Red Hat Security Advisory 2024-0973-03 - An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 8.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0973.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: postgresql:15 security updateAdvisory ID:        RHSA-2024:0973-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0973Issue date:         2024-02-26Revision:           03CVE Names:          CVE-2024-0985====================================================================Summary: An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:PostgreSQL is an advanced object-relational database management system (DBMS).Security Fix(es):* postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL (CVE-2024-0985)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-0985References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2263384

Red Hat Security Advisory 2024-0973-03

Red Hat Security Advisory 2024-0972-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a spoofing vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0972.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: firefox security update  
Advisory ID:        RHSA-2024:0972-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0972  
Issue date:         2024-02-26  
Revision:           03  
CVE Names:          CVE-2024-1546  
====================================================================

Summary: 

An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 115.8.0 ESR.

Security Fix(es):

* Mozilla: Out-of-bounds memory read in networking channels (CVE-2024-1546)

* Mozilla: Alert dialog could have been spoofed on another site (CVE-2024-1547)

* Mozilla: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8 (CVE-2024-1553)

* Mozilla: Fullscreen Notification could have been hidden by select element (CVE-2024-1548)

* Mozilla: Custom cursor could obscure the permission dialog (CVE-2024-1549)

* Mozilla: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants (CVE-2024-1550)

* Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts (CVE-2024-1551)

* Mozilla: Incorrect code generation on 32-bit ARM devices (CVE-2024-1552)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-1546

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2265349  
https://bugzilla.redhat.com/show_bug.cgi?id=2265350  
https://bugzilla.redhat.com/show_bug.cgi?id=2265351  
https://bugzilla.redhat.com/show_bug.cgi?id=2265352  
https://bugzilla.redhat.com/show_bug.cgi?id=2265353  
https://bugzilla.redhat.com/show_bug.cgi?id=2265354  
https://bugzilla.redhat.com/show_bug.cgi?id=2265355  
https://bugzilla.redhat.com/show_bug.cgi?id=2265356

Red Hat Security Advisory 2024-0972-03

Red Hat Security Advisory 2024-0971-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a spoofing vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0971.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: firefox security update  
Advisory ID:        RHSA-2024:0971-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0971  
Issue date:         2024-02-26  
Revision:           03  
CVE Names:          CVE-2024-1546  
====================================================================

Summary: 

An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 115.8.0 ESR.

Security Fix(es):

* Mozilla: Out-of-bounds memory read in networking channels (CVE-2024-1546)

* Mozilla: Alert dialog could have been spoofed on another site (CVE-2024-1547)

* Mozilla: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8 (CVE-2024-1553)

* Mozilla: Fullscreen Notification could have been hidden by select element (CVE-2024-1548)

* Mozilla: Custom cursor could obscure the permission dialog (CVE-2024-1549)

* Mozilla: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants (CVE-2024-1550)

* Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts (CVE-2024-1551)

* Mozilla: Incorrect code generation on 32-bit ARM devices (CVE-2024-1552)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-1546

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2265349  
https://bugzilla.redhat.com/show_bug.cgi?id=2265350  
https://bugzilla.redhat.com/show_bug.cgi?id=2265351  
https://bugzilla.redhat.com/show_bug.cgi?id=2265352  
https://bugzilla.redhat.com/show_bug.cgi?id=2265353  
https://bugzilla.redhat.com/show_bug.cgi?id=2265354  
https://bugzilla.redhat.com/show_bug.cgi?id=2265355  
https://bugzilla.redhat.com/show_bug.cgi?id=2265356

Red Hat Security Advisory 2024-0971-03

Red Hat Security Advisory 2024-0970-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a spoofing vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0970.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: firefox security update  
Advisory ID:        RHSA-2024:0970-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0970  
Issue date:         2024-02-26  
Revision:           03  
CVE Names:          CVE-2024-1546  
====================================================================

Summary: 

An update for firefox is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 115.8.0 ESR.

Security Fix(es):

* Mozilla: Out-of-bounds memory read in networking channels (CVE-2024-1546)

* Mozilla: Alert dialog could have been spoofed on another site (CVE-2024-1547)

* Mozilla: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8 (CVE-2024-1553)

* Mozilla: Fullscreen Notification could have been hidden by select element (CVE-2024-1548)

* Mozilla: Custom cursor could obscure the permission dialog (CVE-2024-1549)

* Mozilla: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants (CVE-2024-1550)

* Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts (CVE-2024-1551)

* Mozilla: Incorrect code generation on 32-bit ARM devices (CVE-2024-1552)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-1546

