Gentoo Linux Security Advisory 202401-5 - A vulnerability has been found in RDoc which allows for command injection. Versions greater than or equal to 6.3.2 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202401-05  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: RDoc: Command Injection  
     Date: January 05, 2024  
     Bugs: #801301  
       ID: 202401-05

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
A vulnerability has been found in RDoc which allows for command  
injection.

Background  
=========  
RDoc produces HTML and command-line documentation for Ruby projects.

Affected packages  
================  
Package        Vulnerable    Unaffected  
-------------  ------------  ------------  
dev-ruby/rdoc  < 6.3.2       >= 6.3.2

Description  
==========  
A vulnerability has been discovered in RDoc. Please review the CVE  
identifier referenced below for details.

Impact  
=====  
RDoc used to call Kernel#open to open a local file. If a Ruby project  
has a file whose name starts with | and ends with tags, the command  
following the pipe character is executed. A malicious Ruby project could  
exploit it to run an arbitrary command execution against a user who  
attempts to run the rdoc command.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All RDoc users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">Þv-ruby/rdoc-6.3.2"

References  
=========  
[ 1 ] CVE-2021-31799  
      https://nvd.nist.gov/vuln/detail/CVE-2021-31799

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202401-05

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202401-05

Gentoo Linux Security Advisory 202401-4 - Several vulnerabilities have been found in WebKitGTK+, the worst of which can lead to remote code execution. Versions greater than or equal to 2.42.3:4 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202401-04  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: WebKitGTK+: Multiple Vulnerabilities  
     Date: January 05, 2024  
     Bugs: #907818, #909663, #910656, #918087, #918099, #919290  
       ID: 202401-04

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Several vulnerabilities have been found in WebKitGTK+, the worst of  
which can lead to remote code execution.

Background  
=========  
WebKitGTK+ is a full-featured port of the WebKit rendering engine,  
suitable for projects requiring any kind of web integration, from hybrid  
HTML/CSS applications to full-fledged web browsers.

Affected packages  
================  
Package              Vulnerable    Unaffected  
-------------------  ------------  -------------  
net-libs/webkit-gtk  < 2.42.3:4    >= 2.42.3:4  
                                   >= 2.42.3:4.1  
                                   >= 2.42.3:6

Description  
==========  
Multiple vulnerabilities have been discovered in WebKitGTK+. Please  
review the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All WebKitGTK+ users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.42.3"

References  
=========  
[ 1 ] CVE-2023-28198  
      https://nvd.nist.gov/vuln/detail/CVE-2023-28198  
[ 2 ] CVE-2023-28204  
      https://nvd.nist.gov/vuln/detail/CVE-2023-28204  
[ 3 ] CVE-2023-32370  
      https://nvd.nist.gov/vuln/detail/CVE-2023-32370  
[ 4 ] CVE-2023-32373  
      https://nvd.nist.gov/vuln/detail/CVE-2023-32373  
[ 5 ] CVE-2023-32393  
      https://nvd.nist.gov/vuln/detail/CVE-2023-32393  
[ 6 ] CVE-2023-32439  
      https://nvd.nist.gov/vuln/detail/CVE-2023-32439  
[ 7 ] CVE-2023-37450  
      https://nvd.nist.gov/vuln/detail/CVE-2023-37450  
[ 8 ] CVE-2023-38133  
      https://nvd.nist.gov/vuln/detail/CVE-2023-38133  
[ 9 ] CVE-2023-38572  
      https://nvd.nist.gov/vuln/detail/CVE-2023-38572  
[ 10 ] CVE-2023-38592  
      https://nvd.nist.gov/vuln/detail/CVE-2023-38592  
[ 11 ] CVE-2023-38594  
      https://nvd.nist.gov/vuln/detail/CVE-2023-38594  
[ 12 ] CVE-2023-38595  
      https://nvd.nist.gov/vuln/detail/CVE-2023-38595  
[ 13 ] CVE-2023-38597  
      https://nvd.nist.gov/vuln/detail/CVE-2023-38597  
[ 14 ] CVE-2023-38599  
      https://nvd.nist.gov/vuln/detail/CVE-2023-38599  
[ 15 ] CVE-2023-38600  
      https://nvd.nist.gov/vuln/detail/CVE-2023-38600  
[ 16 ] CVE-2023-38611  
      https://nvd.nist.gov/vuln/detail/CVE-2023-38611  
[ 17 ] CVE-2023-40397  
      https://nvd.nist.gov/vuln/detail/CVE-2023-40397  
[ 18 ] CVE-2023-42916  
      https://nvd.nist.gov/vuln/detail/CVE-2023-42916  
[ 19 ] CVE-2023-42917  
      https://nvd.nist.gov/vuln/detail/CVE-2023-42917  
[ 20 ] WSA-2023-0006  
      https://webkitgtk.org/security/WSA-2023-0006.html

