### Impact
The Backoffice displays the logout page with a session timeout message before the server session has fully expired, causing users to believe they have been logged out approximately 30 seconds before they actually are.


1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2024-48926

**Umbraco CMS logout page displayed before session expiration**

Moderate severity GitHub Reviewed Published Oct 22, 2024 in umbraco/Umbraco-CMS • Updated Oct 22, 2024

**Package**

nuget Umbraco.CMS (NuGet)

**Affected versions**

\>= 13.0.0, < 13.5.2

\>= 10.0.0, < 10.8.7

**Patched versions**

13.5.2

10.8.7

**Impact**

The Backoffice displays the logout page with a session timeout message before the server session has fully expired, causing users to believe they have been logged out approximately 30 seconds before they actually are.

**References**

*   GHSA-fp6q-gccw-7qqm

Published to the GitHub Advisory Database

Oct 22, 2024

Last updated

Oct 22, 2024

GHSA-fp6q-gccw-7qqm: Umbraco CMS logout page displayed before session expiration

### Impact
An improper access control issue has been identified, allowing low-privilege users to access the webhook API and retrieve information that should be restricted to users with access to the settings section


Skip to content

**Navigation Menu**

*   *   GitHub Copilot
        
        Write better code with AI
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Actions
        
        Automate any workflow
        
    *   Codespaces
        
        Instant dev environments
        
    *   Issues
        
        Plan and track work
        
    *   Code Review
        
        Manage code changes
        
    *   Discussions
        
        Collaborate outside of code
        
    *   Code Search
        
        Find more, search less
        
    

*   Explore
    
    *   Learning Pathways
    *   White papers, Ebooks, Webinars
    *   Customer Stories
    *   Partners
    
*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   *   Enterprise platform
        
        AI-powered developer platform
        
    
*   Pricing

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2024-48925

**Umbraco CMS Improper Access Control Vulnerability Allows Low-Privilege Users to Access Webhook API**

**Package**

nuget Umbraco.CMS (NuGet)

**Affected versions**

\>= 14.0.0, < 14.3.0

**Description**

**Impact**

An improper access control issue has been identified, allowing low-privilege users to access the webhook API and retrieve information that should be restricted to users with access to the settings section

**References**

*   GHSA-4gp9-ff99-j6vj

Published to the GitHub Advisory Database

Oct 22, 2024

GHSA-4gp9-ff99-j6vj: Umbraco CMS Improper Access Control Vulnerability Allows Low-Privilege Users to Access Webhook API

### Impact
This can be leveraged to gain access to higher-privilege endpoints, e.g. if you get a user with admin privileges to run the code, you can potentially elevate all users and grant them admin privileges or access protected content.

### Patches
Will be patched in 14.3.1 and 15.0.0.

### Workarounds
Ensure that access to the Dictionary section is only granted to trusted users.



1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2024-47819

**Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section**

Moderate severity GitHub Reviewed Published Oct 22, 2024 in umbraco/Umbraco-CMS • Updated Oct 22, 2024

**Package**

npm @umbraco-cms/backoffice (npm)

**Affected versions**

\>= 14.0.0, < 14.3.1

nuget Umbraco.Cms.StaticAssets (NuGet)

**Impact**

This can be leveraged to gain access to higher-privilege endpoints, e.g. if you get a user with admin privileges to run the code, you can potentially elevate all users and grant them admin privileges or access protected content.

**Patches**

Will be patched in 14.3.1 and 15.0.0.

**Workarounds**

Ensure that access to the Dictionary section is only granted to trusted users.

**References**

*   GHSA-c5g6-6xf7-qxp3

Published to the GitHub Advisory Database

Oct 22, 2024

Last updated

Oct 22, 2024

GHSA-c5g6-6xf7-qxp3: Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section

The 115,000-plus files related to UN Women included detailed financial disclosures from organizations around the world—and personal details and testimonials from vulnerable individuals.

