FEDORA-2022-5fab125c08
Packages in this update:
zabbix-5.0.21-1.fc34
Update description:
5.0.21, fix for:
CVE-2022-24349
CVE-2022-24917
CVE-2022-24918
CVE-2022-24919.
zabbix-5.0.21-1.fc34
5.0.21, fix for:
CVE-2022-24349
CVE-2022-24917
CVE-2022-24918
CVE-2022-24919.
zabbix-5.0.21-1.fc35
5.0.21, fix for:
CVE-2022-24349
CVE-2022-24917
CVE-2022-24918
CVE-2022-24919.
In ACE2 ColorOS11, the attacker can obtain the foreground package name through permission promotion, resulting in user information disclosure.
linux-firmware-20220310-130.fc34
Update to upstream 20220310 linux firmware release:
Update AMD cpu microcode
ath11k: add links for WCN6855 hw2.1
ath11k: WCN6855 hw2.0: add WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3
ath11k: WCN6855 hw2.0: add board-2.bin and regdb.bin
add firmware for MT7986
update firmware for MT7921 WiFi device
update firmware for mediatek bluetooth chip(MT7921)
amdgpu: update picasso/raven/raven2 VCN firmware
amdgpu: Update GPU firmwares to the 21.50 release
amdgpu: add firmware for SDMA 5.2.7 IP block
amdgpu: add firmware for PSP 13.0.8 IP block
amdgpu: add firmware for DCN 3.1.6 IP block
amdgpu: add firmware for GC 10.3.7 IP block
rtw89: 8852a: update fw to v0.13.36.0
iwlwifi: add/Update new FWs from core68-60 release
Update Intel Bluetooth FW for 7265/8260/8265/9260/9462/9560/AX2xx
Update AMD SEV firmware
Mellanox: Add new mlxsw_spectrum firmware xx.2010.1406
rtl_bt: Update RTL8852A BT USB firmware to 0xDFB7_6D7A
rtl_bt: Update RTL8822C BT USB firmware to 0x19B7_6D7D
rtl_bt: Update RTL8822C BT UART firmware to 0x15B7_6D7D
wfx: update to firmware 3.14
wfx: add antenna configuration files
linux-firmware-20220310-130.fc35
Update to upstream 20220310 linux firmware release:
Update AMD cpu microcode
ath11k: add links for WCN6855 hw2.1
ath11k: WCN6855 hw2.0: add WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3
ath11k: WCN6855 hw2.0: add board-2.bin and regdb.bin
add firmware for MT7986
update firmware for MT7921 WiFi device
update firmware for mediatek bluetooth chip(MT7921)
amdgpu: update picasso/raven/raven2 VCN firmware
amdgpu: Update GPU firmwares to the 21.50 release
amdgpu: add firmware for SDMA 5.2.7 IP block
amdgpu: add firmware for PSP 13.0.8 IP block
amdgpu: add firmware for DCN 3.1.6 IP block
amdgpu: add firmware for GC 10.3.7 IP block
rtw89: 8852a: update fw to v0.13.36.0
iwlwifi: add/Update new FWs from core68-60 release
Update Intel Bluetooth FW for 7265/8260/8265/9260/9462/9560/AX2xx
Update AMD SEV firmware
Mellanox: Add new mlxsw_spectrum firmware xx.2010.1406
rtl_bt: Update RTL8852A BT USB firmware to 0xDFB7_6D7A
rtl_bt: Update RTL8822C BT USB firmware to 0x19B7_6D7D
rtl_bt: Update RTL8822C BT UART firmware to 0x15B7_6D7D
wfx: update to firmware 3.14
wfx: add antenna configuration files
linux-firmware-20220310-130.fc36
Update to upstream 20220310 linux firmware release:
Update AMD cpu microcode
ath11k: add links for WCN6855 hw2.1
ath11k: WCN6855 hw2.0: add WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3
ath11k: WCN6855 hw2.0: add board-2.bin and regdb.bin
add firmware for MT7986
update firmware for MT7921 WiFi device
update firmware for mediatek bluetooth chip(MT7921)
amdgpu: update picasso/raven/raven2 VCN firmware
amdgpu: Update GPU firmwares to the 21.50 release
amdgpu: add firmware for SDMA 5.2.7 IP block
amdgpu: add firmware for PSP 13.0.8 IP block
amdgpu: add firmware for DCN 3.1.6 IP block
amdgpu: add firmware for GC 10.3.7 IP block
rtw89: 8852a: update fw to v0.13.36.0
iwlwifi: add/Update new FWs from core68-60 release
Update Intel Bluetooth FW for 7265/8260/8265/9260/9462/9560/AX2xx
Update AMD SEV firmware
Mellanox: Add new mlxsw_spectrum firmware xx.2010.1406
rtl_bt: Update RTL8852A BT USB firmware to 0xDFB7_6D7A
rtl_bt: Update RTL8822C BT USB firmware to 0x19B7_6D7D
rtl_bt: Update RTL8822C BT UART firmware to 0x15B7_6D7D
wfx: update to firmware 3.14
wfx: add antenna configuration files
golang-1.18~rc1-2.fc36
The Go 1.18 Release Candidate 1.
It also includes an additional patch that fixes an issue in arm7hl.
This patch was not included in this release but it’s already merged so it will be removed from the package in future releases.