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2265349  
https://bugzilla.redhat.com/show_bug.cgi?id=2265350  
https://bugzilla.redhat.com/show_bug.cgi?id=2265351  
https://bugzilla.redhat.com/show_bug.cgi?id=2265352  
https://bugzilla.redhat.com/show_bug.cgi?id=2265353  
https://bugzilla.redhat.com/show_bug.cgi?id=2265354  
https://bugzilla.redhat.com/show_bug.cgi?id=2265355  
https://bugzilla.redhat.com/show_bug.cgi?id=2265356

Red Hat Security Advisory 2024-0970-03

Red Hat Security Advisory 2024-0969-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a spoofing vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0969.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: firefox security update  
Advisory ID:        RHSA-2024:0969-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0969  
Issue date:         2024-02-26  
Revision:           03  
CVE Names:          CVE-2024-1546  
====================================================================

Summary: 

An update for firefox is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 115.8.0 ESR.

Security Fix(es):

* Mozilla: Out-of-bounds memory read in networking channels (CVE-2024-1546)

* Mozilla: Alert dialog could have been spoofed on another site (CVE-2024-1547)

* Mozilla: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8 (CVE-2024-1553)

* Mozilla: Fullscreen Notification could have been hidden by select element (CVE-2024-1548)

* Mozilla: Custom cursor could obscure the permission dialog (CVE-2024-1549)

* Mozilla: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants (CVE-2024-1550)

* Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts (CVE-2024-1551)

* Mozilla: Incorrect code generation on 32-bit ARM devices (CVE-2024-1552)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-1546

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2265349  
https://bugzilla.redhat.com/show_bug.cgi?id=2265350  
https://bugzilla.redhat.com/show_bug.cgi?id=2265351  
https://bugzilla.redhat.com/show_bug.cgi?id=2265352  
https://bugzilla.redhat.com/show_bug.cgi?id=2265353  
https://bugzilla.redhat.com/show_bug.cgi?id=2265354  
https://bugzilla.redhat.com/show_bug.cgi?id=2265355  
https://bugzilla.redhat.com/show_bug.cgi?id=2265356

Red Hat Security Advisory 2024-0969-03

Red Hat Security Advisory 2024-0968-03 - An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a spoofing vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0968.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: firefox security update  
Advisory ID:        RHSA-2024:0968-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0968  
Issue date:         2024-02-26  
Revision:           03  
CVE Names:          CVE-2024-1546  
====================================================================

Summary: 

An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 115.8.0 ESR.

Security Fix(es):

* Mozilla: Out-of-bounds memory read in networking channels (CVE-2024-1546)

* Mozilla: Alert dialog could have been spoofed on another site (CVE-2024-1547)

* Mozilla: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8 (CVE-2024-1553)

* Mozilla: Fullscreen Notification could have been hidden by select element (CVE-2024-1548)

* Mozilla: Custom cursor could obscure the permission dialog (CVE-2024-1549)

* Mozilla: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants (CVE-2024-1550)

* Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts (CVE-2024-1551)

* Mozilla: Incorrect code generation on 32-bit ARM devices (CVE-2024-1552)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-1546

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2265349  
https://bugzilla.redhat.com/show_bug.cgi?id=2265350  
https://bugzilla.redhat.com/show_bug.cgi?id=2265351  
https://bugzilla.redhat.com/show_bug.cgi?id=2265352  
https://bugzilla.redhat.com/show_bug.cgi?id=2265353  
https://bugzilla.redhat.com/show_bug.cgi?id=2265354  
https://bugzilla.redhat.com/show_bug.cgi?id=2265355  
https://bugzilla.redhat.com/show_bug.cgi?id=2265356

Red Hat Security Advisory 2024-0968-03

Red Hat Security Advisory 2024-0967-03 - An update for opensc is now available for Red Hat Enterprise Linux 8.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0967.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: opensc security updateAdvisory ID:        RHSA-2024:0967-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0967Issue date:         2024-02-26Revision:           03CVE Names:          CVE-2023-5992====================================================================Summary: An update for opensc is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on cards that support cryptographic operations and enables their use for authentication, mail encryption, or digital signatures.Security Fix(es):* OpenSC: Side-channel leaks while stripping encryption PKCS#1 padding (CVE-2023-5992)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-5992References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2248685

Red Hat Security Advisory 2024-0967-03

Red Hat Security Advisory 2024-0966-03 - An update for opensc is now available for Red Hat Enterprise Linux 9.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0966.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: opensc security updateAdvisory ID:        RHSA-2024:0966-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0966Issue date:         2024-02-26Revision:           03CVE Names:          CVE-2023-5992====================================================================Summary: An update for opensc is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on cards that support cryptographic operations and enables their use for authentication, mail encryption, or digital signatures.Security Fix(es):* OpenSC: Side-channel leaks while stripping encryption PKCS#1 padding (CVE-2023-5992)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-5992References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2248685

Red Hat Security Advisory 2024-0966-03

Tosibox Key Service versions 3.3.0 and below suffer from an unquoted search path issue impacting the service Tosibox Key Service for Windows. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system.

