The PowerVR driver does not sanitize ZS-Buffer / MSAA scratch firmware addresses.

PowerVR Driver Missing Sanitization

Ubuntu Security Notice 6859-1 - It was discovered that OpenSSH incorrectly handled signal management. A remote attacker could use this issue to bypass authentication and remotely access systems without proper credentials.

==========================================================================  
Ubuntu Security Notice USN-6859-1  
July 01, 2024

openssh vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS  
- Ubuntu 23.10  
- Ubuntu 22.04 LTS

Summary:

OpenSSH could be made to bypass authentication and remotely  
access systems without proper credentials.

Software Description:  
- openssh: secure shell (SSH) for secure access to remote machines

Details:

It was discovered that OpenSSH incorrectly handled signal management. A  
remote attacker could use this issue to bypass authentication and remotely  
access systems without proper credentials.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.04 LTS  
  openssh-client                  1:9.6p1-3ubuntu13.3  
  openssh-server                  1:9.6p1-3ubuntu13.3

Ubuntu 23.10  
  openssh-client                  1:9.3p1-1ubuntu3.6  
  openssh-server                  1:9.3p1-1ubuntu3.6

Ubuntu 22.04 LTS  
  openssh-client                  1:8.9p1-3ubuntu0.10  
  openssh-server                  1:8.9p1-3ubuntu0.10

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6859-1  
  CVE-2024-6387

Package Information:  
  https://launchpad.net/ubuntu/+source/openssh/1:9.6p1-3ubuntu13.3  
  https://launchpad.net/ubuntu/+source/openssh/1:9.3p1-1ubuntu3.6  
  https://launchpad.net/ubuntu/+source/openssh/1:8.9p1-3ubuntu0.10

Ubuntu Security Notice USN-6859-1

Debian Linux Security Advisory 5724-1 - The Qualys Threat Research Unit (TRU) discovered that OpenSSH, an implementation of the SSH protocol suite, is prone to a signal handler race condition. If a client does not authenticate within LoginGraceTime seconds (120 by default), then sshd's SIGALRM handler is called asynchronously and calls various functions that are not async-signal-safe. A remote unauthenticated attacker can take advantage of this flaw to execute arbitrary code with root privileges. This flaw affects sshd in its default configuration.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5724-1                   security@debian.orghttps://www.debian.org/security/                     Salvatore BonaccorsoJuly 01, 2024                         https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : opensshCVE ID         : CVE-2024-6387The Qualys Threat Research Unit (TRU) discovered that OpenSSH, animplementation of the SSH protocol suite, is prone to a signal handlerrace condition. If a client does not authenticate within LoginGraceTimeseconds (120 by default), then sshd's SIGALRM handler is calledasynchronously and calls various functions that are notasync-signal-safe. A remote unauthenticated attacker can take advantageof this flaw to execute arbitrary code with root privileges. This flawaffects sshd in its default configuration.Details can be found in the Qualys advisory athttps://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txtFor the stable distribution (bookworm), this problem has been fixed inversion 1:9.2p1-2+deb12u3.We recommend that you upgrade your openssh packages.For the detailed security status of openssh please refer to its securitytracker page at:https://security-tracker.debian.org/tracker/opensshFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmaCZ8FfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0Q4Wg//aZsbkbZGHEu8MB05vKwMdJfyHaGfCdiC5QGLhjqQHTJuNC9zpiHAFopQR7mwvxNUOvpfPLntsxELiQXFNgr3/y2SdJfWXYuewxegdvPte1vpeixh+EnsN7+lRBnKoLdQZoDZWz/kMRoDhDjAtecJBHbxO+z4GJ+BCRHL+jXbUPc03Q51Q9yhK84a5XH2ys2obz2BtLUzOH786FTwFo1ddcZh1BaQmFv0gjC2vPUO5ZnFiC2lxXZ5kvrY+BP9YCVATw4M8wWrBqbDzrbL+9c+A1c5QCdzFuPj6O8KduPqG7PvDSiNHuh8BubsV54zaKuxaDjJi+7gmGND/LqlEgrrXX5tztSUfglmfbX/5ccGeq+3J3ORoTaJcBL1sFK6DNFGfNrUm+D5fFYOm6VpY9oULoNpk4BrxipvKvxZ2Oe36J7sBnXoQ6OwV9VvDaijMfzFYo8yNRa1skChw8jOlN49CrN+DKLhUeKmcYIaTBjzB5996vlMxgL/wJxKI1fGmn/bgwBdUnobS18rknhqfwBh1oD9fM7aZlYFbZnVYc+gvJASXf6TxS7ung/cMTbXfArYHBrHrq3URDCemh1oxEpH1/TMmMvO8eCw6YOk9v5RaGVYChSBT/xY9utKMpejGbEpuyRay/liwRm8csA6AYNJsuk0O/K+mftf4SjjltX7b9o==c8CM-----END PGP SIGNATURE-----

