INFOSEC | USERSPACE-Linux Aggregate Info

OS: Scientific

SciLinux: SLSA-2021-3889-1 Important: java-1.8.0-openjdk on SL7.x x86_64

OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967) (CVE-2021-35565) * OpenJDK: Incorrect principal selection when using Kerberos Constrained Delegation (Libraries, 8266689) (CVE-2021-35567) * OpenJDK: Weak ciphers preferred over stronger ones for TLS (JSSE, 8264210) (CVE-2021-35550) * OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167) (CVE-2021-3 [More...]

SciLinux: SLSA-2021-3892-1 Important: java-11-openjdk on SL7,x x86_64

SciLinux: SLSA-2021-3841-1 Important: thunderbird on SL7.x x86_64

This update upgrades Thunderbird to version 91.2.0. * Mozilla: Use-after-free in MessageTask (CVE-2021-38496) * Mozilla: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2 (CVE-2021-38500) * Mozilla: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2 (CVE-2021-38501) * Mozilla: Downgrade attack on SMTP STARTTLS connections (CVE-2021-38502) * rust-crossb [More...]

SciLinux: SLSA-2021-3791-1 Important: firefox on SL7.x x86_64

This update upgrades Firefox to version 91.2.0 ESR. * Mozilla: Use-after-free in MessageTask (CVE-2021-38496) * Mozilla: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2 (CVE-2021-38500) * Mozilla: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2 (CVE-2021-38501) * rust-crossbeam-deque: race condition may lead to double free (CVE-2021-32810) * Mozil [More...]

OS: Mageia

Mageia 2021-0488: virtualbox security update

This update provides the upstream 6.1.28 maintenance release that fixes atleast the following security vulnerabilities: Vulnerability in the Oracle VM VirtualBox prior to 6.1.28 contains an easily exploitable vulnerability that allows high privileged attacker with

Mageia 2021-0487: ansible security update

Do not include params in exception when a call to set_options fails. Additionally, block the exception that is returned from being displayed to stdout. (CVE-2021-3620) References:

Mageia 2021-0486: flatpak security update

Flatpak apps with direct access to AF_UNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can trick portals and other host-OS services into treating the Flatpak app as though it was an ordinary, non-sandboxed host-OS process, by manipulating the VFS using recent mount-related syscalls that are not blocked by Flatpak's denylist seccomp

Mageia 2021-0485: tomcat security update

A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. (CVE-2021-30640) Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66

CVEMAP.ORG: Vulnerabilities & Exposures

Medium CVE-2021-41140: Discourse Discourse reactions
Discourse-reactions is a plugin for the Discourse platform that allows user to add their reactions to the post. In affected versions reactions given by user to secure topics and private messages are visible. This issue is patched in version 0.2 of discourse-reaction. Users who are unable to update are advised to disable the Discourse-reactions plugin in admin panel.

Low CVE-2021-32664: Combodo ITOP
Combodo iTop is an open source web based IT Service Management tool. In affected versions there is a XSS vulnerability on "run query" page when logged as administrator. This has been resolved in versions 2.6.5 and 2.7.5.

High CVE-2021-41131: Linuxfoundation The update framework
python-tuf is a Python reference implementation of The Update Framework (TUF). In both clients (`tuf/client` and `tuf/ngclient`), there is a path traversal vulnerability that in the worst case can overwrite files ending in `.json` anywhere on the client system on a call to `get_one_valid_targetinfo()`. It occurs because the rolename is used to form the filename, and may contain path traversal characters (ie `../../name.json`). The impact is mitigated by a few facts: It only affects implementations that allow arbitrary rolename selection for delegated targets metadata, The attack requires the ability to A) insert new metadata for the path-traversing role and B) get the role delegated by an existing targets metadata, The written file content is heavily restricted since it needs to be a valid, signed targets file. The file extension is always .json. A fix is available in version 0.19 or newer. There are no workarounds that do not require code changes. Clients can restrict the allowed character set for rolenames, or they can store metadata in files named in a way that is not vulnerable: neither of these approaches is possible without modifying python-tuf.

Low CVE-2021-35323: Bludit Bludit
Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via the username in admin/login.

OS: Redhat

RedHat: RHSA-2021-3955:01 Low: redhat-ds:11 security, bug fix,

Red Hat Directory Server 11.4 is now available. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

RedHat: RHSA-2021-3949:01 Important: Red Hat Advanced Cluster Management

Red Hat Advanced Cluster Management for Kubernetes 2.1.12 General Availability release images, which provide security fixes and update the container images. Red Hat Product Security has rated this update as having a security impact

RedHat: RHSA-2021-3892:01 Important: java-11-openjdk security and bug fix

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

RedHat: RHSA-2021-3889:01 Important: java-1.8.0-openjdk security and bug

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

OS: Debian

Debian: DSA-4991-1: mailman security update

Several vulnerabilities were discovered in mailman, a web-based mailing list manager, which could result in arbitrary content injection via the options and private archive login pages, and CSRF attacks or privilege escalation via the user options page.

Debian: DSA-4990-1: ffmpeg security update

Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.

Debian: DSA-4989-1: strongswan security update

Researchers at the United States of America National Security Agency (NSA) identified two denial of services vulnerability in strongSwan, an IKE/IPsec suite.

Debian: DSA-4988-1: libreoffice security update

Two security issues have been discovered in LibreOffice's support for digital signatures in ODF documents, which could result in incorrect signature indicators/timestamps being presented.

