2021-3425) * jetty-server: jetty: SessionListener can prevent a session from being invalidated breaking logout (CVE-2021-34428) * jetty-server: jetty: crafted URIs allow bypassing security constraints (CVE-2021-34429) * broker: AMQ Broker 7: Incorrect privilege in Management Console (CVE-2021-3763) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 1886587 - CVE-2020-13956 apache-httpclient: incorrect handling of malformed authority component in request URIs 1927028 - CVE-2021-21290 netty: Information disclosure via the local system temporary directory 1934116 - CVE-2020-27223 jetty: request containing multiple Accept headers with a large number of "quality" parameters may lead to DoS 1935927 - CVE-2021-20289 resteasy: Error message exposes endpoint class information 1936629 - CVE-2021-3425 Red Hat AMQ Broker: discloses JDBC username and password in the application log file 1937364 - CVE-2021-21295 netty: possible request smuggling in HTTP/2 due missing validation 1944888 - CVE-2021-21409 netty: Request smuggling via content-length header 1945710 - CVE-2021-28163 jetty: Symlink directory exposes webapp directory contents 1945712 - CVE-2021-28164 jetty: Ambiguous paths can access WEB-INF 1945714 - CVE-2021-28165 jetty: Resource exhaustion when receiving an invalid large TLS frame 1948752 - CVE-2021-29425 apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6 1971016 - CVE-2021-28169 jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory 1974891 - CVE-2021-34428 jetty: SessionListener can prevent a session from being invalidated breaking logout 1985223 - CVE-2021-34429 jetty: crafted URIs allow bypassing security constraints 2000654 - CVE-2021-3763 AMQ Broker 7: Incorrect privilege in Management Console 5. References: https://access.redhat.com/security/cve/CVE-2020-13956 https://access.redhat.com/security/cve/CVE-2020-27223 https://access.redhat.com/security/cve/CVE-2021-3425 https://access.redhat.com/security/cve/CVE-2021-3763 https://access.redhat.com/security/cve/CVE-2021-20289 https://access.redhat.com/security/cve/CVE-2021-21290 https://access.redhat.com/security/cve/CVE-2021-21295 https://access.redhat.com/security/cve/CVE-2021-21409 https://access.redhat.com/security/cve/CVE-2021-28163 https://access.redhat.com/security/cve/CVE-2021-28164 https://access.redhat.com/security/cve/CVE-2021-28165 https://access.redhat.com/security/cve/CVE-2021-28169 https://access.redhat.com/security/cve/CVE-2021-29425 https://access.redhat.com/security/cve/CVE-2021-34428 https://access.redhat.com/security/cve/CVE-2021-34429 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.amq.broker&version=7.9.0 https://access.redhat.com/documentation/en-us/red_hat_amq/2021.q4 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYVWKK9zjgjWX9erEAQiu0A/+NJe1AtB06jaucFaOVo6/q4A3geYdiNfX aU44bpkaYfOHdYkd2Ec59L3ImNIUCYMxUZIWhNfyUwMKAGxRnj2Q0tzm3O6ZCwcL 3DIVXlJHfrQHN8rZ38rG0bi4l4OnnSV1y2kskqkOITFcv6N0MmyQ8+rzG/m5VHC6 c9IBl0zXGZs+8sXDsXzN7tabdieUmke1FyR1SV/YsR9rnnm1cZJcfJqJcKWeKD0v GMvKjgq6VImt8xAZbaOHWzV3+PfinisPh7XYRabE87EAyMFmy5jWclZrg8UhsaYX DEV2+wis3jgANdAgvNox/7camxSciogKKSTxc8ZTPaok33GeudET5pmVbac9sQsc e/jrTvN+AnHMtGoQQwAHPQH3DMjomzd1vmjV4aI6UfearT0GlkLLMVcn6wp2OQ7w d+yh2QnDGXUHLYCkAcvNVklL8ZGlhxgV9zdhoYVSdiZPXAQNvfCDgNilzMaJKXmF k2sR0BB3wnSG7//dUTbNTbBQw8JpuYesDpUC+JYMWErnFak9MGj0Q+ISfxYE9vC5 LSiCsqNHibsGcA5XpVVvO4q/LM6mwhCozD4WXrCw3xl4n4EWWiTQceF+yYSRtsmn pWcWk56HHAlr5Qs9jRuW90pzyf8X/T9rEmugb62Z7SGSUH/A4xJxLpZJHb4q/whu hBENV2qm+t4= =l+R3 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description: Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. Security Fix(es): * jetty: crafted URIs allow bypassing security constraints (CVE-2021-34429) * netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136) * netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137) * Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients (CVE-2021-38153) * log4j-core: remote code execution via JDBC Appender (CVE-2021-44832) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/): 1985223 - CVE-2021-34429 jetty: crafted URIs allow bypassing security constraints 2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2009041 - CVE-2021-38153 Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients 2035951 - CVE-2021-44832 log4j-core: remote code execution via JDBC Appender 5

Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding; and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. It exists that Tomcat did not properly validate the input length. An attacker could possibly use this to trigger an infinite loop, resulting in a denial of service. (CVE-2020-9494, CVE-2021-25329, CVE-2021-41079). Description: Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Web Server 5.6.0 Security release Advisory ID: RHSA-2021:4861-01 Product: Red Hat JBoss Web Server Advisory URL: https://access.redhat.com/errata/RHSA-2021:4861 Issue date: 2021-11-30 CVE Names: CVE-2021-30640 CVE-2021-33037 CVE-2021-42340 ==================================================================== 1. Summary: Updated Red Hat JBoss Web Server 5.6.0 packages are now available for Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 8. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss Web Server 5.6 for RHEL 7 Server - noarch, x86_64 Red Hat JBoss Web Server 5.6 for RHEL 8 - noarch, x86_64 3. Description: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.6.0 serves as a replacement for Red Hat JBoss Web Server 5.5.0. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References. Security Fix(es): * tomcat: OutOfMemoryError caused by HTTP upgrade connection leak could lead to DoS (CVE-2021-42340) * tomcat: HTTP request smuggling when used with a reverse proxy (CVE-2021-33037) * tomcat: JNDI realm authentication weakness (CVE-2021-30640) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat JBoss Web Server 5.6 for RHEL 7 Server: Source: jws5-tomcat-9.0.50-3.redhat_00004.1.el7jws.src.rpm jws5-tomcat-native-1.2.30-3.redhat_3.el7jws.src.rpm jws5-tomcat-vault-1.1.8-4.Final_redhat_00004.1.el7jws.src.rpm noarch: jws5-tomcat-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-admin-webapps-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-docs-webapp-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-el-3.0-api-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-java-jdk11-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-java-jdk8-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-javadoc-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-jsp-2.3-api-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-lib-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-selinux-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-servlet-4.0-api-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-vault-1.1.8-4.Final_redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-vault-javadoc-1.1.8-4.Final_redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-webapps-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm x86_64: jws5-tomcat-native-1.2.30-3.redhat_3.el7jws.x86_64.rpm jws5-tomcat-native-debuginfo-1.2.30-3.redhat_3.el7jws.x86_64.rpm Red Hat JBoss Web Server 5.6 for RHEL 8: Source: jws5-tomcat-9.0.50-3.redhat_00004.1.el8jws.src.rpm jws5-tomcat-native-1.2.30-3.redhat_3.el8jws.src.rpm jws5-tomcat-vault-1.1.8-4.Final_redhat_00004.1.el8jws.src.rpm noarch: jws5-tomcat-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm jws5-tomcat-admin-webapps-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm jws5-tomcat-docs-webapp-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm jws5-tomcat-el-3.0-api-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm jws5-tomcat-javadoc-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm jws5-tomcat-jsp-2.3-api-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm jws5-tomcat-lib-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm jws5-tomcat-selinux-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm jws5-tomcat-servlet-4.0-api-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm jws5-tomcat-vault-1.1.8-4.Final_redhat_00004.1.el8jws.noarch.rpm jws5-tomcat-vault-javadoc-1.1.8-4.Final_redhat_00004.1.el8jws.noarch.rpm jws5-tomcat-webapps-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm x86_64: jws5-tomcat-native-1.2.30-3.redhat_3.el8jws.x86_64.rpm jws5-tomcat-native-debuginfo-1.2.30-3.redhat_3.el8jws.