INFOSEC – Basic

[Linux Security]

OS: Arch

ArchLinux: 202204-9: python-django: sql injection

The package python-django before version 4.0.4-1 is vulnerable to sql injection.

ArchLinux: 202204-8: xz: arbitrary command execution

The package xz before version 5.2.5-3 is vulnerable to arbitrary command execution.

ArchLinux: 202204-7: gzip: arbitrary command execution

The package gzip before version 1.12-1 is vulnerable to arbitrary command execution.

ArchLinux: 202204-6: libtiff: multiple issues

The package libtiff before version 4.3.0-2 is vulnerable to multiple issues including arbitrary code execution and denial of service.

OS: Gentoo

Gentoo: GLSA-202209-15: Oracle JDK/JRE: Multiple vulnerabilities

Multiple vulnerabilities have been found in Oracle JDK and JRE, the worst of which could result in the arbitrary execution of code.

Gentoo: GLSA-202209-14: Fetchmail: Multiple Vulnerabilities

Multiple vulnerabilities have been discovered in Fetchmail, the worst of which could result in email disclosure to third parties.

Gentoo: GLSA-202209-13: libaacplus: Denial of Service

Multiple vulnerabilities have been discovered in libaacplus, the worst of which could result in denial of service.

Gentoo: GLSA-202209-12: GRUB: Multiple Vulnerabilities

Multiple vulnerabilities have been discovered in GRUB, the worst of which may allow for secureboot bypass.

OS: Scientific

SciLinux: SLSA-2022-6381-1 Important: open-vm-tools on SL7.x x86_64

open-vm-tools: local root privilege escalation in the virtual machine (CVE-2022-31676) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 open-vm-tools-11.0.5-3.el7_9.4.x86_64.rpm open-vm-tools-debuginfo-11.0.5-3.el7_9.4.x86_64.rpm open-vm-tools-desktop-11.0.5-3.el7_9.4.x8 [More...]

SciLinux: SLSA-2022-6160-1 Important: systemd on SL7.x x86_64

systemd-resolved: use-after-free when dealing with DnsStream in resolved-dns-stream.c (CVE-2022-2526) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 libgudev1-219-78.el7_9.7.i686.rpm libgudev1-219-78.el7_9.7.x86_64.rpm systemd-219-78.el7_9.7.x86_64.rpm systemd-debu [More...]

SciLinux: SLSA-2022-6179-1 Important: firefox on SL7.x x86_64

This update upgrades Firefox to version 91.13.0 ESR. * Mozilla: Address bar spoofing via XSLT error handling (CVE-2022-38472) * Mozilla: Cross-origin XSLT Documents would have inherited the parent's permissions (CVE-2022-38473) * Mozilla: Memory safety bugs fixed in Firefox 104 and Firefox ESR 102.2 (CVE-2022-38477) * Mozilla: Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2, and F [More...]

SciLinux: SLSA-2022-6169-1 Important: thunderbird on SL7.x x86_64

This update upgrades Thunderbird to version 91.13.0. * Mozilla: Address bar spoofing via XSLT error handling (CVE-2022-38472) * Mozilla: Cross-origin XSLT Documents would have inherited the parent's permissions (CVE-2022-38473) * Mozilla: Memory safety bugs fixed in Firefox 104 and Firefox ESR 102.2 (CVE-2022-38477) * Mozilla: Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2, and F [More...]

OS: Debian

Debian: DSA-5239-1: gdal security update

A heap-based buffer overflow vulnerability was discovered in gdal, a Geospatial Data Abstraction Library, which could result in denial of service or potentially the execution of arbitrary code, if a specially crafted file is processed with the PCIDSK driver.

Debian: DSA-5238-1: thunderbird security update

Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. For the stable distribution (bullseye), these problems have been fixed in

Debian: DSA-5237-1: firefox-esr security update

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, CSP bypass or session fixation.

Debian: DSA-5236-1: expat security update

Rhodri James discovered a heap use-after-free vulnerability in the doContent function in Expat, an XML parsing C library, which could result in denial of service or potentially the execution of arbitrary code, if a malformed XML file is processed.

NIST Vulnerability Database

CVE-2021-27862
Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length and Ethernet to Wifi frame conversion (and optionally VLAN0 headers).

CVE-2021-27854
Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using combinations of VLAN 0 headers, LLC/SNAP headers, and converting frames from Ethernet to Wifi and its reverse.

CVE-2021-27861
Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length (and optionally VLAN0 headers)

CVE-2021-27853
Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP headers.

