Ubuntu Security Notice 7121-3 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7121-3November 25, 2024linux-oracle vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 16.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-oracle: Linux kernel for Oracle Cloud systemsDetails:Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - ARM64 architecture;  - S390 architecture;  - x86 architecture;  - Block layer subsystem;  - Cryptographic API;  - ATM drivers;  - Device frequency scaling framework;  - GPU drivers;  - Hardware monitoring drivers;  - VMware VMCI Driver;  - Network drivers;  - Device tree and open firmware driver;  - SCSI drivers;  - Greybus lights staging drivers;  - BTRFS file system;  - File systems infrastructure;  - F2FS file system;  - JFS file system;  - NILFS2 file system;  - Netfilter;  - Memory management;  - Ethernet bridge;  - IPv6 networking;  - IUCV driver;  - Logical Link layer;  - MAC80211 subsystem;  - NFC subsystem;  - Network traffic control;  - Unix domain sockets;(CVE-2023-52614, CVE-2024-26633, CVE-2024-46758, CVE-2024-46723,CVE-2023-52502, CVE-2024-41059, CVE-2024-44987, CVE-2024-36020,CVE-2023-52599, CVE-2023-52639, CVE-2024-26668, CVE-2024-42094,CVE-2022-48938, CVE-2022-48733, CVE-2024-27397, CVE-2023-52578,CVE-2024-38560, CVE-2024-38538, CVE-2024-42310, CVE-2024-46722,CVE-2024-46800, CVE-2024-41095, CVE-2024-42104, CVE-2024-35877,CVE-2022-48943, CVE-2024-46743, CVE-2023-52531, CVE-2024-46757,CVE-2024-36953, CVE-2024-46756, CVE-2024-38596, CVE-2023-52612,CVE-2024-38637, CVE-2024-41071, CVE-2024-46759, CVE-2024-43882,CVE-2024-26675, CVE-2024-43854, CVE-2024-44942, CVE-2024-44998,CVE-2024-42240, CVE-2024-41089, CVE-2024-26636, CVE-2024-46738,CVE-2024-42309)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 16.04 LTS  linux-image-4.15.0-1137-oracle  4.15.0-1137.148~16.04.1                                  Available with Ubuntu Pro  linux-image-oracle              4.15.0.1137.148~16.04.1                                  Available with Ubuntu ProAfter a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7121-3  https://ubuntu.com/security/notices/USN-7121-2  https://ubuntu.com/security/notices/USN-7121-1  CVE-2022-48733, CVE-2022-48938, CVE-2022-48943, CVE-2023-52502,  CVE-2023-52531, CVE-2023-52578, CVE-2023-52599, CVE-2023-52612,  CVE-2023-52614, CVE-2023-52639, CVE-2024-26633, CVE-2024-26636,  CVE-2024-26668, CVE-2024-26675, CVE-2024-27397, CVE-2024-35877,  CVE-2024-36020, CVE-2024-36953, CVE-2024-38538, CVE-2024-38560,  CVE-2024-38596, CVE-2024-38637, CVE-2024-41059, CVE-2024-41071,  CVE-2024-41089, CVE-2024-41095, CVE-2024-42094, CVE-2024-42104,  CVE-2024-42240, CVE-2024-42309, CVE-2024-42310, CVE-2024-43854,  CVE-2024-43882, CVE-2024-44942, CVE-2024-44987, CVE-2024-44998,  CVE-2024-46722, CVE-2024-46723, CVE-2024-46738, CVE-2024-46743,  CVE-2024-46756, CVE-2024-46757, CVE-2024-46758, CVE-2024-46759,  CVE-2024-46800

