Category Archives: Advisories

libopenmpt-0.7.8-1.el9

Read Time:2 Minute, 37 Second

FEDORA-EPEL-2024-c862af93eb

Packages in this update:

libopenmpt-0.7.8-1.el9

Update description:

libopenmpt 0.7.8 (2024-06-09)

[Sec] Potential heap out-of-bounds read with malformed Dynamic Studio DSm files (r20912).
MED: Additional command pages can now be read.
MED: Echo DSP is now emulated.
AMS: Default channel panning was broken, using all-center panning instead of MOD-style panning.
STP: Correctly import volume slides where both nibbles are set.
MDL: Pitch slide depth was wrong since libopenmpt 0.6.0.
DTM: Fix pitch slide depth for samples with finetune.
DSm: Don’t import as Amiga module (and thus allow Amiga resampler to be enabled), as this PC format can easily exceed the Amiga frequency range.
DSm: Only the first 48 samples were ever read.
STM / STX: Don’t set channel panning. ScreamTracker 2 only outputs mono sound.
PSM: File header probing was stricter than actual file loader, rejecting manipulated files that would otherwise load fine.

libopenmpt 0.7.7 (2024-05-12)

[Bug] examples/libopenmpt_example_c_pipe.c and libopenmpt/bindings/freebasic/libopenmpt_ext.bi were missing from the Autotools package.
[New] New Makefile CONFIG=mingw-w64 option WINDOWS_CRT=[crtdll,msvcrt,ucrt] to select the toolchain CRT library.
[Change] build/download_externals.sh now verifies the integrity of any downloaded files and uses curl instead of wget.
[Regression] Optimization level when compiling with GCC 14 has been forced down to -O1 due to the severe miscompilation GCC 14 has shown on MinGW-w64 amd64 (see https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115049).
IT: Disable a few more compatibility flags for older SchismTracker builds.
IT: Halve the output volume of files saved with ChibiTracker, as its mixer is about half as loud as ours.
S3M: In mono mode, the ratio between sample and OPL volume was incorrect.
S3M: Detect files saved with PlayerPRO.
XM: Detect files saved with PlayerPRO. Improved detection of files saved with ModPlug Tracker.
XM: Files with impossibly small pattern headers are now rejected, like FastTracker 2 does.
STK: Loosen SoundTracker file rejection heuristics a bit to allow loading of files with malformed song titles and overly long samples. Other heuristics has been tightened a bit.
MOD: Change VBlank timing heuristic to always assume CIA timing when long samples unsupported by original ProTracker) are found.
MOD: Disable NoiseTracker quirks if empty sample slots have a default volume other than 0.
MOD: 7-bit panning detection may have returned incorrect results for MODs with a channel count other than 4.
MED: Improve handling of default tempo, panning and channel volume in files containing more than one song.
MO3: Reduced maximum allowed music data (not samples) size from 2 GiB to 512 MiB.
XMF: Header validation is now stricter.
MDL: Slightly more accurate import of pattern command 9 (enabling envelopes instead of setting envelope position).
ULT: Support the highest three octaves.
OPL emulation could produce clicks when using a mix rate higher than 65536 Hz.
xmp-openmpt: Subsongs whose length could not be calculate no longer show a duration of -12:-55.
mpg123: Update to v1.32.6 (2024-04-04).

Read More

webkitgtk-2.44.2-2.fc40

Read Time:36 Second

FEDORA-2024-4d71f28349

Packages in this update:

webkitgtk-2.44.2-2.fc40

Update description:

Update to 2.44.2:

Make gamepads visible on axis movements, and not only on button presses.
Disable the gst-libav AAC decoder.
Make user scripts and style sheets visible in the Web Inspector.
Use the geolocation portal where available, with the existing geoclue as fallback if the portal is not usable.
Use the printing portal when running sandboxed.
Use the file transfer portal for drag and drop when running sandboxed.
Avoid notifying an empty cursor rectangle to input methods.
Remove empty bar shown in detached inspector windows.
Consider keycode when activating application accelerators.
Fix several crashes and rendering issues.
Fix CVE-2024-27834

Read More

webkitgtk-2.44.2-2.fc39

Read Time:36 Second

FEDORA-2024-826bf5a09a

Packages in this update:

webkitgtk-2.44.2-2.fc39

Update description:

Update to 2.44.2:

Make gamepads visible on axis movements, and not only on button presses.
Disable the gst-libav AAC decoder.
Make user scripts and style sheets visible in the Web Inspector.
Use the geolocation portal where available, with the existing geoclue as fallback if the portal is not usable.
Use the printing portal when running sandboxed.
Use the file transfer portal for drag and drop when running sandboxed.
Avoid notifying an empty cursor rectangle to input methods.
Remove empty bar shown in detached inspector windows.
Consider keycode when activating application accelerators.
Fix several crashes and rendering issues.
Fix CVE-2024-27834

Read More

CyberDanube Security Research 20240604-0 | Multiple Vulnerabilities in utnserver Pro/ProMAX/INU-100

Read Time:16 Second

Posted by Thomas Weber via Fulldisclosure on Jun 09

CyberDanube Security Research 20240604-0
——————————————————————————-
title| Multiple Vulnerabilities
product| SEH utnserver Pro/ProMAX / INU-100
vulnerable version| 20.1.22
fixed version| 20.1.28
CVE number| CVE-2024-5420, CVE-2024-5421, CVE-2024-5422
impact| High
homepage| https://www.seh-technology.com/

Read More

SEC Consult SA-20240606-0 :: Multiple critical vulnerabilities in Kiuwan SAST on-premise (KOP) & cloud/SaaS & Kiuwan Local Analyzer (KLA)

Read Time:17 Second

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jun 09

SEC Consult Vulnerability Lab Security Advisory < 20240606-0 >
=======================================================================
title: Multiple critical vulnerabilities
product: Kiuwan SAST on-premise (KOP) & cloud/SaaS
Kiuwan Local Analyzer (KLA)
vulnerable version: Kiuwan SAST <2.8.2402.3
Kiuwan Local Analyzer <master.1808.p685.q13371…

Read More

Blind SQL Injection – fengofficev3.11.1.2

Read Time:24 Second

Posted by Andrey Stoykov on Jun 09

# Exploit Title: FengOffice – Blind SQL Injection
# Date: 06/2024
# Exploit Author: Andrey Stoykov
# Version: 3.11.1.2
# Tested on: Ubuntu 22.04
# Blog:
https://msecureltd.blogspot.com/2024/05/friday-fun-pentest-series-6.html

Steps to Reproduce:

1. Login to application
2. Click on “Workspaces”
3. Copy full URL
4. Paste the HTTP GET request into text file
5. Set the injection point to be in the “dim” parameter…

Read More

Trojan.Win32.DarkGateLoader (multi variants) / Arbitrary Code Execution

Read Time:19 Second

Posted by malvuln on Jun 09

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/afe012ed0d96abfe869b9e26ea375824.txt
Contact: malvuln13 () gmail com
Media: x.com/malvuln

Threat: Trojan.Win32.DarkGateLoader (multi variants)
Vulnerability: Arbitrary Code Execution
Description: Multiple variants of this malware look for and execute
x32-bit “urlmon.dll” PE file in its current directory. Therefore, we
can…

Read More

SQL Injection Vulnerability in Boelter Blue System Management (version 1.3)

Read Time:24 Second

Posted by InfoSec-DB via Fulldisclosure on Jun 09

Exploit Title: SQL Injection Vulnerability in Boelter Blue System Management (version 1.3)
Google Dork: inurl:”Powered by Boelter Blue”
Date: 2024-06-04
Exploit Author: CBKB (DeadlyData, R4d1x)
Vendor Homepage: https://www.boelterblue.com
Software Link: https://play.google.com/store/apps/details?id=com.anchor5digital.anchor5adminapp&hl=en_US
Version: 1.3
Tested on: Linux Debian 9 (stretch), Apache 2.4.25, MySQL >= 5.0.12
CVE:…

Read More

USN-6816-1: Linux kernel vulnerabilities

Read Time:6 Minute, 5 Second

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not
properly handle certain error conditions, leading to a NULL pointer
dereference. A local attacker could possibly trigger this vulnerability to
cause a denial of service. (CVE-2022-38096)

Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux
kernel contained a race condition during device removal, leading to a use-
after-free vulnerability. A physically proximate attacker could possibly
use this to cause a denial of service (system crash). (CVE-2023-47233)

It was discovered that the ATA over Ethernet (AoE) driver in the Linux
kernel contained a race condition, leading to a use-after-free
vulnerability. An attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2023-6270)

