INFOSEC – USERSPACE.ORG :

[Linux Security]

OS: Slackware

Slackware: 2022-264-01: bind Security Update

New bind packages are available for Slackware 15.0 and -current to fix security issues.

Slackware: 2022-263-02: mozilla-firefox Security Update

New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues.

Slackware: 2022-263-01: expat Security Update

New expat packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix a security issue.

Slackware: 2022-261-01: vim Security Update

New vim packages are available for Slackware 15.0 and -current to fix a security issue.

OS: Suse

SUSE: 2022:1094-1 suse-sles-15-sp4-chost-byos-v20220923-hvm-ssd-x86_64 Security Update

The container suse-sles-15-sp4-chost-byos-v20220923-hvm-ssd-x86_64 was updated. The following patches have been included in this update:

SUSE: 2022:1093-1 suse-sles-15-sp4-chost-byos-v20220923-x86_64-gen2 Security Update

The container suse-sles-15-sp4-chost-byos-v20220923-x86_64-gen2 was updated. The following patches have been included in this update:

SUSE: 2022:3379-1 important: the Linux Kernel (Live Patch 35 for SLE 12 SP5)

An update that fixes one vulnerability is now available.

SUSE: 2022:3377-1 important: the Linux Kernel (Live Patch 22 for SLE 15 SP3)

An update that fixes two vulnerabilities is now available.

OS: Redhat

RedHat: RHSA-2022-6681:01 Important: OpenShift Virtualization 4.9.6 Images

Red Hat OpenShift Virtualization release 4.9.6 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

RedHat: RHSA-2022-6531:01 Important: OpenShift Container Platform 4.10.33

Red Hat OpenShift Container Platform release 4.10.33 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10.

RedHat: RHSA-2022-6536:01 Moderate: OpenShift Container Platform 4.11.5 bug

Red Hat OpenShift Container Platform release 4.11.5 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11.

RedHat: RHSA-2022-6580:01 Moderate: booth security update

An update for booth is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

NIST Vulnerability Database

CVE-2022-21169
The package express-xss-sanitizer before 1.1.3 are vulnerable to Prototype Pollution via the allowedTags attribute, allowing the attacker to bypass xss sanitization.

CVE-2022-21797
The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.

CVE-2022-41347
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.x and 9.x (e.g., 8.8.15). The Sudo configuration permits the zimbra user to execute the NGINX binary as root with arbitrary parameters. As part of its intended functionality, NGINX can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root.

CVE-2022-41352
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavisd via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however, pax is no longer part of a default Red Hat installation after RHEL 6 (or CentOS 6). Once pax is installed, amavisd automatically prefers it over cpio.

CVEMAP.ORG: Vulnerabilities & Exposures

Medium CVE-2022-36728: Library management system project Library management system
Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the RollNo parameter at /staff/delstu.php.

Low CVE-2021-30071: Hestiacp Hestiacp
A cross-site scripting (XSS) vulnerability in /admin/list_key.html of HestiaCP before v1.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

Low CVE-2022-36880: Webmin Usermin
The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message.

Medium CVE-2022-29286: Pexip Pexip infinity
Pexip Infinity 27 before 28.0 allows remote attackers to trigger excessive resource consumption and termination because of registrar resource mishandling.

OS: Gentoo

Gentoo: GLSA-202209-15: Oracle JDK/JRE: Multiple vulnerabilities

Multiple vulnerabilities have been found in Oracle JDK and JRE, the worst of which could result in the arbitrary execution of code.

Gentoo: GLSA-202209-14: Fetchmail: Multiple Vulnerabilities

Multiple vulnerabilities have been discovered in Fetchmail, the worst of which could result in email disclosure to third parties.

Gentoo: GLSA-202209-13: libaacplus: Denial of Service

Multiple vulnerabilities have been discovered in libaacplus, the worst of which could result in denial of service.

Gentoo: GLSA-202209-12: GRUB: Multiple Vulnerabilities

Multiple vulnerabilities have been discovered in GRUB, the worst of which may allow for secureboot bypass.

OS: Fedora

Fedora 37: redis 2022-de7b3ceca6

**Redis 7.0.5** - Released Wed Sep 21 20:00:00 IST 2022 Upgrade urgency: SECURITY, contains fixes to security issues. Security Fixes: * (**CVE-2022-35951**) Executing a XAUTOCLAIM command on a stream key in a specific state, with a specially crafted COUNT argument, may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code

Fedora 37: thunderbird 2022-b4583f536b

Update to 102.3.0 ; https://www.mozilla.org/en- US/security/advisories/mfsa2022-42/ ; https://www.thunderbird.net/en- US/thunderbird/102.3.0/releasenotes/

Fedora 37: python-nbxmpp 2022-bf1f350185

Update Gajim to 1.5.1 (and python-nbxmpp to 3.2.2)

Fedora 37: gajim 2022-bf1f350185

Update Gajim to 1.5.1 (and python-nbxmpp to 3.2.2)

Exploit-DB.com

[webapps] Feehi CMS 2.1.1 - Remote Code Execution (RCE) (Authenticated)
Feehi CMS 2.1.1 - Remote Code Execution (RCE) (Authenticated)

[webapps] TP-Link Tapo c200 1.1.15 - Remote Code Execution (RCE)
TP-Link Tapo c200 1.1.15 - Remote Code Execution (RCE)

[remote] Teleport v10.1.1 - Remote Code Execution (RCE)
Teleport v10.1.1 - Remote Code Execution (RCE)

[webapps] Wordpress Plugin WP-UserOnline 2.88.0 - Stored Cross Site Scripting (XSS)
Wordpress Plugin WP-UserOnline 2.88.0 - Stored Cross Site Scripting (XSS)

OS: Debian LTS

Debian LTS: DLA-3120-1: poppler security update

Several security vulnerabilities have been discovered in Poppler, a PDF rendering library, that could lead to denial of service or possibly other unspecified impact when processing maliciously crafted documents.