OS: Redhat

RedHat: RHSA-2022-6696:01 Critical: Red Hat Advanced Cluster Management

Red Hat Advanced Cluster Management for Kubernetes 2.4.6 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score,

RedHat: RHSA-2022-6700:01 Important: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

RedHat: RHSA-2022-6701:01 Important: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

RedHat: RHSA-2022-6702:01 Important: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

OS: Debian LTS

Debian LTS: DLA-3123-1: thunderbird security update

Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. Debian follows the Thunderbird upstream releases. Support for the 91.x

Debian LTS: DLA-3122-1: dovecot security update

Two security issues were discovered in dovecot: IMAP and POP3 email server. CVE-2021-33515

Debian LTS: DLA-3121-1: firefox-esr security update

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, CSP bypass or session fixation.

Debian LTS: DLA-3120-1: poppler security update

Several security vulnerabilities have been discovered in Poppler, a PDF rendering library, that could lead to denial of service or possibly other unspecified impact when processing maliciously crafted documents.

OS: CentOS

CentOS: CESA-2022-6381: Important CentOS 7 open-vm-tools

Upstream details at : https://access.redhat.com/errata/RHSA-2022:6381

CentOS: CESA-2022-6170: Important CentOS 7 rsync

Upstream details at : https://access.redhat.com/errata/RHSA-2022:6170

CentOS: CESA-2022-6160: Important CentOS 7 systemd

Upstream details at : https://access.redhat.com/errata/RHSA-2022:6160

CentOS: CESA-2022-6169: Important CentOS 7 thunderbird

Upstream details at : https://access.redhat.com/errata/RHSA-2022:6169

OS: Slackware

Slackware: 2022-269-02: vim Security Update

New vim packages are available for Slackware 15.0 and -current to fix a security issue.

Slackware: 2022-269-01: dnsmasq Security Update

New dnsmasq packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix a security issue.

Slackware: 2022-264-01: bind Security Update

New bind packages are available for Slackware 15.0 and -current to fix security issues.

Slackware: 2022-263-02: mozilla-firefox Security Update

New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues.

OS: Mageia

Mageia 2022-0347: thunderbird security update

When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead (CVE-2022-40956). By injecting a cookie with certain special characters, an attacker on a

Mageia 2022-0346: webkit2 security update

A buffer overflow issue which may lead to arbitrary code execution was addressed with improved memory handling. (CVE-2022-32886) Visiting a website that frames malicious content may lead to UI spoofing. he issue was addressed with improved UI handling. (CVE-2022-32891)

Mageia 2022-0345: tcpreplay security update

tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c. (CVE-2022-27939) tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_ipv6_next in common/get.c. (CVE-2022-27940)

Mageia 2022-0344: firefox security update

CVEMAP.ORG: Vulnerabilities & Exposures

Medium CVE-2022-36728: Library management system project Library management system
Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the RollNo parameter at /staff/delstu.php.

Low CVE-2021-30071: Hestiacp Hestiacp
A cross-site scripting (XSS) vulnerability in /admin/list_key.html of HestiaCP before v1.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

Low CVE-2022-36880: Webmin Usermin
The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message.

Medium CVE-2022-29286: Pexip Pexip infinity
Pexip Infinity 27 before 28.0 allows remote attackers to trigger excessive resource consumption and termination because of registrar resource mishandling.

NIST Vulnerability Database

CVE-2021-27861
Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length (and optionally VLAN0 headers)

CVE-2021-27853
Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP headers.

OS: Fedora

Fedora 36: firefox 2022-38179cd087

- Update to latest upstream (105.0.1)

Fedora 37: grafana 2022-2eb4418018

- update to 9.0.9 tagged upstream community sources, see CHANGELOG - resolve CVE-2022-35957 grafana: Escalation from admin to server admin when auth proxy is used (rhbz#2128565)

Fedora 37: redis 2022-de7b3ceca6

**Redis 7.0.5** - Released Wed Sep 21 20:00:00 IST 2022 Upgrade urgency: SECURITY, contains fixes to security issues. Security Fixes: * (**CVE-2022-35951**) Executing a XAUTOCLAIM command on a stream key in a specific state, with a specially crafted COUNT argument, may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code

Fedora 37: thunderbird 2022-b4583f536b

Update to 102.3.0 ; https://www.mozilla.org/en- US/security/advisories/mfsa2022-42/ ; https://www.thunderbird.net/en- US/thunderbird/102.3.0/releasenotes/

Exploit-DB.com

[webapps] Feehi CMS 2.1.1 - Remote Code Execution (RCE) (Authenticated)
Feehi CMS 2.1.1 - Remote Code Execution (RCE) (Authenticated)

[webapps] TP-Link Tapo c200 1.1.15 - Remote Code Execution (RCE)
TP-Link Tapo c200 1.1.15 - Remote Code Execution (RCE)

[remote] Teleport v10.1.1 - Remote Code Execution (RCE)
Teleport v10.1.1 - Remote Code Execution (RCE)

[webapps] Wordpress Plugin WP-UserOnline 2.88.0 - Stored Cross Site Scripting (XSS)
Wordpress Plugin WP-UserOnline 2.88.0 - Stored Cross Site Scripting (XSS)