There are also multiple vulnerabilities in AVideo, an open-source video broadcasting suite, that could lead to arbitrary code execution.

Wednesday, January 17, 2024 12:00

Cisco Talos’ Vulnerability Research team has disclosed dozens of vulnerabilities over the past month, including more than 30 advisories in GTKWave and a critical vulnerability in ManageEngine OpManager. 

Cisco ASIG also recently discovered an information disclosure vulnerability in DuoUniversalKeycloakAuthenticator, an authentication solution for Keycloak, an open-source identity and access management solution.  

There are also multiple vulnerabilities in AVideo, an open-source video broadcasting suite, that could lead to arbitrary code execution. 

All the vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy. 

For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website.  

**ManageEngine OpManager directory traversal vulnerability **

_Discovered by Marcin “Icewall” Noga._ 

A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager, a network management solution. 

TALOS-2023-1851 (CVE-2023-47211) can be exploited if an adversary sends a target a specially crafted HTTP request, which could allow them to create a file in any location outside of the default MiBs file’s location directory. This vulnerability has a critical severity score of 9.1 out of 10. 

This vulnerability arises if the adversary uses OpManager and navigates to Settings -> Tools -> MiB Browser and selects “Upload MiB.” The arbitrary file they could eventually create can only be one of a few file extensions, however, including .txt, .mib and .mi2. 

**Multiple vulnerabilities in GTKWave **

_Discovered by Claudio Bozzato._ 

Cisco Talos recently discovered multiple vulnerabilities in the GTKwave simulation tool, some of which could allow an attacker to execute arbitrary code on the targeted machine. 

GTKwave is a wave viewer used to run different FPGA simulations. It includes multiple versions to run on macOS, Linux, Unix and Microsoft machines. The open-source software analyzes trace files to look at the results of simulations run across different design implementations, or to analyze protocols captured with logic analyzers.  

Talos researchers found a wide array of security issues across this software that affect different functions in GTKwave, many of which are triggered if an attacker can trick the targeted user into opening a specially crafted malicious file. In all, Talos recently released 33 advisories that cover more than 80 CVEs. Many of these issues are caused by the reuse of vulnerable code across the software. Other vulnerabilities are often duplicated by the adversary sending different file types as the initial infection document. 

There are eight integer overflow vulnerabilities that could result in memory corruption, and eventually, arbitrary code execution: TALOS-2023-1812 (CVE-2023-38618, CVE-2023-38621, CVE-2023-38620, CVE-2023-38619, CVE-2023-38623, CVE-2023-38622), TALOS-2023-1816 (CVE-2023-35004), TALOS-2023-1822 (CVE-2023-35989), TALOS-2023-1798 (CVE-2023-36915, CVE-2023-36916), TALOS-2023-1777 (CVE-2023-32650), TALOS-2023-1824 (CVE-2023-39413, CVE-2023-39414), TALOS-2023-1790 (CVE-2023-35992) and TALOS-2023-1792 (CVE-2023-35128). 

The most common vulnerability type Talos researchers found in GTKWave were out-of-bounds write issues that could lead to arbitrary code execution. All the following vulnerabilities could be exploited if a target opened an attacker-created file: 

*   TALOS-2023-1804 (CVE-2023-37416, CVE-2023-37419, CVE-2023-37420, CVE-2023-37418, CVE-2023-37417) 
*   TALOS-2023-1805 (CVE-2023-37447, CVE-2023-37446, CVE-2023-37445, CVE-2023-37444, CVE-2023-37442, CVE-2023-37443) 
*   TALOS-2023-1810 (CVE-2023-37282) 
*   TALOS-2023-1811 (CVE-2023-36861) 
*   TALOS-2023-1813 (CVE-2023-38649, CVE-2023-38648) 
*   TALOS-2023-1817 (CVE-2023-39235, CVE-2023-39234) 
*   TALOS-2023-1819 (CVE-2023-34436) 
*   TALOS-2023-1823 (CVE-2023-38657) 
*   TALOS-2023-1826 (CVE-2023-39443, CVE-2023-39444) 

TALOS-2023-1807 (CVE-2023-37921, CVE-2023-37923, CVE-2023-37922) can also lead to remote code execution, but in this case, is caused by an arbitrary write issue. 

