Debian Linux Security Advisory 5800-1 - Jan-Niklas Sohn discovered that a heap-based buffer overflow in the _XkbSetCompatMap function in the X Keyboard Extension of the X.org X server may result in privilege escalation if the X server is running privileged.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5800-1                   security@debian.org  
https://www.debian.org/security/                     Salvatore Bonaccorso  
October 29, 2024                      https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : xorg-server  
CVE ID         : CVE-2024-9632  
Debian Bug     : 1086244

Jan-Niklas Sohn discovered that a heap-based buffer overflow in the  
_XkbSetCompatMap function in the X Keyboard Extension of the X.org X  
server may result in privilege escalation if the X server is running  
privileged.

For the stable distribution (bookworm), this problem has been fixed in  
version 2:21.1.7-3+deb12u8.

We recommend that you upgrade your xorg-server packages.

For the detailed security status of xorg-server please refer to its  
security tracker page at:  
https://security-tracker.debian.org/tracker/xorg-server

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmchKQNfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2  
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND  
z0S1og//Qc+fk1SZNKINd1d/ItoR5XQQGU4V92/kQKcfNu97F2DLcb1wUc+BZAaY  
yr1HS+ru3pY25XOKYLgR7Tx///BEXzYxKdNxLGVMXzJqU06oSYXAkUBERFW5aU0/  
ayaV+UtwaX7ADUwYpCeJbQJcudMw3YtPlkRpN1uCs/lHMHPcbsGpZt4VBpItksrs  
iRpqq40eQiPafzGBpzx40ejaJyn200s9hYNN6dieqNDQTW6MmGSI9OLfY5alze6M  
Iot3mopREg/iKJblNz7+T2mKng0TEPY2PgolcsmHjvHEKCrWmWcGKwWHKlbvfpJX  
s1522AAWS5aJeW8r6TeGbOa298caLsW4doQa/6EX4HeADQu7SjV9oXZwrUtGsCxn  
eb6oLUGhHs0FGmY/Hvfng/ouZwSj1wKWE45hMCJ1HRSlpbfCoJxQlFpNLWQziFaS  
TuzebmpPXfbrbcXb7tNgUPtLcayu09JwJWxZLYPYcFDXZe1wUz3ZQIWkKHizXkSI  
NZtQYdLMKqBp99XR65vkTORS7QWkpdaW6AY6JujoihKFzh+wRM7qKtgflHl6qTLd  
mPK8DU/qe5jCs5oqzLvQ7sZUb95JqhYaLf8ZWH6koTHLHqnMt9wOxqoEPoFfk4Lz  
TH0FizIOHO6imr6USG+ubOtlf/nd1py1achR9ihKtd+0GE0Hx8Q=  
=Y9nq  
-----END PGP SIGNATURE-----

Debian Security Advisory 5800-1

Debian Linux Security Advisory 5799-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5799-1                   security@debian.orghttps://www.debian.org/security/                           Andres SalomonOctober 28, 2024                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2024-10229 CVE-2024-10230 CVE-2024-10231Security issues were discovered in Chromium which could resultin the execution of arbitrary code, denial of service, or informationdisclosure.For the stable distribution (bookworm), these problems have been fixed inversion 130.0.6723.69-1~deb12u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmcfKnwACgkQZF0CR8Nudje0sBAAsYJO23wXH5WDVCouanWuxcBKHrXDSF0RrlPOQP5tJURzc8teVhQodU6aohwckqSyCeYI3/z6NvfVcZFOWVlNQLktcNo8nWw7pMTMkhynk9OA3KCR/LDA3b6TIZxW3z55Sza4TkcJrj+DIUgBFRBzQvFolwP6MRMcjI+kT4To9YemZlED8ZlhtNt4/abKD2suwV5nyzRFPh14sgujtwuF/zPNivuHMQFXNwWfnbIBmJlC+3XO3Ox1IVZ3IcN2tCWM0hvtkGOCOA5e3OXUGuLgWdQWg0J/hlZ8wYwlamDutp/BS3zPxurshDrEY1WOgb7oSl2rM3IgitsnHyyccICgasto7vlYpKJBCfhXDyuR00a+Sfihn91hT2lCodp8x6HazMD8HxutTa+xiihBFgKON/NFK2GvS0EbaCUe5lQe893y7cBAYhHwliXmKuL+9D/H53+UhPJSE97ZOvsLoopTzk2+cgInstHfX1SpNR4rPKN5Sk0VxDbnDiKuSUmPOGqG4xnWLhg9g04lWWNB34nHkq8cPLfGDd0erk8GHHX7/PYTqlLf8cmJppnwNoZffi3B6mk/zbwPCMVaM8odDL9Pc41zooLCGkykglmR6Yw/xbdC9+vrlsFJ/O2ligILTl/9Yf5ZaxemdcE/QEv65VyoYIDs7BkXcpgRIMqo55l5FTI==Rr/n-----END PGP SIGNATURE-----

