USN-6968-1 fixed CVE-2024-7348 in PostgreSQL-12, PostgreSQL-14, and
PostgreSQL-16
This update provides the corresponding updates for PostgreSQL-9.5 in
Ubuntu 16.04 LTS.
Original advisory details:
Noah Misch discovered that PostgreSQL incorrectly handled certain
SQL objects. An attacker could possibly use this issue to execute
arbitrary SQL functions as the superuser.
Many GitHub users this week received a novel phishing email warning of critical security holes in their code. Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. While it’s unlikely that many programmers fell for this scam, it’s notable because less targeted versions of it are likely to be far more successful against the average Windows user.
A reader named Chris shared an email he received this week that spoofed GitHub’s security team and warned: “Hey there! We have detected a security vulnerability in your repository. Please contact us at https://github-scanner[.]com to get more information on how to fix this issue.”
Visiting that link generates a web page that asks the visitor to “Verify You Are Human” by solving an unusual CAPTCHA.
This malware attack pretends to be a CAPTCHA intended to separate humans from bots.
Clicking the “I’m not a robot” button generates a pop-up message asking the user to take three sequential steps to prove their humanity. Step 1 involves simultaneously pressing the keyboard key with the Windows icon and the letter “R,” which opens a Windows “Run” prompt that will execute any specified program that is already installed on the system.
Executing this series of keypresses prompts the built-in Windows Powershell to download password-stealing malware.
Step 2 asks the user to press the “Control” key and the letter “V” at the same time, which pastes malicious code from the site’s virtual clipboard.
Step 3 — pressing the “Enter” key — causes Windows to launch a PowerShell command, and then fetch and execute a malicious file from github-scanner[.]com called “l6e.exe.”
PowerShell is a powerful, cross-platform automation tool built into Windows that is designed to make it simpler for administrators to automate tasks on a PC or across multiple computers on the same network.
According to an analysis at the malware scanning service Virustotal.com, the malicious file downloaded by the pasted text is called Lumma Stealer, and it’s designed to snarf any credentials stored on the victim’s PC.
This phishing campaign may not have fooled many programmers, who no doubt natively understand that pressing the Windows and “R” keys will open up a “Run” prompt, or that Ctrl-V will dump the contents of the clipboard.
But I bet the same approach would work just fine to trick some of my less tech-savvy friends and relatives into running malware on their PCs. I’d also bet none of these people have ever heard of PowerShell, let alone had occasion to intentionally launch a PowerShell terminal.
Given those realities, it would be nice if there were a simple way to disable or at least heavily restrict PowerShell for normal end users for whom it could become more of a liability.
However, Microsoft strongly advises against nixing PowerShell because some core system processes and tasks may not function properly without it. What’s more, doing so requires tinkering with sensitive settings in the Windows registry, which can be a dicey undertaking even for the learned.
Still, it wouldn’t hurt to share this article with the Windows users in your life who fit the less-savvy profile. Because this particular scam has a great deal of room for growth and creativity.
USN-7015-1 fixed several vulnerabilities in Python. This update provides
one of the corresponding updates for python2.7 for Ubuntu 16.04 LTS,
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS, and a second for
python3.5 for Ubuntu 16.04 LTS.
Original advisory details:
It was discovered that Python allowed excessive backtracking while
parsing certain tarfile headers. A remote attacker could possibly use
this issue to cause Python to consume resources, leading to a denial
of service. This issue only affected python3.5 for
Ubuntu 16.04 LTS (CVE-2024-6232)
It was discovered that the Python http.cookies module incorrectly
handled parsing cookies that contained backslashes for quoted
characters. A remote attacker could possibly use this issue to cause
Python to consume resources, leading to a denial of service.
(CVE-2024-7592)
It was discovered that Emacs incorrectly handled input sanitization. An
attacker could possibly use this issue to execute arbitrary commands. This
issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04
LTS. (CVE-2022-45939)
Xi Lu discovered that Emacs incorrectly handled input sanitization. An
attacker could possibly use this issue to execute arbitrary commands. This
issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS
and Ubuntu 22.04 LTS. (CVE-2022-48337)
Xi Lu discovered that Emacs incorrectly handled input sanitization. An
attacker could possibly use this issue to execute arbitrary commands. This
issue only affected Ubuntu 22.04 LTS. (CVE-2022-48338)
Xi Lu discovered that Emacs incorrectly handled input sanitization. An
attacker could possibly use this issue to execute arbitrary commands. This
issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04
LTS. (CVE-2022-48339)
It was discovered that Emacs incorrectly handled filename sanitization. An
attacker could possibly use this issue to execute arbitrary commands. This
issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04
LTS. (CVE-2023-28617)
It was discovered that Emacs incorrectly handled certain crafted files. An
attacker could possibly use this issue to crash the program, resulting in
a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu
18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2024-30203,
CVE-2024-30204, CVE-2024-30205)
It was discovered that Emacs incorrectly handled certain crafted files. An
attacker could possibly use this issue to execute arbitrary commands.
