Christian Moch and Michael Gruhn discovered that the libblkid library
of util-linux did not properly manage memory under certain
circumstances. A local attacker could possibly use this issue
to cause denial of service by consuming all memory through
a specially crafted MSDOS partition table.
Category Archives: Advisories
SEC Consult SA-20220614-0 :: Reflected Cross Site Scripting in SIEMENS-SINEMA Remote Connect
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jun 14
SEC Consult Vulnerability Lab Security Advisory < 20220614-0 >
=======================================================================
title: Reflected Cross Site Scripting
product: SIEMENS-SINEMA Remote Connect
vulnerable version: <=V3.0.1.0-01.01.00.02
fixed version: V3.1.0
CVE number: CVE-2022-29034
impact: medium
homepage: https://siemens.com…
ghex-42.3-1.fc36
FEDORA-2022-23adf3d425
Packages in this update:
ghex-42.3-1.fc36
Update description:
Update to 42.3
main: Hotfix to workaround gtk #4880 (affects Save As dialogs on X11
primarily)
config: Add GNOME 42+ compatibility for dark mode, and fetch dark settings
from portal if possible
widget: Properly update highlights upon resize
find-replace: Remove spurious g_object_ref() call
USN-5477-1: ncurses vulnerabilities
Hosein Askari discovered that ncurses was incorrectly performing
memory management operations when dealing with long filenames while
writing structures into the file system. An attacker could possibly
use this issue to cause a denial of service or execute arbitrary
code. (CVE-2017-16879)
Chung-Yi Lin discovered that ncurses was incorrectly handling access
to invalid memory areas when parsing terminfo or termcap entries where
the use-name had invalid syntax. An attacker could possibly use this
issue to cause a denial of service. (CVE-2018-19211)
It was discovered that ncurses was incorrectly performing bounds
checks when processing invalid hashcodes. An attacker could possibly
use this issue to cause a denial of service or to expose sensitive
information. (CVE-2019-17594)
It was discovered that ncurses was incorrectly handling
end-of-string characters when processing terminfo and termcap files.
An attacker could possibly use this issue to cause a denial of
service or to expose sensitive information. (CVE-2019-17595)
It was discovered that ncurses was incorrectly handling
end-of-string characters when converting between termcap and
terminfo formats. An attacker could possibly use this issue to cause
a denial of service or execute arbitrary code. (CVE-2021-39537)
It was discovered that ncurses was incorrectly performing bounds
checks when dealing with corrupt terminfo data while reading a
terminfo file. An attacker could possibly use this issue to cause a
denial of service or to expose sensitive information.
(CVE-2022-29458)
vim-8.2.5085-1.fc35
FEDORA-2022-c302c5f62d
Packages in this update:
vim-8.2.5085-1.fc35
Update description:
The newest upstream commit
Security fix for CVE-2022-2000
golang-github-emicklei-restful-3.8.0-1.fc35
FEDORA-2022-589a0ad690
Packages in this update:
golang-github-emicklei-restful-3.8.0-1.fc35
Update description:
Update to 3.8.0. Fixes rhbz#1948196.
Mitigate CVE-2022-1996.
golang-github-emicklei-restful-3.8.0-1.fc36
FEDORA-2022-185697ef56
Packages in this update:
golang-github-emicklei-restful-3.8.0-1.fc36
Update description:
Update to 3.8.0. Fixes rhbz#1948196.
Mitigate CVE-2022-1996.
oniguruma-6.8.2-2.el7
FEDORA-EPEL-2022-a9236c0113
Packages in this update:
oniguruma-6.8.2-2.el7
Update description:
Backport fix for CVE-2019-13225 from RHEL8.
python-bottle-0.12.21-1.el7
FEDORA-EPEL-2022-0286a0e93a
Packages in this update:
python-bottle-0.12.21-1.el7
Update description:
Security fix for CVE-2020-28473
PingPull RAT Activity Observed in New in the Wild Attacks (GALLIUM APT)
FortiGuard Labs is aware of a newly discovered in-the-wild remote access tool (RAT) used by GALLIUM APT, called PingPull. GALLIUM has targeted telecommunication, financial and governmental verticals, specifically in Africa, Europe and Southeast Asia in the past.GALLIUM was first detailed by CyberReason and Microsoft in 2019 in an operation targeting telecom providers stealing call detail records (CDR) that contain transactional information of SMS messages, sent and received phone calls, timestamps and other records. GALLIUM uses various off the shelf tools, and modified open source tools and malware to attack organizations for various campaigns. PingPull was observed by Palo Alto Networks in this latest campaign. Usage of the China Chopper webshell is commonly associated with this APT group as well.Powered by the CTABecause of our partnership in the Cyber Threat Alliance alongside other trusted partner organizations, Fortinet customers were protected in advance of this announcement.What is PingPull?PingPull is a remote access trojan (RAT). What makes PingPull novel is the usage of ICMP (Internet Control Message Protocol) which is not a typical TCP/UDP packet, that allows the threat actor to evade detection as it is not often monitored for anomalous activity. PingPull can also leverage HTTPS and TCP as well for further evasion. PingPull has been observed to install itself as a service for persistence. Besides containing typical RAT functionality, PingPull allows for a reverse shell further adding insult to injury. Previous RATs used by GALLIUM were modified versions of Poison Ivy and Gh0st Rat.Who is GALLIUM?GALLIUM is an APT group attributed to the Chinese government. The modus operandi of this group is to use various off the shelf tools to eventually compromise an organization via the utilization of stolen certificates to ultimately perform lateral movement within. Due to non-standardized APT naming conventions, GALLIUM is also known as Operation Soft Cell (CyberReason).What is the Status of Coverage?FortiGuard customers are protected against PingPull RAT by the following (AV) signatures:W32/PossibleThreatW64/Agent.BGA!trAll known URIs are blocked by the WebFiltering Client.