A database containing sensitive, sometimes personal information from the United Nations Trust Fund to End Violence Against Women was openly accessible on the internet, revealing more than 115,000 files related to organizations that partner with or receive funding from UN Women. The documents range from staffing information and contracts to letters and even detailed financial audits about organizations working with vulnerable communities around the world, including under repressive regimes.

Security researcher Jeremiah Fowler discovered the database, which was not password protected or otherwise access controlled, and disclosed the finding to the UN, which secured the database. Such incidents are not uncommon, and many researchers regularly find and disclose examples of exposures to help organizations correct data management mistakes. But Fowler emphasizes that this ubiquity is exactly why it is important to continue to raise awareness about the threat of such misconfigurations. The UN Women database is a prime example of a small error that could create additional risk for women, children, and LGBTQ people living in hostile situations worldwide.

“They're doing great work and helping real people on the ground, but the cybersecurity aspect is still critical,” Fowler tells WIRED. “I've found lots of data before, including from all sorts of government agencies, but these organizations are helping people who are at risk just for being who they are, where they are.”

A spokesperson for UN Women tells WIRED in a statement that the organization appreciates collaboration from cybersecurity researchers and combines any outside findings with its own telemetry and monitoring.

“As per our incident response procedure, containment measures were rapidly put in place and investigative actions are being taken,” the spokesperson said of the database Fowler discovered. “We are in the process of assessing how to communicate with the potential affected persons so that they are aware and alert as well as incorporating the lessons learned to prevent similar incidents in the future.”

The data could expose people in multiple ways. At the organizational level, some of the financial audits include bank account information, but more broadly, the disclosures provide granular detail on where each organization gets its funding and how it budgets. The information also includes breakdowns of operating costs, and details about employees that could be used to map the interconnections between civil society groups in a country or region. Such information is also ripe for abuse in scams since the UN is such a trusted organization, and the exposed data would provide details on internal operations and potentially serve as templates for malicious actors to create legitimate-looking communications that purport to come from the UN.

“You have a list of organizations and details about their staff and activities, and some of the projects I saw had budgets in the millions of dollars,” Fowler says. “If this data fell into the wrong hands or it reached the dark web, you could have scammers or an authoritarian government looking at which organizations are working where, and who they working with, to target them and even find out names of people they've been helping.”

This leads to the other crucial element of the finding: In addition to fueling scams and potentially exposing local organizations, the data could be exploited to directly target at-risk individuals with extortion attempts or even local law enforcement action.

“I saw letters from people who were victims of kidnapping, rape, abuse—people telling their stories probably believing that they will remain anonymous,” Fowler says. “There was a letter from someone who had gotten HIV who was helped out by a foundation, and they told their whole story of how their family and friends had turned on them.”

If the finding spurs infrastructure review and other detections, it could go a long way toward helping UN Women—and the sprawling ecosystem of UN organizations more broadly—to catch any other easy-to-fix errors and prevent potential data breaches.

Exposed United Nations Database Left Sensitive Information Accessible Online

Russian-speaking users have become the target of a new phishing campaign that leverages an open-source phishing toolkit called Gophish to deliver DarkCrystal RAT (aka DCRat) and a previously undocumented remote access trojan dubbed PowerRAT.
"The campaign involves modular infection chains that are either Maldoc or HTML-based infections and require the victim's intervention to trigger the

Russian-speaking users have become the target of a new phishing campaign that leverages an open-source phishing toolkit called Gophish to deliver DarkCrystal RAT (aka DCRat) and a previously undocumented remote access trojan dubbed PowerRAT.

"The campaign involves modular infection chains that are either Maldoc or HTML-based infections and require the victim's intervention to trigger the infection chain," Cisco Talos researcher Chetan Raghuprasad said in a Tuesday analysis.

The targeting of Russian-speaking users is an assessment derived from the language used in the phishing emails, the lure content in the malicious documents, links masquerade as Yandex Disk ("disk-yandex\[.\]ru"), and HTML web pages disguised as VK, a social network predominantly used in the country.

