Ubuntu Security Notice 7062-2 - USN-7062-1 fixed vulnerabilities in libgsf. This update provides the corresponding updates for Ubuntu 24.10. It was discovered that libgsf incorrectly handled certain Compound Document Binary files. If a user or automated system were tricked into opening a specially crafted file, a remote attacker could possibly use this issue to execute arbitrary code.

    ==========================================================================Ubuntu Security Notice USN-7062-2October 21, 2024libgsf vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.10Summary:libgsf could be made to run programs as your login if it opened a speciallycrafted file.Software Description:- libgsf: GObject introspection data for the Structured File LibraryDetails:USN-7062-1 fixed vulnerabilities in libgsf. This update provides thecorresponding updates for Ubuntu 24.10.Original advisory details: It was discovered that libgsf incorrectly handled certain Compound Document Binary files. If a user or automated system were tricked into opening a specially crafted file, a remote attacker could possibly use this issue to execute arbitrary code.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.10  libgsf-1-114                    1.14.52-1ubuntu0.1In general, a standard system update will make all the necessary changes.References:  https://ubuntu.com/security/notices/USN-7062-2  https://ubuntu.com/security/notices/USN-7062-1  CVE-2024-36474, CVE-2024-42415Package Information:  https://launchpad.net/ubuntu/+source/libgsf/1.14.52-1ubuntu0.1

Ubuntu Security Notice USN-7062-2

An error path in usbdev_mmap() (where remap_pfn_range() fails midway through) frees pages before the PFN mapping pointing to those pages is cleaned up, making physical page use-after-free possible. Some other drivers look like they might have similar issues.

Linux Dangling PFN Mapping / Use-After-Free

Ubuntu Security Notice 7042-3 - USN-7042-2 released an improved fix for cups-browsed. This update provides the corresponding update for Ubuntu 24.10. Simone Margaritelli discovered that cups-browsed could be used to create arbitrary printers from outside the local network. In combination with issues in other printing components, a remote attacker could possibly use this issue to connect to a system, created manipulated PPD files, and execute arbitrary code when a printer is used. This update disables support for the legacy CUPS printer discovery protocol.

    ==========================================================================Ubuntu Security Notice USN-7042-3October 21, 2024cups-browsed vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.10Summary:cups-browsed could be made to run programs if it received specially craftednetwork traffic.Software Description:- cups-browsed: OpenPrinting cups-browsedDetails:USN-7042-2 released an improved fix for cups-browsed. This update providesthe corresponding update for Ubuntu 24.10.Original advisory details: Simone Margaritelli discovered that cups-browsed could be used to create arbitrary printers from outside the local network. In combination with issues in other printing components, a remote attacker could possibly use this issue to connect to a system, created manipulated PPD files, and execute arbitrary code when a printer is used. This update disables support for the legacy CUPS printer discovery protocol.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.10  cups-browsed                    2.0.1-0ubuntu2.1In general, a standard system update will make all the necessary changes.References:  https://ubuntu.com/security/notices/USN-7042-3  https://ubuntu.com/security/notices/USN-7042-2  https://ubuntu.com/security/notices/USN-7042-1  CVE-2024-47176Package Information:  https://launchpad.net/ubuntu/+source/cups-browsed/2.0.1-0ubuntu2.1

Ubuntu Security Notice USN-7042-3

Red Hat Security Advisory 2024-8014-03 - Network Observability 1.7 for Red Hat OpenShift. Issues addressed include code execution, cross site scripting, and denial of service vulnerabilities.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8014.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: Network Observability 1.7.0 for OpenShift  
Advisory ID:        RHSA-2024:8014-03  
Product:            Network Observability  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:8014  
Issue date:         2024-10-22  
Revision:           03  
CVE Names:          CVE-2024-34155  
====================================================================

Summary: 

Network Observability 1.7 for Red Hat OpenShift

Red Hat Product Security has rated this update as having a security impact of  
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives  
a detailed severity rating, is available for each vulnerability from the CVE  
link(s) in the References section.

