The vulnerability in the device enables an unauthorized attacker to execute system commands with elevated privileges. This exploit is facilitated through the use of the 'getcommand' query within the application, allowing the attacker to gain root access.

Title: TitanNit Web Control 2.01 / Atemio 7600 Root Remote Code Execution  
Advisory ID: ZSL-2023-5801  
Type: Local/Remote  
Impact: System Access, DoS  
Risk: (5/5)  
Release Date: 25.11.2023

**Summary**

The Atemio AM 520 HD Full HD satellite receiver enables the reception of digital satellite programs in overwhelming image quality in both SD and HD ranges. In addition to numerous connections, the small all-rounder offers a variety of plugins that can be easily installed thanks to the large flash memory. The TitanNit Linux software used combines the advantages of the existing E2 and Neutrino systems and is therefore fast, stable and adaptable.

**Description**

The vulnerability in the device enables an unauthorized attacker to execute system commands with elevated privileges. This exploit is facilitated through the use of the 'getcommand' query within the application, allowing the attacker to gain root access.

**Vendor**

AAF Digital HD Forum | Atelmo GmbH - http://www.aaf-digital.info | https://www.atemio.de

**Affected Version**

Firmware <=2.01

**Tested On**

GNU/Linux 2.6.32.71 (STMicroelectronics)  
GNU/Linux 3.14-1.17 (armv7l)  
GNU/Linux 3.14.2 (mips)  
ATEMIO M46506 revision 990  
Atemio 7600 HD STB  
CPU STx7105 Mboard  
titan web server

**Vendor Status**

N/A

**PoC**

titannit\_rce.py

**Credits**

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk\>

**References**

N/A

**Changelog**

\[25.11.2023\] - Initial release

**Contact**

Zero Science Lab

Web: https://www.zeroscience.mk  
e-mail: lab@zeroscience.mk

TitanNit Web Control 2.01 / Atemio 7600 Root Remote Code Execution

Debian Linux Security Advisory 5565-1 - Multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5565-1                   security@debian.org  
https://www.debian.org/security/                     Salvatore Bonaccorso  
November 25, 2023                     https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : gst-plugins-bad1.0  
CVE ID         : CVE-2023-44429 CVE-2023-44446  
Debian Bug     : 1056101 1056102

Multiple vulnerabilities were discovered in plugins for the GStreamer  
media framework and its codecs and demuxers, which may result in denial  
of service or potentially the execution of arbitrary code if a malformed  
media file is opened.

For the oldstable distribution (bullseye), these problems have been fixed  
in version 1.18.4-3+deb11u3.

For the stable distribution (bookworm), these problems have been fixed in  
version 1.22.0-4+deb12u3.

We recommend that you upgrade your gst-plugins-bad1.0 packages.

For the detailed security status of gst-plugins-bad1.0 please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/gst-plugins-bad1.0

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmViCHBfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2  
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND  
z0Sw8Q/+Kc9Lp3Zl/JqOl+KE+OQ1BpRmcEdbIjruR+TVuBRkVfasH4IG3nb82dQn  
26SeXbR5GA8o48knQDAlHMhurRUVNVbdXDLuOs2+SsGKFrVuv1KCQacqJIH/ybhr  
AZplbQPUVViJiQlEGy5j80eOfifnlHPvQZKtbqp1y/GvTIK56Pg4d7HNLjWeq7+G  
4sdxZeAPSqKdGTOh2fzzy6QIL7QX3FZgBl0fr48+0EdQLLqtQ0dQwSkpXibHZnf9  
PmT+/q3R1pk47n+u/OqPXHMN5+7fJZU6vWgkwfvYIUEVHHL6MlDuNLBVmA1gAn0X  
neRngzuduDoiiKBPSbPk4slcFUIlXpA979IcG/YhO9fdSDs+cPn0euZegzLOgb5v  
S+javZtGSkRVAwH1O2wNMF+mGvXDWxu1y+foKylQ/KYr2OQBOGymANsX/jw6pWCA  
V2bunxab0pPUO/o8m8aq6+XkRvht+KWBo884ze9KvZFRxOivYRP+uKxzc26dZzrU  
xyIGnVuW1Q+iZjWojNfNgpX/oG/c7Ch6TtBxZQQqAdddAlQQQi1rieNTUq391dT1  
TQkyLynaeVmpdKMEtapYwcg+WZfD4cl6F+HhKD3zjIvZRr3EOXloIUY04Xh+/VKO  
6nnKs+TOyyLXjrEUPEE51qQ22ni9kT0ZppbvHrsDwAsCAER7yxM=Yk/C  
-----END PGP SIGNATURE-----

