A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2. An app may be able to access sensitive user data.

Released December 11, 2023

**Accounts**

Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to access sensitive user data

Description: A privacy issue was addressed with improved private data redaction for log entries.

CVE-2023-42919: Kirin (@Pwnrin)

**AVEVideoEncoder**

Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to disclose kernel memory

Description: This issue was addressed with improved redaction of sensitive information.

CVE-2023-42884: an anonymous researcher

**Bluetooth**

Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

Impact: An attacker in a privileged network position may be able to inject keystrokes by spoofing a keyboard

Description: The issue was addressed with improved checks.

CVE-2023-45866: Marc Newlin of SkySafe

Entry added December 11, 2023

**ExtensionKit**

Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to access sensitive user data

Description: A privacy issue was addressed with improved private data redaction for log entries.

CVE-2023-42927: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

**Find My**

Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to read sensitive location information

Description: This issue was addressed with improved redaction of sensitive information.

CVE-2023-42922: Wojciech Regula of SecuRing (wojciechregula.blog)

**ImageIO**

Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

Impact: Processing an image may lead to arbitrary code execution

Description: The issue was addressed with improved memory handling.

CVE-2023-42898: Junsung Lee

CVE-2023-42899: Meysam Firouzi @R00tkitSMM and Junsung Lee

**Kernel**

Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to break out of its sandbox

Description: The issue was addressed with improved memory handling.

CVE-2023-42914: Eloi Benoist-Vanderbeken (@elvanderb) of Synacktiv (@Synacktiv)

**Safari Private Browsing**

Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

Impact: Private Browsing tabs may be accessed without authentication

Description: This issue was addressed through improved state management.

CVE-2023-42923: ARJUN S D

**Siri**

Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

Impact: An attacker with physical access may be able to use Siri to access sensitive user data

Description: The issue was addressed with improved checks.

CVE-2023-42897: Andrew Goldberg of The McCombs School of Business, The University of Texas at Austin (linkedin.com/andrew-goldberg-/)

**WebKit**

Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

Impact: Processing web content may lead to arbitrary code execution

Description: The issue was addressed with improved memory handling.

WebKit Bugzilla: 259830  
CVE-2023-42890: Pwn2car

**WebKit**

Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

Impact: Processing an image may lead to a denial-of-service

Description: The issue was addressed with improved memory handling.

WebKit Bugzilla: 263349  
CVE-2023-42883: Zoom Offensive Security Team

CVE-2023-42927: About the security content of iOS 17.2 and iPadOS 17.2

Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.

Released December 11, 2023

**Accessibility**

Available for: macOS Sonoma

Impact: Secure text fields may be displayed via the Accessibility Keyboard when using a physical keyboard

Description: This issue was addressed with improved state management.

CVE-2023-42874: Don Clarke

**Accounts**

Available for: macOS Sonoma

Impact: An app may be able to access sensitive user data

Description: A privacy issue was addressed with improved private data redaction for log entries.

CVE-2023-42919: Kirin (@Pwnrin)

**AppleEvents**

Available for: macOS Sonoma

Impact: An app may be able to access information about a user's contacts

Description: This issue was addressed with improved redaction of sensitive information.

CVE-2023-42894: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

**AppleGraphicsControl**

Available for: macOS Sonoma

Impact: Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution

Description: Multiple memory corruption issues were addressed with improved input validation.

CVE-2023-42901: Ivan Fratric of Google Project Zero

CVE-2023-42902: Ivan Fratric of Google Project Zero, and Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative

CVE-2023-42912: Ivan Fratric of Google Project Zero

CVE-2023-42903: Ivan Fratric of Google Project Zero

CVE-2023-42904: Ivan Fratric of Google Project Zero

CVE-2023-42905: Ivan Fratric of Google Project Zero

CVE-2023-42906: Ivan Fratric of Google Project Zero

CVE-2023-42907: Ivan Fratric of Google Project Zero

CVE-2023-42908: Ivan Fratric of Google Project Zero

CVE-2023-42909: Ivan Fratric of Google Project Zero

CVE-2023-42910: Ivan Fratric of Google Project Zero

CVE-2023-42911: Ivan Fratric of Google Project Zero

CVE-2023-42926: Ivan Fratric of Google Project Zero

**AppleVA**

Available for: macOS Sonoma

Impact: Processing an image may lead to arbitrary code execution

Description: The issue was addressed with improved memory handling.

