Serenity and StartSharp Software versions prior to 6.7.1 suffer from file upload to cross site scripting, user enumeration, and reusable password reset token vulnerabilities.

SEC Consult Vulnerability Lab Security Advisory < 20230516-0 >  
=======================================================================  
               title: Multiple Vulnerabilities  
             product: Serenity and StartSharp Software  
  vulnerable version: < 6.7.1  
       fixed version: 6.7.1 or higher  
          CVE number: CVE-2023-31285, CVE-2023-31286, CVE-2023-31287  
              impact: high  
            homepage: https://serenity.is  
               found: 2023-02-28  
                  by: Fabian Densborn (Office Vienna)  
                      SEC Consult Vulnerability Lab

                      An integrated part of SEC Consult.  
                      SEC Consult is part of Eviden, an Atos business  
                      Europe | Asia | North America

                      https://www.sec-consult.com

=======================================================================

Vendor description:  
-------------------  
Serenity Software is a software vendor that distributes the Serenity Platform.  
"Serenity is an ASP.NET Core / TypeScript application platform designed to  
simplify and shorten development of data-centric business applications with  
a service based architecture."

Source: https://github.com/serenity-is

Business recommendation:  
------------------------  
SEC Consult recommends Serenity users to install the latest update and review  
the vendor's changelog for further information.

Furthermore, an in-depth security analysis performed by security professionals  
is highly advised, as the software may be affected from other security issues.

Vulnerability overview/description:  
-----------------------------------  
1) Arbitrary File Upload to Stored Cross-Site Scripting (XSS) (CVE-2023-31285)  
The application allows users to upload profile pictures for users.  
It was identified that an attacker has the possibility to upload  
arbitrary malicious files. Although some specific file endings are  
not allowed, it is still possible to upload files without an extension.

It was possible to:  
• Upload malicious HTML files that will infect the user's browser with malicious  
   JavaScript. As a result, the user's DOM is fully compromised.  
• Upload malware that will infect the user's operating system upon download and  
   local execution.

Note:  
Although the option for uploading new profile pictures is only visible to power users,  
users with lower privileges can still trigger the upload functionality.

2) User Enumeration (CVE-2023-31286)  
It is possible to collect valid email addresses by interacting with the  
"forgot password" function of the application. This vulnerability is  
useful to increase the efficiency of brute-force attacks. If the email  
address is known, it is easier to find the corresponding password.

3) Reusable Password Reset Tokens (CVE-2023-31287)  
The web application provides the possibility to reset the password via  
email. The corresponding email contains a password reset link which includes  
a user-specific token. When visiting the link, the user can set a new  
password for this account. After changing the password, the password reset link  
remains valid (3 hours) and can be used a second time to change the password  
of the user.

Proof of concept:  
-----------------  
1) Arbitrary File Upload to Stored Cross-Site Scripting (XSS) (CVE-2023-31285)  
A user can upload arbitrary files to the server, but some file extensions  
like .aspx are not allowed. Nevertheless, malicious files like Word documents  
with enabled macros or other executable malware can be uploaded. There also  
seems to be no anti-virus scan enabled for these files, as it is possible to  
upload the EICAR test file which is flagged as malicious by all antivirus  
software.

Additionally, it is also possible to attack a privileged power user, by  
generating a malicious HTML page, that on visit escalates the role of the  
attacker user. This is possible, because the file is uploaded to the same  
domain and therefore the containing JavaScript executes in the same context as  
the application. The impact of this vulnerability is therefore equal to that  
of a stored XSS vulnerability.

To upload a malicious HTML file an authenticated user without the role of a  
power user can send the following request:  
--------------------------------------------------  
POST /File/TemporaryUpload HTTP/2  
Host: demo.serenity.is  
Cookie: [...]  
Content-Type: multipart/form-data; boundary=--boundary  
Origin: https://demo.serenity.is  
[...]

--boundary  
Content-Disposition: form-data; name="Serenity_ImageUploadEditor31[]"; filename="test.html"  
Content-Type: image/png

<html>  
<head></head>  
<body>  
<h1>SEC Consult</h1>  
<script>alert(document.domain)</script>  
</body>  
</html>  
--boundary--  
--------------------------------------------------

The response reveals the path of the uploaded file:  
--------------------------------------------------  
HTTP/2 200 OK  
Server: nginx/1.18.0 (Ubuntu)  
Content-Type: application/json  
[...]

