Ubuntu Security Notice 6017-1 - Hadrien Perrineau discovered that Ghostscript incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-6017-1  
April 13, 2023

ghostscript vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS  
- Ubuntu 16.04 ESM

Summary:

Ghostscript could be made to crash or run programs as your login if it  
received a specially crafted input.

Software Description:  
- ghostscript: PostScript and PDF interpreter

Details:

Hadrien Perrineau discovered that Ghostscript incorrectly handled certain  
inputs. An attacker could possibly use this issue to cause a denial of  
service, or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.10:  
   ghostscript                     9.56.1~dfsg1-0ubuntu3.1  
   libgs9                          9.56.1~dfsg1-0ubuntu3.1

Ubuntu 22.04 LTS:  
   ghostscript                     9.55.0~dfsg1-0ubuntu5.2  
   libgs9                          9.55.0~dfsg1-0ubuntu5.2

Ubuntu 20.04 LTS:  
   ghostscript                     9.50~dfsg-5ubuntu4.7  
   libgs9                          9.50~dfsg-5ubuntu4.7

Ubuntu 18.04 LTS:  
   ghostscript                     9.26~dfsg+0-0ubuntu0.18.04.18  
   libgs9                          9.26~dfsg+0-0ubuntu0.18.04.18

Ubuntu 16.04 ESM:  
   ghostscript                     9.26~dfsg+0-0ubuntu0.16.04.14+esm5  
   libgs9                          9.26~dfsg+0-0ubuntu0.16.04.14+esm5

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6017-1  
   CVE-2023-28879

Package Information:  
   https://launchpad.net/ubuntu/+source/ghostscript/9.56.1~dfsg1-0ubuntu3.1  
   https://launchpad.net/ubuntu/+source/ghostscript/9.55.0~dfsg1-0ubuntu5.2  
   https://launchpad.net/ubuntu/+source/ghostscript/9.50~dfsg-5ubuntu4.7

 https://launchpad.net/ubuntu/+source/ghostscript/9.26~dfsg+0-0ubuntu0.18.04.18

Ubuntu Security Notice USN-6017-1

SQL injection vulnerability found in Trusted Tools Free Music v.2.1.0.47, v.2.0.0.46, v.1.9.1.45, v.1.8.2.43 allows a remote attacker to cause a denial of service via the search history table

CVE-2023-27649

An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an attacker to cause a denial of service via the SharedPreference files.

CVE-2023-27653

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ffi_cb_impl_wpwwwww at src/mjs_ffi.c. This vulnerability can lead to a Denial of Service (DoS).

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Pick a username

Email Address

Password

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2023-29569: SEGV src/mjs_ffi.c:456 in ffi_cb_impl_wpwwwww · Issue #239 · cesanta/mjs

Signal Handler Race Condition vulnerability in Mitsubishi Electric India GC-ENET-COM whose first 2 digits of 11-digit serial number of unit are "16" allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition in Ethernet communication by sending a large number of specially crafted packets to any UDP port when GC-ENET-COM is configured as a Modbus TCP Server. The communication resumes only when the power of the main unit is turned off and on or when the GC-ENET-COM is hot-swapped from the main unit.


CVE-2023-1285

Online Pizza Ordering v1.0 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file uploaded to the server.

CVE-2023-29627: File uploads | Web Security Academy

TiKV 6.1.2 allows remote attackers to cause a denial of service (fatal error) upon an attempt to get a timestamp from the Placement Driver.

