An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. The issue occurs due to a lack of proper validation of dynamic pointers within user-supplied eBPF programs prior to executing them. This may allow an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code in the context of the kernel.

'2226783?cve=title' is not a valid bug number nor an alias to a bug.

Please press **Back** and try again.

CVE-2023-39191: Invalid Bug ID

Garuda Linux performs an insecure user creation and authentication that allows any user to impersonate the created account. By creating users from the 'Garuda settings manager', an insecure procedure is performed that keeps the created user without an assigned password during some seconds. This could allow a potential attacker to exploit this vulnerability in order to authenticate without knowing the password.

Affected Resources

Garuda Linux.

Description

INCIBE has coordinated the publication of a vulnerability in Garuda Linux, with the internal code INCIBE-2021-0444, which has been discovered by Jesús Olmos at fox-it/nccgroup.

CVE-2021-3784 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L.

Solution

The issue is fixed in Garuda latest version.

Detail

Garuda Linux performs an insecure user creation and authentication that allows any user to impersonate the created account.

By creating users from the 'Garuda settings manager', an insecure procedure is performed that keeps the created user without an assigned password during some seconds. This could allow a potential attacker to exploit this vulnerability in order to authenticate without knowing the password.

This vulnerability is already fixed in the last version of Garuda Linux.

**CWE-285**: Improper Authorization.

_**TIMELINE**_:

09/08/2021 - Researchers contact with INCIBE.  
13/09/2021 - Garuda Linux fixes the vulnerability.  
28/10/2021 - The advisory is published by INCIBE.

If you have any information regarding this advisory, please contact INCIBE as indicated in the CVE Assignment and publication section.

CVE-2021-3784: Garuda Linux Improper Authorization | INCIBE-CERT

An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an attacker to capture credentials by creating a custom login page by injecting HTML, resulting in a complete compromise.

Skip to navigation Skip to main content

**Utilities**

*   Subscriptions
*   Downloads
*   Containers
*   Support Cases

**Infrastructure and Management**

*   Red Hat Enterprise Linux
*   Red Hat Satellite
*   Red Hat Subscription Management
*   Red Hat Insights
*   Red Hat Ansible Automation Platform

**Cloud Computing**

*   Red Hat OpenShift
*   Red Hat OpenStack Platform
*   Red Hat OpenShift Container Platform
*   Red Hat OpenShift Data Science
*   Red Hat OpenShift Dedicated
*   Red Hat Advanced Cluster Security for Kubernetes
*   Red Hat Advanced Cluster Management for Kubernetes
*   Red Hat Quay
*   OpenShift Dev Spaces
*   Red Hat OpenShift Service on AWS

**Storage**

*   Red Hat Gluster Storage
*   Red Hat Hyperconverged Infrastructure
*   Red Hat Ceph Storage
*   Red Hat OpenShift Data Foundation

**Runtimes**

*   Red Hat Runtimes
*   Red Hat JBoss Enterprise Application Platform
*   Red Hat Data Grid
*   Red Hat JBoss Web Server
*   Red Hat Single Sign On
*   Red Hat support for Spring Boot
*   Red Hat build of Node.js
*   Red Hat build of Quarkus

**Integration and Automation**

All Products

Issued:

2023-07-31

Updated:

2023-07-31

**RHSA-2023:4340 - Security Advisory**

*   Overview
*   Updated Packages

**Synopsis**

Moderate: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update

**Type/Severity**

Security Advisory: Moderate

**Red Hat Insights patch analysis**

Identify and remediate systems affected by this advisory.

View affected systems

**Topic**

An update is now available for Red Hat Ansible Automation Platform 2.4  

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

**Description**

Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language.  

Security Fix(es):  

*   automation controller: Html injection in custom login info (CVE-2023-3971)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.  