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-30640 https://access.redhat.com/security/cve/CVE-2021-33037 https://access.redhat.com/security/cve/CVE-2021-42340 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYaaMntzjgjWX9erEAQibyg/9E3I1wMpKriqTZKlf1tGcPt4wShPVNKMh B4PC8t1vBZJZ2VBMrQJdmYBUKRn3mccCqUxd0ey/UfsacIoKvAACr18iXCxYc4cO MeNqy7SWRO+Kwze2fYpBu7w5dR34yhUQAN8DAOui7DduZsS209X7WhShrLSjzF5j g+nhRCi4l5QRwcy7NF4TAhmAN7f819BwDHQJI/ttaOHqEwsDnOlPNKbV0X4Hlkf5 5VRD/8ArImD7tqpSs/9YVh34MJLCVmVkWgHBDY0I06LcRSQJoRBZDEkoPRHQxU26 hKH5oDaVezm92RFFqfwo2HHY6eGJc/qTTcd/WeW4RDfx49+ARsOt2kvO2XcEo45A iUue2MayqnfdQHRI7MMNaaWoNudI2MVBcbQYhkTZcgApZEmtCe4taeo0YUvFqUeJ N1Awh8QIN5vqA7wKdtrHiQCMx/6/fqi3VtKN3LZEuUiRMM/sueqc1yob6piuU4Vk nyHP0ULSyMYnrzoqKN1BwbobRYyXKbVR376qMtxhLMe71PXg26TgDC9seUnooNum XgcRIdc7Q2WyGaFLxGE5fS0/7FagX/etRlg9DIHi27NVl0WXgmFVLC2ZumjfSoms FgQUTPwa2Bt90Oat2u7vnB5MBvCR0+OAAsM8TK/cn/31F697MMTI6Qloiq2DDOt4 2c2PkIZ6XrY=6RkQ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link for the update. You must be logged in to download the update. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4952-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff August 09, 2021 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tomcat9 CVE ID : CVE-2021-30640 CVE-2021-33037 Debian Bug : 991046 Two vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in HTTP request smuggling, bypass of logout restrictions or authentications using variations of a valid user name. For the stable distribution (buster), these problems have been fixed in version 9.0.31-1~deb10u5. We recommend that you upgrade your tomcat9 packages. For the detailed security status of tomcat9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/tomcat9 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmERmLEACgkQEMKTtsN8 TjZeMw/9Em+a8hxIgfV6m8svrekc9scclTwKifFNjMU8JPwRHiK/jP7jpz8mwO4W AiEe+TaIiEhlqjg41G2b7P/2cxJlB2Uetf16dvajv9kZA4MjMVDTXiDKvuqo5uVg zT7lkwU6jaMDGUd/unZZTwk8jh4imrF11fLCL6bQciwBdDAuiMDiioW526XwK/5u oUfdu1SJphXNQSkq/d6R7eTOurryFxYrrBswUUsYF5Dk4NhtNuR6pLsRmLVo3sO1 490C/MxLuL/vDMY/5ycqUcBu9JQ4hOADDUClUFcx4/U9soMCTbxsc4OGVlqJAK4W +IeVNO6Y+miHkQCoeqP3deq+ZCwiHaaPR4Y+pZHmGaSvnG7akG8ZJATZWUB/YdU4 DnNlGxgaIIqxHSZcht9ExSTufwjNiYGCQeuBPVhOsh+DDk4l1m1JJN+5nUwB9/id SRV3ZmlRLwJu0YcZPdtogrgmfUgpI3rr+M0t+nERDo3gJ5qQIT2shCNjQaNSEcx8 ko/6aELWC546FlncPCjEpCNDGqsEn7BYOzf18JRqlD1/NPYM+eBa1grXqBdYj9oa Fyl69bY8YU7V8l/aEDvrPDMDStvIvaK2MFtdPvpUQRvU71iuY37CtM5AaaGyOl95 zyNSHUvLzXNOpEWUMTgNKTmTmbRTkCSW71GCgRaVuLthzHN2Bic= =WmYc -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-34 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: Apache Tomcat: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #773571, #801916, #818160, #855971 ID: 202208-34 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been discovered in Apache Tomcat, the worst of which could result in denial of service. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-servers/tomcat < 8.5.82:8.5 >= 8.5.82:8.5 < 9.0.65:9 >= 9.0.65:9 < 10.0.23:10 >= 10.0.23:10 Description ========== Multiple vulnerabilities have been discovered in Apache Tomcat. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All Apache Tomcat 10.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-10.0.23:10" All Apache Tomcat 9.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-9.0.65:9" All Apache Tomcat 8.5.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-8.5.82:8.5" References ========= [ 1 ] CVE-2021-25122 https://nvd.nist.gov/vuln/detail/CVE-2021-25122 [ 2 ] CVE-2021-25329 https://nvd.nist.gov/vuln/detail/CVE-2021-25329 [ 3 ] CVE-2021-30639 https://nvd.nist.gov/vuln/detail/CVE-2021-30639 [ 4 ] CVE-2021-30640 https://nvd.nist.gov/vuln/detail/CVE-2021-30640 [ 5 ] CVE-2021-33037 https://nvd.nist.gov/vuln/detail/CVE-2021-33037 [ 6 ] CVE-2021-42340 https://nvd.nist.gov/vuln/detail/CVE-2021-42340 [ 7 ] CVE-2022-34305 https://nvd.nist.gov/vuln/detail/CVE-2022-34305 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202208-34 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . The purpose of this text-only errata is to inform you about the security issues fixed in this release. Installation instructions are available from the Fuse 7.11.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/ 4