Posted by malvuln on Apr 18
Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/9d18d318e017b513b9c6cd193ccdc6ff.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Trojan.Win32.TScash.c
Vulnerability: Insecure Permissions
Description: The malware writes a PE file with insecure permissions to c
drive granting change (C) permissions to the authenticated user group.
Standard users can rename the executable…
Posted by malvuln on Apr 18
Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/9a8150938bff3a17fa0169c3dc6dae85.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Loselove
Vulnerability: Denial of Service
Description: The malware listens on UDP ports 9329, 8329, 8322, 8131 and
8130. Attackers can send a large junk payload to UDP port 8131 causing it
to crash.
Family: Loselove
Type: PE32
MD5:…
Posted by malvuln on Apr 18
Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/92f7f9495ffd56d05a5acf395c9e0097.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: HackTool.Win32.Delf.vs
Vulnerability: Insecure Credential Storage
Description: The malware credentials are stored in cleartext within the
sysinfo.ini file.
Family: Delf
Type: PE32
MD5: 92f7f9495ffd56d05a5acf395c9e0097
Vuln ID: MVID-2022-0553…
FEDORA-2022-2fec5f30be
Packages in this update:
git-2.34.3-1.fc34
Update description:
Update to 2.34.3 (release notes )
This release addresses CVE-2022-24765 . Per the release announcement:
On multi-user machines, Git users might find themselves unexpectedly in a Git worktree, e.g. when another user created a repository in C:.git, in a mounted network drive or in a scratch space. Merely having a Git-aware prompt that runs git status (or git diff) and navigating to a directory which is supposedly not a Git worktree, or opening such a directory in an editor or IDE such as VS Code or Atom, will potentially run commands defined by that other user.
A broad “escape hatch” is available in cases where all the repositories you may enter are considered safe, regardless of their ownership. Quoting another release announcement:
* can be used as the value for the safe.directory variable to signal that the user considers that any directory is safe.
Read Time: 2 Minute, 4 Second
FEDORA-2022-5cbd6de569
Packages in this update:
bettercap-2.28-9.fc34
chisel-1.7.7-2.fc34
commit-stream-0.1.2-6.fc34
containerd-1.6.2-3.fc34
gobuster-3.1.0-2.fc34
golang-contrib-opencensus-resource-0.1.2-6.fc34
golang-gioui-0-7.20201225git18d4dbf.fc34
golang-github-appc-docker2aci-0.17.2-8.fc34
golang-github-appc-goaci-0.1.1-10.fc34
golang-github-appc-spec-0.8.11-13.fc34
golang-github-containerd-continuity-0.2.2-2.fc34
golang-github-containerd-stargz-snapshotter-0.7.0-4.fc34
golang-github-coredns-corefile-migration-1.0.11-5.fc34
golang-github-envoyproxy-protoc-gen-validate-0.4.1-5.fc34
golang-github-francoispqt-gojay-1.2.13-6.fc34
golang-github-gogo-googleapis-1.4.1-3.fc34
golang-github-gohugoio-testmodbuilder-0-0.9.20201030git72e1e0c.fc34
golang-github-googleapis-gnostic-0.5.3-5.fc34
golang-github-googlecloudplatform-cloudsql-proxy-1.19.1-5.fc34
golang-github-google-containerregistry-0.5.1-4.fc34
golang-github-google-slothfs-0-0.10.20200727git59c1163.fc34
golang-github-instrumenta-kubeval-0.15.0-7.fc34
golang-github-intel-goresctrl-0.2.0-4.fc34
golang-github-oklog-0.3.2-9.20190701gitca7cdf5.fc34
golang-github-pact-foundation-1.5.1-5.fc34
golang-github-prometheus-2.32.1-4.fc34
golang-github-prometheus-alertmanager-0.23.0-8.fc34
