πΎ Archived View for data.konfusator.de βΊ feeds βΊ dsa.gmi captured on 2024-02-05 at 09:36:28. Gemini links have been rewritten to link to archived content
β¬ οΈ Previous capture (2023-12-28)
β‘οΈ Next capture (2024-03-21)
-=-=-=-=-=-=-
Zuletzt aktualisiert: 2024-02-05T11:33:01Z
2024-02-04
It was discovered that runc, a command line client for running
applications packaged according to the Open Container Format (OCF), was
suspectible to multiple container breakouts due to an internal file
descriptor leak.
https://security-tracker.debian.org/tracker/DSA-5615-1
2024-02-03
Two vulnerabilities were discovered in zbar, a library for scanning and
decoding QR and bar codes, which may result in denial of service,
information disclosure or potentially the execution of arbitrary code if
a specially crafted code is processed.
https://security-tracker.debian.org/tracker/DSA-5614-1
2024-02-01
Several vulnerabilities have been discovered in the OpenJDK Java runtime,
which may result in side channel attacks, leaking sensitive data to log
files, denial of service or bypass of sandbox restrictions.
https://security-tracker.debian.org/tracker/DSA-5613-1
2024-02-01
Multiple security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.
https://security-tracker.debian.org/tracker/DSA-5612-1
2024-01-30
The Qualys Research Labs discovered several vulnerabilities in the GNU C
Library's __vsyslog_internal() function (called by syslog() and
vsyslog()). A heap-based buffer overflow (CVE-2023-6246), an off-by-one
heap overflow (CVE-2023-6779) and an integer overflow (CVE-2023-6780)
can be exploited for privilege escalation or denial of service.
Details can be found in the Qualys advisory at
https://www.qualys.com/2024/01/30/syslog
Additionally a memory corruption was discovered in the glibc's qsort()
function, due to missing bounds check and when called by a program
with a non-transitive comparison function and a large number of
attacker-controlled elements. As the use of qsort() with a
non-transitive comparison function is undefined according to POSIX and
ISO C standards, this is not considered a vulnerability in the glibc
itself. However the qsort() implementation was hardened against
misbehaving callers.
Details can be found in the Qualys advisory at
https://www.qualys.com/2024/01/30/qsort
https://security-tracker.debian.org/tracker/DSA-5611-1
2024-01-29
Multiple security issues were discovered in Redis, a persistent
key-value database, which could result in the execution of arbitrary
code or ACL bypass.
https://security-tracker.debian.org/tracker/DSA-5610-1
2024-01-28
Several vulnerabilities were discovered in the Slurm Workload Manager, a
cluster resource management and job scheduling system, which may result
in privilege escalation, denial of service, bypass of message hash
checks or opening files with an incorrect set of extended groups.
https://security-tracker.debian.org/tracker/DSA-5609-1
2024-01-27
A heap-based buffer overflow during tile list parsing was discovered in
the AV1 video codec parser for the GStreamer media framework, which may
result in denial of service or potentially the execution of arbitrary
code if a malformed media file is opened.
https://security-tracker.debian.org/tracker/DSA-5608-1
2024-01-24
Multiple security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.
https://security-tracker.debian.org/tracker/DSA-5607-1
2024-01-24
Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code, phishing, clickjacking, privilege escalation, HSTS bypass or
bypass of content security policies.
https://security-tracker.debian.org/tracker/DSA-5606-1
2024-01-24
Multiple security issues were discovered in Thunderbird, which could
result in denial of service or the execution of arbitrary code.
https://security-tracker.debian.org/tracker/DSA-5605-1
2024-01-23
Several vulnerabilities have been discovered in the OpenJDK Java runtime,
which may result in side channel attacks, leaking sensitive data to log
files, denial of service or bypass of sandbox restrictions.
https://security-tracker.debian.org/tracker/DSA-5604-1
2024-01-23
Several vulnerabilities were discovered in the Xorg X server, which may
result in privilege escalation if the X server is running privileged
or denial of service.
https://security-tracker.debian.org/tracker/DSA-5603-1
2024-01-17
Multiple security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure. An exploit for CVE-2024-0519 exists in the wild.
https://security-tracker.debian.org/tracker/DSA-5602-1
2024-01-12
Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the
SSH protocol is prone to a prefix truncation attack, known as the
"Terrapin attack". This attack allows a MITM attacker to effect a
limited break of the integrity of the early encrypted SSH transport
protocol by sending extra messages prior to the commencement of
encryption, and deleting an equal number of consecutive messages
immediately after encryption starts.