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202401-04

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202401-04

Gentoo Linux Security Advisory 202401-3 - Multiple vulnerabilities have been discovered in Bluez, the worst of which can lead to privilege escalation. Versions greater than or equal to 5.70-r1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202401-03  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: BlueZ: Privilege Escalation  
     Date: January 05, 2024  
     Bugs: #919383  
       ID: 202401-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in Bluez, the worst of  
which can lead to privilege escalation.

Background  
=========  
BlueZ is the canonical bluetooth tools and system daemons package for  
Linux.

Affected packages  
================  
Package             Vulnerable    Unaffected  
------------------  ------------  ------------  
net-wireless/bluez  < 5.70-r1     >= 5.70-r1

Description  
==========  
Multiple vulnerabilities have been discovered in BlueZ. Please review  
the CVE identifiers referenced below for details.

Impact  
=====  
An attacker may inject unauthenticated keystrokes via Bluetooth, leading  
to privilege escalation or denial of service.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All BlueZ users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-wireless/bluez-5.70-r1"

References  
=========  
[ 1 ] CVE-2023-45866  
      https://nvd.nist.gov/vuln/detail/CVE-2023-45866

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202401-03

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202401-03

Gentoo Linux Security Advisory 202401-2 - Multiple vulnerabilities have been found in c-ares, the worst of which could result in the loss of confidentiality or integrity. Versions greater than or equal to 1.19.0 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202401-02  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: c-ares: Multiple Vulnerabilities  
     Date: January 05, 2024  
     Bugs: #807604, #807775, #892489, #905341  
       ID: 202401-02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been found in c-ares, the worst of which  
could result in the loss of confidentiality or integrity.

Background  
=========  
c-ares is a C library for asynchronous DNS requests (including name  
resolves).

Affected packages  
================  
Package         Vulnerable    Unaffected  
--------------  ------------  ------------  
net-dns/c-ares  < 1.19.0      >= 1.19.0

Description  
==========  
Multiple vulnerabilities have been discovered in c-ares. Please review  
the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All c-ares users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-dns/c-ares-1.19.0"

References  
=========  
[ 1 ] CVE-2021-3672  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3672  
[ 2 ] CVE-2021-22930  
      https://nvd.nist.gov/vuln/detail/CVE-2021-22930  
[ 3 ] CVE-2021-22931  
      https://nvd.nist.gov/vuln/detail/CVE-2021-22931  
[ 4 ] CVE-2021-22939  
      https://nvd.nist.gov/vuln/detail/CVE-2021-22939  
[ 5 ] CVE-2021-22940  
      https://nvd.nist.gov/vuln/detail/CVE-2021-22940  
[ 6 ] CVE-2022-4904  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4904