Description:

Network Observability 1.7.0

Security Fix(es):

* Network Observability: Code Execution Vulnerability in Send Library (CVE-2024-43799)  
* Network Observability: XSS vulnerability via prototype pollution (CVE-2024-45801)  
* Network Observability: axios: Server-Side Request Forgery (CVE-2024-39338)  
* Network Observability: Denial of Service Vulnerability in body-parser (CVE-2024-45590)  
* Network Observability: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule (CVE-2024-43788)  
* Network Observability: Backtracking regular expressions cause ReDoS (CVE-2024-45296)  
* Network Observability: Improper Input Handling in Express Redirects (CVE-2024-43796)  
* Network Observability: Improper Sanitization in serve-static (CVE-2024-43800)  
* Network Observability: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)  
* Network Observability: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion (CVE-2024-34155)  
* Network Observability: Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion (CVE-2024-34158)

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-34155

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2308193  
https://bugzilla.redhat.com/show_bug.cgi?id=2310527  
https://bugzilla.redhat.com/show_bug.cgi?id=2310528  
https://bugzilla.redhat.com/show_bug.cgi?id=2310529  
https://bugzilla.redhat.com/show_bug.cgi?id=2310908  
https://bugzilla.redhat.com/show_bug.cgi?id=2311152  
https://bugzilla.redhat.com/show_bug.cgi?id=2311153  
https://bugzilla.redhat.com/show_bug.cgi?id=2311154  
https://bugzilla.redhat.com/show_bug.cgi?id=2311171  
https://bugzilla.redhat.com/show_bug.cgi?id=2312631  
https://issues.redhat.com/browse/NETOBSERV-1377  
https://issues.redhat.com/browse/NETOBSERV-1509  
https://issues.redhat.com/browse/NETOBSERV-1538  
https://issues.redhat.com/browse/NETOBSERV-1540  
https://issues.redhat.com/browse/NETOBSERV-1564  
https://issues.redhat.com/browse/NETOBSERV-163  
https://issues.redhat.com/browse/NETOBSERV-1666  
https://issues.redhat.com/browse/NETOBSERV-1667  
https://issues.redhat.com/browse/NETOBSERV-1733  
https://issues.redhat.com/browse/NETOBSERV-1746  
https://issues.redhat.com/browse/NETOBSERV-1748  
https://issues.redhat.com/browse/NETOBSERV-1753  
https://issues.redhat.com/browse/NETOBSERV-1766  
https://issues.redhat.com/browse/NETOBSERV-1779  
https://issues.redhat.com/browse/NETOBSERV-1783  
https://issues.redhat.com/browse/NETOBSERV-1788  
https://issues.redhat.com/browse/NETOBSERV-1798  
https://issues.redhat.com/browse/NETOBSERV-1805  
https://issues.redhat.com/browse/NETOBSERV-1806  
https://issues.redhat.com/browse/NETOBSERV-1808  
https://issues.redhat.com/browse/NETOBSERV-1811  
https://issues.redhat.com/browse/NETOBSERV-1812  
https://issues.redhat.com/browse/NETOBSERV-1813  
https://issues.redhat.com/browse/NETOBSERV-1816  
https://issues.redhat.com/browse/NETOBSERV-1819  
https://issues.redhat.com/browse/NETOBSERV-1848  
https://issues.redhat.com/browse/NETOBSERV-1884

Red Hat Security Advisory 2024-8014-03

Red Hat Security Advisory 2024-7759-03 - Multicluster Engine for Kubernetes 2.6.3 General Availability release images and updated container images.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7759.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: Multicluster Engine for Kubernetes 2.6.3 security updates  
Advisory ID:        RHSA-2024:7759-03  
Product:            multicluster engine for Kubernetes  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:7759  
Issue date:         2024-10-22  
Revision:           03  
CVE Names:          CVE-2024-42459  
====================================================================

Summary: 

Multicluster Engine for Kubernetes 2.6.3 General Availability release images and updated container images.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.

Description:

Multicluster engine for Kubernetes v2.6.3 images

Multicluster engine for Kubernetes provides the foundational components  
that are necessary for the centralized management of multiple  
Kubernetes-based clusters across data centers, public clouds, and private  
clouds.

