Ubuntu Security Notice 6059-1 - It was discovered that Erlang did not properly implement TLS client certificate validation during the TLS handshake. A remote attacker could use this issue to bypass client authentication.

==========================================================================  
Ubuntu Security Notice USN-6059-1  
May 08, 2023

erlang vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

Erlang could allow unintended access to network services.

Software Description:  
- erlang: Concurrent, real-time, distributed functional language

Details:

It was discovered that Erlang did not properly implement TLS client  
certificate validation during the TLS handshake. A remote attacker could  
use this issue to bypass client authentication.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.10:  
  erlang                          1:24.3.4.1+dfsg-1ubuntu0.1  
  erlang-ssl                      1:24.3.4.1+dfsg-1ubuntu0.1

Ubuntu 22.04 LTS:  
  erlang                          1:24.2.1+dfsg-1ubuntu0.1  
  erlang-ssl                      1:24.2.1+dfsg-1ubuntu0.1

Ubuntu 20.04 LTS:  
  erlang                          1:22.2.7+dfsg-1ubuntu0.2  
  erlang-ssl                      1:22.2.7+dfsg-1ubuntu0.2

After a standard system update you need to reboot your computer to make  
all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6059-1  
  CVE-2022-37026

Package Information:  
  https://launchpad.net/ubuntu/+source/erlang/1:24.3.4.1+dfsg-1ubuntu0.1  
  https://launchpad.net/ubuntu/+source/erlang/1:24.2.1+dfsg-1ubuntu0.1  
  https://launchpad.net/ubuntu/+source/erlang/1:22.2.7+dfsg-1ubuntu0.2

Ubuntu Security Notice USN-6059-1

Rollout::UI version 0.5 suffers from a cross site scripting vulnerability.

1. ADVISORY INFORMATION  
=======================

Exploit Title:   Rollout::UI v0.5 Cross-site scripting  
Date:            2023-05-05  
Exploit Author:  Eduardo José de Borba  
Vendor Homepage: https://github.com/fetlife  
Software Link:   https://github.com/fetlife/rollout-ui  
Type:            Cross-Site Scripting [CWE-79]  
Tested on:       Linux/OSx  
CVE:             2023-25309  
CVSS Score:      5.3 https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

2. CREDITS  
==========  
This vulnerability was discovered and researched by Heiko Webers from  
bauland42.

3. VERSIONS AFFECTED  
====================

Rollout::UI <= v0.5

4. INTRODUCTION  
===============

Rollout::UI is a Minimalist UI for the rollout gem that you can just mount as a Rack app.

5. VULNERABILITY DETAILS  
========================

The feature's name isn't escaped properly in the "Do you really want to delete" confirmation dialog.  
When the user clicks "Delete", the page will run the XSS from the feature name.

6. PROOF OF CONCEPT  
===================

The following PoC triggers a JavaScript alert when clicking at the "Delete" button:

http://<host>/features/'+alert(document.cookie)+'

7. SOLUTION  
===========  
Update to Rollout::UI to use the following branch: https://github.com/fetlife/rollout-ui/pull/15. The fix was not accepted by the vendor yet.

Rollout::UI 0.5 Cross Site Scripting

The Bitcoin / AltCoin Payment Gateway for WooCommerce & Multivendor store / shop WordPress plugin through 1.7.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by authenticated users

CVE-2022-4118

The Video List Manager WordPress plugin through 1.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin

CVE-2023-1408

The WP Popups WordPress plugin before 2.1.5.1 does not properly escape the href attribute of its spu-facebook-page shortcode before outputting it back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. This is due to an insufficient fix of CVE-2023-24003

CVE-2023-1905

The NEX-Forms WordPress plugin before 8.4 does not properly escape the `table` parameter, which is populated with user input, before concatenating it to an SQL query.

CVE-2023-2114

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stack-based Buffer Overflow vulnerability, which can be triggered by authenticated users via a crafted POST request.

**Visit the European website**

To get information relevant for your region, we recommend visiting our European website instead.

  

**Privacy and Cookie Information:**  
This website uses cookies for tracking visitor behavior, for linking to social media icons and displaying videos. More information on how we deal with your privacy, please check our Privacy & Cookies statement.  
Please remember that if you do choose to disable cookies, you may find that certain sections of our website do not work properly.

CVE-2023-2575: Page Not Found - Advantech

SQL injection in Log4cxx when using the ODBC appender to send log messages to a database.  No fields sent to the database were properly escaped for SQL injection.  This has been the case since at least version 0.9.0(released 2003-08-06)




Note that Log4cxx is a C++ framework, so only C++ applications are affected.

Before version 1.1.0, the ODBC appender was automatically part of Log4cxx if the library was found when compiling the library.  As of version 1.1.0, this must be both explicitly enabled in order to be compiled in.




Three preconditions must be met for this vulnerability to be possible:

1. Log4cxx compiled with ODBC support(before version 1.1.0, this was auto-detected at compile time)

2. ODBCAppender enabled for logging messages to, generally done via a config file

3. User input is logged at some point. If your application does not have user input, it is unlikely to be affected.





Users are recommended to upgrade to version 1.1.0 which properly binds the parameters to the SQL statement, or migrate to the new DBAppender class which supports an ODBC connection in addition to other databases. 
Note that this fix does require a configuration file update, as the old configuration files will not configure properly.  An example is shown below, and more information may be found in the Log4cxx documentation on the ODBCAppender.





Example of old configuration snippet:

<appender name="SqlODBCAppender" class="ODBCAppender">

    <param name="sql" value="INSERT INTO logs (message) VALUES ('%m')" />

    ... other params here ...

</appender>




The migrated configuration snippet with new ColumnMapping parameters:


<appender name="SqlODBCAppender" class="ODBCAppender">




    <param name="sql" value="INSERT INTO logs (message) VALUES (?)" />

    <param name="ColumnMapping" value="message"/>
    ... other params here ...


</appender>







**Email display mode:**

Modern rendering  
Legacy rendering

CVE-2023-31038

A buffer overflow in the component /proc/ftxxxx-debug of FiiO M6 Build Number v1.0.4 allows attackers to escalate privileges to root.

CVE-2023-30257: Rooting the FiiO M6 - Part 2 - Writing an LPE Exploit For Our Overflow Bug

Ubuntu Security Notice 6058-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges.

    ==========================================================================Ubuntu Security Notice USN-6058-1May 05, 2023linux-aws, linux-aws-hwe vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 18.04 LTS- Ubuntu 16.04 ESMSummary:The system could be made to run programs as an administrator.Software Description:- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systemsDetails:It was discovered that the Traffic-Control Index (TCINDEX) implementationin the Linux kernel did not properly perform filter deactivation in somesituations. A local attacker could possibly use this to gain elevatedprivileges. Please note that with the fix for this CVE, kernel support forthe TCINDEX classifier has been removed.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 18.04 LTS:   linux-image-4.15.0-1155-aws     4.15.0-1155.168   linux-image-aws-lts-18.04       4.15.0.1155.153Ubuntu 16.04 ESM:   linux-image-4.15.0-1155-aws     4.15.0-1155.168~16.04.1   linux-image-aws-hwe             4.15.0.1155.138After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6058-1   CVE-2023-1829Package Information:   https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1155.168

Tag

#perl