Debian Security Advisory 5724-1

Gentoo Linux Security Advisory 202407-8 - Multiple vulnerabilities have been discovered in GNU Emacs and Org Mode, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 26.3-r16:26 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202407-08  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: GNU Emacs, Org Mode: Multiple Vulnerabilities  
     Date: July 01, 2024  
     Bugs: #897950, #927820  
       ID: 202407-08

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in GNU Emacs and Org Mode,  
the worst of which could lead to arbitrary code execution.

Background  
==========

GNU Emacs is a highly extensible and customizable text editor.

Affected packages  
=================

Package             Vulnerable     Unaffected  
------------------  -------------  --------------  
app-editors/emacs   < 26.3-r16:26  >= 26.3-r16:26  
                    < 27.2-r14:27  >= 27.2-r14:27  
                    < 28.2-r10:28  >= 28.2-r10:28  
                    < 29.2-r1:29   >= 29.2-r1:29  
app-emacs/org-mode  < 9.6.23       >= 9.6.23

Description  
===========

Multiple vulnerabilities have been discovered in GNU Emacs. Please  
review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All GNU Emacs users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-editors/emacs-29.3-r2"

All Org Mode users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-emacs/org-mode-9.6.23"

References  
==========

[ 1 ] CVE-2022-48337  
      https://nvd.nist.gov/vuln/detail/CVE-2022-48337  
[ 2 ] CVE-2022-48338  
      https://nvd.nist.gov/vuln/detail/CVE-2022-48338  
[ 3 ] CVE-2022-48339  
      https://nvd.nist.gov/vuln/detail/CVE-2022-48339  
[ 4 ] CVE-2024-30202  
      https://nvd.nist.gov/vuln/detail/CVE-2024-30202  
[ 5 ] CVE-2024-30203  
      https://nvd.nist.gov/vuln/detail/CVE-2024-30203  
[ 6 ] CVE-2024-30204  
      https://nvd.nist.gov/vuln/detail/CVE-2024-30204  
[ 7 ] CVE-2024-30205  
      https://nvd.nist.gov/vuln/detail/CVE-2024-30205

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202407-08

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202407-08

Gentoo Linux Security Advisory 202407-7 - A vulnerability has been discovered in cpio, which can lead to arbitrary code execution. Versions greater than or equal to 2.13-r1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202407-07  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: cpio: Arbitrary Code Execution  
     Date: July 01, 2024  
     Bugs: #807088  
       ID: 202407-07

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been discovered in cpio, which can lead to arbitrary  
code execution.

Background  
==========

cpio is a file archival tool which can also read and write tar files.

Affected packages  
=================

Package        Vulnerable    Unaffected  
-------------  ------------  ------------  
app-arch/cpio  < 2.13-r1     >= 2.13-r1

Description  
===========

Multiple vulnerabilities have been discovered in cpio. Please review the  
CVE identifiers referenced below for details.

Impact  
======

GNU cpio allows attackers to execute arbitrary code via a crafted  
pattern file, because of a dstring.c ds_fgetstr integer overflow that  
triggers an out-of-bounds heap write. NOTE: it is unclear whether there  
are common cases where the pattern file, associated with the -E option,  
is untrusted data.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All cpio users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-arch/cpio-2.13-r1"

References  
==========

[ 1 ] CVE-2016-2037  
      https://nvd.nist.gov/vuln/detail/CVE-2016-2037  
[ 2 ] CVE-2019-14866  
      https://nvd.nist.gov/vuln/detail/CVE-2019-14866  
[ 3 ] CVE-2021-38185  
      https://nvd.nist.gov/vuln/detail/CVE-2021-38185

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202407-07

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202407-07

This archive contains all of the 65 exploits added to Packet Storm in June, 2024.