Debian Security Advisory 5799-1

Debian Linux Security Advisory 5798-1 - Christoper L. Shannon discovered that the implementation of the OpenWire protocol in Apache ActiveMQ was susceptible to the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5798-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
October 26, 2024                      https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : activemq  
CVE ID         : CVE-2023-46604

Christoper L. Shannon discovered that the implementation of the OpenWire  
protocol in Apache ActiveMQ was susceptible to the execution of  
arbitrary code.

For the stable distribution (bookworm), these problems have been fixed in  
version 5.17.2+dfsg-2+deb12u1.

We recommend that you upgrade your activemq packages.

For the detailed security status of activemq please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/activemq

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmccx3gACgkQEMKTtsN8  
TjY5bg//ZDPT1SXTCW7reOmPv3i1J7I8Cv8rNkogL73R1SBE+1C5CutQzAESJkid  
0BzW+q9A2qVvDyxgM8pcxuYI53olVH8fPzDViHYit4K4Ac0o66fmfA42ipC21sNd  
it9Zo1WROyYenvLvGEx4bQXL8UamoVpMCIy/2o5t0b60P5glOjjfqHJadRbvZgJA  
QvdD3UTASnsrqWgf5+4HON9nUBjNJL9cdPkxPkskBVAYJrMpLvNEvkofcB1YIPgs  
UW0UwNJe50CCddeDhOY59nO1m0TAG0gbgEgPJ3U2Zasdou2OqTRFp7wt0RBwmvFW  
wikkyRqfg0sZM4bDZIz74c58qJRd2dJBIShTBQiXB2qcX3v7tNUp+2cVjUUhZq3d  
jXIS1uupmpn4MVIA5CgLFsBsoOzg+Zn7WxXNMih0CIUAUWLmGPrMRiinm4rB81t1  
1zOMpaRByCuO1Tnc03dDaX0sl5ydWc+O2nkRxsWowXXGw/UDMSdNbrLmr/kJwNnR  
cmePkv6PPLBznTWpuk9elriYLn2D8VLvRHx2TGj+W21Qky4QOYUVYVpHgHYW5GpE  
4jkrozdb/GhUUN7QIqssmJzyXGNUBKf+7DBPBUqmV2Pcvp5uNa1s3J0zanP6OKda  
dfnlfI6Ov8WH3O/P60suZF8QBvlRvjnscNaC9HUVZ/ROqgy7MFo=  
=JXv0  
-----END PGP SIGNATURE-----