golang-github-prometheus-node-exporter-1.3.1-7.fc34
golang-github-prometheus-tsdb-0.10.0-6.fc34
golang-github-redteampentesting-monsoon-0.6.0-5.fc34
golang-github-spf13-cobra-1.4.0-2.fc34
golang-github-theupdateframework-notary-0.7.0-4.fc34
golang-github-xordataexchange-crypt-0.0.2-11.20190412gitb2862e3.fc34
golang-gopkg-src-d-git-4-4.13.1-7.fc34
golang-k8s-apiextensions-apiserver-1.22.0-5.fc34
golang-k8s-code-generator-1.22.0-3.fc34
golang-k8s-kube-aggregator-1.22.0-3.fc34
golang-k8s-sample-apiserver-1.22.0-4.fc34
golang-k8s-sample-controller-1.22.0-3.fc34
golang-mongodb-mongo-driver-1.4.5-5.fc34
golang-storj-drpc-0.0.16-5.fc34
golang-x-perf-0-0.14.20210123gitbdcc622.fc34
grpcurl-1.8.6-2.fc34
onionscan-0.2-6.fc34
shellz-1.5.0-6.fc34
shhgit-0.2-6.fc34
snowcrash-0-0.6.20201119git49b99ad.fc34
xq-0.0.7-3.fc34
Update description:
Rebuild for CVE-2022-27191
Read Time: 2 Minute, 13 Second
FEDORA-2022-3a63897745
Packages in this update:
bettercap-2.28-9.fc35
chisel-1.7.7-2.fc35
commit-stream-0.1.2-6.fc35
containerd-1.6.2-2.fc35
doctl-1.73.0-2.fc35
gh-2.7.0-2.fc35
gobuster-3.1.0-2.fc35
golang-contrib-opencensus-resource-0.1.2-6.fc35
golang-gioui-0-7.20201225git18d4dbf.fc35
golang-github-appc-docker2aci-0.17.2-8.fc35
golang-github-appc-goaci-0.1.1-10.fc35
golang-github-appc-spec-0.8.11-13.fc35
golang-github-containerd-continuity-0.2.2-2.fc35
golang-github-containerd-stargz-snapshotter-0.7.0-4.fc35
golang-github-coredns-corefile-migration-1.0.11-5.fc35
golang-github-envoyproxy-protoc-gen-validate-0.4.1-5.fc35
golang-github-francoispqt-gojay-1.2.13-6.fc35
golang-github-gogo-googleapis-1.4.1-3.fc35
golang-github-gohugoio-testmodbuilder-0-0.9.20201030git72e1e0c.fc35
golang-github-googleapis-gnostic-0.5.3-5.fc35
golang-github-googlecloudplatform-cloudsql-proxy-1.19.1-5.fc35
golang-github-google-slothfs-0-0.10.20200727git59c1163.fc35
golang-github-grpc-ecosystem-gateway-2-2.7.3-3.fc35
golang-github-haproxytech-client-native-2.5.3-2.fc35
golang-github-haproxytech-dataplaneapi-2.4.4-3.fc35
golang-github-instrumenta-kubeval-0.15.0-7.fc35
golang-github-intel-goresctrl-0.2.0-4.fc35
golang-github-oklog-0.3.2-9.20190701gitca7cdf5.fc35
golang-github-pact-foundation-1.5.1-5.fc35
golang-github-prometheus-2.32.1-4.fc35
golang-github-prometheus-alertmanager-0.23.0-8.fc35
golang-github-prometheus-node-exporter-1.3.1-7.fc35
golang-github-redteampentesting-monsoon-0.6.0-5.fc35
golang-github-spf13-cobra-1.4.0-2.fc35
golang-github-theupdateframework-notary-0.7.0-4.fc35
golang-github-xordataexchange-crypt-0.0.2-11.20190412gitb2862e3.fc35
golang-gopkg-src-d-git-4-4.13.1-7.fc35
golang-k8s-apiextensions-apiserver-1.22.0-5.fc35
golang-k8s-code-generator-1.22.0-3.fc35
golang-k8s-kube-aggregator-1.22.0-3.fc35
golang-k8s-sample-apiserver-1.22.0-4.fc35
golang-k8s-sample-controller-1.22.0-3.fc35
golang-mongodb-mongo-driver-1.4.5-5.fc35
golang-storj-drpc-0.0.16-5.fc35
golang-x-perf-0-0.14.20210123gitbdcc622.fc35
gopass-1.13.1-2.fc35
grpcurl-1.8.6-2.fc35
onionscan-0.2-6.fc35
shellz-1.5.0-6.fc35
shhgit-0.2-6.fc35
snowcrash-0-0.6.20201119git49b99ad.fc35
xq-0.0.7-3.fc35
Update description:
Rebuild for CVE-2022-27191
Read Time: 2 Minute, 42 Second
FEDORA-2022-08ae2dd481
Packages in this update:
bettercap-2.28-9.fc36
chisel-1.7.7-2.fc36
commit-stream-0.1.2-6.fc36
containerd-1.6.2-2.fc36
doctl-1.73.0-2.fc36
git-time-metric-1.3.5-14.fc36
gobuster-3.1.0-2.fc36
golang-contrib-opencensus-resource-0.1.2-6.fc36