Debian LTS: DLA-3119-1: expat security update

Rhodri James discovered a heap use-after-free vulnerability in the doContent function in Expat, an XML parsing C library, which could result in denial of service or potentially the execution of arbitrary code, if a

Debian LTS: DLA-3118-1: unzip security update

Sandipan Roy discovered two vulnerabilities in InfoZIP's unzip program, a de-archiver for .zip files, which could result in denial of service or potentially the execution of arbitrary code.

Debian LTS: DLA-3117-1: mediawiki security update

Several security vulnerabilities were discovered in mediawiki, a website engine for collaborative work. Insufficiently escaped input text may allow a malicious user to perform cross-site-scripting (XSS) attacks.

OS: Scientific

SciLinux: SLSA-2022-6381-1 Important: open-vm-tools on SL7.x x86_64

open-vm-tools: local root privilege escalation in the virtual machine (CVE-2022-31676) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 open-vm-tools-11.0.5-3.el7_9.4.x86_64.rpm open-vm-tools-debuginfo-11.0.5-3.el7_9.4.x86_64.rpm open-vm-tools-desktop-11.0.5-3.el7_9.4.x8 [More...]

SciLinux: SLSA-2022-6160-1 Important: systemd on SL7.x x86_64

systemd-resolved: use-after-free when dealing with DnsStream in resolved-dns-stream.c (CVE-2022-2526) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 libgudev1-219-78.el7_9.7.i686.rpm libgudev1-219-78.el7_9.7.x86_64.rpm systemd-219-78.el7_9.7.x86_64.rpm systemd-debu [More...]

SciLinux: SLSA-2022-6179-1 Important: firefox on SL7.x x86_64

This update upgrades Firefox to version 91.13.0 ESR. * Mozilla: Address bar spoofing via XSLT error handling (CVE-2022-38472) * Mozilla: Cross-origin XSLT Documents would have inherited the parent's permissions (CVE-2022-38473) * Mozilla: Memory safety bugs fixed in Firefox 104 and Firefox ESR 102.2 (CVE-2022-38477) * Mozilla: Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2, and F [More...]

SciLinux: SLSA-2022-6169-1 Important: thunderbird on SL7.x x86_64

This update upgrades Thunderbird to version 91.13.0. * Mozilla: Address bar spoofing via XSLT error handling (CVE-2022-38472) * Mozilla: Cross-origin XSLT Documents would have inherited the parent's permissions (CVE-2022-38473) * Mozilla: Memory safety bugs fixed in Firefox 104 and Firefox ESR 102.2 (CVE-2022-38477) * Mozilla: Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2, and F [More...]

OS: Mageia

Mageia 2022-0347: thunderbird security update

When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead (CVE-2022-40956). By injecting a cookie with certain special characters, an attacker on a

Mageia 2022-0346: webkit2 security update

A buffer overflow issue which may lead to arbitrary code execution was addressed with improved memory handling. (CVE-2022-32886) Visiting a website that frames malicious content may lead to UI spoofing. he issue was addressed with improved UI handling. (CVE-2022-32891)

Mageia 2022-0345: tcpreplay security update

tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c. (CVE-2022-27939) tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_ipv6_next in common/get.c. (CVE-2022-27940)

Mageia 2022-0344: firefox security update

OS: CentOS

CentOS: CESA-2022-6381: Important CentOS 7 open-vm-tools

Upstream details at : https://access.redhat.com/errata/RHSA-2022:6381

CentOS: CESA-2022-6170: Important CentOS 7 rsync

Upstream details at : https://access.redhat.com/errata/RHSA-2022:6170

CentOS: CESA-2022-6160: Important CentOS 7 systemd

Upstream details at : https://access.redhat.com/errata/RHSA-2022:6160

CentOS: CESA-2022-6169: Important CentOS 7 thunderbird

Upstream details at : https://access.redhat.com/errata/RHSA-2022:6169

NIST Vulnerability Database

CVE-2022-21169
The package express-xss-sanitizer before 1.1.3 are vulnerable to Prototype Pollution via the allowedTags attribute, allowing the attacker to bypass xss sanitization.

CVE-2022-21797
The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.

OS: Debian

Debian: DSA-5237-1: firefox-esr security update

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, CSP bypass or session fixation.

Debian: DSA-5236-1: expat security update

Debian: DSA-5235-1: bind9 security update

Several vulnerabilities were discovered in BIND, a DNS server implementation. CVE-2022-2795

Debian: DSA-5234-1: fish security update

An arbitrary code execution vulnerability was disovered in fish, a command line shell. When using the default configuraton of fish, changing to a directory automatically ran `git` commands in order to display information about the current repository in the prompt. Such

OS: Arch

ArchLinux: 202204-9: python-django: sql injection

The package python-django before version 4.0.4-1 is vulnerable to sql injection.

ArchLinux: 202204-8: xz: arbitrary command execution

The package xz before version 5.2.5-3 is vulnerable to arbitrary command execution.

ArchLinux: 202204-7: gzip: arbitrary command execution

The package gzip before version 1.12-1 is vulnerable to arbitrary command execution.

ArchLinux: 202204-6: libtiff: multiple issues

The package libtiff before version 4.3.0-2 is vulnerable to multiple issues including arbitrary code execution and denial of service.