  
Tosibox Key Service 3.3.0 Local Privilege Escalation

Vendor: Tosibox Oy  
Product web page: https://www.tosibox.com  
Affected version: <=3.3.0

Summary: TOSIBOX® SoftKey is a  software that enables a secure connection  
between your computer and one or more TOSIBOX® Nodes, giving you full  
visibility and control over the network devices connected to the Node.

Desc: The application suffers from an unquoted search path issue impacting  
the service 'Tosibox Key Service' for Windows deployed as part of Tosibox  
software application. This could potentially allow an authorized but non-privileged  
local user to execute arbitrary code with elevated privileges on the system.  
A successful attempt would require the local user to be able to insert their  
code in the system root path undetected by the OS or other security applications  
where it could potentially be executed during application startup or reboot.  
If successful, the local user's code would execute with the elevated privileges  
of the application.

Tested on: Windows 10 Home 64 bit (build 9200)

Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
                            @zeroscience

Advisory ID: ZSL-2024-5812  
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5812.php

30.01.2024

--

C:\Users\ews>sc qc "Tosibox Key Service"  
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: Tosibox Key Service  
        TYPE               : 110  WIN32_OWN_PROCESS (interactive)  
        START_TYPE         : 2   AUTO_START  
        ERROR_CONTROL      : 1   NORMAL  
        BINARY_PATH_NAME   : C:\Program Files (x86)\Tosibox\bin\TosiboxKeyService.exe  
        LOAD_ORDER_GROUP   :  
        TAG                : 0  
        DISPLAY_NAME       : Tosibox Key Service  
        DEPENDENCIES       :  
        SERVICE_START_NAME : LocalSystem

C:\Users\ews>

Tosibox Key Service 3.3.0 Local Privilege Escalation / Unquoted Service Path

Debian Linux Security Advisory 5630-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5630-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
February 23, 2024                     https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : thunderbird  
CVE ID         : CVE-2024-1546 CVE-2024-1547 CVE-2024-1548 CVE-2024-1549   
                 CVE-2024-1550 CVE-2024-1551 CVE-2024-1552 CVE-2024-1553

Multiple security issues were discovered in Thunderbird, which could  
result in denial of service or the execution of arbitrary code.

For the oldstable distribution (bullseye), these problems have been fixed  
in version 1:115.8.0-1~deb11u1.

For the stable distribution (bookworm), these problems have been fixed in  
version 1:115.8.0-1~deb12u1.

We recommend that you upgrade your thunderbird packages.

For the detailed security status of thunderbird please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/thunderbird

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmXY2ywACgkQEMKTtsN8  
TjaW9xAArkLgPB17t1jSCCm7U0jzbPKFTVdq0gHcPnwnTr2gtyoa7Ev5MpEa8ykm  
3x7xrmTtYHY2Pnz5kHYo/D0bBOfNE4bvOlYcPtzi9WG+N5BOJwsYdfA7IRY6kDtu  
HlNoywMpX43EoKYYSKxiwE37HyIjBlcvRh3bs9lr7nBvqyYKr2IHXbXgC89VxYm/  
ijszn2DH+kU0+P/0rKVO1GFyxJXHKTyP9Y2xsHHZURRiqKbGP+NWO+cuIqmqibq5  
HFkLAdlkOfog4QJW0OjMkKCHMtTF8lJYMOslfGYwBCGVRQPIWWALizvs8ORxpzub  
4B3wgNxsKcCHrfoyXW+AfvI4faFnZLKG0iqPu2YOaBIYQmHVNmEAzws96wBL2Jsc  
9qF6LLakZGDSXrx52J813Q2Sov420lhqoRG7Pe4j2aDUmxApYDAVbTqOcvQXpxer  
3CqugQc1uKtVqgF/oMLD1qi5C/fOtsTSdkmrLTPqn9KlI9i4u2Nu7Hg1+aCt4Q23  
eB7fF5ZuH554Fohvd1rCpjWBhe1mt6fOLtx+PYHirJLgkG4/M0yPg9yT74sCCvpP  
fmlTO14kBNU676S0pfproABZDY+iyfyCEEcZp0UBfcwrrsIqgXaUj9ghrvfY4Iff  
VVAhkPeDOrsSgDZob+3UO7qCP62vL0KmN8vPGU+g/e/8gr/48oA=  
=I9lx  
-----END PGP SIGNATURE-----

Source

Packet Storm