The 10Web Booster WordPress plugin before 2.24.18 does not validate the option name given to some AJAX actions, allowing unauthenticated users to delete arbitrary options from the database, leading to denial of service.

CVE-2023-5559

Ubuntu Security Notice 6517-1 - It was discovered that Perl incorrectly handled printing certain warning messages. An attacker could possibly use this issue to cause Perl to consume resources, leading to a denial of service. This issue only affected Ubuntu 22.04 LTS. Nathan Mills discovered that Perl incorrectly handled certain regular expressions. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-6517-1  
November 27, 2023

perl vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10  
- Ubuntu 23.04  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in Perl.

Software Description:  
- perl: Practical Extraction and Report Language

Details:

It was discovered that Perl incorrectly handled printing certain warning  
messages. An attacker could possibly use this issue to cause Perl to  
consume resources, leading to a denial of service. This issue only affected  
Ubuntu 22.04 LTS. (CVE-2022-48522)

Nathan Mills discovered that Perl incorrectly handled certain regular  
expressions. An attacker could use this issue to cause Perl to crash,  
resulting in a denial of service, or possibly execute arbitrary code.  
(CVE-2023-47038)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.10:  
   perl                            5.36.0-9ubuntu1.1

Ubuntu 23.04:  
   perl                            5.36.0-7ubuntu0.23.04.2

Ubuntu 22.04 LTS:  
   perl                            5.34.0-3ubuntu1.3

Ubuntu 20.04 LTS:  
   perl                            5.30.0-9ubuntu0.5

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6517-1  
   CVE-2022-48522, CVE-2023-47038

Package Information:  
   https://launchpad.net/ubuntu/+source/perl/5.36.0-9ubuntu1.1  
   https://launchpad.net/ubuntu/+source/perl/5.36.0-7ubuntu0.23.04.2  
   https://launchpad.net/ubuntu/+source/perl/5.34.0-3ubuntu1.3  
   https://launchpad.net/ubuntu/+source/perl/5.30.0-9ubuntu0.5

Ubuntu Security Notice USN-6517-1

Gentoo Linux Security Advisory 202311-18 - Multiple vulnerabilities have been discovered in GLib. Versions greater than or equal to 2.74.4 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202311-18  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: GLib: Multiple Vulnerabilities  
     Date: November 27, 2023  
     Bugs: #886197, #887807  
       ID: 202311-18

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in GLib.

Background  
=========  
GLib is a library providing a number of GNOME's core objects and  
functions.

Affected packages  
================  
Package        Vulnerable    Unaffected  
-------------  ------------  ------------  
dev-libs/glib  < 2.74.4      >= 2.74.4

Description  
==========  
Multiple vulnerabilities have been discovered in GLib. Please review the  
referenced CVEs for details.

Impact  
=====  
GVariant deserialization is vulnerable to an exponential blowup issue  
where a crafted GVariant can cause excessive processing, leading to  
denial of service.

GVariant deserialization fails to validate that the input conforms to  
the expected format, leading to denial of service.

GVariant deserialization is vulnerable to a slowdown issue where a  
crafted GVariant can cause excessive processing, leading to denial of  
service.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All GLib users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">Þv-libs/glib-2.74.4"

References  
=========  
[ 1 ] CVE-2023-29499  
      https://nvd.nist.gov/vuln/detail/CVE-2023-29499  
[ 2 ] CVE-2023-32611  
      https://nvd.nist.gov/vuln/detail/CVE-2023-32611  
[ 3 ] CVE-2023-32665  
      https://nvd.nist.gov/vuln/detail/CVE-2023-32665

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202311-18

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202311-18

Ubuntu Security Notice 6515-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. It was discovered that Thunderbird did not properly manage memory when images were created on the canvas element. An attacker could potentially exploit this issue to obtain sensitive information.

=========================================================================  
Ubuntu Security Notice USN-6515-1  
November 27, 2023

thunderbird vulnerabilities  
=========================================================================  
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10  
- Ubuntu 23.04  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in Thunderbird.

