Red Hat Security Advisory 2023-7705-03 - Red Hat Build of Apache Camel for Quarkus 2.13.3 release and security update is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Issues addressed include a denial of service vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7705.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: Red Hat Build of Apache Camel for Quarkus 2.13.3 security update (RHBQ 2.13.9.Final)  
Advisory ID:        RHSA-2023:7705-03  
Product:            Red Hat Integration  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7705  
Issue date:         2023-12-07  
Revision:           03  
CVE Names:            
====================================================================

Summary: 

Red Hat Build of Apache Camel for Quarkus 2.13.3 release and security update is now available (updates to RHBQ 2.13.9.Final).  The purpose of this text-only errata is to inform you about the security issues fixed.

 Red Hat Product Security has rated this update as having an impact of Important.  
 A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

A security update for Red Hat Build of Apache Camel for Quarkus 2.13.3 is now available (updates to RHBQ 2.13.9.Final).  The purpose of this text-only errata is to inform you about the security issues fixed.  
 Red Hat Product Security has rated this update as having an impact of Important.

 A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

 Security Fix(es):

  * CVE-2023-5072 JSON-java: parser confusion leads to OOM  
   * CVE-2023-39410 avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK  
   * CVE-2023-35887 sshd-common: apache-mina-sshd: information exposure in SFTP server implementations  
   * CVE-2023-34462 netty: SniHandler 16MB allocation leads to OOM  
   * CVE-2023-34455 snappy-java: Unchecked chunk length leads to DoS

Solution:

CVEs:

References:

https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/security/cve/CVE-2023-5072  
https://bugzilla.redhat.com/show_bug.cgi?id=2215445  
https://bugzilla.redhat.com/show_bug.cgi?id=2216888  
https://bugzilla.redhat.com/show_bug.cgi?id=2240036  
https://bugzilla.redhat.com/show_bug.cgi?id=2242521  
https://bugzilla.redhat.com/show_bug.cgi?id=2246417

Red Hat Security Advisory 2023-7705-03

By Deeba Ahmed
Discovered by the cybersecurity researchers at Group-IB; the new Linux RAT, dubbed Krasue, is targeting telecom firms in Thailand.
This is a post from HackRead.com Read the original post: New XorDdos-Linked Linux RAT Krasue Targeting Telecom Firms

The Krasue Linux RAT is quite sophisticated, and equipped with the capability to evade detection through Rootkit and RTSP communication.

Group-IB, a leading cybersecurity company, has uncovered a sophisticated new Linux RAT (Remote Access Trojan) they have dubbed “Krasue.” The malware is actively targeting organizations, mainly telecommunication firms, in Thailand and has been active since 2021.

GroupIB’s Threat Intelligence unit researchers found that Krause operates by gaining access to the targeted network and uses its rootkit capabilities to maintain persistence and ensure stealthy access.

The researchers are still investigating the initial infection vector and the full scale of the RAT’s usage. However, they believe that potential methods include vulnerability exploitation, deceptive downloads, and credential brute force attacks.

A notable feature of Krause is that it uses the Real Time Streaming Protocol (RTSP) for communication with its C2 server. This is an unusual tactic and is most likely used to evade detection by security software.

Profile of Krasue RAT (Credit: Group-IB)

Report author Sharmine Low, Group-IB’s Malware Analyst, wrote that Krause is named after a nocturnal spirit mentioned in Southeast Asian folklore. It lets cybercriminals remotely access and control compromised systems and remain undetected for a significant period.

Krasue uses multiple embedded rootkits to ensure compatibility with different Linux kernel versions. Interestingly, as with several other Linux rootkits, Krasue’s rootkit draws its functionalities from publicly available sources, specifically incorporating code from three open-source Linux Kernel Module rootkits.

This embedded rootkit can hook key system calls like kill(), network-related functions, and file listing operations to effectively mask its presence and evade detection. Researchers believe that this RAT was created by the same person who developed the XorDdos Linux Trojan or someone who has access to its source code.

Benyatip Hongto, Group-IB’s Business Development Manager in Thailand, highlighted the company’s commitment and proactive efforts to fighting cybercrime, including the planned opening of a Digital Crime Resistance Center in Thailand and their partnership with leading cybersecurity distributor nForce.

Upon discovering Krause, Group-IB researchers promptly notified their Threat Intelligence customers and published a report with YARA rules, which was shared with Thai authorities including ThaiCERT and TTC-CERT.

