Read Time:9 Second
FEDORA-2022-80e1724780
Packages in this update:
freetype-2.11.0-6.fc35
Update description:
Security fix for CVE-2022-27404, CVE-2022-27405 and CVE-2022-27406.
Category Archives: Advisories
USN-5402-1: OpenSSL vulnerabilities
Read Time:48 Second
Elison Niven discovered that OpenSSL incorrectly handled the c_rehash
script. A local attacker could possibly use this issue to execute arbitrary
commands when c_rehash is run. (CVE-2022-1292)
Raul Metsma discovered that OpenSSL incorrectly verified certain response
signing certificates. A remote attacker could possibly use this issue to
spoof certain response signing certificates. This issue only affected
Ubuntu 22.04 LTS. (CVE-2022-1343)
Tom Colley discovered that OpenSSL used the incorrect MAC key in the
RC4-MD5 ciphersuite. In non-default configurations were RC4-MD5 is enabled,
a remote attacker could possibly use this issue to modify encrypted
communications. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-1434)
Aliaksei Levin discovered that OpenSSL incorrectly handled resources when
decoding certificates and keys. A remote attacker could possibly use this
issue to cause OpenSSL to consume resources, leading to a denial of
service. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-1473)
USN-5400-2: MySQL vulnerabilities
Read Time:31 Second
USN-5400-1 fixed several vulnerabilities in MySQL. This update provides
the corresponding update for Ubuntu 16.04 ESM.
Original advisory details:
Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.
MySQL has been updated in Ubuntu 16.04 ESM to MySQL 5.7.38.
In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.
Please see the following for more information:
https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-38.html
https://www.oracle.com/security-alerts/cpuapr2022.html
USN-5401-1: DPDK vulnerabilities
Read Time:20 Second
Wenxiang Qian discovered that DPDK incorrectly checked certain payloads. An
attacker could use this issue to cause DPDK to crash, resulting in a denial
of service, or possibly execute arbitrary code. (CVE-2021-3839)
It was discovered that DPDK incorrectly handled inflight type messages. An
attacker could possibly use this issue to cause DPDK to consume resources,
leading to a denial of service. (CVE-2022-0669)
java-latest-openjdk-18.0.1.0.10-1.rolling.el7
Read Time:11 Second
FEDORA-EPEL-2022-ec554055b2
Packages in this update:
java-latest-openjdk-18.0.1.0.10-1.rolling.el7
Update description:
Oracle 04/2022 critical path update
https://www.oracle.com/security-alerts/cpuapr2022.html#AppendixJAVA
mingw-SDL2_ttf-2.0.18-2.fc34
Read Time:7 Second
FEDORA-2022-857d1f7050
Packages in this update:
mingw-SDL2_ttf-2.0.18-2.fc34
Update description:
Security fix for CVE-2022-27470
mingw-SDL2_ttf-2.0.18-2.fc35
Read Time:7 Second
FEDORA-2022-600e0cba93
Packages in this update:
mingw-SDL2_ttf-2.0.18-2.fc35
Update description:
Security fix for CVE-2022-27470
mingw-SDL2_ttf-2.0.18-3.fc36
Read Time:7 Second
FEDORA-2022-280ac942be
Packages in this update:
mingw-SDL2_ttf-2.0.18-3.fc36
Update description:
Security fix for CVE-2022-27470
firefox-100.0-2.fc34
Read Time:11 Second
FEDORA-2022-0f15da474c
Packages in this update:
firefox-100.0-2.fc34
Update description:
Fixed h.264 video playback over va-api (https://bugzilla.mozilla.org/show_bug.cgi?id=1762725)
New upstream version (100.0)
New Ransomware “Black Basta” in the Wild
Read Time:1 Minute, 50 Second
FortiGuard Labs is aware of a new ransomware variant called “Black Basta” discovered in the wild. The ransomware employs a double-extortion tactic in which it encrypts files and exfiltrates confidential information from the victim, then demands a ransom for decrypting the affected files and threatens to publicize the exfiltrated data if a ransom is not paid.Black Basta ransomware is reported to have victimized several organizations in multiple countries.Why is this Significant?This is significant because Black Basta is a new ransomware that is reported to have victimized several organizations in multiple countries.What is Black Basta ransomware?Black Basta is a new ransomware that demands ransom from the victim for decrypting victim’s files it encrypted and not to release the stolen data to the public.Black Basta ransomware deletes shadow copies from the compromised machine, which prevents the victim from being able to recover any files that have been encrypted. The ransomware also replaces the desktop wallpaper with an image with a black background that has the following ransom message:Your network is encrypted by the Black Basta group.Instructions in the filereadme.txt.The ransomware then will then restart the compromised machine in safe mode with the Windows Fax service running. After the reboot, the service launches the ransomware in order to start encrypting files. Files that are encrypted by Black Basta ransomware have “.basta” file extension and also have the ransomware’s own file icon. Readme.txt, also dropped by the ransomware, contains a ransom note to instruct the victim to use a specific TOR address to contact the attacker.What does the Windows Fax service have to do with this? Is it Vulnerable?The Windows Fax Service is not vulnerable. The Windows Fax service is attacked to maintain persistence and in this variant of Black Basta, it is hijacking an existing service name (in this case Windows Fax), deleting it, and spawning a new service with the same name.What is the Status of Coverage?FortiGuard Labs provides the following AV coverage against known samples of Black Basta ransomware: W32/Filecoder.OKW!tr W32/Kryptik.HPHI!trW32/Filecoder.OKT!trW32/Filecoder.OKW!tr.ransomW32/Filecoder.OKT!tr.ransomW32/Malicious_Behavior.VEX