Details can be found at https://terrapin-attack.com/
https://security-tracker.debian.org/tracker/DSA-5601-1
2024-01-12
Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the
SSH protocol is prone to a prefix truncation attack, known as the
"Terrapin attack". This attack allows a MITM attacker to effect a
limited break of the integrity of the early encrypted SSH transport
protocol by sending extra messages prior to the commencement of
encryption, and deleting an equal number of consecutive messages
immediately after encryption starts.
Details can be found at https://terrapin-attack.com/
https://security-tracker.debian.org/tracker/DSA-5600-1
2024-01-12
Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the
SSH protocol is prone to a prefix truncation attack, known as the
"Terrapin attack". This attack allows a MITM attacker to effect a
limited break of the integrity of the early encrypted SSH transport
protocol by sending extra messages prior to the commencement of
encryption, and deleting an equal number of consecutive messages
immediately after encryption starts.
Details can be found at https://terrapin-attack.com/
https://security-tracker.debian.org/tracker/DSA-5599-1
2024-01-10
A security issue was discovered in Chromium, which could result
in the execution of arbitrary code, denial of service, or information
disclosure.
https://security-tracker.debian.org/tracker/DSA-5598-1
2024-01-04
It was discovered that Exim, a mail transport agent, can be induced to
accept a second message embedded as part of the body of a first message
in certain configurations where PIPELINING or CHUNKING on incoming
connections is offered.
https://security-tracker.debian.org/tracker/DSA-5597-1
2024-01-04
Multiple security vulnerabilities have been discovered in Asterisk, an Open
Source Private Branch Exchange.
CVE-2023-37457
The 'update' functionality of the PJSIP_HEADER dialplan function can exceed
the available buffer space for storing the new value of a header. By doing
so this can overwrite memory or cause a crash. This is not externally
exploitable, unless dialplan is explicitly written to update a header based
on data from an outside source. If the 'update' functionality is not used
the vulnerability does not occur.
CVE-2023-38703
PJSIP is a free and open source multimedia communication library written in
C with high level API in C, C++, Java, C#, and Python languages. SRTP is a
higher level media transport which is stacked upon a lower level media
transport such as UDP and ICE. Currently a higher level transport is not
synchronized with its lower level transport that may introduce a
use-after-free issue. This vulnerability affects applications that have
SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media
transport other than UDP. This vulnerabilityβs impact may range from
unexpected application termination to control flow hijack/memory
corruption.
CVE-2023-49294
It is possible to read any arbitrary file even when the `live_dangerously`
option is not enabled.
CVE-2023-49786
Asterisk is susceptible to a DoS due to a race condition in the hello
handshake phase of the DTLS protocol when handling DTLS-SRTP for media
setup. This attack can be done continuously, thus denying new DTLS-SRTP
encrypted calls during the attack. Abuse of this vulnerability may lead to
a massive Denial of Service on vulnerable Asterisk servers for calls that
rely on DTLS-SRTP.
https://security-tracker.debian.org/tracker/DSA-5596-1
2024-01-04
Multiple security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.
https://security-tracker.debian.org/tracker/DSA-5595-1
2024-01-02
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.
CVE-2021-44879
Wenqing Liu reported a NULL pointer dereference in the f2fs
implementation. An attacker able to mount a specially crafted image
can take advantage of this flaw for denial of service.
CVE-2023-5178
Alon Zahavi reported a use-after-free flaw in the NVMe-oF/TCP
subsystem in the queue initialization setup, which may result in
denial of service or privilege escalation.
CVE-2023-5197
Kevin Rich discovered a use-after-free flaw in the netfilter
subsystem which may result in denial of service or privilege
escalation for a user with the CAP_NET_ADMIN capability in any user
or network namespace.
CVE-2023-5717
Budimir Markovic reported a heap out-of-bounds write vulnerability
in the Linux kernel's Performance Events system caused by improper
handling of event groups, which may result in denial of service or
privilege escalation. The default settings in Debian prevent
exploitation unless more permissive settings have been applied in
the kernel.perf_event_paranoid sysctl.
