Drupal core’s form API has a vulnerability where certain contributed or custom modules’ forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.
Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users who have access to use revisions of content generally, but who do not have access to individual items of node and media content. This vulnerability only affects sites using Drupal’s revision system.
In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system. Access to a non-public file is checked only if it is stored in the “private” file system. However, some contributed modules provide additional file systems, or schemes, which may lead to this vulnerability. This vulnerability is mitigated by the fact that it only applies when the site sets (Drupal 9) $config[‘image.settings’][‘allow_insecure_derivatives’] or (Drupal 7) $conf[‘image_allow_insecure_derivatives’] to TRUE. The recommended and default setting is FALSE, and Drupal core does not provide a way to change that in the admin UI. Some sites may require configuration changes following this security release. Review the release notes for your Drupal version if you have issues accessing files or image styles after updating.
It was discovered that the Traffic-Control Index (TCINDEX) implementation
in the Linux kernel did not properly perform filter deactivation in some
situations. A local attacker could possibly use this to gain elevated
privileges. Please note that with the fix for this CVE, kernel support for
the TCINDEX classifier has been removed. (CVE-2023-1829)
It was discovered that the OverlayFS implementation in the Linux kernel did
not properly handle copy up operation in some conditions. A local attacker
could possibly use this to gain elevated privileges. (CVE-2023-0386)
FortiGuard Labs is aware that a recently disclosed vulnerability in PaperCut MF/NG (CVE-2023-27350) is susceptible to a remote code execution attack and is currently being exploited in the wild. Various remote management and maintenance software and Truebot malware were reportedly to have been deployed to unpatched severs. As such, patches should be applied as soon as possible. PaperCut NG is a print management software that helps organizations manage printing within their environment. It provides tools for monitoring printer usage, setting policies, and controlling access to resources. PaperCut NG is compatible with a wide range of printers, copiers, and multi-function devices and can be installed on various operating systems such as Windows, Linux, and macOS. The MF version shares the same codebase, but allows for support of multifunction devices.What is CVE-2023-27350?CVE-2023-27350 is a Remote Code Execution (RCE) vulnerability that allows an attacker to bypass authentication and remotely execute malicious code on unpatched servers.What is the CVSS Score?The vulnerability has a CVSS base score of 9.8.Is CVE-2023-27350 being Exploited in the Wild?PaperCut confirms the vulnerability is being exploited in the wild. Furthermore, known remote management, maintenance software and the Truebot malware were reported deployed on vulnerable servers. The Clop ransomware threat actor is believed to have used the Truebot malware in their attacks in this latest attack.Has the Vendor Released an Advisory for CVE-2023-27350?Yes, a vendor advisory is available. Please refer to the Appendix for a link to “URGENT | PaperCut MF/NG vulnerability bulletin (March 2023)”.Has the Vendor Released a Patch for CVE-2023-27350?Yes, PaperCut has released a patch for CVE-2023-27350 for PaperCut MF and PaperCut NG versions 20.1.7, 21.2.11 and 22.0.9 and later. Please refer to the “URGENT | PaperCut MF/NG vulnerability bulletin (March 2023) (PaperCut)” in the APPENDIX for further details.Which Versions of PaperCut are Vulnerable to CVE-2023-27350?According to the advisory, PaperCut MF or NG version 8.0 or later on all OS platforms are vulnerable.What is the Status of Protection?FortiGuard Labs has the following AV coverage in place for the known remote management and maintenance software deployed on servers after exploitation of CVE-2023-27350 as:W64/Agent.CGW!trRiskware/RemoteAdminAll reported network IOCs related to the post-exploitation activities are blocked by Webfiltering. FortiGuard Labs is currently investigating additional coverage and will update this Threat Signal when new information becomes available.Any Suggested Mitigation?The PaperCut advisory contains detailed mitigation and work arounds. Please refer to the “URGENT | PaperCut MF/NG vulnerability bulletin (March 2023) (PaperCut)” in the APPENDIX for further details.
git-2.40.1-1.fc36
update to 2.40.1 (CVE-2023-25652, CVE-2023-25815, CVE-2023-29007)
Refer to the release notes for 2.30.9 for details of each CVE as well as
the following security advisories from the git project:
https://github.com/git/git/security/advisories/GHSA-2hvf-7c8p-28fx (CVE-2023-25652)
https://github.com/git/git/security/advisories/GHSA-v48j-4xgg-4844 (CVE-2023-29007)
(At this time there is no upstream advisory for CVE-2023-25815. This
issue does not affect the Fedora packages as we do not use the runtime
prefix support.)