{  
     "TemporaryFile":"temporary/f3c960aca7724409a3c4c6e597ce5b92.html",  
     "Size":110,  
     "IsImage":false,  
     "Width":0,  
     "Height":0  
}  
--------------------------------------------------

The uploaded file can then be found under /upload/temporary/f3c960aca7724409a3c4c6e597ce5b92.html.

The final link will look benign thus it is possible to attack administrator  
users and escalate the privileges of the own user.

2) User Enumeration (CVE-2023-31286)  
The "forgot password" page lets users request a new password reset mail.  
They need to enter their email address which corresponds to their account  
and receive a mail containing a link to reset their password. Unfortunately,  
the response of this request leaks if a user with the provided email address  
exists or not. If an attacker wants to check if a user account with a  
specific email exists, he can send the following request:

--------------------------------------------------  
POST /Account/ForgotPassword HTTP/2  
Host: demo.serenity.is  
Origin: https://demo.serenity.is  
Content-Type: application/json  
[...]

{  
     "Email":"emailToCheck@sec-consult.com"  
}  
--------------------------------------------------

If the user with this mail does not exist, the response will look like this:  
--------------------------------------------------  
HTTP/2 400 Bad Request  
Server: nginx/1.18.0 (Ubuntu)  
Content-Type: application/json

{  
     "Error": {  
         "Code":"CantFindUserWithEmail",  
         "Message":"Can't find a user with that e-mail adress!"  
     }  
}  
--------------------------------------------------

If the user with this mail address does exist, the response will look like  
this:  
--------------------------------------------------  
HTTP/2 200 OK  
Server: nginx/1.18.0 (Ubuntu)  
Content-Type: application/json  
[...]

{}  
--------------------------------------------------

3) Reusable Password Reset Tokens (CVE-2023-31287)  
When resetting the password via the "forgot password" functionality on the  
login screen, an email containing a password reset link is sent to the user.  
When clicking on this link, a user can choose a new password for his account.  
However, after changing the password to a new one, the password reset link  
remains valid. It can be used a second time to update the user's password  
although it was already changed. If an attacker gets access to the browser  
history of the user, he can change the password of the user's account and  
access it afterwards.

Vulnerable / tested versions:  
-----------------------------  
The following versions are affected:  
< 6.7.0

Vendor contact timeline:  
------------------------  
2023-04-05: Contacting vendor through sales@serenity.is  
2023-04-05: Vendor responds to send advisory to support@serenity.is  
2023-04-05: Advisory sent to vendor.  
2023-04-06: Vendor released fixes for all three vulnerabilities,  
             file upload vulnerability was not fixed properly though.  
2023-04-07: SEC Consult informs vendor about not properly fixed file upload.  
2023-04-07: Vendor released proper fix for file upload vulnerability in v6.7.1.  
2023-04-27: CVE numbers assigned.  
2023-05-16: Public release of security advisory.

Solution:  
---------  
The vendor provides a patch v6.7.1 which includes the fixes for the identified  
security issues.

The new version can be downloaded here:  
https://github.com/serenity-is/Serenity

The vendor explicitly notes the following in the changelog:

"Serene/StartSharp users must either create a new project from the 6.7.0+ template  
or manually apply the relevant changes from this commit to their existing  
applications after updating Serenity packages to 6.7.0+"

Workaround:  
-----------  
None

Advisory URL:  
-------------  
https://sec-consult.com/vulnerability-lab/

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SEC Consult Vulnerability Lab

SEC Consult is part of Eviden, an Atos business  
Europe | Asia | North America

About SEC Consult Vulnerability Lab  
The SEC Consult Vulnerability Lab is an integrated part of SEC Consult, part  
of Eviden, an Atos business. It ensures the continued knowledge gain of SEC  
Consult in the field of network and application security to stay ahead of the  
attacker. The SEC Consult Vulnerability Lab supports high-quality penetration  
testing and the evaluation of new offensive and defensive technologies for our  
customers. Hence our customers obtain the most current information about  
vulnerabilities and valid recommendation about the risk profile of new  
technologies.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
Interested to work with the experts of SEC Consult?  
Send us your application https://sec-consult.com/career/