Debian Security Advisory 5565-1

Gentoo Linux Security Advisory 202311-14 - Multiple vulnerabilities have been discovered in GRUB, which may lead to secure boot circumvention or code execution. Versions greater than or equal to 2.06-r9 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202311-14  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: GRUB: Multiple Vulnerabilities  
     Date: November 25, 2023  
     Bugs: #881413, #915187  
       ID: 202311-14

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discoverd in GRUB, which may lead to  
secure boot circumvention or code execution.

Background  
=========  
GNU GRUB is a multiboot boot loader used by most Linux systems.

Affected packages  
================  
Package        Vulnerable    Unaffected  
-------------  ------------  ------------  
sys-boot/grub  < 2.06-r9     >= 2.06-r9

Description  
==========  
Multiple vulnerabilities have been discovered in GRUB. Please review the  
CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All GRUB users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=sys-boot/grub-2.06-r9"

References  
=========  
[ 1 ] CVE-2022-2601  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2601  
[ 2 ] CVE-2022-3775  
      https://nvd.nist.gov/vuln/detail/CVE-2022-3775  
[ 3 ] CVE-2023-4692  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4692  
[ 4 ] CVE-2023-4693  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4693

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202311-14

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202311-14

Gentoo Linux Security Advisory 202311-13 - A privilege escalation vulnerability has been discovered in Apptainer. Versions greater than or equal to 1.1.8 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202311-13  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Apptainer: Privilege Escalation  
     Date: November 25, 2023  
     Bugs: #905091  
       ID: 202311-13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
A privilege escalation vulnerability has been discoverd in Apptainer.

Background  
=========  
Apptainer is the container system for secure high-performance computing.

Affected packages  
================  
Package                   Vulnerable    Unaffected  
------------------------  ------------  ------------  
app-containers/apptainer  < 1.1.8       >= 1.1.8

Description  
==========  
A vulnerability has been discovered in Apptainer. Please review the CVE  
identifier referenced below for details.

Impact  
=====  
There is an ext4 use-after-free flaw that is exploitable in vulnerable  
versions.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All Apptainer users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-containers/apptainer-1.1.8"

References  
=========  
[ 1 ] CVE-2023-30549  
      https://nvd.nist.gov/vuln/detail/CVE-2023-30549

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202311-13

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202311-13

Gentoo Linux Security Advisory 202311-12 - Multiple vulnerabilities have been discovered in MiniDLNA, the worst of which could lead to remote code execution. Versions greater than or equal to 1.3.3 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202311-12  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: MiniDLNA: Multiple Vulnerabilities  
     Date: November 25, 2023  
     Bugs: #834642, #907926  
       ID: 202311-12

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in MiniDLNA, the worst of  
which could lead to remove code execution.

Background  
=========  
MiniDLNA is a simple media server software, with the aim of being fully  
compliant with DLNA/UPnP-AV clients.

Affected packages  
================  
Package            Vulnerable    Unaffected  
-----------------  ------------  ------------  
net-misc/minidlna  < 1.3.3       >= 1.3.3

Description  
==========  
Multiple vulnerabilities have been discovered in MiniDLNA. Please review  
the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All MiniDLNA users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-misc/minidlna-1.3.3"

References  
=========  
[ 1 ] CVE-2022-26505  
      https://nvd.nist.gov/vuln/detail/CVE-2022-26505  
[ 2 ] CVE-2023-33476  
      https://nvd.nist.gov/vuln/detail/CVE-2023-33476

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202311-12

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202311-12

Gentoo Linux Security Advisory 202311-11 - Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to remote code execution. Versions greater than or equal to 5.15.10_p20230623 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202311-11  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: QtWebEngine: Multiple Vulnerabilities  
     Date: November 25, 2023  
     Bugs: #866332, #888181, #903544, #904290, #906857, #909778  
       ID: 202311-11

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in QtWebEngine, the worst  
of which could lead to remote code execution.

Background  
=========  
QtWebEngine is a library for rendering dynamic web content in Qt5 and  
Qt6 C++ and QML applications.

