#linux

Debian Linux Security Advisory 5822-1 - It was discovered that in SimpleSAMLphp, an implementation of the SAML 2.0 protocol, is prone to a XXE vulnerability when loading an (untrusted) XML document.

Debian Linux Security Advisory 5821-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.

Debian Linux Security Advisory 5820-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, spoofing or cross-site scripting.

Simple Chat System version 1.0 suffers from a cross site scripting vulnerability.

Red Hat Security Advisory 2024-10704-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include bypass, cross site scripting, and spoofing vulnerabilities.

Red Hat Security Advisory 2024-10702-03 - An update for firefox is now available for Red Hat Enterprise Linux 9. Issues addressed include bypass, cross site scripting, and spoofing vulnerabilities.

Red Hat Security Advisory 2024-10677-03 - An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2024-10667-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include bypass, cross site scripting, and spoofing vulnerabilities.

Red Hat Security Advisory 2024-10666-03 - An update for the gimp:2.8.22 module is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Issues addressed include a buffer overflow vulnerability.

### Impact An off-path attacker can inject an ICMP Packet Too Large packet. Since affected quic-go versions used `IP_PMTUDISC_DO`, the kernel would then return a "message too large" error on `sendmsg`, i.e. when quic-go attempts to send a packet that exceeds the MTU claimed in that ICMP packet. By setting this value to smaller than 1200 bytes (the minimum MTU for QUIC), the attacker can disrupt a QUIC connection. Crucially, this can be done after completion of the handshake, thereby circumventing any TCP fallback that might be implemented on the application layer (for example, many browsers fall back to HTTP over TCP if they're unable to establish a QUIC connection). As far as I understand, the kernel tracks the MTU per 4-tuple, so the attacker needs to at least know the client's IP and port tuple to mount an attack (assuming that it knows the server's IP and port). ### Patches The fix is easy: Use `IP_PMTUDISC_PROBE` instead of `IP_PMTUDISC_DO`. This socket option only sets the D...