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202401-02

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202401-02

Debian Linux Security Advisory 5597-1 - It was discovered that Exim, a mail transport agent, can be induced to accept a second message embedded as part of the body of a first message in certain configurations where PIPELINING or CHUNKING on incoming connections is offered.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5597-1                   security@debian.orghttps://www.debian.org/security/                     Salvatore BonaccorsoJanuary 04, 2024                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : exim4CVE ID         : CVE-2023-51766Debian Bug     : 1059387It was discovered that Exim, a mail transport agent, can be induced toaccept a second message embedded as part of the body of a first messagein certain configurations where PIPELINING or CHUNKING on incomingconnections is offered.For the oldstable distribution (bullseye), this problem has been fixedin version 4.94.2-7+deb11u2.For the stable distribution (bookworm), this problem has been fixed inversion 4.96-15+deb12u4.We recommend that you upgrade your exim4 packages.For the detailed security status of exim4 please refer to its securitytracker page at:https://security-tracker.debian.org/tracker/exim4Further information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmWXKopfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0QjSA//XoMnLi4MFMYxltCKlh24MN3boRO7vi2ZwVwmLFsI6VKqwA84x31gqr5lFJgcgwXNsos+4rlMiY5+mRu5aIkHABPW+CRikMZhkN6mU5L1HhSSn8AcdI01xpRepFnZQdu5wb/h5kkb/AdfhTLXmTT5gWGvlGaNwthCFYW8YlaFSFYOg021d9zRAEWWuKZ4QNKCq3mM+1RG/CSRw+9n8RodZaLivvJQftNbWDlIhRiQsJWLfT6jINucCdg05lfjYaiTTWWGmXQUz9ffl6SkFHFx27jZlFieIesRwtudQONUERVQlTRLsiD+p5SzBmol5Myay9FX2SyKOFvcOJQPeUfmHERooXnyZl6ZoFU9fVRk6KRdrmIQ3ghyfu5ymcjzpbr+Ap4gyroDd6QkJwIn8dkVlI98dvJ7taJ6Sz5yWVISdBdUG0QJMpiQFH7v/wKEvn846ZJUMZKQstXnAjKc7RWs/T5i3NA1uI6QkgSKdMWOx38+cjHESngkSVewnZe3U3ouBejwucI11+M8SgOw3QosDM8wyDmyWttVmH4nLrIEVNk5jJp0lK7/agIQKIlx6kDPoqSaN2/5jSvDzVWCJTwXJ/bPRjWDyCP8J6janVD2l73pfxPIjKcxbImKq6JxMQeYYxzX2XxgZliGTGoNZAkFsWy+3tZdaBMt4PlKbYtnJxI=onc4-----END PGP SIGNATURE-----

Debian Security Advisory 5597-1

Debian Linux Security Advisory 5596-1 - Multiple security vulnerabilities have been discovered in Asterisk, an Open Source Private Branch Exchange.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5596-1                   security@debian.org  
https://www.debian.org/security/                          Markus Koschany  
January 04, 2024                      https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : asterisk  
CVE ID         : CVE-2023-37457 CVE-2023-38703 CVE-2023-49294 CVE-2023-49786  
Debian Bug     : 1059303 1059032 1059033

Multiple security vulnerabilities have been discovered in Asterisk, an Open  
Source Private Branch Exchange.

CVE-2023-37457

    The 'update' functionality of the PJSIP_HEADER dialplan function can exceed  
    the available buffer space for storing the new value of a header. By doing  
    so this can overwrite memory or cause a crash. This is not externally  
    exploitable, unless dialplan is explicitly written to update a header based  
    on data from an outside source. If the 'update' functionality is not used  
    the vulnerability does not occur.

CVE-2023-38703

    PJSIP is a free and open source multimedia communication library written in  
    C with high level API in C, C++, Java, C#, and Python languages. SRTP is a  
    higher level media transport which is stacked upon a lower level media  
    transport such as UDP and ICE. Currently a higher level transport is not  
    synchronized with its lower level transport that may introduce a  
    use-after-free issue. This vulnerability affects applications that have  
    SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media  
    transport other than UDP. This vulnerability’s impact may range from  
    unexpected application termination to control flow hijack/memory  
    corruption.

CVE-2023-49294

    It is possible to read any arbitrary file even when the `live_dangerously`  
    option is not enabled.

CVE-2023-49786

   Asterisk is susceptible to a DoS due to a race condition in the hello  
   handshake phase of the DTLS protocol when handling DTLS-SRTP for media  
   setup. This attack can be done continuously, thus denying new DTLS-SRTP  
   encrypted calls during the attack. Abuse of this vulnerability may lead to  
   a massive Denial of Service on vulnerable Asterisk servers for calls that  
   rely on DTLS-SRTP.