Debian Security Advisory 5798-1

Debian Linux Security Advisory 5797-1 - Multiple security issues were found in Twisted, an event-based framework for internet applications, which could result in incorrect ordering of HTTP requests or cross-site scripting.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5797-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffOctober 25, 2024                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : twistedCVE ID         : CVE-2023-46137 CVE-2024-41671 CVE-2024-41810Multiple security issues were found in Twisted, an event-based frameworkfor internet applications, which could result in incorrect ordering ofHTTP requests or cross-site scripting.For the stable distribution (bookworm), these problems have been fixed inversion 22.4.0-4+deb12u1.We recommend that you upgrade your twisted packages.For the detailed security status of twisted please refer toits security tracker page at:https://security-tracker.debian.org/tracker/twistedFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmcb3uEACgkQEMKTtsN8TjZEtw//VpqsmdlkvjKnR1rYRjoopuH1cx5lSdB5u7EoXGiSKTp9Dt5l2Q44fl+Pi2uLjO/IX5ZbtiWDeNvBoFYfaqvHBlv680WiaUnmvTzPuovB2fT5Q7ZOdI7SH5y2yhYpmaapZSb2kRYgcFO38Vi3M1LxU60t7lSXd3F5+6BopPEBRT9q0nwHAPB8NSvhC/VQQa9BejPIggJD1koYxJlQz76VhAi3c7W60ySRk2YKQryYdyZwdpsvrrz0G05nwZO+f6tXVihehGT2rv5OpfwGmcHZ/iwxY/IFpywdkrsnx1mV2NGVZw3t2JQYl7r/Vs3XLg4C3Zx2NLzZgBp007ZG4vz2f4LmEe9M+bYI8NgCAzPRUJg2T4+ZoD09Dmmlk/yo+ihBxSef3H5nDkiO9a4OsEQzk74o1Hlg1ZbiUqk/7BdSar92LszlzuJVXqpAHVtIIlUwkS+L6Z+O2iYhSBUTumrrrbRsdoo00uvHWeGOw1VmRZKYdMpoxX2St60BRUdBZuIHlcw5qoymiIDOI/fgykCtdAbdCWj/GE6AGO4i7scOj8u8deqh/N5kKNzdijjkzmEQvd7e3/VSEVfBc+4CJHUMKVELaNDGflaneWxXpHLmz/pu2hwNoPw2XL9X1bVzvph3A+Yl+oXLZUJkrELuo9Rmnv7qJ9MS9QnOpHyw0KFgEsQ==faBY-----END PGP SIGNATURE-----

Debian Security Advisory 5797-1

Debian Linux Security Advisory 5796-1 - Multiple security issues were found in libheif, a library to parse HEIF and AVIF files, which could result in denial of service or potentially the execution of arbitrary code.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5796-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffOctober 25, 2024                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : libheifCVE ID         : CVE-2023-29659 CVE-2023-49462 CVE-2024-41311Multiple security issues were found in libheif, a library to parse HEIFand AVIF files, which could result in denial of service or potentiallythe execution of arbitrary code.For the stable distribution (bookworm), these problems have been fixed inversion 1.15.1-1+deb12u1.We recommend that you upgrade your libheif packages.For the detailed security status of libheif please refer toits security tracker page at:https://security-tracker.debian.org/tracker/libheifFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmcb3t8ACgkQEMKTtsN8Tjb/Zg//dGKfFs/w3AIgnaNKk+evGsFtaBdva6K2zkTOhGzVK+RoBCdP8egjfka+WCUYNQKVQr2XOd4ieih5DYg6CS/Tmn32X34sRN8St9UAz+sFXkkUZ9bBxSDS93LP1H+lGLfhqtHUAJv6febY+6RiAmV6vhzMIAuVTJxjdwGFvOFtu0f2aDQKEHTMIhpjpJDDCmjTciGmzjvSOpzVAw07nbeJFzvE/BR+wLg3fRMNG7RmQhZcG9O4B+RCHaJBzNAM1bM3q1OGkH5Ek3/owyIUtYft3iT2uGKZkZUzwJ4ZvOMxX9qyP22Gxl6+yfm5R1qDoXIBJMGVdjPIan3XK1XfKya9cCQkvNb+75W62WatkJw3TcomCFXXzcv2cKDOAbXGmIZHbAW+q6B5QWP86Ui10sBQsXW9lMmQW8mu4h13ZjgFelUsP6b9MWKKMRzFkqSh9me0bIlEvxl29/2HA08XnpV19//6j8PwANsBlGXnnDes0Y4uKrUKA8Q95zNuWG3owahc7z4+6nY92qoh5sswloIy1dXnhg6KYTuYL5JkxheIfOsh0fLG0eNfv5cV9mWKc9/A5BxSdBQz3x5bBNgH4R1L7z6/0+z/jo1Z6L904F4KsUiWnDeYKJNwhY+iOrDh5wDSrDA4+xVBtOo/q+6pR0c91GGoJImo9AEhXRKMGVKjjvw==JcU1-----END PGP SIGNATURE-----

