[SECURITY] [DSA 4546-1] openjdk-11 security update

[Moritz Muehlenhoff]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

- -
Debian Security Advisory DSA-4546-1   secur...@debian.org
https://www.debian.org/security/   Moritz Muehlenhoff
October 20, 2019  https://www.debian.org/security/faq
- -

Package: openjdk-11
CVE ID : CVE-2019-2894 CVE-2019-2945 CVE-2019-2949 CVE-2019-2962 
 CVE-2019-2964 CVE-2019-2973 CVE-2019-2975 CVE-2019-2977 
 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2987 
 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999

Several vulnerabilities have been discovered in the OpenJDK Java
runtime, resulting in cross-site scripting, denial of service,
information disclosure or Kerberos user impersonation.

For the stable distribution (buster), these problems have been fixed in
version 11_11.0.5+10-1~deb10u1.

We recommend that you upgrade your openjdk-11 packages.

For the detailed security status of openjdk-11 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openjdk-11

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-annou...@lists.debian.org
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl2s0nkACgkQEMKTtsN8
TjZjEBAAnhf1e730SCKks4Moq1TPDfPYyCWqJWUCEDtphqqgdYJTKJVASfgiSnWL
C+0GN2oey+vbNYK/D/FRY1v9fn6iaJ1miTsGrKrfLOPqDq01IYdlXUDRTcumcNVP
zOLCi932L78yzXIneLVOMzkgP4J0KFKjCnWJaAWuE0RiympzKdVUe70ptTEfW113
m+tjN7SdLHI+eDeIAgpQw1ZzYz84CnWnUvDfKBNuxNZ/XaGJK+0TLfYkh4Pof5Vx
ykEeRlYQ0rjJsI8sETa1kXQvCrwBbieUfL48Zbgf6CyVBSGOEC3xE0vhKfQP8och
r57KqH8lwRt9l8QM3+Oe+p6nngX6TniRH2O2NUpI+c16XBApLGly3L/xOH5w3uTz
ooIJ7HP1zsSV2pDXaIFNxcB29N2MpDyuyep99ERcGwmY8hCpafzSOiV/atc2CwDq
dS5NaI6tywpQ474l5mjoCo5D8lAYnQLIE03Pk0FQeZz3Kl0iZauXvhTw0i53n5+c
IkdTRRKbue5/M6rpXIvYMmsfdB4AM/NDv2+mv6uHyrvDRrQ+PxGgssBppSHM+Ktq
XKDD7h+PyrgZsq/OblFJ5Dqz9Zke4GKuTIksHxpaiWHaq2NlZPBv5OuGbTI9Mq9d
LZfTdw8QKNjcadsoLvrdidi5fwAmfHWnmvEiefldffSdWoha9iY=
=Hohu
-END PGP SIGNATURE-

[SECURITY] [DSA 4545-1] mediawiki security update

[Moritz Muehlenhoff]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

- -
Debian Security Advisory DSA-4545-1   secur...@debian.org
https://www.debian.org/security/   Moritz Muehlenhoff
October 18, 2019  https://www.debian.org/security/faq
- -

Package: mediawiki
CVE ID : CVE-2019-16738

It was discovered that the Special:Redirect functionality of MediaWiki,
a website engine for collaborative work, could expose suppressed user
names, resulting in an information leak.

For the oldstable distribution (stretch), this problem has been fixed
in version 1:1.27.7-1~deb9u2.

For the stable distribution (buster), this problem has been fixed in
version 1:1.31.4-1~deb10u1.

We recommend that you upgrade your mediawiki packages.

For the detailed security status of mediawiki please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/mediawiki

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-annou...@lists.debian.org
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl2p/k4ACgkQEMKTtsN8
TjaraA//fhUy/HUmMee1OYPOjO4eEzx4PjY6MVikMCIDZb1IS7l9HDw6Vgz4yg1y
sK7SmIIoxlTbSWqj3XFsNTh7Wfbdrw9Mr98zBqhhJqGZ9HxJs2P5jZX7qH20GpvS
NdzW58jehjed18CEBrYNuOvFrZE9vBYQL4BbwllsRO4Ya9OANgHcx0QPVIZG9nYG
UTK08sr79NlWcR2WQilnT4QYcGLKaU89dt2nPRqktbYr+bpgaujUGTmjqqwSTAnb
J2iwRRlvhVs6McE6qbWj6EVtBHEgsAfO3AcRBEOCFY38Le/3kkQSxDSmNwj5BLlq
psh80fc+l803JDffzOY1+UsLcf+QQVnWoG145B9BOlnZZTH0dITVHVp8AVkrZqS9
X04bIM3IM4Bhi0/n0AjmhFRGJWpR1noCSwUvOFCJmDT5UPbaGD+4NEZX0FWFM8qS
zUvVvmMuVyZ4OpquD1qQNpRrx6KBa4AQS1rnUHn15NqwkuDIyq5mbhW6wvfs5CGX
QtUU/1QMPcHhFvdAssJOPzanre6h/1NMSG/LZHKZQP778ivTdXTFOgAAxHxDgeM0
NyTXbIx+Pp6MdJN5OAnx6MtbXisHQ+946g3poZSGa34+eXDiRKaA2XXhfQLu92Mr
NsGfocRed456kKrj4EYrCLL1zzbVFLunsRestOOQdz8gCKIbA7M=
=IOhJ
-END PGP SIGNATURE-