Additional changes:  

*   Org admin users are no longer shown an error on Instances list. (AAP-11195)
*   Fixed workflow job within workflow approval to display correct details. (AAP-11433)
*   Credential name search in ad-hoc commands prompt no longer requires case-sensitive input. (AAP-11442)
*   The 'Back to list' button in the controller UI now maintains previous search filters. (AAP-11527)
*   Topology view and Instances are only available as sidebar menu options to System Administrators and System Auditors. (AAP-11585)
*   Fixed the frequency of the scheduler to run on the correct day of the week as specified by the user. (AAP-11776)
*   Fixed an issue with slow database 'UPDATE' statements when using nested tasks(include\_tasks) causing task manager timeout. (AAP-12586)
*   Added setting to enable queuing for Rsyslog to handle higher work volumes(LOG\_AGGREGATOR\_ACTION\_MAX\_DISK\_USAGE\_GB) (AAP-12726)
*   Allow execution and hop nodes to be added to VM-based Controller installations from the UI (AAP-12849)
*   Add awx-manage command for creating future events table partitions (AAP-12907)
*   Re-enabled Pendo support by providing the correct pendo api key (AAP-13415)
*   Fix for filter experience when assigning access to teams: In the dialog for granting teams to access a resource, it should be possible to filter teams using partial names. (AAP-13557)
*   Fixed bug where a weekly rrule string without a BYDAY would result in the UI throwing a TypeError (AAP-13670)
*   Fix server error that happens when deleting workflow jobs ran before event partitioning migration (AAP-13806)
*   Added api reference documentation for new bulk api endpoint. (AAP-13980)
*   Fixed bug where forms provided in the custom login info would render and execute. (AAP-14013)
*   Fix issue where related items were not visible in some cases: job template instance groups, organization galaxy credentials, and organization instance groups. (AAP-14057)

**Solution**

Red Hat Ansible Automation Platform

**Affected Products**

*   Red Hat Ansible Automation Platform 2.4 for RHEL 9 x86\_64
*   Red Hat Ansible Automation Platform 2.4 for RHEL 9 s390x
*   Red Hat Ansible Automation Platform 2.4 for RHEL 9 ppc64le
*   Red Hat Ansible Automation Platform 2.4 for RHEL 9 aarch64
*   Red Hat Ansible Automation Platform 2.4 for RHEL 8 x86\_64
*   Red Hat Ansible Automation Platform 2.4 for RHEL 8 s390x
*   Red Hat Ansible Automation Platform 2.4 for RHEL 8 ppc64le
*   Red Hat Ansible Automation Platform 2.4 for RHEL 8 aarch64

