From diabonas at archlinux.org Wed Sep 15 08:47:45 2021 From: diabonas at archlinux.org (Jonas Witschel) Date: Wed, 15 Sep 2021 10:47:45 +0200 Subject: [ASA-202109-1] hedgedoc: cross-site scripting Message-ID: <20210915084745.c5okpa3n2xnrmpde@archlinux.org> Arch Linux Security Advisory ASA-202109-1 ========================================= Severity: High Date : 2021-09-14 CVE-ID : CVE-2021-39175 Package : hedgedoc Type : cross-site scripting Remote : Yes Link : https://security.archlinux.org/AVG-2331 Summary ======= The package hedgedoc before version 1.9.0-1 is vulnerable to cross-site scripting. Resolution ========== Upgrade to 1.9.0-1. # pacman -Syu "hedgedoc>=1.9.0-1" The problem has been fixed upstream in version 1.9.0. Workaround ========== None. Description =========== In HedgeDoc versions prior to 1.9.0, an unauthenticated attacker can inject arbitrary JavaScript into the speaker-notes of the slide-mode feature by embedding an iframe hosting the malicious code into the slides or by embedding the HedgeDoc instance into another page. Impact ====== An unauthenticated remote attacker could execute arbitrary JavaScript code in the slide mode of HedgeDoc. References ========== https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-j748-779h-9697 https://github.com/hedgedoc/hedgedoc/pull/1369 https://github.com/hedgedoc/hedgedoc/pull/1375 https://github.com/hedgedoc/hedgedoc/pull/1513 https://security.archlinux.org/CVE-2021-39175 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: From diabonas at archlinux.org Wed Sep 15 08:48:07 2021 From: diabonas at archlinux.org (Jonas Witschel) Date: Wed, 15 Sep 2021 10:48:07 +0200 Subject: [ASA-202109-2] firefox: multiple issues Message-ID: <20210915084807.ejjfhrrelgolikd7@archlinux.org> Arch Linux Security Advisory ASA-202109-2 ========================================= Severity: High Date : 2021-09-14 CVE-ID : CVE-2021-38491 CVE-2021-38494 Package : firefox Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-2350 Summary ======= The package firefox before version 92.0-1 is vulnerable to multiple issues including arbitrary code execution and insufficient validation. Resolution ========== Upgrade to 92.0-1. # pacman -Syu "firefox>=92.0-1" The problems have been fixed upstream in version 92.0. Workaround ========== None. Description =========== - CVE-2021-38491 (insufficient validation) In Firefox before version 92, mixed-content checks were unable to analyze opaque origins which led to some mixed content being loaded. - CVE-2021-38494 (arbitrary code execution) Mozilla developers reported memory safety bugs present in Firefox 91. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with enough effort some of these could have been exploited to run arbitrary code. Impact ====== A remote attacker could execute arbitrary code through crafted web content, or load content over HTTP on a web page otherwise served through HTTPS. References ========== https://www.mozilla.org/security/advisories/mfsa2021-38/ https://bugzilla.mozilla.org/show_bug.cgi?id=1551886 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1723920%2C1725638 https://security.archlinux.org/CVE-2021-38491 https://security.archlinux.org/CVE-2021-38494 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: From diabonas at archlinux.org Wed Sep 15 08:48:19 2021 From: diabonas at archlinux.org (Jonas Witschel) Date: Wed, 15 Sep 2021 10:48:19 +0200 Subject: [ASA-202109-3] ghostscript: arbitrary command execution Message-ID: <20210915084819.upw6dvzvk5oyfj3a@archlinux.org> Arch Linux Security Advisory ASA-202109-3 ========================================= Severity: High Date : 2021-09-14 CVE-ID : CVE-2021-3781 Package : ghostscript Type : arbitrary command execution Remote : Yes Link : https://security.archlinux.org/AVG-2374 Summary ======= The package ghostscript before version 9.54.0-3 is vulnerable to arbitrary command execution. Resolution ========== Upgrade to 9.54.0-3. # pacman -Syu "ghostscript>=9.54.0-3" The problem has been fixed upstream but no release is available yet. Workaround ========== None. Description =========== A trivial sandbox (enabled with the -dSAFER option) escape security issue was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. Impact ====== An attacker could execute arbitrary commands through crafted documents, bypassing the interpreter's sandbox. References ========== https://bugzilla.redhat.com/show_bug.cgi?id=2002271 https://bugs.ghostscript.com/show_bug.cgi?id=704342 https://twitter.com/emil_lerner/status/1430502815181463559 https://github.com/duc-nt/RCE-0-day-for-GhostScript-9.50 https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a9bd3dec9fde03327a4a2c69dad1036bf9632e20 https://security.archlinux.org/CVE-2021-3781 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: From diabonas at archlinux.org Wed Sep 15 08:48:29 2021 From: diabonas at archlinux.org (Jonas Witschel) Date: Wed, 15 Sep 2021 10:48:29 +0200 Subject: [ASA-202109-4] element-desktop: information disclosure Message-ID: <20210915084829.cbpoouy2cuxp7w4l@archlinux.org> Arch Linux Security Advisory ASA-202109-4 ========================================= Severity: High Date : 2021-09-14 CVE-ID : CVE-2021-40823 Package : element-desktop Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-2377 Summary ======= The package element-desktop before version 1.8.4-1 is vulnerable to information disclosure. Resolution ========== Upgrade to 1.8.4-1. # pacman -Syu "element-desktop>=1.8.4-1" The problem has been fixed upstream in version 1.8.4. Workaround ========== None. Description =========== A security has been found in matrix-js-sdk before version 12.4.1, as used by Element Web/Desktop before version 1.8.4. In certain circumstances it may be possible to trick vulnerable clients into disclosing encryption keys for messages previously sent by that client to user accounts later compromised by an attacker. Exploiting this vulnerability to read encrypted messages requires gaining control over the recipient?s account. This requires either compromising their credentials directly or compromising their homeserver. Thus, the greatest risk is to users who are in encrypted rooms containing malicious servers. Admins of malicious servers could attempt to impersonate their users' devices in order to spy on messages sent by vulnerable clients in that room. Impact ====== A remote attacker able to compromise a user account could disclose encryption keys for messages previously sent by the Matrix client. References ========== https://matrix.org/blog/2021/09/13/vulnerability-disclosure-key-sharing/ https://github.com/matrix-org/matrix-js-sdk/commit/894c24880da0e1cc81818f51c0db80e3c9fb2be9 https://security.archlinux.org/CVE-2021-40823 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: From diabonas at archlinux.org Wed Sep 15 08:48:40 2021 From: diabonas at archlinux.org (Jonas Witschel) Date: Wed, 15 Sep 2021 10:48:40 +0200 Subject: [ASA-202109-5] element-web: information disclosure Message-ID: <20210915084840.idwtl3as3e2po36l@archlinux.org> Arch Linux Security Advisory ASA-202109-5 ========================================= Severity: High Date : 2021-09-14 CVE-ID : CVE-2021-40823 Package : element-web Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-2377 Summary ======= The package element-web before version 1.8.4-1 is vulnerable to information disclosure. Resolution ========== Upgrade to 1.8.4-1. # pacman -Syu "element-web>=1.8.4-1" The problem has been fixed upstream in version 1.8.4. Workaround ========== None. Description =========== A security has been found in matrix-js-sdk before version 12.4.1, as used by Element Web/Desktop before version 1.8.4. In certain circumstances it may be possible to trick vulnerable clients into disclosing encryption keys for messages previously sent by that client to user accounts later compromised by an attacker. Exploiting this vulnerability to read encrypted messages requires gaining control over the recipient?s account. This requires either compromising their credentials directly or compromising their homeserver. Thus, the greatest risk is to users who are in encrypted rooms containing malicious servers. Admins of malicious