Bug#1072126: frr: CVE-2024-31948
Source: frr X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for frr. CVE-2024-31948[0]: | In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix | SID attribute in a BGP UPDATE packet can cause the bgpd daemon to | crash. https://github.com/FRRouting/frr/pull/15628 Fixed by: https://github.com/FRRouting/frr/commit/ba6a8f1a31e1a88df2de69ea46068e8bd9b97138 Fixed by: https://github.com/FRRouting/frr/commit/babb23b74855e23c987a63f8256d24e28c044d07 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-31948 https://www.cve.org/CVERecord?id=CVE-2024-31948 Please adjust the affected versions in the BTS as needed.
Bug#1072120: zabbix: CVE-2024-22120
Source: zabbix X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for zabbix. CVE-2024-22120[0]: | Zabbix server can perform command execution for configured scripts. | After command is executed, audit entry is added to "Audit Log". Due | to "clientip" field is not sanitized, it is possible to injection | SQL into "clientip" and exploit time based blind SQL injection. https://support.zabbix.com/browse/ZBX-24505 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-22120 https://www.cve.org/CVERecord?id=CVE-2024-22120 Please adjust the affected versions in the BTS as needed.
Bug#1072119: python-aiosmtpd: CVE-2024-34083
Source: python-aiosmtpd X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for python-aiosmtpd. CVE-2024-34083[0]: | aiosmptd is a reimplementation of the Python stdlib smtpd.py based | on asyncio. Prior to version 1.4.6, servers based on aiosmtpd accept | extra unencrypted commands after STARTTLS, treating them as if they | came from inside the encrypted connection. This could be exploited | by a man-in-the-middle attack. Version 1.4.6 contains a patch for | the issue. https://github.com/aio-libs/aiosmtpd/security/advisories/GHSA-wgjv-9j3q-jhg8 https://github.com/aio-libs/aiosmtpd/commit/b3a4a2c6ecfd228856a20d637dc383541fcdbfda (v1.4.6) If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-34083 https://www.cve.org/CVERecord?id=CVE-2024-34083 Please adjust the affected versions in the BTS as needed.
Bug#1053004: CVE-2019-10784 and CVE-2023-40619
Am Wed, Mar 06, 2024 at 06:39:01AM -0300 schrieb Leandro Cunha: > Hi Christoph Berg, > > On Wed, Mar 6, 2024 at 5:42 AM Christoph Berg wrote: > > > > Re: Leandro Cunha > > > The > > > next job would be to make it available through backports and I would > > > choose to remove this package from stable. But I would only leave > > > bookworm backports due to other bugs found (this CVEs too) and fixed > > > in 7.14.7. > > > I have to search about the status of backports to oldstable. But I'm > > > also studying the possibility of working with patches for these two > > > versions. > > > > Why would you want to remove it from stable? In closed environments, > > CVEs are often not a problem. > > > > Christoph > > In addition to the CVEs, phppgadmin which is present in stable does > not connect to PostgreSQL 15 and 16 without a patch I inserted in > 7.13.0+dfsg-3, but I can add the same patch by reopening bug #1029516 > or opening another important bug (I am aware that the bug must have a > severity greater than important)[3] for the stable and submission of > new bug to the release team for approval. That way it would be > released in a future release a version with this issue fixed (if > approved). But CVE-2023-40619 is treated with critical severity and > CVE-2019-10784 is also critical according to the NVD[1][2]. The Debian > LTS team handled this with DLA-3644-1 (CVE-2023-40619)[4] in buster > (oldoldstable) and of OpenSUSE team also handled both CVEs in > Leap[5][6]. > Removing this package in stable will not leave users without them and > we can release it in backports. > I can treat this as a job of ensuring the quality of what is > distributed by Debian. Agreed, if the package is actually broken with the version of PostgreSQL in stable and if there's no sensible backport for the open security issues, then let's rather remove it by the next point release. Cheers, Moritz
Bug#1071628: python-pymysql: CVE-2024-36039
Source: python-pymysql X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for python-pymysql. We should also fix this in a DSA, could you prepare debdiffs for bookworm-security and bullseye-security? CVE-2024-36039[0]: | PyMySQL through 1.1.0 allows SQL injection if used with untrusted | JSON input because keys are not escaped by escape_dict. https://github.com/advisories/GHSA-v9hf-5j83-6xpp https://github.com/PyMySQL/PyMySQL/commit/521e40050cb386a499f68f483fefd144c493053c (v1.1.1) If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-36039 https://www.cve.org/CVERecord?id=CVE-2024-36039 Please adjust the affected versions in the BTS as needed.
Bug#1070859: npgsql: CVE-2024-32655
Source: npgsql X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for npgsql. CVE-2024-32655[0]: | Npgsql is the .NET data provider for PostgreSQL. The `WriteBind()` | method in `src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs` | uses `int` variables to store the message length and the sum of | parameter lengths. Both variables overflow when the sum of parameter | lengths becomes too large. This causes Npgsql to write a message | size that is too small when constructing a Postgres protocol message | to send it over the network to the database. When parsing the | message, the database will only read a small number of bytes and | treat any following bytes as new messages while they belong to the | old message. Attackers can abuse this to inject arbitrary Postgres | protocol messages into the connection, leading to the execution of | arbitrary SQL statements on the application's behalf. This | vulnerability is fixed in 4.0.14, 4.1.13, 5.0.18, 6.0.11, 7.0.7, and | 8.0.3. https://github.com/npgsql/npgsql/security/advisories/GHSA-x9vc-6hfv-hg8c https://github.com/npgsql/npgsql/commit/f7e7ead0702d776a8f551f5786c4cac2d65c4bc6 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-32655 https://www.cve.org/CVERecord?id=CVE-2024-32655 Please adjust the affected versions in the BTS as needed.
Bug#1070395: tinyproxy: CVE-2023-40533 CVE-2023-49606
Source: tinyproxy X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for tinyproxy. CVE-2023-40533[0]: | An uninitialized memory use vulnerability exists in Tinyproxy 1.11.1 | while parsing HTTP requests. In certain configurations, a specially | crafted HTTP request can result in disclosure of data allocated on | the heap, which could contain sensitive information. An attacker can | make an unauthenticated HTTP request to trigger this vulnerability. https://talosintelligence.com/vulnerability_reports/TALOS-2023-1902 CVE-2023-49606[1]: | A use-after-free vulnerability exists in the HTTP Connection Headers | parsing in Tinyproxy 1.11.1 and Tinyproxy 1.10.0. A specially | crafted HTTP header can trigger reuse of previously freed memory, | which leads to memory corruption and could lead to remote code | execution. An attacker needs to make an unauthenticated HTTP request | to trigger this vulnerability. https://talosintelligence.com/vulnerability_reports/TALOS-2023-1889 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-40533 https://www.cve.org/CVERecord?id=CVE-2023-40533 [1] https://security-tracker.debian.org/tracker/CVE-2023-49606 https://www.cve.org/CVERecord?id=CVE-2023-49606 Please adjust the affected versions in the BTS as needed.
Bug#1070388: jupyterhub: CVE-2024-28233
Source: jupyterhub X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for jupyterhub. CVE-2024-28233[0]: | JupyterHub is an open source multi-user server for Jupyter | notebooks. By tricking a user into visiting a malicious subdomain, | the attacker can achieve an XSS directly affecting the former's | session. More precisely, in the context of JupyterHub, this XSS | could achieve full access to JupyterHub API and user's single-user | server. The affected configurations are single-origin JupyterHub | deployments and JupyterHub deployments with user-controlled | applications running on subdomains or peer subdomains of either the | Hub or a single-user server. This vulnerability is fixed in 4.1.0. https://github.com/jupyterhub/jupyterhub/security/advisories/GHSA-7r3h-4ph8-w38g https://github.com/jupyterhub/jupyterhub/commit/e2798a088f5ad45340fe79cdf1386198e664f77f If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-28233 https://www.cve.org/CVERecord?id=CVE-2024-28233 Please adjust the affected versions in the BTS as needed.
Bug#1070387: gdcm: CVE-2024-25569 CVE-2024-22373 CVE-2024-22391
Source: gdcm X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for gdcm. These are fixed in 3.0.24: CVE-2024-25569[0]: | An out-of-bounds read vulnerability exists in the | RAWCodec::DecodeBytes functionality of Mathieu Malaterre Grassroot | DICOM 3.0.23. A specially crafted DICOM file can lead to an out-of- | bounds read. An attacker can provide a malicious file to trigger | this vulnerability. https://talosintelligence.com/vulnerability_reports/TALOS-2024-1944 CVE-2024-22373[1]: | An out-of-bounds write vulnerability exists in the | JPEG2000Codec::DecodeByStreamsCommon functionality of Mathieu | Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can | lead to a heap buffer overflow. An attacker can provide a malicious | file to trigger this vulnerability. https://talosintelligence.com/vulnerability_reports/TALOS-2024-1935 CVE-2024-22391[2]: | A heap-based buffer overflow vulnerability exists in the | LookupTable::SetLUT functionality of Mathieu Malaterre Grassroot | DICOM 3.0.23. A specially crafted malformed file can lead to memory | corruption. An attacker can provide a malicious file to trigger this | vulnerability. https://talosintelligence.com/vulnerability_reports/TALOS-2024-1924 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-25569 https://www.cve.org/CVERecord?id=CVE-2024-25569 [1] https://security-tracker.debian.org/tracker/CVE-2024-22373 https://www.cve.org/CVERecord?id=CVE-2024-22373 [2] https://security-tracker.debian.org/tracker/CVE-2024-22391 https://www.cve.org/CVERecord?id=CVE-2024-22391 Please adjust the affected versions in the BTS as needed.
Bug#1069763: matrix-synapse: CVE-2024-31208
Source: matrix-synapse X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for matrix-synapse. CVE-2024-31208[0]: | Synapse is an open-source Matrix homeserver. A remote Matrix user | with malicious intent, sharing a room with Synapse instances before | 1.105.1, can dispatch specially crafted events to exploit a weakness | in the V2 state resolution algorithm. This can induce high CPU | consumption and accumulate excessive data in the database of such | instances, resulting in a denial of service. Servers in private | federations, or those that do not federate, are not affected. Server | administrators should upgrade to 1.105.1 or later. Some workarounds | are available. One can ban the malicious users or ACL block servers | from the rooms and/or leave the room and purge the room using the | admin API. https://github.com/element-hq/synapse/security/advisories/GHSA-3h7q-rfh9-xm4v https://github.com/element-hq/synapse/commit/55b0aa847a61774b6a3acdc4b177a20dc019f01a (v1.105.1) If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-31208 https://www.cve.org/CVERecord?id=CVE-2024-31208 Please adjust the affected versions in the BTS as needed.
Bug#1069762: pdns-recursor: CVE-2024-25583
Source: pdns-recursor X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for pdns-recursor. CVE-2024-25583[0]: PowerDNS Security Advisory 2024-02: if recursive forwarding is configured, crafted responses can lead to a denial of service in Recursor https://www.openwall.com/lists/oss-security/2024/04/24/1 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-25583 https://www.cve.org/CVERecord?id=CVE-2024-25583 Please adjust the affected versions in the BTS as needed.
Bug#1069679: ofono: CVE-2023-2794
Source: ofono X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for ofono. CVE-2023-2794[0]: | A flaw was found in ofono, an Open Source Telephony on Linux. A | stack overflow bug is triggered within the decode_deliver() function | during the SMS decoding. It is assumed that the attack scenario is | accessible from a compromised modem, a malicious base station, or | just SMS. There is a bound check for this memcpy length in | decode_submit(), but it was forgotten in decode_deliver(). https://bugzilla.redhat.com/show_bug.cgi?id=2255387 https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=a90421d8e45d63b304dc010baba24633e7869682 https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=7f2adfa22fbae824f8e2c3ae86a3f51da31ee400 https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=07f48b23e3877ef7d15a7b0b8b79d32ad0a3607e https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=8fa1fdfcb54e1edb588c6a5e260b065a39c9 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-2794 https://www.cve.org/CVERecord?id=CVE-2023-2794 Please adjust the affected versions in the BTS as needed.
Bug#1069677: rust-rustls: CVE-2024-32650
Source: rust-rustls X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for rust-rustls. CVE-2024-32650[0]: | Rustls is a modern TLS library written in Rust. | `rustls::ConnectionCommon::complete_io` could fall into an infinite | loop based on network input. When using a blocking rustls server, if | a client send a `close_notify` message immediately after | `client_hello`, the server's `complete_io` will get in an infinite | loop. This vulnerability is fixed in 0.23.5, 0.22.4, and 0.21.11. https://github.com/rustls/rustls/security/advisories/GHSA-6g7w-8wpp-frhj https://github.com/rustls/rustls/commit/2123576840aa31043a31b0770e6572136fbe0c2d (v/0.23.5) https://github.com/rustls/rustls/commit/6e938bcfe82a9da7a2e1cbf10b928c7eca26426e (v/0.23.5) https://rustsec.org/advisories/RUSTSEC-2024-0336.html If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-32650 https://www.cve.org/CVERecord?id=CVE-2024-32650 Please adjust the affected versions in the BTS as needed.
Bug#1069678: openjdk-8: CVE-2024-21011 CVE-2024-21068 CVE-2024-21085 CVE-2024-21094
Source: openjdk-8 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for openjdk-8. CVE-2024-21011[0]: | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle | GraalVM Enterprise Edition product of Oracle Java SE (component: | Hotspot). Supported versions that are affected are Oracle Java SE: | 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for | JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: | 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows | unauthenticated attacker with network access via multiple protocols | to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM | Enterprise Edition. Successful attacks of this vulnerability can | result in unauthorized ability to cause a partial denial of service | (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle | GraalVM Enterprise Edition. Note: This vulnerability can be | exploited by using APIs in the specified Component, e.g., through a | web service which supplies data to the APIs. This vulnerability also | applies to Java deployments, typically in clients running sandboxed | Java Web Start applications or sandboxed Java applets, that load and | run untrusted code (e.g., code that comes from the internet) and | rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 | (Availability impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2024-21068[1]: | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle | GraalVM Enterprise Edition product of Oracle Java SE (component: | Hotspot). Supported versions that are affected are Oracle Java SE: | 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: | 17.0.10, 21.0.2 and 22; Oracle GraalVM Enterprise Edition: 21.3.9. | Difficult to exploit vulnerability allows unauthenticated attacker | with network access via multiple protocols to compromise Oracle Java | SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. | Successful attacks of this vulnerability can result in unauthorized | update, insert or delete access to some of Oracle Java SE, Oracle | GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. | Note: This vulnerability can be exploited by using APIs in the | specified Component, e.g., through a web service which supplies data | to the APIs. This vulnerability also applies to Java deployments, | typically in clients running sandboxed Java Web Start applications | or sandboxed Java applets, that load and run untrusted code (e.g., | code that comes from the internet) and rely on the Java sandbox for | security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). CVE-2024-21085[2]: | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise | Edition product of Oracle Java SE (component: Concurrency). | Supported versions that are affected are Oracle Java SE: 8u401, | 8u401-perf, 11.0.22; Oracle GraalVM Enterprise Edition: 20.3.13 and | 21.3.9. Difficult to exploit vulnerability allows unauthenticated | attacker with network access via multiple protocols to compromise | Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful | attacks of this vulnerability can result in unauthorized ability to | cause a partial denial of service (partial DOS) of Oracle Java SE, | Oracle GraalVM Enterprise Edition. Note: This vulnerability can be | exploited by using APIs in the specified Component, e.g., through a | web service which supplies data to the APIs. This vulnerability also | applies to Java deployments, typically in clients running sandboxed | Java Web Start applications or sandboxed Java applets, that load and | run untrusted code (e.g., code that comes from the internet) and | rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 | (Availability impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2024-21094[3]: | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle | GraalVM Enterprise Edition product of Oracle Java SE (component: | Hotspot). Supported versions that are affected are Oracle Java SE: | 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for | JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 | and 21.3.9. Difficult to exploit vulnerability allows | unauthenticated attacker with network access via multiple protocols | to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM | Enterprise Edition. Successful attacks of this vulnerability can | result in unauthorized update, insert or delete access to some of | Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise | Edition accessible data. Note: This vulnerability can be exploited | by using APIs in the specified Component, e.g., through a web | service which supplies data to the APIs. This vulnerability also | applies to Java
Bug#1069189: mysql-8.0: CVE-2024-21102 CVE-2024-21096 CVE-2024-21087 CVE-2024-21069 CVE-2024-21062 CVE-2024-21060 CVE-2024-21054 CVE-2024-21047 CVE-2024-21013 CVE-2024-21009 CVE-2024-21008 CVE-2024-21
Source: mysql-8.0 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for mysql-8.0. CVE-2024-21102[0]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: Server: Thread Pooling). Supported versions that are | affected are 8.0.36 and prior and 8.3.0 and prior. Easily | exploitable vulnerability allows high privileged attacker with | network access via multiple protocols to compromise MySQL Server. | Successful attacks of this vulnerability can result in unauthorized | ability to cause a hang or frequently repeatable crash (complete | DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability | impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2024-21096[1]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: Client: mysqldump). Supported versions that are | affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to | exploit vulnerability allows unauthenticated attacker with logon to | the infrastructure where MySQL Server executes to compromise MySQL | Server. Successful attacks of this vulnerability can result in | unauthorized update, insert or delete access to some of MySQL Server | accessible data as well as unauthorized read access to a subset of | MySQL Server accessible data and unauthorized ability to cause a | partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 | Base Score 4.9 (Confidentiality, Integrity and Availability | impacts). CVSS Vector: | (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L). CVE-2024-21087[2]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: Server: Group Replication Plugin). Supported versions | that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily | exploitable vulnerability allows high privileged attacker with | network access via multiple protocols to compromise MySQL Server. | Successful attacks of this vulnerability can result in unauthorized | ability to cause a hang or frequently repeatable crash (complete | DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability | impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2024-21069[3]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: Server: DDL). Supported versions that are affected are | 8.0.36 and prior and 8.3.0 and prior. Easily exploitable | vulnerability allows high privileged attacker with network access | via multiple protocols to compromise MySQL Server. Successful | attacks of this vulnerability can result in unauthorized ability to | cause a hang or frequently repeatable crash (complete DOS) of MySQL | Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS | Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2024-21062[4]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: Server: Optimizer). Supported versions that are | affected are 8.0.36 and prior and 8.3.0 and prior. Easily | exploitable vulnerability allows high privileged attacker with | network access via multiple protocols to compromise MySQL Server. | Successful attacks of this vulnerability can result in unauthorized | ability to cause a hang or frequently repeatable crash (complete | DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability | impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2024-21060[5]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: Server: Data Dictionary). Supported versions that are | affected are 8.0.36 and prior and 8.3.0 and prior. Easily | exploitable vulnerability allows high privileged attacker with | network access via multiple protocols to compromise MySQL Server. | Successful attacks of this vulnerability can result in unauthorized | ability to cause a hang or frequently repeatable crash (complete | DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability | impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2024-21054[6]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: Server: Optimizer). Supported versions that are | affected are 8.0.36 and prior and 8.3.0 and prior. Easily | exploitable vulnerability allows high privileged attacker with | network access via multiple protocols to compromise MySQL Server. | Successful attacks of this vulnerability can result in unauthorized | ability to cause a hang or frequently repeatable crash (complete | DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability | impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2024-21047[7]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: InnoDB). Supported versions that are affected are | 8.0.36 and prior and 8.3.0 and prior. Easily exploitable | vulnerability allows high privileged attacker with network access | via multiple protocols to compromise MySQL
Bug#1068818: sngrep: CVE-2024-3119 CVE-2024-3120
Source: sngrep X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for sngrep. CVE-2024-3119[0]: | A buffer overflow vulnerability exists in all versions of sngrep | since v0.4.2, due to improper handling of 'Call-ID' and 'X-Call-ID' | SIP headers. The functions sip_get_callid and sip_get_xcallid in | sip.c use the strncpy function to copy header contents into fixed- | size buffers without checking the data length. This flaw allows | remote attackers to execute arbitrary code or cause a denial of | service (DoS) through specially crafted SIP messages. https://github.com/irontec/sngrep/commit/dd5fec92730562af6f96891291cd4e102b80bfcc (v1.8.1) CVE-2024-3120[1]: | A stack-buffer overflow vulnerability exists in all versions of | sngrep since v1.4.1. The flaw is due to inadequate bounds checking | when copying 'Content-Length' and 'Warning' headers into fixed-size | buffers in the sip_validate_packet and sip_parse_extra_headers | functions within src/sip.c. This vulnerability allows remote | attackers to execute arbitrary code or cause a denial of service | (DoS) via crafted SIP messages. https://github.com/irontec/sngrep/commit/f3f8ed8ef38748e6d61044b39b0dabd7e37c6809 (v1.8.1) If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-3119 https://www.cve.org/CVERecord?id=CVE-2024-3119 [1] https://security-tracker.debian.org/tracker/CVE-2024-3120 https://www.cve.org/CVERecord?id=CVE-2024-3120 Please adjust the affected versions in the BTS as needed.