Affected packages  
================  
Package             Vulnerable           Unaffected  
------------------  -------------------  --------------------  
dev-qt/qtwebengine  < 5.15.10_p20230623  >= 5.15.10_p20230623

Description  
==========  
Multiple vulnerabilities have been discovered in QtWebEngine. Please  
review the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All QtWebEngine users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">Þv-qt/qtwebengine-5.15.10_p20230623"

References  
=========  
[ 1 ] CVE-2022-2294  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2294  
[ 2 ] CVE-2022-3201  
      https://nvd.nist.gov/vuln/detail/CVE-2022-3201  
[ 3 ] CVE-2022-4174  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4174  
[ 4 ] CVE-2022-4175  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4175  
[ 5 ] CVE-2022-4176  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4176  
[ 6 ] CVE-2022-4177  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4177  
[ 7 ] CVE-2022-4178  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4178  
[ 8 ] CVE-2022-4179  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4179  
[ 9 ] CVE-2022-4180  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4180  
[ 10 ] CVE-2022-4181  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4181  
[ 11 ] CVE-2022-4182  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4182  
[ 12 ] CVE-2022-4183  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4183  
[ 13 ] CVE-2022-4184  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4184  
[ 14 ] CVE-2022-4185  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4185  
[ 15 ] CVE-2022-4186  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4186  
[ 16 ] CVE-2022-4187  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4187  
[ 17 ] CVE-2022-4188  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4188  
[ 18 ] CVE-2022-4189  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4189  
[ 19 ] CVE-2022-4190  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4190  
[ 20 ] CVE-2022-4191  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4191  
[ 21 ] CVE-2022-4192  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4192  
[ 22 ] CVE-2022-4193  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4193  
[ 23 ] CVE-2022-4194  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4194  
[ 24 ] CVE-2022-4195  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4195  
[ 25 ] CVE-2022-4436  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4436  
[ 26 ] CVE-2022-4437  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4437  
[ 27 ] CVE-2022-4438  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4438  
[ 28 ] CVE-2022-4439  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4439  
[ 29 ] CVE-2022-4440  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4440  
[ 30 ] CVE-2022-41115  
      https://nvd.nist.gov/vuln/detail/CVE-2022-41115  
[ 31 ] CVE-2022-44688  
      https://nvd.nist.gov/vuln/detail/CVE-2022-44688  
[ 32 ] CVE-2022-44708  
      https://nvd.nist.gov/vuln/detail/CVE-2022-44708  
[ 33 ] CVE-2023-0128  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0128  
[ 34 ] CVE-2023-0129  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0129  
[ 35 ] CVE-2023-0130  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0130  
[ 36 ] CVE-2023-0131  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0131  
[ 37 ] CVE-2023-0132  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0132  
[ 38 ] CVE-2023-0133  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0133  
[ 39 ] CVE-2023-0134  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0134  
[ 40 ] CVE-2023-0135  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0135  
[ 41 ] CVE-2023-0136  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0136  
[ 42 ] CVE-2023-0137  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0137  
[ 43 ] CVE-2023-0138  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0138  
[ 44 ] CVE-2023-0139  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0139  
[ 45 ] CVE-2023-0140  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0140  
[ 46 ] CVE-2023-0141  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0141  
[ 47 ] CVE-2023-2721  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2721  
[ 48 ] CVE-2023-2722  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2722  
[ 49 ] CVE-2023-2723  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2723  
[ 50 ] CVE-2023-2724  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2724  
[ 51 ] CVE-2023-2725  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2725  
[ 52 ] CVE-2023-2726  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2726  
[ 53 ] CVE-2023-2929  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2929  
[ 54 ] CVE-2023-2930  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2930  
[ 55 ] CVE-2023-2931  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2931  
