Ubuntu Security Notice 6367-1 - It was discovered that Firefox did not properly manage memory when handling WebP images. If a user were tricked into opening a webpage containing malicious WebP image file, an attacker could potentially exploit these to cause a denial of service or execute arbitrary code.

    ==========================================================================Ubuntu Security Notice USN-6367-1September 14, 2023firefox vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTSSummary:Firefox could be made to crash or run programs if it opened a maliciouswebsite.Software Description:- firefox: Mozilla Open Source web browserDetails:It was discovered that Firefox did not properly manage memory when handlingWebP images. If a user were tricked into opening a webpage containingmalicious WebP image file, an attacker could potentially exploit these tocause a denial of service or execute arbitrary code. (CVE-2023-4863)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS:  firefox                         117.0.1+build2-0ubuntu0.20.04.1After a standard system update you need to restart Firefox to make all thenecessary changes.References:  https://ubuntu.com/security/notices/USN-6367-1  CVE-2023-4863Package Information:  https://launchpad.net/ubuntu/+source/firefox/117.0.1+build2-0ubuntu0.20.04.1

Ubuntu Security Notice USN-6367-1

Ubuntu Security Notice 6364-1 - It was discovered that Ghostscript incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service. It was discovered that Ghostscript incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-6364-1  
September 13, 2023

ghostscript vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in Ghostscript.

Software Description:  
- ghostscript: PostScript and PDF interpreter

Details:

It was discovered that Ghostscript incorrectly handled certain PDF files.  
An attacker could possibly use this issue to cause a denial of service.  
(CVE-2020-21710)

It was discovered that Ghostscript incorrectly handled certain PDF files.  
An attacker could possibly use this issue to cause a denial of service,  
or possibly execute arbitrary code. (CVE-2020-21890)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 20.04 LTS:  
   ghostscript                     9.50~dfsg-5ubuntu4.10  
   libgs9                          9.50~dfsg-5ubuntu4.10

Ubuntu 18.04 LTS (Available with Ubuntu Pro):  
   ghostscript                     9.26~dfsg+0-0ubuntu0.18.04.18+esm2  
   libgs9                          9.26~dfsg+0-0ubuntu0.18.04.18+esm2

Ubuntu 16.04 LTS (Available with Ubuntu Pro):  
   ghostscript                     9.26~dfsg+0-0ubuntu0.16.04.14+esm7  
   libgs9                          9.26~dfsg+0-0ubuntu0.16.04.14+esm7

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6364-1  
   CVE-2020-21710, CVE-2020-21890

Package Information:  
   https://launchpad.net/ubuntu/+source/ghostscript/9.50~dfsg-5ubuntu4.10

Ubuntu Security Notice USN-6364-1

Ubuntu Security Notice 6366-1 - It was discovered that PostgreSQL incorrectly handled certain extension script substitutions. An attacker having database-level CREATE privileges can use this issue to execute arbitrary code as the bootstrap superuser.

==========================================================================  
Ubuntu Security Notice USN-6366-1  
September 13, 2023

postgresql-9.5 vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS (Available with Ubuntu Pro)

Summary:

PostgreSQL could be made to execute commands as the bootstrap superuser.

Software Description:  
- postgresql-9.5: Object-relational SQL database

Details:

It was discovered that PostgreSQL incorrectly handled certain extension  
script substitutions. An attacker having database-level CREATE privileges  
can use this issue to execute arbitrary code as the bootstrap superuser.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 16.04 LTS (Available with Ubuntu Pro):  
   postgresql-9.5                     9.5.25-0ubuntu0.16.04.1+esm5  
   postgresql-client-9.5           9.5.25-0ubuntu0.16.04.1+esm5

After a standard system update you need to restart PostgreSQL to make  
all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6366-1  
   CVE-2023-39417

Ubuntu Security Notice USN-6366-1

Ubuntu Security Notice 6365-1 - It was discovered that Open VM Tools incorrectly handled SAML tokens. A remote attacker could possibly use this issue to bypass SAML token signature verification and perform VMware Tools Guest Operations.

==========================================================================  
Ubuntu Security Notice USN-6365-1  
September 13, 2023

open-vm-tools vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.04  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

Open VM Tools could allow unintended access to network services.