Bug#1068816: undertow: CVE-2024-1459
Source: undertow X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for undertow. CVE-2024-1459[0]: | A path traversal vulnerability was found in Undertow. This issue may | allow a remote attacker to append a specially-crafted sequence to an | HTTP request for an application deployed to JBoss EAP, which may | permit access to privileged or restricted files and directories. The only reference here is at Red Hat: https://bugzilla.redhat.com/show_bug.cgi?id=2259475 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-1459 https://www.cve.org/CVERecord?id=CVE-2024-1459 Please adjust the affected versions in the BTS as needed.
Bug#1068462: gpac: CVE-2024-28318 CVE-2024-28319 CVE-2023-46426 CVE-2023-46427 CVE-2024-24265 CVE-2024-24266 CVE-2024-24267
Source: gpac X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for gpac. CVE-2024-28318[0]: | gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain a | out of boundary write vulnerability via swf_get_string at | scene_manager/swf_parse.c:325 https://github.com/gpac/gpac/issues/2764 https://github.com/gpac/gpac/commit/ae831621a08a64e3325ce532f8b78811a1581716 CVE-2024-28319[1]: | gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain an | out of boundary read vulnerability via gf_dash_setup_period | media_tools/dash_client.c:6374 https://github.com/gpac/gpac/issues/2763 https://github.com/gpac/gpac/commit/cb3c29809bddfa32686e3deb231a76af67b68e1e CVE-2023-46426[2]: | Heap-based Buffer Overflow vulnerability in gpac version 2.3-DEV- | rev588-g7edc40fee-master, allows remote attackers to execute | arbitrary code and cause a denial of service (DoS) via gf_fwrite | component in at utils/os_file.c. https://github.com/gpac/gpac/issues/2642 https://github.com/gpac/gpac/commit/14ec709a1ffae23ad777c37320290caa0a754341 CVE-2023-46427[3]: | An issue was discovered in gpac version 2.3-DEV-rev588-g7edc40fee- | master, allows remote attackers to execute arbitrary code, cause a | denial of service (DoS), and obtain sensitive information via null | pointer deference in gf_dash_setup_period component in | media_tools/dash_client.c. https://github.com/gpac/gpac/issues/2641 https://github.com/gpac/gpac/commit/ed8424300fc4a1f5231ecd1d47f502ddd3621d1a CVE-2024-24265[4]: | gpac v2.2.1 was discovered to contain a memory leak via the | dst_props variable in the gf_filter_pid_merge_properties_internal | function. https://github.com/yinluming13579/gpac_defects/blob/main/gpac_1.md CVE-2024-24266[5]: | gpac v2.2.1 was discovered to contain a Use-After-Free (UAF) | vulnerability via the dasher_configure_pid function at | /src/filters/dasher.c. https://github.com/yinluming13579/gpac_defects/blob/main/gpac_2.md CVE-2024-24267[6]: | gpac v2.2.1 was discovered to contain a memory leak via the | gfio_blob variable in the gf_fileio_from_blob function. https://github.com/yinluming13579/gpac_defects/blob/main/gpac_3.md If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-28318 https://www.cve.org/CVERecord?id=CVE-2024-28318 [1] https://security-tracker.debian.org/tracker/CVE-2024-28319 https://www.cve.org/CVERecord?id=CVE-2024-28319 [2] https://security-tracker.debian.org/tracker/CVE-2023-46426 https://www.cve.org/CVERecord?id=CVE-2023-46426 [3] https://security-tracker.debian.org/tracker/CVE-2023-46427 https://www.cve.org/CVERecord?id=CVE-2023-46427 [4] https://security-tracker.debian.org/tracker/CVE-2024-24265 https://www.cve.org/CVERecord?id=CVE-2024-24265 [5] https://security-tracker.debian.org/tracker/CVE-2024-24266 https://www.cve.org/CVERecord?id=CVE-2024-24266 [6] https://security-tracker.debian.org/tracker/CVE-2024-24267 https://www.cve.org/CVERecord?id=CVE-2024-24267 Please adjust the affected versions in the BTS as needed.
Bug#1068457: azure-uamqp-python: CVE-2024-29195
Source: azure-uamqp-python X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for azure-uamqp-python. CVE-2024-29195[0]: | The azure-c-shared-utility is a C library for AMQP/MQTT | communication to Azure Cloud Services. This library may be used by | the Azure IoT C SDK for communication between IoT Hub and IoT Hub | devices. An attacker can cause an integer wraparound or under- | allocation or heap buffer overflow due to vulnerabilities in | parameter checking mechanism, by exploiting the buffer length | parameter in Azure C SDK, which may lead to remote code execution. | Requirements for RCE are 1. Compromised Azure account allowing | malformed payloads to be sent to the device via IoT Hub service, 2. | By passing IoT hub service max message payload limit of 128KB, and | 3. Ability to overwrite code space with remote code. Fixed in commit | https://github.com/Azure/azure-c-shared- | utility/commit/1129147c38ac02ad974c4c701a1e01b2141b9fe2. https://github.com/Azure/azure-c-shared-utility/security/advisories/GHSA-m8wp-hc7w-x4xg https://github.com/Azure/azure-c-shared-utility/commit/1129147c38ac02ad974c4c701a1e01b2141b9fe2 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-29195 https://www.cve.org/CVERecord?id=CVE-2024-29195 Please adjust the affected versions in the BTS as needed.
Bug#1068453: request-tracker5: CVE-2024-3262
Source: request-tracker5 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for request-tracker5. CVE-2024-3262[0]: | Information exposure vulnerability in RT software affecting version | 4.4.1. This vulnerability allows an attacker with local access to | the device to retrieve sensitive information about the application, | such as vulnerability tickets, because the application stores the | information in the browser cache, leading to information exposure | despite session termination. https://github.com/bestpractical/rt/commit/ea07e767eaef5b202e8883051616d09806b8b48a https://github.com/bestpractical/rt/commit/468f86bd3e82c3b5b5ef7087d416a7509d4b1abe If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-3262 https://www.cve.org/CVERecord?id=CVE-2024-3262 Please adjust the affected versions in the BTS as needed.
Bug#1068452: request-tracker4: CVE-2024-3262
Source: request-tracker4 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for request-tracker4. CVE-2024-3262[0]: | Information exposure vulnerability in RT software affecting version | 4.4.1. This vulnerability allows an attacker with local access to | the device to retrieve sensitive information about the application, | such as vulnerability tickets, because the application stores the | information in the browser cache, leading to information exposure | despite session termination. https://github.com/bestpractical/rt/commit/ea07e767eaef5b202e8883051616d09806b8b48a https://github.com/bestpractical/rt/commit/468f86bd3e82c3b5b5ef7087d416a7509d4b1abe If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-3262 https://www.cve.org/CVERecord?id=CVE-2024-3262 Please adjust the affected versions in the BTS as needed.
Bug#1068412: apache2: CVE-2024-27316 CVE-2024-24795 CVE-2023-38709
Source: apache2 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for apache2. CVE-2024-27316[0]: https://www.kb.cert.org/vuls/id/421644 https://www.openwall.com/lists/oss-security/2024/04/04/4 CVE-2024-24795[1]: https://www.openwall.com/lists/oss-security/2024/04/04/5 CVE-2023-38709[2]: https://www.openwall.com/lists/oss-security/2024/04/04/3 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-27316 https://www.cve.org/CVERecord?id=CVE-2024-27316 [1] https://security-tracker.debian.org/tracker/CVE-2024-24795 https://www.cve.org/CVERecord?id=CVE-2024-24795 [2] https://security-tracker.debian.org/tracker/CVE-2023-38709 https://www.cve.org/CVERecord?id=CVE-2023-38709 Please adjust the affected versions in the BTS as needed.
Bug#1068347: nodejs: CVE-2024-27983 CVE-2024-27982
Source: nodejs X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for nodejs. CVE-2024-27983[0]: https://nodejs.org/en/blog/vulnerability/april-2024-security-releases/ CVE-2024-27982[1]: https://nodejs.org/en/blog/vulnerability/april-2024-security-releases/ If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-27983 https://www.cve.org/CVERecord?id=CVE-2024-27983 [1] https://security-tracker.debian.org/tracker/CVE-2024-27982 https://www.cve.org/CVERecord?id=CVE-2024-27982 Please adjust the affected versions in the BTS as needed.
Bug#1060407: gtkwave update for {bookworm,bullseye,buster}-security
Hi Adrian, > attached are proposed debdiffs for updating gtkwave to 3.3.118 in > {bookworm,bullseye,buster}-security for review for a DSA > (and as preview for buster). Thanks! > General notes: > > I checked a handful CVEs, and they were also present in buster. > If anyone insists that I check for every single CVE whether it is also > in buster I can do that, but that would be a lot of work. Nah, no need. > As mentioned in #1060407 there are different tarballs for GTK 2 and GTK 3. > Looking closer I realized that this is actually one tarball that > supports GTK 1+2, and one tarball that supports GTK 2+3. > I did stay at the GTK 1+2 tarball that was already used before > for bullseye and buster since there was anyway a different upstream > tarball required for the +really version that is required to avoid > creating file conflicts with ghwdump when upgrading to bookworm. > > What does the security team consider the best versioning for bullseye? > In #1060407 I suggested 3.3.104+really3.3.118-0.1, but now I ended up > preferring 3.3.104+really3.3.118-0+deb11u1 That's fine. > debdiffs contain only changes to debian/ The bookworm/bullseye debdiffs looks good, please upload to security-master, thanks! Note that both need -sa, but dak needs some special attention when uploading to security-master. You'll need to wait for the ACCEPTED mail before you can upload the next one. Cheers, Moritz
Bug#1064967: fontforge: CVE-2024-25081 CVE-2024-25082
Source: fontforge X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for fontforge. CVE-2024-25081[0]: | Splinefont in FontForge through 20230101 allows command injection | via crafted filenames. CVE-2024-25082[1]: | Splinefont in FontForge through 20230101 allows command injection | via crafted archives or compressed files. Fixed by: https://github.com/fontforge/fontforge/pull/5367 https://github.com/fontforge/fontforge/commit/216eb14b558df344b206bf82e2bdaf03a1f2f429 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-25081 https://www.cve.org/CVERecord?id=CVE-2024-25081 [1] https://security-tracker.debian.org/tracker/CVE-2024-25082 https://www.cve.org/CVERecord?id=CVE-2024-25082 Please adjust the affected versions in the BTS as needed.
Bug#1064516: ruby-rack: CVE-2024-26141 CVE-2024-25126 CVE-2024-26146
Source: ruby-rack X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for ruby-rack. CVE-2024-26141[0]: Reject Range headers which are too large https://github.com/rack/rack/releases/tag/v2.2.8.1 https://github.com/rack/rack/commit/62457686b26d33a15a254c7768c2076e8e02b48b (v2.2.8.1) CVE-2024-25126[1]: Fixed ReDoS in Content Type header parsing https://github.com/rack/rack/releases/tag/v2.2.8.1 CVE-2024-26146[2]: Fixed ReDoS in Accept header parsing https://github.com/rack/rack/releases/tag/v2.2.8.1 https://github.com/rack/rack/commit/e4c117749ba24a66f8ec5a08eddf68deeb425ccd (v2.2.8.1) If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-26141 https://www.cve.org/CVERecord?id=CVE-2024-26141 [1] https://security-tracker.debian.org/tracker/CVE-2024-25126 https://www.cve.org/CVERecord?id=CVE-2024-25126 [2] https://security-tracker.debian.org/tracker/CVE-2024-26146 https://www.cve.org/CVERecord?id=CVE-2024-26146 Please adjust the affected versions in the BTS as needed.
Bug#1064514: pymatgen: CVE-2024-23346
Source: pymatgen X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for pymatgen. CVE-2024-23346[0]: | Pymatgen (Python Materials Genomics) is an open-source Python | library for materials analysis. A critical security vulnerability | exists in the | `JonesFaithfulTransformation.from_transformation_str()` method | within the `pymatgen` library prior to version 2024.2.20. This | method insecurely utilizes `eval()` for processing input, enabling | execution of arbitrary code when parsing untrusted input. Version | 2024.2.20 fixes this issue. https://github.com/materialsproject/pymatgen/security/advisories/GHSA-vgv8-5cpj-qj2f https://github.com/materialsproject/pymatgen/commit/c231cbd3d5147ee920a37b6ee9dd236b376bcf5a If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-23346 https://www.cve.org/CVERecord?id=CVE-2024-23346 Please adjust the affected versions in the BTS as needed.
Bug#1064062: iwd: CVE-2023-52161
Source: iwd X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for iwd. CVE-2023-52161[0]: https://www.top10vpn.com/research/wifi-vulnerabilities/ While this mentions a patch for wpasupplication, it's not obvious if this was reported/fixed in iwd. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-52161 https://www.cve.org/CVERecord?id=CVE-2023-52161 Please adjust the affected versions in the BTS as needed.
Bug#1064061: wpa: CVE-2023-52160
Source: wpa X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for wpa. CVE-2023-52160[0]: https://www.top10vpn.com/research/wifi-vulnerabilities/ https://w1.fi/cgit/hostap/commit/?id=8e6485a1bcb0baff If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-52160 https://www.cve.org/CVERecord?id=CVE-2023-52160 Please adjust the affected versions in the BTS as needed.
Bug#1064055: nodejs: CVE-2023-46809 CVE-2024-22019 CVE-2024-21892
Source: nodejs X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for nodejs. CVE-2023-46809[0]: https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#nodejs-is-vulnerable-to-the-marvin-attack-timing-variant-of-the-bleichenbacher-attack-against-pkcs1-v15-padding-cve-2023-46809---medium CVE-2024-22019[1]: https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#reading-unprocessed-http-request-with-unbounded-chunk-extension-allows-dos-attacks-cve-2024-22019---high CVE-2024-21892[2]: https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#code-injection-and-privilege-escalation-through-linux-capabilities-cve-2024-21892---high There are some other issues, but they only affect the version in expeirimental. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-46809 https://www.cve.org/CVERecord?id=CVE-2023-46809 [1] https://security-tracker.debian.org/tracker/CVE-2024-22019 https://www.cve.org/CVERecord?id=CVE-2024-22019 [2] https://security-tracker.debian.org/tracker/CVE-2024-21892 https://www.cve.org/CVERecord?id=CVE-2024-21892 Please adjust the affected versions in the BTS as needed.