Interested in improving your cyber security with the experts of SEC Consult?  
Contact our local offices https://sec-consult.com/contact/  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mail: security-research at sec-consult dot com  
Web: https://www.sec-consult.com  
Blog: http://blog.sec-consult.com  
Twitter: https://twitter.com/sec_consult

EOF Fabian Densborn / @2023

Serenity / StartSharp Software File Upload / XSS / User Enumeration / Reusable Tokens

Ubuntu Security Notice 6121-1 - It was discovered that Nanopb incorrectly handled certain decode messages. An attacker could possibly use this cause a denial of service or expose sensitive information. It was discovered that Nanopb incorrectly handled certain decode messages. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

    ==========================================================================Ubuntu Security Notice USN-6121-1May 30, 2023nanopb vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTS (Available with Ubuntu Pro)Summary:Several security issues were fixed in Nanopb.Software Description:- nanopb: Protocol Buffers with small code sizeDetails:It was discovered that Nanopb incorrectly handled certain decode messages.An attacker could possibly use this cause a denial of service or exposesensitive information. (CVE-2020-26243)It was discovered that Nanopb incorrectly handled certain decode messages.An attacker could possibly use this issue to cause a denial of serviceor execute arbitrary code. (CVE-2021-21401)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS (Available with Ubuntu Pro):  nanopb                          0.4.1-1ubuntu0.1~esm1In general, a standard system update will make all the necessary changes.References:  https://ubuntu.com/security/notices/USN-6121-1  CVE-2020-26243, CVE-2021-21401

Ubuntu Security Notice USN-6121-1

Ubuntu Security Notice 6120-1 - Several security issues were discovered in the SpiderMonkey JavaScript library. If a user were tricked into opening malicious JavaScript applications or processing malformed data, a remote attacker could exploit a variety of issues related to JavaScript security, including denial of service attacks, and arbitrary code execution.

    ==========================================================================Ubuntu Security Notice USN-6120-1May 30, 2023mozjs102 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 23.04- Ubuntu 22.10- Ubuntu 22.04 LTSSummary:Several security issues were fixed in SpiderMonkey.Software Description:- mozjs102: SpiderMonkey JavaScript libraryDetails:Several security issues were discovered in the SpiderMonkey JavaScriptlibrary. If a user were tricked into opening malicious JavaScriptapplications or processing malformed data, a remote attacker could exploita variety of issues related to JavaScript security, including denial ofservice attacks, and arbitrary code execution.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 23.04:   libmozjs-102-0                  102.11.0-0ubuntu0.23.04.1Ubuntu 22.10:   libmozjs-102-0                  102.11.0-0ubuntu0.22.10.1Ubuntu 22.04 LTS:   libmozjs-102-0                  102.11.0-0ubuntu0.22.04.1After a standard system update you need to reboot your computer to make allthe necessary changes.References:   https://ubuntu.com/security/notices/USN-6120-1   CVE-2023-25735, CVE-2023-25739, CVE-2023-25751, CVE-2023-29535,   CVE-2023-29536, CVE-2023-29548, CVE-2023-29550, CVE-2023-32211,   CVE-2023-32215Package Information:   https://launchpad.net/ubuntu/+source/mozjs102/102.11.0-0ubuntu0.23.04.1   https://launchpad.net/ubuntu/+source/mozjs102/102.11.0-0ubuntu0.22.10.1   https://launchpad.net/ubuntu/+source/mozjs102/102.11.0-0ubuntu0.22.04.1

Ubuntu Security Notice USN-6120-1

Ubuntu Security Notice 6119-1 - Matt Caswell discovered that OpenSSL incorrectly handled certain ASN.1 object identifiers. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. Anton Romanov discovered that OpenSSL incorrectly handled AES-XTS cipher decryption on 64-bit ARM platforms. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04.

==========================================================================  
Ubuntu Security Notice USN-6119-1  
May 30, 2023

openssl, openssl1.0 vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.04  
- Ubuntu 22.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in OpenSSL.