CVE-2023-42882: Ivan Fratric of Google Project Zero

**Archive Utility**

Available for: macOS Sonoma

Impact: An app may be able to access sensitive user data

Description: A logic issue was addressed with improved checks.

CVE-2023-42924: Mickey Jin (@patch1t)

**AVEVideoEncoder**

Available for: macOS Sonoma

Impact: An app may be able to disclose kernel memory

Description: This issue was addressed with improved redaction of sensitive information.

CVE-2023-42884: an anonymous researcher

**Bluetooth**

Available for: macOS Sonoma

Impact: An attacker in a privileged network position may be able to inject keystrokes by spoofing a keyboard

Description: The issue was addressed with improved checks.

CVE-2023-45866: Marc Newlin of SkySafe

**CoreMedia Playback**

Available for: macOS Sonoma

Impact: An app may be able to access user-sensitive data

Description: The issue was addressed with improved checks.

CVE-2023-42900: Mickey Jin (@patch1t)

**CoreServices**

Available for: macOS Sonoma

Impact: A user may be able to cause unexpected app termination or arbitrary code execution

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2023-42886: Koh M. Nakagawa (@tsunek0h)

**ExtensionKit**

Available for: macOS Sonoma

Impact: An app may be able to access sensitive user data

Description: A privacy issue was addressed with improved private data redaction for log entries.

CVE-2023-42927: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

**Find My**

Available for: macOS Sonoma

Impact: An app may be able to read sensitive location information

Description: This issue was addressed with improved redaction of sensitive information.

CVE-2023-42922: Wojciech Regula of SecuRing (wojciechregula.blog)

**ImageIO**

Available for: macOS Sonoma

Impact: Processing an image may lead to arbitrary code execution

Description: The issue was addressed with improved memory handling.

CVE-2023-42898: Junsung Lee

CVE-2023-42899: Meysam Firouzi @R00tkitSMM and Junsung Lee

**IOKit**

Available for: macOS Sonoma

Impact: An app may be able to monitor keystrokes without user permission

Description: An authentication issue was addressed with improved state management.

CVE-2023-42891: an anonymous researcher

**Kernel**

Available for: macOS Sonoma

Impact: An app may be able to break out of its sandbox

Description: The issue was addressed with improved memory handling.

CVE-2023-42914: Eloi Benoist-Vanderbeken (@elvanderb) of Synacktiv (@Synacktiv)

**ncurses**

Available for: macOS Sonoma

Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution

Description: This issue was addressed with improved checks.

CVE-2020-19185

CVE-2020-19186

CVE-2020-19187

CVE-2020-19188

CVE-2020-19189

CVE-2020-19190

**SharedFileList**

Available for: macOS Sonoma

Impact: An app may be able to access sensitive user data

Description: The issue was addressed with improved checks.

CVE-2023-42842: an anonymous researcher

**TCC**

Available for: macOS Sonoma

Impact: An app may be able to access protected user data

Description: A logic issue was addressed with improved checks.

CVE-2023-42932: Zhongquan Li (@Guluisacat)

**Vim**

Available for: macOS Sonoma

Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution

Description: This issue was addressed by updating to Vim version 9.0.1969.

CVE-2023-5344

**WebKit**

Available for: macOS Sonoma

Impact: Processing web content may lead to arbitrary code execution

Description: The issue was addressed with improved memory handling.

WebKit Bugzilla: 259830  
CVE-2023-42890: Pwn2car

**WebKit**

Available for: macOS Sonoma

Impact: Processing an image may lead to a denial-of-service

Description: The issue was addressed with improved memory handling.

WebKit Bugzilla: 263349  
CVE-2023-42883: Zoom Offensive Security Team

CVE-2023-42926: About the security content of macOS Sonoma 14.2

The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2. Processing web content may lead to arbitrary code execution.

This document describes the security content of Safari 17.2.

**About Apple security updates**

For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security releases page.

Apple security documents reference vulnerabilities by CVE-ID when possible.

For more information about security, see the Apple Product Security page.

**Safari 17.2**

Released December 11, 2023

**WebKit**

Available for: macOS Monterey and macOS Ventura

Impact: Processing web content may lead to arbitrary code execution

Description: The issue was addressed with improved memory handling.

WebKit Bugzilla: 259830  
CVE-2023-42890: Pwn2car

**WebKit**

Available for: macOS Monterey and macOS Ventura

Impact: Processing an image may lead to a denial-of-service

Description: The issue was addressed with improved memory handling.