Bug#1064051: azure-uamqp-python: CVE-2024-25110
Source: azure-uamqp-python X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for azure-uamqp-python. CVE-2024-25110[0]: | The UAMQP is a general purpose C library for AMQP 1.0. During a call | to open_get_offered_capabilities, a memory allocation may fail | causing a use-after-free issue and if a client called it during | connection communication it may cause a remote code execution. Users | are advised to update the submodule with commit `30865c9c`. There | are no known workarounds for this vulnerability. azure-uamqp-python appears bundle azure-uamqp-c, so presumably it's also affected? https://github.com/Azure/azure-uamqp-c/commit/30865c9ccedaa32ddb036e87a8ebb52c3f18f695 https://github.com/Azure/azure-uamqp-c/security/advisories/GHSA-c646-4whf-r67v If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-25110 https://www.cve.org/CVERecord?id=CVE-2024-25110 Please adjust the affected versions in the BTS as needed.
Bug#1060409: gpac: CVE-2024-0321 CVE-2024-0322
Source: gpac X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for gpac. CVE-2024-0321[0]: | Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to | 2.3-DEV. https://huntr.com/bounties/4c027b94-8e9c-4c31-a169-893b25047769/ https://github.com/gpac/gpac/commit/d0ced41651b279bb054eb6390751e2d4eb84819a CVE-2024-0322[1]: | Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV. https://huntr.com/bounties/87611fc9-ed7c-43e9-8e52-d83cd270bbec/ https://github.com/gpac/gpac/commit/092904b80edbc4dce315684a59cc3184c45c1b70 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-0321 https://www.cve.org/CVERecord?id=CVE-2024-0321 [1] https://security-tracker.debian.org/tracker/CVE-2024-0322 https://www.cve.org/CVERecord?id=CVE-2024-0322 Please adjust the affected versions in the BTS as needed.
Bug#877016: Time to drop cpufrequtils?
Am Fri, Jan 05, 2024 at 12:08:54PM +0100 schrieb Chris Hofstaedtler: > On Sun, Sep 03, 2023 at 08:26:00PM +0200, Moritz Mühlenhoff wrote: > > severity 877016 serious > > thanks > > > > Am Thu, Sep 28, 2017 at 06:51:30AM -0700 schrieb Mattia Dongili: > > > On Wed, Sep 27, 2017 at 03:16:52PM -0400, Phil Susi wrote: > > > > Package: cpufrequtils > > > > Version: 008-1 > > > ... > > > > is the case, should cpufrequtils not be removed now? > > > > > > Yes, indeed it should. Thanks for nagging. > > > > Bumping the severity to RC to move forward with this for trixie. > > > > $ dak rm -nR cpufrequtils > Will remove the following packages from unstable: > > cpufrequtils | 008-2 | source, amd64, arm64, armel, armhf, i386, > mips64el, s390x > libcpufreq-dev | 008-2 | amd64, arm64, armel, armhf, i386, mips64el, > ppc64el, s390x > libcpufreq-dev | 008-2+b1 | riscv64 > libcpufreq0 | 008-2 | amd64, arm64, armel, armhf, i386, mips64el, > ppc64el, s390x > libcpufreq0 | 008-2+b1 | riscv64 > > Maintainer: Seunghun Han > > --- Reason --- > > -- > > Checking reverse dependencies... > No dependency problem found. > > Seems like it's good to go? Given the original bug to suggest it's removal is from 2017, I think it's safe to say that anyone had a chance to object to it's removal :-) Cheers, Moritz
Bug#1059307: ring: CVE-2023-38703
Source: ring X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for pjsig, which is bundled in ring: CVE-2023-38703[0]: | PJSIP is a free and open source multimedia communication library | written in C with high level API in C, C++, Java, C#, and Python | languages. SRTP is a higher level media transport which is stacked | upon a lower level media transport such as UDP and ICE. Currently a | higher level transport is not synchronized with its lower level | transport that may introduce use-after-free issue. This | vulnerability affects applications that have SRTP capability | (`PJMEDIA_HAS_SRTP` is set) and use underlying media transport other | than UDP. This vulnerability’s impact may range from unexpected | application termination to control flow hijack/memory corruption. | The patch is available as a commit in the master branch. https://github.com/pjsip/pjproject/security/advisories/GHSA-f76w-fh7c-pc66 https://github.com/pjsip/pjproject/commit/6dc9b8c181aff39845f02b4626e0812820d4ef0d (2.14) If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-38703 https://www.cve.org/CVERecord?id=CVE-2023-38703 Please adjust the affected versions in the BTS as needed.
Bug#1059303: asterisk: CVE-2023-37457 CVE-2023-38703
Source: asterisk X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for asterisk. CVE-2023-37457[0]: | Asterisk is an open source private branch exchange and telephony | toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, | and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the | 'update' functionality of the PJSIP_HEADER dialplan function can | exceed the available buffer space for storing the new value of a | header. By doing so this can overwrite memory or cause a crash. This | is not externally exploitable, unless dialplan is explicitly written | to update a header based on data from an outside source. If the | 'update' functionality is not used the vulnerability does not occur. | A patch is available at commit | a1ca0268254374b515fa5992f01340f7717113fa. https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa CVE-2023-38703[1]: | PJSIP is a free and open source multimedia communication library | written in C with high level API in C, C++, Java, C#, and Python | languages. SRTP is a higher level media transport which is stacked | upon a lower level media transport such as UDP and ICE. Currently a | higher level transport is not synchronized with its lower level | transport that may introduce use-after-free issue. This | vulnerability affects applications that have SRTP capability | (`PJMEDIA_HAS_SRTP` is set) and use underlying media transport other | than UDP. This vulnerability’s impact may range from unexpected | application termination to control flow hijack/memory corruption. | The patch is available as a commit in the master branch. https://github.com/pjsip/pjproject/security/advisories/GHSA-f76w-fh7c-pc66 https://github.com/pjsip/pjproject/commit/6dc9b8c181aff39845f02b4626e0812820d4ef0d (2.14) If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-37457 https://www.cve.org/CVERecord?id=CVE-2023-37457 [1] https://security-tracker.debian.org/tracker/CVE-2023-38703 https://www.cve.org/CVERecord?id=CVE-2023-38703 Please adjust the affected versions in the BTS as needed.
Bug#1059300: ruby-sidekiq: CVE-2023-26141
Source: ruby-sidekiq X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for ruby-sidekiq. CVE-2023-26141[0]: | Versions of the package sidekiq before 7.1.3 are vulnerable to | Denial of Service (DoS) due to insufficient checks in the dashboard- | charts.js file. An attacker can exploit this vulnerability by | manipulating the localStorage value which will cause excessive | polling requests. https://security.snyk.io/vuln/SNYK-RUBY-SIDEKIQ-5885107 https://github.com/sidekiq/sidekiq/commit/62c90d7c5a7d8a378d79909859d87c2e0702bf89 (v7.1.3) If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-26141 https://www.cve.org/CVERecord?id=CVE-2023-26141 Please adjust the affected versions in the BTS as needed.
Bug#1059293: lrzip: CVE-2023-39741
Source: lrzip X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for lrzip. CVE-2023-39741[0]: | lrzip v0.651 was discovered to contain a heap overflow via the | libzpaq::PostProcessor::write(int) function at /libzpaq/libzpaq.cpp. | This vulnerability allows attackers to cause a Denial of Service | (DoS) via a crafted file. https://github.com/ckolivas/lrzip/issues/246 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-39741 https://www.cve.org/CVERecord?id=CVE-2023-39741 Please adjust the affected versions in the BTS as needed.
Bug#1059265: w3m: CVE-2023-4255
Source: w3m X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for w3m. CVE-2023-4255[0]: | An out-of-bounds write issue has been discovered in the backspace | handling of the checkType() function in etc.c within the W3M | application. This vulnerability is triggered by supplying a | specially crafted HTML file to the w3m binary. Exploitation of this | flaw could lead to application crashes, resulting in a denial of | service condition. https://github.com/tats/w3m/commit/edc602651c506aeeb60544b55534dd1722a340d3 https://github.com/tats/w3m/issues/268 https://github.com/tats/w3m/pull/273 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-4255 https://www.cve.org/CVERecord?id=CVE-2023-4255 Please adjust the affected versions in the BTS as needed.
Bug#1059261: clickhouse: CVE-2023-48298 CVE-2023-47118 CVE-2022-44011 CVE-2022-44010
Source: clickhouse X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for clickhouse. CVE-2023-48298[0]: | ClickHouse® is an open-source column-oriented database management | system that allows generating analytical data reports in real-time. | This vulnerability is an integer underflow resulting in crash due to | stack buffer overflow in decompression of FPC codec. It can be | triggered and exploited by an unauthenticated attacker. The | vulnerability is very similar to CVE-2023-47118 with how the | vulnerable function can be exploited. https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-qw9f-qv29-8938 https://github.com/ClickHouse/ClickHouse/pull/56795 CVE-2023-47118[1]: | ClickHouse® is an open-source column-oriented database management | system that allows generating analytical data reports in real-time. | A heap buffer overflow issue was discovered in ClickHouse server. An | attacker could send a specially crafted payload to the native | interface exposed by default on port 9000/tcp, triggering a bug in | the decompression logic of T64 codec that crashes the ClickHouse | server process. This attack does not require authentication. Note | that this exploit can also be triggered via HTTP protocol, however, | the attacker will need a valid credential as the HTTP authentication | take places first. This issue has been fixed in version | 23.10.2.13-stable, 23.9.4.11-stable, 23.8.6.16-lts and | 23.3.16.7-lts. https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-g22g-p6q2-x39v CVE-2022-44011[2]: | An issue was discovered in ClickHouse before 22.9.1.2603. An | authenticated user (with the ability to load data) could cause a | heap buffer overflow and crash the server by inserting a malformed | CapnProto object. The fixed versions are 22.9.1.2603, 22.8.2.11, | 22.7.4.16, 22.6.6.16, and 22.3.12.19. https://github.com/ClickHouse/ClickHouse/pull/40241 CVE-2022-44010[3]: | An issue was discovered in ClickHouse before 22.9.1.2603. An | attacker could send a crafted HTTP request to the HTTP Endpoint | (usually listening on port 8123 by default), causing a heap-based | buffer overflow that crashes the process. This does not require | authentication. The fixed versions are 22.9.1.2603, 22.8.2.11, | 22.7.4.16, 22.6.6.16, and 22.3.12.19. https://github.com/ClickHouse/ClickHouse/pull/40292 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-48298 https://www.cve.org/CVERecord?id=CVE-2023-48298 [1] https://security-tracker.debian.org/tracker/CVE-2023-47118 https://www.cve.org/CVERecord?id=CVE-2023-47118 [2] https://security-tracker.debian.org/tracker/CVE-2022-44011 https://www.cve.org/CVERecord?id=CVE-2022-44011 [3] https://security-tracker.debian.org/tracker/CVE-2022-44010 https://www.cve.org/CVERecord?id=CVE-2022-44010 Please adjust the affected versions in the BTS as needed.
Bug#1059259: lwip: CVE-2023-49287
Source: lwip X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for lwip. CVE-2023-49287[0]: | TinyDir is a lightweight C directory and file reader. Buffer | overflows in the `tinydir_file_open()` function. This vulnerability | has been patched in version 1.2.6. https://github.com/cxong/tinydir/security/advisories/GHSA-jf5r-wgf4-qhxf https://github.com/cxong/tinydir/commit/8124807260735a837226fa151493536591f6715d https://github.com/hnsecurity/vulns/blob/main/HNS-2023-04-tinydir.txt falcosecurity-libs embeds a copy of tinydir, if it's not used to open files from potentially untrusted paths, feel free to downgrade. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-49287 https://www.cve.org/CVERecord?id=CVE-2023-49287 Please adjust the affected versions in the BTS as needed.
Bug#1059257: gemmi: CVE-2023-49287
Source: gemmi X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for gemmi. CVE-2023-49287[0]: | TinyDir is a lightweight C directory and file reader. Buffer | overflows in the `tinydir_file_open()` function. This vulnerability | has been patched in version 1.2.6. https://github.com/cxong/tinydir/security/advisories/GHSA-jf5r-wgf4-qhxf https://github.com/cxong/tinydir/commit/8124807260735a837226fa151493536591f6715d https://github.com/hnsecurity/vulns/blob/main/HNS-2023-04-tinydir.txt gemmi embeds a copy of tinydir, if it's not used to open files from potentially untrusted paths, feel free to downgrade. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-49287 https://www.cve.org/CVERecord?id=CVE-2023-49287 Please adjust the affected versions in the BTS as needed.
Bug#1059256: falcosecurity-libs: CVE-2023-49287
Source: falcosecurity-libs X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for falcosecurity-libs. CVE-2023-49287[0]: | TinyDir is a lightweight C directory and file reader. Buffer | overflows in the `tinydir_file_open()` function. This vulnerability | has been patched in version 1.2.6. https://github.com/cxong/tinydir/security/advisories/GHSA-jf5r-wgf4-qhxf https://github.com/cxong/tinydir/commit/8124807260735a837226fa151493536591f6715d https://github.com/hnsecurity/vulns/blob/main/HNS-2023-04-tinydir.txt falcosecurity-libs embeds a copy of tinydir, if it's not used to open files from potentially untrusted paths, feel free to downgrade. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-49287 https://www.cve.org/CVERecord?id=CVE-2023-49287 Please adjust the affected versions in the BTS as needed.
Bug#1059254: cacti: CVE-2023-49084 CVE-2023-49086
Source: cacti X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for cacti. CVE-2023-49084[0]: | Cacti is a robust performance and fault management framework and a | frontend to RRDTool - a Time Series Database (TSDB). While using the | detected SQL Injection and insufficient processing of the include | file path, it is possible to execute arbitrary code on the server. | Exploitation of the vulnerability is possible for an authorized | user. The vulnerable component is the `link.php`. Impact of the | vulnerability execution of arbitrary code on the server. https://github.com/Cacti/cacti/commit/58a980f335980ab57659420053d89d4e721ae3fc CVE-2023-49086[1]: | Cacti is a robust performance and fault management framework and a | frontend to RRDTool - a Time Series Database (TSDB). Bypassing an | earlier fix (CVE-2023-39360) that leads to a DOM XSS attack. | Exploitation of the vulnerability is possible for an authorized | user. The vulnerable component is the `graphs_new.php`. Impact of | the vulnerability - execution of arbitrary javascript code in the | attacked user's browser. This issue has been patched in version | 1.2.26. https://github.com/Cacti/cacti/security/advisories/GHSA-wc73-r2vw-59pr I think https://github.com/Cacti/cacti/commit/58a980f335980ab57659420053d89d4e721ae3fc should address both, but please doublecheck. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-49084 https://www.cve.org/CVERecord?id=CVE-2023-49084 [1] https://security-tracker.debian.org/tracker/CVE-2023-49086 https://www.cve.org/CVERecord?id=CVE-2023-49086 Please adjust the affected versions in the BTS as needed.
Bug#1059056: gpac: CVE-2023-48958 CVE-2023-46871 CVE-2023-46932 CVE-2023-47465 CVE-2023-48039 CVE-2023-48090
Source: gpac X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for gpac. CVE-2023-48958[0]: | gpac 2.3-DEV-rev617-g671976fcc-master contains memory leaks in | gf_mpd_resolve_url media_tools/mpd.c:4589. https://github.com/gpac/gpac/issues/2689 Fixed by: https://github.com/gpac/gpac/commit/249c9fc18704e6d3cb6a4b173034a41aa570e7e4 CVE-2023-46871[1]: | GPAC version 2.3-DEV-rev602-ged8424300-master in MP4Box contains a | memory leak in NewSFDouble scenegraph/vrml_tools.c:300. This | vulnerability may lead to a denial of service. https://github.com/gpac/gpac/issues/2658 Fixed by: https://github.com/gpac/gpac/commit/03760e34d32e502a0078b20d15ea83ecaf453a5c CVE-2023-46932[2]: | Heap Buffer Overflow vulnerability in GPAC version 2.3-DEV- | rev617-g671976fcc-master, allows attackers to execute arbitrary code | and cause a denial of service (DoS) via str2ulong class in | src/media_tools/avilib.c in gpac/MP4Box. https://github.com/gpac/gpac/issues/2669 https://github.com/gpac/gpac/commit/dfdf1681aae2f7b6265e58e97f8461a89825a74b CVE-2023-47465[3]: | An issue in GPAC v.2.2.1 and before allows a local attacker to cause | a denial of service (DoS) via the ctts_box_read function of file | src/isomedia/box_code_base.c. https://github.com/gpac/gpac/issues/2652 https://github.com/gpac/gpac/commit/a40a3b7ef7420c8df0a7d9411ab1fc267ca86c49 https://github.com/gpac/gpac/commit/613dbc5702b09063b101cfc3d6ad74b45ad87521 CVE-2023-48039[4]: | GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leak | in gf_mpd_parse_string media_tools/mpd.c:75. https://github.com/gpac/gpac/issues/2679 CVE-2023-48090[5]: | GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leaks | in extract_attributes media_tools/m3u8.c:329. https://github.com/gpac/gpac/issues/2680 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-48958 https://www.cve.org/CVERecord?id=CVE-2023-48958 [1] https://security-tracker.debian.org/tracker/CVE-2023-46871 https://www.cve.org/CVERecord?id=CVE-2023-46871 [2] https://security-tracker.debian.org/tracker/CVE-2023-46932 https://www.cve.org/CVERecord?id=CVE-2023-46932 [3] https://security-tracker.debian.org/tracker/CVE-2023-47465 https://www.cve.org/CVERecord?id=CVE-2023-47465 [4] https://security-tracker.debian.org/tracker/CVE-2023-48039 https://www.cve.org/CVERecord?id=CVE-2023-48039 [5] https://security-tracker.debian.org/tracker/CVE-2023-48090 https://www.cve.org/CVERecord?id=CVE-2023-48090 Please adjust the affected versions in the BTS as needed.