servers could attempt to impersonate their users' devices in order to spy on messages sent by vulnerable clients in that room. Impact ====== A remote attacker able to compromise a user account could disclose encryption keys for messages previously sent by the Matrix client. References ========== https://matrix.org/blog/2021/09/13/vulnerability-disclosure-key-sharing/ https://github.com/matrix-org/matrix-js-sdk/commit/894c24880da0e1cc81818f51c0db80e3c9fb2be9 https://security.archlinux.org/CVE-2021-40823 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: From diabonas at archlinux.org Wed Sep 15 08:48:51 2021 From: diabonas at archlinux.org (Jonas Witschel) Date: Wed, 15 Sep 2021 10:48:51 +0200 Subject: [ASA-202109-6] chromium: arbitrary code execution Message-ID: <20210915084851.gkfkdqimjbgg7hck@archlinux.org> Arch Linux Security Advisory ASA-202109-6 ========================================= Severity: High Date : 2021-09-14 CVE-ID : CVE-2021-30625 CVE-2021-30626 CVE-2021-30627 CVE-2021-30628 CVE-2021-30629 CVE-2021-30630 CVE-2021-30631 CVE-2021-30632 CVE-2021-30633 Package : chromium Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-2379 Summary ======= The package chromium before version 93.0.4577.82-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 93.0.4577.82-1. # pacman -Syu "chromium>=93.0.4577.82-1" The problems have been fixed upstream in version 93.0.4577.82. Workaround ========== None. Description =========== - CVE-2021-30625 (arbitrary code execution) A use after free security issue has been found in the Selection API component of the Chromium browser engine before version 93.0.4577.82. - CVE-2021-30626 (arbitrary code execution) An out of bounds memory access security issue has been found in the ANGLE component of the Chromium browser engine before version 93.0.4577.82. - CVE-2021-30627 (arbitrary code execution) A type confusion security issue has been found in the Blink layout component of the Chromium browser engine before version 93.0.4577.82. - CVE-2021-30628 (arbitrary code execution) A stack buffer overflow security issue has been found in the ANGLE component of the Chromium browser engine before version 93.0.4577.82. - CVE-2021-30629 (arbitrary code execution) A use after free security issue has been found in the Permissions component of the Chromium browser engine before version 93.0.4577.82. - CVE-2021-30630 (arbitrary code execution) An inappropriate implementation security issue has been found in the Blink component of the Chromium browser engine before version 93.0.4577.82. - CVE-2021-30631 (arbitrary code execution) A type confusion security issue has been found in the Blink layout component of the Chromium browser engine before version 93.0.4577.82. - CVE-2021-30632 (arbitrary code execution) An out of bounds write security issue has been found in the V8 component of the Chromium browser engine before version 93.0.4577.82. Google is aware that exploits for this issue exist in the wild. - CVE-2021-30633 (arbitrary code execution) A use after free security issue has been found in the Indexed DB API component of the Chromium browser engine before version 93.0.4577.82. Google is aware that exploits for this issue exist in the wild. Impact ====== A remote attacker could execute arbitrary code through crafted web content. References ========== https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop.html https://crbug.com/1237533 https://crbug.com/1241036 https://crbug.com/1245786 https://crbug.com/1241123 https://crbug.com/1243646 https://crbug.com/1244568 https://crbug.com/1246932 https://crbug.com/1247763 https://crbug.com/1247766 https://security.archlinux.org/CVE-2021-30625 https://security.archlinux.org/CVE-2021-30626 https://security.archlinux.org/CVE-2021-30627 https://security.archlinux.org/CVE-2021-30628 https://security.archlinux.org/CVE-2021-30629 https://security.archlinux.org/CVE-2021-30630 https://security.archlinux.org/CVE-2021-30631 https://security.archlinux.org/CVE-2021-30632 https://security.archlinux.org/CVE-2021-30633 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: