Telecommunication, media, internet service providers (ISPs), information technology (IT)-service providers, and Kurdish websites in the Netherlands have been targeted as part of a new cyber espionage campaign undertaken by a Türkiye-nexus threat actor known as Sea Turtle.
"The infrastructure of the targets was susceptible to supply chain and island-hopping attacks, which the attack group

Cyber Espionage / Supply Chain Attack

Telecommunication, media, internet service providers (ISPs), information technology (IT)-service providers, and Kurdish websites in the Netherlands have been targeted as part of a new cyber espionage campaign undertaken by a Türkiye-nexus threat actor known as **Sea Turtle**.

"The infrastructure of the targets was susceptible to supply chain and island-hopping attacks, which the attack group used to collect politically motivated information such as personal information on minority groups and potential political dissents," Dutch security firm Hunt & Hackett said in a Friday analysis.

"The stolen information is likely to be exploited for surveillance or intelligence gathering on specific groups and or individuals."

Sea Turtle, also known by the names Cosmic Wolf, Marbled Dust (formerly Silicon), Teal Kurma, and UNC1326, was first documented by Cisco Talos in April 2019, detailing state-sponsored attacks targeting public and private entities in the Middle East and North Africa.

Activities associated with the group are believed to have been ongoing since January 2017, primarily leveraging DNS hijacking to redirect prospective targets attempting to query a specific domain to an actor-controlled server capable of harvesting their credentials.

"The Sea Turtle campaign almost certainly poses a more severe threat than DNSpionage given the actor's methodology in targeting various DNS registrars and registries," Talos said at the time.

In late 2021, Microsoft noted that the adversary carries out intelligence collection to meet strategic Turkish interests from countries like Armenia, Cyprus, Greece, Iraq, and Syria, striking telecom and IT companies with an aim to "establish a foothold upstream of their desired target" via exploitation of known vulnerabilities.

Then last month, the adversary was revealed to be using a simple reverse TCP shell for Linux (and Unix) systems called SnappyTCP in attacks carried out between 2021 and 2023, according to the PricewaterhouseCoopers (PwC) Threat Intelligence team.

"The web shell is a simple reverse TCP shell for Linux/Unix that has basic \[command-and-control\] capabilities, and is also likely used for establishing persistence," the company said. "There are at least two main variants; one which uses OpenSSL to create a secure connection over TLS, while the other omits this capability and sends requests in cleartext."

The latest findings from Hunt & Hackett show that Sea Turtle continues to be a stealthy espionage-focused group, performing defense evasion techniques to fly under the radar and harvest email archives.

In one of the attacks observed in 2023, a compromised-but-legitimate cPanel account was used as an initial access vector to deploy SnappyTCP on the system. It's currently not known how the attackers obtained the credentials.

"Using SnappyTCP, the threat actor sent commands to the system to create a copy of an email archive created with the tool tar, in the public web directory of the website that was accessible from the internet," the firm noted.

"It is highly likely that the threat actor exfiltrated the email archive by downloading the file directly from the web directory."

To mitigate the risks posed by such attacks, it's advised that organizations enforce strong password policies, implement two-factor authentication (2FA), rate limit login attempts to reduce the chances of brute-force attempts, monitor SSH traffic, and keep all systems and software up-to-date.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Sea Turtle Cyber Espionage Campaign Targets Dutch IT and Telecom Companies

Ubuntu Security Notice 6549-4 - It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service. Lin Ma discovered that the Netlink Transformation subsystem in the Linux kernel did not properly initialize a policy data structure, leading to an out-of-bounds vulnerability. A local privileged attacker could use this to cause a denial of service or possibly expose sensitive information.

==========================================================================  
Ubuntu Security Notice USN-6549-4  
January 05, 2024

linux-intel-iotg vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:  
- linux-intel-iotg: Linux kernel for Intel IoT platforms

Details:

It was discovered that the USB subsystem in the Linux kernel contained a  
race condition while handling device descriptors in certain situations,  
leading to a out-of-bounds read vulnerability. A local attacker could  
possibly use this to cause a denial of service (system crash).  
(CVE-2023-37453)

Lin Ma discovered that the Netlink Transformation (XFRM) subsystem in the  
Linux kernel did not properly initialize a policy data structure, leading  
to an out-of-bounds vulnerability. A local privileged attacker could use  
this to cause a denial of service (system crash) or possibly expose  
sensitive information (kernel memory). (CVE-2023-3773)

