SnakeYaml’s Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml’s SafeConsturctor when parsing untrusted content to restrict deserialization.
Category Archives: Advisories
snapd-2.57.6-1.el7
FEDORA-EPEL-2022-058d69433a
Packages in this update:
snapd-2.57.6-1.el7
Update description:
Update to the latest upstream release 2.57.6. Includes fixes for CVE 2022-3328.
Update to 2.56.2
snapd-2.57.6-1.el9
FEDORA-EPEL-2022-48ffd03f66
Packages in this update:
snapd-2.57.6-1.el9
Update description:
Update to the latest upstream release 2.57.6. Includes fixes for CVE 2022-3328.
snapd-2.57.6-1.el8
FEDORA-EPEL-2022-d9f41aade7
Packages in this update:
snapd-2.57.6-1.el8
Update description:
Update to the latest upstream release 2.57.6. Includes fixes for CVE 2022-3328.
snapd-2.57.6-1.fc36
FEDORA-2022-8268fa6877
Packages in this update:
snapd-2.57.6-1.fc36
Update description:
Update to the latest upstream release 2.57.6. Includes fixes for CVE 2022-3328
snapd-2.57.6-1.fc37
FEDORA-2022-a425aea810
Packages in this update:
snapd-2.57.6-1.fc37
Update description:
Update to the latest upstream release 2.57.6. Includes fixes for CVE 2022-3328
USN-5753-1: snapd vulnerability
The Qualys Research Team discovered that a race condition existed in the
snapd snap-confine binary when preparing the private /tmp mount for a
snap. A local attacker could possibly use this issue to escalate privileges
and execute arbitrary code.
RansomBoggs Ransomware Targeted Multiple Ukrainian Organizations
FortiGuard Labs is aware of a report that a new ransomware strain named “RansomBoggs” was deployed to multiple unnamed organizations in Ukraine. The ransomware encrypts files on compromised machines and provides attacker’s contact information for victims to talk with the attacker for file recovery.Why is this Significant?This is significant because RansomBoggs is the latest ransomware that targets Ukrainian organizations. Based on the tactics, techniques, and procedures (TTPs) used in the attack, security vendor ESET attributed RansomBoggs to the Sandworm APT group who is believed to be associated with the Main Directorate of the General Staff of the Armed Forces of the Russian Federation.What is RansomBoggs Ransomware?RansomBoggs ransomware encrypts files on compromised machines and adds a “.chsch” file extension to the affected files. It drops a ransom note requesting victims to get in touch with the attacker for file recovery.Currently, there is no indication that RansomBoggs ransomware has wiper functionality.What is the Status of Coverage?FortiGuard Labs provides the following AV signature for RansomBoggs ransomware:MSIL/Filecoder.A!tr.ransom
Aurora Infostealer Sold on Darknet and Telegram
FortiGuard Labs is aware of a report that a new infostealer named “Aurora” is being offered for sale on the darkweb and Telegram. The infostealer was allegedly developed by a threat actor who previously developed the Aurora botnet. Aurora infostealer is capable of stealing data from compromised machines as well as downloading and executing remote files.Why is this Significant?This is significant because Aurora is a new Malware-as-a-Service (MaaS) infostealer reportedly advertised in darknet and telegram sites. Aurora not only steals information from compromised machines but also deploys additional malware. According to outside reports, several active threat actors are using Aurora infostealer. What is Aurora Infostealer?Aurora is a Go-based infostealer that targets web browsers, cryptocurrency related browser extensions, cryptocurrency wallets in compromised machines for data exfiltration. Aurora is also capable of downloading and executing remote files, which can be used for deployment of additional malware.The reported infection vector is luring users to install fake software promoted in bogus cryptocurrency and free software web sites. What is the Status of Protection?FortiGuard Labs provide the following AV signatures against known Aurora infostealer samples:W32/Agent.IE!trW32/PossibleThreatReported network IOCs associated with Aurora infostealer are blocked by the Webfiltering client.
DSA-5292 snapd – security update
The Qualys Research Team discovered a race condition in the snapd-confine
binary which could result in local privilege escalation.