You can use the engine to create new Red Hat OpenShift Container Platform  
clusters or to bring existing Kubernetes-based clusters under management by  
importing them. After the clusters are managed, you can use the APIs that  
are provided by the engine to distribute configuration based on placement  
policy.

Security fix(es):

nodejs/elliptic: EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended (CVE-2024-42459)   
nodejs/elliptic: ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero (CVE-2024-42460)   
nodejs/elliptic: ECDSA implementation malleability due to BER-enconded signatures being allowed (CVE-2024-42461)

Solution:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.11/html/clusters/cluster_mce_overview#mce-install-intro

CVEs:

CVE-2024-42459

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2302458  
https://bugzilla.redhat.com/show_bug.cgi?id=2302459  
https://bugzilla.redhat.com/show_bug.cgi?id=2302460

Red Hat Security Advisory 2024-7759-03

Ubuntu Security Notice 7077-1 - Enrique Nissim and Krzysztof Okupski discovered that some AMD processors did not properly restrict access to the System Management Mode configuration when the SMM Lock was enabled. A privileged local attacker could possibly use this issue to further escalate their privileges and execute arbitrary code within the processor's firmware layer.

==========================================================================  
Ubuntu Security Notice USN-7077-1  
October 21, 2024

amd64-microcode vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10  
- Ubuntu 24.04 LTS  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS  
- Ubuntu 16.04 LTS

Summary:

AMD processors may allow a privileged local attacker to further escalate their  
privileged and execute arbitrary code within the processor's firmware layer.

Software Description:  
- amd64-microcode: Platform firmware and microcode for AMD CPUs and SoCs

Details:

Enrique Nissim and Krzysztof Okupski discovered that some AMD processors  
did not properly restrict access to the System Management Mode (SMM)  
configuration when the SMM Lock was enabled. A privileged local attacker  
could possibly use this issue to further escalate their privileges and  
execute arbitrary code within the processor's firmware layer.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.10  
  amd64-microcode                 3.20240116.2+nmu1ubuntu1.1

Ubuntu 24.04 LTS  
  amd64-microcode                 3.20231019.1ubuntu2.1

Ubuntu 22.04 LTS  
  amd64-microcode                 3.20191218.1ubuntu2.3

Ubuntu 20.04 LTS  
  amd64-microcode                 3.20191218.1ubuntu1.3

Ubuntu 18.04 LTS  
  amd64-microcode                 3.20191021.1+really3.20181128.1~ubuntu0.18.04.1+esm3  
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS  
  amd64-microcode                 3.20191021.1+really3.20180524.1~ubuntu0.16.04.2+esm3  
                                  Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make  
all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-7077-1  
  CVE-2023-31315

Package Information:  
  https://launchpad.net/ubuntu/+source/amd64-microcode/3.20240116.2+nmu1ubuntu1.1  
  https://launchpad.net/ubuntu/+source/amd64-microcode/3.20231019.1ubuntu2.1  
  https://launchpad.net/ubuntu/+source/amd64-microcode/3.20191218.1ubuntu2.3  
  https://launchpad.net/ubuntu/+source/amd64-microcode/3.20191218.1ubuntu1.3

Ubuntu Security Notice USN-7077-1

Rittal IoT Interface and CMC III Processing Unit versions prior to 6.21.00.2 suffer from improper signature verification and predictable session identifier vulnerabilities.

Rittal IoT Interface / CMC III Processing Unit Signature Verification / Session ID

Paxton Net2 versions prior to 6.07.14023.5015 (SR4) suffers from a bypass vulnerability that allows for unauthorized enabling of the API.

CloudAware Security Advisory

CVE-2024-48939: Unauthorized enabling of API in Paxton Net2 software

========================================================================  
Summary  
========================================================================  
Bypass of Paxton Net2 API license. Possible leaking of PII and access to   
admin functionality.  
No physical access to computer running Paxton Net2 is required.