Ubuntu Security Notice USN-7121-3

Debian Linux Security Advisory 5818-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5818-1                   security@debian.org  
https://www.debian.org/security/                     Salvatore Bonaccorso  
November 24, 2024                     https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : linux  
CVE ID         : CVE-2022-45888 CVE-2023-52812 CVE-2024-26952 CVE-2024-26954  
                 CVE-2024-35964 CVE-2024-36244 CVE-2024-36478 CVE-2024-36914  
                 CVE-2024-36915 CVE-2024-36923 CVE-2024-38540 CVE-2024-38553  
                 CVE-2024-41080 CVE-2024-42322 CVE-2024-43868 CVE-2024-43904  
                 CVE-2024-43911 CVE-2024-44949 CVE-2024-49950 CVE-2024-49960  
                 CVE-2024-49974 CVE-2024-49986 CVE-2024-49991 CVE-2024-50012  
                 CVE-2024-50036 CVE-2024-50067 CVE-2024-50072 CVE-2024-50126  
                 CVE-2024-50215 CVE-2024-50218 CVE-2024-50228 CVE-2024-50229  
                 CVE-2024-50230 CVE-2024-50232 CVE-2024-50233 CVE-2024-50234  
                 CVE-2024-50235 CVE-2024-50236 CVE-2024-50237 CVE-2024-50242  
                 CVE-2024-50243 CVE-2024-50244 CVE-2024-50245 CVE-2024-50247  
                 CVE-2024-50249 CVE-2024-50250 CVE-2024-50251 CVE-2024-50252  
                 CVE-2024-50255 CVE-2024-50256 CVE-2024-50257 CVE-2024-50259  
                 CVE-2024-50261 CVE-2024-50262 CVE-2024-50264 CVE-2024-50265  
                 CVE-2024-50267 CVE-2024-50268 CVE-2024-50269 CVE-2024-50271  
                 CVE-2024-50272 CVE-2024-50273 CVE-2024-50276 CVE-2024-50278  
                 CVE-2024-50279 CVE-2024-50280 CVE-2024-50282 CVE-2024-50283  
                 CVE-2024-50284 CVE-2024-50286 CVE-2024-50287 CVE-2024-50290  
                 CVE-2024-50292 CVE-2024-50295 CVE-2024-50296 CVE-2024-50299  
                 CVE-2024-50301 CVE-2024-50302 CVE-2024-53042 CVE-2024-53043  
                 CVE-2024-53052 CVE-2024-53054 CVE-2024-53055 CVE-2024-53057  
                 CVE-2024-53058 CVE-2024-53059 CVE-2024-53060 CVE-2024-53061  
                 CVE-2024-53063 CVE-2024-53066 CVE-2024-53070 CVE-2024-53072  
                 CVE-2024-53081 CVE-2024-53082 CVE-2024-53088 CVE-2024-53093

Several vulnerabilities have been discovered in the Linux kernel that  
may lead to a privilege escalation, denial of service or information  
leaks.

For the stable distribution (bookworm), these problems have been fixed in  
version 6.1.119-1.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to its security  
tracker page at:  
https://security-tracker.debian.org/tracker/linux

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmdDS8lfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2  
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND  
z0QwLw/+OVgV3FTBaH3iV5PLBx/mLJH6xhNQeHzzlQXnREHfueWblf9QSCjRGHkl  
3ZlIvTKIEp7K5mNjqLBzbDjRNWijJdcDPqEp8dVET9Xwvht6AOX3C/oZpIPlLKkf  
ei0vJSUVIselsK5WfndPi19gR/Y0asKUF+XK47nchELEkZX9r+Mv36yib4z2z4b8  
K0iUtpInS5krLrqHTJbo8tJZ69C7a+U12KYGhzbDFSGM39mDhKWQ/gmloxjXHu8K  
sS84Z4SwWMll1pcjfiFVeD669zUS/VHR8Y34s2pjPwqqIejDORUZbFc6FQhP+Vk6  
PJVAAPWv0n39Ag1gQ21/BQis+b2CcC9CHWuMaG6ELQ/8HmcTCQkCOwzCCPN2woMy  
mLLK2gR6hEU+zuBs4Pg7jvdAeznbCmG28WfR9FO+WO410rWc7+IL5vcbGDGUVNu2  
vIq+R6GKqUC+6maOxc78NKFuU0c09hvK6UHiTuFlFScSI1vhg8mIxSbwWEpVlDA/  
dRXWkGneZ+2/gqUBGK31X295irixsNjvjjipMB4K28WSqeaQdJh2IMgIViL05/TL  
4jJELIIpcizck336YsfY9Ylfc0lqdqumbzZnM3ifm3nGeOc6zK5bZmn5YLxju/qk  
xmj6u8WD5je+Dm8OCWWF22SPNSJ3xoaqchKKQSYwow3G1nqEqKI=  
=lqjj  
-----END PGP SIGNATURE-----

