* Wed Nov 23 2022 Julien Rische <jrische@redhat.com> – 1.20.1-1
– New upstream version (1.20.1)
– Resolves: rhbz#2124463
– Restore “supportedCMSTypes” attribute in PKINIT preauth requests
– Set SHA-512 or SHA-256 with RSA as preferred CMS signature algorithms
– Resolves: rhbz#2114766
– Update error checking for OpenSSL CMS_verify
– Resolves: rhbz#2119704
– Remove invalid password expiry warning
– Resolves: rhbz#2129113
* Wed Nov 9 2022 Julien Rische <jrische@redhat.com> – 1.19.2-13
– Fix integer overflows in PAC parsing (CVE-2022-42898)
– Resolves: rhbz#2143011
* Tue Aug 2 2022 Andreas Schneider <asn@redhat.com> – 1.19.2-12
– Use baserelease to set the release number
– Do not define netlib, but use autoconf detection for res_* functions
– Add missing BR for resolv_wrapper to run t_discover_uri.py
SnakeYaml’s Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml’s SafeConsturctor when parsing untrusted content to restrict deserialization.
The Qualys Research Team discovered that a race condition existed in the
snapd snap-confine binary when preparing the private /tmp mount for a
snap. A local attacker could possibly use this issue to escalate privileges
and execute arbitrary code.
FortiGuard Labs is aware of a report that a new ransomware strain named “RansomBoggs” was deployed to multiple unnamed organizations in Ukraine. The ransomware encrypts files on compromised machines and provides attacker’s contact information for victims to talk with the attacker for file recovery.Why is this Significant?This is significant because RansomBoggs is the latest ransomware that targets Ukrainian organizations. Based on the tactics, techniques, and procedures (TTPs) used in the attack, security vendor ESET attributed RansomBoggs to the Sandworm APT group who is believed to be associated with the Main Directorate of the General Staff of the Armed Forces of the Russian Federation.What is RansomBoggs Ransomware?RansomBoggs ransomware encrypts files on compromised machines and adds a “.chsch” file extension to the affected files. It drops a ransom note requesting victims to get in touch with the attacker for file recovery.Currently, there is no indication that RansomBoggs ransomware has wiper functionality.What is the Status of Coverage?FortiGuard Labs provides the following AV signature for RansomBoggs ransomware:MSIL/Filecoder.A!tr.ransom