Gophish refers to an open-source phishing framework that allows organizations to test their phishing defenses by leveraging easy-to-use templates and launch email-based campaigns that can then be tracked in near real-time.

The unknown threat actor behind the campaign has been observed taking advantage of the toolkit to send phishing messages to their targets and ultimately push DCRat or PowerRAT depending on the initial access vector used: A malicious Microsoft Word document or an HTML embedding JavaScript.

When the victim opens the maldoc and enables macros, a rogue Visual Basic (VB) macro is executed to extract an HTML application (HTA) file ("UserCache.ini.hta") and a PowerShell loader ("UserCache.ini").

The macro is responsible for configuring a Windows Registry key such that the HTA file is automatically launched every time a user logs into their account on the device.

The HTA file, for its part, drops a JavaScript file ("UserCacheHelper.lnk.js") that's responsible for executing the PowerShell Loader. The JavaScript is executed using a legitimate Windows binary named "cscript.exe."

"The PowerShell loader script masquerading as the INI file contains base64 encoded data blob of the payload PowerRAT, which decodes and executes in the victim's machine memory," Raghuprasad said.

The malware, in addition to performing system reconnaissance, collects the drive serial number and connects to remote servers located in Russia (94.103.85\[.\]47 or 5.252.176\[.\]55) to receive further instructions.

"\[PowerRAT\] has the functionality of executing other PowerShell scripts or commands as directed by the \[command-and-control\] server, enabling the attack vector for further infections on the victim machine."

In the event no response is received from the server, PowerRAT comes fitted with a feature that decodes and executes an embedded PowerShell script. None of the analyzed samples thus far have Base64-encoded strings in them, indicating that the malware is under active development.

The alternate infection chain that employs HTML files embedded with malicious JavaScript, in a similar vein, triggers a multi-step process that leads to the deployment of DCRat malware.

"When a victim clicks on the malicious link in the phishing email, a remotely located HTML file containing the malicious JavaScript opens in the victim machine's browser and simultaneously executes the JavaScript," Talos noted. "The JavaScript has a Base64-encoded data blob of a 7-Zip archive of a malicious SFX RAR executable."

Present within the archive file ("vkmessenger.7z") – which is downloaded via a technique called HTML smuggling – is another password-protected SFX RAR that contains the RAT payload.

It's worth noting that the exact infection sequence was detailed by Netskope Threat Labs in connection with a campaign that leveraged fake HTML pages impersonating TrueConf and VK Messenger to deliver DCRat. Furthermore, the use of a nested self-extracting archive has been previously observed in campaigns delivering SparkRAT.

"The SFX RAR executable is packaged with the malicious loader or dropper executables, batch file, and a decoy document in some samples," Raghuprasad said.

"The SFX RAR drops the GOLoader and the decoy document Excel spreadsheet in the victim machine user profile applications temporary folder and runs the GOLoader along with opening the decoy document."

The Golang-based loader is also designed to retrieve the DCRat binary data stream from a remote location through a hard-coded URL that points to a now-removed GitHub repository and save it as "file.exe" in the desktop folder on the victim's machine.

DCRat is a modular RAT that can steal sensitive data, capture screenshots and keystrokes, and provide remote control access to the compromised system and facilitate the download and execution of additional files.

"It establishes persistence on the victim machine by creating several Windows tasks to run at different intervals or during the Windows login process," Talos said. "The RAT communicates to the C2 server through a URL hardcoded in the RAT configuration file \[...\] and exfiltrates the sensitive data collected from the victim machine."

The development comes as Cofense has warned of phishing campaigns that incorporate malicious content within virtual hard disk (VHD) files as a way to avoid detection by Secure Email Gateways (SEGs) and ultimately distribute Remcos RAT or XWorm.