Bug#1059054: nss: CVE-2023-6135
Source: nss X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for nss. CVE-2023-6135[0]: | Multiple NSS NIST curves were susceptible to a side-channel attack | known as "Minerva". This attack could potentially allow an attacker | to recover the private key. This vulnerability affects Firefox < | 121. The bug linked from https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6135 is restricted, do you happen to have a commit reference for NSS itself? If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-6135 https://www.cve.org/CVERecord?id=CVE-2023-6135 Please adjust the affected versions in the BTS as needed.
Bug#1056282: gpac: CVE-2023-47384 CVE-2023-4785 CVE-2023-48011 CVE-2023-48013 CVE-2023-48014 CVE-2023-5998 CVE-2023-46001
Source: gpac X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for gpac. CVE-2023-47384[0]: | MP4Box GPAC v2.3-DEV-rev617-g671976fcc-master was discovered to | contain a memory leak in the function gf_isom_add_chapter at | /isomedia/isom_write.c. This vulnerability allows attackers to cause | a Denial of Service (DoS) via a crafted MP4 file. https://github.com/gpac/gpac/issues/2672 CVE-2023-4785[1]: | Lack of error handling in the TCP server in Google's gRPC starting | version 1.23 on posix-compatible platforms (ex. Linux) allows an | attacker to cause a denial of service by initiating a significant | number of connections with the server. Note that gRPC C++ Python, | and Ruby are affected, but gRPC Java, and Go are NOT affected. https://github.com/grpc/grpc/pull/33656 https://github.com/grpc/grpc/pull/33667 https://github.com/grpc/grpc/pull/33669 https://github.com/grpc/grpc/pull/33670 https://github.com/grpc/grpc/pull/33672 CVE-2023-48011[2]: | GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a | heap-use-after-free via the flush_ref_samples function at | /gpac/src/isomedia/movie_fragments.c. https://github.com/gpac/gpac/issues/2611 https://github.com/gpac/gpac/commit/c70f49dda4946d6db6aa55588f6a756b76bd84ea CVE-2023-48013[3]: | GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a | double free via the gf_filterpacket_del function at | /gpac/src/filter_core/filter.c. https://github.com/gpac/gpac/issues/2612 https://github.com/gpac/gpac/commit/cd8a95c1efb8f5bfc950b86c2ef77b4c76f6b893 CVE-2023-48014[4]: | GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a | stack overflow via the hevc_parse_vps_extension function at | /media_tools/av_parsers.c. https://github.com/gpac/gpac/issues/2613 https://github.com/gpac/gpac/commit/66abf0887c89c29a484d9e65e70882794e9e3a1b CVE-2023-5998[5]: | Out-of-bounds Read in GitHub repository gpac/gpac prior to | 2.3.0-DEV. https://huntr.com/bounties/ea02a231-b688-422b-a881-ef415bcf6113 https://github.com/gpac/gpac/commit/db74835944548fc3bdf03121b0e012373bdebb3e CVE-2023-46001[6]: | Buffer Overflow vulnerability in gpac MP4Box v.2.3-DEV- | rev573-g201320819-master allows a local attacker to cause a denial | of service via the gpac/src/isomedia/isom_read.c:2807:51 function in | gf_isom_get_user_data. https://github.com/gpac/gpac/issues/2629 https://github.com/gpac/gpac/commit/e79b0cf7e72404750630bc01340e999f3940dbc4 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-47384 https://www.cve.org/CVERecord?id=CVE-2023-47384 [1] https://security-tracker.debian.org/tracker/CVE-2023-4785 https://www.cve.org/CVERecord?id=CVE-2023-4785 [2] https://security-tracker.debian.org/tracker/CVE-2023-48011 https://www.cve.org/CVERecord?id=CVE-2023-48011 [3] https://security-tracker.debian.org/tracker/CVE-2023-48013 https://www.cve.org/CVERecord?id=CVE-2023-48013 [4] https://security-tracker.debian.org/tracker/CVE-2023-48014 https://www.cve.org/CVERecord?id=CVE-2023-48014 [5] https://security-tracker.debian.org/tracker/CVE-2023-5998 https://www.cve.org/CVERecord?id=CVE-2023-5998 [6] https://security-tracker.debian.org/tracker/CVE-2023-46001 https://www.cve.org/CVERecord?id=CVE-2023-46001 Please adjust the affected versions in the BTS as needed.
Bug#1056281: snort: CVE-2023-20246 CVE-2023-20031
Source: snort X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for snort. CVE-2023-20246[0]: | Multiple Cisco products are affected by a vulnerability in Snort | access control policies that could allow an unauthenticated, remote | attacker to bypass the configured policies on an affected system. | This vulnerability is due to a logic error that occurs when the | access control policies are being populated. An attacker could | exploit this vulnerability by establishing a connection to an | affected device. A successful exploit could allow the attacker to | bypass configured access control rules on the affected system. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-snort3acp-bypass-3bdR2BEh CVE-2023-20031[1]: | A vulnerability in the SSL/TLS certificate handling of Snort 3 | Detection Engine integration with Cisco Firepower Threat Defense | (FTD) Software could allow an unauthenticated, remote attacker to | cause the Snort 3 detection engine to restart. This vulnerability is | due to a logic error that occurs when an SSL/TLS certificate that is | under load is accessed when it is initiating an SSL connection. | Under specific, time-based constraints, an attacker could exploit | this vulnerability by sending a high rate of SSL/TLS connection | requests to be inspected by the Snort 3 detection engine on an | affected device. A successful exploit could allow the attacker to | cause the Snort 3 detection engine to reload, resulting in either a | bypass or a denial of service (DoS) condition, depending on device | configuration. The Snort detection engine will restart | automatically. No manual intervention is required. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-snort3-8U4HHxH8 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-20246 https://www.cve.org/CVERecord?id=CVE-2023-20246 [1] https://security-tracker.debian.org/tracker/CVE-2023-20031 https://www.cve.org/CVERecord?id=CVE-2023-20031 Please adjust the affected versions in the BTS as needed.
Bug#1055852: frr: CVE-2023-38407 CVE-2023-41361 CVE-2023-46752 CVE-2023-46753 CVE-2023-47234 CVE-2023-47235
Source: frr X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for frr. CVE-2023-38407[0]: | bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read | beyond the end of the stream during labeled unicast parsing. https://github.com/FRRouting/frr/pull/12951 https://github.com/FRRouting/frr/commit/7404a914b0cafe046703c8381903a80d3def8f8b (base_9.0) https://github.com/FRRouting/frr/pull/12956 https://github.com/FRRouting/frr/commit/ab362eae68edec12c175d9bc488bcc3f8b73d36f (frr-8.5) CVE-2023-41361[1]: | An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does | not check for an overly large length of the rcv software version. https://github.com/FRRouting/frr/pull/14241 Fixed by: https://github.com/FRRouting/frr/commit/b4d09af9194d20a7f9f16995a062f5d8e3d32840 Backport for 9.0 branch: https://github.com/FRRouting/frr/pull/14250 Fixed by: https://github.com/FRRouting/frr/commit/73ad93a83f18564bb7bff4659872f7ec1a64b05e CVE-2023-46752[2]: | An issue was discovered in FRRouting FRR through 9.0.1. It | mishandles malformed MP_REACH_NLRI data, leading to a crash. Fixed by: https://github.com/FRRouting/frr/commit/b08afc81c60607a4f736f418f2e3eb06087f1a35 (master) Fixed by: https://github.com/FRRouting/frr/commit/30b5c2a434d25981e16792f6f50162beb517ae4d (stable/8.5 branch) CVE-2023-46753[3]: | An issue was discovered in FRRouting FRR through 9.0.1. A crash can | occur for a crafted BGP UPDATE message without mandatory attributes, | e.g., one with only an unknown transit attribute. Fixed by: https://github.com/FRRouting/frr/commit/d8482bf011cb2b173e85b65b4bf3d5061250cdb9 (master) Fixed by: https://github.com/FRRouting/frr/commit/21418d64af11553c402f932b0311c812d98ac3e4 (stable/8.5 branch) CVE-2023-47234[4]: | An issue was discovered in FRRouting FRR through 9.0.1. A crash can | occur when processing a crafted BGP UPDATE message with a | MP_UNREACH_NLRI attribute and additional NLRI data (that lacks | mandatory path attributes). https://github.com/FRRouting/frr/commit/c37119df45bbf4ef713bc10475af2ee06e12f3bf CVE-2023-47235[5]: | An issue was discovered in FRRouting FRR through 9.0.1. A crash can | occur when a malformed BGP UPDATE message with an EOR is processed, | because the presence of EOR does not lead to a treat-as-withdraw | outcome. https://github.com/FRRouting/frr/commit/6814f2e0138a6ea5e1f83bdd9085d9a7700b If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-38407 https://www.cve.org/CVERecord?id=CVE-2023-38407 [1] https://security-tracker.debian.org/tracker/CVE-2023-41361 https://www.cve.org/CVERecord?id=CVE-2023-41361 [2] https://security-tracker.debian.org/tracker/CVE-2023-46752 https://www.cve.org/CVERecord?id=CVE-2023-46752 [3] https://security-tracker.debian.org/tracker/CVE-2023-46753 https://www.cve.org/CVERecord?id=CVE-2023-46753 [4] https://security-tracker.debian.org/tracker/CVE-2023-47234 https://www.cve.org/CVERecord?id=CVE-2023-47234 [5] https://security-tracker.debian.org/tracker/CVE-2023-47235 https://www.cve.org/CVERecord?id=CVE-2023-47235 Please adjust the affected versions in the BTS as needed.
Bug#1055179: salt: CVE-2023-34049
Source: salt X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for salt. CVE-2023-34049[0]: https://saltproject.io/security-announcements/2023-10-27-advisory/index.html If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-34049 https://www.cve.org/CVERecord?id=CVE-2023-34049 Please adjust the affected versions in the BTS as needed.
Bug#1055175: zabbix: CVE-2023-29449 CVE-2023-29450 CVE-2023-29451 CVE-2023-29452 CVE-2023-29453 CVE-2023-29454 CVE-2023-29455 CVE-2023-29456 CVE-2023-29457 CVE-2023-29458
Source: zabbix X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for zabbix. CVE-2023-29449[0]: | JavaScript preprocessing, webhooks and global scripts can cause | uncontrolled CPU, memory, and disk I/O utilization. | Preprocessing/webhook/global script configuration and testing are | only available to Administrative roles (Admin and Superadmin). | Administrative privileges should be typically granted to users who | need to perform tasks that require more control over the system. The | security risk is limited because not all users have this level of | access. https://support.zabbix.com/browse/ZBX-22589 Upstream patch for 5.0.32: https://github.com/zabbix/zabbix/commit/e90b8a3c62 applied in upstream release/5.0 branch: https://github.com/zabbix/zabbix/commit/c21cf2fa656b75733e3abc09d8f20690735b3f22 vulnerable module introduced in https://github.com/zabbix/zabbix/commit/18d2abfc40 (5.0.0alpha1) CVE-2023-29450[1]: | JavaScript pre-processing can be used by the attacker to gain access | to the file system (read-only access on behalf of user "zabbix") on | the Zabbix Server or Zabbix Proxy, potentially leading to | unauthorized access to sensitive data. https://support.zabbix.com/browse/ZBX-22588 Patch for 5.0.32rc1: https://github.com/zabbix/zabbix/commit/c3f1543e4 Patch for 6.0.14rc2: https://github.com/zabbix/zabbix/commit/76f6a80cb CVE-2023-29451[2]: | Specially crafted string can cause a buffer overrun in the JSON | parser library leading to a crash of the Zabbix Server or a Zabbix | Proxy. https://support.zabbix.com/browse/ZBX-22587 CVE-2023-29452[3]: | Currently, geomap configuration (Administration -> General -> | Geographical maps) allows using HTML in the field “Attribution text” | when selected “Other” Tile provider. https://support.zabbix.com/browse/ZBX-22981 Patches links: https://support.zabbix.com/browse/ZBX-22720 vulnerable geopmap widget introduced in version with https://github.com/zabbix/zabbix/commit/7e6a91149533b17b12c0317968b485e0c98d4ac2 (6.0.0alpha6) CVE-2023-29453[4]: | Templates do not properly consider backticks (`) as Javascript | string delimiters, and do not escape them as expected. Backticks are | used, since ES6, for JS template literals. If a template contains a | Go template action within a Javascript template literal, the | contents of the action can be used to terminate the literal, | injecting arbitrary Javascript code into the Go template. As ES6 | template literals are rather complex, and themselves can do string | interpolation, the decision was made to simply disallow Go template | actions from being used inside of them (e.g., "var a = {{.}}"), | since there is no obviously safe way to allow this behavior. This | takes the same approach as github.com/google/safehtml. With fix, | Template. Parse returns an Error when it encounters templates like | this, with an ErrorCode of value 12. This ErrorCode is currently | unexported but will be exported in the release of Go 1.21. Users who | rely on the previous behavior can re-enable it using the GODEBUG | flag jstmpllitinterp=1, with the caveat that backticks will now be | escaped. This should be used with caution. https://support.zabbix.com/browse/ZBX-23388 CVE-2023-29454[5]: | Stored or persistent cross-site scripting (XSS) is a type of XSS | where the attacker first sends the payload to the web application, | then the application saves the payload (e.g., in a database or | server-side text files), and finally, the application | unintentionally executes the payload for every victim visiting its | web pages. https://support.zabbix.com/browse/ZBX-22985 CVE-2023-29455[6]: | Reflected XSS attacks, also known as non-persistent attacks, occur | when a malicious script is reflected off a web application to the | victim's browser. The script is activated through a link, which | sends a request to a website with a vulnerability that enables | execution of malicious scripts. https://support.zabbix.com/browse/ZBX-22986 CVE-2023-29456[7]: | URL validation scheme receives input from a user and then parses it | to identify its various components. The validation scheme can ensure | that all URL components comply with internet standards. https://support.zabbix.com/browse/ZBX-22987 CVE-2023-29457[8]: | Reflected XSS attacks, occur when a malicious script is reflected | off a web application to the victim's browser. The script can be | activated through Action form fields, which can be sent as request | to a website with a vulnerability that enables execution of | malicious scripts. https://support.zabbix.com/browse/ZBX-22988 CVE-2023-29458[9]: | Duktape is an 3rd-party embeddable JavaScript engine, with a focus | on portability and compact footprint. When adding too many values in | valstack JavaScript will crash. This issue occurs due to bug in | Duktape 2.6 which is an 3rd-party solution that we use. This appears to be bug in Zabbix's use of
Bug#1054667: node-browserify-sign: CVE-2023-46234
Source: node-browserify-sign X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for node-browserify-sign. CVE-2023-46234[0]: | browserify-sign is a package to duplicate the functionality of | node's crypto public key functions, much of this is based on Fedor | Indutny's work on indutny/tls.js. An upper bound check issue in | `dsaVerify` function allows an attacker to construct signatures that | can be successfully verified by any public key, thus leading to a | signature forgery attack. All places in this project that involve | DSA verification of user-input signatures will be affected by this | vulnerability. This issue has been patched in version 4.2.2. https://github.com/browserify/browserify-sign/security/advisories/GHSA-x9w5-v3q2-3rhw https://github.com/browserify/browserify-sign/commit/85994cd6348b50f2fd1b73c54e20881416f44a30 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-46234 https://www.cve.org/CVERecord?id=CVE-2023-46234 Please adjust the affected versions in the BTS as needed.
Bug#1054666: open-vm-tools: CVE-2023-34059 CVE-2023-34058
Source: open-vm-tools X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for open-vm-tools. CVE-2023-34059[0]: | open-vm-tools contains a file descriptor hijack vulnerability in the | vmware-user-suid-wrapper. A malicious actor with non-root privileges | may be able to hijack the /dev/uinput file descriptor allowing them | to simulate user inputs. https://www.openwall.com/lists/oss-security/2023/10/27/3 CVE-2023-34058[1]: | VMware Tools contains a SAML token signature bypass vulnerability. A | malicious actor that has been granted Guest Operation Privileges | https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere- | security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target | virtual machine may be able to elevate their privileges if that | target virtual machine has been assigned a more privileged Guest | Alias https://vdc-download.vmware.com/vmwb-repository/dcr- | public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd- | db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . https://www.openwall.com/lists/oss-security/2023/10/27/1 https://github.com/vmware/open-vm-tools/blob/CVE-2023-34058.patch/CVE-2023-34058.patch If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-34059 https://www.cve.org/CVERecord?id=CVE-2023-34059 [1] https://security-tracker.debian.org/tracker/CVE-2023-34058 https://www.cve.org/CVERecord?id=CVE-2023-34058 Please adjust the affected versions in the BTS as needed.
Bug#1054429: fastdds: CVE-2023-42459
Source: fastdds X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for fastdds. CVE-2023-42459[0]: | Fast DDS is a C++ implementation of the DDS (Data Distribution | Service) standard of the OMG (Object Management Group). In affected | versions specific DATA submessages can be sent to a discovery | locator which may trigger a free error. This can remotely crash any | Fast-DDS process. The call to free() could potentially leave the | pointer in the attackers control which could lead to a double free. | This issue has been addressed in versions 2.12.0, 2.11.3, 2.10.3, | and 2.6.7. Users are advised to upgrade. There are no known | workarounds for this vulnerability. https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-gq8g-fj58-22gm https://github.com/eProsima/Fast-DDS/issues/3207 https://github.com/eProsima/Fast-DDS/pull/3824 https://github.com/eProsima/Fast-DDS/commit/1e978c6f3d0ca1df6b323b37fd4902b0762ececb If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-42459 https://www.cve.org/CVERecord?id=CVE-2023-42459 Please adjust the affected versions in the BTS as needed.
