Category Archives: Advisories

USN-5411-1: Firefox vulnerabilities

Read Time:14 Second

Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, spoof the
browser UI, bypass permission prompts, obtain sensitive information,
bypass security restrictions, or execute arbitrary code.

Read More

curl-7.79.1-4.fc35

Read Time:19 Second

FEDORA-2022-3d8f00cde2

Packages in this update:

curl-7.79.1-4.fc35

Update description:

fix too eager reuse of TLS and SSH connections (CVE-2022-27782)

fix credential leak on redirect (CVE-2022-27774)
fix auth/cookie leak on redirect (CVE-2022-27776)
fix bad local IPv6 connection reuse (CVE-2022-27775)
fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576)

Read More

curl-7.76.1-16.fc34

Read Time:19 Second

FEDORA-2022-8277bef335

Packages in this update:

curl-7.76.1-16.fc34

Update description:

fix too eager reuse of TLS and SSH connections (CVE-2022-27782)

fix credential leak on redirect (CVE-2022-27774)
fix auth/cookie leak on redirect (CVE-2022-27776)
fix bad local IPv6 connection reuse (CVE-2022-27775)
fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576)

Read More

curl-7.82.0-5.fc36

Read Time:18 Second

FEDORA-2022-d15a736748

Packages in this update:

curl-7.82.0-5.fc36

Update description:

fix too eager reuse of TLS and SSH connections (CVE-2022-27782)
do not accept cookies for TLD with trailing dot (CVE-2022-27779)
hsts: ignore trailing dots when comparing hosts names (CVE-2022-30115)
reject percent-encoded path separator in URL host (CVE-2022-27780)

Read More

USN-5412-1: curl vulnerabilities

Read Time:31 Second

Axel Chong discovered that curl incorrectly handled percent-encoded URL
separators. A remote attacker could possibly use this issue to trick curl
into using the wrong URL and bypass certain checks or filters. This issue
only affected Ubuntu 22.04 LTS. (CVE-2022-27780)

Florian Kohnhuser discovered that curl incorrectly handled returning a
TLS server’s certificate chain details. A remote attacker could possibly
use this issue to cause curl to stop responding, resulting in a denial of
service. (CVE-2022-27781)

Harry Sintonen discovered that curl incorrectly reused a previous
connection when certain options had been changed, contrary to expectations.
(CVE-2022-27782)

Read More

F5 BIG-IP Remote Command Execution Vulnerability (CVE-2022-1388)

Read Time:2 Minute, 21 Second

FortiGuard Labs is aware of a new remote command execution vulnerability affecting F5 BIG-IP clients. Exploiting this vulnerability will allow an attacker to completely take over an affected device. What are the Technical Details of this Vulnerability?According to the F5 security advisory, this vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services. There is no data plane exposure; this is a control plane issue only.Because this vulnerability does not require any sophistication to exploit, and the fact that in-the-wild exploitation are reported to have been observed and proof-of-concept (PoC) codes are publicly available, it is highly recommended that organizations affected by this latest vulnerability apply all patches immediately.What Versions Are Affected?Reported versions affected by CVE-2022-1388 are:BIG-IP versions 16.1.2 through 13.1.0 (versions under 13.1.0 are affected but will not be fixed)How Serious of an Issue is This?HIGH. CVE-2022-1388 has a CVSS score of 9.8. US-CERT (CISA) has also issued an alert for this issue. For further information, please refer to F5 Releases Security Advisories Addressing Multiple Vulnerabilities in the APPENDIX.How Widespread is this Attack?Global. Malicious scans by attackers are currently underway looking for vulnerable unpatched appliances, regardless of location. Proof-of-concept codes (POC) are available and the vulnerability is reported to have been actively exploited in the wild.What is the Status of Coverage?Customers running current (IPS) definitions are protected by:F5.BIG-IP.iControl.REST.Authentication.BypassFortiGuard Labs is continuously monitoring this vulnerability and we will update this Threat Signal once more information becomes available.Are There Any Reports of Nation State Activity Actively Exploiting CVE-2022-1388?Yes, the vulnerability is reported to have been actively exploited in the wild.Any Other Suggested Mitigation?According to F5, it is recommended to apply all available patches from the May 2022 update immediately. If patching is not possible at this time, F5 recommends blocking all access to the iControl REST interface of your BIG-IP system through self IP addresses. Mitigation details can be found in the article titled – “K23605346: BIG-IP iControl REST vulnerability CVE-2022-1388” in the APPENDIX section.The potential for damage to daily operations, reputation, and unwanted release of data, the disruption of business operations, etc. is apparent, and because of this it is important to keep all AV and IPS signatures up to date. It is also important to ensure that all known vendor vulnerabilities within an organization are addressed once available, and updated on a regular basis to protect against attackers establishing a foothold within a network.

Read More

USN-5259-3: Cron regression

Read Time:49 Second

USN-5259-1 and USN-5259-2 fixed vulnerabilities in Cron. Unfortunately
that update was incomplete and could introduce a regression. This update
fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that the postinst maintainer script in Cron unsafely
handled file permissions during package install or update operations.
An attacker could possibly use this issue to perform a privilege
escalation attack. (CVE-2017-9525)

Florian Weimer discovered that Cron incorrectly handled certain memory
operations during crontab file creation. An attacker could possibly use
this issue to cause a denial of service. (CVE-2019-9704)

It was discovered that Cron incorrectly handled user input during crontab
file creation. An attacker could possibly use this issue to cause a denial
of service. (CVE-2019-9705)

It was discovered that Cron contained a use-after-free vulnerability in
its force_rescan_user function. An attacker could possibly use this issue
to cause a denial of service. (CVE-2019-9706)

Read More