OS: Suse

SUSE: 2021:449-1 suse/sle15 Security Update

The container suse/sle15 was updated. The following patches have been included in this update:

SUSE: 2021:447-1 suse/sle15 Security Update

The container suse/sle15 was updated. The following patches have been included in this update:

SUSE: 2021:437-1 bci/golang Security Update

The container bci/golang was updated. The following patches have been included in this update:

SUSE: 2021:435-1 suse/sle15 Security Update

The container suse/sle15 was updated. The following patches have been included in this update:

OS: Debian LTS

Debian LTS: DLA-2792-1: faad2 security update

Several issues have been found in faad2, a freeware Advanced Audio Decoder player. They are related to heap buffer overflows or null pointer dereferences, which both might allow an attacker to execute code by

Debian LTS: DLA-2790-1: python-babel security update

Tenable discovered that in Babel, a set of tools for internationalizing Python applications, Babel.Locale allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution. This

Debian LTS: DLA-2789-1: squashfs-tools security update

Richard Weinberger reported that unsquashfs in squashfs-tools, the tools to create and extract Squashfs filesystems, does not check for duplicate filenames within a directory. An attacker can take advantage of this flaw

Debian LTS: DLA-2768-2: uwsgi regression update

A regression was introduced in DLA-2768-1, where the uwsgi proxy module for Apache2 (mod_proxy_uwsgi) interprets incorrect Apache configurations in a less forgiving way, causing existing setups to fail after upgrade.

OS: Slackware

Slackware: 2021-280-01: httpd Security Update

New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue.

Slackware: 2021-278-01: httpd Security Update

New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

Slackware: 2021-264-01: alpine Security Update

New alpine packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue.

Slackware: 2021-259-01: httpd Security Update

New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

Exploit-DB.com

[webapps] Jetty 9.4.37.v20210219 - Information Disclosure
Jetty 9.4.37.v20210219 - Information Disclosure

[webapps] Clinic Management System 1.0 - SQL injection to Remote Code Execution
Clinic Management System 1.0 - SQL injection to Remote Code Execution

[webapps] Online Course Registration 1.0 - Blind Boolean-Based SQL Injection (Authenticated)
Online Course Registration 1.0 - Blind Boolean-Based SQL Injection (Authenticated)

[dos] NIMax 5.3.1 - 'Remote VISA System' Denial of Service (PoC)
NIMax 5.3.1 - 'Remote VISA System' Denial of Service (PoC)

NIST Vulnerability Database

CVE-2021-42258
BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as exploited in the wild in October 2021 for ransomware installation. SQL injection can, for example, use the txtID (aka username) parameter. Successful exploitation can include the ability to execute arbitrary code as MSSQLSERVER$ via xp_cmdshell.

CVE-2020-36499
TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a cross-site scripting (XSS) vulnerability in the content parameter of the Rubric Block (Add) module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the rubric name value.

CVE-2020-36497
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component makehtml_homepage.php via the `filename`, `mid`, `userid`, and `templet' parameters.

CVE-2020-36496
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component sys_admin_user_edit.php via the `filename`, `mid`, `userid`, and `templet' parameters.

OS: Fedora

Fedora 34: python-reportlab 2021-13cdc0ab0e

- Release 3.6.2

Fedora 33: libzapojit 2021-7f5a82ef57

Security fix for CVE-2021-39360

Fedora 33: nodejs 2021-cbad295a90

## 2021-10-12, Version 14.18.1 'Fermium' (LTS), @danielleadams This is a security release. ### Notable changes * **CVE-2021-22959**: HTTP Request Smuggling due to spaced in headers (Medium) * The http parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS). More details will be available at

Fedora 33: vim 2021-84f4cf3244

The newest upstream commit Security fix for CVE-2021-3778 Security fix for CVE-2021-3796 Security fix for CVE-2021-3875 Security fix for CVE-2021-3872

NIST Vulnerability Database

OS: Gentoo

Gentoo: GLSA-202107-55: SDL 2: Multiple vulnerabilities

Multiple vulnerabilities have been found in libsdl2, the worst of which could result in a Denial of Service condition.

Gentoo: GLSA-202107-54: libyang: Multiple vulnerabilities

Multiple vulnerabilities have been found in libyang, the worst of which could result in a Denial of Service condition.

Gentoo: GLSA-202107-53: Leptonica: Multiple vulnerabilities

Multiple vulnerabilities have been found in Leptonica, the worst of which could result in a Denial of Service condition.

Gentoo: GLSA-202107-52: Apache Velocity: Multiple vulnerabilities

Multiple vulnerabilities have been found in Apache Velocity, the worst of which could result in the arbitrary execution of code.

OS: Arch

ArchLinux: 202110-6: nodejs-lts-erbium: multiple issues

The package nodejs-lts-erbium before version 12.22.7-1 is vulnerable to multiple issues including arbitrary code execution, url request injection and certificate verification bypass.

ArchLinux: 202110-5: nodejs-lts-fermium: multiple issues

The package nodejs-lts-fermium before version 14.18.1-1 is vulnerable to multiple issues including arbitrary code execution, url request injection and certificate verification bypass.

ArchLinux: 202110-4: nodejs: url request injection

The package nodejs before version 16.11.1-1 is vulnerable to url request injection.

ArchLinux: 202110-3: virtualbox: multiple issues

The package virtualbox before version 6.1.28-1 is vulnerable to multiple issues including sandbox escape, denial of service and information disclosure.