This revelation underscores the ever-looming threat of cyber risks and the need for strong cybersecurity measures. Organizations must be aware of threats like Krause and implement suitable security measures like strict access control, regular patching, and advanced threat detection solutions.

****_RELATED ARTICLES_****

1.  **New Cylance Ransomware Targets Linux and Windows**
2.  **Patched OpenSSH Exploited for IoT, Linux Cryptomining**
3.  **Free Download Manager Site Pushed Linux Password Stealer**
4.  **Kinsing Crypto Malware Hits Linux Systems via Apache Flaw**
5.  **Hamas Targeting Israelis with New BiBi-Linux Wiper Malware**

New XorDdos-Linked Linux RAT Krasue Targeting Telecom Firms

gpac 2.3-DEV-rev617-g671976fcc-master contains memory leaks in gf_mpd_resolve_url media_tools/mpd.c:4589.

1、Version  
./MP4Box -version  
MP4Box - GPAC version 2.3-DEV-rev617-g671976fcc-master  
(c) 2000-2023 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io/

Please cite our work in your research:  
GPAC Filters: https://doi.org/10.1145/3339825.3394929  
GPAC: https://doi.org/10.1145/1291233.1291452

GPAC Configuration:  
Features: GPAC\_CONFIG\_LINUX GPAC\_64\_BITS GPAC\_HAS\_IPV6 GPAC\_HAS\_SSL GPAC\_HAS\_SOCK\_UN GPAC\_MINIMAL\_ODF GPAC\_HAS\_QJS GPAC\_HAS\_JPEG GPAC\_HAS\_PNG GPAC\_HAS\_LINUX\_DVB GPAC\_DISABLE\_3D

2、ASAN Log  
\[DASH\] Updated manifest:  
P#1: start 0 - duration 0 - xlink none  
\[DASH\] Manifest after update:  
P#1: start 0 - duration 0 - xlink none  
\[DASH\] Setting up period start 0 duration 0 xlink none ID DID1  
\[DASH\] Cannot compute default segment duration  
\[DASH\] AS#1 changed quality to bitrate 10 kbps - Width 1280 Height 720 FPS 30/1 (playback speed 1)  
\[DASH\] AS#2 changed quality to bitrate 120 kbps - Width 384 Height 256 FPS 30/1 (playback speed 1)  
\[DASH\] AS#3 changed quality to bitrate 120 kbps - Width 384 Height 256 FPS 30/1 (playback speed 1)  
\[DASH\] AS#4 changed quality to bitrate 120 kbps - Width 448 Height 256 FPS 30/1 (playback speed 1)  
\[DASH\] AS#5 changed quality to bitrate 120 kbps - Width 448 Height 256 FPS 30/1 (playback speed 1)  
\[DASH\] AS#6 changed quality to bitrate 120 kbps - Width 384 Height 208 FPS 30/1 (playback speed 1)  
\[DASH\] AS#7 changed quality to bitrate 120 kbps - Width 448 Height 208 FPS 30/1 (playback speed 1)  
\[DASH\] AS#8 changed quality to bitrate 120 kbps - Width 448 Height 208 FPS 30/1 (playback speed 1)  
\[DASH\] No ROUTE entity on HTTP request  
\[DASH\] AST at init 1621274304781  
\[DASH\] At current time 78824071088 ms: Initializing Timeline: startNumber=1 segmentNumber=78824071 segmentDuration=1.000000 - 0.000 seconds in segment (start range 7.88241e+07)  
\[DASH\] No ROUTE entity on HTTP request  
\[DASH\] Segment duration unknown - cannot estimate current startNumber  
\[DASH\] No ROUTE entity on HTTP request  
\[DASH\] AST at init 1621274304781  
\[DASH\] At current time 78824071088 ms: Initializing Timeline: startNumber=1 segmentNumber=78824071 segmentDuration=1.000000 - 0.000 seconds in segment (start range 7.88241e+07)  
\[DASH\] No ROUTE entity on HTTP request  
\[DASH\] AST at init 1621274304781  
\[DASH\] At current time 78824071088 ms: Initializing Timeline: startNumber=1 segmentNumber=78824071 segmentDuration=1.000000 - 0.000 seconds in segment (start range 7.88241e+07)  
\[DASH\] No ROUTE entity on HTTP request  
\[DASH\] AST at init 1621274304781  
\[DASH\] At current time 78824071088 ms: Initializing Timeline: startNumber=1 segmentNumber=78824071 segmentDuration=1.000000 - 0.000 seconds in segment (start range 7.88241e+07)  
\[DASH\] No ROUTE entity on HTTP request  
\[DASH\] AST at init 1621274304781  
\[DASH\] At current time 78824071088 ms: Initializing Timeline: startNumber=1 segmentNumber=78824071 segmentDuration=1.000000 - 0.000 seconds in segment (start range 7.88241e+07)  
\[DASH\] No ROUTE entity on HTTP request  
\[DASH\] AST at init 1621274304781  
\[DASH\] At current time 78824071088 ms: Initializing Timeline: startNumber=1 segmentNumber=78824071 segmentDuration=1.000000 - 0.000 seconds in segment (start range 7.88241e+07)  
\[DASH\] No ROUTE entity on HTTP request  
\[DASH\] AST at init 1621274304781  
\[DASH\] At current time 78824071088 ms: Initializing Timeline: startNumber=1 segmentNumber=78824071 segmentDuration=1.000000 - 0.000 seconds in segment (start range 7.88241e+07)  
\[DASH\] Unable to resolve initialization URL: Bad Parameter  
Filter dashin failed to setup: Bad Parameter  
Filters not connected:  
fout (dst=crash24\_dash.mpd:gpac:segdur=10000/1000:profile=full:!sap:buf=1500:!check\_dur:pssh=v:subs\_sidx=0) (idx=1)  
Arg segdur set but not used  
Arg profile set but not used  
Arg !sap set but not used  
Arg buf set but not used  
Arg !check\_dur set but not used  
Arg pssh set but not used  
Arg subs\_sidx set but not used  
Error DASHing file: Bad Parameter