Debian Security Advisory 5796-1

Debian Linux Security Advisory 5795-1 - Cedric Krier discovered that python-sql, a library to write SQL queries in a pythonic way, performed insufficient sanitizing which could result in SQL injection.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5795-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffOctober 21, 2024                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : python-sqlCVE ID         : CVE-2024-9774Cedric Krier discovered that python-sql, a library to write SQL queriesin a pythonic way, performed insufficient sanitising which could resultin SQL injection.For the stable distribution (bookworm), this problem has been fixed inversion 1.4.0-1+deb12u1.We recommend that you upgrade your python-sql packages.For the detailed security status of python-sql please refer toits security tracker page at:https://security-tracker.debian.org/tracker/python-sqlFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmcWnkYACgkQEMKTtsN8TjYrzBAAtMjk7yF0IB4onUZ+GHMkYCDoPhZRaZft7eQUAGya1/IHpuA4e5KvmWahJK8D1glflGgopSLhLSkPkXWij3LqKjb2obuqRB9icuEl1mKWeJoovHWONZLCUVSt0iPtAvLA4jIi4KpHRfzFY4QbpkkAKXAjTLjxtjDlmEky4PT+1puHAi7lQ7O2/OY/haxnVYHtoHID+E6r0eTgXq5HX9723niVkxKpjcZz8ki8WeDoEmNUOj4j89Nke0VeQNFYmCuWtAQLvRFTSL4I9fGWcRBWWEHm46YqnktlJIHVe2f9posYCMMFxvFwNo70U3MUinCDAXX6VmeAGuzTXGQAPXW0kDT7Y436ononkFcnVMoiCr/T/+m3UKUw+2iINEcnMe/G/4wkhiYx7T2YYFmJ4vRgye7sSE4YfRl6/wl/rbeVfz3AfM/iAxp7uWAlzVLry4mL1ZkNhAhvTDCpEIsBECDp1gX2z4ZVLqHDqXIqQ+IEEFIZoNImUo/LIgKvZIg18XuP77K29UAnonUe1qxf8d19nRwD18hwoQG1KL6dCRgKhE+OKjTRCZv+9hb1Xp7QagQviZTCnP+36HFtpNfbim/JlAtllEZrUdufBcMzAVx82C9oVHd8WigI+PWGSFnh5qzy0B1xhX7H3x5zLaVO1HJ6ZHzyH5VcfCFSxmzV6MeyzFk==Xlam-----END PGP SIGNATURE-----