Bug#1054427: trafficserver: CVE-2023-41752 CVE-2023-39456 CVE-2023-44487
Source: trafficserver X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for trafficserver. CVE-2023-41752[0]: | Exposure of Sensitive Information to an Unauthorized Actor | vulnerability in Apache Traffic Server.This issue affects Apache | Traffic Server: from 8.0.0 through 8.1.8, from 9.0.0 through 9.2.2. | Users are recommended to upgrade to version 8.1.9 or 9.2.3, which | fixes the issue. https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q https://github.com/apache/trafficserver/commit/334839cb7a6724c71a5542e924251a8d931774b0 (8.1.x) https://github.com/apache/trafficserver/commit/de7c8a78edd5b75e311561dfaa133e9d71ea8a5e (9.2.x) CVE-2023-39456[1]: | Improper Input Validation vulnerability in Apache Traffic Server | with malformed HTTP/2 frames.This issue affects Apache Traffic | Server: from 9.0.0 through 9.2.2. Users are recommended to upgrade | to version 9.2.3, which fixes the issue. https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q https://github.com/apache/trafficserver/commit/4ca137b59bc6aaa25f8b14db2bdd2e72c43502e5 (9.2.x) CVE-2023-44487[2]: | The HTTP/2 protocol allows a denial of service (server resource | consumption) because request cancellation can reset many streams | quickly, as exploited in the wild in August through October 2023. https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q https://github.com/apache/trafficserver/commit/b28ad74f117307e8de206f1de70c3fa716f90682 (9.2.3-rc0) https://github.com/apache/trafficserver/commit/d742d74039aaa548dda0148ab4ba207906abc620 (8.1.x) For oldstable-security let's move to 8.1.8 and for stable-security to 9.2.3? If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-41752 https://www.cve.org/CVERecord?id=CVE-2023-41752 [1] https://security-tracker.debian.org/tracker/CVE-2023-39456 https://www.cve.org/CVERecord?id=CVE-2023-39456 [2] https://security-tracker.debian.org/tracker/CVE-2023-44487 https://www.cve.org/CVERecord?id=CVE-2023-44487 Please adjust the affected versions in the BTS as needed.
Bug#1053880: node-babel7: CVE-2023-45133
Source: node-babel7 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for node-babel7. CVE-2023-45133[0]: | Babel is a compiler for writingJavaScript. In `@babel/traverse` | prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of | `babel-traverse`, using Babel to compile code that was specifically | crafted by an attacker can lead to arbitrary code execution during | compilation, when using plugins that rely on the `path.evaluate()`or | `path.evaluateTruthy()` internal Babel methods. Known affected | plugins are `@babel/plugin-transform-runtime`; `@babel/preset-env` | when using its `useBuiltIns` option; and any "polyfill provider" | plugin that depends on `@babel/helper-define-polyfill-provider`, | such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill- | corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill- | regenerator`. No other plugins under the `@babel/` namespace are | impacted, but third-party plugins might be. Users that only compile | trusted code are not impacted. The vulnerability has been fixed in | `@babel/traverse@7.23.2` and `@babel/traverse@8.0.0-alpha.4`. Those | who cannot upgrade `@babel/traverse` and are using one of the | affected packages mentioned above should upgrade them to their | latest version to avoid triggering the vulnerable code path in | affected `@babel/traverse` versions: `@babel/plugin-transform- | runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper- | define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` | v0.4.6, `babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin- | polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` | v0.5.3. https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92 https://github.com/babel/babel/pull/16033 https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-45133 https://www.cve.org/CVERecord?id=CVE-2023-45133 Please adjust the affected versions in the BTS as needed.
Bug#1053877: zabbix: CVE-2023-32721 CVE-2023-32722 CVE-2023-32723 CVE-2023-32724
Source: zabbix X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for zabbix. CVE-2023-32721[0]: | A stored XSS has been found in the Zabbix web application in the | Maps element if a URL field is set with spaces before URL. https://support.zabbix.com/browse/ZBX-23389 CVE-2023-32722[1]: | The zabbix/src/libs/zbxjson module is vulnerable to a buffer | overflow when parsing JSON files via zbx_json_open. https://support.zabbix.com/browse/ZBX-23390 CVE-2023-32723[2]: | Request to LDAP is sent before user permissions are checked. https://support.zabbix.com/browse/ZBX-23230 CVE-2023-32724[3]: | Memory pointer is in a property of the Ducktape object. This leads | to multiple vulnerabilities related to direct memory access and | manipulation. https://support.zabbix.com/browse/ZBX-23391 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-32721 https://www.cve.org/CVERecord?id=CVE-2023-32721 [1] https://security-tracker.debian.org/tracker/CVE-2023-32722 https://www.cve.org/CVERecord?id=CVE-2023-32722 [2] https://security-tracker.debian.org/tracker/CVE-2023-32723 https://www.cve.org/CVERecord?id=CVE-2023-32723 [3] https://security-tracker.debian.org/tracker/CVE-2023-32724 https://www.cve.org/CVERecord?id=CVE-2023-32724 Please adjust the affected versions in the BTS as needed.
Bug#1053801: trafficserver: CVE-2023-44487
Source: trafficserver X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for trafficserver. CVE-2023-44487[0]: | The HTTP/2 protocol allows a denial of service (server resource | consumption) because request cancellation can reset many streams | quickly, as exploited in the wild in August through October 2023. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-44487 https://www.cve.org/CVERecord?id=CVE-2023-44487 Please adjust the affected versions in the BTS as needed. Fixed in 9.2.3: https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q https://github.com/apache/trafficserver/commit/b28ad74f117307e8de206f1de70c3fa716f90682 (9.2.x)
Bug#1053769: nghttp2: CVE-2023-44487
Source: nghttp2 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for nghttp2. CVE-2023-44487[0]: | The HTTP/2 protocol allows a denial of service (server resource | consumption) because request cancellation can reset many streams | quickly, as exploited in the wild in August through October 2023. https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg https://github.com/nghttp2/nghttp2/pull/1961 https://github.com/nghttp2/nghttp2/commit/72b4af6143681f528f1d237b21a9a7aee1738832 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-44487 https://www.cve.org/CVERecord?id=CVE-2023-44487 Please adjust the affected versions in the BTS as needed.
Bug#1051889: freeimage: CVE-2020-22524
Source: freeimage X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for freeimage. CVE-2020-22524[0]: | Buffer Overflow vulnerability in FreeImage_Load function in | FreeImage Library 3.19.0(r1828) allows attackers to cuase a denial | of service via crafted PFM file. https://sourceforge.net/p/freeimage/bugs/319/ Fixed with r1848 from http://svn.code.sf.net/p/freeimage/svn/FreeImage/ If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-22524 https://www.cve.org/CVERecord?id=CVE-2020-22524 Please adjust the affected versions in the BTS as needed.
Bug#1051740: gpac: CVE-2023-3012 CVE-2023-3013 CVE-2023-3291 CVE-2023-39562 CVE-2023-4678 CVE-2023-4681 CVE-2023-4682 CVE-2023-4683 CVE-2023-4720 CVE-2023-4721 CVE-2023-4722 CVE-2023-4754 CVE-2023-475
Source: gpac X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for gpac. CVE-2023-3012[0]: | NULL Pointer Dereference in GitHub repository gpac/gpac prior to | 2.2.2. https://huntr.dev/bounties/916b787a-c603-409d-afc6-25bb02070e69 https://github.com/gpac/gpac/commit/53387aa86c1af1228d0fa57c67f9c7330716d5a7 CVE-2023-3013[1]: | Unchecked Return Value in GitHub repository gpac/gpac prior to | 2.2.2. https://huntr.dev/bounties/52f95edc-cc03-4a9f-9bf8-74f641260073 https://github.com/gpac/gpac/commit/78e539b43293829a14a32e821f5267e3b7417594 CVE-2023-3291[2]: | Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to | 2.2.2. https://huntr.dev/bounties/526954e6-8683-4697-bfa2-886c3204a1d5/ https://github.com/gpac/gpac/commit/6a748ccc3f76ff10e3ae43014967ea4b0c088aaf CVE-2023-39562[3]: | GPAC v2.3-DEV-rev449-g5948e4f70-master was discovered to contain a | heap-use-after-free via the gf_bs_align function at bitstream.c. | This vulnerability allows attackers to cause a Denial of Service | (DoS) via supplying a crafted file. https://github.com/gpac/gpac/issues/2537 https://github.com/gpac/gpac/commit/9024531ee8e6ae8318a8fe0cbb64710d1acc31f6 CVE-2023-4678[4]: | Divide By Zero in GitHub repository gpac/gpac prior to 2.3-DEV. https://github.com/gpac/gpac/commit/4607052c482a51dbdacfe1ade10645c181d07b07 https://huntr.dev/bounties/688a4a01-8c18-469d-8cbe-a2e79e80c877 CVE-2023-4681[5]: | NULL Pointer Dereference in GitHub repository gpac/gpac prior to | 2.3-DEV. https://github.com/gpac/gpac/commit/4bac19ad854159b21ba70d8ab7c4e1cd1db8ea1c https://huntr.dev/bounties/d67c5619-ab36-41cc-93b7-04828e25f60e CVE-2023-4682[6]: | Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to | 2.3-DEV. https://github.com/gpac/gpac/commit/b1042c3eefca87c4bc32afb404ed6518d693e5be https://huntr.dev/bounties/15232a74-e3b8-43f0-ae8a-4e89d56c474c CVE-2023-4683[7]: | NULL Pointer Dereference in GitHub repository gpac/gpac prior to | 2.3-DEV. https://github.com/gpac/gpac/commit/112767e8b178fc82dec3cf82a1ca14d802cdb8ec https://huntr.dev/bounties/7852e4d2-af4e-4421-a39e-db23e0549922 CVE-2023-4720[8]: | Floating Point Comparison with Incorrect Operator in GitHub | repository gpac/gpac prior to 2.3-DEV. https://github.com/gpac/gpac/commit/e396648e48c57e2d53988d3fd4465b068b96c89a https://huntr.dev/bounties/1dc2954c-8497-49fa-b2af-113e1e9381ad CVE-2023-4721[9]: | Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV. https://github.com/gpac/gpac/commit/3ec93d73d048ed7b46fe6e9f307cc7a0cc13db63 https://huntr.dev/bounties/f457dc62-3cff-47bd-8fd2-1cb2b4a832fc CVE-2023-4722[10]: | Integer Overflow or Wraparound in GitHub repository gpac/gpac prior | to 2.3-DEV. https://github.com/gpac/gpac/commit/de7f3a852bef72a52825fd307cf4e8f486401a76 https://huntr.dev/bounties/ddfdb41d-e708-4fec-afe5-68ff1f88f830 CVE-2023-4754[11]: | Out-of-bounds Write in GitHub repository gpac/gpac prior to 2.3-DEV. https://github.com/gpac/gpac/commit/7e2e92feb1b30fac1d659f6620d743b5a188ffe0 https://huntr.dev/bounties/b7ed24ad-7d0b-40b7-8f4d-3c18a906620c CVE-2023-4755[12]: | Use After Free in GitHub repository gpac/gpac prior to 2.3-DEV. https://github.com/gpac/gpac/commit/895ac12da168435eb8db3f96978ffa4c69d66c3a https://huntr.dev/bounties/463474b7-a4e8-42b6-8b30-e648a77ee6b3 CVE-2023-4756[13]: | Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to | 2.3-DEV. https://github.com/gpac/gpac/commit/6914d016e2b540bac2c471c4aea156ddef8e8e01 https://huntr.dev/bounties/2342da0e-f097-4ce7-bfdc-3ec0ba446e05 CVE-2023-4758[14]: | Buffer Over-read in GitHub repository gpac/gpac prior to 2.3-DEV. https://github.com/gpac/gpac/commit/193633b1648582444fc99776cd741d7ba0125e86 https://huntr.dev/bounties/2f496261-1090-45ac-bc89-cc93c82090d6 CVE-2023-4778[15]: | Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV. https://huntr.dev/bounties/abb450fb-4ab2-49b0-90da-3d878eea5397/ https://github.com/gpac/gpac/commit/d553698050af478049e1a09e44a15ac884f223ed If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-3012 https://www.cve.org/CVERecord?id=CVE-2023-3012 [1] https://security-tracker.debian.org/tracker/CVE-2023-3013 https://www.cve.org/CVERecord?id=CVE-2023-3013 [2] https://security-tracker.debian.org/tracker/CVE-2023-3291 https://www.cve.org/CVERecord?id=CVE-2023-3291 [3] https://security-tracker.debian.org/tracker/CVE-2023-39562 https://www.cve.org/CVERecord?id=CVE-2023-39562 [4] https://security-tracker.debian.org/tracker/CVE-2023-4678 https://www.cve.org/CVERecord?id=CVE-2023-4678 [5] https://security-tracker.debian.org/tracker/CVE-2023-4681 https://www.cve.org/CVERecord?id=CVE-2023-4681 [6]
Bug#1051738: freeimage: CVE-2020-21428
Source: freeimage X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for freeimage. CVE-2020-21428[0]: | Buffer Overflow vulnerability in function LoadRGB in PluginDDS.cpp | in FreeImage 3.18.0 allows remote attackers to run arbitrary code | and cause other impacts via crafted image file. https://sourceforge.net/p/freeimage/bugs/299/ This appears to be fixed in r1877 of the upstream Subversion repository If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-21428 https://www.cve.org/CVERecord?id=CVE-2020-21428 Please adjust the affected versions in the BTS as needed.
Bug#1050835: nuget: CVE-2023-29337
Source: nuget X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for nuget. CVE-2023-29337[0]: Does https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29337 affect nuget as packaged in Debian? If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-29337 https://www.cve.org/CVERecord?id=CVE-2023-29337 Please adjust the affected versions in the BTS as needed.
Bug#1041430: ruby-sanitize: CVE-2023-36823
Source: ruby-sanitize X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for ruby-sanitize. CVE-2023-36823[0]: | Sanitize is an allowlist-based HTML and CSS sanitizer. Using | carefully crafted input, an attacker may be able to sneak arbitrary | HTML and CSS through Sanitize starting with version 3.0.0 and prior | to version 6.0.2 when Sanitize is configured to use the built-in | "relaxed" config or when using a custom config that allows `style` | elements and one or more CSS at-rules. This could result in cross- | site scripting or other undesired behavior when the malicious HTML | and CSS are rendered in a browser. Sanitize 6.0.2 performs | additional escaping of CSS in `style` element content, which fixes | this issue. Users who are unable to upgrade can prevent this issue | by using a Sanitize config that doesn't allow `style` elements, | using a Sanitize config that doesn't allow CSS at-rules, or by | manually escaping the character sequence `https://github.com/rgrove/sanitize/commit/76ed46e6dc70820f38efe27de8dabd54dddb5220 (v6.0.2) https://github.com/rgrove/sanitize/security/advisories/GHSA-f5ww-cq3m-q3g7 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-36823 https://www.cve.org/CVERecord?id=CVE-2023-36823 Please adjust the affected versions in the BTS as needed.
Bug#1041429: restrictedpython: CVE-2023-37271
Source: restrictedpython X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for restrictedpython. CVE-2023-37271[0]: | RestrictedPython is a tool that helps to define a subset of the | Python language which allows users to provide a program input into a | trusted environment. RestrictedPython does not check access to stack | frames and their attributes. Stack frames are accessible within at | least generators and generator expressions, which are allowed inside | RestrictedPython. Prior to versions 6.1 and 5.3, an attacker with | access to a RestrictedPython environment can write code that gets | the current stack frame in a generator and then walk the stack all | the way beyond the RestrictedPython invocation boundary, thus | breaking out of the restricted sandbox and potentially allowing | arbitrary code execution in the Python interpreter. All | RestrictedPython deployments that allow untrusted users to write | Python code in the RestrictedPython environment are at risk. In | terms of Zope and Plone, this would mean deployments where the | administrator allows untrusted users to create and/or edit objects | of type `Script (Python)`, `DTML Method`, `DTML Document` or `Zope | Page Template`. This is a non-default configuration and likely to be | extremely rare. The problem has been fixed in versions 6.1 and 5.3. https://github.com/zopefoundation/RestrictedPython/security/advisories/GHSA-wqc8-x2pr-7jqh https://github.com/zopefoundation/RestrictedPython/commit/c8eca66ae49081f0016d2e1f094c3d72095ef531 (master) https://github.com/zopefoundation/RestrictedPython/commit/d8c5aa72c5d0ec8eceab635d93d6bc8321116002 (5.3) If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-37271 https://www.cve.org/CVERecord?id=CVE-2023-37271 Please adjust the affected versions in the BTS as needed.
Bug#1041427: bitcoin: CVE-2023-37192
Source: bitcoin X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for bitcoin. CVE-2023-37192[0]: | Memory management and protection issues in Bitcoin Core v22 allows | attackers to modify the stored sending address within the app's | memory, potentially allowing them to redirect Bitcoin transactions | to wallets of their own choosing. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-37192 https://www.cve.org/CVERecord?id=CVE-2023-37192 Please adjust the affected versions in the BTS as needed.
Bug#1041423: cjose: CVE-2023-37464
Source: cjose X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for cjose. CVE-2023-37464[0]: | OpenIDC/cjose is a C library implementing the Javascript Object | Signing and Encryption (JOSE). The AES GCM decryption routine | incorrectly uses the Tag length from the actual Authentication Tag | provided in the JWE. The spec says that a fixed length of 16 octets | must be applied. Therefore this bug allows an attacker to provide a | truncated Authentication Tag and to modify the JWE accordingly. | Users should upgrade to a version >= 0.6.2.2. Users unable to | upgrade should avoid using AES GCM encryption and replace it with | another encryption algorithm (e.g. AES CBC). https://github.com/OpenIDC/cjose/security/advisories/GHSA-3rhg-3gf2-6xgj https://github.com/OpenIDC/cjose/commit/7325e9a5e71e2fc0e350487ecac7d84acdf0ed5e (v0.6.2.2) If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-37464 https://www.cve.org/CVERecord?id=CVE-2023-37464 Please adjust the affected versions in the BTS as needed.