"The threat actors send emails with .ZIP archive attachments containing virtual hard drive files or embedded links to downloads that contain a virtual hard drive file that can be mounted and browsed through by a victim," security researcher Kahng An said. "From there, a victim can be misled into running a malicious payload."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Gophish Framework Used in Phishing Campaigns to Deploy Remote Access Trojans

GoDaddy flagged a ClickFix campaign that infected 6,000 sites in a one-day period, with attackers using stolen admin credentials to distribute malware.

Source: Primakov via Shutterstock

Threat actors have taken a campaign that uses fake browser updates to spread malware to a new level, weaponizing scores of WordPress plug-ins to deliver malicious infostealing payloads, after using stolen credentials to log in to and infect thousands of websites.

Domain registrar GoDaddy is warning that a new variant of malware disguised as a fake browser update known as ClickFix infected more than 6,000 WordPress sites in a one-day period from Sept. 2 to Sept. 3.

Threat actors used stolen WordPress admin credentials to infect compromised websites with malicious plug-ins as part of an attack chain unrelated "to any known vulnerabilities in the WordPress ecosystem," GoDaddy principal security engineer Denis Sinegubko wrote in a recent blog post.

"These seemingly legitimate plugins are designed to appear harmless to website administrators, but contain embedded malicious scripts that deliver fake browser update prompts to end users," he wrote.

The campaign leverages fake WordPress plug-ins that inject JavaScript leading to ClickFix fake browser updates, which use blockchain and smart contracts to obtain and deliver malicious payloads. Attackers use social engineering strategies to trick users into thinking they are updating their browser, but instead they are executing malicious code, "ultimately compromising their systems with various types of malware and information stealers," Sinegubko explained.

Related:Samsung Zero-Day Vuln Under Active Exploit, Google Warns

**Related, Yet Separate Campaigns**

It should be mentioned that ClearFake, widely identified in April, is another fake browser update activity cluster that compromises legitimate websites with malicious HTML and JavaScript. Initially it targeted Windows systems, but later spread to macOS as well.

Researchers have linked ClickFix to ClearFake, but the campaigns as described by various analysts have numerous differences and are likely separate activity clusters. GoDaddy claims to have been tracking ClickFix malware campaign since August 2023, spotting it on more than 25,000 compromised sites worldwide. Other analysts at Proofpoint detailed ClickFix for the first time earlier this year.

The new ClickFix variant as described by GoDaddy is spreading fake browser update malware via bogus WordPress plug-ins with generic names such as "Advanced User Manager" and "Quick Cache Cleaner," according to the post.

"These seemingly legitimate plugins are designed to appear harmless to website administrators but contain embedded malicious scripts that deliver fake browser update prompts to end users," Sinegubko wrote.

Related:Bad Actors Manipulate Red-Team Tools to Evade Detection

All information in the plug-in metadata is fake, including the plug-in name, URL, description, version, and author, but appears plausible at first glance and wouldn't raise suspicion immediately, according to GoDaddy.

**Automation Used to Scale Campaign**

Further analysis detected automation in the naming convention of the plug-ins, with researchers noting a JavaScript file naming pattern consisting of the first letter of each word in the plug-in name, appended with "-script.js."

For example, the Advanced User Manager plug-in contains the aum-script.js file, according to the researchers, who used this naming convention to detect other malicious plug-ins related to the campaign, such as Easy Themes Manager, Content Blocker, and Custom CSS Injector.

The plug-in and author URIs also frequently reference GitHub, but analysis showed that repositories associated with the plug-in don't actually exist. Moreover, the GitHub usernames followed a systematic naming convention linked to the plug-in names, which "indicates an automated process behind the creation of these malicious plugins," Sinegubko wrote.

Indeed, the researchers eventually discovered that the plug-ins are systematically generated using a common template, allowing "threat actors to rapidly produce a large number of plausible plugin names, complete with metadata and embedded code designed to inject JavaScript files into WordPress pages," Sinegubko wrote. This allowed attackers to scale their malicious operations and add an additional layer of complexity for detection.