Software Description:  
- openssl: Secure Socket Layer (SSL) cryptographic library and tools  
- openssl1.0: Secure Socket Layer (SSL) cryptographic library and tools

Details:

Matt Caswell discovered that OpenSSL incorrectly handled certain ASN.1  
object identifiers. A remote attacker could possibly use this issue to  
cause OpenSSL to consume resources, resulting in a denial of service.  
(CVE-2023-2650)

Anton Romanov discovered that OpenSSL incorrectly handled AES-XTS cipher  
decryption on 64-bit ARM platforms. An attacker could possibly use this  
issue to cause OpenSSL to crash, resulting in a denial of service. This  
issue only affected Ubuntu 22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04.  
(CVE-2023-1255)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.04:  
   libssl3                         3.0.8-1ubuntu1.2

Ubuntu 22.10:  
   libssl3                         3.0.5-2ubuntu2.3

Ubuntu 22.04 LTS:  
   libssl3                         3.0.2-0ubuntu1.10

Ubuntu 20.04 LTS:  
   libssl1.1                       1.1.1f-1ubuntu2.19

Ubuntu 18.04 LTS:  
   libssl1.0.0                     1.0.2n-1ubuntu5.13  
   libssl1.1                       1.1.1-1ubuntu2.1~18.04.23

After a standard system update you need to reboot your computer to make all  
the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6119-1  
   CVE-2023-1255, CVE-2023-2650

Package Information:  
   https://launchpad.net/ubuntu/+source/openssl/3.0.8-1ubuntu1.2  
   https://launchpad.net/ubuntu/+source/openssl/3.0.5-2ubuntu2.3  
   https://launchpad.net/ubuntu/+source/openssl/3.0.2-0ubuntu1.10  
   https://launchpad.net/ubuntu/+source/openssl/1.1.1f-1ubuntu2.19  
   https://launchpad.net/ubuntu/+source/openssl/1.1.1-1ubuntu2.1~18.04.23  
   https://launchpad.net/ubuntu/+source/openssl1.0/1.0.2n-1ubuntu5.13

Ubuntu Security Notice USN-6119-1

Ubuntu Security Notice 6111-1 - It was discovered that Flask incorrectly handled certain data responses. An attacker could possibly use this issue to expose sensitive information.

==========================================================================  
Ubuntu Security Notice USN-6111-1  
May 29, 2023

flask vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.04  
- Ubuntu 22.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

Flask could be made to expose sensitive information in certain scenarios.

Software Description:  
- flask: Micro web framework based on Werkzeug and Jinja2

Details:

It was discovered that Flask incorrectly handled certain data responses.  
An attacker could possibly use this issue to expose sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.04:  
  python3-flask                   2.2.2-2ubuntu1.1

Ubuntu 22.10:  
  python3-flask                   2.0.3-1ubuntu1.1

Ubuntu 22.04 LTS:  
  python3-flask                   2.0.1-2ubuntu1.1

Ubuntu 20.04 LTS:  
  python3-flask                   1.1.1-2ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6111-1  
  CVE-2023-30861

Package Information:  
  https://launchpad.net/ubuntu/+source/flask/2.2.2-2ubuntu1.1  
  https://launchpad.net/ubuntu/+source/flask/2.0.3-1ubuntu1.1  
  https://launchpad.net/ubuntu/+source/flask/2.0.1-2ubuntu1.1  
  https://launchpad.net/ubuntu/+source/flask/1.1.1-2ubuntu0.1

Ubuntu Security Notice USN-6111-1

Widevine Trustlet versions 5.x suffer from a buffer overflow vulnerability in drm_save_keys at 0x69b0.

==========================================================================  
Ubuntu Security Notice USN-6118-1  
May 30, 2023

linux-oracle, linux-oracle-5.4 vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:  
- linux-oracle: Linux kernel for Oracle Cloud systems  
- linux-oracle-5.4: Linux kernel for Oracle Cloud systems

Details:

Zheng Wang discovered that the Intel i915 graphics driver in the Linux  
kernel did not properly handle certain error conditions, leading to a  
double-free. A local attacker could possibly use this to cause a denial of  
service (system crash). (CVE-2022-3707)

Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did  
not properly implement speculative execution barriers in usercopy functions  
in certain situations. A local attacker could use this to expose sensitive  
information (kernel memory). (CVE-2023-0459)