Software Description:  
- open-vm-tools: Open VMware Tools for virtual machines hosted on VMware

Details:

It was discovered that Open VM Tools incorrectly handled SAML tokens. A  
remote attacker could possibly use this issue to bypass SAML token  
signature verification and perform VMware Tools Guest Operations.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.04:  
   open-vm-tools                   2:12.1.5-3ubuntu0.23.04.2

Ubuntu 22.04 LTS:  
   open-vm-tools                   2:12.1.5-3~ubuntu0.22.04.3

Ubuntu 20.04 LTS:  
   open-vm-tools                   2:11.3.0-2ubuntu0~ubuntu20.04.6

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6365-1  
   CVE-2023-20900

Package Information:  
   https://launchpad.net/ubuntu/+source/open-vm-tools/2:12.1.5-3ubuntu0.23.04.2  
   https://launchpad.net/ubuntu/+source/open-vm-tools/2:12.1.5-3~ubuntu0.22.04.3

 https://launchpad.net/ubuntu/+source/open-vm-tools/2:11.3.0-2ubuntu0~ubuntu20.04.6

Ubuntu Security Notice USN-6365-1

ImgHosting version 1.3 suffers from a cross site scripting vulnerability.

**ImgHosting 1.3 Cross Site Scripting**

Posted Sep 14, 2023

Authored by indoushka

ImgHosting version 1.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 8c169afaf39b32fa5c563194367feecff6f19735b337600d64caa7b0f3c6b6a3

Download | Favorite | View

**ImgHosting 1.3 Cross Site Scripting**

    ====================================================================================================================================| # Title     : ImgHosting v1.3 XSS Vulnerability                                                                                  || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 65.0(32-bit)                                               | | # Vendor    : https://codecanyon.net/user/FoxSash/?ref=FoxSash                                                                   |  | # Dork      : "ImgHosting  Programming by FoxSash"                                                                               |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : ?search=<marquee><font color=lime size=32>Hacked by indoushka</font></marquee>[+] http://www.127.0.0.1/pikhostingcom/?search=<marquee><font color=lime size=32>Hacked by indoushka</font></marquee>Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (82,202)
*   Arbitrary (16,255)
*   BBS (2,859)
*   Bypass (1,744)
*   CGI (1,027)
*   Code Execution (7,302)
*   Conference (680)
*   Cracker (842)
*   CSRF (3,348)
*   DoS (23,535)
*   Encryption (2,371)
*   Exploit (52,098)
*   File Inclusion (4,228)
*   File Upload (977)
*   Firewall (821)
*   Info Disclosure (2,792)
*   Intrusion Detection (894)
*   Java (3,049)
*   JavaScript (860)
*   Kernel (6,732)
*   Local (14,499)
*   Magazine (586)
*   Overflow (12,707)
*   Perl (1,423)
*   PHP (5,153)
*   Proof of Concept (2,343)
*   Protocol (3,606)
*   Python (1,536)
*   Remote (30,859)
*   Root (3,591)
*   Rootkit (509)
*   Ruby (612)
*   Scanner (1,641)
*   Security Tool (7,897)
*   Shell (3,195)
*   Shellcode (1,216)
*   Sniffer (895)
*   Spoof (2,209)
*   SQL Injection (16,411)
*   TCP (2,407)
*   Trojan (687)
*   UDP (893)
*   Virus (666)
*   Vulnerability (31,829)
*   Web (9,695)
*   Whitepaper (3,751)
*   x86 (962)
*   XSS (17,999)
*   Other

**File Archives**

*   September 2023
*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,005)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,925)
*   Debian (6,835)
*   Fedora (1,692)
*   FreeBSD (1,244)
*   Gentoo (4,323)
*   HPUX (879)
*   iOS (352)
*   iPhone (108)
*   IRIX (220)
*   Juniper (68)
*   Linux (46,701)
*   Mac OS X (687)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (485)
*   RedHat (13,853)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,907)
*   UNIX (9,308)
*   UnixWare (186)
*   Windows (6,585)
*   Other

ImgHosting 1.3 Cross Site Scripting

Ubuntu Security Notice 6363-1 - It was discovered that curl incorrectly handled certain large headers. A remote attacker could possibly use this issue to cause curl to consume resources, resulting in a denial of service.