Lucas Leong discovered that the netfilter subsystem in the Linux kernel did  
not properly validate some attributes passed from userspace. A local  
attacker could use this to cause a denial of service (system crash) or  
possibly expose sensitive information (kernel memory). (CVE-2023-39189)

Sunjoo Park discovered that the netfilter subsystem in the Linux kernel did  
not properly validate u32 packets content, leading to an out-of-bounds read  
vulnerability. A local attacker could use this to cause a denial of service  
(system crash) or possibly expose sensitive information. (CVE-2023-39192)

Lucas Leong discovered that the netfilter subsystem in the Linux kernel did  
not properly validate SCTP data, leading to an out-of-bounds read  
vulnerability. A local attacker could use this to cause a denial of service  
(system crash) or possibly expose sensitive information. (CVE-2023-39193)

Lucas Leong discovered that the Netlink Transformation (XFRM) subsystem in  
the Linux kernel did not properly handle state filters, leading to an out-  
of-bounds read vulnerability. A privileged local attacker could use this to  
cause a denial of service (system crash) or possibly expose sensitive  
information. (CVE-2023-39194)

It was discovered that a race condition existed in QXL virtual GPU driver  
in the Linux kernel, leading to a use after free vulnerability. A local  
attacker could use this to cause a denial of service (system crash) or  
possibly execute arbitrary code. (CVE-2023-39198)

Kyle Zeng discovered that the IPv4 implementation in the Linux kernel did  
not properly handle socket buffers (skb) when performing IP routing in  
certain circumstances, leading to a null pointer dereference vulnerability.  
A privileged attacker could use this to cause a denial of service (system  
crash). (CVE-2023-42754)

Jason Wang discovered that the virtio ring implementation in the Linux  
kernel did not properly handle iov buffers in some situations. A local  
attacker in a guest VM could use this to cause a denial of service (host  
system crash). (CVE-2023-5158)

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel  
did not properly handle queue initialization failures in certain  
situations, leading to a use-after-free vulnerability. A remote attacker  
could use this to cause a denial of service (system crash) or possibly  
execute arbitrary code. (CVE-2023-5178)

Budimir Markovic discovered that the perf subsystem in the Linux kernel did  
not properly handle event groups, leading to an out-of-bounds write  
vulnerability. A local attacker could use this to cause a denial of service  
(system crash) or possibly execute arbitrary code. (CVE-2023-5717)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.04 LTS:  
   linux-image-5.15.0-1046-intel-iotg  5.15.0-1046.52  
   linux-image-intel-iotg          5.15.0.1046.46

After a standard system update you need to reboot your computer to make  
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have  
been given a new version number, which requires you to recompile and  
reinstall all third party kernel modules you might have installed.  
Unless you manually uninstalled the standard kernel metapackages  
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,  
linux-powerpc), a standard system upgrade will automatically perform  
this as well.

References:  
   https://ubuntu.com/security/notices/USN-6549-4  
   https://ubuntu.com/security/notices/USN-6549-1  
   CVE-2023-37453, CVE-2023-3773, CVE-2023-39189, CVE-2023-39192,  
   CVE-2023-39193, CVE-2023-39194, CVE-2023-39198, CVE-2023-42754,  
   CVE-2023-5158, CVE-2023-5178, CVE-2023-5717

Package Information:  
   https://launchpad.net/ubuntu/+source/linux-intel-iotg/5.15.0-1046.52

Ubuntu Security Notice USN-6549-4

Gentoo Linux Security Advisory 202401-6 - A vulnerability has been found in CUPS filters where remote code execution is possible via the beh filter. Versions greater than or equal to 1.28.17-r2 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202401-06  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: CUPS filters: Remote Code Execution  
     Date: January 05, 2024  
     Bugs: #906944  
       ID: 202401-06

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
A vulnerability has been found in CUPS filters where remote code  
execution is possible via the beh filter.

Background  
=========  
CUPS filters provides backends, filters, and other software that was  
once part of the core CUPS distribution.

Affected packages  
================  
Package                 Vulnerable    Unaffected  
----------------------  ------------  -------------  
net-print/cups-filters  < 1.28.17-r2  >= 1.28.17-r2

Description  
==========  
A vulnerability has been discovered in cups-filters. Please review the  
CVE identifier referenced below for details.