Bug#1041110: sox: CVE-2023-34432
Source: sox X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for sox. CVE-2023-34432[0]: | A heap buffer overflow vulnerability was found in sox, in the | lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can | lead to a denial of service, code execution, or information | disclosure. https://bugzilla.redhat.com/show_bug.cgi?id=2212291 https://sourceforge.net/p/sox/bugs/367/ If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-34432 https://www.cve.org/CVERecord?id=CVE-2023-34432 Please adjust the affected versions in the BTS as needed.
Bug#1034732: fixed in gpac 2.2.1+dfsg1-1
Am Tue, Jun 20, 2023 at 06:06:26PM + schrieb Debian FTP Masters: > Source: gpac > Source-Version: 2.2.1+dfsg1-1 > Done: Reinhard Tartler > Changes: > gpac (2.2.1+dfsg1-1) experimental; urgency=medium > . >* New upstream version, > closes: #1033116, #1034732, #1034187, #1036701, #1034890 A single upload a week after the release doesn't change the fact that gpac isn't supportable unless you massively step up in maintenance (which would also involve taking care of bullseye-security), so #1034732 should not be closed with the upload to unstable. If GPAC magically becomes more stable over the next 1.5 years, we can reconsider. Cheers, Moritz
Bug#1025011: fixed in netatalk 3.1.15~ds-1
reopen 1025011 thanks Am Tue, May 02, 2023 at 07:03:55PM + schrieb Debian FTP Masters: >[ Jonas Smedegaard ] >* adopt package, thanks to renewed interest in the Netatalk team; > add Daniel Markstedt as uploader; > closes: bug#1013308; > closes: bug#1025011, thanks to Moritz Mühlenhoff It's nice that there's renewed interest, but this involves also taking care of netatalk in stable, there's a range of issues (full list at https://security-tracker.debian.org/tracker/source-package/netatalk) which need to be backported to bullseye-security. I'm reopening the bug, it can be closed with the respective upload to bullseye-security. Cheers, Moritz
Bug#1036697: asterisk: CVE-2023-27585
Source: asterisk X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for asterisk. CVE-2023-27585[0]: | PJSIP is a free and open source multimedia communication library | written in C. A buffer overflow vulnerability in versions 2.13 and | prior affects applications that use PJSIP DNS resolver. It doesn't | affect PJSIP users who do not utilise PJSIP DNS resolver. This | vulnerability is related to CVE-2022-24793. The difference is that | this issue is in parsing the query record `parse_query()`, while the | issue in CVE-2022-24793 is in `parse_rr()`. A patch is available as | commit `d1c5e4d` in the `master` branch. A workaround is to disable | DNS resolution in PJSIP config (by setting `nameserver_count` to zero) | or use an external resolver implementation instead. https://github.com/pjsip/pjproject/security/advisories/GHSA-q9cp-8wcq-7pfr https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4 https://github.com/pjsip/pjproject/commit/d1c5e4da5bae7f220bc30719888bb389c905c0c5 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-27585 https://www.cve.org/CVERecord?id=CVE-2023-27585 Please adjust the affected versions in the BTS as needed.
Bug#1036281: libraw: CVE-2023-1729
Source: libraw X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for libraw. CVE-2023-1729[0]: | A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() | caused by a maliciously crafted file may lead to an application crash. https://bugzilla.redhat.com/show_bug.cgi?id=2188240 https://github.com/LibRaw/LibRaw/issues/557 Fixed by: https://github.com/LibRaw/LibRaw/commit/9ab70f6dca19229cb5caad7cc31af4e7501bac93 (master) Fixed by: https://github.com/LibRaw/LibRaw/commit/477e0719ffc07190c89b4f3d12d51b1292e75828 (0.21-stable) If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-1729 https://www.cve.org/CVERecord?id=CVE-2023-1729 Please adjust the affected versions in the BTS as needed.
Bug#1036280: openjdk-11: CVE-2023-21930 CVE-2023-21937 CVE-2023-21938 CVE-2023-21939 CVE-2023-21954 CVE-2023-21967 CVE-2023-21968
Source: openjdk-11 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for openjdk-11. CVE-2023-21930[0]: | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition | product of Oracle Java SE (component: JSSE). Supported versions that | are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, | 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. | Difficult to exploit vulnerability allows unauthenticated attacker | with network access via TLS to compromise Oracle Java SE, Oracle | GraalVM Enterprise Edition. Successful attacks of this vulnerability | can result in unauthorized creation, deletion or modification access | to critical data or all Oracle Java SE, Oracle GraalVM Enterprise | Edition accessible data as well as unauthorized access to critical | data or complete access to all Oracle Java SE, Oracle GraalVM | Enterprise Edition accessible data. Note: This vulnerability applies | to Java deployments, typically in clients running sandboxed Java Web | Start applications or sandboxed Java applets, that load and run | untrusted code (e.g., code that comes from the internet) and rely on | the Java sandbox for security. This vulnerability can also be | exploited by using APIs in the specified Component, e.g., through a | web service which supplies data to the APIs. CVSS 3.1 Base Score 7.4 | (Confidentiality and Integrity impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N). CVE-2023-21937[1]: | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition | product of Oracle Java SE (component: Networking). Supported versions | that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, | 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and | 22.3.1. Difficult to exploit vulnerability allows unauthenticated | attacker with network access via multiple protocols to compromise | Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks | of this vulnerability can result in unauthorized update, insert or | delete access to some of Oracle Java SE, Oracle GraalVM Enterprise | Edition accessible data. Note: This vulnerability applies to Java | deployments, typically in clients running sandboxed Java Web Start | applications or sandboxed Java applets, that load and run untrusted | code (e.g., code that comes from the internet) and rely on the Java | sandbox for security. This vulnerability can also be exploited by | using APIs in the specified Component, e.g., through a web service | which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity | impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). CVE-2023-21938[2]: | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition | product of Oracle Java SE (component: Libraries). Supported versions | that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, | 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and | 22.3.0. Difficult to exploit vulnerability allows unauthenticated | attacker with network access via multiple protocols to compromise | Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks | of this vulnerability can result in unauthorized update, insert or | delete access to some of Oracle Java SE, Oracle GraalVM Enterprise | Edition accessible data. Note: This vulnerability applies to Java | deployments, typically in clients running sandboxed Java Web Start | applications or sandboxed Java applets, that load and run untrusted | code (e.g., code that comes from the internet) and rely on the Java | sandbox for security. This vulnerability does not apply to Java | deployments, typically in servers, that load and run only trusted code | (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 | (Integrity impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). CVE-2023-21939[3]: | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition | product of Oracle Java SE (component: Swing). Supported versions that | are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, | 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. | Easily exploitable vulnerability allows unauthenticated attacker with | network access via HTTP to compromise Oracle Java SE, Oracle GraalVM | Enterprise Edition. Successful attacks of this vulnerability can | result in unauthorized update, insert or delete access to some of | Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. | Note: This vulnerability applies to Java deployments, typically in | clients running sandboxed Java Web Start applications or sandboxed | Java applets, that load and run untrusted code (e.g., code that comes | from the internet) and rely on the Java sandbox for security. This | vulnerability can also be exploited by using APIs in the specified | Component, e.g., through a web service which
Bug#1035957: openjdk-17: CVE-2023-21930 CVE-2023-21937 CVE-2023-21938 CVE-2023-21939 CVE-2023-21954 CVE-2023-21967 CVE-2023-21968
Source: openjdk-17 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for openjdk-17. CVE-2023-21930[0]: | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition | product of Oracle Java SE (component: JSSE). Supported versions that | are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, | 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. | Difficult to exploit vulnerability allows unauthenticated attacker | with network access via TLS to compromise Oracle Java SE, Oracle | GraalVM Enterprise Edition. Successful attacks of this vulnerability | can result in unauthorized creation, deletion or modification access | to critical data or all Oracle Java SE, Oracle GraalVM Enterprise | Edition accessible data as well as unauthorized access to critical | data or complete access to all Oracle Java SE, Oracle GraalVM | Enterprise Edition accessible data. Note: This vulnerability applies | to Java deployments, typically in clients running sandboxed Java Web | Start applications or sandboxed Java applets, that load and run | untrusted code (e.g., code that comes from the internet) and rely on | the Java sandbox for security. This vulnerability can also be | exploited by using APIs in the specified Component, e.g., through a | web service which supplies data to the APIs. CVSS 3.1 Base Score 7.4 | (Confidentiality and Integrity impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N). CVE-2023-21937[1]: | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition | product of Oracle Java SE (component: Networking). Supported versions | that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, | 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and | 22.3.1. Difficult to exploit vulnerability allows unauthenticated | attacker with network access via multiple protocols to compromise | Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks | of this vulnerability can result in unauthorized update, insert or | delete access to some of Oracle Java SE, Oracle GraalVM Enterprise | Edition accessible data. Note: This vulnerability applies to Java | deployments, typically in clients running sandboxed Java Web Start | applications or sandboxed Java applets, that load and run untrusted | code (e.g., code that comes from the internet) and rely on the Java | sandbox for security. This vulnerability can also be exploited by | using APIs in the specified Component, e.g., through a web service | which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity | impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). CVE-2023-21938[2]: | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition | product of Oracle Java SE (component: Libraries). Supported versions | that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, | 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and | 22.3.0. Difficult to exploit vulnerability allows unauthenticated | attacker with network access via multiple protocols to compromise | Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks | of this vulnerability can result in unauthorized update, insert or | delete access to some of Oracle Java SE, Oracle GraalVM Enterprise | Edition accessible data. Note: This vulnerability applies to Java | deployments, typically in clients running sandboxed Java Web Start | applications or sandboxed Java applets, that load and run untrusted | code (e.g., code that comes from the internet) and rely on the Java | sandbox for security. This vulnerability does not apply to Java | deployments, typically in servers, that load and run only trusted code | (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 | (Integrity impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). CVE-2023-21939[3]: | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition | product of Oracle Java SE (component: Swing). Supported versions that | are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, | 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. | Easily exploitable vulnerability allows unauthenticated attacker with | network access via HTTP to compromise Oracle Java SE, Oracle GraalVM | Enterprise Edition. Successful attacks of this vulnerability can | result in unauthorized update, insert or delete access to some of | Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. | Note: This vulnerability applies to Java deployments, typically in | clients running sandboxed Java Web Start applications or sandboxed | Java applets, that load and run untrusted code (e.g., code that comes | from the internet) and rely on the Java sandbox for security. This | vulnerability can also be exploited by using APIs in the specified | Component, e.g., through a web service which
Bug#1035829: frr: CVE-2022-43681 CVE-2022-40318 CVE-2022-40302
Source: frr X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for frr. CVE-2022-43681[0]: | An out-of-bounds read exists in the BGP daemon of FRRouting FRR | through 8.4. When sending a malformed BGP OPEN message that ends with | the option length octet (or the option length word, in case of an | extended OPEN message), the FRR code reads of out of the bounds of the | packet, throwing a SIGABRT signal and exiting. This results in a bgpd | daemon restart, causing a Denial-of-Service condition. CVE-2022-40318[1]: | An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By | crafting a BGP OPEN message with an option of type 0xff (Extended | Length from RFC 9072), attackers may cause a denial of service | (assertion failure and daemon restart, or out-of-bounds read). This is | possible because of inconsistent boundary checks that do not account | for reading 3 bytes (instead of 2) in this 0xff case. NOTE: this | behavior occurs in bgp_open_option_parse in the bgp_open.c file, a | different location (with a different attack vector) relative to | CVE-2022-40302. CVE-2022-40302[2]: | An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By | crafting a BGP OPEN message with an option of type 0xff (Extended | Length from RFC 9072), attackers may cause a denial of service | (assertion failure and daemon restart, or out-of-bounds read). This is | possible because of inconsistent boundary checks that do not account | for reading 3 bytes (instead of 2) in this 0xff case. Upstream's reaction on requests for information on these issues is far from optimal.. https://github.com/FRRouting/frr/issues/13427 https://github.com/FRRouting/frr/issues/13480 Cheers, Moritz If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-43681 https://www.cve.org/CVERecord?id=CVE-2022-43681 [1] https://security-tracker.debian.org/tracker/CVE-2022-40318 https://www.cve.org/CVERecord?id=CVE-2022-40318 [2] https://security-tracker.debian.org/tracker/CVE-2022-40302 https://www.cve.org/CVERecord?id=CVE-2022-40302 Please adjust the affected versions in the BTS as needed.
Bug#1034848: slic3r: CVE-2022-36788
Source: slic3r X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for slic3r. CVE-2022-36788[0]: | A heap-based buffer overflow vulnerability exists in the TriangleMesh | clone functionality of Slic3r libslic3r 1.3.0 and Master Commit | b1a5500. A specially-crafted STL file can lead to a heap buffer | overflow. An attacker can provide a malicious file to trigger this | vulnerability. https://talosintelligence.com/vulnerability_reports/TALOS-2022-1593 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-36788 https://www.cve.org/CVERecord?id=CVE-2022-36788 Please adjust the affected versions in the BTS as needed.
Bug#1034841: consul: CVE-2021-41803
Source: consul X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for consul. CVE-2021-41803[0]: | HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not | properly validate the node or segment names prior to interpolation and | usage in JWT claim assertions with the auto config RPC. Fixed in | 1.11.9, 1.12.5, and 1.13.2." https://discuss.hashicorp.com/t/hcsec-2022-19-consul-auto-config-jwt-authorization-missing-input-validation/44627 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-41803 https://www.cve.org/CVERecord?id=CVE-2021-41803 Please adjust the affected versions in the BTS as needed.
Bug#1034806: dogecoin: CVE-2021-37491 CVE-2023-30769
Source: dogecoin X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for dogecoin. CVE-2021-37491[0]: | An issue discovered in src/wallet/wallet.cpp in Dogecoin Project | Dogecoin Core 1.14.3 and earlier allows attackers to view sensitive | information via CWallet::CreateTransaction() function. https://github.com/dogecoin/dogecoin/issues/2279 CVE-2023-30769[1]: | Vulnerability discovered is related to the peer-to-peer (p2p) | communications, attackers can craft consensus messages, send it to | individual nodes and take them offline. An attacker can crawl the | network peers using getaddr message and attack the unpatched nodes. https://www.halborn.com/blog/post/halborn-discovers-zero-day-impacting-dogecoin-and-280-networks If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-37491 https://www.cve.org/CVERecord?id=CVE-2021-37491 [1] https://security-tracker.debian.org/tracker/CVE-2023-30769 https://www.cve.org/CVERecord?id=CVE-2023-30769 Please adjust the affected versions in the BTS as needed.
Bug#1034719: mysql-8.0: CVE-2023-21982 CVE-2023-21980 CVE-2023-21977 CVE-2023-21976 CVE-2023-21972 CVE-2023-21966 CVE-2023-21962 CVE-2023-21955 CVE-2023-21953 CVE-2023-21947 CVE-2023-21946 CVE-2023-21
Source: mysql-8.0 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for mysql-8.0. CVE-2023-21982[0]: | Vulnerability in the MySQL Server product of Oracle MySQL (component: | Server: Optimizer). Supported versions that are affected are 8.0.32 | and prior. Easily exploitable vulnerability allows high privileged | attacker with network access via multiple protocols to compromise | MySQL Server. Successful attacks of this vulnerability can result in | unauthorized ability to cause a hang or frequently repeatable crash | (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability | impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-21980[1]: | Vulnerability in the MySQL Server product of Oracle MySQL (component: | Client programs). Supported versions that are affected are 5.7.41 and | prior and 8.0.32 and prior. Difficult to exploit vulnerability allows | low privileged attacker with network access via multiple protocols to | compromise MySQL Server. Successful attacks require human interaction | from a person other than the attacker. Successful attacks of this | vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base | Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS | Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H). CVE-2023-21977[2]: | Vulnerability in the MySQL Server product of Oracle MySQL (component: | Server: Optimizer). Supported versions that are affected are 8.0.32 | and prior. Easily exploitable vulnerability allows high privileged | attacker with network access via multiple protocols to compromise | MySQL Server. Successful attacks of this vulnerability can result in | unauthorized ability to cause a hang or frequently repeatable crash | (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability | impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-21976[3]: | Vulnerability in the MySQL Server product of Oracle MySQL (component: | Server: Optimizer). Supported versions that are affected are 8.0.32 | and prior. Easily exploitable vulnerability allows high privileged | attacker with network access via multiple protocols to compromise | MySQL Server. Successful attacks of this vulnerability can result in | unauthorized ability to cause a hang or frequently repeatable crash | (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability | impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-21972[4]: | Vulnerability in the MySQL Server product of Oracle MySQL (component: | Server: DML). Supported versions that are affected are 8.0.32 and | prior. Easily exploitable vulnerability allows high privileged | attacker with network access via multiple protocols to compromise | MySQL Server. Successful attacks of this vulnerability can result in | unauthorized ability to cause a hang or frequently repeatable crash | (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability | impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-21966[5]: | Vulnerability in the MySQL Server product of Oracle MySQL (component: | Server: JSON). Supported versions that are affected are 8.0.32 and | prior. Easily exploitable vulnerability allows high privileged | attacker with network access via multiple protocols to compromise | MySQL Server. Successful attacks of this vulnerability can result in | unauthorized ability to cause a hang or frequently repeatable crash | (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability | impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-21962[6]: | Vulnerability in the MySQL Server product of Oracle MySQL (component: | Server: Components Services). Supported versions that are affected are | 8.0.32 and prior. Easily exploitable vulnerability allows high | privileged attacker with network access via multiple protocols to | compromise MySQL Server. Successful attacks of this vulnerability can | result in unauthorized ability to cause a hang or frequently | repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score | 4.9 (Availability impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-21955[7]: | Vulnerability in the MySQL Server product of Oracle MySQL (component: | Server: Partition). Supported versions that are affected are 8.0.32 | and prior. Easily exploitable vulnerability allows high privileged | attacker with network access via multiple protocols to compromise | MySQL Server. Successful attacks of this vulnerability can result in | unauthorized ability to cause a hang or frequently repeatable crash | (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability | impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-21953[8]: | Vulnerability in the MySQL Server product of Oracle MySQL (component:
Bug#1034182: owslib: CVE-2023-27476
Source: owslib X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for owslib. CVE-2023-27476[0]: | OWSLib is a Python package for client programming with Open Geospatial | Consortium (OGC) web service interface standards, and their related | content models. OWSLib's XML parser (which supports both `lxml` and | `xml.etree`) does not disable entity resolution, and could lead to | arbitrary file reads from an attacker-controlled XML payload. This | affects all XML parsing in the codebase. This issue has been addressed | in version 0.28.1. All users are advised to upgrade. The only known | workaround is to patch the library manually. See `GHSA-8h9c-r582-mggc` | for details. https://github.com/geopython/OWSLib/commit/d91267303a695d69e73fa71efa100a035852a063 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-27476 https://www.cve.org/CVERecord?id=CVE-2023-27476 Please adjust the affected versions in the BTS as needed.
