USN-5727-1: Linux kernel vulnerabilities

Read Time:1 Minute, 27 Second

It was discovered that a race condition existed in the instruction emulator
of the Linux kernel on Arm 64-bit systems. A local attacker could use this
to cause a denial of service (system crash). (CVE-2022-20422)

It was discovered that the KVM implementation in the Linux kernel did not
properly handle virtual CPUs without APICs in certain situations. A local
attacker could possibly use this to cause a denial of service (host system
crash). (CVE-2022-2153)

Hao Sun and Jiacheng Xu discovered that the NILFS file system
implementation in the Linux kernel contained a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-2978)

Abhishek Shah discovered a race condition in the PF_KEYv2 implementation in
the Linux kernel. A local attacker could use this to cause a denial of
service (system crash) or possibly expose sensitive information (kernel
memory). (CVE-2022-3028)

It was discovered that the IDT 77252 ATM PCI device driver in the Linux
kernel did not properly remove any pending timers during device exit,
resulting in a use-after-free vulnerability. A local attacker could
possibly use this to cause a denial of service (system crash) or execute
arbitrary code. (CVE-2022-3635)

It was discovered that the Netlink Transformation (XFRM) subsystem in the
Linux kernel contained a reference counting error. A local attacker could
use this to cause a denial of service (system crash). (CVE-2022-36879)

Xingyuan Mo and Gengjia Chen discovered that the Promise SuperTrak EX
storage controller driver in the Linux kernel did not properly handle
certain structures. A local attacker could potentially use this to expose
sensitive information (kernel memory). (CVE-2022-40768)

Read More

xen-4.15.4-1.fc35

Read Time:13 Second

FEDORA-2022-53a4a5dd11

Packages in this update:

xen-4.15.4-1.fc35

Update description:

update to xen-4.15.4
adjust xen.canonicalize.patch
remove or adjust patches now included or superceded upstream
x86: Multiple speculative security issues [XSA-422, CVE-2022-23824]

Read More

Everything You Need to Know to Avoid a Man-in-the-Middle Mobile Attack

Read Time:3 Minute, 39 Second

Monkey in the middle, the beloved playground staple, extends beyond schoolyards into corporate networks, home desktops, and personal mobile devices in a not-so-fun way. Known as a monkey-in-the-middle or man-in-the-middle attack (MiTM), it’s a type of cybercrime that can happen to anyone. 

Here’s everything you need to know about mobile MiTM schemes specifically, how to identify when your mobile device is experiencing one, and how to protect your personally identifiable information (PII) and your device from cybercriminals. 

What Is a Man-in-the-Middle Mobile Attack? 

A man-in-the-middle attack, or MiTM attack, is a scheme where a cybercriminal intercepts someone’s online activity and impersonates a trusted person or organization. From there, the criminal may ask personal questions or attempt to get financial information; however, since the mobile device owner thinks they’re communicating with someone with good intentions, they give up these details freely. 

MiTM is an umbrella term that includes several cybercrime tactics, such as: 

IP spoofing. In this scheme, a criminal squeezes their way between two communicating parties by hiding their true IP address. (An IP address is the unique code assigned to each device that connects to the internet.) For example, the criminal may eavesdrop on a conversation between a bank representative and a customer. The criminal will pretend to be either party, gaining confidential financial information or giving incorrect banking details to receive wire transfers to their own bank account. 

MFA bombing. A side effect of MFA fatigue, this occurs when a criminal gains access to someone’s login and password details but still needs to surpass a final barrier to entry into a sensitive online account: a one-time, time-sensitive multifactor authentication (MFA) code. The criminal either barrages someone’s phone with code request texts until the person disables MFA in annoyance, or the criminal impersonates a support employee and requests the code via phone, email, or text.  
Session hijacking. This occurs when a cybercriminal takes over a user’s conversation or sensitive internet session (like online banking or online shopping) and continues the session as if they are the legitimate user. The criminal can do this by stealing the user’s session cookie. 

Cybercriminals gain access to mobile devices to carry out MiTM mobile attacks through three main methods: Wi-Fi eavesdropping, malware, or phishing. 

How Can You Identify a MiTM Mobile Attack?  

The most common giveaway of a MiTM attack is a spotty internet connection. If a cybercriminal has a hold on your device, they may disconnect you from the internet so they can take your place in sessions or steal your username and password combination. 

If your device is overheating or the battery life is much shorter than normal, it could indicate that it is running malware in the background. 

How to Protect Your Mobile Device 

If you can identify the signs of a MiTM attack, that’s a great first step in protecting your device. Awareness of your digital surroundings is another way to keep your device and PII safe. Steer clear of websites that look sloppy, and do not stream or download content from unofficial sites. Malware is often hidden in links on dubious sites. 

To safeguard your Wi-Fi connection, protect your home router with a strong password or passphrase. When connecting to public Wi-Fi, confirm with the hotel or café’s staff their official Wi-Fi network name. Then, make sure to connect to a virtual private network (VPN). A VPN encrypts your online activity, which makes it impossible for someone to digitally eavesdrop. 

Finally, a comprehensive antivirus software can clean up your device of malicious programs it might have contracted. 

McAfee+ Ultimate includes unlimited VPN and antivirus, plus a whole lot more to keep all your devices safe. It also includes web protection that alerts you to suspicious websites, identity monitoring, and daily credit reports to help you browse safely and keep on top of any threats to your identity or credit. 