Impact  
=====  
If you use beh to create an accessible network printer, this security  
vulnerability can cause remote code execution.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All cups-filters users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-print/cups-filters-1.28.17-r2"

References  
=========  
[ 1 ] CVE-2023-24805  
      https://nvd.nist.gov/vuln/detail/CVE-2023-24805  
[ 2 ] GHSA-gpxc-v2m8-fr3x

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202401-06

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202401-06

Gentoo Linux Security Advisory 202401-5 - A vulnerability has been found in RDoc which allows for command injection. Versions greater than or equal to 6.3.2 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202401-05  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: RDoc: Command Injection  
     Date: January 05, 2024  
     Bugs: #801301  
       ID: 202401-05

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
A vulnerability has been found in RDoc which allows for command  
injection.

Background  
=========  
RDoc produces HTML and command-line documentation for Ruby projects.

Affected packages  
================  
Package        Vulnerable    Unaffected  
-------------  ------------  ------------  
dev-ruby/rdoc  < 6.3.2       >= 6.3.2

Description  
==========  
A vulnerability has been discovered in RDoc. Please review the CVE  
identifier referenced below for details.

Impact  
=====  
RDoc used to call Kernel#open to open a local file. If a Ruby project  
has a file whose name starts with | and ends with tags, the command  
following the pipe character is executed. A malicious Ruby project could  
exploit it to run an arbitrary command execution against a user who  
attempts to run the rdoc command.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All RDoc users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">Þv-ruby/rdoc-6.3.2"

References  
=========  
[ 1 ] CVE-2021-31799  
      https://nvd.nist.gov/vuln/detail/CVE-2021-31799

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202401-05

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202401-05

Gentoo Linux Security Advisory 202401-4 - Several vulnerabilities have been found in WebKitGTK+, the worst of which can lead to remote code execution. Versions greater than or equal to 2.42.3:4 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202401-04  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: WebKitGTK+: Multiple Vulnerabilities  
     Date: January 05, 2024  
     Bugs: #907818, #909663, #910656, #918087, #918099, #919290  
       ID: 202401-04

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Several vulnerabilities have been found in WebKitGTK+, the worst of  
which can lead to remote code execution.

Background  
=========  
WebKitGTK+ is a full-featured port of the WebKit rendering engine,  
suitable for projects requiring any kind of web integration, from hybrid  
HTML/CSS applications to full-fledged web browsers.

Affected packages  
================  
Package              Vulnerable    Unaffected  
-------------------  ------------  -------------  
net-libs/webkit-gtk  < 2.42.3:4    >= 2.42.3:4  
                                   >= 2.42.3:4.1  
                                   >= 2.42.3:6

Description  
==========  
Multiple vulnerabilities have been discovered in WebKitGTK+. Please  
review the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All WebKitGTK+ users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.42.3"

References  
=========  
[ 1 ] CVE-2023-28198  
      https://nvd.nist.gov/vuln/detail/CVE-2023-28198  
[ 2 ] CVE-2023-28204  
      https://nvd.nist.gov/vuln/detail/CVE-2023-28204  
[ 3 ] CVE-2023-32370  
      https://nvd.nist.gov/vuln/detail/CVE-2023-32370  
[ 4 ] CVE-2023-32373  
      https://nvd.nist.gov/vuln/detail/CVE-2023-32373  
[ 5 ] CVE-2023-32393  
      https://nvd.nist.gov/vuln/detail/CVE-2023-32393  
[ 6 ] CVE-2023-32439  
      https://nvd.nist.gov/vuln/detail/CVE-2023-32439  
[ 7 ] CVE-2023-37450  
      https://nvd.nist.gov/vuln/detail/CVE-2023-37450  
[ 8 ] CVE-2023-38133  
      https://nvd.nist.gov/vuln/detail/CVE-2023-38133  
[ 9 ] CVE-2023-38572  
      https://nvd.nist.gov/vuln/detail/CVE-2023-38572  
[ 10 ] CVE-2023-38592  
      https://nvd.nist.gov/vuln/detail/CVE-2023-38592  
[ 11 ] CVE-2023-38594  
      https://nvd.nist.gov/vuln/detail/CVE-2023-38594  
[ 12 ] CVE-2023-38595  
      https://nvd.nist.gov/vuln/detail/CVE-2023-38595  
[ 13 ] CVE-2023-38597  
      https://nvd.nist.gov/vuln/detail/CVE-2023-38597  
[ 14 ] CVE-2023-38599  
      https://nvd.nist.gov/vuln/detail/CVE-2023-38599  
[ 15 ] CVE-2023-38600  
      https://nvd.nist.gov/vuln/detail/CVE-2023-38600  
[ 16 ] CVE-2023-38611  
      https://nvd.nist.gov/vuln/detail/CVE-2023-38611  
[ 17 ] CVE-2023-40397  
      https://nvd.nist.gov/vuln/detail/CVE-2023-40397  
[ 18 ] CVE-2023-42916  
      https://nvd.nist.gov/vuln/detail/CVE-2023-42916  
[ 19 ] CVE-2023-42917  
      https://nvd.nist.gov/vuln/detail/CVE-2023-42917  
[ 20 ] WSA-2023-0006  
      https://webkitgtk.org/security/WSA-2023-0006.html