Release notes:
https://github.com/git/git/raw/v2.30.9/Documentation/RelNotes/2.30.9.txt
https://github.com/git/git/raw/v2.40.1/Documentation/RelNotes/2.40.1.txt
git-2.40.1-1.fc38
update to 2.40.1 (CVE-2023-25652, CVE-2023-25815, CVE-2023-29007)
Refer to the release notes for 2.30.9 for details of each CVE as well as
the following security advisories from the git project:
https://github.com/git/git/security/advisories/GHSA-2hvf-7c8p-28fx (CVE-2023-25652)
https://github.com/git/git/security/advisories/GHSA-v48j-4xgg-4844 (CVE-2023-29007)
(At this time there is no upstream advisory for CVE-2023-25815. This
issue does not affect the Fedora packages as we do not use the runtime
prefix support.)
Release notes:
https://github.com/git/git/raw/v2.30.9/Documentation/RelNotes/2.30.9.txt
https://github.com/git/git/raw/v2.40.1/Documentation/RelNotes/2.40.1.txt
git-2.40.1-1.fc37
update to 2.40.1 (CVE-2023-25652, CVE-2023-25815, CVE-2023-29007)
Refer to the release notes for 2.30.9 for details of each CVE as well as
the following security advisories from the git project:
https://github.com/git/git/security/advisories/GHSA-2hvf-7c8p-28fx (CVE-2023-25652)
https://github.com/git/git/security/advisories/GHSA-v48j-4xgg-4844 (CVE-2023-29007)
(At this time there is no upstream advisory for CVE-2023-25815. This
issue does not affect the Fedora packages as we do not use the runtime
prefix support.)
Release notes:
https://github.com/git/git/raw/v2.30.9/Documentation/RelNotes/2.30.9.txt
https://github.com/git/git/raw/v2.40.1/Documentation/RelNotes/2.40.1.txt
USN-6010-1 fixed vulnerabilities and USN-6010-2 fixed minor regressions in
Firefox. The update introduced several minor regressions. This update fixes
the problem.
We apologize for the inconvenience.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2023-29537,
CVE-2023-29540, CVE-2023-29543, CVE-2023-29544, CVE-2023-29547,
CVE-2023-29548, CVE-2023-29549, CVE-2023-29550, CVE-2023-29551)
Irvan Kurniawan discovered that Firefox did not properly manage fullscreen
notifications using a combination of window.open, fullscreen requests,
window.name assignments, and setInterval calls. An attacker could
potentially exploit this issue to perform spoofing attacks. (CVE-2023-29533)
Lukas Bernhard discovered that Firefox did not properly manage memory
when doing Garbage Collector compaction. An attacker could potentially
exploits this issue to cause a denial of service. (CVE-2023-29535)
Zx from qriousec discovered that Firefox did not properly validate the
address to free a pointer provided to the memory manager. An attacker could
potentially exploits this issue to cause a denial of service.
(CVE-2023-29536)
Alexis aka zoracon discovered that Firefox did not properly validate the
URI received by the WebExtension during a load request. An attacker could
potentially exploits this to obtain sensitive information. (CVE-2023-29538)
Trung Pham discovered that Firefox did not properly validate the filename
directive in the Content-Disposition header. An attacker could possibly
exploit this to perform reflected file download attacks potentially
tricking users to install malware. (CVE-2023-29539)
Ameen Basha M K discovered that Firefox did not properly validate downloads
of files ending in .desktop. An attacker could potentially exploits this
issue to execute arbitrary code. (CVE-2023-29541)
ARC (aka ARC2) through 2011-12-01 allows blind SQL Injection in getTriplePatternSQL in ARC2_StoreSelectQueryHandler.php via comments in a SPARQL WHERE clause.
