Slackware has released security updates to address vulnerabilities in xorg-server and gnutls packages. Exploitation of these vulnerabilities may allow an attacker to cause denial of service condition to an affected system.

Users and Administrators are encouraged to review Slackware Security Advisories SSA:2024-016-02 and SSA:2024-016-01 and apply necessary updates.

GitLab has released security updates to address vulnerabilities in GitLab prior to version 16.8. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system.

Users and Administrators are encouraged to review GitLab Release Note and apply necessary updates.

Advisory No: TZCERT/SA/2024/01/15

Date of First Release: 15^th January 2024

Source: GitLab

Software Affected: GitLab self-managed instances version 16.1 to 16.1.5,16.2 to 16.2.8,16.3 to 16.3.6,16.4 to 16.4.4,16.5 to 16.5.5,16.6 to 16.6.3 and 16.7 to 16.7.1

Overview:

GitLab has released security updates to address two critical vulnerabilities (CVE-2023-7028 and CVE-2023-5356), whereby one could be exploited to take over accounts without requiring any user interaction.

Description:

The vulnerability (CVE-2023-7028, CVSS score: 10) is caused by a fault in the email verification procedure, which allowed users to reset their passwords using a secondary email address.

Another critical flaw (CVE-2023-5356, CVSS score: 9.6), permits a user to abuse Slack/Mattermost integrations to execute slash commands as another user.

Impact:

Successful exploitation of this vulnerability may allow a remote attacker to take control of the affected system.

Solution:

GitLab has released updates to resolve these vulnerabilities. Users and administrations are encouraged to upgrade to the latest version as soon as possible.

References:

1. https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/

Advisory No: TZCERT/SA/2024/01/15

Date of First Release: 15^th January 2024

Source: Ivanti

Software Affected: Version 9.x and 22.x

Overview:

Ivanti has issued an advisory on two critical zero-day vulnerabilities discovered in Ivanti Connect Secure VPN and Ivanti Policy Secure appliances. The vulnerability could lead to unauthenticated remote code execution.

Description:

CVE-2024-21887 (CVSS score of 9.1) is a command injection vulnerability, and CVE-2023-46805 (CVSS score of 9.1) is an authentication bypass vulnerability. Both vulnerabilities impact all supported versions of the Ivanti Connect Secure (formerly Pulse Secure) and Ivanti Policy Secure gateways, including versions 9.x and 22.x.

When these vulnerabilities are exploited together they allow threat actors to execute arbitrary commands on the system without requiring authentication.

Impact:

Successful exploitation of this vulnerability may allow a remote attacker to take control of the affected system.

Solution:

Ivanti has released a workaround to provide mitigation while the patch is in development.

Workaround: https://forums.ivanti.com/s/article/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US

References:

1. https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US
2. https://www.sdxcentral.com/articles/news/ivanti-calls-for-immediate-action-on-two-critical-zero-day-vulnerabilities/2024/01/

Advisory No: TZCERT/SA/2024/01/15

Date of First Release: 15^th January 2024

Source: Juniper

Software Affected: All versions of Junos OS on SRX Series and EX Series.

Overview:

Juniper Networks has released updates to fix a critical remote code execution (RCE) vulnerability in its SRX Series firewalls and EX Series switches. Successfully exploitation of the vulnerability could result in an attacker taking control of the affected system.

Description:

This is caused by the Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS), or Remote Code Execution (RCE) and obtain root privileges on the device.

Impact:

Successful exploitation of this vulnerability may allow a remote attacker to cause Denial of Service (DoS) or take control of the affected system.

Solution:

Juniper has released software updates to resolve this specific issue on: Junos OS: 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S2, 22.4R2-S2, 22.4R3, 23.2R1-S1, 23.2R2, 23.4R1, and all subsequent releases. Users and administrators are encouraged to apply necessary updates.

References:

1. https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Security-Vulnerability-in-J-web-allows-a-preAuth-Remote-Code-Execution-CVE-2024-21591?language=en_US