FEDORA-2022-4ff296fe8e
Packages in this update:
bash-5.1.16-3.fc36
Update description:
Add a null check in parameter_brace_transform() function
bash-5.1.16-3.fc36
Add a null check in parameter_brace_transform() function
bash-5.1.8-3.fc35
Add a null check in parameter_brace_transform() function
bash-5.1.16-4.fc37
Add a null check in parameter_brace_transform() function
Posted by malvuln on Sep 27
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/94ccd337cbdd4efbbcc0a6c888abb87d.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Augudor.b
Vulnerability: Remote File Write Code Execution
Description: The malware drops an empty file named “zy.exe” and listens on
TCP port 810. Third-party adversaries who can reach the infected host can…
Posted by malvuln on Sep 27
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/0b8cf90ab9820cb3fcb7f1d1b45e4e57.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Psychward.b
Vulnerability: Weak Hardcoded Credentials
Description: The malware listens on TCP port 8888 and requires
authentication. However, the password “4174” is weak and hardcoded in
cleartext within the PE…
Posted by malvuln on Sep 27
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/eacaa12336f50f1c395663fba92a4d32.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Bingle.b
Vulnerability: Weak Hardcoded Credentials
Description: The malware is packed using ASPack 2.11, listens on TCP port
22 and requires authentication. However, the password “let me in” is weak
and…
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Sep 27
SEC Consult Vulnerability Lab Security Advisory < 20220923-0 >
=======================================================================
title: Multiple Memory Corruption Vulnerabilities
product: COVESA DLT daemon (Diagnostic Log and Trace)
Connected Vehicle Systems Alliance (COVESA), formerly GENIVI
vulnerable version: <= 2.18.8
fixed version: current master branch commit…
python-dnslib-0.9.21-1.el8
Update to latest upstream release 0.9.21
python-dnslib-0.9.21-1.fc38
Automatic update for python-dnslib-0.9.21-1.fc38.
* Tue Sep 27 2022 Fabian Affolter <mail@fabian-affolter.ch> – 0.9.21-1
– Update to latest upstream release 0.9.21
– Fix for CVE-2022-22846 (closes rhbz#2042610, closes rhbz#2042611)
A heap-based buffer overflow vulnerability was discovered in gdal, a
Geospatial Data Abstraction Library, which could result in denial of
service or potentially the execution of arbitrary code, if a specially
crafted file is processed with the PCIDSK driver.