It was discovered that the Atheros 802.11ac wireless driver did not
properly validate certain data structures, leading to a NULL pointer
dereference. An attacker could possibly use this to cause a denial of
service. (CVE-2023-7042)

It was discovered that the Intel Data Streaming and Intel Analytics
Accelerator drivers in the Linux kernel allowed direct access to the
devices for unprivileged users and virtual machines. A local attacker could
use this to cause a denial of service. (CVE-2024-21823)

Gui-Dong Han discovered that the software RAID driver in the Linux kernel
contained a race condition, leading to an integer overflow vulnerability. A
privileged attacker could possibly use this to cause a denial of service
(system crash). (CVE-2024-23307)

Bai Jiaju discovered that the Xceive XC4000 silicon tuner device driver in
the Linux kernel contained a race condition, leading to an integer overflow
vulnerability. An attacker could possibly use this to cause a denial of
service (system crash). (CVE-2024-24861)

Chenyuan Yang discovered that the Unsorted Block Images (UBI) flash device
volume management subsystem did not properly validate logical eraseblock
sizes in certain situations. An attacker could possibly use this to cause a
denial of service (system crash). (CVE-2024-25739)

It was discovered that the MediaTek SoC Gigabit Ethernet driver in the
Linux kernel contained a race condition when stopping the device. A local
attacker could possibly use this to cause a denial of service (device
unavailability). (CVE-2024-27432)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– ARM32 architecture;
– PowerPC architecture;
– x86 architecture;
– Block layer subsystem;
– ACPI drivers;
– Bluetooth drivers;
– Clock framework and drivers;
– CPU frequency scaling framework;
– Cryptographic API;
– DPLL subsystem;
– ARM SCMI message protocol;
– EFI core;
– GPU drivers;
– InfiniBand drivers;
– IOMMU subsystem;
– LED subsystem;
– Multiple devices driver;
– Media drivers;
– MMC subsystem;
– Network drivers;
– NTB driver;
– NVME drivers;
– PCI subsystem;
– Powercap sysfs driver;
– SCSI drivers;
– Freescale SoC drivers;
– SPI subsystem;
– Media staging drivers;
– Thermal drivers;
– TTY drivers;
– USB subsystem;
– DesignWare USB3 driver;
– VFIO drivers;
– Backlight driver;
– Virtio drivers;
– Xen hypervisor drivers;
– AFS file system;
– File systems infrastructure;
– BTRFS file system;
– debug file system;
– Ext4 file system;
– F2FS file system;
– FAT file system;
– Network file system client;
– NILFS2 file system;
– Overlay file system;
– Pstore file system;
– Diskquota system;
– SMB network file system;
– UBI file system;
– io_uring subsystem;
– BPF subsystem;
– Core kernel;
– Memory management;
– Bluetooth subsystem;
– Networking core;
– HSR network protocol;
– IPv4 networking;
– IPv6 networking;
– MAC80211 subsystem;
– IEEE 802.15.4 subsystem;
– Netfilter;
– Packet sockets;
– Network traffic control;
– Sun RPC protocol;
– ALSA SH drivers;
– SOF drivers;
– USB sound devices;
– KVM core;
(CVE-2024-35822, CVE-2024-26859, CVE-2024-26967, CVE-2024-27053,
CVE-2024-27064, CVE-2024-27437, CVE-2024-26931, CVE-2024-26870,
CVE-2024-26927, CVE-2024-26880, CVE-2024-35789, CVE-2024-26929,