Packet Storm New Exploits For June, 2024

Qualys has discovered a a signal handler race condition vulnerability in OpenSSH's server, sshd. If a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously, but this signal handler calls various functions that are not async-signal-safe - for example, syslog(). This race condition affects sshd in its default configuration.

OpenSSH Server regreSSHion Remote Code Execution

This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.

OpenSSH 9.8p1

Ubuntu Security Notice 6858-1 - It was discovered that eSpeak NG did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a denial of service, or execute arbitrary code.

    ==========================================================================Ubuntu Security Notice USN-6858-1July 01, 2024espeak-ng vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 23.10- Ubuntu 22.04 LTS- Ubuntu 20.04 LTS- Ubuntu 18.04 LTSSummary:Several security issues were fixed in eSpeak NG.Software Description:- espeak-ng: Multi-lingual software speech synthesizerDetails:It was discovered that eSpeak NG did not properly manage memory under certaincircumstances. An attacker could possibly use this issue to cause a denialof service, or execute arbitrary code. (CVE-2023-49990, CVE-2023-49991,CVE-2023-49992, CVE-2023-49993, CVE-2023-49994)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 23.10  espeak-ng                       1.51+dfsg-11ubuntu0.1  espeak-ng-espeak                1.51+dfsg-11ubuntu0.1Ubuntu 22.04 LTS  espeak-ng                       1.50+dfsg-10ubuntu0.1  espeak-ng-espeak                1.50+dfsg-10ubuntu0.1Ubuntu 20.04 LTS  espeak-ng                       1.50+dfsg-6ubuntu0.1  espeak-ng-espeak                1.50+dfsg-6ubuntu0.1Ubuntu 18.04 LTS  espeak-ng                       1.49.2+dfsg-1ubuntu0.1~esm1                                  Available with Ubuntu Pro  espeak-ng-espeak                1.49.2+dfsg-1ubuntu0.1~esm1                                  Available with Ubuntu ProIn general, a standard system update will make all the necessary changes.References:  https://ubuntu.com/security/notices/USN-6858-1  CVE-2023-49990, CVE-2023-49991, CVE-2023-49992, CVE-2023-49993,  CVE-2023-49994Package Information:  https://launchpad.net/ubuntu/+source/espeak-ng/1.51+dfsg-11ubuntu0.1  https://launchpad.net/ubuntu/+source/espeak-ng/1.50+dfsg-10ubuntu0.1  https://launchpad.net/ubuntu/+source/espeak-ng/1.50+dfsg-6ubuntu0.1

Ubuntu Security Notice USN-6858-1

Gentoo Linux Security Advisory 202407-6 - Multiple vulnerabilities have been discovered in cryptography, the worst of which could lead to a denial of service. Versions greater than or equal to 42.0.4 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202407-06  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: cryptography: Multiple Vulnerabilities  
     Date: July 01, 2024  
     Bugs: #769419, #864049, #893576, #918685, #925120  
       ID: 202407-06

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in cryptography, the worst  
of which could lead to a denial of service.

Background  
==========

cryptography is a package which provides cryptographic recipes and  
primitives to Python developers.

Affected packages  
=================

Package                  Vulnerable    Unaffected  
-----------------------  ------------  ------------  
dev-python/cryptography  < 42.0.4      >= 42.0.4

Description  
===========

Multiple vulnerabilities have been discovered in cryptography. Please  
review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All cryptography users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=dev-python/cryptography-42.0.4"

References  
==========

[ 1 ] CVE-2020-36242  
      https://nvd.nist.gov/vuln/detail/CVE-2020-36242  
[ 2 ] CVE-2023-23931  
      https://nvd.nist.gov/vuln/detail/CVE-2023-23931  
[ 3 ] CVE-2023-49083  
      https://nvd.nist.gov/vuln/detail/CVE-2023-49083  
[ 4 ] CVE-2024-26130  
      https://nvd.nist.gov/vuln/detail/CVE-2024-26130

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202407-06

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Source

Packet Storm