**Fixes**

*   BZ - 2226965 - CVE-2023-3971 Controller: Html injection in custom login info

**Red Hat Ansible Automation Platform 2.4 for RHEL 9**

SRPM

automation-controller-4.4.1-1.el9ap.src.rpm

SHA-256: efb9ff166108d25504098379fb58184d6b4481149bdd53e8362c03330d549ab8

x86\_64

automation-controller-4.4.1-1.el9ap.x86\_64.rpm

SHA-256: bb2011ab13084d7d7565fcabeaa5c0c50dd7d8cfd033f662873b9311f677ec1c

automation-controller-cli-4.4.1-1.el9ap.noarch.rpm

SHA-256: db1a60962021371f385ef9a9965e7d12bb84063a2c15c801dcb94695aaea414d

automation-controller-server-4.4.1-1.el9ap.noarch.rpm

SHA-256: 96dd802c4535f870fd29a603b578fa3e7ff8a0e7ce33cf5bd690eed305dc59a0

automation-controller-ui-4.4.1-1.el9ap.noarch.rpm

SHA-256: 2b212ed64702a01f5c4d71c42258f87c89a53e835abc2730a2c7728aeedd8b0d

automation-controller-venv-tower-4.4.1-1.el9ap.x86\_64.rpm

SHA-256: 50988903ee922af745f47163682dbfdc19ae95e832c959b7dc8839a2e16db455

s390x

automation-controller-4.4.1-1.el9ap.s390x.rpm

SHA-256: 549495d99e4e9d857aad776b184043f5e8f09b2f63042496c318ef4c2769a1b7

automation-controller-cli-4.4.1-1.el9ap.noarch.rpm

SHA-256: db1a60962021371f385ef9a9965e7d12bb84063a2c15c801dcb94695aaea414d

automation-controller-server-4.4.1-1.el9ap.noarch.rpm

SHA-256: 96dd802c4535f870fd29a603b578fa3e7ff8a0e7ce33cf5bd690eed305dc59a0

automation-controller-ui-4.4.1-1.el9ap.noarch.rpm

SHA-256: 2b212ed64702a01f5c4d71c42258f87c89a53e835abc2730a2c7728aeedd8b0d

automation-controller-venv-tower-4.4.1-1.el9ap.s390x.rpm

SHA-256: 977bfa19cf2567d992c2a1333cbe23404c8bce52c2663add8b7bc414230363d1

ppc64le

automation-controller-4.4.1-1.el9ap.ppc64le.rpm

SHA-256: b32a7fa6b4fe63462f492b9e580969dd12aabb0165bd6da9e1527517af01b8a7

automation-controller-cli-4.4.1-1.el9ap.noarch.rpm

SHA-256: db1a60962021371f385ef9a9965e7d12bb84063a2c15c801dcb94695aaea414d

automation-controller-server-4.4.1-1.el9ap.noarch.rpm

SHA-256: 96dd802c4535f870fd29a603b578fa3e7ff8a0e7ce33cf5bd690eed305dc59a0

automation-controller-ui-4.4.1-1.el9ap.noarch.rpm

SHA-256: 2b212ed64702a01f5c4d71c42258f87c89a53e835abc2730a2c7728aeedd8b0d

automation-controller-venv-tower-4.4.1-1.el9ap.ppc64le.rpm

SHA-256: 9c4dd1e4cfca6c0059a0086ea36e2658dceaac3b11831f296662842fcc405a4d

aarch64

automation-controller-4.4.1-1.el9ap.aarch64.rpm

SHA-256: 9a91f3e3c34357975483c2e3ad7e4e4bc090c16d9d257f0d2cfb03e8b2b9b8c8

automation-controller-cli-4.4.1-1.el9ap.noarch.rpm

SHA-256: db1a60962021371f385ef9a9965e7d12bb84063a2c15c801dcb94695aaea414d

automation-controller-server-4.4.1-1.el9ap.noarch.rpm

SHA-256: 96dd802c4535f870fd29a603b578fa3e7ff8a0e7ce33cf5bd690eed305dc59a0

automation-controller-ui-4.4.1-1.el9ap.noarch.rpm

SHA-256: 2b212ed64702a01f5c4d71c42258f87c89a53e835abc2730a2c7728aeedd8b0d

automation-controller-venv-tower-4.4.1-1.el9ap.aarch64.rpm

SHA-256: aecd4a5ca2d204ad421dc003d92df0ae81724e76df30fa8d491bc1ca6d6fcf31

**Red Hat Ansible Automation Platform 2.4 for RHEL 8**

SRPM

automation-controller-4.4.1-1.el8ap.src.rpm

SHA-256: e65f12a4a393c6ac05cf5a9cd75ca163be92b66c0219b2faf0376a83b8ec0e2b

x86\_64

automation-controller-4.4.1-1.el8ap.x86\_64.rpm

SHA-256: 06ce2cf2d45f57a4875f4ed2e01c6ea723644e01df27ab31cc2b466635a0c213

automation-controller-cli-4.4.1-1.el8ap.noarch.rpm

SHA-256: 404d9649a8aed89e2e17615790a45b913bef92170f09d99a2e803e6233b73aff

automation-controller-server-4.4.1-1.el8ap.noarch.rpm

SHA-256: 8b011eabe800ac6527fc870909d216ba57b543bd3cc5378938f14f247b5e74c0

automation-controller-ui-4.4.1-1.el8ap.noarch.rpm

SHA-256: 043d19e0f770573102445ca2a4ba3128eb29ff468254b2699d118e61165e95be

automation-controller-venv-tower-4.4.1-1.el8ap.x86\_64.rpm

SHA-256: 0d1b78eeb39b0b440b352f92688501f10793a5c3b16d42c3d33318c13dcc234d

s390x

automation-controller-4.4.1-1.el8ap.s390x.rpm

SHA-256: 771398c3146ccac28927d075b615b2db263d280d875075517b6d61cc45ff30e5

automation-controller-cli-4.4.1-1.el8ap.noarch.rpm

SHA-256: 404d9649a8aed89e2e17615790a45b913bef92170f09d99a2e803e6233b73aff

automation-controller-server-4.4.1-1.el8ap.noarch.rpm

