Category Archives: Advisories

SEC Consult SA-20241125-0 :: Unlocked JTAG interface and buffer overflow in Siemens SM-2558 Protocol Element, Siemens CP-2016 & CP-2019

Read Time:17 Second

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Nov 27

SEC Consult Vulnerability Lab Security Advisory < 20241125-0 >
=======================================================================
title: Unlocked JTAG interface and buffer overflow
product: Siemens SM-2558 Protocol Element (extension module for
Siemens SICAM AK3/TM/BC),
Siemens CP-2016 & CP-2019
vulnerable version: JTAG: Unknown HW revision, Zynq Firmware…

Read More

Re: Local Privilege Escalations in needrestart

Read Time:20 Second

Posted by Mark Esler on Nov 27

The security fix for CVE-2024-48991, 6ce6136 (“core: prevent race
condition on /proc/$PID/exec evaluation”) [0], introduced a regression
which was subsequently fixed 42af5d3 (“core: fix regression of false
positives for processes running in chroot or mountns (#317)”) [1].

Many thanks to Ivan Kurnosov and Salvatore Bonaccorso for their review.

[0] https://github.com/liske/needrestart/commit/6ce6136cccc307c6b8a0f8cae12f9a22ac2aad59

Read More

uv-0.5.5-2.fc41

Read Time:2 Minute, 29 Second

FEDORA-2024-8568f9cd5e

Packages in this update:

uv-0.5.5-2.fc41

Update description:

Update uv from 0.4.30 to 0.5.5. This is a significant update. Please see the following notes.

By updating to a current release of uv, this update fixes CVE-2024-53899, which was originally reported against virtualenv but which was also reproducible on uv 0.5.2 and earlier. See upstream issue #9424 for more details.

This update adds a default system-wide configuration file /etc/uv/uv.toml with settings specific to Fedora. The RPM-packaged uv now deviates from the default configuration in two ways.

First, we set “python-downloads” to “manual” in order to avoid unintended Python downloads. We suggest using RPM-packaged (system) Pythons that benefit from distribution maintenance and integration. Use uv python install to manually install managed Pythons.

Second, we set “python-preference” to “system” instead of “managed”. Otherwise, any managed Python would be used for uv operations where no particular Python is specified, even if the only available managed Python were much older than the primary system Python.

No choices can be appropriate for all users and applications. To restore the default behavior, comment out settings in this file or override them in a configuration file with higher precedence, such as a user-level configuration file. See https://docs.astral.sh/uv/configuration/files/ for details on the interaction of project-, user-, and system-level configuration files.

With 0.5.0, uv introduced several potentially breaking changes. The developers write that these are “changes that improve correctness and user experience, but could break some workflows. This release contains those changes; many have been marked as breaking out of an abundance of caution. We expect most users to be able to upgrade without making changes.”

Use base executable to set virtualenv Python path
Use XDG (i.e. ~/.local/bin) instead of the Cargo home directory in the installer
Discover and respect .python-version files in parent directories
Error when disallowed settings are defined in uv.toml
Implement PEP 440-compliant local version semantics
Treat the base Conda environment as a system environment
Do not allow pre-releases when the != operator is used
Prefer USERPROFILE over FOLDERID_Profile when selecting a home directory on Windows
Improve interactions between color environment variables and CLI options
Make allow-insecure-host a global option
Only write .python-version files during uv init for workspace members if the version differs

For detailed discussion of these changes, please see https://github.com/astral-sh/uv/releases/tag/0.5.0.

For other fixes, enhancements, and changes in this update, please consult the following:

https://github.com/astral-sh/uv/releases/tag/0.5.1
https://github.com/astral-sh/uv/releases/tag/0.5.2
https://github.com/astral-sh/uv/releases/tag/0.5.3
https://github.com/astral-sh/uv/releases/tag/0.5.4
https://github.com/astral-sh/uv/releases/tag/0.5.5

Read More

USN-7092-2: mpg123 vulnerability

Read Time:25 Second

USN-7092-1 fixed a vulnerability in mpg123. Bastien Roucariès discovered
that the fix was incomplete on Ubuntu 20.04 LTS. This update fixes the
problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that mpg123 incorrectly handled certain mp3 files. If a
user or automated system were tricked into opening a specially crafted mp3
file, a remote attacker could use this issue to cause mpg123 to crash,
resulting in a denial of service, or possibly execute arbitrary code.

Read More

Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution

Read Time:36 Second

Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution.

Mozilla Firefox is a web browser used to access the Internet.Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations.Mozilla Thunderbird is an email client.

Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

ZDI-24-1630: (0Day) Fuji Electric Monitouch V-SFT X1 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

Read Time:18 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11933.

Read More

ZDI-24-1629: (0Day) Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Read Time:17 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11803.

Read More

ZDI-24-1628: (0Day) Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-Based Buffer Overflow Remote Code Execution Vulnerability

Read Time:17 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11802.

Read More

ZDI-24-1627: (0Day) Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Read Time:17 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11801.

Read More