\=================================================================  
\==3766==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 50 byte(s) in 1 object(s) allocated from:  
#0 0x7f8f1245b9a7 in \_\_interceptor\_strdup ../../../../src/libsanitizer/asan/asan\_interceptors.cpp:454  
#1 0x7f8f112d489f in gf\_mpd\_resolve\_url media\_tools/mpd.c:4589  
#2 0x7f8f11303e24 in gf\_dash\_resolve\_url media\_tools/dash\_client.c:3447

SUMMARY: AddressSanitizer: 50 byte(s) leaked in 1 allocation(s).

3、Reproduction  
./MP4Box -dash 10000 $poc

4、poc  
crash24.zip

5、Impact  
This vulnerability is capable of causing crashes, or lead to dos.

6、 Env  
Linux dr0v-virtual-machine 6.2.0-36-generic #37 SMP PREEMPT\_DYNAMIC Mon Oct 9 15:34:04 UTC 2 x86\_64 x86\_64 x86\_64 GNU/Linux  
AFL++ 4.09a

7、Credit  
dr0v

CVE-2023-48958: LeakSanitizer: detected memory leaks in in gf_mpd_resolve_url media_tools/mpd.c:4589 · Issue #2689 · gpac/gpac

strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKE_SA_INIT message.

CVE-2023-41913: Releases · strongswan/strongswan

Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module proxy and are fetching modules directly (i.e. GOPROXY=off).

Hello gophers,

We have just released Go versions 1.21.5 and 1.20.12, minor point releases.

These minor releases include 3 security fixes following the security policy:

*   net/http: limit chunked data overhead
    
    A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body.
    
    A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request.
    
    Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small.
    
    Thanks to Bartek Nowotarski for reporting this issue.
    
    This is CVE-2023-39326 and Go issue https://go.dev/issue/64433.
    
*   cmd/go: go get may unexpectedly fallback to insecure git
    
    Using go get to fetch a module with the ".git" suffix may unexpectedly fallback  
    to the insecure "git://" protocol if the module is unavailable via the secure  
    "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said  
    module. This only affects users who are not using the module proxy and are  
    fetching modules directly (i.e. GOPROXY=off).
    
    Thanks to David Leadbeater for reporting this issue.
    
    This is CVE-2023-45285 and Go issue https://go.dev/issue/63845.
    
*   path/filepath: retain trailing \ when cleaning paths like \\?\c:\
    
    Go 1.20.11 and Go 1.21.4 inadvertently changed the definition of the volume name in Windows paths starting with \\?\, resulting in filepath.Clean(\\?\c:\) returning \\?\c: rather than \\?\c:\ (among other effects). The previous behavior has been restored.
    
    This is an update to CVE-2023-45283 and Go issue https://go.dev/issue/64028.
    

View the release notes for more information:  
https://go.dev/doc/devel/release#go1.21.5

You can download binary and source distributions from the Go website:  
https://go.dev/dl/

To compile from source using a Git clone, update to the release with  
git checkout go1.21.5 and build as usual.