SHA-256: 8b011eabe800ac6527fc870909d216ba57b543bd3cc5378938f14f247b5e74c0

automation-controller-ui-4.4.1-1.el8ap.noarch.rpm

SHA-256: 043d19e0f770573102445ca2a4ba3128eb29ff468254b2699d118e61165e95be

automation-controller-venv-tower-4.4.1-1.el8ap.s390x.rpm

SHA-256: d1a5e09244b540403b12337d79c6584b5c96a3a21abbfbc5ef2a98d8c0074870

ppc64le

automation-controller-4.4.1-1.el8ap.ppc64le.rpm

SHA-256: 4a6a4e54b5cfb5d0ba4eb03073910b29c39c060aeb4aa8fded401285da45dfad

automation-controller-cli-4.4.1-1.el8ap.noarch.rpm

SHA-256: 404d9649a8aed89e2e17615790a45b913bef92170f09d99a2e803e6233b73aff

automation-controller-server-4.4.1-1.el8ap.noarch.rpm

SHA-256: 8b011eabe800ac6527fc870909d216ba57b543bd3cc5378938f14f247b5e74c0

automation-controller-ui-4.4.1-1.el8ap.noarch.rpm

SHA-256: 043d19e0f770573102445ca2a4ba3128eb29ff468254b2699d118e61165e95be

automation-controller-venv-tower-4.4.1-1.el8ap.ppc64le.rpm

SHA-256: 0d51773442772c813d2cb82f49ee53caca0713e24e0f5a1dbcc361ca5e6e826b

aarch64

automation-controller-4.4.1-1.el8ap.aarch64.rpm

SHA-256: a96265e665556d1b57a6ec04927fef935e1e2442b3a0ff7d8267331ce1f6f95b

automation-controller-cli-4.4.1-1.el8ap.noarch.rpm

SHA-256: 404d9649a8aed89e2e17615790a45b913bef92170f09d99a2e803e6233b73aff

automation-controller-server-4.4.1-1.el8ap.noarch.rpm

SHA-256: 8b011eabe800ac6527fc870909d216ba57b543bd3cc5378938f14f247b5e74c0

automation-controller-ui-4.4.1-1.el8ap.noarch.rpm

SHA-256: 043d19e0f770573102445ca2a4ba3128eb29ff468254b2699d118e61165e95be

automation-controller-venv-tower-4.4.1-1.el8ap.aarch64.rpm

SHA-256: 2fe32421b2a506372cffe6851dcd6ae89b665e91f95dc7a4eca5736ef7eb1462

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

CVE-2023-3971

Gentoo Linux Security Advisory 202310-4 - Multiple vulnerabilities have been discovered in libvpx, the worst of which could result in arbitrary code execution. Versions greater than or equal to 1.13.1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202310-04  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: libvpx: Multiple Vulnerabilities  
     Date: October 04, 2023  
     Bugs: #914875, #914987  
       ID: 202310-04

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in libvpx, the worst of  
which could result in arbitrary code execution.

Background  
=========  
libvpx is the VP8 codec SDK used to encode and decode video streams,  
typically within a WebM format media file.

Affected packages  
================  
Package            Vulnerable    Unaffected  
-----------------  ------------  ------------  
media-libs/libvpx  < 1.13.1      >= 1.13.1

Description  
==========  
Multiple vulnerabilities have been discovered in libvpx. Please review  
the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All libvpx users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=media-libs/libvpx-1.13.1"

References  
=========  
[ 1 ] CVE-2023-5217  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5217  
[ 2 ] CVE-2023-44488  
      https://nvd.nist.gov/vuln/detail/CVE-2023-44488

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202310-04

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202310-04

Gentoo Linux Security Advisory 202310-3 - Multiple vulnerabilities in glibc could result in Local Privilege Escalation. Versions greater than or equal to 2.37-r7 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202310-03  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: glibc: Multiple vulnerabilities  
     Date: October 04, 2023  
     Bugs: #867952, #914281, #915127  
       ID: 202310-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities in glibc could result in Local Privilege  
Escalation.

Background  
=========  
glibc is a package that contains the GNU C library.

Affected packages  
================  
Package         Vulnerable    Unaffected  
--------------  ------------  ------------  
sys-libs/glibc  < 2.37-r7     >= 2.37-r7

Description  
==========  
Multiple vulnerabilities have been discovered in glibc. Please review  
the CVE identifiers referenced below for details.