========================================================================  
Product  
========================================================================  
* Paxton Net2  (version < 6.07.14023.5015 (SR4))

========================================================================  
Detailed description  
========================================================================  
Paxton Net2 software offers an API. This API offers the user access to   
sensitive data such as access logs and other  
user data.[2]  
In order to enable the API a license file is needed. The license file is   
trivial to generate as demonstrated in POC in ref [1].  
This is possible while the signature checks in the Net2 software were   
not functional for the license file.  
Additionally to the license file user credentials are needed to   
authenticate against the API.  
The vendor has fixed this in version 6.07.14023.5015 (SR4) of the Net2   
software.

========================================================================  
Solution  
========================================================================  
Upgrade Paxton Net2 to version 6.07.14023.5015 (SR4)

========================================================================  
Mitigation  
========================================================================  
1) If an upgrade is not an option - as `anyone' can create valid license   
files; ensure that the filesystem of  
computers running Paxton Net2 are not reachable by unauthorised entities.  
2) Evaluate the impact of the disclosure of any configurations rolled   
out prior to these mitigation steps

========================================================================  
Weblinks  
========================================================================  
[1] https://github.com/gitaware/poc_exploit_paxton_license  
[2]   
https://www.paxton-access.com/integrating-with-paxton/how-to-integrate-with-net2/integration-capability-matrix/

========================================================================  
History  
========================================================================  
Feb 26, 2024: Paxton informed about working POC  
Feb 29, 2024: Paxton confirms working POC  
<Sept 2024: Paxton releases software update to fix issue  
Oct 10, 2024: CVE-2024-48939 issued

Paxton Net2 API License Bypass

Debian Linux Security Advisory 5793-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5793-1                   security@debian.orghttps://www.debian.org/security/                           Andres SalomonOctober 20, 2024                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2024-9954 CVE-2024-9955 CVE-2024-9956 CVE-2024-9957                  CVE-2024-9958 CVE-2024-9959 CVE-2024-9960 CVE-2024-9961                  CVE-2024-9962 CVE-2024-9963 CVE-2024-9964 CVE-2024-9965                  CVE-2024-9966Security issues were discovered in Chromium which could resultin the execution of arbitrary code, denial of service, or informationdisclosure.For the stable distribution (bookworm), these problems have been fixed inversion 130.0.6723.58-1~deb12u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmcUsNcACgkQZF0CR8Nudjd6rg//bZLkI/saFvjiULKRewv88ToCLOpx5l4ht0nHNYjW0Sy1I0FP3YtN8oZN4jJ+pJjDbxEkNDFmoPWVZP+wsUEtBottwQ1mkhSVroH9dJeNs9jWs4Rnxp7S6d3wsIYEQ99gQrPpjBr8jTSjffrLZzc0QlltdiVoc3A2RW9+RSKb/Yql+ylIRJGNI4frHDTkuFVRpC6m+T25Fbak3zF7v8tSOiQNH/2LE/Ez9wV3/PwQxTj6eGRLrJ0SkvwlDh8Z9Y8rm6auLTOxriA3dJfZR1rcmJN4kROyTMBwJTmdfCx03kyHQhxLowEABflzpyUdhqvrFAnnrfLqxTDO9odXJl7uu7sQiM4ed0LSKaX+ycrtHUhmZjWSlhbdE7eywZNAKX9rWf3ZkzqMz8gj256YPbAf1stq/I5vMlophU91X70KNMkogNIdo86ntxkB+vl6ded4LLcUFZYKrdurWD86QNNx0lQRXTlBGfTN+f0ujySbpvBGalpgK2UwLUVhP44q5ZhB1vvgw7ZwVQhpF7Cr1mb0bgR3WYg4XUZKG0jv+UQMR6yW2RxMaOkaKGbUXod+/L0OgN28yw10mg0PKBJKCR5iIxMj+jIAhlOPxiMBZbGYwYzPM5bgqwFRvXdgW1CiVrnRKVp2gN/RPmqF54ExcqyQN1TN4uguzHST/A1xUbtWtt8==vfgN-----END PGP SIGNATURE-----

Debian Security Advisory 5793-1

Helper is an enumerator written in PHP that helps identify directories on webservers that could be targets for things like cross site scripting, local file inclusion, remote shell upload, and remote SQL injection vulnerabilities.

Source

Packet Storm