**Bug Report****What version of TiKV are you using?**

v6.1.2

**What operating system and CPU are you using?**

ubuntu

**Steps to reproduce**

Run Jepsen test configured with kill, pause and membership nemesis

**What did you expect?**

No fatal

**What happened?**

[2023/03/16 15:24:47.529 +00:00] [FATAL] [lib.rs:491] ["failed to get timestamp from PD: Other(\"[components/pd_client/src/tso.rs:97]: Timestamp channel is dropped\")"] [backtrace="   0: tikv_util::set_panic_hook::{{closure}}\n             at /opt/tikv/components/tikv_util/src/lib.rs:490:18\n   1: std::panicking::rust_panic_with_hook\n             at /rustc/1e12aef3fab243407f9d71ba9956cb2a1bf105d5/library/std/src/panicking.rs:702:17\n   2: std::panicking::begin_panic_handler::{{closure}}\n             at /rustc/1e12aef3fab243407f9d71ba9956cb2a1bf105d5/library/std/src/panicking.rs:588:13\n   3: std::sys_common::backtrace::__rust_end_short_backtrace\n             at /rustc/1e12aef3fab243407f9d71ba9956cb2a1bf105d5/library/std/src/sys_common/backtrace.rs:138:18\n   4: rust_begin_unwind\n             at /rustc/1e12aef3fab243407f9d71ba9956cb2a1bf105d5/library/std/src/panicking.rs:584:5\n   5: core::panicking::panic_fmt\n             at /rustc/1e12aef3fab243407f9d71ba9956cb2a1bf105d5/library/core/src/panicking.rs:143:14\n   6: core::result::unwrap_failed\n             at /rustc/1e12aef3fab243407f9d71ba9956cb2a1bf105d5/library/core/src/result.rs:1749:5\n   7: core::result::Result<T,E>::expect\n             at /rustc/1e12aef3fab243407f9d71ba9956cb2a1bf105d5/library/core/src/result.rs:1022:23\n      server::server::TiKvServer<ER>::init\n             at /opt/tikv/components/server/src/server.rs:269:25\n   8: server::server::run_impl\n             at /opt/tikv/components/server/src/server.rs:116:20\n      server::server::run_tikv\n             at /opt/tikv/components/server/src/server.rs:163:5\n   9: tikv_server::main\n             at /opt/tikv/cmd/tikv-server/src/main.rs:189:5\n  10: core::ops::function::FnOnce::call_once\n             at /rustc/1e12aef3fab243407f9d71ba9956cb2a1bf105d5/library/core/src/ops/function.rs:227:5\n      std::sys_common::backtrace::__rust_begin_short_backtrace\n             at /rustc/1e12aef3fab243407f9d71ba9956cb2a1bf105d5/library/std/src/sys_common/backtrace.rs:122:18\n  11: std::rt::lang_start::{{closure}}\n             at /rustc/1e12aef3fab243407f9d71ba9956cb2a1bf105d5/library/std/src/rt.rs:145:18\n  12: core::ops::function::impls::<impl core::ops::function::FnOnce<A> for &F>::call_once\n             at /rustc/1e12aef3fab243407f9d71ba9956cb2a1bf105d5/library/core/src/ops/function.rs:259:13\n      std::panicking::try::do_call\n             at /rustc/1e12aef3fab243407f9d71ba9956cb2a1bf105d5/library/std/src/panicking.rs:492:40\n      std::panicking::try\n             at /rustc/1e12aef3fab243407f9d71ba9956cb2a1bf105d5/library/std/src/panicking.rs:456:19\n      std::panic::catch_unwind\n             at /rustc/1e12aef3fab243407f9d71ba9956cb2a1bf105d5/library/std/src/panic.rs:137:14\n      std::rt::lang_start_internal::{{closure}}\n             at /rustc/1e12aef3fab243407f9d71ba9956cb2a1bf105d5/library/std/src/rt.rs:128:48\n      std::panicking::try::do_call\n             at /rustc/1e12aef3fab243407f9d71ba9956cb2a1bf105d5/library/std/src/panicking.rs:492:40\n      std::panicking::try\n             at /rustc/1e12aef3fab243407f9d71ba9956cb2a1bf105d5/library/std/src/panicking.rs:456:19\n      std::panic::catch_unwind\n             at /rustc/1e12aef3fab243407f9d71ba9956cb2a1bf105d5/library/std/src/panic.rs:137:14\n      std::rt::lang_start_internal\n             at /rustc/1e12aef3fab243407f9d71ba9956cb2a1bf105d5/library/std/src/rt.rs:128:20\n  13: main\n  14: __libc_start_main\n             at /build/glibc-6iIyft/glibc-2.28/csu/../csu/libc-start.c:308:16\n  15: _start\n"] [location=components/server/src/server.rs:269] [thread_name=main]

CVE-2023-30635: fatal about failed to get timestamp from PD · Issue #14516 · tikv/tikv

TiKV 6.1.2 allows remote attackers to cause a denial of service (fatal error, with RpcStatus UNAVAILABLE for "not leader") upon an attempt to start a node in a situation where the context deadline is exceeded

**Bug Report****What version of TiKV are you using?**

V6.1.2

**What operating system and CPU are you using?**

ubuntu

**Steps to reproduce**

Run Jepsen test configured with the set workload and the kill/pause/partition nemesis.

**What did you expect?**

No fatal

**What happened?**

./tikv set/20230330T224351.032Z/n2/kv.log:\[2023/03/30 22:54:59.466 +00:00\] \[FATAL\] \[server.rs:955\] \["failed to start node: Grpc(RpcFailure(RpcStatus { code: 14-UNAVAILABLE, message: "not leader", details: \[\] }))"\]

CVE-2023-30636: failed to start node: Grpc · Issue #14517 · tikv/tikv

In Spring Framework versions prior to 5.2.24.release+ , 5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial-of-service (DoS) condition.

**Spring Framework vulnerable to denial of service**

High severity GitHub Reviewed Published Apr 13, 2023 to the GitHub Advisory Database • Updated Apr 17, 2023

GHSA-wxqc-pxw9-g2p8: Spring Framework vulnerable to denial of service

In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.

**Description**

In Spring Framework versions 6.0.0 - 6.0.7, 5.3.0 - 5.3.26, 5.2.0.RELEASE - 5.2.23.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.

**Affected Spring Products and Versions**

*   Spring Framework
    *   6.0.0 to 6.0.7
    *   5.3.0 to 5.3.26
    *   5.2.0.RELEASE to 5.2.23.RELEASE
    *   Older, unsupported versions are also affected

**Mitigation**

Users of affected versions should apply the following mitigation: 6.0.x users should upgrade to 6.0.8+. 5.3.x users should upgrade to 5.3.27+. 5.2.x users should upgrade to 5.2.24.RELEASE+. Users of older, unsupported versions should upgrade to 6.0.8+ or 5.3.27+. No other steps are necessary. Releases that have fixed this issue include:

*   Spring Framework
    *   6.0.8+
    *   5.3.27+
    *   5.2.24.RELEASE+

**Credit**

This vulnerability was initially discovered and responsibly reported by the Google OSS-Fuzz team from Code Intelligence.

**References**

*   https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/RL:O
*   https://cwe.mitre.org/data/definitions/770.html

**History**

*   2023-04-13: Initial vulnerability report published.

Tag

#dos