Related:The Lingering 'Beige Desktop' Paradox

**Credential Theft as Initial Entry?**

GoDaddy isn't clear on how attackers acquired WordPress admin credentials to initiate the latest ClickFix campaign, but it noted that potential vectors include brute-force attacks and phishing campaigns aimed at acquiring legitimate passwords and usernames. 

Moreover, as the payloads of the campaign itself are the installation of various infostealers on compromised end-user systems, it's possible that the threat actors are collecting admin credentials in this way, Sinegubko observed.

"When talking about infostealers, many people think about bank credentials, crypto-wallets and other things of this nature, but many stealers can collect information and credentials from a much wider range of programs," he noted.

Another possible scenario is that the residential IP addresses from which the fake plug-ins were installed could belong to a botnet of infected computers that the attackers use as proxies to hack websites, according to GoDaddy.

Because the campaign includes the theft of legitimate credentials to log in to WordPress sites, people are urged to follow general best practices for protecting their passwords as well as avoid interacting with any unknown websites or messages that ask them to divulge private credentials.

GoDaddy also included a long list of indicators of compromise (IoCs) for the campaign — including names of plug-ins and malicious JavaScript files, endpoints to which smart contracts in the campaign connect, and associated GitHub accounts — in the blog post, so defenders can identify if a website has been compromised.

**About the Author**

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

Swarms of Fake WordPress Plug-ins Infect Sites With Infostealers

Anti-bot services on the dark web allow phishers to bypass Google’s Red Page warnings, evading detection and making…

Anti-bot services on the dark web allow phishers to bypass Google’s Red Page warnings, evading detection and making phishing campaigns harder to stop. Tools like Otus Anti-Bot, Remove Red, and Limitless Anti-Bot are raising concerns among cybersecurity experts.

Cybercriminals are constantly innovating, and their latest weapon is a new breed of services called the anti-bot services, reveals the latest research from SlashNext. These services are advertised on the Dark Web to help phishers bypass Google’s “_Red Page_” warnings.

****The Power of Google’s Red Page****

Phishing attacks have become more sophisticated with the rise of PhaaS (phishing-as-a-service) platforms. These platforms make it easy for even inexperienced criminals to launch large-scale phishing campaigns. However, a major hurdle for phishers has been detection by security services like Google’s Safe Browsing.  

Google Red Page is a feature of Google Safe Browsing that warns users of potential dangers, such as phishing attempts. The page, displayed in red, warns users that a site they are navigating may be deceptive and advises them to avoid it. This can significantly limit the success of phishing attacks, as these campaigns rely on high click-through rates, which are significantly lowered when Google’s detection flags a phishing page and adds it to a blocklist.

****Anti-Bot Services: A New Challenge for Security Teams****

New anti-bot services aim to circumvent Google’s Red Page warnings. These services, including Otus Anti-Bot, Remove Red, and Limitless Anti-Bot, help phishers evade detection. Here is how these work:  

*   **Filtering Out Security Crawlers:** Anti-bot services analyze user-agent strings and IP addresses to identify and block security bots that scan for malicious websites.   
*   **Cloaking Techniques:** Some anti-bot services use techniques like JavaScript obfuscation or context-switching to serve different content to humans and bots. Real users see the phishing page, while security bots might see harmless content.  
*   **Geolocation-Based Targeting:** These services can restrict access to specific regions, ensuring the phishing site remains hidden from international security entities.
*   **CAPTCHAs and Challenges:** By introducing CAPTCHAs or challenge pages, anti-bot services block automated scanners that cannot solve them.

SlashNext researchers note that these services are effective against less sophisticated security bots. However, advanced security measures and manual analysis by security professionals can still detect these phishing sites.

Via SlastNext

“These services represent the latest evolution in the ongoing cat-and-mouse game between cybercriminals and security measures,” SlashNext researchers explained in the blog post.

Anti-bot services are constantly evolving to stay ahead of security measures. As new detection techniques emerge, these services will likely adapt to counter them. Cybersecurity teams must remain vigilant and adopt advanced threat detection methods to combat the growing sophistication of phishing attacks.