Impact  
=====  
An attacker could elevate privileges from a local user to root.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All glibc users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=sys-libs/glibc-2.37-r7"

References  
=========  
[ 1 ] CVE-2022-39046  
      https://nvd.nist.gov/vuln/detail/CVE-2022-39046  
[ 2 ] CVE-2023-4527  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4527  
[ 3 ] CVE-2023-4806  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4806  
[ 4 ] CVE-2023-4911  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4911

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202310-03

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202310-03

Ubuntu Security Notice 6386-3 - Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle L2CAP socket release, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-6386-3  
October 03, 2023

linux-intel-iotg, linux-intel-iotg-5.15, linux-oracle, linux-oracle-5.15  
vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:  
- linux-intel-iotg: Linux kernel for Intel IoT platforms  
- linux-oracle: Linux kernel for Oracle Cloud systems  
- linux-intel-iotg-5.15: Linux kernel for Intel IoT platforms  
- linux-oracle-5.15: Linux kernel for Oracle Cloud systems

Details:

Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii  
Oleksenko discovered that some AMD processors could leak stale data from  
division operations in certain situations. A local attacker could possibly  
use this to expose sensitive information. (CVE-2023-20588)

It was discovered that the bluetooth subsystem in the Linux kernel did not  
properly handle L2CAP socket release, leading to a use-after-free  
vulnerability. A local attacker could use this to cause a denial of service  
(system crash) or possibly execute arbitrary code. (CVE-2023-40283)

It was discovered that some network classifier implementations in the Linux  
kernel contained use-after-free vulnerabilities. A local attacker could use  
this to cause a denial of service (system crash) or possibly execute  
arbitrary code. (CVE-2023-4128)

Lonial Con discovered that the netfilter subsystem in the Linux kernel  
contained a memory leak when handling certain element flush operations. A  
local attacker could use this to expose sensitive information (kernel  
memory). (CVE-2023-4569)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.04 LTS:  
   linux-image-5.15.0-1040-intel-iotg  5.15.0-1040.46  
   linux-image-5.15.0-1044-oracle  5.15.0-1044.50  
   linux-image-intel-iotg          5.15.0.1040.40  
   linux-image-oracle              5.15.0.1044.39  
   linux-image-oracle-lts-22.04    5.15.0.1044.39

Ubuntu 20.04 LTS:  
   linux-image-5.15.0-1040-intel-iotg  5.15.0-1040.46~20.04.1  
   linux-image-5.15.0-1044-oracle  5.15.0-1044.50~20.04.1  
   linux-image-intel               5.15.0.1040.46~20.04.31  
   linux-image-intel-iotg          5.15.0.1040.46~20.04.31  
   linux-image-oracle              5.15.0.1044.50~20.04.1

After a standard system update you need to reboot your computer to make  
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have  
been given a new version number, which requires you to recompile and  
reinstall all third party kernel modules you might have installed.  
Unless you manually uninstalled the standard kernel metapackages  
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,  
linux-powerpc), a standard system upgrade will automatically perform  
this as well.

References:  
   https://ubuntu.com/security/notices/USN-6386-3  
   https://ubuntu.com/security/notices/USN-6386-1  
   CVE-2023-20588, CVE-2023-40283, CVE-2023-4128, CVE-2023-4569

Package Information:  
   https://launchpad.net/ubuntu/+source/linux-intel-iotg/5.15.0-1040.46  
   https://launchpad.net/ubuntu/+source/linux-oracle/5.15.0-1044.50

 https://launchpad.net/ubuntu/+source/linux-intel-iotg-5.15/5.15.0-1040.46~20.04.1

 https://launchpad.net/ubuntu/+source/linux-oracle-5.15/5.15.0-1044.50~20.04.1

Ubuntu Security Notice USN-6386-3

Debian Linux Security Advisory 5514-1 - The Qualys Research Labs discovered a buffer overflow in the dynamic loader's processing of the GLIBC_TUNABLES environment variable. An attacker can exploit this flaw for privilege escalation.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5514-1                   security@debian.org  
https://www.debian.org/security/                     Salvatore Bonaccorso  
October 03, 2023                      https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : glibc  
CVE ID         : CVE-2023-4911

The Qualys Research Labs discovered a buffer overflow in the dynamic  
loader's processing of the GLIBC_TUNABLES environment variable. An  
attacker can exploit this flaw for privilege escalation.

Details can be found in the Qualys advisory at  
https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt

For the oldstable distribution (bullseye), this problem has been fixed  
in version 2.31-13+deb11u7.

For the stable distribution (bookworm), this problem has been fixed in  
version 2.36-9+deb12u3. This update includes fixes for CVE-2023-4527 and  
CVE-2023-4806 originally planned for the upcoming bookworm point  
release.

We recommend that you upgrade your glibc packages.

