INFOSEC – USERSPACE.ORG :

[Linux Security]

OS: Slackware

Slackware: 2022-140-02: mozilla-thunderbird Security Update

New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues.

Slackware: 2022-140-01: mozilla-firefox Security Update

New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues.

Slackware: 2022-131-01: curl Security Update

New curl packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix security issues.

Slackware: 2022-129-01: Slackware 15.0 kernel Security Update

New kernel packages are available for Slackware 15.0 to fix security issues.

OS: Arch

ArchLinux: 202204-9: python-django: sql injection

The package python-django before version 4.0.4-1 is vulnerable to sql injection.

ArchLinux: 202204-8: xz: arbitrary command execution

The package xz before version 5.2.5-3 is vulnerable to arbitrary command execution.

ArchLinux: 202204-7: gzip: arbitrary command execution

The package gzip before version 1.12-1 is vulnerable to arbitrary command execution.

ArchLinux: 202204-6: libtiff: multiple issues

The package libtiff before version 4.3.0-2 is vulnerable to multiple issues including arbitrary code execution and denial of service.

OS: Debian

Debian: DSA-5141-1: thunderbird security update

Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. For the oldstable distribution (buster), these problems have been fixed

Debian: DSA-5140-1: openldap security update

Jacek Konieczny discovered a SQL injection vulnerability in the back-sql backend to slapd in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol, allowing an attacker to alter the database during an LDAP search operations when a specially crafted search filter

Debian: DSA-5139-1: openssl security update

Elison Niven discovered that the c_rehash script included in OpenSSL did not sanitise shell meta characters which could result in the execution of arbitrary commands.

Debian: DSA-5138-1: waitress security update

It was discovered that the Waitress WSGI server was susceptible to HTTP request smuggling in some scenarios when used behind a proxy. For the oldstable distribution (buster), this problem has been fixed

OS: Debian LTS

Debian LTS: DLA-3016-1: rsyslog security update

Several vulnerabilities were discovered in rsyslog, a system and kernel logging daemon. When a log server is configured to accept logs from remote clients through specific modules such as 'imptcp', an attacker can cause a denial of service (DoS) and possibly execute code

Debian LTS: DLA-3018-1: libpgjava security update

It was found that libpgjava, the official PostgreSQL JDBC Driver, would be vulnerable if an attacker controlled jdbc url or properties. The JDBC driver did not verify if certain classes implemented the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary

Debian LTS: DLA-3015-1: ark security update

Fabian Vogt and Dominik Penner discovered that the Ark archive manager did not sanitize extraction paths, which could result in maliciously crafted archives with symlinks writing outside the extraction directory.

Debian LTS: DLA-3014-1: elog security update

A vulnerability was reported in src:elog, a logbook system to manage notes through a Web interface. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of ELOG Electronic Logbook. Authentication is not

OS: Redhat

RedHat: RHSA-2022-4668:01 Moderate: OpenShift Virtualization 4.10.1 Images

Red Hat OpenShift Virtualization release 4.10.1 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

RedHat: RHSA-2022-4690:01 Important: Red Hat OpenShift GitOps security

An update is now available for Red Hat OpenShift GitOps 1.5 in openshift-gitops-argocd container. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

RedHat: RHSA-2022-4691:01 Important: Red Hat OpenShift GitOps security

An update is now available for Red Hat OpenShift GitOps 1.3 in openshift-gitops-argocd container. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

RedHat: RHSA-2022-4692:01 Important: Red Hat OpenShift GitOps security

An update is now available for Red Hat OpenShift GitOps 1.4 in openshift-gitops-argocd container. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

NIST Vulnerability Database

CVE-2022-1752
Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.2.

CVE-2022-29222
Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.5, a DTLS Client could provide a Certificate that it doesn't posses the private key for and Pion DTLS wouldn't reject it. This issue affects users that are using Client certificates only. The connection itself is still secure. The Certificate provided by clients can't be trusted when using a Pion DTLS server prior to version 2.1.5. Users should upgrade to version 2.1.5 to receive a patch. There are currently no known workarounds.

CVE-2022-29216
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow's `saved_model_cli` tool is vulnerable to a code injection. This can be used to open a reverse shell. This code path was maintained for compatibility reasons as the maintainers had several test cases where numpy expressions were used as arguments. However, given that the tool is always run manually, the impact of this is still not severe. The maintainers have now removed the `safe=False` argument, so all parsing is done without calling `eval`. The patch is available in versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4.

CVE-2022-29215
RegionProtect is a plugin that allows users to manage certain events in certain regions of the world. Versions prior to 1.1.0 contain a YAML injection vulnerability that can cause an instant server crash if the passed arguments are not matched. Version 1.1.0 contains a patch for this issue. As a workaround, restrict operator permissions to untrusted people and avoid entering arguments likely to cause a crash.

OS: Fedora

Fedora 35: vim 2022-74b9e404c1

Security fixes for CVE-2022-1769, CVE-2022-1733 ---- The newest upstream commit Security fix for CVE-2022-1674

Fedora 35: dotnet6.0 2022-d69fee9f38

Update to .NET SDK 6.0.105 and Runtime 6.0.5 This is the May 2022 update for .NET 6. It includes fixes for multiple CVEs, including CVE-2022-29117, CVE-2022-29145 and CVE-2022-23267.