[ 56 ] CVE-2023-2932  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2932  
[ 57 ] CVE-2023-2933  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2933  
[ 58 ] CVE-2023-2934  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2934  
[ 59 ] CVE-2023-2935  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2935  
[ 60 ] CVE-2023-2936  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2936  
[ 61 ] CVE-2023-2937  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2937  
[ 62 ] CVE-2023-2938  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2938  
[ 63 ] CVE-2023-2939  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2939  
[ 64 ] CVE-2023-2940  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2940  
[ 65 ] CVE-2023-2941  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2941  
[ 66 ] CVE-2023-3079  
      https://nvd.nist.gov/vuln/detail/CVE-2023-3079  
[ 67 ] CVE-2023-3214  
      https://nvd.nist.gov/vuln/detail/CVE-2023-3214  
[ 68 ] CVE-2023-3215  
      https://nvd.nist.gov/vuln/detail/CVE-2023-3215  
[ 69 ] CVE-2023-3216  
      https://nvd.nist.gov/vuln/detail/CVE-2023-3216  
[ 70 ] CVE-2023-3217  
      https://nvd.nist.gov/vuln/detail/CVE-2023-3217  
[ 71 ] CVE-2023-4068  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4068  
[ 72 ] CVE-2023-4069  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4069  
[ 73 ] CVE-2023-4070  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4070  
[ 74 ] CVE-2023-4071  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4071  
[ 75 ] CVE-2023-4072  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4072  
[ 76 ] CVE-2023-4073  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4073  
[ 77 ] CVE-2023-4074  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4074  
[ 78 ] CVE-2023-4075  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4075  
[ 79 ] CVE-2023-4076  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4076  
[ 80 ] CVE-2023-4077  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4077  
[ 81 ] CVE-2023-4078  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4078  
[ 82 ] CVE-2023-4761  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4761  
[ 83 ] CVE-2023-4762  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4762  
[ 84 ] CVE-2023-4763  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4763  
[ 85 ] CVE-2023-4764  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4764  
[ 86 ] CVE-2023-5218  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5218  
[ 87 ] CVE-2023-5473  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5473  
[ 88 ] CVE-2023-5474  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5474  
[ 89 ] CVE-2023-5475  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5475  
[ 90 ] CVE-2023-5476  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5476  
[ 91 ] CVE-2023-5477  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5477  
[ 92 ] CVE-2023-5478  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5478  
[ 93 ] CVE-2023-5479  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5479  
[ 94 ] CVE-2023-5480  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5480  
[ 95 ] CVE-2023-5481  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5481  
[ 96 ] CVE-2023-5482  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5482  
[ 97 ] CVE-2023-5483  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5483  
[ 98 ] CVE-2023-5484  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5484  
[ 99 ] CVE-2023-5485  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5485  
[ 100 ] CVE-2023-5486  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5486  
[ 101 ] CVE-2023-5487  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5487  
[ 102 ] CVE-2023-5849  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5849  
[ 103 ] CVE-2023-5850  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5850  
[ 104 ] CVE-2023-5851  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5851  
[ 105 ] CVE-2023-5852  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5852  
[ 106 ] CVE-2023-5853  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5853  
[ 107 ] CVE-2023-5854  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5854  
[ 108 ] CVE-2023-5855  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5855  
[ 109 ] CVE-2023-5856  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5856  
[ 110 ] CVE-2023-5857  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5857  
[ 111 ] CVE-2023-5858  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5858  
[ 112 ] CVE-2023-5859  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5859  
[ 113 ] CVE-2023-5996  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5996  
[ 114 ] CVE-2023-5997  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5997  
[ 115 ] CVE-2023-6112  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6112  
[ 116 ] CVE-2023-21775  
      https://nvd.nist.gov/vuln/detail/CVE-2023-21775  
[ 117 ] CVE-2023-21796  
      https://nvd.nist.gov/vuln/detail/CVE-2023-21796