For the oldstable distribution (bullseye), these problems have been fixed  
in version 1:16.28.0~dfsg-0+deb11u4.

We recommend that you upgrade your asterisk packages.

For the detailed security status of asterisk please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/asterisk

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmWXIDJfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD  
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7  
UeRqthAA0ZarRHMpoNwTCAiVuVzcNqGVls/XvEvDbw1DNgjeKptlm4qafmVxHd6F  
Jtloc8zD2w0sOCZCSbATZDosXlFCkAj09aI6oSfJOLBlqRDFVNhPn1Y4a1xOgAfl  
AZyn458v3TqlNFcZjJ89qHHociZ+fDfMUYpMsp/v9A4AOQjKn7AKYJ7aaL5PHR8b  
zejn2pP/8Hv592K4+xa5h/6a0AaXX0eOTlxZDFh7x93oP+op0k4v1J7ivP+Qs4wk  
T5iOqs6JrMc640ZprXB3c8HjapZt4ee5+Yp7An3Z7o/r9crXqT/6ocIRPmkomXVb  
bhZXSfEs5BmzkdWSnOBigSWthSp9umPKWWV9wUwSe1115XxhT43J7oBix9gkNCEu  
mN5Po/yaZQUDEtWx1DpVZtI3TNBwyv28f2XoUy72oq0WqEvBGC8hLDMXqjVWxhRh  
bRXfairiS/pfx2h4eIT5xUKX7xUUCEcGpZ2hIEgGGlS8TX2le+mWa+ipKNPYrBWJ  
Qvg+MJ2JD9O3jMMS85y7ISuWUDNSeIDUSa0E48QWExZd8tmuknyDgPx5i4/nDVC+  
sxH1LnEgbUjLLfCCF0CZgbYebiEmUqyfvOSaJ3olekrxkje2WwVY+uJ4NJXBycPU  
+k3Db3c/h/zoYJ9A3ZKz/xu5L32grES2FMxdBDFeF/5VloO4/dg=N8+A  
-----END PGP SIGNATURE-----

Debian Security Advisory 5596-1

Debian Linux Security Advisory 5595-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5595-1                   security@debian.orghttps://www.debian.org/security/                           Andres SalomonJanuary 04, 2024                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2024-0222 CVE-2024-0223 CVE-2024-0224 CVE-2024-0225Multiple security issues were discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure.For the oldstable distribution (bullseye), these problems have been fixedin version 120.0.6099.199-1~deb11u1.For the stable distribution (bookworm), these problems have been fixed inversion 120.0.6099.199-1~deb12u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmWW+3wACgkQZF0CR8NudjdB2g/9Fg/GWkG5zWX5NNzw/n4uMT8eCLLYbuvtpYGwwlQ9zKoQdVDUbK4pJlNYBbutP+VXf/6PoeIxOrs4weP+vBd0nY7GRyE/IthzKrai1/itXwCtoRWx+nGaPQfTvGNpwoHBBYk115c6gSwXrrYa5jeLDgN7uVeXRk3ZLKbChDwEmbW4qgPU60k1EGreqaygwV4si93uTWla3IhTiqaMStEgoANNBXE+61qC/+Y+RxNgXB3DlX/yE5UGv2DFJ5y0fbiyA5oQrOuoRp/VwYKRrPovOP/GvtxTW9+O5NkG2Fi5V7Wp8Eafq6N0Y0KTFZgtK/pH5iAVndEKNyNAWPAW048IHc5jKlY7hTrC2KAkCC5WoBqeKsijnzhSEJ0YZsDr/3I2CbU7b8IoiWB//+bJaVtSrMxsXOs7qVxrkPwCiVIwN1tS6h2sw/A0VbzaVKGxsqe6mW1m/0xvzeUwffI6HiF7xwB9fNVWDTCIWqIYKI1DvyttJ1y25I00gbVWfW3HNOFjdCR/gA7jtCWeoX1Jk+QLkNlhSbN/l4wSuJSCvFXMbRFTPdv6l12f8u7IcabJKoTLp/8vK7UK1IEjMIutncc9uRbgwT1hProOToF3RQo7sgU/N0s9dOj8TLRZLYHYMaDhwY/PbebB2/3LuV3m4G9VMl2DzTk5WW39lQmqnTPXYSY=Hl1s-----END PGP SIGNATURE-----

Debian Security Advisory 5595-1

Red Hat Security Advisory 2024-0046-03 - An update for the squid:4 module is now available for Red Hat Enterprise Linux 8. Issues addressed include buffer over-read, denial of service, and null pointer vulnerabilities.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0046.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: squid:4 security updateAdvisory ID:        RHSA-2024:0046-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0046Issue date:         2024-01-04Revision:           03CVE Names:          CVE-2023-46724====================================================================Summary: An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.Security Fix(es):* squid: Denial of Service in SSL Certificate validation (CVE-2023-46724)* squid: NULL pointer dereference in the gopher protocol code (CVE-2023-46728)* squid: Buffer over-read in the HTTP Message processing feature (CVE-2023-49285)* squid: Incorrect Check of Function Return Value In Helper Process management (CVE-2023-49286)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-46724References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2247567https://bugzilla.redhat.com/show_bug.cgi?id=2248521https://bugzilla.redhat.com/show_bug.cgi?id=2252923https://bugzilla.redhat.com/show_bug.cgi?id=2252926

Red Hat Security Advisory 2024-0046-03

Red Hat Security Advisory 2024-0033-03 - An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0033.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: Red Hat Virtualization Host 4.4.z SP 1 security updateAdvisory ID:        RHSA-2024:0033-03Product:            Red Hat VirtualizationAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0033Issue date:         2024-01-03Revision:           03CVE Names:          CVE-2023-4911====================================================================Summary: An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.Security Fix(es):For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/2974891CVEs:CVE-2023-4911References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2238352

Red Hat Security Advisory 2024-0033-03

Three new malicious packages have been discovered in the Python Package Index (PyPI) open-source repository with capabilities to deploy a cryptocurrency miner on affected Linux devices.
The three harmful packages, named modularseven, driftme, and catme, attracted a total of 431 downloads over the past month before they were taken down.
“These packages, upon initial use, deploy a CoinMiner

Cryptocurrency Miner / Malware

Three new malicious packages have been discovered in the Python Package Index (PyPI) open-source repository with capabilities to deploy a cryptocurrency miner on affected Linux devices.

The three harmful packages, named modularseven, driftme, and catme, attracted a total of 431 downloads over the past month before they were taken down.

"These packages, upon initial use, deploy a CoinMiner executable on Linux devices," Fortinet FortiGuard Labs researcher Gabby Xiong said, adding the campaign shares overlaps with a prior campaign that involved the use of a package called culturestreak to deploy a crypto miner.

The malicious code resides in the \_\_init\_\_.py file, which decodes and retrieves the first stage from a remote server, a shell script ("unmi.sh") that fetches a configuration file for the mining activity as well as the CoinMiner file hosted on GitLab.

The ELF binary file is then executed in the background using the nohup command, thus ensuring that the process continues to run after exiting the session.

"Echoing the approach of the earlier 'culturestreak' package, these packages conceal their payload, effectively reducing the detectability of their malicious code by hosting it on a remote URL," Xiong said. "The payload is then incrementally released in various stages to execute its malicious activities."

The connections to the culturestreak package also stems from the fact that the configuration file is hosted on the domain papiculo\[.\]net and the coin mining executables are hosted on a public GitLab repository.

One notable improvement in the three new packages is the introduction of an extra stage by concealing their nefarious intent in the shell script, thereby helping it evade detection by security software and lengthening the exploitation process.

"Moreover, this malware inserts the malicious commands into the ~/.bashrc file," Xiong said. "This addition ensures the malware's persistence and reactivation on the user's device, effectively extending the duration of its covert operation. This strategy aids in the prolonged, stealthy exploitation of the user's device for the attacker's benefit."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Tag

#linux