It was discovered that the TLS subsystem in the Linux kernel contained a  
type confusion vulnerability in some situations. A local attacker could use  
this to cause a denial of service (system crash) or possibly expose  
sensitive information. (CVE-2023-1075)

It was discovered that the Reliable Datagram Sockets (RDS) protocol  
implementation in the Linux kernel contained a type confusion vulnerability  
in some situations. An attacker could use this to cause a denial of service  
(system crash). (CVE-2023-1078)

Xingyuan Mo discovered that the x86 KVM implementation in the Linux kernel  
did not properly initialize some data structures. A local attacker could  
use this to expose sensitive information (kernel memory). (CVE-2023-1513)

It was discovered that a use-after-free vulnerability existed in the iSCSI  
TCP implementation in the Linux kernel. A local attacker could possibly use  
this to cause a denial of service (system crash). (CVE-2023-2162)

It was discovered that the NET/ROM protocol implementation in the Linux  
kernel contained a race condition in some situations, leading to a use-  
after-free vulnerability. A local attacker could use this to cause a denial  
of service (system crash) or possibly execute arbitrary code.  
(CVE-2023-32269)

Duoming Zhou discovered that a race condition existed in the infrared  
receiver/transceiver driver in the Linux kernel, leading to a use-after-  
free vulnerability. A privileged attacker could use this to cause a denial  
of service (system crash) or possibly execute arbitrary code.  
(CVE-2023-1118)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 20.04 LTS:  
   linux-image-5.4.0-1101-oracle   5.4.0-1101.110  
   linux-image-oracle-lts-20.04    5.4.0.1101.94

Ubuntu 18.04 LTS:  
   linux-image-5.4.0-1101-oracle   5.4.0-1101.110~18.04.1  
   linux-image-oracle              5.4.0.1101.110~18.04.73

After a standard system update you need to reboot your computer to make  
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have  
been given a new version number, which requires you to recompile and  
reinstall all third party kernel modules you might have installed.  
Unless you manually uninstalled the standard kernel metapackages  
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,  
linux-powerpc), a standard system upgrade will automatically perform  
this as well.

References:  
   https://ubuntu.com/security/notices/USN-6118-1  
   CVE-2022-3707, CVE-2023-0459, CVE-2023-1075, CVE-2023-1078,  
   CVE-2023-1118, CVE-2023-1513, CVE-2023-2162, CVE-2023-32269

Package Information:  
   https://launchpad.net/ubuntu/+source/linux-oracle/5.4.0-1101.110  
   https://launchpad.net/ubuntu/+source/linux-oracle-5.4/5.4.0-1101.110~18.04.1

Ubuntu Security Notice USN-6118-1

Ubuntu Security Notice 6115-1 - Max Chernoff discovered that LuaTeX did not properly disable shell escape. An attacker could possibly use this issue to execute arbitrary shell commands.

==========================================================================  
Ubuntu Security Notice USN-6115-1  
May 30, 2023

texlive-bin vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.04  
- Ubuntu 22.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS

Summary:

LuaTeX (TeX Live) could be made to run programs as your login if it  
compiled a specially crafted TeX file.

Software Description:  
- texlive-bin: Binaries for TeX Live

Details:

Max Chernoff discovered that LuaTeX (TeX Live) did not properly disable  
shell escape. An attacker could possibly use this issue to execute  
arbitrary shell commands.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.04:  
  texlive-binaries                2022.20220321.62855-5ubuntu0.1

Ubuntu 22.10:  
  texlive-binaries                2022.20220321.62855-4ubuntu0.1

Ubuntu 22.04 LTS:  
  texlive-binaries                2021.20210626.59705-1ubuntu0.1

Ubuntu 20.04 LTS:  
  texlive-binaries                2019.20190605.51237-3ubuntu0.1

Ubuntu 18.04 LTS:  
  texlive-binaries                2017.20170613.44572-8ubuntu0.2

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6115-1  
  CVE-2023-32700

Package Information:  
  https://launchpad.net/ubuntu/+source/texlive-bin/2022.20220321.62855-5ubuntu0.1  
  https://launchpad.net/ubuntu/+source/texlive-bin/2022.20220321.62855-4ubuntu0.1  
  https://launchpad.net/ubuntu/+source/texlive-bin/2021.20210626.59705-1ubuntu0.1  
  https://launchpad.net/ubuntu/+source/texlive-bin/2019.20190605.51237-3ubuntu0.1  
  https://launchpad.net/ubuntu/+source/texlive-bin/2017.20170613.44572-8ubuntu0.2

Ubuntu Security Notice USN-6115-1

Ubuntu Security Notice 6116-1 - It was discovered that hawk incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.