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202311-11

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202311-11

Gentoo Linux Security Advisory 202311-10 - Multiple vulnerabilities have been discovered in RenderDoc, the worst of which leads to remote code execution. Versions greater than or equal to 1.27 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202311-10  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: RenderDoc: Multiple Vulnerabilities  
     Date: November 25, 2023  
     Bugs: #908031  
       ID: 202311-10

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in RenderDoc, the worst of  
which leads to remote code execution.

Background  
=========  
RenderDoc is a free MIT licensed stand-alone graphics debugger that  
allows quick and easy single-frame capture and detailed introspection of  
any application using Vulkan, D3D11, OpenGL & OpenGL ES or D3D12 across  
Windows, Linux, Android, or Nintendo Switch™.

Affected packages  
================  
Package              Vulnerable    Unaffected  
-------------------  ------------  ------------  
media-gfx/renderdoc  < 1.27        >= 1.27

Description  
==========  
Multiple vulnerabilities have been discovered in GRUB. Please review the  
CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All RenderDoc users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=media-gfx/renderdoc-1.27"

References  
=========  
[ 1 ] CVE-2023-33863  
      https://nvd.nist.gov/vuln/detail/CVE-2023-33863  
[ 2 ] CVE-2023-33864  
      https://nvd.nist.gov/vuln/detail/CVE-2023-33864  
[ 3 ] CVE-2023-33865  
      https://nvd.nist.gov/vuln/detail/CVE-2023-33865

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202311-10

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202311-10

Gentoo Linux Security Advisory 202311-9 - Multiple vulnerabilities have been discovered in Go, the worst of which could lead to remote code execution. Versions greater than or equal to 1.20.10 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202311-09  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Go: Multiple Vulnerabilities  
     Date: November 25, 2023  
     Bugs: #873637, #883783, #894478, #903979, #908255, #915555, #916494  
       ID: 202311-09

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in Go, the worst of which  
could lead to remote code execution.

Background  
=========  
Go is an open source programming language that makes it easy to build  
simple, reliable, and efficient software.

Affected packages  
================  
Package      Vulnerable    Unaffected  
-----------  ------------  ------------  
dev-lang/go  < 1.20.10     >= 1.20.10

Description  
==========  
Multiple vulnerabilities have been discovered in Go. Please review the  
CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All Go users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">Þv-lang/go-1.20.10"  
  # emerge --ask --oneshot --verbose @golang-rebuild

References  
=========  
[ 1 ] CVE-2022-2879  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2879  
[ 2 ] CVE-2022-2880  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2880  
[ 3 ] CVE-2022-41715  
      https://nvd.nist.gov/vuln/detail/CVE-2022-41715  
[ 4 ] CVE-2022-41717  
      https://nvd.nist.gov/vuln/detail/CVE-2022-41717  
[ 5 ] CVE-2022-41723  
      https://nvd.nist.gov/vuln/detail/CVE-2022-41723  
[ 6 ] CVE-2022-41724  
      https://nvd.nist.gov/vuln/detail/CVE-2022-41724  
[ 7 ] CVE-2022-41725  
      https://nvd.nist.gov/vuln/detail/CVE-2022-41725  
[ 8 ] CVE-2023-24534  
      https://nvd.nist.gov/vuln/detail/CVE-2023-24534  
[ 9 ] CVE-2023-24536  
      https://nvd.nist.gov/vuln/detail/CVE-2023-24536  
[ 10 ] CVE-2023-24537  
      https://nvd.nist.gov/vuln/detail/CVE-2023-24537  
[ 11 ] CVE-2023-24538  
      https://nvd.nist.gov/vuln/detail/CVE-2023-24538  
[ 12 ] CVE-2023-29402  
      https://nvd.nist.gov/vuln/detail/CVE-2023-29402  
[ 13 ] CVE-2023-29403  
      https://nvd.nist.gov/vuln/detail/CVE-2023-29403  
[ 14 ] CVE-2023-29404  
      https://nvd.nist.gov/vuln/detail/CVE-2023-29404  
[ 15 ] CVE-2023-29405  
      https://nvd.nist.gov/vuln/detail/CVE-2023-29405  
[ 16 ] CVE-2023-29406  
      https://nvd.nist.gov/vuln/detail/CVE-2023-29406  
[ 17 ] CVE-2023-29409  
      https://nvd.nist.gov/vuln/detail/CVE-2023-29409  
[ 18 ] CVE-2023-39318  
      https://nvd.nist.gov/vuln/detail/CVE-2023-39318  
[ 19 ] CVE-2023-39319  
      https://nvd.nist.gov/vuln/detail/CVE-2023-39319  
[ 20 ] CVE-2023-39320  
      https://nvd.nist.gov/vuln/detail/CVE-2023-39320  
[ 21 ] CVE-2023-39321  
      https://nvd.nist.gov/vuln/detail/CVE-2023-39321  
[ 22 ] CVE-2023-39322  
      https://nvd.nist.gov/vuln/detail/CVE-2023-39322  
[ 23 ] CVE-2023-39323  
      https://nvd.nist.gov/vuln/detail/CVE-2023-39323  
[ 24 ] CVE-2023-39325  
      https://nvd.nist.gov/vuln/detail/CVE-2023-39325  
[ 25 ] CVE-2023-44487  
      https://nvd.nist.gov/vuln/detail/CVE-2023-44487

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202311-09

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202311-09

Gentoo Linux Security Advisory 202311-8 - A buffer overflow vulnerability has been discovered in GNU Libmicrohttpd. Versions greater than 0.9.70 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202311-08  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: GNU Libmicrohttpd: Buffer Overflow Vulnerability  
     Date: November 25, 2023  
     Bugs: #778296  
       ID: 202311-08

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
A buffer overflow vulnerability has been discovered in GNU  
Libmicrohttpd.

