Ubuntu Security Notice USN-6303-2

Ubuntu Security Notice 6303-2 - USN-6303-1 fixed a vulnerability in ClamAV. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. It was discovered that ClamAV incorrectly handled parsing HFS+ files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service.

Red Hat Security Advisory 2023-4699-01

Red Hat Security Advisory 2023-4699-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include information leakage, privilege escalation, and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-4698-01

Red Hat Security Advisory 2023-4698-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include an out of bounds write vulnerability.

Red Hat Security Advisory 2023-4696-01

Red Hat Security Advisory 2023-4696-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include information leakage, privilege escalation, and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-4697-01

Red Hat Security Advisory 2023-4697-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include an out of bounds write vulnerability.

Red Hat Security Advisory 2023-4694-01

Red Hat Security Advisory 2023-4694-01 - Red Hat OpenStack Platform (RHOSP) 16.2.z (Train) director Operator containers are now available. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-4693-01

Red Hat Security Advisory 2023-4693-01 - Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-4692-01

Red Hat Security Advisory 2023-4692-01 - Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language. Issues addressed include cross site request forgery, denial of service, and remote shell upload vulnerabilities.

Debian Security Advisory 5481-1

Debian Linux Security Advisory 5481-1 - Multiple security issues were discovered in Fast DDS, a C++ implementation of the DDS (Data Distribution Service), which might result in denial of service or potentially the execution of arbitrary code when processing malformed RTPS packets.

Debian Security Advisory 5480-1

Debian Linux Security Advisory 5480-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

Ubuntu Security Notice USN-6303-1

Ubuntu Security Notice 6303-1 - It was discovered that ClamAV incorrectly handled parsing HFS+ files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service.

Ubuntu Security Notice USN-6302-1

Ubuntu Security Notice 6302-1 - It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. It was discovered that Vim did not properly perform bounds checks in the diff mode in certain situations. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.

Ubuntu Security Notice USN-6267-3

Ubuntu Security Notice 6267-3 - USN-6267-1 fixed vulnerabilities and USN-6267-2 fixed minor regressions in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Max Vlasov discovered that Firefox Offscreen Canvas did not properly track cross-origin tainting. An attacker could potentially exploit this issue to access image data from another site in violation of same-origin policy. Alexander Guryanov discovered that Firefox did not properly update the value of a global variable in WASM JIT analysis in some circumstances. An attacker could potentially exploit this issue to cause a denial of service. Mark Brand discovered that Firefox did not properly validate the size of an untrusted input stream. An attacker could potentially exploit this issue to cause a denial of service.

[remote] TSplus 16.0.2.14 - Remote Access Insecure Files and Folders Permissions

TSplus 16.0.2.14 - Remote Access Insecure Files and Folders Permissions

[webapps] Dolibarr Version 17.0.1 - Stored XSS

Dolibarr Version 17.0.1 - Stored XSS

[webapps] PHPJabbers Business Directory Script v3.2 - Multiple Vulnerabilities

PHPJabbers Business Directory Script v3.2 - Multiple Vulnerabilities

[webapps] Global - Multi School Management System Express v1.0- SQL Injection

Global - Multi School Management System Express v1.0- SQL Injection

[webapps] OVOO Movie Portal CMS v3.3.3 - SQL Injection

OVOO Movie Portal CMS v3.3.3 - SQL Injection

[remote] TSPlus 16.0.0.0 - Remote Work Insecure Credential storage

TSPlus 16.0.0.0 - Remote Work Insecure Credential storage

[remote] EuroTel ETL3100 - Transmitter Default Credentials

EuroTel ETL3100 - Transmitter Default Credentials

[webapps] Color Prediction Game v1.0 - SQL Injection

Color Prediction Game v1.0 - SQL Injection

[webapps] Taskhub CRM Tool 2.8.6 - SQL Injection

Taskhub CRM Tool 2.8.6 - SQL Injection

[remote] EuroTel ETL3100 - Transmitter Authorization Bypass (IDOR)

EuroTel ETL3100 - Transmitter Authorization Bypass (IDOR)

[webapps] Crypto Currency Tracker (CCT) 9.5 - Admin Account Creation (Unauthenticated)

Crypto Currency Tracker (CCT) 9.5 - Admin Account Creation (Unauthenticated)

[local] Inosoft VisiWin 7 2022-2.1 - Insecure Folders Permissions

Inosoft VisiWin 7 2022-2.1 - Insecure Folders Permissions

[remote] TSplus 16.0.0.0 - Remote Work Insecure Files and Folders

TSplus 16.0.0.0 - Remote Work Insecure Files and Folders

[remote] EuroTel ETL3100 - Transmitter Unauthenticated Config/Log Download

EuroTel ETL3100 - Transmitter Unauthenticated Config/Log Download

Re: Anomaly in Fedora `dnf update`: md5 mismatch of result

Posted by Jeffrey Walton on Aug 19

https://bugzilla.redhat.com/show_bug.cgi?id=1873876

Jeff

Re: Anomaly in Fedora `dnf update`: md5 mismatch of result

Posted by Michael Lazin on Aug 19

I would test it using sha256 instead of md5 before you jump to conclusions
but dnf doesn't use https by default and you need to jump through hoops to
get it working. I would say if you are a fedora user open a feature
request for https for dnf with the fedora team if you can repeat this with
sha256.