For a complete list of all the vulnerabilities Talos discovered in GTKWave, refer to our Vulnerability Reports page here. 

**DuoUniversalKeycloakAuthenticator for Keycloak **

_Discovered by Benjamin Taylor of Cisco ASIG._ 

An information disclosure vulnerability exists in the instipod DuoUniversalKeycloakAuthenticator for Keycloak. Keycloak is an open-source identity and access management solution, and DuoUniversalKeyAuthenticator allows Keycloak to push a Cisco Duo notification to the Duo app, asking the user to authenticate in.  

The Keycloak extension for Duo, after it detects that initial authentication has succeeded with Keycloak, redirects the user’s browser to the configured duosecurity.com endpoint, sending the username and password in question each time. 

TALOS-2023-1907 (CVE-2023-49594) indicates that this is unnecessary exposure of this data, potentially allowing an attacker to steal or view this information. 

**Multiple vulnerabilities in WWBN AVideo **

_Discovered by Claudio Bozzato._ 

WWBN AVideo contains multiple vulnerabilities that an attacker could exploit to carry out a range of malicious actions, including brute-forcing user credentials and forcing a targeted user to reset their password to something the attacker knows. 

AVideo is a web application, mostly written in PHP, that allows users to create audio and video sharing websites. Users can import videos from other sources, like YouTube, encode the videos and then make them shareable in various ways. 

There are multiple cross-site scripting vulnerabilities in AVideo that could allow an attacker to execute arbitrary JavaScript code on the targeted machine: 

*   TALOS-2023-1882 (CVE-2023-48730) 
*   TALOS-2023-1883 (CVE-2023-48728) 
*   TALOS-2023-1884 (CVE-2023-47861) 

An attacker could exploit these vulnerabilities by tricking a user into visiting a specially crafted web page. 

There are three other vulnerabilities — TALOS-2023-1869 (CVE-2023-47171), TALOS-2023-1881 (CVE-2023-49738) and TALOS-2023-1880 (CVE-2023-49864, CVE-2023-49863, CVE-2023-49862) — that could allow adversaries to read arbitrary files with an HTTP request targeting different parameters in AVideo’s “objects/aVideoEncoderReceiveImage.json.php” file. 

Talos researchers also discovered TALOS-2023-1896 (CVE-2023-49589), an insufficient entropy vulnerability that can allow an attacker to forge a password reset for an administrator account. This could allow an adversary to reset a user’s account, set a new password that only the adversary knows, and then log in with that account information. An adversary could also exploit TALOS-2023-1897 (CVE-2023-50172) to prevent AVideo from sending an email to the associated account’s email address alerting them of the password reset process, so exploitation becomes less evident. 

Similarly, TALOS-2023-1900 (CVE-2023-49599) can also be exploited using this method, but this vulnerability targets administrator accounts. 

The most serious vulnerability Talos discovered in AVideo is TALOS-2023-1886 (CVE-2023-47862), a local file inclusion vulnerability that could eventually lead to arbitrary code execution. This vulnerability has a severity score of 9.8 out of 10. TALOS-2023-1885 (CVE-2023-49715) is an unrestricted php file upload vulnerability that can also lead to code execution, but only when used in conjunction with a local file inclusion vulnerability like TALOS-2023-1886. 

TALOS-2023-1898 (CVE-2023-49810) could be exploited in AVideo by sending a specially crafted HTTP request. An adversary could exploit this vulnerability to bypass the CAPTCHA process when trying to log into the service, therefore making it easier for an attacker to attempt to brute force login credentials or password-guessing attacks.

Critical vulnerability in ManageEngine could lead to file creation, dozens of other vulnerabilities disclosed by Talos to start 2024

Gentoo Linux Security Advisory 202401-25 - Multiple vulnerabilities have been discovered in OpenJDK, the worst of which can lead to remote code execution. Versions greater than or equal to 11.0.19_p7:11 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202401-25  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: OpenJDK: Multiple Vulnerabilities  
     Date: January 17, 2024  
     Bugs: #859376, #859400, #877597, #891323, #908243  
       ID: 202401-25

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in OpenJDK, the worst of  
which can lead to remote code execution.