1.  EvilProxy Phishing Kit Hits 100+ Firms, Bypasses MFA
2.  Cybercriminals Beta Test New Attack to Bypass AI Security
3.  Trio Run “OTP Agency” Enabling Bank Fraud and 2FA Bypass
4.  Phishing Attacks Bypass Microsoft 365 Email Safety Warnings
5.  Unicode QR Code Phishing Scam Bypasses Traditional Security

Dark Web Anti-Bot Services Let Phishers Bypass Google’s Red Page

The persistent infostealer's latest campaign inserts fake CAPTCHA pages into legitimate applications, fooling users into executing the malicious payload, researchers find.

Source: Oleksandr Hruts via Alamy Stock Photo

Lumma Stealer stars in a new campaign that uses malicious CAPTCHA pages to scam targets into clicking through the "verification" process — triggering the initial malware download.

Malware-as-a-service (MaaS) Lumma Stealer is commonly used by threat actors to steal sensitive information like passwords and crypto-wallet data, researchers at Qualys, who recently detailed the latest attack chain, explained.

"When the user clicks the 'I'm not a robot' button, verification steps are presented," Qualys threat researcher Vishwajeet Kumar wrote in a blog post detailing the latest Lumma Stealer find. "Completing these steps triggers the execution of a PowerShell command that initiates the download of an initial stager (malware downloader) on the target machine."

**Lumma Stealer's Easy Adaptability**

This latest CAPTCHA-based tactic is new, Kumar added in the Lumma Stealer campaign analysis. Previous campaigns have relied on a wide array of cybercrimes to spread the infostealer, ranging from basic phishing to far more exotic gambits.

Just a handful of examples from just this year include a Lumma Stealer campaign from January 2024 that used YouTube channels disguised as content to offer workarounds for eluding Web filters and cracking popular applications.

By the summer, another Lumma Stealer effort popped up on Facebook, this time trying to lure victims into downloading a legitimate artificial intelligence (AI) photo editor. Even Hamster Kombat wasn't spared. The more than 250 million estimated players of the game were targeted and lured into downloading Lumma Stealer by multiple simultaneous scams, it was discovered last July.

"The investigation into Lumma Stealer reveals an evolving threat landscape characterized by the malware’s ability to adapt and evade detection," Kumar wrote. "It employs a variety of tactics, from leveraging legitimate software to utilizing deceptive delivery methods, making it a persistent challenge for security teams."

Protecting from ongoing Lumma Stealer threats requires close collaboration between threat intelligence, security operations centers (SOCs), and incident-response teams, according to Sarah Jones, a cyber-threat intelligence research analyst at Critical Start.

"Given the rapid evolution of threats like Lumma Stealer, security teams must adopt a stance of continuous monitoring and adaptation, regularly updating detection rules, indicators of compromise, and security controls," Jones says. "This campaign exemplifies the sophisticated threats organizations face today, requiring a multilayered defense approach that combines advanced technical controls with proactive threat hunting and ongoing adaptation to effectively combat evolving malware campaigns."