CVE-2024-27034, CVE-2024-26816, CVE-2024-26896, CVE-2024-26975,
CVE-2024-26972, CVE-2024-26937, CVE-2024-27032, CVE-2024-26871,
CVE-2024-26655, CVE-2024-35829, CVE-2024-26886, CVE-2023-52653,
CVE-2024-27028, CVE-2024-26877, CVE-2024-26898, CVE-2024-35796,
CVE-2024-27065, CVE-2024-35807, CVE-2024-26966, CVE-2024-35826,
CVE-2024-27067, CVE-2024-27039, CVE-2024-35811, CVE-2024-26895,
CVE-2024-26814, CVE-2024-26893, CVE-2023-52649, CVE-2024-35801,
CVE-2023-52648, CVE-2024-27048, CVE-2024-26934, CVE-2024-27049,
CVE-2024-26890, CVE-2024-26874, CVE-2022-48669, CVE-2023-52661,
CVE-2024-27436, CVE-2024-27058, CVE-2024-26935, CVE-2024-26956,
CVE-2024-26960, CVE-2024-26976, CVE-2024-27041, CVE-2024-26873,
CVE-2024-26946, CVE-2024-27080, CVE-2024-27432, CVE-2023-52650,
CVE-2024-26879, CVE-2023-52647, CVE-2024-27435, CVE-2024-27038,
CVE-2024-26951, CVE-2024-27390, CVE-2024-26863, CVE-2024-26959,
CVE-2024-35794, CVE-2024-26889, CVE-2024-35845, CVE-2024-27433,
CVE-2024-26961, CVE-2024-35803, CVE-2024-26653, CVE-2024-26939,
CVE-2024-26872, CVE-2024-26979, CVE-2024-26973, CVE-2024-27029,
CVE-2024-35831, CVE-2024-26892, CVE-2024-26888, CVE-2024-27074,
CVE-2024-35844, CVE-2024-26938, CVE-2024-26953, CVE-2024-27391,
CVE-2024-35843, CVE-2024-27040, CVE-2024-26875, CVE-2024-27026,
CVE-2024-26978, CVE-2024-26882, CVE-2023-52652, CVE-2023-52662,
CVE-2024-26963, CVE-2024-26962, CVE-2024-27051, CVE-2024-27068,
CVE-2024-26881, CVE-2024-35800, CVE-2024-26964, CVE-2024-27389,
CVE-2024-27043, CVE-2024-26901, CVE-2024-26941, CVE-2024-35798,
CVE-2024-35799, CVE-2024-26952, CVE-2024-26654, CVE-2024-27046,
CVE-2024-35810, CVE-2024-27050, CVE-2024-27063, CVE-2024-26954,
CVE-2024-26884, CVE-2024-27047, CVE-2024-26932, CVE-2024-26883,
CVE-2024-26943, CVE-2024-26651, CVE-2024-26815, CVE-2024-26948,
CVE-2024-27066, CVE-2024-27037, CVE-2024-35806, CVE-2024-26869,
CVE-2024-26878, CVE-2024-26810, CVE-2024-35797, CVE-2024-27073,
CVE-2024-26812, CVE-2024-26933, CVE-2024-26809, CVE-2024-26894,
CVE-2024-35813, CVE-2024-27033, CVE-2024-26876, CVE-2024-27076,
CVE-2024-27045, CVE-2024-27079, CVE-2024-26861, CVE-2024-26957,
CVE-2024-26864, CVE-2024-26866, CVE-2024-35814, CVE-2024-26813,
CVE-2024-27388, CVE-2024-27042, CVE-2024-26862, CVE-2024-26968,
CVE-2024-26940, CVE-2024-27027, CVE-2024-35793, CVE-2024-35874,
CVE-2024-27035, CVE-2024-26958, CVE-2024-26887, CVE-2024-35809,
CVE-2024-26930, CVE-2024-35819, CVE-2024-27392, CVE-2024-35808,
CVE-2023-52644, CVE-2024-35828, CVE-2024-26657, CVE-2024-26969,
CVE-2024-27434, CVE-2024-35821, CVE-2023-52663, CVE-2024-27078,
CVE-2024-35787, CVE-2024-27044, CVE-2024-26848, CVE-2024-26955,
CVE-2024-26899, CVE-2024-27077, CVE-2024-26897, CVE-2024-26945,
CVE-2024-26885, CVE-2024-27069, CVE-2024-27070, CVE-2024-27054,
CVE-2024-35795, CVE-2024-35817, CVE-2024-35827, CVE-2024-26656,
CVE-2024-26860, CVE-2024-26942, CVE-2023-52659, CVE-2024-26865,
CVE-2024-26868, CVE-2024-26947, CVE-2024-35788, CVE-2024-26950,
CVE-2024-27030, CVE-2024-26949, CVE-2024-26900, CVE-2024-26971,
CVE-2024-35805, CVE-2024-26977, CVE-2024-26944, CVE-2024-27036,
CVE-2024-26965, CVE-2024-26891, CVE-2024-27071, CVE-2024-27075,
CVE-2024-27072, CVE-2024-35830, CVE-2024-27052, CVE-2024-26970,
CVE-2024-27031)

Read More