(CVE-2024-39331)
Infostealer malware and digital identity exposure behind rise in ransomware, researchers find
It was discovered that tgt attempts to achieve entropy
by calling rand without srand. The PRNG seed is always 1,
and thus the sequence of challenges is always identical.
The FBI has shut down a botnet run by Chinese hackers:
The botnet malware infected a number of different types of internet-connected devices around the world, including home routers, cameras, digital video recorders, and NAS drives. Those devices were used to help infiltrate sensitive networks related to universities, government agencies, telecommunications providers, and media organizations…. The botnet was launched in mid-2021, according to the FBI, and infected roughly 260,000 devices as of June 2024.
The operation to dismantle the botnet was coordinated by the FBI, the NSA, and the Cyber National Mission Force (CNMF), according to a press release dated Wednesday. The U.S. Department of Justice received a court order to take control of the botnet infrastructure by sending disabling commands to the malware on infected devices. The hackers tried to counterattack by hitting FBI infrastructure but were “ultimately unsuccessful,” according to the law enforcement agency.
Cyber and law enforcement agencies across the “Five Eyes” countries issue warning about large-scale botnet linked to Chinese firm and Flax Typhoon group
helix-24.07-2.fc42
rust-cargo-0.79.0-4.fc42
rust-cargo-deny-0.14.24-3.fc42
rust-dua-cli-2.29.2-1.fc42
rust-gix-0.66.0-1.fc42
rust-gix-actor-0.32.0-1.fc42
rust-gix-archive-0.15.0-1.fc42
rust-gix-attributes-0.22.5-1.fc42
rust-gix-command-0.3.9-1.fc42
rust-gix-commitgraph-0.24.3-1.fc42
rust-gix-config-0.40.0-1.fc42
rust-gix-config-value-0.14.8-1.fc42
rust-gix-credentials-0.24.5-1.fc42
rust-gix-date-0.9.0-1.fc42
rust-gix-diff-0.46.0-1.fc42
rust-gix-dir-0.8.0-1.fc42
rust-gix-discover-0.35.0-1.fc42
rust-gix-features-0.38.2-3.fc42
rust-gix-filter-0.13.0-1.fc42
rust-gix-fs-0.11.3-1.fc42
rust-gix-glob-0.16.5-1.fc42
rust-gix-ignore-0.11.4-1.fc42
rust-gix-index-0.35.0-1.fc42
rust-gix-mailmap-0.24.0-1.fc42
rust-gix-negotiate-0.15.0-1.fc42
rust-gix-object-0.44.0-1.fc42
rust-gix-odb-0.63.0-1.fc42
rust-gix-pack-0.53.0-1.fc42
rust-gix-packetline-0.17.6-1.fc42
rust-gix-packetline-blocking-0.17.5-1.fc42
rust-gix-path-0.10.11-1.fc42
rust-gix-pathspec-0.7.7-1.fc42
rust-gix-prompt-0.8.7-1.fc42
rust-gix-protocol-0.45.3-1.fc42
rust-gix-ref-0.47.0-1.fc42
rust-gix-refspec-0.25.0-1.fc42
rust-gix-revision-0.29.0-1.fc42
rust-gix-revwalk-0.15.0-1.fc42
rust-gix-sec-0.10.8-1.fc42
rust-gix-status-0.13.0-1.fc42
rust-gix-submodule-0.14.0-1.fc42
rust-gix-tempfile-14.0.2-1.fc42
rust-gix-trace-0.1.10-1.fc42
rust-gix-transport-0.42.3-1.fc42
rust-gix-traverse-0.41.0-1.fc42
rust-gix-url-0.27.5-1.fc42
rust-gix-validate-0.9.0-1.fc42
rust-gix-worktree-0.36.0-1.fc42
rust-gix-worktree-state-0.13.0-1.fc42
rust-gix-worktree-stream-0.15.0-1.fc42
rust-onefetch-2.21.0-4.fc42
rust-prodash-29.0.0-1.fc42
rust-rustsec-0.29.3-3.fc42
rust-tame-index-0.12.0-3.fc42
rust-vergen-8.3.1-4.fc42
stgit-2.4.12-1.fc42
Update gix to version 0.66
It was discovered that LibreOffice would incorrectly handle digital
signature verification after repairing a corrupted document. A remote
attacker could possibly use this issue to forge valid signatures.