Tricky CAPTCHA Caught Dropping Lumma Stealer Malware

Debian Linux Security Advisory 5795-1 - Cedric Krier discovered that python-sql, a library to write SQL queries in a pythonic way, performed insufficient sanitizing which could result in SQL injection.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5795-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffOctober 21, 2024                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : python-sqlCVE ID         : CVE-2024-9774Cedric Krier discovered that python-sql, a library to write SQL queriesin a pythonic way, performed insufficient sanitising which could resultin SQL injection.For the stable distribution (bookworm), this problem has been fixed inversion 1.4.0-1+deb12u1.We recommend that you upgrade your python-sql packages.For the detailed security status of python-sql please refer toits security tracker page at:https://security-tracker.debian.org/tracker/python-sqlFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmcWnkYACgkQEMKTtsN8TjYrzBAAtMjk7yF0IB4onUZ+GHMkYCDoPhZRaZft7eQUAGya1/IHpuA4e5KvmWahJK8D1glflGgopSLhLSkPkXWij3LqKjb2obuqRB9icuEl1mKWeJoovHWONZLCUVSt0iPtAvLA4jIi4KpHRfzFY4QbpkkAKXAjTLjxtjDlmEky4PT+1puHAi7lQ7O2/OY/haxnVYHtoHID+E6r0eTgXq5HX9723niVkxKpjcZz8ki8WeDoEmNUOj4j89Nke0VeQNFYmCuWtAQLvRFTSL4I9fGWcRBWWEHm46YqnktlJIHVe2f9posYCMMFxvFwNo70U3MUinCDAXX6VmeAGuzTXGQAPXW0kDT7Y436ononkFcnVMoiCr/T/+m3UKUw+2iINEcnMe/G/4wkhiYx7T2YYFmJ4vRgye7sSE4YfRl6/wl/rbeVfz3AfM/iAxp7uWAlzVLry4mL1ZkNhAhvTDCpEIsBECDp1gX2z4ZVLqHDqXIqQ+IEEFIZoNImUo/LIgKvZIg18XuP77K29UAnonUe1qxf8d19nRwD18hwoQG1KL6dCRgKhE+OKjTRCZv+9hb1Xp7QagQviZTCnP+36HFtpNfbim/JlAtllEZrUdufBcMzAVx82C9oVHd8WigI+PWGSFnh5qzy0B1xhX7H3x5zLaVO1HJ6ZHzyH5VcfCFSxmzV6MeyzFk==Xlam-----END PGP SIGNATURE-----

Debian Security Advisory 5795-1

Debian Linux Security Advisory 5794-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5794-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffOctober 21, 2024                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : openjdk-17CVE ID         : CVE-2024-21208 CVE-2024-21210 CVE-2024-21217 CVE-2024-21235Several vulnerabilities have been discovered in the OpenJDK Java runtime,which may result in denial of service or information disclosure.For the stable distribution (bookworm), these problems have been fixed inversion 17.0.13+11-2~deb12u1.We recommend that you upgrade your openjdk-17 packages.For the detailed security status of openjdk-17 please refer toits security tracker page at:https://security-tracker.debian.org/tracker/openjdk-17Further information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmcWmOcACgkQEMKTtsN8TjYeZw/7BTQ3D6sDygG5LotB4JCo8QMyG1rx0XgX9dAgK4Xw0sp9jnYS2iebp8RhlbIDht+jchjLpbEPnzx11JM2b3e/x3JO1QRUSEDkTnQhuynR4wj7WKLXY4l36zkzG/73g9Tq/EM5t8vjuMWFFcsEIJ5c0erHaw/X5lAr9Gg0vs8LrLYyqOMod8Z8AZJpbKNJpGEDUu/i1lASkDnjJAl5+ybPG5xN++Ax+FvPhmlQKu39rVKrX140+LIkFcGJdLh+RMbLU66ryDR2rQQSgeDeZYZln5gsbykzRbfeZZil4bF0+aT3FCY0/nOA0aA82nrE9S6VU6kdxWyS/KTzRsVUw8IsIW/9KyD3hAGvEbHiD4hG/YrABOFdg4rvUPLnaBU6i+LnyrdcayoFP6cp72KiBOQxn4nUzUqhqynKatZ5ixZfgboaTFKBr2WxazoWTzrefjyH30GEeQ0dWFc2ujcOlMZSag9VdfgIoVg+F2l20UbmKnYtZGSXm5rD2ocG5l7gTb8uDcZO3P1HXGmrD7A8NLy9aRPT/dmNDLnAo8se61O4ctirgNQ3dIpwzeIEyjPNysY0lON5+7EE7XToW2C7dSYjHSVCNTqE+heRE66p7hDBxyeuhxhBK+Bd7DcAT97Kkp1BOZ0XSn9YjQ9zdyzQneOxMK7CbM6/PIETqGsY6aTIptI==PgDB-----END PGP SIGNATURE-----

Latest News