==========================================================================  
Ubuntu Security Notice USN-6116-1  
May 30, 2023

node-hawk vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS

Summary:

hawk could be made to crash if it opened a specially crafted file.

Software Description:  
- node-hawk: HTTP Holder-Of-Key Authentication Scheme

Details:

It was discovered that hawk incorrectly handled certain inputs. If a user or  
an automated system were tricked into opening a specially crafted input file,  
a remote attacker could possibly use this issue to cause a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.10:  
   node-hawk                       8.0.1+dfsg-1ubuntu0.22.10.1

Ubuntu 22.04 LTS:  
   node-hawk                       8.0.1+dfsg-1ubuntu0.22.04.1

Ubuntu 20.04 LTS:  
   node-hawk                       7.1.2+dfsg-1ubuntu0.1

Ubuntu 18.04 LTS:  
   node-hawk                       6.0.1+dfsg-1+deb10u1build0.18.04.1

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6116-1  
   CVE-2022-29167

Package Information:  
   https://launchpad.net/ubuntu/+source/node-hawk/8.0.1+dfsg-1ubuntu0.22.10.1  
   https://launchpad.net/ubuntu/+source/node-hawk/8.0.1+dfsg-1ubuntu0.22.04.1  
   https://launchpad.net/ubuntu/+source/node-hawk/7.1.2+dfsg-1ubuntu0.1  
   https://launchpad.net/ubuntu/+source/node-hawk/6.0.1+dfsg-1+deb10u1build0.18.04.1

Ubuntu Security Notice USN-6116-1

Ubuntu Security Notice 6114-1 - Yeting Li discovered that nth-check incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.

==========================================================================  
Ubuntu Security Notice USN-6114-1  
May 30, 2023

node-nth-check vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS

Summary:

nth-check could be made to crash if it opened a specially crafted file.

Software Description:  
- node-nth-check: Parses and compiles CSS nth-checks to highly optimized functions.

Details:

Yeting Li discovered that nth-check incorrectly handled certain inputs. If a  
user or an automated system were tricked into opening a specially crafted  
input file, a remote attacker could possibly use this issue to cause a  
denial of service.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 20.04 LTS:  
   node-nth-check                  1.0.1-1+deb10u1build0.20.04.1

Ubuntu 18.04 LTS:  
   node-nth-check                  1.0.1-1+deb10u1build0.18.04.1

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6114-1  
   CVE-2021-3803

Package Information:  
   https://launchpad.net/ubuntu/+source/node-nth-check/1.0.1-1+deb10u1build0.20.04.1  
   https://launchpad.net/ubuntu/+source/node-nth-check/1.0.1-1+deb10u1build0.18.04.1

Ubuntu Security Notice USN-6114-1

Ubuntu Security Notice 6113-1 - It was discovered that Jhead did not properly handle certain crafted images while processing the Exif markers. An attacker could possibly use this issue to crash Jhead, resulting in a denial of service.

    ==========================================================================Ubuntu Security Notice USN-6113-1May 30, 2023Jhead vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 16.04 LTS (Available with Ubuntu Pro)- Ubuntu 14.04 LTS (Available with Ubuntu Pro)Summary:Jhead could be made to crash if it opened a specially craftedfile.Software Description:- jhead: Manipulate the non-image part of Exif compliant JPEG filesDetails:It was discovered that Jhead did not properly handle certain crafted imageswhile processing the Exif markers. An attacker could possibly use thisissue to crash Jhead, resulting in a denial of service.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 16.04 LTS (Available with Ubuntu Pro):   jhead                           1:3.00-4+deb9u1ubuntu0.1~esm4Ubuntu 14.04 LTS (Available with Ubuntu Pro):   jhead                           1:2.97-1+deb8u2ubuntu0.1~esm4In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6113-1   CVE-2018-6612

Tag

#ubuntu