Trend Micro Anti-Threat Toolkit <= v1.62.0.1218 / Remote Code Execution 0day

[apparitionsec]

[+] Credits: John Page (aka hyp3rlinx)  
[+] Website: hyp3rlinx.altervista.org
[+] Source:  
http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-ANTI-THREAT-TOOLKIT-(ATTK)-REMOTE-CODE-EXECUTION.txt
[+] ISR: Apparition Security  
 

[Vendor]
www.trendmicro.com


[Product]
Trend Micro Anti-Threat Toolkit (ATTK)
1.62.0.1218 and below

Trend Micro Anti-Threat Toolkit (ATTK) can analyze malware issues and clean 
infections.
It can be used to perform system forensic scans and clean the following 
infection types:

General malware infection
Master boot record Infection
CIDOX/ RODNIX infection
Rootkit infection
Zbot infection
Cryptolocker infection
etc..


[Vulnerability Type]
Remote Code Execution


[CVE Reference]
CVE-2019-9491


[Security Issue]
Trend Micro Anti-Threat Toolkit (ATTK) will load and execute arbitrary .EXE 
files if a malware author
happens to use the vulnerable naming convention of "cmd.exe" or "regedit.exe" 
and the malware can be
placed in the vacinity of the ATTK when a scan is launched by the end user.

Since the ATTK is signed by verified publisher and therefore assumed trusted 
any MOTW security warnings
are bypassed if the malware was internet downloaded, also it can become a 
persistence mechanism as
each time the Anti-Threat Toolkit is run so can an attackers malware.

Standalone affected components of ATTK and other integrations (e.g. WCRY Patch 
Tool, OfficeScan Toolbox, etc.)

attk_collector_cli_x64.exe 
Hash: e8503e9897fd56eac0ce3c3f6db24fb1

TrendMicroRansomwareCollector64.r09.exe
Hash: 798039027bb4363dcfd264c14267375f

attk_ScanCleanOnline_gui_x64.exe
Hash: f1d2ca4b14368911c767873cdbc194ed


[References]
https://success.trendmicro.com/solution/000149878
*All versions of the ATTK have been updated with the newer version. Anti-Threat 
Toolkit (ATTK) 1.62.0.1223


[Exploit/POC]
Compile an .EXE using below "C" code and use naming convention of "cmd.exe" or 
"regedit.exe".
Run the Anti-Threat Toolkit and watch the ATTK console to see the Trojan file 
get loaded and executed.

#include 

void main(void){
   puts("Trend Micro Anti-Threat Toolkit PWNED!");
   puts("Discovery: hyp3rlinx");
   puts("CVE-2019-9491\n");
   WinExec("powershell", 0);
}


[POC Video URL]
https://www.youtube.com/watch?v=HBrRVe8WCHs


[Network Access]
Remote


[Severity]
High


[Disclosure Timeline]
Vendor Notification: September 9, 2019
Vendor confirms vulnerability: September 25, 2019
Vendor requests to coordinate advisory: September 25, 2019
October 19, 2019 : Public Disclosure



[+] Disclaimer
The information contained within this advisory is supplied "as-is" with no 
warranties or guarantees of fitness of use or otherwise.
Permission is hereby granted for the redistribution of this advisory, provided 
that it is not altered except by reformatting it, and
that due credit is given. Permission is explicitly given for insertion in 
vulnerability databases and similar, provided that due credit
is given to the author. The author is not responsible for any misuse of the 
information contained herein and accepts no responsibility
for any damage caused by the use or misuse of this information. The author 
prohibits any malicious use of security related information
or exploits by the author or elsewhere. All content (c).

hyp3rlinx

[slackware-security] python (SSA:2019-293-01)

[Slackware Security Team]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

[slackware-security]  python (SSA:2019-293-01)

New python packages are available for Slackware 14.0, 14.1, 14.2, and -current
to fix security issues.