    ==========================================================================Ubuntu Security Notice USN-6363-1September 13, 2023curl vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 23.04Summary:curl could be made to consume resources if it received specially craftednetwork traffic.Software Description:- curl: HTTP, HTTPS, and FTP client and client librariesDetails:It was discovered that curl incorrectly handled certain large headers. Aremote attacker could possibly use this issue to cause curl to consumeresources, resulting in a denial of service.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 23.04:   curl                            7.88.1-8ubuntu2.2   libcurl3-gnutls                 7.88.1-8ubuntu2.2   libcurl3-nss                    7.88.1-8ubuntu2.2   libcurl4                        7.88.1-8ubuntu2.2In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6363-1   CVE-2023-38039Package Information:   https://launchpad.net/ubuntu/+source/curl/7.88.1-8ubuntu2.2

Ubuntu Security Notice USN-6363-1

Ubuntu Security Notice 6358-1 - It was discovered that RedCloth incorrectly handled certain inputs during html sanitisation. An attacker could possibly use this issue to cause a denial of service.

==========================================================================  
Ubuntu Security Notice USN-6358-1  
September 12, 2023

ruby-redcloth vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.04  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)

Summary:

RedCloth could be made to crash if it received specially crafted  
input.

Software Description:  
- ruby-redcloth: Textile module for Ruby

Details:

It was discovered that RedCloth incorrectly handled certain inputs during  
html sanitisation. An attacker could possibly use this issue to cause a  
denial of service.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.04:  
   ruby-redcloth                   4.3.2-4ubuntu0.23.04.1

Ubuntu 22.04 LTS:  
   ruby-redcloth                   4.3.2-4ubuntu0.22.04.1

Ubuntu 20.04 LTS:  
   ruby-redcloth                   4.3.2-3+deb10u1build0.20.04.1

Ubuntu 18.04 LTS (Available with Ubuntu Pro):  
   ruby-redcloth                   4.3.2-3ubuntu0.1~esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):  
   ruby-redcloth                   4.2.9-5ubuntu0.1~esm1

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6358-1  
   CVE-2023-31606

Package Information:  
   https://launchpad.net/ubuntu/+source/ruby-redcloth/4.3.2-4ubuntu0.23.04.1  
   https://launchpad.net/ubuntu/+source/ruby-redcloth/4.3.2-4ubuntu0.22.04.1  
   https://launchpad.net/ubuntu/+source/ruby-redcloth/4.3.2-3+deb10u1build0.20.04.1

Ubuntu Security Notice USN-6358-1

Ubuntu Security Notice 6362-1 - Kevin Jones discovered that .NET did not properly process certain X.509 certificates. An attacker could possibly use this issue to cause a denial of service.

==========================================================================  
Ubuntu Security Notice USN-6362-1  
September 12, 2023

dotnet6, dotnet7 vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.04  
- Ubuntu 22.04 LTS

Summary:

.NET could be made to crash if it received a specially crafted request.

Software Description:  
- dotnet6: dotNET CLI tools and runtime  
- dotnet7: dotNET CLI tools and runtime

Details:

Kevin Jones discovered that .NET did not properly process certain  
X.509 certificates. An attacker could possibly use this issue to  
cause a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.04:  
   aspnetcore-runtime-6.0           6.0.122-0ubuntu1~23.04.1  
   aspnetcore-runtime-7.0           7.0.111-0ubuntu1~23.04.1  
   dotnet-host 6.0.122-0ubuntu1~23.04.1  
   dotnet-host-7.0                        7.0.111-0ubuntu1~23.04.1  
   dotnet-hostfxr-6.0                    6.0.122-0ubuntu1~23.04.1  
   dotnet-hostfxr-7.0                    7.0.111-0ubuntu1~23.04.1  
   dotnet-runtime-6.0                   6.0.122-0ubuntu1~23.04.1  
   dotnet-runtime-7.0                   7.0.111-0ubuntu1~23.04.1  
   dotnet-sdk-6.0                          6.0.122-0ubuntu1~23.04.1  
   dotnet-sdk-7.0                          7.0.111-0ubuntu1~23.04.1  
   dotnet6 6.0.122-0ubuntu1~23.04.1  
   dotnet7 7.0.111-0ubuntu1~23.04.1