Thanks to everyone who contributed to the releases.

Cheers,  
Carlos and Dmitri for the Go team

CVE-2023-45285: [security] Go 1.21.5 and Go 1.20.12 are released

An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process.  In this instance, workloads may be scheduled on these nodes and deploy to a failed or erroneous state, which impacts the availability of these workloads that may be deployed during this time window.

This issue impacts HyperCloud versions from 2.0.0 to before 2.0.3.



CVE-2023-45085: Releases - HyperCloud Docs

This is a small extension script to monitor suff.py, or the Simple Universal Fortigate Fuzzer, and to collect crashlogs for future analysis.

#!/usr/bin/env python3  
# suff_monitor.py -- basic monitoring for fuzzing scenarios (suff/burp/mutiny)  
#   
# -- updates --  
# 22.11.2023 @ 02:23 :: shame init version ready to go  
# 21.11.2023 @ 19:18 :: log me if you can  
# 21.11.2023 @ 15:14 :: added: time, sleep, log2fp  
# 21.11.2023 @ 01:19 :: started this lame code  
#   
# idea - run suff_monitor.py against the box you're testing (fgvm):  
# - add time to sleep and date to log updates  
# - log in (so same creds as for suff.py, postauth testing, etc)  
# - get ver/info -> log2file  
# ** (should be ready at this stage, so): **  
#   while true:  
#       check_diag_deb(+log2file,+a)  
#       sleep 1  
#  end_of_file  
#   
# -------------  
#   
# for more details:  
#   https://code610.blogspot.com/2023/12/monitoring-suff.html  
#   https://code610.blogspot.com/2023/04/fuzzing-fortigate-7.html    
#   https://github.com/c610/free/blob/master/suff-v0.1.py  
#   https://github.com/c610/free/blob/master/fg7stack_poc.py  
#   
# 

from netmiko import Netmiko  
import sys,os  
import time  
import paramiko

###################  
##############  
########  
####  
##  
#

fplog = open('saveme.log','+a')

command = 'diag debug crashlog show' # did you enable logs in your FGVM?

def connect_to_crashlog():

         # set up for the target  
    try:

                fw_01 = {  
          'host':'192.168.56.231',  
          'username':'admin',  
          'password':'P@ssw0rd',  
          'device_type':'fortinet',  
          'timeout':3  
          }

        net_connect = Netmiko( **fw_01 )  
        print("+ Connected to FG!")  
        print("+    logfile: savethis.log")

        fplog.write('----starting suff_monitor.py ----\n')  
        fplog.write(net_connect)    
        fplog.write('\n-- results below: --\n')

        # if we're connected: check diag debug crashlog (or any other you'd like to)  
        send_logcheck_cfg = net_connect.send_config_set( command  ) 

                fplog.write(send_logcheck_cfg)  
        fplog.write('\n---- next while loop ----\n')

                print("+ looks like we just sent this command:\n\t%s\n\n" % send_logcheck_cfg )

        print("send_init_cfg finished")

    ## check crashlog finished 

    except paramiko.ssh_exception.SSHException as e:  
        print(" > connection error: %s" % e)

    except ConnectionResetError as e:  
        print("> connection error2: %s" % e)

    except UnboundLocalError as e:  
        print("UnboundLocalError: local variable 'net_connect' referenced before assignment")  
        print("> unbound variable error: %s" % e)

## end of connect_to_crashlog()   
# 

##########  
#### main  
##########

print('y0;[')  
print('starting: connect_to_crashlog()')

while True:

    print('debug: connect_to_crashlog() starting...')

    connect_to_crashlog()

    print("... sleeping 1...")  
    time.sleep(1) 

    print('sleep done. next True iter...')

    ####   
print("finished main()")

Simple Universal Fortigate Fuzzer Extension Script

Red Hat Security Advisory 2023-7641-03 - An update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Issues addressed include a denial of service vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7641.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: Red Hat JBoss Enterprise Application Platform 7.4.14 security update  
Advisory ID:        RHSA-2023:7641-03  
Product:            Red Hat JBoss Enterprise Application Platform  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7641  
Issue date:         2023-12-05  
Revision:           03  
CVE Names:          CVE-2023-2976  
====================================================================

Summary: 

An update is now available for Red Hat JBoss Enterprise Application Platform 7.4.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.

This release of Red Hat JBoss Enterprise Application Platform 7.4.14 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.13, and includes bug fixes and enhancements.

