Category Archives: Advisories

CVE-2022-23522

March 30, 2023

Read Time:46 Second

MindsDB is an open source machine learning platform. An unsafe extraction is being performed using `shutil.unpack_archive()` from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. This vulnerability is sometimes called a **TarSlip** or a **ZipSlip variant**. Unpacking files using the high-level function `shutil.unpack_archive()` from a potentially malicious tarball without validating that the destination file path remained within the intended destination directory may cause files to be overwritten outside the destination directory. An attacker could craft a malicious tarball with a filename path, such as `../../../../../../../../etc/passwd`, and then serve the archive remotely using a personal bucket `s3`, thus, retrieve the tarball through **mindsdb** and overwrite the system files of the hosting server. This issue has been addressed in version 22.11.4.3. Users are advised to upgrade. Users unable to upgrade should avoid ingesting archives from untrusted sources.

Advisories

CVE-2022-30350

March 30, 2023

Read Time:21 Second

Avanquest Software RAD PDF (PDFEscape Online) 3.19.2.2 is vulnerable to Information Leak / Disclosure. The PDFEscape Online tool provides users with a “white out” functionality for redacting images, text, and other graphics from a PDF document. However, this mechanism does not remove underlying text or PDF object specification information from the PDF. As a result, for example, redacted text may be copy-pasted by a PDF reader.

Advisories

CVE-2022-30351

March 30, 2023

Read Time:27 Second

PDFZorro PDFZorro Online r20220428 using TCPDF 6.2.5, despite having workflows claiming to correctly remove redacted information from a supplied PDF file, does not properly sanitize this information in all cases, causing redacted information, including images and text embedded in the PDF file, to be leaked unintentionally. In cases where PDF text objects are present it is possible to copy-paste redacted information into the system clipboard. Once a document is “locked” and marked for redaction once, all redactions performed after this feature is triggered are vulnerable.

Advisories

nodejs16-16.20.0-1.fc38 nodejs18-18.15.0-5.fc38 nodejs20-19.8.1-6.fc38

March 30, 2023

Read Time:1 Minute, 53 Second

FEDORA-2023-cdd4df1681

Packages in this update:

nodejs16-16.20.0-1.fc38
nodejs18-18.15.0-5.fc38
nodejs20-19.8.1-6.fc38

Update description:

Assorted fixes for v8-devel

Update to 19.8.1

Fix confilct with nodejs18

2023-02-16, Version 16.19.1 ‘Gallium’ (LTS), @richardlau

This is a security release.

Notable Changes

The following CVEs are fixed in this release:

CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule (High)
CVE-2023-23919: Node.js OpenSSL error handling issues in nodejs crypto library (Medium)
CVE-2023-23920: Node.js insecure loading of ICU data through ICU_DATA environment variable (Low)

Fixed by an update to undici:

CVE-2023-23936: Fetch API in Node.js did not protect against CRLF injection in host headers (Medium)
See https://github.com/nodejs/undici/security/advisories/GHSA-5r9g-qh6m-jxff for more information.
CVE-2023-24807: Regular Expression Denial of Service in Headers in Node.js fetch API (Low)
See https://github.com/nodejs/undici/security/advisories/GHSA-r6ch-mqf9-qc9w for more information.

More detailed information on each of the vulnerabilities can be found in February 2023 Security Releases blog post.

This security release includes OpenSSL security updates as outlined in the recent
OpenSSL security advisory.

Commits

[7fef050447] – build: build ICU with ICU_NO_USER_DATA_OVERRIDE (RafaelGSS) nodejs-private/node-private#374
[b558e9f476] – crypto: clear OpenSSL error on invalid ca cert (RafaelGSS) nodejs-private/node-private#375
[160adb7ffc] – crypto: clear OpenSSL error queue after calling X509_check_private_key() (Filip Skokan) #45495
[d0ece30948] – crypto: clear OpenSSL error queue after calling X509_verify() (Takuro Sato) #45377
[2d9ae4f184] – deps: update undici to v5.19.1 (Matteo Collina) nodejs-private/node-private#388
[d80e8312fd] – deps: cherry-pick Windows ARM64 fix for openssl (Richard Lau) #46568
[de5c8d2c2f] – deps: update archs files for quictls/openssl-1.1.1t+quic (RafaelGSS) #46568
[1a8ccfe908] – deps: upgrade openssl sources to OpenSSL_1_1_1t+quic (RafaelGSS) #46568
[693789780b] – doc: clarify release notes for Node.js 16.19.0 (Richard Lau) #45846
[f95ef064f4] – lib: makeRequireFunction patch when experimental policy (RafaelGSS) nodejs-private/node-private#358
[b02d895137] – policy: makeRequireFunction on mainModule.require (RafaelGSS) nodejs-private/node-private#358
[d7f83c420c] – test: avoid left behind child processes (Richard Lau) #46276

Advisories

nodejs16-16.20.0-1.fc37 nodejs18-18.15.0-5.fc37 nodejs20-19.8.1-6.fc37

March 30, 2023

Read Time:1 Minute, 53 Second

FEDORA-2023-c9c9af3c3d

Packages in this update:

nodejs16-16.20.0-1.fc37
nodejs18-18.15.0-5.fc37
nodejs20-19.8.1-6.fc37

Update description:

Assorted fixes for v8-devel

Update to 19.8.1

Fix confilct with nodejs18

2023-02-16, Version 16.19.1 ‘Gallium’ (LTS), @richardlau

This is a security release.

Notable Changes

The following CVEs are fixed in this release:

Fixed by an update to undici:

More detailed information on each of the vulnerabilities can be found in February 2023 Security Releases blog post.

This security release includes OpenSSL security updates as outlined in the recent
OpenSSL security advisory.

Commits

Advisories

USN-5989-1: GlusterFS vulnerability

March 30, 2023

Read Time:8 Second

Tao Lyu discovered that GlusterFS did not properly handle certain
event notifications. An attacker could possibly use this issue to
cause a denial of service.