Here are the details from the Slackware 14.2 ChangeLog:
+--+
patches/packages/python-2.7.17-i586-1_slack14.2.txz:  Upgraded.
  This update fixes bugs and security issues:
  Update vendorized expat library version to 2.2.8.
  Disallow URL paths with embedded whitespace or control characters into the
  underlying http client request. Such potentially malicious header injection
  URLs now cause an httplib.InvalidURL exception to be raised.
  Avoid file reading by disallowing ``local-file://`` and ``local_file://``
  URL schemes in :func:`urllib.urlopen`, :meth:`urllib.URLopener.open` and
  :meth:`urllib.URLopener.retrieve`.
  For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9740
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9948
  (* Security fix *)
+--+


Where to find the new packages:
+-+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/python-2.7.17-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/python-2.7.17-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/python-2.7.17-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/python-2.7.17-x86_64-1_slack14.1.txz

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/python-2.7.17-i586-1_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/python-2.7.17-x86_64-1_slack14.2.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/python-2.7.17-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/d/python-2.7.17-x86_64-1.txz


MD5 signatures:
+-+

Slackware 14.0 package:
7ba0c2ab27b2c487db8b148b1de2e69c  python-2.7.17-i486-1_slack14.0.txz

Slackware x86_64 14.0 package:
60636e31cb9376fe7a0e2e81a1f601a2  python-2.7.17-x86_64-1_slack14.0.txz

Slackware 14.1 package:
8869bce45de60a4657a8349c0b62c06e  python-2.7.17-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
b04aa671ce83f6e057efc18ac8f32f50  python-2.7.17-x86_64-1_slack14.1.txz

Slackware 14.2 package:
9ea9fd62c2f779dfbdc4afcd41a87f17  python-2.7.17-i586-1_slack14.2.txz

Slackware x86_64 14.2 package:
84ea5f3a8b661de31177f06ac2a3609d  python-2.7.17-x86_64-1_slack14.2.txz

Slackware -current package:
1b14d787561cf96a93ed228ff849204b  d/python-2.7.17-i586-1.txz

Slackware x86_64 -current package:
3176df4288be3e97cbeacdb3b675f97e  d/python-2.7.17-x86_64-1.txz


Installation instructions:
++

Upgrade the package as root:
# upgradepkg python-2.7.17-i586-1_slack14.2.txz


+-+

Slackware Linux Security Team
http://slackware.com/gpg-key
secur...@slackware.com

++
| To leave the slackware-security mailing list:  |
++
| Send an email to majord...@slackware.com with this text in the body of |
| the email message: |
||
|   unsubscribe slackware-security   |
||
| You will get a confirmation message back containing instructions to|
| complete the process.  Please do not reply to this email address.  |
++
-BEGIN PGP SIGNATURE-

iEYEARECAAYFAl2st1AACgkQakRjwEAQIjPtdACgkT3i2Nv1xRcfUFPtHJBHNVSq
necAn2UqQoBskylw4qiq5KCjWPz8Iahy
=qWqZ
-END PGP SIGNATURE-

[SECURITY] [DSA 4547-1] tcpdump security update

[Moritz Muehlenhoff]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

- -
Debian Security Advisory DSA-4547-1   secur...@debian.org
https://www.debian.org/security/   Moritz Muehlenhoff
October 21, 2019  https://www.debian.org/security/faq
- -

Package: tcpdump
CVE ID : CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 CVE-2018-14462 
 CVE-2018-14463 CVE-2018-14464 CVE-2018-14465 CVE-2018-14466 
 CVE-2018-14467 CVE-2018-14468 CVE-2018-14469 CVE-2018-14470 
 CVE-2018-14879 CVE-2018-14880 CVE-2018-14881 CVE-2018-14882 
 CVE-2018-16227 CVE-2018-16228 CVE-2018-16229 CVE-2018-16230 
 CVE-2018-16300 CVE-2018-16451 CVE-2018-16452 CVE-2019-15166

Several vulnerabilities have been discovered in tcpdump, a command-line
network traffic analyzer. These vulnerabilities might result in denial of
service or, potentially, execution of arbitrary code.

For the oldstable distribution (stretch), these problems have been fixed
in version 4.9.3-1~deb9u1.

For the stable distribution (buster), these problems have been fixed in
version 4.9.3-1~deb10u1.

We recommend that you upgrade your tcpdump packages.