Debian Security Advisory 5818-1

Debian Linux Security Advisory 5817-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5817-1                   security@debian.orghttps://www.debian.org/security/                           Andres SalomonNovember 23, 2024                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2024-11110 CVE-2024-11111 CVE-2024-11112 CVE-2024-11113                  CVE-2024-11114 CVE-2024-11115 CVE-2024-11116 CVE-2024-11117                  CVE-2024-11395Security issues were discovered in Chromium which could resultin the execution of arbitrary code, denial of service, or informationdisclosure.For the stable distribution (bookworm), these problems have been fixed inversion 131.0.6778.85-1~deb12u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmdBrIQACgkQZF0CR8NudjdsBw/+J+eOgiIrU4hNq1Fk3HAontTf7sOIp3snoI5FvNnZ9oZT8qFbRJ+cfj17S2ZijYGoZKaqydWQgO/kh6eL/k7mHpM0KYLlALxaGevLxh3M4eJx8Il83YKVtx23Eh6G6YZ8itXZXb+E0f7jNRRAWb6S6OCwImk6incDq4k48IdB3zKKOzCTZQBb7vr1OaP+4kbjGgzGy9vv+iYNgE4sBHa3MOmIqZ4zcDxazK7ypw6W0M7UW6raeFI+pjK3nh4rjgy/UpK0u+wpRprif53rC7D5qP9vRO7wnRajw2pUoovFl+1bnpi8njwK3JbZom5ARWozEtT2nfef1nmtyXUQ5bjcKlQTW5kxrqMNwXyzCxB3N7ln1l09ubaA7TdYj0TxNQiNimeGnTULrkMTKcs1d077dZZ6XTZAUrwVZiJn8V4QxaCW3Ype7hgPsd/edRJMZT5G+J2vB86WBmKt0FyKD2fmRUuq2DGqCnbd3+5A/3krQBcwgHXAHyxkJpLWNs1bdcRlOac6BKe1N7oZeJKtofhfwRrmhilDCM85Q4OcxOY2VeSuxMEPtw6hAUoYwiuhUS4hT2DUmevPu/XtkoNE/X0WoJ9cN+hlOxqfjzhXlcyJiGk36BYKhE+KJvUsOfB5N8TqUEzGGbvOyXDy7QGsCUZJ+BwjOGKFh45L0Nb4dexvsL4==J21V-----END PGP SIGNATURE-----

Debian Security Advisory 5817-1

Red Hat Security Advisory 2024-9956-03 - An update for edk2 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include an integer overflow vulnerability.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9956.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: edk2 security updateAdvisory ID:        RHSA-2024:9956-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:9956Issue date:         2024-11-25Revision:           03CVE Names:          CVE-2024-38796====================================================================Summary: An update for edk2 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix(es):* edk2: Integer overflows in PeCoffLoaderRelocateImage (CVE-2024-38796)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-38796References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2315390

Red Hat Security Advisory 2024-9956-03

Red Hat Security Advisory 2024-9946-03 - An update for edk2 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include an integer overflow vulnerability.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9946.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: edk2 security updateAdvisory ID:        RHSA-2024:9946-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:9946Issue date:         2024-11-25Revision:           03CVE Names:          CVE-2024-38796====================================================================Summary: An update for edk2 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix(es):* edk2: Integer overflows in PeCoffLoaderRelocateImage (CVE-2024-38796)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-38796References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2315390

Red Hat Security Advisory 2024-9946-03

Red Hat Security Advisory 2024-9945-03 - An update for haproxy is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9945.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: haproxy security updateAdvisory ID:        RHSA-2024:9945-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:9945Issue date:         2024-11-25Revision:           03CVE Names:          CVE-2023-45539====================================================================Summary: An update for haproxy is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications.Security Fix(es):* haproxy: untrimmed URI fragments may lead to exposure of confidential data on static servers (CVE-2023-45539)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-45539References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2253037

Red Hat Security Advisory 2024-9945-03

Red Hat Security Advisory 2024-9943-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9943.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: kernel-rt security updateAdvisory ID:        RHSA-2024:9943-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:9943Issue date:         2024-11-25Revision:           03CVE Names:          CVE-2022-48796====================================================================Summary: An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.Security Fix(es):* kernel: blk-mq: fix IO hang from sbitmap wakeup race (CVE-2024-26671)* kernel: iommu: Fix potential use-after-free during probe (CVE-2022-48796)* kernel: mptcp: pm: Fix uaf in __timer_delete_sync (CVE-2024-46858)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2022-48796References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2272811https://bugzilla.redhat.com/show_bug.cgi?id=2298132https://bugzilla.redhat.com/show_bug.cgi?id=2315210