Fedora 36: dotnet6.0 2022-9a1d5ea33c

Update to .NET SDK 6.0.105 and Runtime 6.0.5 This is the May 2022 update for .NET 6. It includes fixes for multiple CVEs, including CVE-2022-29117, CVE-2022-29145 and CVE-2022-23267.

Fedora 34: dotnet6.0 2022-256d559f0c

Update to .NET SDK 6.0.105 and Runtime 6.0.5 This is the May 2022 update for .NET 6. It includes fixes for multiple CVEs, including CVE-2022-29117, CVE-2022-29145 and CVE-2022-23267.

OS: Scientific

SciLinux: SLSA-2022-4642-1 Important: kernel on SL7.x x86_64

kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE Bug Fix(es): * kernel panic in mlx5_ib driver SL/CentOS 7.9 VM * [SL-7.9] Get Call Trace about "kernel/timer.c:1270 requeue_timers+0x15e/0x170" on specified [More...]

SciLinux: SLSA-2022-2213-1 Important: zlib on SL7.x x86_64

zlib: A flaw found in zlib when compressing (not decompressing) certain inputs (CVE-2018-25032) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 zlib-1.2.7-20.el7_9.i686.rpm zlib-1.2.7-20.el7_9.x86_64.rpm zlib-debuginfo-1.2.7-20.el7_9.i686.rpm zlib-debuginfo-1.2.7-20 [More...]

SciLinux: SLSA-2022-2191-1 Important: gzip on SL7.x x86_64

gzip: arbitrary-file-write vulnerability (CVE-2022-1271) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 gzip-1.5-11.el7_9.x86_64.rpm gzip-debuginfo-1.5-11.el7_9.x86_64.rpm - Scientific Linux Development Team

SciLinux: SLSA-2022-1725-1 Important: thunderbird on SL7.x x86_64

This update upgrades Thunderbird to version 91.9.0. * Mozilla: Bypassing permission prompt in nested browsing contexts (CVE-2022-29909) * Mozilla: iframe Sandbox bypass (CVE-2022-29911) * Mozilla: Fullscreen notification bypass using popups (CVE-2022-29914) * Mozilla: Leaking browser history with CSS variables (CVE-2022-29916) * Mozilla: Memory safety bugs fixed in Firefox 100 and Firefox E [More...]

NIST Vulnerability Database

CVE-2022-1752
Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.2.

CVEMAP.ORG: Vulnerabilities & Exposures

Medium CVE-2022-30001: Insurance management system project Insurance management system
Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editAgent.php?agent_id=.

Medium CVE-2021-0193: IBM In-band manageability
Improper authentication in the Intel(R) In-Band Manageability software before version 2.13.0 may allow a privileged user to potentially enable escalation of privilege via network access.

Medium CVE-2022-29999: Insurance management system project Insurance management system
Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editClient.php?client_id=.

Medium CVE-2022-30000: Insurance management system project Insurance management system
Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editPayment.php?recipt_no=.

OS: Gentoo

Gentoo: GLSA-202202-03: Mozilla Firefox: Multiple vulnerabilities

Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code.

Gentoo: GLSA-202202-02: Chromium, Google Chrome: Multiple vulnerabilities

Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution of code.

Gentoo: GLSA-202202-01: WebkitGTK+: Multiple vulnerabilities

Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code.

Gentoo: GLSA-202201-02: Chromium, Google Chrome: Multiple vulnerabilities

Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution of code.

Exploit-DB.com

[webapps] Survey Sparrow Enterprise Survey Software 2022 - Stored Cross-Site Scripting (XSS)
Survey Sparrow Enterprise Survey Software 2022 - Stored Cross-Site Scripting (XSS)

[webapps] T-Soft E-Commerce 4 - 'UrunAdi' Stored Cross-Site Scripting (XSS)
T-Soft E-Commerce 4 - 'UrunAdi' Stored Cross-Site Scripting (XSS)

[remote] SDT-CW3B1 1.1.0 - OS Command Injection
SDT-CW3B1 1.1.0 - OS Command Injection

[webapps] T-Soft E-Commerce 4 - SQLi (Authenticated)
T-Soft E-Commerce 4 - SQLi (Authenticated)

OS: Mageia

Mageia 2022-0195: kernel-linus security update

This kernel-linus update is based on upstream 5.15.41 and fixes at least the following security issues: A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel BPF subsystem

Mageia 2022-0194: kernel security update

This kernel update is based on upstream 5.15.41 and fixes at least the following security issues: A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel BPF subsystem

Mageia 2022-0193: microcode security update

Updated microcodes for Intel processors, fixing various functional issues, and at least the following security issues: Sensitive information accessible by physical probing of JTAG interface for some Intel(R) Processors with SGX may allow an unprivileged user to

Mageia 2022-0192: opencontainers-runc security update

A bug was found in runc where runc exec --cap executed processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2). This bug did not affect the container security sandbox as the inheritable set