Background  
==========

OpenJDK is an open source implementation of the Java programming  
language.

Affected packages  
=================

Package                   Vulnerable       Unaffected  
------------------------  ---------------  ----------------  
dev-java/openjdk          < 11.0.19_p7:11  >= 11.0.19_p7:11  
                          < 17.0.7_p7:17   >= 17.0.7_p7:17  
                          < 8.372_p07:8    >= 8.372_p07:8  
dev-java/openjdk-bin      < 11.0.19_p7:11  >= 11.0.19_p7:11  
                          < 17.0.7_p7:17   >= 17.0.7_p7:17  
                          < 8.372_p07:8    >= 8.372_p07:8  
dev-java/openjdk-jre-bin  < 11.0.19_p7:11  >= 11.0.19_p7:11  
                          < 17.0.7_p7:17   >= 17.0.7_p7:17  
                          < 8.372_p07:8    >= 8.372_p07:8

Description  
===========

Multiple vulnerabilities have been discovered in OpenJDK. Please review  
the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All OpenJDK users should upgrade to the latest versions:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=dev-java/openjdk-8.372_p07"  
  # emerge --ask --oneshot --verbose ">=dev-java/openjdk-11.0.19_p7"  
  # emerge --ask --oneshot --verbose ">=dev-java/openjdk-17.0.7_p7"

All OpenJDK JRE binary users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=dev-java/openjdk-jre-bin-8.372_p07"  
  # emerge --ask --oneshot --verbose ">=dev-java/openjdk-jre-bin-11.0.19_p7"  
  # emerge --ask --oneshot --verbose ">=dev-java/openjdk-jre-bin-17.0.7_p7"

All OpenJDK binary users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=dev-java/openjdk-bin-8.372_p07"  
  # emerge --ask --oneshot --verbose ">=dev-java/openjdk-bin-11.0.19_p7"  
  # emerge --ask --oneshot --verbose ">=dev-java/openjdk-bin-17.0.7_p7"

References  
==========

[ 1 ] CVE-2022-21540  
      https://nvd.nist.gov/vuln/detail/CVE-2022-21540  
[ 2 ] CVE-2022-21541  
      https://nvd.nist.gov/vuln/detail/CVE-2022-21541  
[ 3 ] CVE-2022-21549  
      https://nvd.nist.gov/vuln/detail/CVE-2022-21549  
[ 4 ] CVE-2022-21618  
      https://nvd.nist.gov/vuln/detail/CVE-2022-21618  
[ 5 ] CVE-2022-21619  
      https://nvd.nist.gov/vuln/detail/CVE-2022-21619  
[ 6 ] CVE-2022-21624  
      https://nvd.nist.gov/vuln/detail/CVE-2022-21624  
[ 7 ] CVE-2022-21626  
      https://nvd.nist.gov/vuln/detail/CVE-2022-21626  
[ 8 ] CVE-2022-21628  
      https://nvd.nist.gov/vuln/detail/CVE-2022-21628  
[ 9 ] CVE-2022-34169  
      https://nvd.nist.gov/vuln/detail/CVE-2022-34169  
[ 10 ] CVE-2022-39399  
      https://nvd.nist.gov/vuln/detail/CVE-2022-39399  
[ 11 ] CVE-2022-42920  
      https://nvd.nist.gov/vuln/detail/CVE-2022-42920  
[ 12 ] CVE-2023-21830  
      https://nvd.nist.gov/vuln/detail/CVE-2023-21830  
[ 13 ] CVE-2023-21835  
      https://nvd.nist.gov/vuln/detail/CVE-2023-21835  
[ 14 ] CVE-2023-21843  
      https://nvd.nist.gov/vuln/detail/CVE-2023-21843

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202401-25

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202401-25

Ubuntu Security Notice 6587-1 - Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled memory when processing the DeviceFocusEvent and ProcXIQueryPointer APIs. An attacker could possibly use this issue to cause the X Server to crash, obtain sensitive information, or execute arbitrary code. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled reattaching to a different master device. An attacker could use this issue to cause the X Server to crash, leading to a denial of service, or possibly execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-6587-1  
January 16, 2024

xorg-server, xwayland vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10  
- Ubuntu 23.04  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in X.Org X Server.