Red Hat Security Advisory 2024-9943-03

Red Hat Security Advisory 2024-9942-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9942.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: kernel security updateAdvisory ID:        RHSA-2024:9942-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:9942Issue date:         2024-11-25Revision:           03CVE Names:          CVE-2022-48796====================================================================Summary: An update for kernel is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The kernel packages contain the Linux kernel, the core of any Linux operating system.Security Fix(es):* kernel: blk-mq: fix IO hang from sbitmap wakeup race (CVE-2024-26671)* kernel: iommu: Fix potential use-after-free during probe (CVE-2022-48796)* kernel: mptcp: pm: Fix uaf in __timer_delete_sync (CVE-2024-46858)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2022-48796References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2272811https://bugzilla.redhat.com/show_bug.cgi?id=2298132https://bugzilla.redhat.com/show_bug.cgi?id=2315210

Red Hat Security Advisory 2024-9942-03

Attackers are betting that the hype around generative AI (GenAI) is attracting less technical, less cautious developers who might be more inclined to download an open source Python code package for free access, without vetting it or thinking twice.

Source: Adrian Vidal via Alamy Stock Photo

Two Python packages claiming to integrate with popular chatbots actually transmit an infostealer to potentially thousands of victims.

Publishing open source packages with malware hidden inside is a popular way to infect application developers, and the organizations they work for or serve as customers. In this latest case, the targets were engineers eager to make the most out of OpenAI's ChatGPT and Anthrophic's Claude generative artificial intelligence (GenAI) platforms. The packages, claiming to offer application programming interface (API) access to the chatbot functionality, actually deliver an infostealer called "JarkaStealer."

"AI is very hot, but also, many of these services require you to pay," notes George Apostopoulos, founding engineer at Endor Labs. As a result, in malicious circles, there's an effort to attract people to free access, "and people that don't know better will fall for this."

**Two Malicious "GenAI" Python Packages**

About this time last year, someone created a profile with the username "Xeroline" on the Python Package Index (PyPI), the official third-party repository for open source Python packages. Three days later, the person published two custom packages to the site. The first, "gptplus," claimed to enable API access to OpenAI's GPT-4 Turbo language learning model (LLM). The second, "claudeai-eng," offered the same for ChatGPT's popular competitor, Claude.

Neither package does what it says it does, but each provide users with a half-baked substitute — a mechanism for interacting with the free demo version of ChatGPT. As Apostopoulos says, "At first sight, this attack is not unusual, but what makes it interesting is if you download it and you try to use it, it will kind of look like it works. They committed the extra effort to make it look legitimate."

Under the hood, meanwhile, the programs would drop a Java archive (JAR) file containing JarkaStealer.

JarkaStealer is a newly documented infostealer sold in the Russian language Dark Web for just $20 — with various modifications available for $3 to $10 apiece — though its source code is also freely available on GitHub. It's capable of all the basic stealer tasks one might expect: stealing data from the targeted system and browsers running on it, taking screenshots, and grabbing session tokens from various popular apps like Telegram, Discord, and Steam. Its efficacy at these tasks is debatable.

**Gptplus & claudeai-eng's Year in the Sun**

The two packages managed to survive on PyPI for a year, until researchers from Kaspersky recently spotted and reported them to the platform's moderators. They've since been taken offline but, in the interim, they were each downloaded more than 1,700 times, across Windows and Linux systems, in more than 30 countries, most often the United States.

Those download statistics may be slightly misleading, though, as data from the PyPI analytics site "ClickPy" shows that both — particularly gptplus — experienced a huge drop in downloads after their first day, hinting that Xeroline may have artificially inflated their popularity (claudeai-eng, to its credit, did experience steady growth during February and March).

"One of the things that \[security professionals\] recommend is that before you download it, you should see if the package is popular — if other people are using it. So it makes sense for the attackers to try to pump this number up with some tricks, to make it look like it's legit," Apostopoulos says.

He adds, "Of course, most average people won't even bother with this. They will just go for it, and install it."

**About the Author**

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

Faux ChatGPT, Claude API Packages Deliver JarkaStealer

This Metasploit module exploits vulnerabilities in OpenPrinting CUPS, which is running by default on most Linux distributions. The vulnerabilities allow an attacker on the LAN to advertise a malicious printer that triggers remote code execution when a victim sends a print job to the malicious printer. Successful exploitation requires user interaction, but no CUPS services need to be reachable via accessible ports. Code execution occurs in the context of the lp user. Affected versions are cups-browsed less than or equal to 2.0.1, libcupsfilters versions 2.1b1 and below, libppd versions 2.1b1 and below, and cups-filters versions 2.0.1 and below.

Tag

#linux