Software Description:  
- thunderbird: Mozilla Open Source mail and newsgroup client

Details:

Multiple security issues were discovered in Thunderbird. If a user were  
tricked into opening a specially crafted website in a browsing context, an  
attacker could potentially exploit these to cause a denial of service,  
obtain sensitive information, bypass security restrictions, cross-site  
tracing, or execute arbitrary code. (CVE-2023-6206, CVE-2023-6212)

It was discovered that Thudnerbird did not properly manage memory when  
images were created on the canvas element. An attacker could potentially  
exploit this issue to obtain sensitive information. (CVE-2023-6204)

It discovered that Thunderbird incorrectly handled certain memory when  
using a MessagePort. An attacker could potentially exploit this issue to  
cause a denial of service. (CVE-2023-6205)

It discovered that Thunderbird incorrectly did not properly manage ownership  
in ReadableByteStreams. An attacker could potentially exploit this issue  
to cause a denial of service. (CVE-2023-6207)

It discovered that Thudnerbird incorrectly did not properly manage copy  
operations when using Selection API in X11. An attacker could potentially  
exploit this issue to obtain sensitive information. (CVE-2023-6208)

Rachmat Abdul Rokhim discovered that Thunderbird incorrectly handled  
parsing of relative URLS starting with "///". An attacker could potentially  
exploit this issue to cause a denial of service. (CVE-2023-6209)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.10:  
  thunderbird                     1:115.5.0+build1-0ubuntu0.23.10.1

Ubuntu 23.04:  
  thunderbird                     1:115.5.0+build1-0ubuntu0.23.04.1

Ubuntu 22.04 LTS:  
  thunderbird                     1:115.5.0+build1-0ubuntu0.22.04.1

Ubuntu 20.04 LTS:  
  thunderbird                     1:115.5.0+build1-0ubuntu0.20.04.1

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6515-1  
  CVE-2023-6204, CVE-2023-6205, CVE-2023-6206, CVE-2023-6207,  
  CVE-2023-6208, CVE-2023-6209, CVE-2023-6212

Package Information:  
  https://launchpad.net/ubuntu/+source/thunderbird/1:115.5.0+build1-0ubuntu0.23.10.1  
  https://launchpad.net/ubuntu/+source/thunderbird/1:115.5.0+build1-0ubuntu0.23.04.1  
  https://launchpad.net/ubuntu/+source/thunderbird/1:115.5.0+build1-0ubuntu0.22.04.1  
  https://launchpad.net/ubuntu/+source/thunderbird/1:115.5.0+build1-0ubuntu0.20.04.1

Ubuntu Security Notice USN-6515-1

Debian Linux Security Advisory 5567-1 - Multiple buffer overflows and memory leak issues have been found in tiff, the Tag Image File Format (TIFF) library and tools, which may cause denial of service when processing a crafted TIFF image.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- - -------------------------------------------------------------------------Debian Security Advisory DSA-5567-1                   security@debian.orghttps://www.debian.org/security/                                  Aron XuNovember 27, 2023                     https://www.debian.org/security/faq- - -------------------------------------------------------------------------Package        : tiffCVE ID         : CVE-2023-3576 CVE-2023-40745 CVE-2023-41175Debian Bug     :Brief introductionMultiple buffer overflows and memory leak issues have been found in tiff,the Tag Image File Format (TIFF) library and tools, which may cause denialof service when processing a crafted TIFF image.For the oldstable distribution (bullseye), these problems have been fixedin version 4.2.0-1+deb11u5.For the stable distribution (bookworm), these problems have been fixed inversion 4.5.0-6+deb12u1.We recommend that you upgrade your tiff packages.For the detailed security status of tiff please refer toits security tracker page at:https://security-tracker.debian.org/tracker/tiffFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmVkI0cACgkQO1LKKgqv2VT46QgAvtYySLyFvbEsmMlcHIFWXRtkqO2cxtsb7F0NDN8vl2yATpPN8ZWeEmFxES3DEpRJkAmZ9Of+87a06r4tdFAQlg/uqwMMO4WbdihUlzgnsRLXKUSUqHMFv3Wr9nvckp6OCwztPUb0G+bpAn+dJHqs6iF3q6ukwWcW0cprLQzigUMmxTnvWt4bc4eT1nfWRLWkwVObl488Lq94zawtB3NZoQaNvQDMHxVZ7VPsQvDSrKAT71/TnzFUpXJlUePBCKUmK1Q0a6akxBpoNAr6ujdrWcCPDMNl7+jBJE3AwoMPZptTlIsqKTYTT4qrtd80YDYxVScgc+t2GrO1PgzM12/Mqg==WLU7-----END PGP SIGNATURE-----