golang-gioui-0-7.20201225git18d4dbf.fc36
golang-github-acme-lego-4.4.0-4.fc36
golang-github-appc-docker2aci-0.17.2-8.fc36
golang-github-appc-goaci-0.1.1-10.fc36
golang-github-appc-spec-0.8.11-13.fc36
golang-github-cloudflare-redoctober-0-0.10.20210114git99c99a8.fc36
golang-github-cockroachdb-pebble-0-0.7.20210108git48f5530.fc36
golang-github-containerd-continuity-0.2.2-2.fc36
golang-github-containerd-stargz-snapshotter-0.7.0-4.fc36
golang-github-coredns-corefile-migration-1.0.11-5.fc36
golang-github-cucumber-godog-0.12.1-3.fc36
golang-github-envoyproxy-protoc-gen-validate-0.4.1-5.fc36
golang-github-francoispqt-gojay-1.2.13-6.fc36
golang-github-gogo-googleapis-1.4.1-3.fc36
golang-github-gohugoio-testmodbuilder-0-0.9.20201030git72e1e0c.fc36
golang-github-googleapis-gnostic-0.5.3-5.fc36
golang-github-googlecloudplatform-cloudsql-proxy-1.19.1-5.fc36
golang-github-google-containerregistry-0.5.1-4.fc36
golang-github-google-slothfs-0-0.10.20200727git59c1163.fc36
golang-github-grpc-ecosystem-gateway-2-2.7.3-3.fc36
golang-github-haproxytech-client-native-2.5.3-2.fc36
golang-github-haproxytech-dataplaneapi-2.4.4-3.fc36
golang-github-instrumenta-kubeval-0.15.0-7.fc36
golang-github-intel-goresctrl-0.2.0-4.fc36
golang-github-oklog-0.3.2-9.20190701gitca7cdf5.fc36
golang-github-pact-foundation-1.5.1-5.fc36
golang-github-prometheus-2.32.1-4.fc36
golang-github-prometheus-alertmanager-0.23.0-8.fc36
golang-github-prometheus-node-exporter-1.3.1-7.fc36
golang-github-prometheus-tsdb-0.10.0-6.fc36
golang-github-redteampentesting-monsoon-0.6.0-5.fc36
golang-github-spf13-cobra-1.4.0-2.fc36
golang-github-theupdateframework-notary-0.7.0-4.fc36
golang-github-xordataexchange-crypt-0.0.2-11.20190412gitb2862e3.fc36
golang-gopkg-src-d-git-4-4.13.1-7.fc36
golang-k8s-apiextensions-apiserver-1.22.0-5.fc36
golang-k8s-code-generator-1.22.0-3.fc36
golang-k8s-kube-aggregator-1.22.0-3.fc36
golang-k8s-kube-openapi-0-0.20.20210813git3c81807.fc36
golang-k8s-sample-apiserver-1.22.0-4.fc36
golang-k8s-sample-controller-1.22.0-3.fc36
golang-mongodb-mongo-driver-1.4.5-5.fc36
golang-storj-drpc-0.0.16-5.fc36
golang-x-debug-0-0.13.20210123gitc934e1b.fc36
golang-x-exp-0-0.42.20220330git053ad81.fc36
golang-x-perf-0-0.14.20210123gitbdcc622.fc36
gopass-1.13.1-2.fc36
grpcurl-1.8.6-2.fc36
onionscan-0.2-6.fc36
open-policy-agent-0.31.0-4.fc36
shellz-1.5.0-6.fc36
shhgit-0.2-6.fc36
snowcrash-0-0.6.20201119git49b99ad.fc36
xq-0.0.7-3.fc36
Update description:
Rebuild for CVE-2022-27191
Fix FTBFS Close: rhbz#2045471
FEDORA-2022-3759ebabd2
Packages in this update:
git-2.35.3-1.fc35
Update description:
Update to 2.35.3 (release notes )
This release addresses CVE-2022-24765 . Per the release announcement:
On multi-user machines, Git users might find themselves unexpectedly in a Git worktree, e.g. when another user created a repository in C:.git, in a mounted network drive or in a scratch space. Merely having a Git-aware prompt that runs git status (or git diff) and navigating to a directory which is supposedly not a Git worktree, or opening such a directory in an editor or IDE such as VS Code or Atom, will potentially run commands defined by that other user.
A broad “escape hatch” is available in cases where all the repositories you may enter are considered safe, regardless of their ownership. Quoting another release announcement:
* can be used as the value for the safe.directory variable to signal that the user considers that any directory is safe.
