FEDORA-EPEL-2022-a9236c0113
Packages in this update:
oniguruma-6.8.2-2.el7
Update description:
Backport fix for CVE-2019-13225 from RHEL8.
oniguruma-6.8.2-2.el7
Backport fix for CVE-2019-13225 from RHEL8.
python-bottle-0.12.21-1.el7
Security fix for CVE-2020-28473
FortiGuard Labs is aware of a newly discovered in-the-wild remote access tool (RAT) used by GALLIUM APT, called PingPull. GALLIUM has targeted telecommunication, financial and governmental verticals, specifically in Africa, Europe and Southeast Asia in the past.GALLIUM was first detailed by CyberReason and Microsoft in 2019 in an operation targeting telecom providers stealing call detail records (CDR) that contain transactional information of SMS messages, sent and received phone calls, timestamps and other records. GALLIUM uses various off the shelf tools, and modified open source tools and malware to attack organizations for various campaigns. PingPull was observed by Palo Alto Networks in this latest campaign. Usage of the China Chopper webshell is commonly associated with this APT group as well.Powered by the CTABecause of our partnership in the Cyber Threat Alliance alongside other trusted partner organizations, Fortinet customers were protected in advance of this announcement.What is PingPull?PingPull is a remote access trojan (RAT). What makes PingPull novel is the usage of ICMP (Internet Control Message Protocol) which is not a typical TCP/UDP packet, that allows the threat actor to evade detection as it is not often monitored for anomalous activity. PingPull can also leverage HTTPS and TCP as well for further evasion. PingPull has been observed to install itself as a service for persistence. Besides containing typical RAT functionality, PingPull allows for a reverse shell further adding insult to injury. Previous RATs used by GALLIUM were modified versions of Poison Ivy and Gh0st Rat.Who is GALLIUM?GALLIUM is an APT group attributed to the Chinese government. The modus operandi of this group is to use various off the shelf tools to eventually compromise an organization via the utilization of stolen certificates to ultimately perform lateral movement within. Due to non-standardized APT naming conventions, GALLIUM is also known as Operation Soft Cell (CyberReason).What is the Status of Coverage?FortiGuard customers are protected against PingPull RAT by the following (AV) signatures:W32/PossibleThreatW64/Agent.BGA!trAll known URIs are blocked by the WebFiltering Client.
USN-5359-1 fixed vulnerabilities in rsync.
This update provides the corresponding updates for Ubuntu 16.04 ESM.
Original advisory details:
Danilo Ramos discovered that rsync incorrectly handled memory when
performing certain zlib deflating operations. An attacker could use this
issue to cause rsync to crash, resulting in a denial of service, or
possibly execute arbitrary code.
Han Zheng discovered that Liblouis incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a crash. This issue was
addressed in Ubuntu 21.10 and Ubuntu 22.04 LTS. (CVE-2022-26981)
It was discovered that Liblouis incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbitrary code
or cause a crash. (CVE-2022-31783)
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information, spoof the browser UI, conduct cross-site scripting (XSS)
attacks, bypass content security policy (CSP) restrictions, or execute
arbitrary code.
openssl-1.1.1o-1.fc35
Security fix for CVE-2022-1292
Upgrade to 1.1.1o, #2095817.
openssl1.1-1.1.1o-1.fc36
Security fix for CVE-2022-1292
Upgrade to 1.1.1o, rhbz#2095817.
openssl1.1-1.1.1o-1.fc37
Automatic update for openssl1.1-1.1.1o-1.fc37.
* Mon Jun 13 2022 Clemens Lang <cllang@redhat.com> – 1:1.1.1o-1
– Upgrade to 1.1.1o
Resolves: CVE-2022-1292
Related: rhbz#2095817
python-bottle-0.12.21-2.el8
Cookie test fix backported from upstream (0.12)
Security fix for CVE-2022-31799