Debian Security Advisory 5567-1

Gentoo Linux Security Advisory 202311-17 - Multiple vulnerabilities have been discovered in phpMyAdmin, the worst of which allows for denial of service. Versions greater than or equal to 5.2.0 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202311-17  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Low  
    Title: phpMyAdmin: Multiple Vulnerabilities  
     Date: November 26, 2023  
     Bugs: #831841, #835071  
       ID: 202311-17

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in phpMyAdmin, the worst  
of which allows for denial of service.

Background  
=========  
phpMyAdmin is a tool written in PHP intended to handle the  
administration of MySQL over the web.

Affected packages  
================  
Package            Vulnerable    Unaffected  
-----------------  ------------  ------------  
dev-db/phpmyadmin  < 5.2.0       >= 5.2.0

Description  
==========  
Multiple vulnerabilities have been discovered in phpMyAdmin. Please  
review the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All phpMyAdmin users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">Þv-db/phpmyadmin-5.2.0"

References  
=========  
[ 1 ] CVE-2022-0813  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0813  
[ 2 ] CVE-2022-23807  
      https://nvd.nist.gov/vuln/detail/CVE-2022-23807  
[ 3 ] CVE-2022-23808  
      https://nvd.nist.gov/vuln/detail/CVE-2022-23808

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202311-17

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202311-17

Gentoo Linux Security Advisory 202311-16 - Multiple denial of service vulnerabilities have been found in Open vSwitch. Versions greater than or equal to 2.17.6 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202311-16  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Low  
    Title: Open vSwitch: Multiple Vulnerabilities  
     Date: November 26, 2023  
     Bugs: #765346, #769995, #803107, #887561  
       ID: 202311-16

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple denial of service vulnerabilites have been found in Open  
vSwitch.

Background  
=========  
Open vSwitch is a production quality multilayer virtual switch.

Affected packages  
================  
Package               Vulnerable    Unaffected  
--------------------  ------------  ------------  
net-misc/openvswitch  < 2.17.6      >= 2.17.6

Description  
==========  
Multiple vulnerabilities have been discovered in Open vSwitch. Please  
review the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All Open vSwitch users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-misc/openvswitch-2.17.6"

References  
=========  
[ 1 ] CVE-2020-27827  
      https://nvd.nist.gov/vuln/detail/CVE-2020-27827  
[ 2 ] CVE-2020-35498  
      https://nvd.nist.gov/vuln/detail/CVE-2020-35498  
[ 3 ] CVE-2021-3905  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3905  
[ 4 ] CVE-2021-36980  
      https://nvd.nist.gov/vuln/detail/CVE-2021-36980  
[ 5 ] CVE-2022-4337  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4337  
[ 6 ] CVE-2022-4338  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4338  
[ 7 ] CVE-2023-1668  
      https://nvd.nist.gov/vuln/detail/CVE-2023-1668

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202311-16

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202311-16

Debian Linux Security Advisory 5566-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5566-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
November 26, 2023                     https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : thunderbird  
CVE ID         : CVE-2023-6212 CVE-2023-6209 CVE-2023-6208 CVE-2023-6207  
                 CVE-2023-6206 CVE-2023-6205 CVE-2023-6204

Multiple security issues were discovered in Thunderbird, which could  
result in denial of service or the execution of arbitrary code.