Bug#1034177: bzip2: CVE-2023-29415 CVE-2023-29416 CVE-2023-29418 CVE-2023-29419 CVE-2023-29420 CVE-2023-29421
Source: bzip2 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for bzip2. CVE-2023-29415[0]: | An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A denial | of service (process hang) can occur with a crafted archive because | bzip3 does not follow the required procedure for interacting with | libsais. https://github.com/kspalaiologos/bzip3/issues/95 https://github.com/kspalaiologos/bzip3/commit/56c24ca1f8f25e648d42154369b6962600f76465 CVE-2023-29416[1]: | An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A | bz3_decode_block out-of-bounds write can occur with a crafted archive | because bzip3 does not follow the required procedure for interacting | with libsais. https://github.com/kspalaiologos/bzip3/commit/bfa5bf82b53715dfedf048e5859a46cf248668ff (1.3.0) https://github.com/kspalaiologos/bzip3/issues/92 CVE-2023-29418[2]: | An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is | an xwrite out-of-bounds read. https://github.com/kspalaiologos/bzip3/commit/aae16d107f804f69000c09cd92027a140968cc9d (1.2.3) https://github.com/kspalaiologos/bzip3/issues/92 CVE-2023-29419[3]: | An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is | a bz3_decode_block out-of-bounds read. https://github.com/kspalaiologos/bzip3/commit/8ec8ce7d3d58bf42dabc47e4cc53aa27051bd602 (1.2.3) https://github.com/kspalaiologos/bzip3/issues/92 CVE-2023-29420[4]: | An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is | a crash caused by an invalid memmove in bz3_decode_block. https://github.com/kspalaiologos/bzip3/commit/bb06deb85f1c249838eb938e0dab271d4194f8fa (1.2.3) https://github.com/kspalaiologos/bzip3/issues/92 CVE-2023-29421[5]: | An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is | an out-of-bounds write in bz3_decode_block. https://github.com/kspalaiologos/bzip3/issues/94 https://github.com/kspalaiologos/bzip3/commit/33b1951f153c3c5dc8ed736b9110437e1a619b7d (1.2.3) If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-29415 https://www.cve.org/CVERecord?id=CVE-2023-29415 [1] https://security-tracker.debian.org/tracker/CVE-2023-29416 https://www.cve.org/CVERecord?id=CVE-2023-29416 [2] https://security-tracker.debian.org/tracker/CVE-2023-29418 https://www.cve.org/CVERecord?id=CVE-2023-29418 [3] https://security-tracker.debian.org/tracker/CVE-2023-29419 https://www.cve.org/CVERecord?id=CVE-2023-29419 [4] https://security-tracker.debian.org/tracker/CVE-2023-29420 https://www.cve.org/CVERecord?id=CVE-2023-29420 [5] https://security-tracker.debian.org/tracker/CVE-2023-29421 https://www.cve.org/CVERecord?id=CVE-2023-29421 Please adjust the affected versions in the BTS as needed.
Bug#1034170: netatalk: CVE-2022-43634
Source: netatalk X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for netatalk. CVE-2022-43634[0]: | This vulnerability allows remote attackers to execute arbitrary code | on affected installations of Netatalk. Authentication is not required | to exploit this vulnerability. The specific flaw exists within the | dsi_writeinit function. The issue results from the lack of proper | validation of the length of user-supplied data prior to copying it to | a fixed-length heap-based buffer. An attacker can leverage this | vulnerability to execute code in the context of root. Was ZDI- | CAN-17646. https://github.com/Netatalk/Netatalk/pull/186 https://github.com/advisories/GHSA-fwj9-7qq8-jc93 https://www.zerodayinitiative.com/advisories/ZDI-23-094/ https://github.com/Netatalk/netatalk/commit/5fcb4ab02aced14484310165b3d754bb2f0820ca If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-43634 https://www.cve.org/CVERecord?id=CVE-2022-43634 Please adjust the affected versions in the BTS as needed.
Bug#1033258: upx-ucl: CVE-2023-23456
Source: upx-ucl X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for upx-ucl. CVE-2023-23456[0]: | A heap-based buffer overflow issue was discovered in UPX in | PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to | cause a denial of service (abort) via a crafted file. https://github.com/upx/upx/commit/510505a85cbe45e51fbd470f1aa8b02157c429d4 https://github.com/upx/upx/issues/632 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-23456 https://www.cve.org/CVERecord?id=CVE-2023-23456 Please adjust the affected versions in the BTS as needed.
Bug#1033116: gpac: CVE-2022-3222 CVE-2023-0866 CVE-2022-4202 CVE-2022-43039 CVE-2023-23143 CVE-2023-23144 CVE-2023-23145 CVE-2022-43040 CVE-2022-43042 CVE-2022-43043 CVE-2022-43044 CVE-2022-43045 CVE-
Source: gpac X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for gpac. CVE-2022-3222[0]: | Uncontrolled Recursion in GitHub repository gpac/gpac prior to | 2.1.0-DEV. https://huntr.dev/bounties/b29c69fa-3eac-41e4-9d4f-d861aba18235/ https://github.com/gpac/gpac/commit/4e7736d7ec7bf64026daa611da951993bb42fdaf CVE-2023-0866[2]: | Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to | 2.3.0-DEV. https://huntr.dev/bounties/7d3c5792-d20b-4cb6-9c6d-bb14f3430d7f https://github.com/gpac/gpac/commit/b964fe4226f1424cf676d5822ef898b6b01f5937 CVE-2022-4202[3]: | A vulnerability, which was classified as problematic, was found in | GPAC 2.1-DEV-rev490-g68064e101-master. Affected is the function | lsr_translate_coords of the file laser/lsr_dec.c. The manipulation | leads to integer overflow. It is possible to launch the attack | remotely. The exploit has been disclosed to the public and may be | used. The name of the patch is | b3d821c4ae9ba62b3a194d9dcb5e99f17bd56908. It is recommended to apply a | patch to fix this issue. VDB-214518 is the identifier assigned to this | vulnerability. https://github.com/gpac/gpac/issues/2333 https://github.com/gpac/gpac/commit/b3d821c4ae9ba62b3a194d9dcb5e99f17bd56908 CVE-2022-43039[4]: | GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a | segmentation violation via the function gf_isom_meta_restore_items_ref | at /isomedia/meta.c. https://github.com/gpac/gpac/issues/2281 https://github.com/gpac/gpac/commit/62dbd5caad6b89b33535dfa19ef65419f0378303 CVE-2023-23143[5]: | Buffer overflow vulnerability in function avc_parse_slice in file | media_tools/av_parsers.c. GPAC version 2.3-DEV-rev1-g4669ba229-master. https://github.com/gpac/gpac/commit/af6a5e7a96ee01a139cce6c9e4edfc069aad17a6 CVE-2023-23144[6]: | Integer overflow vulnerability in function Q_DecCoordOnUnitSphere file | bifs/unquantize.c in GPAC version 2.2-rev0-gab012bbfb-master. https://github.com/gpac/gpac/commit/3a2458a49b3e6399709d456d7b35e7a6f50cfb86 CVE-2023-23145[7]: | GPAC version 2.2-rev0-gab012bbfb-master was discovered to contain a | memory leak in lsr_read_rare_full function. https://github.com/gpac/gpac/commit/4ade98128cbc41d5115b97a41ca2e59529c8dd5f CVE-2022-43040[8]: | GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap | buffer overflow via the function gf_isom_box_dump_start_ex at | /isomedia/box_funcs.c. https://github.com/gpac/gpac/issues/2280 https://github.com/gpac/gpac/commit/f17dae31ebf6ea7af8c512165d9b954c2a6ea46e CVE-2022-43042[9]: | GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap | buffer overflow via the function FixSDTPInTRAF at | isomedia/isom_intern.c. https://github.com/gpac/gpac/issues/2278 https://github.com/gpac/gpac/commit/3661da280b3eba75490e75ff20ad440c66e24de9 CVE-2022-43043[10]: | GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a | segmentation violation via the function BD_CheckSFTimeOffset at | /bifs/field_decode.c. https://github.com/gpac/gpac/issues/2276 https://github.com/gpac/gpac/commit/6bff06cdb8e9b4e8ed2e789ee9340877759536fd CVE-2022-43044[11]: | GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a | segmentation violation via the function gf_isom_get_meta_item_info at | /isomedia/meta.c. https://github.com/gpac/gpac/issues/2282 https://github.com/gpac/gpac/commit/8a0e8e4ab13348cb1ab8e93b950a03d93f158a35 CVE-2022-43045[12]: | GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a | segmentation violation via the function gf_dump_vrml_sffield at | /scene_manager/scene_dump.c. https://github.com/gpac/gpac/issues/2277 https://github.com/gpac/gpac/commit/c5249ee4b62dfc604fecb4dce2fc480b3e388bbb CVE-2022-45202[13]: | GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a | stack overflow via the function dimC_box_read at | isomedia/box_code_3gpp.c. https://github.com/gpac/gpac/issues/2296 https://github.com/gpac/gpac/issues/2296#issuecomment-1303112783 Fixed by: https://github.com/gpac/gpac/commit/74e53280dad7b29f85386c6a1286fb92643465da CVE-2022-45283[14]: | GPAC MP4box v2.0.0 was discovered to contain a stack overflow in the | smil_parse_time_list parameter at /scenegraph/svg_attributes.c. https://github.com/gpac/gpac/issues/2295 https://github.com/gpac/gpac/commit/0fc714872ba4536a1190f93aa278b6e08f8c60df CVE-2022-45343[15]: | GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to contain a | heap use-after-free via the Q_IsTypeOn function at | /gpac/src/bifs/unquantize.c. https://github.com/gpac/gpac/issues/2315 https://github.com/gpac/gpac/commit/1016912db5408b6f38e8eb715279493ae380d1c4 CVE-2022-46489[16]: | GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to | contain a memory leak via the gf_isom_box_parse_ex function at | box_funcs.c. https://github.com/gpac/gpac/issues/2328
Bug#1032101: libheif: CVE-2023-0996
Source: libheif X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for libheif. CVE-2023-0996[0]: | There is a vulnerability in the strided image data parsing code in the | emscripten wrapper for libheif. An attacker could exploit this through | a crafted image file to cause a buffer overflow in linear memory | during a memcpy call. https://github.com/strukturag/libheif/pull/759 https://govtech-csg.github.io/security-advisories/2023/02/24/CVE-2023-0996.html If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-0996 https://www.cve.org/CVERecord?id=CVE-2023-0996 Please adjust the affected versions in the BTS as needed.
Bug#1032092: asterisk: CVE-2022-23537 CVE-2022-23547 CVE-2022-39269
Source: asterisk X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for asterisk. CVE-2022-23537[0]: | PJSIP is a free and open source multimedia communication library | written in C language implementing standard based protocols such as | SIP, SDP, RTP, STUN, TURN, and ICE. Buffer overread is possible when | parsing a specially crafted STUN message with unknown attribute. The | vulnerability affects applications that uses STUN including PJNATH and | PJSUA-LIB. The patch is available as a commit in the master branch | (2.13.1). https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w https://github.com/pjsip/pjproject/commit/d8440f4d711a654b511f50f79c0445b26f9dd1e1 CVE-2022-23547[1]: | PJSIP is a free and open source multimedia communication library | written in C language implementing standard based protocols such as | SIP, SDP, RTP, STUN, TURN, and ICE. This issue is similar to | GHSA-9pfh-r8x4-w26w. Possible buffer overread when parsing a certain | STUN message. The vulnerability affects applications that uses STUN | including PJNATH and PJSUA-LIB. The patch is available as commit in | the master branch. https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w https://github.com/pjsip/pjproject/commit/d8440f4d711a654b511f50f79c0445b26f9dd1e1 https://github.com/pjsip/pjproject/security/advisories/GHSA-cxwq-5g9x-x7fr https://github.com/pjsip/pjproject/commit/bc4812d31a67d5e2f973fbfaf950d6118226cf36 CVE-2022-39269[2]: | PJSIP is a free and open source multimedia communication library | written in C. When processing certain packets, PJSIP may incorrectly | switch from using SRTP media transport to using basic RTP upon SRTP | restart, causing the media to be sent insecurely. The vulnerability | impacts all PJSIP users that use SRTP. The patch is available as | commit d2acb9a in the master branch of the project and will be | included in version 2.13. Users are advised to manually patch or to | upgrade. There are no known workarounds for this vulnerability. https://github.com/pjsip/pjproject/security/advisories/GHSA-wx5m-cj97-4wwg https://github.com/pjsip/pjproject/commit/d2acb9af4e27b5ba75d658690406cec9c274c5cc If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-23537 https://www.cve.org/CVERecord?id=CVE-2022-23537 [1] https://security-tracker.debian.org/tracker/CVE-2022-23547 https://www.cve.org/CVERecord?id=CVE-2022-23547 [2] https://security-tracker.debian.org/tracker/CVE-2022-39269 https://www.cve.org/CVERecord?id=CVE-2022-39269 Please adjust the affected versions in the BTS as needed.
Bug#1032091: py7zr: CVE-2022-40152
Source: py7zr X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for py7zr. CVE-2022-40152[0]: | Those using Woodstox to parse XML data may be vulnerable to Denial of | Service attacks (DOS) if DTD support is enabled. If the parser is | running on user supplied input, an attacker may supply content that | causes the parser to crash by stackoverflow. This effect may support a | denial of service attack. https://github.com/miurahr/py7zr/commit/1bb43f17515c7f69673a1c88ab9cc72a7bbef406 (v0.20.1) https://lessonsec.com/cve/cve-2022-44900/ If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-40152 https://www.cve.org/CVERecord?id=CVE-2022-40152 Please adjust the affected versions in the BTS as needed.
Bug#1031874: upx-ucl: CVE-2023-23457
Source: upx-ucl X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for upx-ucl. CVE-2023-23457[0]: | A Segmentation fault was found in UPX in | PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with | a crafted input file allows invalid memory address access that could | lead to a denial of service. https://github.com/upx/upx/issues/631 https://github.com/upx/upx/commit/779b648c5f6aa9b33f4728f79dd4d0efec0bf860 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-23457 https://www.cve.org/CVERecord?id=CVE-2023-23457 Please adjust the affected versions in the BTS as needed.
Bug#1031730: emacs: CVE-2022-48339 CVE-2022-48338 CVE-2022-48337
Source: emacs X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for emacs. CVE-2022-48339[0]: | An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has | a command injection vulnerability. In the hfy-istext-command function, | the parameter file and parameter srcdir come from external input, and | parameters are not escaped. If a file name or directory name contains | shell metacharacters, code may be executed. https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=1b4dc4691c1f87fc970fbe568b43869a15ad0d4c CVE-2022-48338[1]: | An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, | the ruby-find-library-file function has a local command injection | vulnerability. The ruby-find-library-file function is an interactive | function, and bound to C-c C-f. Inside the function, the external | command gem is called through shell-command-to-string, but the | feature-name parameters are not escaped. Thus, malicious Ruby source | files may cause commands to be executed. https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=9a3b08061feea14d6f37685ca1ab8801758bfd1c CVE-2022-48337[2]: | GNU Emacs through 28.2 allows attackers to execute commands via shell | metacharacters in the name of a source-code file, because lib- | src/etags.c uses the system C library function in its implementation | of the etags program. For example, a victim may use the "etags -u *" | command (suggested in the etags documentation) in a situation where | the current working directory has contents that depend on untrusted | input. https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=01a4035c869b91c153af9a9132c87adb7669ea1c If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-48339 https://www.cve.org/CVERecord?id=CVE-2022-48339 [1] https://security-tracker.debian.org/tracker/CVE-2022-48338 https://www.cve.org/CVERecord?id=CVE-2022-48338 [2] https://security-tracker.debian.org/tracker/CVE-2022-48337 https://www.cve.org/CVERecord?id=CVE-2022-48337 Please adjust the affected versions in the BTS as needed.
