Gentoo Linux Security Advisory 202309-12 - Multiple vulnerabilities have been found in sudo, the worst of which can result in root privilege escalation. Versions greater than or equal to 1.9.13_p2 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202309-12  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: sudo: Multiple Vulnerabilities  
     Date: September 29, 2023  
     Bugs: #898510, #905322  
       ID: 202309-12

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been found in sudo, the worst of which can  
result in root privilege escalation.

Background  
=========  
sudo allows a system administrator to give users the ability to run  
commands as other users.

Affected packages  
================  
Package         Vulnerable    Unaffected  
--------------  ------------  ------------  
app-admin/sudo  < 1.9.13_p2   >= 1.9.13_p2

Description  
==========  
Multiple vulnerabilities have been discovered in sudo. Please review the  
CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All sudo users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-admin/sudo-1.9.13_p2"

References  
=========  
[ 1 ] CVE-2023-27320  
      https://nvd.nist.gov/vuln/detail/CVE-2023-27320  
[ 2 ] CVE-2023-28486  
      https://nvd.nist.gov/vuln/detail/CVE-2023-28486  
[ 3 ] CVE-2023-28487  
      https://nvd.nist.gov/vuln/detail/CVE-2023-28487

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202309-12

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202309-12

Gentoo Linux Security Advisory 202309-11 - Multiple vulnerabilities have been found in libsndfile, the worst of which could result in arbitrary code execution. Versions greater than or equal to 1.1.0 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202309-11  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: libsndfile: Multiple Vulnerabilities  
     Date: September 29, 2023  
     Bugs: #803065  
       ID: 202309-11

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been found in libsndfile, the worst of  
which could result in arbitrary code execution.

Background  
=========  
libsndfile is a C library for reading and writing files containing  
sampled sound.

Affected packages  
================  
Package                Vulnerable    Unaffected  
---------------------  ------------  ------------  
media-libs/libsndfile  < 1.1.0       >= 1.1.0

Description  
==========  
Multiple vulnerabilities have been discovered in libsndfile. Please  
review the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All libsndfile users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=media-libs/libsndfile-1.1.0"

References  
=========  
[ 1 ] CVE-2021-3246  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3246  
[ 2 ] CVE-2021-4156  
      https://nvd.nist.gov/vuln/detail/CVE-2021-4156

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202309-11

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202309-11

Gentoo Linux Security Advisory 202309-10 - A vulnerability was discovered in Fish when handling git repository configuration that may lead to execution of arbitrary code Versions greater than or equal to 3.4.0 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202309-10  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: Fish: User-assisted execution of arbitrary code  
     Date: September 29, 2023  
     Bugs: #835337  
       ID: 202309-10

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
A vulnerability was discovered in Fish when handling git repository  
configuration that may lead to execution of arbitrary code

Background  
=========  
Smart and user-friendly command line shell for macOS, Linux, and the  
rest of the family. It includes features like syntax highlighting,  
autosuggest-as-you-type, and fancy tab completions that just work, with  
no configuration required.

Affected packages  
================  
Package          Vulnerable    Unaffected  
---------------  ------------  ------------  
app-shells/fish  < 3.4.0       >= 3.4.0

Description  
==========  
A vulnerability have been discovered in Fish. Please review the CVE  
identifiers referenced below for details.

Impact  
=====  
A user may be enticed to cd into a git repository under control by an  
attacker (e.g. on a shared filesystem or by unpacking an archive) and  
execute arbitrary commands.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All fish users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-shells/fish-3.4.0"

References  
=========  
[ 1 ] CVE-2022-20001  
      https://nvd.nist.gov/vuln/detail/CVE-2022-20001

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202309-10

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202309-10

Gentoo Linux Security Advisory 202309-9 - Multiple vulnerabilities have been found in Pacemaker, the worst of which could result in root privilege escalation. Versions greater than or equal to 2.0.5_rc2 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202309-09  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Pacemaker: Multiple Vulnerabilities  
     Date: September 29, 2023  
     Bugs: #711674, #751430  
       ID: 202309-09

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been found in Pacemaker, the worst of  
which could result in root privilege escalation.

Background  
=========  
Pacemaker is an Open Source, High Availability resource manager suitable  
for both small and large clusters.

Affected packages  
================  
Package                Vulnerable    Unaffected  
---------------------  ------------  ------------  
sys-cluster/pacemaker  < 2.0.5_rc2   >= 2.0.5_rc2

Description  
==========  
Multiple vulnerabilities have been discovered in Pacemaker. Please  
review the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All Pacemaker users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=sys-cluster/pacemaker-2.0.5_rc2"

References  
=========  
[ 1 ] CVE-2018-16877  
      https://nvd.nist.gov/vuln/detail/CVE-2018-16877  
[ 2 ] CVE-2018-16878  
      https://nvd.nist.gov/vuln/detail/CVE-2018-16878  
[ 3 ] CVE-2019-3885  
      https://nvd.nist.gov/vuln/detail/CVE-2019-3885  
[ 4 ] CVE-2020-25654  
      https://nvd.nist.gov/vuln/detail/CVE-2020-25654

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202309-09

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202309-09

Debian Linux Security Advisory 5507-1 - Multiple security vulnerabilities were found in Jetty, a Java based web server and servlet engine.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5507-1                   security@debian.org  
https://www.debian.org/security/                          Markus Koschany  
September 28, 2023                    https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : jetty9  
CVE ID         : CVE-2023-26048 CVE-2023-26049 CVE-2023-36479 CVE-2023-40167  
                 CVE-2023-41900

Multiple security vulnerabilities were found in Jetty, a Java based web server  
and servlet engine.

The org.eclipse.jetty.servlets.CGI class has been deprecated. It is potentially  
unsafe to use it. The upstream developers of Jetty recommend to use Fast CGI  
instead. See also CVE-2023-36479.

CVE-2023-26048

    In affected versions servlets with multipart support (e.g. annotated with  
    `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or  
    `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the  
    client sends a multipart request with a part that has a name but no  
    filename and very large content. This happens even with the default  
    settings of `fileSizeThreshold=0` which should stream the whole part  
    content to disk.

CVE-2023-26049

    Nonstandard cookie parsing in Jetty may allow an attacker to smuggle  
    cookies within other cookies, or otherwise perform unintended behavior by  
    tampering with the cookie parsing mechanism.

CVE-2023-40167

    Prior to this version Jetty accepted the `+` character proceeding the  
    content-length value in a HTTP/1 header field. This is more permissive than  
    allowed by the RFC and other servers routinely reject such requests with  
    400 responses. There is no known exploit scenario, but it is conceivable  
    that request smuggling could result if jetty is used in combination with a  
    server that does not close the connection after sending such a 400  
    response.

CVE-2023-36479

    Users of the CgiServlet with a very specific command structure may have the  
    wrong command executed. If a user sends a request to a  
    org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its  
    name, the servlet will escape the command by wrapping it in quotation  
    marks. This wrapped command, plus an optional command prefix, will then be  
    executed through a call to Runtime.exec. If the original binary name  
    provided by the user contains a quotation mark followed by a space, the  
    resulting command line will contain multiple tokens instead of one.

CVE-2023-41900

    Jetty is vulnerable to weak authentication. If a Jetty  
    `OpenIdAuthenticator` uses the optional nested `LoginService`, and that  
    `LoginService` decides to revoke an already authenticated user, then the  
    current request will still treat the user as authenticated. The  
    authentication is then cleared from the session and subsequent requests  
    will not be treated as authenticated. So a request on a previously  
    authenticated session could be allowed to bypass authentication after it  
    had been rejected by the `LoginService`. This impacts usages of the  
    jetty-openid which have configured a nested `LoginService` and where that  
    `LoginService` is capable of rejecting previously authenticated users.

For the oldstable distribution (bullseye), these problems have been fixed  
in version 9.4.39-3+deb11u2.

For the stable distribution (bookworm), these problems have been fixed in  
version 9.4.50-4+deb12u1.

We recommend that you upgrade your jetty9 packages.

For the detailed security status of jetty9 please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/jetty9

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmUV6x5fFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD  
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7  
UeTJGw//a9ZVCC9qHUG/KfAkJJs27UGuL4T1hRM5Azu+8jFxMHwuqKf62FCWlGUE  
xM9fwQdUDvfkSBsrGlp+nAwqegOh+YBvAxh6DBdMpEYhZ+wUDLwZaPdR5iTj7q2e  
JpjKs1hp7QRDfguL6+T/sJmMx9zk7soDwqd3QEjBXBhuYhlVfq7Wm4v5STKj28pD  
Yjv6YmLKIHTv9/HaUWNDCFUjyRGZjmAvYVAIF3gNo9Qn2agq4z3+1Z2EPX4+qbVq  
pp+JKr/vVSVHltaR1D0JyC5zjrHOo+dRFWYwG7K/V7kijyIbciNACTe/W2v6hM6F  
w+0+8C7TMbof22nOHVcgBygukIvxdvnG6BQUUQaVeE36wi8cvBSVgTe0NJb0NIQt  
Gr37tlG+9kJy9d02I+hgX8U90aWmaofTJsn3YbAL6wv2r7Klm6LJN6p8oAmqfEM6  
IOOii4JpHaRDz1VQsjskhjw7Q1UigVX6lmx6BfPHzG2BFSe8v5vG+6OvH4oF+Egy  
VTF3U/lvXcdqaZyNnCKn4NWLJZHVYE4ncgdDp8qomJXnDoMy6V9+DEDADiu9C2ox  
4YvtBHVIZ1uYBRRDjutJw0dkKa7QotSlkmVnAV+oqHa1/Dp2Cytjb+rRhp83QLEw  
kfBWYLpFIq9ARI08AyK4hzX27FFf3ojHp++Lau8ODwb/4s9bKE0=j7dG  
-----END PGP SIGNATURE-----

Debian Security Advisory 5507-1

Red Hat Security Advisory 2023-5405-01 - The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include buffer overflow and code execution vulnerabilities.