For the detailed security status of tcpdump please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/tcpdump

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-annou...@lists.debian.org
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl2uIaAACgkQEMKTtsN8
Tjb5ZA/9FxAE0uHVnbXapPaDdrf4JOElV9+iZho4b87YuSXZKch7y/xUtlHMx6Jy
9iYzUd2Cwg0OPRyZii3PjiGSxSrKW9xTYnyfPzI7WdPFWRbeVLw9PKUV9R18fE2u
svIuKdeHiJd/MabagWqPffn4ZxgfxlG2Px3xtQhnFchDb7yXAsRUIdWwjIyw1fXR
/lRkaehvKkwBHLYtSTnNnMrZyRYNsZBZ6WSeZ5hIFugq9wwWTYXY3vJxR2IUqhq8
veQrHg8DVt58G+GhI7EdmEKB9vJrjtNZBlz8VCiGESxSw/BZjCw2vl20gL2JmV0f
1OA4NaMH7l6Sj2DQDCqHIDN++PGhLkQWUxJHrLV2aqfZ7kn9bxXpX3djUYYjRzpS
yaHsAsFOp7zwXkebbvV0dFhjLtst39xRJAEr8dAw6DUmfZqIPazdLv+PGGDpEuuq
pcAe6QqrNettT37VCx81PtIQL4BJf1lvTW6VHIwj0MaQ6aFdNImzw/n1ld26ktoV
feHER0IM0saIgwj/STOLV1+elNzi9dGdaFArxMRvM/s3fwo8JiYv1qnzfqGtQ6xH
5QwoBwwMZEEkqBvDCTtyFxLgg+Q/iVavwinxIRIb4Ttkr9M+PBL0WldFntlQRrlN
SZDCcsvfxjM9aOwNS+tMCoX3CKB7hj94u+ti8MRJCw9I9EOzmZE=
=bACv
-END PGP SIGNATURE-

[SECURITY] [DSA 4548-1] openjdk-8 security update

[Moritz Muehlenhoff]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

- -
Debian Security Advisory DSA-4548-1   secur...@debian.org
https://www.debian.org/security/   Moritz Muehlenhoff
October 21, 2019  https://www.debian.org/security/faq
- -

Package: openjdk-8
CVE ID : CVE-2019-2894 CVE-2019-2945 CVE-2019-2949 CVE-2019-2962 
 CVE-2019-2964 CVE-2019-2973 CVE-2019-2975 CVE-2019-2978 
 CVE-2019-2981 CVE-2019-2983 CVE-2019-2987 CVE-2019-2988 
 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999

Several vulnerabilities have been discovered in the OpenJDK Java
runtime, resulting in cross-site scripting, denial of service, information
disclosure or Kerberos user impersonation.

For the oldstable distribution (stretch), these problems have been fixed
in version 8u232-b09-1~deb9u1.

We recommend that you upgrade your openjdk-8 packages.

For the detailed security status of openjdk-8 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openjdk-8

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-annou...@lists.debian.org
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl2uIagACgkQEMKTtsN8
Tjav9Q/+It9kxLH7FJ7vMqKGKa4VF93QF6zSBeOBfGu7jAnXIS+6xrSzo2HTUe3X
q3UYREhUi0tDq/+PsbuBxN7u2uIbwYZjeMrD1Sj6hG6TJH58L5i52emlAPTvcCPv
mU1koChv47lVKi6NTS9iNOpRFcfy3A6q/HqE6LjKMgR93lQkS81iy0diqTYh6NQI
KBEyYH7Z8LP3mTbvFSyfNLlLq9REOVcqCACi89XarmT1HiCG6cnfLp8HiJEU0gAH
Vf5TOq4NoFifHlOgODT4tlrxvgcenaTS/kcmUEkJtBB0yHl0JBLXZ7jsvHlSV2eh
iwfURRPHALRKHVFk58YIJYKL5qGav86Un3FWhm8TXXkcL4eB7NWJo1S2QciuaSQ0
DWdb5MYOTk6/E/P6XhZ9Bh7BzJDfjohy35qHRrdmlCPDa4DRjjxv+jBqwy94NM8h
OG2k9wPEpWxQmDbIiDtpRwsJomjC22FYDtGzvjG8q/YC1WZ5YVEBlWaHKkaWVDrq
tebEd1F1rGINLJJvbKb+zRQ3jyV8gHI8cK5rsPEwQ4sjsGoJce7pt4FdjFx/vIPC
RDdkvsrzGPKSjb2zexx6QYRs+2ohAfgscLDgCFyK60oIpoqKBNaF/ROO8gEGro3u
s5L9mlLzYV3YfuV9Ux/2kNBShM7Wo0QLggN2QHKYhUvH0wOMRE0=
=drJn
-END PGP SIGNATURE-