Bug#1031726: hdf5: CVE-2022-26061 CVE-2022-25972 CVE-2022-25942
Source: hdf5 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for hdf5. The reports mentioned a vendor disclosure, but not sure when/how. CVE-2022-26061[0]: | A heap-based buffer overflow vulnerability exists in the gif2h5 | functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF | file can lead to code execution. An attacker can provide a malicious | file to trigger this vulnerability. https://talosintelligence.com/vulnerability_reports/TALOS-2022-1487 CVE-2022-25972[1]: | An out-of-bounds write vulnerability exists in the gif2h5 | functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF | file can lead to code execution. An attacker can provide a malicious | file to trigger this vulnerability. https://talosintelligence.com/vulnerability_reports/TALOS-2022-1485 CVE-2022-25942[2]: | An out-of-bounds read vulnerability exists in the gif2h5 functionality | of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to | code execution. An attacker can provide a malicious file to trigger | this vulnerability. https://talosintelligence.com/vulnerability_reports/TALOS-2022-1486 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-26061 https://www.cve.org/CVERecord?id=CVE-2022-26061 [1] https://security-tracker.debian.org/tracker/CVE-2022-25972 https://www.cve.org/CVERecord?id=CVE-2022-25972 [2] https://security-tracker.debian.org/tracker/CVE-2022-25942 https://www.cve.org/CVERecord?id=CVE-2022-25942 Please adjust the affected versions in the BTS as needed.
Bug#1031371: curl: CVE-2023-23914 CVE-2023-23915 CVE-2023-23916
Source: curl X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for curl. CVE-2023-23914 curl: HSTS ignored on multiple requests https://curl.se/docs/CVE-2023-23916.html CVE-2023-23915 curl: HSTS amnesia with --parallel https://curl.se/docs/CVE-2023-23915.html CVE-2023-23914 curl: HSTS ignored on multiple requests https://curl.se/docs/CVE-2023-23914.html If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-23914 https://www.cve.org/CVERecord?id=CVE-2023-23914 [1] https://security-tracker.debian.org/tracker/CVE-2023-23915 https://www.cve.org/CVERecord?id=CVE-2023-23915 [2] https://security-tracker.debian.org/tracker/CVE-2023-23916 https://www.cve.org/CVERecord?id=CVE-2023-23916 Please adjust the affected versions in the BTS as needed.
Bug#1030050: rails: CVE-2023-22796 CVE-2023-22795 CVE-2023-22794 CVE-2023-22792 CVE-2022-44566
Source: rails X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for rails. CVE-2023-22796[0]: https://discuss.rubyonrails.org/t/cve-2023-22796-possible-redos-based-dos-vulnerability-in-active-supports-underscore/82116 https://github.com/rails/rails/commit/4b383e6936d7a72b5dc839f526c9a9aeb280acae (6-1-stable) CVE-2023-22795[1]: https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118 https://github.com/rails/rails/commit/484fc9185db6c6a6a49ab458b11f9366da02bab2 (6-1-stable) CVE-2023-22794[2]: https://discuss.rubyonrails.org/t/cve-2023-22794-sql-injection-vulnerability-via-activerecord-comments/82117 https://github.com/rails/rails/commit/048e9fc05e18c91838a44e60175e475de8b2aad5 (6-1-stable) CVE-2023-22792[3]: https://discuss.rubyonrails.org/t/cve-2023-22792-possible-redos-based-dos-vulnerability-in-action-dispatch/82115 https://github.com/rails/rails/commit/7a7f37f146aa977350cf914eba20a95ce371485f (6-1-stable) CVE-2022-44566[4]: https://discuss.rubyonrails.org/t/cve-2022-44566-possible-denial-of-service-vulnerability-in-activerecords-postgresql-adapter/82119 https://github.com/rails/rails/commit/414eb337d142a9c61d7723ceb9b7c1ab30dff3ed (6-1-stable) If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-22796 https://www.cve.org/CVERecord?id=CVE-2023-22796 [1] https://security-tracker.debian.org/tracker/CVE-2023-22795 https://www.cve.org/CVERecord?id=CVE-2023-22795 [2] https://security-tracker.debian.org/tracker/CVE-2023-22794 https://www.cve.org/CVERecord?id=CVE-2023-22794 [3] https://security-tracker.debian.org/tracker/CVE-2023-22792 https://www.cve.org/CVERecord?id=CVE-2023-22792 [4] https://security-tracker.debian.org/tracker/CVE-2022-44566 https://www.cve.org/CVERecord?id=CVE-2022-44566 Please adjust the affected versions in the BTS as needed.
Bug#1030048: pgpool2: CVE-2023-22332
Source: pgpool2 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for pgpool2. CVE-2023-22332[0]: | Information disclosure vulnerability exists in Pgpool-II 4.4.0 to | 4.4.1 (4.4 series), 4.3.0 to 4.3.4 (4.3 series), 4.2.0 to 4.2.11 (4.2 | series), 4.1.0 to 4.1.14 (4.1 series), 4.0.0 to 4.0.21 (4.0 series), | All versions of 3.7 series, All versions of 3.6 series, All versions | of 3.5 series, All versions of 3.4 series, and All versions of 3.3 | series. A specific database user's authentication information may be | obtained by another database user. As a result, the information stored | in the database may be altered and/or database may be suspended by a | remote attacker who successfully logged in the product with the | obtained credentials. Quoting from https://www.pgpool.net/mediawiki/index.php/Main_Page#News : (I have no idea how common that is, feel free to downgrade as necessary) -- This release contains a security fix. If following conditions are all met, the password of "wd_lifecheck_user" is exposed by "SHOW POOL STATUS" command. The command can be executed by any user who can connect to Pgpool-II. (CVE-2023-22332) • Version 3.3 or later • use_watchdog = on • wd_lifecheck_method = 'query' • A plain text password is set to wd_lifecheck_password -- If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-22332 https://www.cve.org/CVERecord?id=CVE-2023-22332 Please adjust the affected versions in the BTS as needed.
Bug#1027788: nntpd not running after upgrading to openbsd-inetd_0.20221205-1
severity 1027788 important thanks Am Tue, Jan 03, 2023 at 12:03:41PM +0100 schrieb Marcus Frings: > Package: leafnode > Version: 1.12.0-1 > Severity: grave > > Dear Moritz, > > after upgrading openbsd-inetd to 0.20221205-1 I can't connect to my > local leafnode instance anymore and Gnus refuses with "nntpd not > running: connection broken by remote peer". Thanks for the report. I've been meaning to move towards systemd socket activation for some time now and that's good opportunity to move forward. Cheers, Moritz
Bug#1029154: swift: CVE-2022-47950
Source: swift X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for swift. CVE-2022-47950: OSSA-2023-001: Arbitrary file access through custom S3 XML entities Sébastien Meriot (OVH) reported a vulnerability in Swift's S3 XML parser. By supplying specially crafted XML files an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server resulting in unauthorized read access to potentially sensitive data; this impacts both s3api deployments (Rocky or later), and swift3 deployments (Queens and earlier, no longer actively developed). Only deployments with S3 compatibility enabled are affected. https://www.openwall.com/lists/oss-security/2023/01/17/1 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-47950 https://www.cve.org/CVERecord?id=CVE-2022-47950 Please adjust the affected versions in the BTS as needed.
Bug#1029153: virtualbox: CVE-2023-21884 CVE-2023-21885 CVE-2023-21886 CVE-2023-21889 CVE-2023-21898 CVE-2023-21899
Source: virtualbox X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for virtualbox. Fixed in 7.0.6 CVE-2023-21884[0]: | Vulnerability in the Oracle VM VirtualBox product of Oracle | Virtualization (component: Core). Supported versions that are affected | are Prior to 6.1.42 and prior to 7.0.6. Easily exploitable | vulnerability allows high privileged attacker with logon to the | infrastructure where Oracle VM VirtualBox executes to compromise | Oracle VM VirtualBox. Successful attacks of this vulnerability can | result in unauthorized ability to cause a hang or frequently | repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base | Score 4.4 (Availability impacts). CVSS Vector: | (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-21885[1]: | Vulnerability in the Oracle VM VirtualBox product of Oracle | Virtualization (component: Core). Supported versions that are affected | are Prior to 6.1.42 and prior to 7.0.6. Easily exploitable | vulnerability allows low privileged attacker with logon to the | infrastructure where Oracle VM VirtualBox executes to compromise | Oracle VM VirtualBox. While the vulnerability is in Oracle VM | VirtualBox, attacks may significantly impact additional products | (scope change). Successful attacks of this vulnerability can result in | unauthorized read access to a subset of Oracle VM VirtualBox | accessible data. Note: Applies to Windows only. CVSS 3.1 Base Score | 3.8 (Confidentiality impacts). CVSS Vector: | (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N). CVE-2023-21886[2]: | Vulnerability in the Oracle VM VirtualBox product of Oracle | Virtualization (component: Core). Supported versions that are affected | are Prior to 6.1.42 and prior to 7.0.6. Difficult to exploit | vulnerability allows unauthenticated attacker with network access via | multiple protocols to compromise Oracle VM VirtualBox. Successful | attacks of this vulnerability can result in takeover of Oracle VM | VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and | Availability impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). CVE-2023-21889[3]: | Vulnerability in the Oracle VM VirtualBox product of Oracle | Virtualization (component: Core). Supported versions that are affected | are Prior to 6.1.42 and prior to 7.0.6. Easily exploitable | vulnerability allows low privileged attacker with logon to the | infrastructure where Oracle VM VirtualBox executes to compromise | Oracle VM VirtualBox. While the vulnerability is in Oracle VM | VirtualBox, attacks may significantly impact additional products | (scope change). Successful attacks of this vulnerability can result in | unauthorized read access to a subset of Oracle VM VirtualBox | accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality impacts). | CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N). CVE-2023-21898[4]: | Vulnerability in the Oracle VM VirtualBox product of Oracle | Virtualization (component: Core). Supported versions that are affected | are Prior to 6.1.42 and prior to 7.0.6. Easily exploitable | vulnerability allows low privileged attacker with logon to the | infrastructure where Oracle VM VirtualBox executes to compromise | Oracle VM VirtualBox. Successful attacks of this vulnerability can | result in unauthorized ability to cause a hang or frequently | repeatable crash (complete DOS) of Oracle VM VirtualBox. Note: Applies | to VirtualBox VMs running Windows 7 and later. CVSS 3.1 Base Score 5.5 | (Availability impacts). CVSS Vector: | (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVE-2023-21899[5]: | Vulnerability in the Oracle VM VirtualBox product of Oracle | Virtualization (component: Core). Supported versions that are affected | are Prior to 6.1.42 and prior to 7.0.6. Easily exploitable | vulnerability allows low privileged attacker with logon to the | infrastructure where Oracle VM VirtualBox executes to compromise | Oracle VM VirtualBox. Successful attacks of this vulnerability can | result in unauthorized ability to cause a hang or frequently | repeatable crash (complete DOS) of Oracle VM VirtualBox. Note: Applies | to VirtualBox VMs running Windows 7 and later. CVSS 3.1 Base Score 5.5 | (Availability impacts). CVSS Vector: | (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-21884 https://www.cve.org/CVERecord?id=CVE-2023-21884 [1] https://security-tracker.debian.org/tracker/CVE-2023-21885 https://www.cve.org/CVERecord?id=CVE-2023-21885 [2] https://security-tracker.debian.org/tracker/CVE-2023-21886 https://www.cve.org/CVERecord?id=CVE-2023-21886 [3] https://security-tracker.debian.org/tracker/CVE-2023-21889
Bug#1029151: mysql-8.0: CVE-2023-21863 CVE-2023-21867 CVE-2023-21868 CVE-2023-21869 CVE-2023-21870 CVE-2023-21871 CVE-2023-21873 CVE-2023-21875 CVE-2023-21876 CVE-2023-21877 CVE-2023-21878 CVE-2023-21
Source: mysql-8.0 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for mysql-8.0. All fixed in 8.0.32. CVE-2023-21863[0]: | Vulnerability in the MySQL Server product of Oracle MySQL (component: | Server: Optimizer). Supported versions that are affected are 8.0.31 | and prior. Easily exploitable vulnerability allows high privileged | attacker with network access via multiple protocols to compromise | MySQL Server. Successful attacks of this vulnerability can result in | unauthorized ability to cause a hang or frequently repeatable crash | (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability | impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-21867[1]: | Vulnerability in the MySQL Server product of Oracle MySQL (component: | Server: Optimizer). Supported versions that are affected are 8.0.31 | and prior. Easily exploitable vulnerability allows high privileged | attacker with network access via multiple protocols to compromise | MySQL Server. Successful attacks of this vulnerability can result in | unauthorized ability to cause a hang or frequently repeatable crash | (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability | impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-21868[2]: | Vulnerability in the MySQL Server product of Oracle MySQL (component: | Server: Optimizer). Supported versions that are affected are 8.0.31 | and prior. Easily exploitable vulnerability allows low privileged | attacker with network access via multiple protocols to compromise | MySQL Server. Successful attacks of this vulnerability can result in | unauthorized ability to cause a hang or frequently repeatable crash | (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability | impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVE-2023-21869[3]: | Vulnerability in the MySQL Server product of Oracle MySQL (component: | InnoDB). Supported versions that are affected are 8.0.31 and prior. | Easily exploitable vulnerability allows high privileged attacker with | network access via multiple protocols to compromise MySQL Server. | Successful attacks of this vulnerability can result in unauthorized | ability to cause a hang or frequently repeatable crash (complete DOS) | of MySQL Server as well as unauthorized update, insert or delete | access to some of MySQL Server accessible data. CVSS 3.1 Base Score | 5.5 (Integrity and Availability impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). CVE-2023-21870[4]: | Vulnerability in the MySQL Server product of Oracle MySQL (component: | Server: Optimizer). Supported versions that are affected are 8.0.31 | and prior. Easily exploitable vulnerability allows high privileged | attacker with network access via multiple protocols to compromise | MySQL Server. Successful attacks of this vulnerability can result in | unauthorized ability to cause a hang or frequently repeatable crash | (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability | impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-21871[5]: | Vulnerability in the MySQL Server product of Oracle MySQL (component: | InnoDB). Supported versions that are affected are 8.0.31 and prior. | Easily exploitable vulnerability allows high privileged attacker with | network access via multiple protocols to compromise MySQL Server. | Successful attacks of this vulnerability can result in unauthorized | ability to cause a hang or frequently repeatable crash (complete DOS) | of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS | Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-21873[6]: | Vulnerability in the MySQL Server product of Oracle MySQL (component: | Server: Optimizer). Supported versions that are affected are 8.0.31 | and prior. Easily exploitable vulnerability allows high privileged | attacker with network access via multiple protocols to compromise | MySQL Server. Successful attacks of this vulnerability can result in | unauthorized ability to cause a hang or frequently repeatable crash | (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability | impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2023-21875[7]: | Vulnerability in the MySQL Server product of Oracle MySQL (component: | Server: Security: Encryption). Supported versions that are affected | are 8.0.31 and prior. Difficult to exploit vulnerability allows high | privileged attacker with network access via multiple protocols to | compromise MySQL Server. Successful attacks of this vulnerability can | result in unauthorized creation, deletion or modification access to | critical data or all MySQL Server accessible data and unauthorized | ability to cause a hang or frequently repeatable crash (complete DOS) | of MySQL Server. CVSS 3.1 Base Score 5.9
Bug#1028451: 2nd DisplayPort doesn't get video
Am Mon, Jan 16, 2023 at 12:46:37PM + schrieb Didier 'OdyX' Raboud: > > I understand that would be annoying for you, but I don't think that it would > > affect the majority of our users. > > Hrm. More and more laptops come with usb-c only, and dongles/docks become more > and more common. > > It's clearly a serious regression, as such setups "just worked" with 6.0. Not moving to 6.1.x (which is most likely the next Linux kernel LTS) is by far a worse regression since it applies to every single Debian system. As a community distro without paid, full time kernel maintainers we can't just randomly stick to an older kernel tree and decide to assess/backport hundreds of patches sent to stable@ every week. Cheers, Moritz
Bug#926276: Should guacamole-client be removed?
reassign 926276 ftp.debian.org retitle 926276 RM: guacamole-client -- RoQA; unmaintained, RC-buggy, open security issues, dropping from testing since 2017 severity 926276 normal thanks Am Tue, Apr 02, 2019 at 10:04:34PM +0200 schrieb Moritz Muehlenhoff: > Source: guacamole-client > Severity: serious > > Should guacamole-client be removed? > > guacamole-client hasn't been updated since 2016, is removed from testing > since 1.5 years and has four RC bugs at this point Reassigning for removal. Cheers, Moritz
Bug#1004441: unblocking chromium?
Am Sun, Jan 08, 2023 at 12:27:52AM -0500 schrieb Andres Salomon: > > On Fri, Jan 6 2023 at 11:36:02 AM +0200, Adrian Bunk > wrote: > > On Fri, Jan 06, 2023 at 10:18:16AM +0100, Moritz Muehlenhoff wrote: > > > ... > > > We might consider to set some expectation for oldstable-security, > > > though e.g state that > > > oldstable-security updates stop three months after the release of > > > stable or so. > > > > > > Yeah, I like that idea. I think I could comfortably handle about 6 months of > dual security support (stable+oldstable), personally. Sounds good! Can you add a README.Debian.security to the next unstable uploads which briefly documents that? When bookworm has been released we can also add a note to Chromium DSAs to give folks a headsup. Cheers, Moritz
Bug#1027163: python-git: CVE-2022-24439
Source: python-git X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for python-git. CVE-2022-24439[0]: | All versions of package gitpython are vulnerable to Remote Code | Execution (RCE) due to improper user input validation, which makes it | possible to inject a maliciously crafted remote URL into the clone | command. Exploiting this vulnerability is possible because the library | makes external calls to git without sufficient sanitization of input | arguments. https://security.snyk.io/vuln/SNYK-PYTHON-GITPYTHON-3113858 https://github.com/gitpython-developers/GitPython/issues/1515 https://github.com/gitpython-developers/GitPython/pull/1521 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-24439 https://www.cve.org/CVERecord?id=CVE-2022-24439 Please adjust the affected versions in the BTS as needed.