For the detailed security status of glibc please refer to its security  
tracker page at:  
https://security-tracker.debian.org/tracker/glibc

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmUcTjRfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2  
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND  
z0RwIg/9FzdAHadxCbk4N4Yg+aC3CmY68Z0Q2datcBWL5oLnplNNKcgsQqDDrbr4  
WBphk1mQBusrOw5t5O2CAZitUk/mcQQ0bsV3YDPKTnKYswYkf6MXIfJ9Ck3uHJ0W  
yKVczC9g2ZLJ3uhpAIPiKro/XxKJRbek2WLJ+lgXnJz4akhwB1sd1nDEUOKz3gBH  
jvZj8UvjPHg1gwf1d5Xz4C3Kcd5aso8a/Tpr6iix7UJB8FZmfwlo+Oq4+/obPvJm  
n5Rj0x6R2GEH/edJylgzrVMOYc5bSZlTs0a4rm90oUHWYL9Y3bDIusJesSedy97H  
qra/DMFlQRs0JPejC+TUhLmJWvOum30WrPpdQtjSAcWuxKTse/felwyDwwQ3ogP5  
tzUOeG/YmHj8kT0owAFUFiQumOifMTVNO2SYHCO3jXSLkMCOw1f9NCmcV3wU05Pe  
cmFJgiZpzYzg4oY+MOnJAHfryQL4RGhv+VyPk5nhMa9F8405xSvl7did0FPz7YLX  
aWLAm8xhO/+ZIDowfKGK54zaDt2DHqId7VGNgn196ES8abuY71Le9zj1SIkZIXdA  
KwEwgGTSxkfWs/ffuzrn7gvmDLvB1u1Gb27Cq3M/WoVlxqGzmufyZM8t9xJhomEY  
BUNpA4jr0ZKxw5t5oss8xh95OVRCCjK6HAeTbpMXWbeEVCQjV30=j3fR  
-----END PGP SIGNATURE-----

Debian Security Advisory 5514-1

Debian Linux Security Advisory 5513-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5513-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
October 03, 2023                      https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : thunderbird  
CVE ID         : CVE-2023-5176 CVE-2023-5171 CVE-2023-5169

Multiple security issues were discovered in Thunderbird, which could  
result in denial of service or the execution of arbitrary code.

Debian follows the Thunderbird upstream releases. Support for the  
102.x series has ended, so starting with this update we're now  
following the 115.x series.

For the oldstable distribution (bullseye), this problem has been fixed  
in version 1:115.3.1-1~deb11u1.

For the stable distribution (bookworm), this problem has been fixed in  
version 1:115.3.1-1~deb12u1.

We recommend that you upgrade your thunderbird packages.

For the detailed security status of thunderbird please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/thunderbird

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmUcNcoACgkQEMKTtsN8  
TjZmHhAAr7ya5dB5IymhUm/RIfS9vESvPBNTvOLSbVZEaJuYsnSUNQavKF5s1p0K  
e2235Y2J9HJ/Dlq8QG/hp5V1dalCpMwhnUJXwjpYfRtDcYB9vCVCyi2vSmo74Ob/  
o27DqrMaR8wXUlanNsKUk2fIeNE0ilaiFxDyjLkdXRKYfj4cDdGXdvZ9XP7h+mBY  
kSF/o+4nHf7CizPBXQEGjIftbISMlttKTyXNHlTmBb1Kv2ky+pBq/EkJcQYsp9Ww  
lxGi68gUQm+vGMpDyDPK6yLwTGF92KXXn9zuBwKEBdqxl3riden7m1vCKGoUeWhB  
/kr/h44/UHF3iyETu9uumyT9v3GRo2Gn7lO0SPhzlqZc0IttPa9WVcI2InzccBWF  
pJKsEnHp3ykVj7+mLoHLdMTDdLqBbib8Obw6lXsRKw5iydvPhd40Rvkn3G8sACzN  
1Lg0McMsmEbW0DlqP7F/ieD6nvtAoMbLsIuD+9N5mhtMWBb2jcxOHGKpnZtisa9q  
hio1T8zv6wNIo8QNstmt0LOBvUa/islf2UF7wh1VNIsSwgQ1E7NLx5sJXzjBj52u  
hb9OUsCJt3knBDhyOYtrxSeXMrcCpZCNY4LuFg0fKbFv2wHwpaAXoT0e4qXLxLYF  
/WRvTWw1lPlXQtT7XY3UhQNiNDHhlYN0gZLgRpiCFzOnFhWs3mM=CP7k  
-----END PGP SIGNATURE-----