Read Time: 2 Minute, 42 Second
FEDORA-2022-aa33c22e7a
Packages in this update:
bettercap-2.28-9.fc37
chisel-1.7.7-2.fc37
commit-stream-0.1.2-6.fc37
containerd-1.6.2-2.fc37
doctl-1.73.0-2.fc37
gh-2.7.0-2.fc37
git-time-metric-1.3.5-14.fc37
gobuster-3.1.0-2.fc37
golang-contrib-opencensus-resource-0.1.2-6.fc37
golang-gioui-0-7.20201225git18d4dbf.fc37
golang-github-acme-lego-4.4.0-4.fc37
golang-github-appc-docker2aci-0.17.2-8.fc37
golang-github-appc-goaci-0.1.1-10.fc37
golang-github-appc-spec-0.8.11-13.fc37
golang-github-cloudflare-redoctober-0-0.10.20210114git99c99a8.fc37
golang-github-cockroachdb-pebble-0-0.7.20210108git48f5530.fc37
golang-github-containerd-continuity-0.2.2-2.fc37
golang-github-containerd-stargz-snapshotter-0.7.0-4.fc37
golang-github-coredns-corefile-migration-1.0.11-5.fc37
golang-github-cucumber-godog-0.12.1-3.fc37
golang-github-envoyproxy-protoc-gen-validate-0.4.1-5.fc37
golang-github-francoispqt-gojay-1.2.13-6.fc37
golang-github-gogo-googleapis-1.4.1-3.fc37
golang-github-gohugoio-testmodbuilder-0-0.9.20201030git72e1e0c.fc37
golang-github-googleapis-gnostic-0.5.3-5.fc37
golang-github-googlecloudplatform-cloudsql-proxy-1.19.1-5.fc37
golang-github-google-containerregistry-0.5.1-4.fc37
golang-github-google-slothfs-0-0.10.20200727git59c1163.fc37
golang-github-grpc-ecosystem-gateway-2-2.7.3-3.fc37
golang-github-haproxytech-client-native-2.5.3-2.fc37
golang-github-haproxytech-dataplaneapi-2.4.4-3.fc37
golang-github-instrumenta-kubeval-0.15.0-7.fc37
golang-github-intel-goresctrl-0.2.0-4.fc37
golang-github-oklog-0.3.2-9.20190701gitca7cdf5.fc37
golang-github-pact-foundation-1.5.1-5.fc37
golang-github-prometheus-2.32.1-4.fc37
golang-github-prometheus-alertmanager-0.23.0-8.fc37
golang-github-prometheus-node-exporter-1.3.1-7.fc37
golang-github-prometheus-tsdb-0.10.0-6.fc37
golang-github-redteampentesting-monsoon-0.6.0-5.fc37
golang-github-spf13-cobra-1.4.0-2.fc37
golang-github-theupdateframework-notary-0.7.0-4.fc37
golang-github-xordataexchange-crypt-0.0.2-11.20190412gitb2862e3.fc37
golang-gopkg-src-d-git-4-4.13.1-7.fc37
golang-k8s-apiextensions-apiserver-1.22.0-5.fc37
golang-k8s-code-generator-1.22.0-3.fc37
golang-k8s-kube-aggregator-1.22.0-3.fc37
golang-k8s-kube-openapi-0-0.20.20210813git3c81807.fc37
golang-k8s-sample-apiserver-1.22.0-4.fc37
golang-k8s-sample-controller-1.22.0-3.fc37
golang-mongodb-mongo-driver-1.4.5-5.fc37
golang-storj-drpc-0.0.16-5.fc37
golang-x-debug-0-0.13.20210123gitc934e1b.fc37
golang-x-exp-0-0.42.20220330git053ad81.fc37
golang-x-perf-0-0.14.20210123gitbdcc622.fc37
gopass-1.13.1-2.fc37
grpcurl-1.8.6-2.fc37
onionscan-0.2-6.fc37
open-policy-agent-0.31.0-4.fc37
shellz-1.5.0-6.fc37
shhgit-0.2-6.fc37
snowcrash-0-0.6.20201119git49b99ad.fc37
xq-0.0.7-3.fc37
Update description:
Rebuild for CVE-2022-27191
FEDORA-2022-e99ae504f5
Packages in this update:
git-2.36.0-1.fc36
Update description:
Update to 2.36.0 (release notes )
Among the changes, this release includes changes to address CVE-2022-24765 . Per the release announcement:
On multi-user machines, Git users might find themselves unexpectedly in a Git worktree, e.g. when another user created a repository in C:.git, in a mounted network drive or in a scratch space. Merely having a Git-aware prompt that runs git status (or git diff) and navigating to a directory which is supposedly not a Git worktree, or opening such a directory in an editor or IDE such as VS Code or Atom, will potentially run commands defined by that other user.
A broad “escape hatch” is available in cases where all the repositories you may enter are considered safe, regardless of their ownership. Quoting another release announcement:
* can be used as the value for the safe.directory variable to signal that the user considers that any directory is safe.
Posts navigation
News, Advisories and much more