See the Red Hat JBoss Enterprise Application Platform 7.4.14 Release Notes for information about the most significant bug fixes and enhancements included in this release.

Security Fix(es):

* undertow: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

* avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK (CVE-2023-39410)

* guava: insecure temporary directory creation (CVE-2023-2976)

* eap-galleon: custom provisioning creates unsecured http-invoker (CVE-2023-4503)

* jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048)

* jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049)

* sshd-common: apache-mina-sshd: information exposure in SFTP server implementations (CVE-2023-35887)

A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

CVEs:

CVE-2023-2976

References:

https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/security/vulnerabilities/RHSB-2023-003  
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=appplatform&version=7.4  
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/  
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/  
https://bugzilla.redhat.com/show_bug.cgi?id=2184751  
https://bugzilla.redhat.com/show_bug.cgi?id=2215229  
https://bugzilla.redhat.com/show_bug.cgi?id=2236340  
https://bugzilla.redhat.com/show_bug.cgi?id=2236341  
https://bugzilla.redhat.com/show_bug.cgi?id=2240036  
https://bugzilla.redhat.com/show_bug.cgi?id=2242521  
https://bugzilla.redhat.com/show_bug.cgi?id=2242803  
https://issues.redhat.com/browse/JBEAP-25004  
https://issues.redhat.com/browse/JBEAP-25085  
https://issues.redhat.com/browse/JBEAP-25086  
https://issues.redhat.com/browse/JBEAP-25378  
https://issues.redhat.com/browse/JBEAP-25380  
https://issues.redhat.com/browse/JBEAP-25419  
https://issues.redhat.com/browse/JBEAP-25451  
https://issues.redhat.com/browse/JBEAP-25457  
https://issues.redhat.com/browse/JBEAP-25541  
https://issues.redhat.com/browse/JBEAP-25547  
https://issues.redhat.com/browse/JBEAP-25576  
https://issues.redhat.com/browse/JBEAP-25594  
https://issues.redhat.com/browse/JBEAP-25627  
https://issues.redhat.com/browse/JBEAP-25657  
https://issues.redhat.com/browse/JBEAP-25685  
https://issues.redhat.com/browse/JBEAP-25700  
https://issues.redhat.com/browse/JBEAP-25716  
https://issues.redhat.com/browse/JBEAP-25726  
https://issues.redhat.com/browse/JBEAP-25772  
https://issues.redhat.com/browse/JBEAP-25779  
https://issues.redhat.com/browse/JBEAP-25803  
https://issues.redhat.com/browse/JBEAP-25838  
https://issues.redhat.com/browse/JBEAP-26041

Red Hat Security Advisory 2023-7641-03

Red Hat Security Advisory 2023-7639-03 - An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7639.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: Red Hat JBoss Enterprise Application Platform 7.4.14 on RHEL 9 security update  
Advisory ID:        RHSA-2023:7639-03  
Product:            Red Hat JBoss Enterprise Application Platform  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7639  
Issue date:         2023-12-05  
Revision:           03  
CVE Names:          CVE-2023-2976  
====================================================================

Summary: 

An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.

This release of Red Hat JBoss Enterprise Application Platform 7.4.14 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.13, and includes bug fixes and enhancements.

See the Red Hat JBoss Enterprise Application Platform 7.4.14 Release Notes for information about the most significant bug fixes and enhancements included in this release.

Security Fix(es):

* undertow: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

* avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK (CVE-2023-39410)

* guava: insecure temporary directory creation (CVE-2023-2976)

* eap-galleon: custom provisioning creates unsecured http-invoker (CVE-2023-4503)

* jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048)

* jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049)

* sshd-common: apache-mina-sshd: information exposure in SFTP server implementations (CVE-2023-35887)

A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

CVEs:

CVE-2023-2976

References:

https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/security/vulnerabilities/RHSB-2023-003  
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/  
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/  
https://bugzilla.redhat.com/show_bug.cgi?id=2184751  
https://bugzilla.redhat.com/show_bug.cgi?id=2215229  
https://bugzilla.redhat.com/show_bug.cgi?id=2236340  
https://bugzilla.redhat.com/show_bug.cgi?id=2236341  
https://bugzilla.redhat.com/show_bug.cgi?id=2240036  
https://bugzilla.redhat.com/show_bug.cgi?id=2242521  
https://bugzilla.redhat.com/show_bug.cgi?id=2242803  
https://issues.redhat.com/browse/JBEAP-25004  
https://issues.redhat.com/browse/JBEAP-25085  
https://issues.redhat.com/browse/JBEAP-25086  
https://issues.redhat.com/browse/JBEAP-25378  
https://issues.redhat.com/browse/JBEAP-25380  
https://issues.redhat.com/browse/JBEAP-25419  
https://issues.redhat.com/browse/JBEAP-25451  
https://issues.redhat.com/browse/JBEAP-25457  
https://issues.redhat.com/browse/JBEAP-25541  
https://issues.redhat.com/browse/JBEAP-25547  
https://issues.redhat.com/browse/JBEAP-25576  
https://issues.redhat.com/browse/JBEAP-25594  
https://issues.redhat.com/browse/JBEAP-25627  
https://issues.redhat.com/browse/JBEAP-25657  
https://issues.redhat.com/browse/JBEAP-25685  
https://issues.redhat.com/browse/JBEAP-25700  
https://issues.redhat.com/browse/JBEAP-25716  
https://issues.redhat.com/browse/JBEAP-25726  
https://issues.redhat.com/browse/JBEAP-25772  
https://issues.redhat.com/browse/JBEAP-25779  
https://issues.redhat.com/browse/JBEAP-25803  
https://issues.redhat.com/browse/JBEAP-25838  
https://issues.redhat.com/browse/JBEAP-26041

Red Hat Security Advisory 2023-7639-03

Red Hat Security Advisory 2023-7638-03 - An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7638.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: Red Hat JBoss Enterprise Application Platform 7.4.14 on RHEL 8 security update  
Advisory ID:        RHSA-2023:7638-03  
Product:            Red Hat JBoss Enterprise Application Platform  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7638  
Issue date:         2023-12-05  
Revision:           03  
CVE Names:          CVE-2023-2976  
====================================================================

Summary: 

An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.

This release of Red Hat JBoss Enterprise Application Platform 7.4.14 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.13, and includes bug fixes and enhancements.

See the Red Hat JBoss Enterprise Application Platform 7.4.14 Release Notes for information about the most significant bug fixes and enhancements included in this release.

Security Fix(es):

* undertow: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

* avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK (CVE-2023-39410)

* guava: insecure temporary directory creation (CVE-2023-2976)

* eap-galleon: custom provisioning creates unsecured http-invoker (CVE-2023-4503)

* jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048)

* jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049)

* sshd-common: apache-mina-sshd: information exposure in SFTP server implementations (CVE-2023-35887)

A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

CVEs:

CVE-2023-2976

References:

https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/security/vulnerabilities/RHSB-2023-003  
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/  
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/  
https://bugzilla.redhat.com/show_bug.cgi?id=2184751  
https://bugzilla.redhat.com/show_bug.cgi?id=2215229  
https://bugzilla.redhat.com/show_bug.cgi?id=2236340  
https://bugzilla.redhat.com/show_bug.cgi?id=2236341  
https://bugzilla.redhat.com/show_bug.cgi?id=2240036  
https://bugzilla.redhat.com/show_bug.cgi?id=2242521  
https://bugzilla.redhat.com/show_bug.cgi?id=2242803  
https://issues.redhat.com/browse/JBEAP-25004  
https://issues.redhat.com/browse/JBEAP-25085  
https://issues.redhat.com/browse/JBEAP-25086  
https://issues.redhat.com/browse/JBEAP-25378  
https://issues.redhat.com/browse/JBEAP-25380  
https://issues.redhat.com/browse/JBEAP-25419  
https://issues.redhat.com/browse/JBEAP-25451  
https://issues.redhat.com/browse/JBEAP-25457  
https://issues.redhat.com/browse/JBEAP-25541  
https://issues.redhat.com/browse/JBEAP-25547  
https://issues.redhat.com/browse/JBEAP-25576  
https://issues.redhat.com/browse/JBEAP-25594  
https://issues.redhat.com/browse/JBEAP-25627  
https://issues.redhat.com/browse/JBEAP-25657  
https://issues.redhat.com/browse/JBEAP-25685  
https://issues.redhat.com/browse/JBEAP-25700  
https://issues.redhat.com/browse/JBEAP-25716  
https://issues.redhat.com/browse/JBEAP-25726  
https://issues.redhat.com/browse/JBEAP-25772  
https://issues.redhat.com/browse/JBEAP-25779  
https://issues.redhat.com/browse/JBEAP-25803  
https://issues.redhat.com/browse/JBEAP-25838  
https://issues.redhat.com/browse/JBEAP-26041

Tag

#ssh