Debian Security Advisory 5795-1

Debian Linux Security Advisory 5794-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5794-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffOctober 21, 2024                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : openjdk-17CVE ID         : CVE-2024-21208 CVE-2024-21210 CVE-2024-21217 CVE-2024-21235Several vulnerabilities have been discovered in the OpenJDK Java runtime,which may result in denial of service or information disclosure.For the stable distribution (bookworm), these problems have been fixed inversion 17.0.13+11-2~deb12u1.We recommend that you upgrade your openjdk-17 packages.For the detailed security status of openjdk-17 please refer toits security tracker page at:https://security-tracker.debian.org/tracker/openjdk-17Further information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmcWmOcACgkQEMKTtsN8TjYeZw/7BTQ3D6sDygG5LotB4JCo8QMyG1rx0XgX9dAgK4Xw0sp9jnYS2iebp8RhlbIDht+jchjLpbEPnzx11JM2b3e/x3JO1QRUSEDkTnQhuynR4wj7WKLXY4l36zkzG/73g9Tq/EM5t8vjuMWFFcsEIJ5c0erHaw/X5lAr9Gg0vs8LrLYyqOMod8Z8AZJpbKNJpGEDUu/i1lASkDnjJAl5+ybPG5xN++Ax+FvPhmlQKu39rVKrX140+LIkFcGJdLh+RMbLU66ryDR2rQQSgeDeZYZln5gsbykzRbfeZZil4bF0+aT3FCY0/nOA0aA82nrE9S6VU6kdxWyS/KTzRsVUw8IsIW/9KyD3hAGvEbHiD4hG/YrABOFdg4rvUPLnaBU6i+LnyrdcayoFP6cp72KiBOQxn4nUzUqhqynKatZ5ixZfgboaTFKBr2WxazoWTzrefjyH30GEeQ0dWFc2ujcOlMZSag9VdfgIoVg+F2l20UbmKnYtZGSXm5rD2ocG5l7gTb8uDcZO3P1HXGmrD7A8NLy9aRPT/dmNDLnAo8se61O4ctirgNQ3dIpwzeIEyjPNysY0lON5+7EE7XToW2C7dSYjHSVCNTqE+heRE66p7hDBxyeuhxhBK+Bd7DcAT97Kkp1BOZ0XSn9YjQ9zdyzQneOxMK7CbM6/PIETqGsY6aTIptI==PgDB-----END PGP SIGNATURE-----

Debian Security Advisory 5794-1

Debian Linux Security Advisory 5793-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5793-1                   security@debian.orghttps://www.debian.org/security/                           Andres SalomonOctober 20, 2024                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2024-9954 CVE-2024-9955 CVE-2024-9956 CVE-2024-9957                  CVE-2024-9958 CVE-2024-9959 CVE-2024-9960 CVE-2024-9961                  CVE-2024-9962 CVE-2024-9963 CVE-2024-9964 CVE-2024-9965                  CVE-2024-9966Security issues were discovered in Chromium which could resultin the execution of arbitrary code, denial of service, or informationdisclosure.For the stable distribution (bookworm), these problems have been fixed inversion 130.0.6723.58-1~deb12u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmcUsNcACgkQZF0CR8Nudjd6rg//bZLkI/saFvjiULKRewv88ToCLOpx5l4ht0nHNYjW0Sy1I0FP3YtN8oZN4jJ+pJjDbxEkNDFmoPWVZP+wsUEtBottwQ1mkhSVroH9dJeNs9jWs4Rnxp7S6d3wsIYEQ99gQrPpjBr8jTSjffrLZzc0QlltdiVoc3A2RW9+RSKb/Yql+ylIRJGNI4frHDTkuFVRpC6m+T25Fbak3zF7v8tSOiQNH/2LE/Ez9wV3/PwQxTj6eGRLrJ0SkvwlDh8Z9Y8rm6auLTOxriA3dJfZR1rcmJN4kROyTMBwJTmdfCx03kyHQhxLowEABflzpyUdhqvrFAnnrfLqxTDO9odXJl7uu7sQiM4ed0LSKaX+ycrtHUhmZjWSlhbdE7eywZNAKX9rWf3ZkzqMz8gj256YPbAf1stq/I5vMlophU91X70KNMkogNIdo86ntxkB+vl6ded4LLcUFZYKrdurWD86QNNx0lQRXTlBGfTN+f0ujySbpvBGalpgK2UwLUVhP44q5ZhB1vvgw7ZwVQhpF7Cr1mb0bgR3WYg4XUZKG0jv+UQMR6yW2RxMaOkaKGbUXod+/L0OgN28yw10mg0PKBJKCR5iIxMj+jIAhlOPxiMBZbGYwYzPM5bgqwFRvXdgW1CiVrnRKVp2gN/RPmqF54ExcqyQN1TN4uguzHST/A1xUbtWtt8==vfgN-----END PGP SIGNATURE-----

Debian Security Advisory 5793-1

This Metasploit module uses a combination of an arbitrary file read (CVE-2024-34102) and a buffer overflow in glibc (CVE-2024-2961). It allows for unauthenticated remote code execution on various versions of Magento and Adobe Commerce (and earlier versions if the PHP and glibc versions are also vulnerable). Versions affected include 2.4.7 and earlier, 2.4.6-p5 and earlier, 2.4.5-p7 and earlier, and 2.4.4-p8 and earlier.

Magento / Adobe Commerce Remote Code Execution

Cybersecurity researchers have gleaned additional insights into a nascent ransomware-as-a-service (RaaS) called Cicada3301 after successfully gaining access to the group's affiliate panel on the dark web.
Singapore-headquartered Group-IB said it contacted the threat actor behind the Cicada3301 persona on the RAMP cybercrime forum via the Tox messaging service after the latter put out an

Ransomware / Network Security

Cybersecurity researchers have gleaned additional insights into a nascent ransomware-as-a-service (RaaS) called **Cicada3301** after successfully gaining access to the group's affiliate panel on the dark web.

Singapore-headquartered Group-IB said it contacted the threat actor behind the Cicada3301 persona on the RAMP cybercrime forum via the Tox messaging service after the latter put out an advertisement, calling for new partners into its affiliate program.

"Within the dashboard of the Affiliates' panel of Cicada3301 ransomware group contained sections such as Dashboard, News, Companies, Chat Companies, Chat Support, Account, an FAQ section, and Log Out," researchers Nikolay Kichatov and Sharmine Low said in a new analysis published today.

Cicada3301 first came to light in June 2024, with the cybersecurity community uncovering strong source code similarities with the now-defunct BlackCat ransomware group. The RaaS scheme is estimated to have compromised no less than 30 organizations across critical sectors, most of which are located in the U.S. and the U.K.

The Rust-based ransomware is cross-platform, allowing affiliates to target devices running Windows, Linux distributions Ubuntu, Debian, CentOS, Rocky Linux, Scientific Linux, SUSE, Fedora, ESXi, NAS, PowerPC, PowerPC64, and PowerPC64LE.

Like other ransomware strains, attacks involving Cicada3301 have the ability to either fully or partially encrypt files, but not before shutting down virtual machines, inhibiting system recovery, terminating processes and services, and deleting shadow copies. It's also capable of encrypting network shares for maximum impact.

"Cicada3301 runs an affiliate program recruiting penetration testers (pentesters) and access brokers, offering a 20% commission, and providing a web-based panel with extensive features for affiliates," the researchers noted.

A summary of the different sections is as follows -

*   **Dashboard** - An overview of the successful or failed logins by the affiliate, and the number of companies attacked
*   **News** - Information about product updates and news of the Cicada3301 ransomware program
*   **Companies** - Provides options to add victims (i.e., company name, ransom amount demanded, discount expiration date etc.) and create Cicada3301 ransomware builds
*   **Chat Companies** - An interface to communicate and negotiate with victims
*   **Chat Support** - An interface for the affiliates to communicate with representatives of the Cicada3301 ransomware group to resolve issues
*   **Account** - A section devoted to affiliate account management and resetting their password
*   **FAQ** - Provides details about rules and guides on creating victims in the "Companies" section, configuring the builder, and steps to execute the ransomware on different operating systems

"The Cicada3301 ransomware group has rapidly established itself as a significant threat in the ransomware landscape, due to its sophisticated operations and advanced tooling," the researchers said.

"By leveraging ChaCha20 + RSA encryption and offering a customizable affiliate panel, Cicada3301 enables its affiliates to execute highly targeted attacks. Their approach of exfiltrating data before encryption adds an additional layer of pressure on victims, while the ability to halt virtual machines increases the impact of their attacks."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Tag

#debian