Ubuntu 22.04 LTS:  
   aspnetcore-runtime-6.0          6.0.122-0ubuntu1~22.04.1  
   aspnetcore-runtime-7.0          7.0.111-0ubuntu1~22.04.1  
   dotnet-host                             6.0.122-0ubuntu1~22.04.1  
   dotnet-host-7.0                       7.0.111-0ubuntu1~22.04.1  
   dotnet-hostfxr-6.0                   6.0.122-0ubuntu1~22.04.1  
   dotnet-hostfxr-7.0                   7.0.111-0ubuntu1~22.04.1  
   dotnet-runtime-6.0                  6.0.122-0ubuntu1~22.04.1  
   dotnet-runtime-7.0                  7.0.111-0ubuntu1~22.04.1  
   dotnet-sdk-6.0                        6.0.122-0ubuntu1~22.04.1  
   dotnet-sdk-7.0                        7.0.111-0ubuntu1~22.04.1  
   dotnet6 6.0.122-0ubuntu1~22.04.1  
   dotnet7 7.0.111-0ubuntu1~22.04.1

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6362-1  
   CVE-2023-36799

Package Information:  
https://launchpad.net/ubuntu/+source/dotnet6/6.0.122-0ubuntu1~23.04.1  
https://launchpad.net/ubuntu/+source/dotnet7/7.0.111-0ubuntu1~23.04.1  
https://launchpad.net/ubuntu/+source/dotnet6/6.0.122-0ubuntu1~22.04.1  
https://launchpad.net/ubuntu/+source/dotnet7/7.0.111-0ubuntu1~22.04.1

Ubuntu Security Notice USN-6362-1

Ubuntu Security Notice 6361-1 - It was discovered that CUPS incorrectly authenticated certain remote requests. A remote attacker could possibly use this issue to obtain recently printed documents.

==========================================================================  
Ubuntu Security Notice USN-6361-1  
September 12, 2023

cups vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.04  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

CUPS could be made to expose sensitive information.

Software Description:  
- cups: Common UNIX Printing System(tm)

Details:

It was discovered that CUPS incorrectly authenticated certain remote  
requests. A remote attacker could possibly use this issue to obtain  
recently printed documents.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.04:  
   cups                            2.4.2-3ubuntu2.4

Ubuntu 22.04 LTS:  
   cups                            2.4.1op1-1ubuntu4.6

Ubuntu 20.04 LTS:  
   cups                            2.3.1-9ubuntu1.5

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6361-1  
   CVE-2023-32360

Package Information:  
   https://launchpad.net/ubuntu/+source/cups/2.4.2-3ubuntu2.4  
   https://launchpad.net/ubuntu/+source/cups/2.4.1op1-1ubuntu4.6  
   https://launchpad.net/ubuntu/+source/cups/2.3.1-9ubuntu1.5

Ubuntu Security Notice USN-6361-1

Ubuntu Security Notice 6360-1 - It was discovered that FLAC incorrectly handled encoding certain files. A remote attacker could use this issue to cause FLAC to crash, resulting in a denial of service, or possibly execute arbitrary code.

    ==========================================================================Ubuntu Security Notice USN-6360-1September 12, 2023flac vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:FLAC could be made to crash or run programs as your login if it opened aspecially crafted file.Software Description:- flac: Free Lossless Audio CodecDetails:It was discovered that FLAC incorrectly handled encoding certain files. Aremote attacker could use this issue to cause FLAC to crash, resulting in adenial of service, or possibly execute arbitrary code.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS:   flac                            1.3.3-2ubuntu0.2   libflac8                        1.3.3-2ubuntu0.2Ubuntu 20.04 LTS:   flac                            1.3.3-1ubuntu0.2   libflac8                        1.3.3-1ubuntu0.2In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6360-1   CVE-2020-22219Package Information:   https://launchpad.net/ubuntu/+source/flac/1.3.3-2ubuntu0.2   https://launchpad.net/ubuntu/+source/flac/1.3.3-1ubuntu0.2

Tag

#ubuntu