For the oldstable distribution (bullseye), these problems have been fixed  
in version 1:115.5.0-1~deb11u1.

For the stable distribution (bookworm), these problems have been fixed in  
version 1:115.5.0-1~deb12u1.

We recommend that you upgrade your thunderbird packages.

For the detailed security status of thunderbird please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/thunderbird

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmViiyoACgkQEMKTtsN8  
TjaZUhAAmpG5pqXk0eb9Lq/+PjBe6TjmyaZ1NUbrqnaD7Nygcq3CakX7vrLtlfT0  
M8JUiqHBIpAKZr5E/bs62bZDrf3EGzWJdnHkPs/pI9mpqYMPHxKuuJdOxNSnx216  
R5DUTMe945XodklRslY6gUjuPGlYIpmGSQwMSDnwCgGGWbJ2aRwML3wS56dgv/gd  
Uu7tsD7TBa7BoSTdwB5/J2faaGfptCcTTv5mBk4I4+sdUVo0c1Bzuy5oCVrwUpoB  
PtGKH/lRYyUW9S24O4yN26Up4UYbK212gAiiYdcoXCGxCzcmOuxKjPp4e4qxlR6F  
DYndBKM0zRJF+bIaeGQPgEcU0iCwq8GNcYykDeezUPV3OwA10oHVZZyJjHHEPIlT  
5Q6fbwWlFRqnjfmktJHWwlkQNSi/jI7UiGnnrWKNDtiNyRkfhawHPBwRDhZPxk2c  
E9drKQix9kt9ONNNNnJ9cWyrHwLa59VgZQmJ/swFBXZaxpetobNivCa1t0lCpbor  
jEV2RCrWrd1+AEDiXJxOpU9owLCp4RcBHDnDD+rL+s+CAo341HRhLVj0mYBWQcH3  
VtdGUxoKOfqUNZ1pw7uNNixNh3pJT2elJGn3c029nbNYFAGwrmUDoBt3+EKvj387  
s8QcNcCJCbqdyFqs1v3nQDXHe4zzcTohEIkt16dOPWLpfWodqoY=o6QP  
-----END PGP SIGNATURE-----

Debian Security Advisory 5566-1

Mattermost fails to limit the amount of data extracted from compressed archives during board import in Mattermost Boards allowing an attacker to consume excessive resources, possibly leading to Denial of Service, by importing a board using a specially crafted zip (zip bomb).



Skip to content

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2023-48268

**Mattermost Uncontrolled Resource Consumption vulnerability**

Moderate severity GitHub Reviewed Published Nov 27, 2023 to the GitHub Advisory Database • Updated Nov 28, 2023

**Package**

gomod github.com/mattermost/mattermost-server/v6 (Go)

**Affected versions**

< 7.8.13

gomod github.com/mattermost/mattermost/server/v8 (Go)

\>= 9.1.0, < 9.1.1

\>= 9.0.0, < 9.0.2

< 8.1.4

**Description**

Published to the GitHub Advisory Database

Nov 27, 2023

Last updated

Nov 28, 2023

GHSA-j4c3-3h73-74m9: Mattermost Uncontrolled Resource Consumption vulnerability

Mattermost fails to properly limit the characters allowed in different fields of a block in Mattermost Boards allowing a attacker to consume excessive resources, possibly leading to Denial of Service, by patching the field of a block using a specially crafted string. 



Skip to content

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2023-40703

**Mattermost Uncontrolled Resource Consumption vulnerability**

Moderate severity GitHub Reviewed Published Nov 27, 2023 to the GitHub Advisory Database • Updated Nov 28, 2023

**Package**

gomod github.com/mattermost/mattermost-server/v6 (Go)

**Affected versions**

< 7.8.13

gomod github.com/mattermost/mattermost/server/v8 (Go)

\>= 9.1.0, < 9.1.1

\>= 9.0.0, < 9.0.2

< 8.1.4

**Description**

Published to the GitHub Advisory Database

Nov 27, 2023

Last updated

Nov 28, 2023

Tag

#dos