A cybercriminal’s prize for winning a mobile scheme of monkey in the middle is your personal information. With preparation and excellent digital protection tools on your team, you can make sure you emerge victorious and safe. 

The post Everything You Need to Know to Avoid a Man-in-the-Middle Mobile Attack appeared first on McAfee Blog.

Read More

thunderbird-102.5.0-1.fc35

Read Time:25 Second

FEDORA-2022-927df621df

Packages in this update:

thunderbird-102.5.0-1.fc35

Update description:

Update to 102.5.0 ;
https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/ ;
https://www.thunderbird.net/en-US/thunderbird/102.5.0/releasenotes/ ;
https://www.thunderbird.net/en-US/thunderbird/102.4.2/releasenotes/

Update to 102.4.1 ; https://www.thunderbird.net/en-US/thunderbird/102.4.1/releasenotes/

Update to 102.4.0 ; https://www.thunderbird.net/en-US/thunderbird/102.4.0/releasenotes/

Read More

heimdal-7.7.1-1.el7

Read Time:34 Second

FEDORA-EPEL-2022-30fd5a80a8

Packages in this update:

heimdal-7.7.1-1.el7

Update description:

This release fixes the following Security Vulnerabilities:

CVE-2022-42898 PAC parse integer overflows
CVE-2022-3437 Overflows and non-constant time leaks in DES{,3} and arcfour
CVE-2022-41916 Fix Unicode normalization read of 1 bytes past end of array
CVE-2021-44758 NULL dereference DoS in SPNEGO acceptors
CVE-2021-3671 A null pointer de-reference when handling missing sname in TGS-REQ
CVE-2022-44640 Heimdal KDC: invalid free in ASN.1 codec

Note that CVE-2022-44640 is a severe vulnerability, possibly a 10.0 on the Common Vulnerability Scoring System (CVSS) v3.

Read More

heimdal-7.7.1-1.el8

Read Time:34 Second

FEDORA-EPEL-2022-be3947859f

Packages in this update:

heimdal-7.7.1-1.el8

Update description:

This release fixes the following Security Vulnerabilities:

CVE-2022-42898 PAC parse integer overflows
CVE-2022-3437 Overflows and non-constant time leaks in DES{,3} and arcfour
CVE-2022-41916 Fix Unicode normalization read of 1 bytes past end of array
CVE-2021-44758 NULL dereference DoS in SPNEGO acceptors
CVE-2021-3671 A null pointer de-reference when handling missing sname in TGS-REQ
CVE-2022-44640 Heimdal KDC: invalid free in ASN.1 codec

Note that CVE-2022-44640 is a severe vulnerability, possibly a 10.0 on the Common Vulnerability Scoring System (CVSS) v3.

Read More

heimdal-7.7.1-1.fc35

Read Time:34 Second

FEDORA-2022-c6e50d409b

Packages in this update:

heimdal-7.7.1-1.fc35

Update description:

This release fixes the following Security Vulnerabilities:

CVE-2022-42898 PAC parse integer overflows
CVE-2022-3437 Overflows and non-constant time leaks in DES{,3} and arcfour
CVE-2022-41916 Fix Unicode normalization read of 1 bytes past end of array
CVE-2021-44758 NULL dereference DoS in SPNEGO acceptors
CVE-2021-3671 A null pointer de-reference when handling missing sname in TGS-REQ
CVE-2022-44640 Heimdal KDC: invalid free in ASN.1 codec

Note that CVE-2022-44640 is a severe vulnerability, possibly a 10.0 on the Common Vulnerability Scoring System (CVSS) v3.

Read More

heimdal-7.7.1-1.fc36

Read Time:34 Second

FEDORA-2022-fbca84b938

Packages in this update:

heimdal-7.7.1-1.fc36

Update description:

This release fixes the following Security Vulnerabilities:

CVE-2022-42898 PAC parse integer overflows
CVE-2022-3437 Overflows and non-constant time leaks in DES{,3} and arcfour
CVE-2022-41916 Fix Unicode normalization read of 1 bytes past end of array
CVE-2021-44758 NULL dereference DoS in SPNEGO acceptors
CVE-2021-3671 A null pointer de-reference when handling missing sname in TGS-REQ
CVE-2022-44640 Heimdal KDC: invalid free in ASN.1 codec

Note that CVE-2022-44640 is a severe vulnerability, possibly a 10.0 on the Common Vulnerability Scoring System (CVSS) v3.

Read More

heimdal-7.7.1-1.fc37

Read Time:34 Second

FEDORA-2022-ea403b373f

Packages in this update:

heimdal-7.7.1-1.fc37

Update description:

This release fixes the following Security Vulnerabilities:

CVE-2022-42898 PAC parse integer overflows
CVE-2022-3437 Overflows and non-constant time leaks in DES{,3} and arcfour
CVE-2022-41916 Fix Unicode normalization read of 1 bytes past end of array
CVE-2021-44758 NULL dereference DoS in SPNEGO acceptors
CVE-2021-3671 A null pointer de-reference when handling missing sname in TGS-REQ
CVE-2022-44640 Heimdal KDC: invalid free in ASN.1 codec

Note that CVE-2022-44640 is a severe vulnerability, possibly a 10.0 on the Common Vulnerability Scoring System (CVSS) v3.

Read More