Red Hat Security Advisory 2023-5405-01

Debian Linux Security Advisory 5506-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5506-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
September 28, 2023                    https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : firefox-esr  
CVE ID         : CVE-2023-5169 CVE-2023-5171 CVE-2023-5176

Multiple security issues have been found in the Mozilla Firefox web  
browser, which could potentially result in the execution of arbitrary  
code

Debian follows the extended support releases (ESR) of Firefox. Support  
for the 102.x series has ended, so starting with this update we're now  
following the 115.x releases.

Between 102.x and 115.x, Firefox has seen a number of feature updates.  
For more information please refer to  
https://www.mozilla.org/en-US/firefox/115.0esr/releasenotes/

For the oldstable distribution (bullseye), these problems have been fixed  
in version 115.3.0esr-1~deb11u1.

For the stable distribution (bookworm), these problems have been fixed in  
version 115.3.0esr-1~deb12u1.

We recommend that you upgrade your firefox-esr packages.

For the detailed security status of firefox-esr please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/firefox-esr

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmUVyN4ACgkQEMKTtsN8  
Tjb6BhAAlHXgVwAmpytxSnPKfYdYzOthFK8nch5/y9VzXDTm5UoUKFEIlHHHcFmE  
Y0NlUkHk6M5JY2koB5MBAs6E2XT6QZ/AXUFZ7F7sz3nPdMRtqL6yjrcL7zWRmTFI  
A7GVIuOPpGS//8RlUIXfZ1YBQ3zJxDFg8aCQUv4uMfmk0jlEI/JmI7c8+8j10lpX  
hR4+k4A2XunUB46KbA1dYXU6nbXKpHMdmmZuUjkQJf+DBQo72OEv3ZdqG7aL5Nmr  
9jTZHur2FLpHuxIXLfwTZF7Zw+zjXSr8O89nFWSXIe0ESdlHhTrxy1EOodTZtght  
T+SZR6iJ/RBmJqO7jhg090udq9MXUSLp1LxFNTvxfipewglUntWIooONyyeLTwBO  
8R5uYA0E+NwNlLMuf1Z8V1vbOvv5DZnCkQg0HDORHd9Vvkniq3of6hVJkmO/YVAo  
ITReEwWHee8udu4qyFW3VveR3SigzsnHJLjmNdYJfqFntK655NL0IkhdTCwq+fwQ  
sBw+V46lznsWDkVlMlzGgQsZS+8+ME+zhILUHsyOG9U5JtlXFUwDGWVp0X24A5Fg  
iVqBrnmr2wzZ0ctNpc5SHigQWm4vWj14mG9k4WbiEd5KMpI1WejKLyE0vNmHtLCR  
8K4TiGLK/baigFWJZQAzjCT7df/ndWuEPSwcZgRhEtbpRhlHKhE=Om2J  
-----END PGP SIGNATURE-----

Debian Security Advisory 5506-1

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ulf Benjaminsson WP-dTree plugin <= 4.4.5 versions.

**Solution**

 No fix

No patched version is available.

Le Ngoc Anh discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress WP-dTree Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has not been known to be fixed yet.

**Other vulnerabilities in this plugin**

 3 present

 0 patched

View all

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-41662: WordPress WP-dTree plugin <= 4.4.5  - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PressPage Entertainment Inc. Smarty for WordPress plugin <= 3.1.35 versions.

**Solution**

 No fix

No patched version is available. No reply from the vendor.

Prasanna V Balaji discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Smarty for WordPress Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has not been known to be fixed yet.

**Other vulnerabilities in this plugin**

 2 present

 0 patched

View all

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-41661: WordPress Smarty for WordPress plugin <= 3.1.35 - Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Photo Gallery Slideshow & Masonry Tiled Gallery plugin <= 1.0.13 versions.

**Solution**

 Fixed

Update the WordPress Photo Gallery Slideshow & Masonry Tiled Gallery plugin to the latest available version (at least 1.0.14).

Found this useful? Thank yuyudhn for reporting this vulnerability. Buy a coffee ☕

yuyudhn discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Photo Gallery Slideshow & Masonry Tiled Gallery Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 1.0.14.

**Other vulnerabilities in this plugin**

 0 present

 2 patched

View all

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

Tag

#web