WebKit Bugzilla: 263349  
CVE-2023-42883: Zoom Offensive Security Team

**Additional recognition**

**WebKit**

We would like to acknowledge 椰椰 for their assistance.

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Published Date: December 11, 2023

CVE-2023-42890: About the security content of Safari 17.2

A null pointer dereference vulnerability was found in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink.c in the Digital Phase Locked Loop (DPLL) subsystem in the  Linux kernel. This issue could be exploited to trigger a denial of service.

**Red Hat Product Security Center**

Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

Product Security Center

CVE-2023-6679: cve-details

Debian Linux Security Advisory 5573-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5573-1                   security@debian.orghttps://www.debian.org/security/                           Andres SalomonDecember 09, 2023                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2023-6508 CVE-2023-6509 CVE-2023-6510 CVE-2023-6511                  CVE-2023-6512Multiple security issues were discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure.For the oldstable distribution (bullseye), the updates are pending andwill be released shortly. When completed, fixes will be made availableas 120.0.6099.71-1~deb11u1.For the stable distribution (bookworm), these problems have been fixed inversion 120.0.6099.71-1~deb12u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmVz/oUACgkQZF0CR8NudjeHiQ//b6jyIAPFtBShCoAqRE22aN0RvzWR2BNs0Dl7CaZxMf+/+W/c0dXH3P9UtfEDv4Wcf6l6N3SSwAkCSwQx/Fr1T3Fpm2Qgv4C1fBibU/HMK/McE47Ua22MD0ZZhuuVx6kiG3rmvlH0tfi7N9oBa+6MdlUbps2PAsa7sII7BGReYvj90z80HlPPFbSc94aw/5ywL1+14CqWEdnyRxRJj5Jk0HWolyuSAItdNF3fxExweSeYHha0UKJXwK8449833YdWXl3htjrrM0nqjOfkponeq8GbPUXXaV0hIHU0Vu3nRJ26rRiFsV9UV1gzc3JRihndHizFD+gnas2KI4EiMwFDns6u2yJv7r2YLcTGfamnPuBnwsiCFfphXA1h/1GUrhCPxxRZCXdRUS5DakiaXGNS9HhC6ELcwhMKY8YcQ3CFBubi+5Jj+nUXL+n98F1m6UwJ08KBPXMKAlNhqVlsoJ4vyPD0UlKxjsPXynnnGe0c+YJlnK4+Czo/rzTwhqPy0kStMea3I9jpsgu9iQuNODKiC1xrxt0G8iaaRePwaX/IbJyjw/8lumhMkTvQ8Os5HlZAZSiHRQUgYVonOup+QywJqidkDRqsp7dsz7yrR9n/k7H5j6/XjXkZRnb4BcB3AMJkyBy7wqL8r9UCTwBD5zdfYk3VrDqJ/Klg+tEFeRbNvik==t7or-----END PGP SIGNATURE-----

Debian Security Advisory 5573-1

Ubuntu Security Notice 6544-1 - It was discovered that GNU binutils incorrectly handled certain COFF files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. It was discovered that GNU binutils was not properly performing bounds checks in several functions, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service, expose sensitive information or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.

    ==========================================================================Ubuntu Security Notice USN-6544-1December 11, 2023binutils vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTS- Ubuntu 20.04 LTS- Ubuntu 14.04 LTS (Available with Ubuntu Pro)Summary:Several security issues were fixed in GNU binutils.Software Description:- binutils: GNU assembler, linker and binary utilitiesDetails:It was discovered that GNU binutils incorrectly handled certain COFF files.An attacker could possibly use this issue to cause a crash or executearbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2022-38533)It was discovered that GNU binutils was not properly performing boundschecks in several functions, which could lead to a buffer overflow. Anattacker could possibly use this issue to cause a denial of service,expose sensitive information or execute arbitrary code. This issue onlyaffected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.(CVE-2022-4285, CVE-2020-19726, CVE-2021-46174)It was discovered that GNU binutils contained a reachable assertion, whichcould lead to an intentional assertion failure when processing certaincrafted DWARF files. An attacker could possibly use this issue to cause adenial of service. This issue only affected Ubuntu 20.04 LTSand Ubuntu 22.04 LTS. (CVE-2022-35205)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS:   binutils                        2.38-4ubuntu2.4   binutils-multiarch              2.38-4ubuntu2.4Ubuntu 20.04 LTS:   binutils                        2.34-6ubuntu1.7   binutils-multiarch              2.34-6ubuntu1.7Ubuntu 14.04 LTS (Available with Ubuntu Pro):   binutils                        2.24-5ubuntu14.2+esm6   binutils-multiarch              2.24-5ubuntu14.2+esm6In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6544-1   CVE-2020-19726, CVE-2021-46174, CVE-2022-35205, CVE-2022-38533,   CVE-2022-4285Package Information:   https://launchpad.net/ubuntu/+source/binutils/2.38-4ubuntu2.4   https://launchpad.net/ubuntu/+source/binutils/2.34-6ubuntu1.7