CVE-2023-6121
Alon Zahavi reported an out-of-bounds read vulnerability in the
NVMe-oF/TCP which may result in an information leak.
CVE-2023-6531
Jann Horn discovered a use-after-free flaw due to a race condition
when the unix garbage collector's deletion of a SKB races
with unix_stream_read_generic() on the socket that the SKB is
queued on.
CVE-2023-6817
Xingyuan Mo discovered that a use-after-free in Netfilter's
implementation of PIPAPO (PIle PAcket POlicies) may result in denial
of service or potential local privilege escalation for a user with
the CAP_NET_ADMIN capability in any user or network namespace.
CVE-2023-6931
Budimir Markovic reported a heap out-of-bounds write vulnerability
in the Linux kernel's Performance Events system which may result in
denial of service or privilege escalation. The default settings in
Debian prevent exploitation unless more permissive settings have
been applied in the kernel.perf_event_paranoid sysctl.
CVE-2023-6932
A use-after-free vulnerability in the IPv4 IGMP implementation may
result in denial of service or privilege escalation.
CVE-2023-25775
Ivan D Barrera, Christopher Bednarz, Mustafa Ismail and Shiraz
Saleem discovered that improper access control in the Intel Ethernet
Controller RDMA driver may result in privilege escalation.
CVE-2023-34324
Marek Marczykowski-Gorecki reported a possible deadlock in the Xen
guests event channel code which may allow a malicious guest
administrator to cause a denial of service.
CVE-2023-35827
Zheng Wang reported a use-after-free flaw in the Renesas Ethernet
AVB support driver.
CVE-2023-45863
A race condition in library routines for handling generic kernel
objects may result in an out-of-bounds write in the
fill_kobj_path() function.
CVE-2023-46813
Tom Dohrmann reported that a race condition in the Secure Encrypted
Virtualization (SEV) implementation when accessing MMIO registers
may allow a local attacker in a SEV guest VM to cause a denial of
service or potentially execute arbitrary code.
CVE-2023-46862
It was discovered that a race condition in the io_uring
subsystem may result in a NULL pointer dereference, causing a
denial of service.
CVE-2023-51780
It was discovered that a race condition in the ATM (Asynchronous
Transfer Mode) subsystem may lead to a use-after-free.
CVE-2023-51781
It was discovered that a race condition in the Appletalk subsystem
may lead to a use-after-free.
CVE-2023-51782
It was discovered that a race condition in the Amateur Radio X.25
PLP (Rose) support may lead to a use-after-free. This module is not
auto-loaded on Debian systems, so this issue only affects systems
where it is explicitly loaded.
https://security-tracker.debian.org/tracker/DSA-5594-1
2024-01-01
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.
CVE-2023-6531
Jann Horn discovered a use-after-free flaw due to a race condition
problem when the unix garbage collector's deletion of a SKB races
with unix_stream_read_generic() on the socket that the SKB is
queued on.
CVE-2023-6622
Xingyuan Mo discovered a flaw in the netfilter subsystem which may
result in denial of service or privilege escalation for a user with
the CAP_NET_ADMIN capability in any user or network namespace.
CVE-2023-6817
Xingyuan Mo discovered that a use-after-free in Netfilter's
implementation of PIPAPO (PIle PAcket POlicies) may result in denial
of service or potential local privilege escalation for a user with
the CAP_NET_ADMIN capability in any user or network namespace.
CVE-2023-6931
Budimir Markovic reported a heap out-of-bounds write vulnerability
in the Linux kernel's Performance Events system which may result in
denial of service or privilege escalation.
CVE-2023-51779
It was discovered that a race condition in the Bluetooth subsystem
in the bt_sock_ioctl handling may lead to a use-after-free.
CVE-2023-51780
It was discovered that a race condition in the ATM (Asynchronous
Transfer Mode) subsystem may lead to a use-after-free.
CVE-2023-51781
It was discovered that a race condition in the Appletalk subsystem
may lead to a use-after-free.