Peace,

Michael

Re: Anomaly in Fedora `dnf update`: md5 mismatch of result

Posted by Adrean Boyadzhiev on Aug 19

Probably a completely different root cause, but I have noticed similar
behavior with a Debian-based distribution during `# apt upgrade` and
when there are many packages for update and the internet connection is
not so good. I haven't investigated, but my assumptions were either Race
Conditions within verification logic or some logic related to the timestamp.

To my knowledge `md5` should be ok for calculating hash sums, many
prefer it...

Re: Anomaly in Fedora `dnf update`: md5 mismatch of result

Posted by Matthew Fernandez on Aug 19

If the VM had no access to the internet even a retry would fail, no?

If an attempted update based on a delta-rpm fails, dnf falls back to
downloading a full rpm and using this instead.

Ubuntu Security Notice USN-6300-1

Ubuntu Security Notice 6300-1 - William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service. It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information.

Ubuntu Security Notice USN-6301-1

Ubuntu Security Notice 6301-1 - It was discovered that the netlink implementation in the Linux kernel did not properly validate policies when parsing attributes in some situations. An attacker could use this to cause a denial of service. Billy Jheng Bing Jhong discovered that the CIFS network file system implementation in the Linux kernel did not properly validate arguments to ioctl in some situations. A local attacker could possibly use this to cause a denial of service.

Debian Security Advisory 5479-1

Debian Linux Security Advisory 5479-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Ubuntu Security Notice USN-6299-1

Ubuntu Security Notice 6299-1 - It was discovered that poppler incorrectly handled certain malformed PDF files. If a user or an automated system were tricked into opening a specially crafted PDF file, a remote attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice USN-6298-1

Ubuntu Security Notice 6298-1 - Liu Zhu discovered that ZZIPlib incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. YiMing Liu discovered that ZZIPlib incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice USN-6297-1

Ubuntu Security Notice 6297-1 - It was discovered that Ghostscript incorrectly handled outputting certain PDF files. A local attacker could potentially use this issue to cause a crash, resulting in a denial of service.

Ubuntu Security Notice USN-6294-2

Ubuntu Security Notice 6294-2 - USN-6294-1 fixed vulnerabilities in HAProxy. This update provides the corresponding updates for Ubuntu 20.04 LTS. Ben Kallus discovered that HAProxy incorrectly handled empty Content-Length headers. A remote attacker could possibly use this issue to manipulate the payload and bypass certain restrictions.

KL-001-2023-003: Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Modification via sudoedit

Posted by KoreLogic Disclosures via Fulldisclosure on Aug 17

KL-001-2023-003: Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Modification via sudoedit

Title: Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Modification via sudoedit
Advisory ID: KL-001-2023-003
Publication Date: 2023.08.17
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2023-003.txt

1. Vulnerability Details

     Affected Vendor: ThousandEyes
     Affected Product:...

KL-001-2023-002: Cisco ThousandEyes Enterprise Agent Virtual Appliance Privilege Escalation via tcpdump

Posted by KoreLogic Disclosures via Fulldisclosure on Aug 17

KL-001-2023-002: Cisco ThousandEyes Enterprise Agent Virtual Appliance Privilege Escalation via tcpdump

Title: Cisco ThousandEyes Enterprise Agent Virtual Appliance Privilege Escalation via tcpdump
Advisory ID: KL-001-2023-002
Publication Date: 2023.08.17
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2023-002.txt

1. Vulnerability Details

     Affected Vendor: ThousandEyes
     Affected Product: ThousandEyes...

KL-001-2023-001: Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Read via sudo dig

Posted by KoreLogic Disclosures via Fulldisclosure on Aug 17

KL-001-2023-001: Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Read via sudo dig

Title: Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Read via sudo dig
Advisory ID: KL-001-2023-001
Publication Date: 2023.08.17
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2023-001.txt

1. Vulnerability Details

     Affected Vendor: ThousandEyes
     Affected Product: ThousandEyes...

Ubuntu Security Notice USN-6296-1

Ubuntu Security Notice 6296-1 - It was discovered that PostgreSQL incorrectly handled certain extension script substitutions. An attacker having database-level CREATE privileges can use this issue to execute arbitrary code as the bootstrap superuser. It was discovered that PostgreSQL incorrectly handled the MERGE command. A remote attacker could possibly use this issue to bypass certain UPDATE and SELECT policies. This issue only affected Ubuntu 23.04.