Ubuntu Security Notice USN-6544-1

Ubuntu Security Notice 6500-2 - USN-6500-1 fixed several vulnerabilities in Squid. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Joshua Rogers discovered that Squid incorrectly handled the Gopher protocol. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. Gopher support has been disabled in this update.

==========================================================================  
Ubuntu Security Notice USN-6500-2  
December 11, 2023

squid3 vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in Squid.

Software Description:  
- squid3: Web proxy cache server

Details:

USN-6500-1 fixed several vulnerabilities in Squid. This update provides  
the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

Original advisory details:

 Joshua Rogers discovered that Squid incorrectly handled the Gopher  
 protocol. A remote attacker could possibly use this issue to cause Squid to  
 crash, resulting in a denial of service. Gopher support has been disabled  
 in this update. (CVE-2023-46728)

 Joshua Rogers discovered that Squid incorrectly handled HTTP Digest  
 Authentication. A remote attacker could possibly use this issue to cause  
 Squid to crash, resulting in a denial of service. (CVE-2023-46847)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 18.04 LTS (Available with Ubuntu Pro):  
  squid                           3.5.27-1ubuntu1.14+esm1  
  squid3                          3.5.27-1ubuntu1.14+esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):  
  squid                           3.5.12-1ubuntu7.16+esm2  
  squid3                          3.5.12-1ubuntu7.16+esm2

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6500-2  
  https://ubuntu.com/security/notices/USN-6500-1  
  CVE-2023-46728, CVE-2023-46847

Ubuntu Security Notice USN-6500-2

Ubuntu Security Notice 6543-1 - It was discovered that tar incorrectly handled extended attributes in PAX archives. An attacker could use this issue to cause tar to crash, resulting in a denial of service.

==========================================================================  
Ubuntu Security Notice USN-6543-1  
December 11, 2023

tar vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10  
- Ubuntu 23.04  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

tar could be made to crash if it opened a specially crafted file.

Software Description:  
- tar: GNU version of the tar archiving utility

Details:

It was discovered that tar incorrectly handled extended attributes in PAX  
archives. An attacker could use this issue to cause tar to crash, resulting in a  
denial of service.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.10:  
  tar                             1.34+dfsg-1.2ubuntu1.1

Ubuntu 23.04:  
  tar                             1.34+dfsg-1.2ubuntu0.2

Ubuntu 22.04 LTS:  
  tar                             1.34+dfsg-1ubuntu0.1.22.04.2

Ubuntu 20.04 LTS:  
  tar                             1.30+dfsg-7ubuntu0.20.04.4

Ubuntu 18.04 LTS (Available with Ubuntu Pro):  
  tar                             1.29b-2ubuntu0.4+esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):  
  tar                             1.28-2.1ubuntu0.2+esm3

Ubuntu 14.04 LTS (Available with Ubuntu Pro):  
  tar                             1.27.1-1ubuntu0.1+esm4

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6543-1  
  CVE-2023-39804

Package Information:  
  https://launchpad.net/ubuntu/+source/tar/1.34+dfsg-1.2ubuntu1.1  
  https://launchpad.net/ubuntu/+source/tar/1.34+dfsg-1.2ubuntu0.2  
  https://launchpad.net/ubuntu/+source/tar/1.34+dfsg-1ubuntu0.1.22.04.2  
  https://launchpad.net/ubuntu/+source/tar/1.30+dfsg-7ubuntu0.20.04.4

Ubuntu Security Notice USN-6543-1

An oversight in BCB handling of reboot reason that allows for persistent code execution

_Published December 5, 2023_

The Chromecast Security Bulletin contains details of security vulnerabilities affecting supported Chromecast with Google TV devices (Chromecast devices). For Chromecast devices, security patch levels of 2023-10-01 or later address all applicable issues in the October 2023 Android Security Bulletin and all issues in this bulletin. To learn how to check a device's security patch level, see Chromecast firmware versions & release notes.