CVE-2023-51782
It was discovered that a race condition in the Amateur Radio X.25
PLP (Rose) support may lead to a use-after-free.
https://security-tracker.debian.org/tracker/DSA-5593-1
2023-12-30
It was discovered that missing input sanitising in
libspreadsheet-parseexcel-perl, a Perl module to access information from
Excel Spreadsheets, may result in the execution of arbitrary commands if
a specially crafted document file is processed.
https://security-tracker.debian.org/tracker/DSA-5592-1
2023-12-28
Several vulnerabilities were discovered in libssh, a tiny C SSH library.
CVE-2023-6004
It was reported that using the ProxyCommand or the ProxyJump feature
may allow an attacker to inject malicious code through specially
crafted hostnames.
CVE-2023-6918
Jack Weinstein reported that missing checks for return values for
digests may result in denial of service (application crashes) or
usage of uninitialized memory.
CVE-2023-48795
Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that
the SSH protocol is prone to a prefix truncation attack, known as
the "Terrapin attack". This attack allows a MITM attacker to effect
a limited break of the integrity of the early encrypted SSH
transport protocol by sending extra messages prior to the
commencement of encryption, and deleting an equal number of
consecutive messages immediately after encryption starts.
Details can be found at https://terrapin-attack.com/
https://security-tracker.debian.org/tracker/DSA-5591-1
2023-12-28
Several vulnerabilities were discovered in HAProxy, a fast and reliable
load balancing reverse proxy, which can result in HTTP request smuggling
or information disclosure.
https://security-tracker.debian.org/tracker/DSA-5590-1
2023-12-27
Multiple vulnerabilities were discovered in Node.js, which could result in
HTTP request smuggling, bypass of policy feature checks, denial of service
or loading of incorrect ICU data.
https://security-tracker.debian.org/tracker/DSA-5589-1
2023-12-24
Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the
SSH protocol is prone to a prefix truncation attack, known as the
"Terrapin attack". This attack allows a MITM attacker to effect a
limited break of the integrity of the early encrypted SSH transport
protocol by sending extra messages prior to the commencement of
encryption, and deleting an equal number of consecutive messages
immediately after encryption starts.
Details can be found at https://terrapin-attack.com/
https://security-tracker.debian.org/tracker/DSA-5588-1
2023-12-23
Two security issues were discovered in Curl: Cookies were incorrectly
validated against the public suffix list of domains and in same cases
HSTS data could fail to save to disk.
https://security-tracker.debian.org/tracker/DSA-5587-1
2023-12-22
Several vulnerabilities have been discovered in OpenSSH, an
implementation of the SSH protocol suite.
CVE-2021-41617
It was discovered that sshd failed to correctly initialise
supplemental groups when executing an AuthorizedKeysCommand or
AuthorizedPrincipalsCommand, where a AuthorizedKeysCommandUser or
AuthorizedPrincipalsCommandUser directive has been set to run the
command as a different user. Instead these commands would inherit
the groups that sshd was started with.
CVE-2023-28531
Luci Stanescu reported that a error prevented constraints being
communicated to the ssh-agent when adding smartcard keys to the
agent with per-hop destination constraints, resulting in keys being
added without constraints.
CVE-2023-48795
Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that
the SSH protocol is prone to a prefix truncation attack, known as
the "Terrapin attack". This attack allows a MITM attacker to effect
a limited break of the integrity of the early encrypted SSH
transport protocol by sending extra messages prior to the
commencement of encryption, and deleting an equal number of
consecutive messages immediately after encryption starts.
Details can be found at https://terrapin-attack.com/
CVE-2023-51384
It was discovered that when PKCS#11-hosted private keys were
added while specifying destination constraints, if the PKCS#11
token returned multiple keys then only the first key had the
constraints applied.
CVE-2023-51385
It was discovered that if an invalid user or hostname that contained
shell metacharacters was passed to ssh, and a ProxyCommand,
LocalCommand directive or "match exec" predicate referenced the user
or hostname via expansion tokens, then an attacker who could supply
arbitrary user/hostnames to ssh could potentially perform command
injection. The situation could arise in case of git repositories
with submodules, where the repository could contain a submodule with
shell characters in its user or hostname.
https://security-tracker.debian.org/tracker/DSA-5586-1
ββββββββββββββββββββββββ
Skriptlauf: 2024-02-05T15:32:02