Debian Security Advisory 5478-1

Debian Linux Security Advisory 5478-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in bypass of sandbox restrictions, information disclosure, reduced cryptographic strength of the AES implementation, directory traversal or denial of service.

Ubuntu Security Notice USN-6295-1

Ubuntu Security Notice 6295-1 - It was discovered that Podman incorrectly handled certain supplementary groups. An attacker could possibly use this issue to expose sensitive information or execute binary code.

Red Hat Security Advisory 2023-4612-01

Red Hat Security Advisory 2023-4612-01 - Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. This release of Red Hat support for Spring Boot 2.7.13 serves as a replacement for Red Hat support for Spring Boot 2.7.12, and includes security, bug fixes and enhancements. For more information, see the release notes linked in the References section. Issues addressed include bypass, code execution, denial of service, and deserialization vulnerabilities.

Red Hat Security Advisory 2023-4664-01

Red Hat Security Advisory 2023-4664-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.13.3 images. Issues addressed include a denial of service vulnerability.

Ubuntu Security Notice USN-6294-1

Ubuntu Security Notice 6294-1 - Ben Kallus discovered that HAProxy incorrectly handled empty Content-Length headers. A remote attacker could possibly use this issue to manipulate the payload and bypass certain restrictions.

Ubuntu Security Notice USN-6293-1

Ubuntu Security Notice 6293-1 - It was discovered that OpenStack Heat incorrectly handled certain hidden parameter values. A remote authenticated user could possibly use this issue to obtain sensitive data.

Ubuntu Security Notice USN-6292-1

Ubuntu Security Notice 6292-1 - It was discovered that Ceph incorrectly handled crash dumps. A local attacker could possibly use this issue to escalate privileges to root.

Ubuntu Security Notice USN-6291-1

Ubuntu Security Notice 6291-1 - Hanno Bock discovered that GStreamer incorrectly handled certain datetime strings. An attacker could possibly use this issue to cause a denial of service or expose sensitive information.

Red Hat Security Advisory 2023-4603-01

Red Hat Security Advisory 2023-4603-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.9.

Ubuntu Security Notice USN-6290-1

Ubuntu Security Notice 6290-1 - It was discovered that LibTIFF could be made to write out of bounds when processing certain malformed image files with the tiffcrop utility. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcrop to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. It was discovered that LibTIFF incorrectly handled certain image files. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.04.

Red Hat Security Advisory 2023-4582-01

Red Hat Security Advisory 2023-4582-01 - Red Hat OpenStack Platform 17.1 (Wallaby) director Operator containers are now available. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-4628-01

Red Hat Security Advisory 2023-4628-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include HTTP response splitting, bypass, integer overflow, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-4629-01

Red Hat Security Advisory 2023-4629-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References section. Issues addressed include HTTP response splitting, bypass, integer overflow, and use-after-free vulnerabilities.

Ubuntu Security Notice USN-6289-1

Ubuntu Security Notice 6289-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Red Hat Security Advisory 2023-4654-01

Red Hat Security Advisory 2023-4654-01 - Red Hat Advanced Cluster Management for Kubernetes 2.7.7 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.

Anomaly in Fedora `dnf update`: md5 mismatch of result

Posted by Georgi Guninski on Aug 15

In short, I found anomaly in Fedora 37 and would like to
know if it is vulnerability.

As root type in terminal:
dnf update

If there is kernel update, watch stdout and stderr for:

##On Mon Aug 14 05:33:29 AM UTC 2023
(2/6): kernel-6.4.10-100.fc37.x86_64.rpm 1.2 MB/s | 140 kB 00:00
/var/cache/dnf/updates-fd4d3d0d1c34d49a/packages/kernel-modules-extra-6.4.9-100.fc37_6.4.10-100.fc37.x86_64.drpm:
md5 mismatch of result

##$ md5sum...

Missing Immutable Root of Trust in Hardware (CWE-1326) / CVE-2023-22955

Posted by Moritz Abrell via Fulldisclosure on Aug 15

Advisory ID: SYSS-2022-055
Product: AudioCodes VoIP Phones
Manufacturer: AudioCodes Ltd.
Affected Version(s): Firmware Versions >= 3.4.4.1000
Tested Version(s): Firmware Version 3.4.4.1000
Vulnerability Type: Missing Immutable Root of Trust in Hardware (CWE-1326)
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2022-11-14
Solution...

Use of Hard-coded Cryptographic Key (CWE-321) / CVE-2023-22957

Posted by Moritz Abrell via Fulldisclosure on Aug 15

Advisory ID: SYSS-2022-052
Product: AudioCodes VoIP Phones
Manufacturer: AudioCodes Ltd.
Affected Version(s): Firmware Versions >= 3.4.8.M4
Tested Version(s): Firmware Version 3.4.4.1000
Vulnerability Type: Use of Hard-coded Cryptographic Key (CWE-321)
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2022-11-11
Solution Date:...