Background  
=========  
GNU libmicrohttpd is a small C library that makes it easy to run an HTTP  
server as part of another application. GNU Libmicrohttpd is free  
software and part of the GNU project.

Affected packages  
================  
Package                 Vulnerable    Unaffected  
----------------------  ------------  ------------  
net-libs/libmicrohttpd  = 0.9.70      > 0.9.70

Description  
==========  
A buffer overflow vulnerability has been discovered in GNU  
Libmicrohttpd. Please review the CVE identifier referenced below for  
details.

Impact  
=====  
A missing bounds check in the post_process_urlencoded function leads to  
a buffer overflow, allowing a remote attacker to write arbitrary data in  
an application that uses libmicrohttpd. The highest threat from this  
vulnerability is to data confidentiality and integrity as well as system  
availability.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All GNU Libmicrohttpd users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">net-libs/libmicrohttpd-0.9.70"

References  
=========  
[ 1 ] CVE-2021-3466  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3466

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202311-08

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202311-08

Debian Linux Security Advisory 5564-1 - Michael Randrianantenaina reported several vulnerabilities in GIMP, the GNU Image Manipulation Program, which could result in denial of service (application crash) or potentially the execution of arbitrary code if malformed DDS, PSD and PSP files are opened.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5564-1                   security@debian.orghttps://www.debian.org/security/                     Salvatore BonaccorsoNovember 24, 2023                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : gimpCVE ID         : CVE-2023-44441 CVE-2023-44442 CVE-2023-44443 CVE-2023-44444Debian Bug     : 1055984Michael Randrianantenaina reported several vulnerabilities in GIMP, theGNU Image Manipulation Program, which could result in denial of service(application crash) or potentially the execution of arbitrary code ifmalformed DDS, PSD and PSP files are opened.For the oldstable distribution (bullseye), these problems have been fixedin version 2.10.22-4+deb11u1.For the stable distribution (bookworm), these problems have been fixed inversion 2.10.34-1+deb12u1.We recommend that you upgrade your gimp packages.For the detailed security status of gimp please refer to its securitytracker page at:https://security-tracker.debian.org/tracker/gimpFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmVhJD5fFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0R/hxAAlMYQg+W/jKy/+bgIgisVlRM1dSij6pPFqqCh0aMZr9j8AX8CpZvJBCiRmlfPZe6qS88LKt70zX5xoJOFQ5XS/b9HTMFrv2V6l3pe83Hag0sJOic4WbmI258iB6DFb3qVA9PZjQ+a7JsoPBVc80M3o+rkFbdn2e/d+6ApLxq0XGb3iH0JkYIny41F3FLYhFI1iRCbX9Oxhe91MmtM2CvI5/UWjALS9+U3IgnuyfnTLUEkCfMnvTLEiMBBTwt/rD+zhOEFMvQazocoqEDDjmo4aJ4CVC78EJYbfthUH55JVordifVS6u0tQM0wXGPJhQPsDIModp0KoukvUVlj/LLKa2q9xr5IAM7G5IM3vah8yAFAiF5BFEE4nIRtBBlwfPPVJjrnZEd+pb02HaKgD7bdmAC775HtX8ExGmMeg54ckXv3gokUbFIzDXBAKXhWjoNztrrRiWIo08knZCIYPTxe0Ou6XvrYxcD0UufxqXkSsCdYzC+aBIJasfpdXpbUZ6ECwK/A7DmaIj7Ar4ssvQKf0uLGmQDzGZiLpNsgXg4tR04xCBwQIU7ONr5b629hDt0Lo6QCjNsSlWKNdOkiIZ3DIYRGUEq4dL56pa+vz74nhvEYq2pWu5ijCAk7XOZWuw/CkcMpeXp4Y5yZ88eUYdM3bvpCgriqXvpWJA1NxAiw0/sêEb-----END PGP SIGNATURE-----

Tag

#linux