All supported Chromecast devices will receive an update to the 2023-10-01 patch level. We encourage all customers to accept these updates to their devices.

**Announcements**

*   In addition to the security vulnerabilities described in the October 2023 Android Security Bulletin, Chromecast devices also contain patches for the security vulnerabilities described below.

**Security patches**

Vulnerabilities are grouped under the component that they affect. There is a description of the issue and a table with the CVE, associated references, type of vulnerability, severity, and updated Android Open Source Project (AOSP) versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, like the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID.

**AMLogic**

    

CVE

References

Severity

Subcomponent

CVE-2023-48425  

A-291138519

High

U-Boot

CVE-2023-48424  

A-286458481

High

U-Boot

CVE-2023-6181  

A-291138116

Moderate

U-Boot

**System**

    

CVE

References

Severity

Subcomponent

CVE-2023-48417  

A-288311233

Moderate

KeyChain

**Functional patches**

For details on the new bug fixes and functional patches included in this release, refer to the Chromecast firmware versions & release notes.

**Acknowledgements**

Researchers

CVEs

Nolen Johnson, DirectDefense and Jan Altensen, Ray Volpe

CVE-2023-6181, CVE-2023-48425,

Lennert Wouters, rqu, Thomas Roth aka stacksmashing

CVE-2023-48424

Rocco Calvi (TecR0c), SickCodes

CVE-2023-48417

**Common questions and answers**

This section answers common questions that may occur after reading this bulletin.

**1\. How do I determine if my device is updated to address these issues?**

Security patch levels of 2023-10-01 or later address all issues associated with the 2023-10-01 security patch level and all previous patch levels. To learn how to check a device's security patch level, read the instructions on the Chromecast firmware versions & release notes.

**2\. Why are security vulnerabilities split between this bulletin and the Android Security Bulletins?**

Security vulnerabilities that are documented in the Android Security Bulletins are required to declare the latest security patch level on Android devices. Additional security vulnerabilities, such as those documented in this bulletin are not required for declaring a security patch level.

**3\. What do the entries in the _Type_ column mean?**

Entries in the _Type_ column of the vulnerability details table reference the classification of the security vulnerability.

 

Abbreviation

Definition

RCE

Remote code execution

EoP

Elevation of privilege

ID

Information disclosure

DoS

Denial of service

N/A

Classification not available

**4\. What do the entries in the _References_ column mean?**

Entries under the _References_ column of the vulnerability details table may contain a prefix identifying the organization to which the reference value belongs.

 

Prefix

Reference

A-

Android bug ID

**5\. What does an \* next to the Android bug ID in the _References_ column mean?**

Issues that are not publicly available have an \* next to the Android bug ID in the _References_ column.

**Versions**

  

Version

Date

Notes

1.0

December 5, 2023

CVE-2023-6181: Chromecast Security Bulletin—December 2023

An issue was discovered in Zammad before 6.2.0. Due to lack of rate limiting in the "email address verification" feature, an attacker could send many requests for a known address to cause Denial Of Service (generation of many emails, which would also spam the victim).

Security Advisory

December 6, 2023 · Please read carefully and check if the version of your Zammad system is affected by this vulnerability. Please send us information regarding vulnerabilities in Zammad!

**Security Advisory Details**

*   ID: ZAA-2023-06
*   Date: 2023-12-06
*   Title: Denial of Service
*   Severity: low
*   Product: Zammad 6.1.x
*   Fixed in: Zammad 6.2.0
*   References:  
    \--> pending CVE assignment

**Vulnerability Descriptions****Denial of Service**

Due to a missing rate limiting in the 'email address verification' feature of Zammad, an attacker could send many requests for a known address to cause Denial Of Service by many generated emails which would also spam the victim.

**Recommended Resolution**

This vulnerability is fixed in the latest versions of Zammad and it is recommended to upgrade to one of these.

Fixed releases can be found at:

*   https://zammad.org/
*   https://ftp.zammad.com/

Or just update your Zammad if installed via OS package manager.

**Additional information**

Online version of this advisory: https://zammad.com/en/advisories/zaa-2023-06

Please send remarks on security issues exclusively to security@zammad.com.

Tag

#dos