Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Daily Archives: July 9, 2024
Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution.
Adobe Premiere Pro is a timeline-based and non-linear video editing software application.
Adobe InDesign is a desktop publishing and page layout designing software application.
Adobe Bridge is a free digital asset management application.
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights
Eldorado Ransomware Strikes Windows and Linux Networks
Group-IB also revealed the ransomware uses Chacha20 and RSA-OAEP for encryption
gopass-hibp-1.15.13-1.fc41
FEDORA-2024-40c0ff79e8
Packages in this update:
gopass-hibp-1.15.13-1.fc41
Update description:
Automatic update for gopass-hibp-1.15.13-1.fc41.
Changelog
* Tue Jul 9 2024 Mikel Olasagasti Uranga <mikel@olasagasti.info> – 1.15.13-1
– Update to 1.15.13 – Closes rhbz#2159125 rhbz#2255098
* Sun Feb 11 2024 Maxwell G <maxwell@gtmx.me> – 1.15.7-4
– Rebuild for golang 1.22.0
freeradius-3.2.5-1.fc39
FEDORA-2024-c395d8fef4
Packages in this update:
freeradius-3.2.5-1.fc39
Update description:
Update to upstream release 3.2.5
Ransomware attack on blood-testing service puts lives in danger in South Africa
A ransomware attack by the BlackSuit gang against South Africa’s National Health Laboratory Service (NHLS) has put lives at risk and created chaos for healthcare services across the country.
Read more in my article on the Hot for Security blog.
A Vulnerability in OpenSSH Could Allow for Remote Code Execution
A vulnerability has been discovered in OpenSSH that could allow for remote code execution. OpenSSH is a suite of secure networking utilities based on the SSH protocol and is crucial for secure communication over unsecured networks. It is widely used in enterprise environments for remote server management, secure file transfers, and various DevOps practices. Successful exploitation of this vulnerability could allow for remote code execution in the context of the unprivileged user running the sshd server. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
freeradius-3.2.5-1.fc40
FEDORA-2024-04ba1ff731
Packages in this update:
freeradius-3.2.5-1.fc40
Update description:
Update to upstream release 3.2.5
krb5-1.21.3-1.fc41
FEDORA-2024-bdc305fe55
Packages in this update:
krb5-1.21.3-1.fc41
Update description:
Automatic update for krb5-1.21.3-1.fc41.
Changelog
* Tue Jul 9 2024 Julien Rische <jrische@redhat.com> – 1.21.3-1
– New upstream version (1.21.3)
– CVE-2024-26458: Memory leak in src/lib/rpc/pmap_rmt.c
Resolves: rhbz#2266732
– CVE-2024-26461: Memory leak in src/lib/gssapi/krb5/k5sealv3.c
Resolves: rhbz#2266741
– CVE-2024-26462: Memory leak in src/kdc/ndr.c
Resolves: rhbz#2266743
– Add missing SPDX license identifiers
Resolves: rhbz#2265333
USN-6887-1: OpenSSH vulnerability
Philippos Giavridis, Jacky Wei En Kung, Daniel Hugenroth, and Alastair
Beresford discovered that the OpenSSH ObscureKeystrokeTiming feature did
not work as expected. A remote attacker could possibly use this issue to
determine timing information about keystrokes.