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202401-04

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202401-04

Gentoo Linux Security Advisory 202401-3 - Multiple vulnerabilities have been discovered in Bluez, the worst of which can lead to privilege escalation. Versions greater than or equal to 5.70-r1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202401-03  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: BlueZ: Privilege Escalation  
     Date: January 05, 2024  
     Bugs: #919383  
       ID: 202401-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in Bluez, the worst of  
which can lead to privilege escalation.

Background  
=========  
BlueZ is the canonical bluetooth tools and system daemons package for  
Linux.

Affected packages  
================  
Package             Vulnerable    Unaffected  
------------------  ------------  ------------  
net-wireless/bluez  < 5.70-r1     >= 5.70-r1

Description  
==========  
Multiple vulnerabilities have been discovered in BlueZ. Please review  
the CVE identifiers referenced below for details.

Impact  
=====  
An attacker may inject unauthenticated keystrokes via Bluetooth, leading  
to privilege escalation or denial of service.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All BlueZ users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-wireless/bluez-5.70-r1"

References  
=========  
[ 1 ] CVE-2023-45866  
      https://nvd.nist.gov/vuln/detail/CVE-2023-45866

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202401-03

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202401-03

Gentoo Linux Security Advisory 202401-2 - Multiple vulnerabilities have been found in c-ares, the worst of which could result in the loss of confidentiality or integrity. Versions greater than or equal to 1.19.0 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202401-02  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: c-ares: Multiple Vulnerabilities  
     Date: January 05, 2024  
     Bugs: #807604, #807775, #892489, #905341  
       ID: 202401-02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been found in c-ares, the worst of which  
could result in the loss of confidentiality or integrity.

Background  
=========  
c-ares is a C library for asynchronous DNS requests (including name  
resolves).

Affected packages  
================  
Package         Vulnerable    Unaffected  
--------------  ------------  ------------  
net-dns/c-ares  < 1.19.0      >= 1.19.0

Description  
==========  
Multiple vulnerabilities have been discovered in c-ares. Please review  
the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All c-ares users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-dns/c-ares-1.19.0"

References  
=========  
[ 1 ] CVE-2021-3672  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3672  
[ 2 ] CVE-2021-22930  
      https://nvd.nist.gov/vuln/detail/CVE-2021-22930  
[ 3 ] CVE-2021-22931  
      https://nvd.nist.gov/vuln/detail/CVE-2021-22931  
[ 4 ] CVE-2021-22939  
      https://nvd.nist.gov/vuln/detail/CVE-2021-22939  
[ 5 ] CVE-2021-22940  
      https://nvd.nist.gov/vuln/detail/CVE-2021-22940  
[ 6 ] CVE-2022-4904  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4904

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202401-02

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202401-02

Debian Linux Security Advisory 5597-1 - It was discovered that Exim, a mail transport agent, can be induced to accept a second message embedded as part of the body of a first message in certain configurations where PIPELINING or CHUNKING on incoming connections is offered.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5597-1                   security@debian.orghttps://www.debian.org/security/                     Salvatore BonaccorsoJanuary 04, 2024                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : exim4CVE ID         : CVE-2023-51766Debian Bug     : 1059387It was discovered that Exim, a mail transport agent, can be induced toaccept a second message embedded as part of the body of a first messagein certain configurations where PIPELINING or CHUNKING on incomingconnections is offered.For the oldstable distribution (bullseye), this problem has been fixedin version 4.94.2-7+deb11u2.For the stable distribution (bookworm), this problem has been fixed inversion 4.96-15+deb12u4.We recommend that you upgrade your exim4 packages.For the detailed security status of exim4 please refer to its securitytracker page at:https://security-tracker.debian.org/tracker/exim4Further information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmWXKopfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0QjSA//XoMnLi4MFMYxltCKlh24MN3boRO7vi2ZwVwmLFsI6VKqwA84x31gqr5lFJgcgwXNsos+4rlMiY5+mRu5aIkHABPW+CRikMZhkN6mU5L1HhSSn8AcdI01xpRepFnZQdu5wb/h5kkb/AdfhTLXmTT5gWGvlGaNwthCFYW8YlaFSFYOg021d9zRAEWWuKZ4QNKCq3mM+1RG/CSRw+9n8RodZaLivvJQftNbWDlIhRiQsJWLfT6jINucCdg05lfjYaiTTWWGmXQUz9ffl6SkFHFx27jZlFieIesRwtudQONUERVQlTRLsiD+p5SzBmol5Myay9FX2SyKOFvcOJQPeUfmHERooXnyZl6ZoFU9fVRk6KRdrmIQ3ghyfu5ymcjzpbr+Ap4gyroDd6QkJwIn8dkVlI98dvJ7taJ6Sz5yWVISdBdUG0QJMpiQFH7v/wKEvn846ZJUMZKQstXnAjKc7RWs/T5i3NA1uI6QkgSKdMWOx38+cjHESngkSVewnZe3U3ouBejwucI11+M8SgOw3QosDM8wyDmyWttVmH4nLrIEVNk5jJp0lK7/agIQKIlx6kDPoqSaN2/5jSvDzVWCJTwXJ/bPRjWDyCP8J6janVD2l73pfxPIjKcxbImKq6JxMQeYYxzX2XxgZliGTGoNZAkFsWy+3tZdaBMt4PlKbYtnJxI=onc4-----END PGP SIGNATURE-----

Debian Security Advisory 5597-1

Debian Linux Security Advisory 5596-1 - Multiple security vulnerabilities have been discovered in Asterisk, an Open Source Private Branch Exchange.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5596-1                   security@debian.org  
https://www.debian.org/security/                          Markus Koschany  
January 04, 2024                      https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : asterisk  
CVE ID         : CVE-2023-37457 CVE-2023-38703 CVE-2023-49294 CVE-2023-49786  
Debian Bug     : 1059303 1059032 1059033

Multiple security vulnerabilities have been discovered in Asterisk, an Open  
Source Private Branch Exchange.

CVE-2023-37457

    The 'update' functionality of the PJSIP_HEADER dialplan function can exceed  
    the available buffer space for storing the new value of a header. By doing  
    so this can overwrite memory or cause a crash. This is not externally  
    exploitable, unless dialplan is explicitly written to update a header based  
    on data from an outside source. If the 'update' functionality is not used  
    the vulnerability does not occur.

CVE-2023-38703

    PJSIP is a free and open source multimedia communication library written in  
    C with high level API in C, C++, Java, C#, and Python languages. SRTP is a  
    higher level media transport which is stacked upon a lower level media  
    transport such as UDP and ICE. Currently a higher level transport is not  
    synchronized with its lower level transport that may introduce a  
    use-after-free issue. This vulnerability affects applications that have  
    SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media  
    transport other than UDP. This vulnerability’s impact may range from  
    unexpected application termination to control flow hijack/memory  
    corruption.

CVE-2023-49294

    It is possible to read any arbitrary file even when the `live_dangerously`  
    option is not enabled.

CVE-2023-49786

   Asterisk is susceptible to a DoS due to a race condition in the hello  
   handshake phase of the DTLS protocol when handling DTLS-SRTP for media  
   setup. This attack can be done continuously, thus denying new DTLS-SRTP  
   encrypted calls during the attack. Abuse of this vulnerability may lead to  
   a massive Denial of Service on vulnerable Asterisk servers for calls that  
   rely on DTLS-SRTP.

For the oldstable distribution (bullseye), these problems have been fixed  
in version 1:16.28.0~dfsg-0+deb11u4.

We recommend that you upgrade your asterisk packages.

For the detailed security status of asterisk please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/asterisk

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmWXIDJfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD  
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7  
UeRqthAA0ZarRHMpoNwTCAiVuVzcNqGVls/XvEvDbw1DNgjeKptlm4qafmVxHd6F  
Jtloc8zD2w0sOCZCSbATZDosXlFCkAj09aI6oSfJOLBlqRDFVNhPn1Y4a1xOgAfl  
AZyn458v3TqlNFcZjJ89qHHociZ+fDfMUYpMsp/v9A4AOQjKn7AKYJ7aaL5PHR8b  
zejn2pP/8Hv592K4+xa5h/6a0AaXX0eOTlxZDFh7x93oP+op0k4v1J7ivP+Qs4wk  
T5iOqs6JrMc640ZprXB3c8HjapZt4ee5+Yp7An3Z7o/r9crXqT/6ocIRPmkomXVb  
bhZXSfEs5BmzkdWSnOBigSWthSp9umPKWWV9wUwSe1115XxhT43J7oBix9gkNCEu  
mN5Po/yaZQUDEtWx1DpVZtI3TNBwyv28f2XoUy72oq0WqEvBGC8hLDMXqjVWxhRh  
bRXfairiS/pfx2h4eIT5xUKX7xUUCEcGpZ2hIEgGGlS8TX2le+mWa+ipKNPYrBWJ  
Qvg+MJ2JD9O3jMMS85y7ISuWUDNSeIDUSa0E48QWExZd8tmuknyDgPx5i4/nDVC+  
sxH1LnEgbUjLLfCCF0CZgbYebiEmUqyfvOSaJ3olekrxkje2WwVY+uJ4NJXBycPU  
+k3Db3c/h/zoYJ9A3ZKz/xu5L32grES2FMxdBDFeF/5VloO4/dg=N8+A  
-----END PGP SIGNATURE-----

Debian Security Advisory 5596-1

Debian Linux Security Advisory 5595-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5595-1                   security@debian.orghttps://www.debian.org/security/                           Andres SalomonJanuary 04, 2024                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2024-0222 CVE-2024-0223 CVE-2024-0224 CVE-2024-0225Multiple security issues were discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure.For the oldstable distribution (bullseye), these problems have been fixedin version 120.0.6099.199-1~deb11u1.For the stable distribution (bookworm), these problems have been fixed inversion 120.0.6099.199-1~deb12u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmWW+3wACgkQZF0CR8NudjdB2g/9Fg/GWkG5zWX5NNzw/n4uMT8eCLLYbuvtpYGwwlQ9zKoQdVDUbK4pJlNYBbutP+VXf/6PoeIxOrs4weP+vBd0nY7GRyE/IthzKrai1/itXwCtoRWx+nGaPQfTvGNpwoHBBYk115c6gSwXrrYa5jeLDgN7uVeXRk3ZLKbChDwEmbW4qgPU60k1EGreqaygwV4si93uTWla3IhTiqaMStEgoANNBXE+61qC/+Y+RxNgXB3DlX/yE5UGv2DFJ5y0fbiyA5oQrOuoRp/VwYKRrPovOP/GvtxTW9+O5NkG2Fi5V7Wp8Eafq6N0Y0KTFZgtK/pH5iAVndEKNyNAWPAW048IHc5jKlY7hTrC2KAkCC5WoBqeKsijnzhSEJ0YZsDr/3I2CbU7b8IoiWB//+bJaVtSrMxsXOs7qVxrkPwCiVIwN1tS6h2sw/A0VbzaVKGxsqe6mW1m/0xvzeUwffI6HiF7xwB9fNVWDTCIWqIYKI1DvyttJ1y25I00gbVWfW3HNOFjdCR/gA7jtCWeoX1Jk+QLkNlhSbN/l4wSuJSCvFXMbRFTPdv6l12f8u7IcabJKoTLp/8vK7UK1IEjMIutncc9uRbgwT1hProOToF3RQo7sgU/N0s9dOj8TLRZLYHYMaDhwY/PbebB2/3LuV3m4G9VMl2DzTk5WW39lQmqnTPXYSY=Hl1s-----END PGP SIGNATURE-----

Tag

#linux