Go 1.18 Release notes: https://tip.golang.org/doc/go1.18
FortiGuard Labs is aware of a report that threat actor APT41 compromised at least six networks belonging to U.S. state governments between May 2021 and February 2022. To gain a foothold into the victim’s network, the threat actor used a number of different attack vectors: exploiting vulnerable Internet facing web applications and directory traversal vulnerabilities, performing SQL injection, and conducting de-serialization attacks. The intent of APT41 appears to be reconnaissance, though how the stolen information is to be used has not yet been determined.Why is this Significant? This is significant because at least six U.S. state government systems were broken into and data exfiltration was performed by APT41 as recent as February 2022 In addition, a zero-day vulnerability in the USAHerds application (CVE-2021-44207) as well as Log4j (CVE-2021-44228), among others, were exploited in the attacksWhat’s the Detail of the Attack?APT41 performed several different ways to break into the targeted networks.In one case, the group exploited a SQL injection vulnerability in a Internet-facing web application. In another case, a then previously unknown vulnerability (CVE-2021-44207) in USAHerds, which is a web application used by agriculture officials to manage animal disease control and prevention, livestock identification and movement. Also, APT41 reportedly started to exploit the infamous Log4j vulnerability (CVE-2021-44228) within hours of Proof-of-Concept (PoC) code becoming available. Patches for both vulnerabilities are available. Once successful in breaking into the victim’s network, the threat actor performed reconnaissance and credential harvesting activities. What is APT41?APT41 is a threat actor who has been active since at least 2012. Also known as TA415, Double Dragon, Barium, GREF and WickedPanda, the group reportedly performs Chinese state-sponsored espionage activities. APT41 targets organizations in multiple countries across a wide range of industries, such as telecommunications, industrial and engineering and think tanks. In 2020, five alleged members of the group were charged by the U.S. Justice Department for hacking more than 100 companies in the United States.What are the Tools Used by APT41?APT41 is known to use the following tools:ASPXSpy – web shell backdoorBITSAdmin – PowerShell cmdlets for creating and managing file transfers.BLACKCOFFEE – backdoor that disguise its communications as benign traffic to legitimate websites certutil – command-line utility tool used for manipulating certification authority (CA) data and components.China Chopper – web shell backdoor that allows attacker to have remote access to an enterprise networkCobalt Strike – a commercial penetration testing tool, which allows users to perform a wide range of activitiesDerusbi – DLL backdoorEmpire – PowerShell post-exploitation agent, which provides a wide range of attack activities to usersgh0st RAT – Remote Access Trojan (RAT)MESSAGETAP – data mining malware Mimikatz – open-source credential dumpernjRAT – Remote Access Trojan (RAT)PlugX – Remote Access Trojan (RAT)PowerSploit – open-source, offensive security framework which allows users to perform a wide range of activitiesROCKBOOT – BootkitShadowPad – backdoorWinnti for Linux – Remote Access Trojan (RAT) for LinuxZxShell – Remote Access Trojan (RAT)Badpotato – open-source tool that allows elevate user rights towards System rightsDustPan – shellcode loader. aka StealthVectorDEADEYE – downloaderLOWKEY – backdoorKeyplug – backdoorWhat are Other Vulnerabilities Known to be Exploited by APT41?APT41 exploited the following, but not restricted to, these vulnerabilities in the past:CVE-2020-10189 (ManageEngine Desktop Central remote code execution vulnerability)CVE-2019-19781 (Vulnerability in Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance)CVE-2019-3396 (Atlassian Confluence Widget Connector Macro Velocity Template Injection)CVE-2017-11882 (Microsoft Office Memory Corruption Vulnerability)CVE-2017-0199 (Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows)CVE-2015-1641 (Microsoft Office Memory Corruption Vulnerability)CVE-2012-0158 (MSCOMCTL.OCX RCE Vulnerability)Are Patches Available for those Vulnerabilities?Yes, patches are available for the vulnerabilities.What is the Status of Coverage?FortiGuard Labs has the following AV signature in place for this issue as:Apache.Log4j.Error.Log.Remote.Code.ExecutionFortiGuard Labs provide the following IPS coverage against vulnerabilities exploited by APT41:Apache.Log4j.Error.Log.Remote.Code.Execution (CVE-2021-4104 CVE-2021-45046 CVE-2021-44228)ZOHO.ManageEngine.DC.getChartImage.Remote.Code.Execution (CVE-2020-10189)Citrix.Application.Delivery.Controller.VPNs.Directory.Traversal (CVE-2019-19781)Confluence.Widget.Connector.macro.Path.Traversal (CVE-2019-3396)MS.Office.EQNEDT32.EXE.Equation.Parsing.Memory.Corruption (CVE-2017-11882 CVE-2018-0798 CVE-2018-0802)MS.Office.RTF.File.OLE.autolink.Code.Execution (CVE-2017-0199 CVE-2017-8570)MS.Office.RTF.Array.Out.of.bounds.Memory.Corruption (CVE-2015-1641)MS.Windows.MSCOMCTL.ActiveX.Control.Remote.Code.Execution (CVE-2012-0158)MS.Windows.MSCOMCTL.ActiveX.Control.Code.Execution (CVE-2012-0158)All network IOCs are blocked by the WebFiltering client.
Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions.
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.