Debian Security Advisory 5513-1

Red Hat Security Advisory 2023-5419-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include information leakage, privilege escalation, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: kernel security update  
Advisory ID:       RHSA-2023:5419-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:5419  
Issue date:        2023-10-03  
CVE Names:         CVE-2023-20593 CVE-2023-32233  
====================================================================  
1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.7  
Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 7.7) - noarch, x86_64  
Red Hat Enterprise Linux Server Optional AUS (v. 7.7) - x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* kernel: netfilter: use-after-free in nf_tables when processing batch  
requests can lead to privilege escalation (CVE-2023-32233)

* hw: amd: Cross-Process Information Leak (CVE-2023-20593)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2196105 - CVE-2023-32233 kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation  
2217845 - CVE-2023-20593 hw: amd: Cross-Process Information Leak

6. Package List:

Red Hat Enterprise Linux Server AUS (v. 7.7):

Source:  
kernel-3.10.0-1062.79.1.el7.src.rpm

noarch:  
kernel-abi-whitelists-3.10.0-1062.79.1.el7.noarch.rpm  
kernel-doc-3.10.0-1062.79.1.el7.noarch.rpm

x86_64:  
bpftool-3.10.0-1062.79.1.el7.x86_64.rpm  
bpftool-debuginfo-3.10.0-1062.79.1.el7.x86_64.rpm  
kernel-3.10.0-1062.79.1.el7.x86_64.rpm  
kernel-debug-3.10.0-1062.79.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1062.79.1.el7.x86_64.rpm  
kernel-debug-devel-3.10.0-1062.79.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1062.79.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1062.79.1.el7.x86_64.rpm  
kernel-devel-3.10.0-1062.79.1.el7.x86_64.rpm  
kernel-headers-3.10.0-1062.79.1.el7.x86_64.rpm  
kernel-tools-3.10.0-1062.79.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1062.79.1.el7.x86_64.rpm  
kernel-tools-libs-3.10.0-1062.79.1.el7.x86_64.rpm  
perf-3.10.0-1062.79.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1062.79.1.el7.x86_64.rpm  
python-perf-3.10.0-1062.79.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1062.79.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional AUS (v. 7.7):

x86_64:  
bpftool-debuginfo-3.10.0-1062.79.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1062.79.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1062.79.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1062.79.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1062.79.1.el7.x86_64.rpm  
kernel-tools-libs-devel-3.10.0-1062.79.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1062.79.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1062.79.1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-20593  
https://access.redhat.com/security/cve/CVE-2023-32233  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJlHDLEAAoJENzjgjWX9erEOYwP/ie6T8YlPUef/r3HqS/sAniT  
JlWyj2CqIC0I2HizjkcrpQWqICM/oEIHQe7imFkZcJ/1eec+rDDiI4Kvy9gFa2aW  
/IrfLyhVpT3kwjEPuMmT4RyVRoZ3moPbrEobzBlQ0+2AI1bVAjOMFJ1RedRWgtlL  
fsAGdjbHRoUWWHAFhxpuxD9eZNmwcwuCFy6bsozm/RjI9TajME4pLIBx4Oos8u3T  
Ut/Fy9cvHDZFq33iJi7nZFe+pmsGkUlsBQqCbLfaeisUAGQC91zuixQlg4NOJbv0  
LIQbW4ey7m95KBUu8gkPp8H167+PT5iEugUr9lw/wL62RuEEX/3JZthbuqj2PJr5  
RDqFYh3oP3/p5zjQNTnycNA+5wN3dLaHXbRINirer6y5OlnUQCy2yNXvc1v8AlOR  
EzYXuon17wHR9Ru3lViQPQcqHBOlw2D+Dm1mVQ6oniXRMJsrK57uIO88shGB0FAB  
3Nklht4aeVAbD9g/LkiT02gldF+FK1E0b/c4571TBDhrmjObXooKnZD2FO0oghm+  
jOTxcBDklhxOWgdlK1sLRF4USIDF3jiyjr9fNqReIc9Ypzz77iw/XcUe4mjt6o9u  
eOHaRLPPnlzMFtcdA7BC51SJHJKYCtzieILMePtExVR7GgUF2p39WAOuzc6KeTrF  
mL7U3YWie1w4Evhr9xHG  
=uZSE  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-5419-01

This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.

Tag

#linux