Software Description:  
- xorg-server: X.Org X11 server  
- xwayland: X server for running X clients under Wayland

Details:

Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled  
memory when processing the DeviceFocusEvent and ProcXIQueryPointer APIs. An  
attacker could possibly use this issue to cause the X Server to crash,  
obtain sensitive information, or execute arbitrary code. (CVE-2023-6816)

Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled  
reattaching to a different master device. An attacker could use this issue  
to cause the X Server to crash, leading to a denial of service, or possibly  
execute arbitrary code. (CVE-2024-0229)

Olivier Fourdan and Donn Seeley discovered that the X.Org X Server  
incorrectly labeled GLX PBuffers when used with SELinux. An attacker could  
use this issue to cause the X Server to crash, leading to a denial of  
service. (CVE-2024-0408)

Olivier Fourdan discovered that the X.Org X Server incorrectly handled  
the curser code when used with SELinux. An attacker could use this issue to  
cause the X Server to crash, leading to a denial of service.  
(CVE-2024-0409)

Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled  
memory when processing the XISendDeviceHierarchyEvent API. An attacker  
could possibly use this issue to cause the X Server to crash, or execute  
arbitrary code. (CVE-2024-21885)

Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled  
devices being disabled. An attacker could possibly use this issue to cause  
the X Server to crash, or execute arbitrary code. (CVE-2024-21886)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.10:  
   xserver-xorg-core               2:21.1.7-3ubuntu2.6  
   xwayland                        2:23.2.0-1ubuntu0.4

Ubuntu 23.04:  
   xserver-xorg-core               2:21.1.7-1ubuntu3.6  
   xwayland                        2:22.1.8-1ubuntu1.4

Ubuntu 22.04 LTS:  
   xserver-xorg-core               2:21.1.4-2ubuntu1.7~22.04.7  
   xwayland                        2:22.1.1-1ubuntu0.10

Ubuntu 20.04 LTS:  
   xserver-xorg-core               2:1.20.13-1ubuntu1~20.04.14  
   xwayland                        2:1.20.13-1ubuntu1~20.04.14

After a standard system update you need to reboot your computer to make all  
the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6587-1  
   CVE-2023-6816, CVE-2024-0229, CVE-2024-0408, CVE-2024-0409,  
   CVE-2024-21885, CVE-2024-21886

Package Information:  
   https://launchpad.net/ubuntu/+source/xorg-server/2:21.1.7-3ubuntu2.6  
   https://launchpad.net/ubuntu/+source/xwayland/2:23.2.0-1ubuntu0.4  
   https://launchpad.net/ubuntu/+source/xorg-server/2:21.1.7-1ubuntu3.6  
   https://launchpad.net/ubuntu/+source/xwayland/2:22.1.8-1ubuntu1.4  
   https://launchpad.net/ubuntu/+source/xorg-server/2:21.1.4-2ubuntu1.7~22.04.7  
   https://launchpad.net/ubuntu/+source/xwayland/2:22.1.1-1ubuntu0.10  
   https://launchpad.net/ubuntu/+source/xorg-server/2:1.20.13-1ubuntu1~20.04.14

Ubuntu Security Notice USN-6587-1

Red Hat Security Advisory 2024-0262-03 - An update for kernel is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support. Issues addressed include a use-after-free vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0262.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: kernel security updateAdvisory ID:        RHSA-2024:0262-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0262Issue date:         2024-01-16Revision:           03CVE Names:          CVE-2023-3611====================================================================Summary: An update for kernel is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The kernel packages contain the Linux kernel, the core of any Linux operating system.Security Fix(es):* kernel: net/sched: sch_qfq component can be exploited if in qfq_change_agg function happens qfq_enqueue overhead (CVE-2023-3611)* kernel: net/sched: cls_fw component can be exploited as result of failure in tcf_change_indev function (CVE-2023-3776)* kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route (CVE-2023-4128, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-3611References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2225097https://bugzilla.redhat.com/show_bug.cgi?id=2225191https://bugzilla.redhat.com/show_bug.cgi?id=2225511

Red Hat Security Advisory 2024-0262-03

Red Hat Security Advisory 2024-0261-03 - An update for kernel is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support. Issues addressed include a use-after-free vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0261.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: kernel security updateAdvisory ID:        RHSA-2024:0261-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0261Issue date:         2024-01-16Revision:           03CVE Names:          CVE-2023-3611====================================================================Summary: An update for kernel is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The kernel packages contain the Linux kernel, the core of any Linux operating system.Security Fix(es):* kernel: net/sched: sch_qfq component can be exploited if in qfq_change_agg function happens qfq_enqueue overhead (CVE-2023-3611)* kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route (CVE-2023-4128, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-3611References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2225191https://bugzilla.redhat.com/show_bug.cgi?id=2225511

Red Hat Security Advisory 2024-0261-03

Google on Tuesday released updates to fix four security issues in its Chrome browser, including an actively exploited zero-day flaw.
The issue, tracked as CVE-2024-0519, concerns an out-of-bounds memory access in the V8 JavaScript and WebAssembly engine, which can be weaponized by threat actors to trigger a crash.
"By reading out-of-bounds memory, an attacker might be able to get secret values,

Browser Security / Vulnerability

Google on Tuesday released updates to fix four security issues in its Chrome browser, including an actively exploited zero-day flaw.

The issue, tracked as **CVE-2024-0519**, concerns an out-of-bounds memory access in the V8 JavaScript and WebAssembly engine, which can be weaponized by threat actors to trigger a crash.

"By reading out-of-bounds memory, an attacker might be able to get secret values, such as memory addresses, which can be bypass protection mechanisms such as ASLR in order to improve the reliability and likelihood of exploiting a separate weakness to achieve code execution instead of just denial of service," according to MITRE's Common Weakness Enumeration (CWE).

Additional details about the nature of the attacks and the threat actors that may be exploiting them have withheld in an attempt to prevent further exploitation. The issue was reported anonymously on January 11, 2024.

"Out-of-bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page," reads a description of the flaw on the NIST's National Vulnerability Database (NVD).

The development marks the first actively exploited zero-day to be patched by Google in Chrome in 2024. Last year, the tech giant resolved a total of 8 such actively exploited zero-days in the browser.

Users are recommended to upgrade to Chrome version 120.0.6099.224/225 for Windows, 120.0.6099.234 for macOS, and 120.0.6099.224 for Linux to mitigate potential threats.

Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Zero-Day Alert: Update Chrome Now to Fix New Actively Exploited Vulnerability

Gentoo Linux Security Advisory 202401-24 - Multiple denial of service vulnerabilities have been discovered in Nettle. Versions greater than or equal to 3.9.1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202401-24  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: Nettle: Denial of Service  
     Date: January 16, 2024  
     Bugs: #806839, #907673  
       ID: 202401-24

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple denial of service vulnerabilities have been discovered in  
Nettle.

Background  
=========  
Nettle is a cryptographic library that is designed to fit easily in  
almost any context: In cryptographic toolkits for object-oriented  
languages, such as C++, Python, or Pike, in applications like lsh or  
GnuPG, or even in kernel space.

Affected packages  
================  
Package          Vulnerable    Unaffected  
---------------  ------------  ------------  
dev-libs/nettle  < 3.9.1       >= 3.9.1

Description  
==========  
Multiple vulnerabilities have been discovered in Nettle. Please review  
the CVE identifiers referenced below for details.

Impact  
=====  
A flaw was found in the way nettle's RSA decryption functions handled  
specially crafted ciphertext. An attacker could use this flaw to provide  
a manipulated ciphertext leading to application crash and denial of  
service.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All Nettle users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">Þv-libs/nettle-3.9.1"

References  
=========  
[ 1 ] CVE-2021-3580  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3580  
[ 2 ] CVE-2023-36660  
      https://nvd.nist.gov/vuln/detail/CVE-2023-36660

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202401-24

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202401-24

Gentoo Linux Security Advisory 202401-23 - A buffer overread vulnerability has been found in libuv. Versions greater than or equal to 1.41.1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202401-23  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Low  
    Title: libuv: Buffer Overread  
     Date: January 16, 2024  
     Bugs: #800986  
       ID: 202401-23

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
A buffer overread vulnerability has been found in libuv.

Background  
=========  
libuv is a multi-platform support library with a focus on asynchronous  
I/O.

Affected packages  
================  
Package         Vulnerable    Unaffected  
--------------  ------------  ------------  
dev-libs/libuv  < 1.41.1      >= 1.41.1

Description  
==========  
libuv fails to ensure that a pointer lies within the bounds of a defined  
buffer in the uv__idna_toascii() function before reading and  
manipulating the memory at that address.

Impact  
=====  
The overread can result in information disclosure or application crash.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All libuv users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">Þv-libs/libuv-1.41.1"

References  
=========  
[ 1 ] CVE-2021-22918  
      https://nvd.nist.gov/vuln/detail/CVE-2021-22918

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202401-23

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202401-23

Gentoo Linux Security Advisory 202401-22 - Multiple vulnerabilities have been discovered in libspf2, the worst of which can lead to remote code execution. Versions greater than or equal to 1.2.11 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202401-22  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: libspf2: Multiple vulnerabilities  
     Date: January 15, 2024  
     Bugs: #807739  
       ID: 202401-22

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in libspf2, the worst of  
which can lead to remote code execution.

Background  
=========  
libspf2 is a library that implements the Sender Policy Framework,  
allowing mail transfer agents to make sure that an email is authorized  
by the domain name that it is coming from.

Affected packages  
================  
Package              Vulnerable    Unaffected  
-------------------  ------------  ------------  
mail-filter/libspf2  < 1.2.11      >= 1.2.11

Description  
==========  
Multiple vulnerabilities have been discovered in libspf2. Please review  
the CVE identifiers referenced below for details.

Impact  
=====  
Various buffer overflows have been identified that can lead to denial of  
service and possibly arbitrary code execution.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All libspf2 users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=mail-filter/libspf2-1.2.11"

References  
=========  
[ 1 ] CVE-2021-20314  
      https://nvd.nist.gov/vuln/detail/CVE-2021-20314  
[ 2 ] CVE-2021-33912  
      https://nvd.nist.gov/vuln/detail/CVE-2021-33912  
[ 3 ] CVE-2021-33913  
      https://nvd.nist.gov/vuln/detail/CVE-2021-33913

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202401-22

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202401-22

Gentoo Linux Security Advisory 202401-21 - A vulnerability has been found in KTextEditor where local code can be executed without user interaction. Versions greater than or equal to 5.90.0-r2 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202401-21  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: KTextEditor: Arbitrary Local Code Execution  
     Date: January 15, 2024  
     Bugs: #832447  
       ID: 202401-21

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
A vulnerability has been found in KTextEditor where local code can be  
executed without user interaction.

Background  
=========  
Framework providing a full text editor component for KDE.

Affected packages  
================  
Package                     Vulnerable    Unaffected  
--------------------------  ------------  ------------  
kde-frameworks/ktexteditor  < 5.90.0-r2   >= 5.90.0-r2

Description  
==========  
A vulnerability has been discovered in KTextEditor. Please review the  
CVE identifiers referenced below for details.

Impact  
=====  
KTextEditor executes binaries without user interaction in a few cases,  
e.g. KTextEditor will try to check on external file modification via  
invoking the "git" binary if the file is known in the repository with  
the new content.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All KTextEditor users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=kde-frameworks/ktexteditor-5.90.0-r2"

References  
=========  
[ 1 ] CVE-2022-23853  
      https://nvd.nist.gov/vuln/detail/CVE-2022-23853

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202401-21

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Tag

#linux