Reginaldo Silva discovered that due to a packaging issue, a remote attacker
with the ability to execute arbitrary Lua scripts could possibly escape the
Lua sandbox and execute arbitrary code on the host.
nbd-3.24-1.el7
Update to 3.24: fix CVE-2022-26495, CVE-2022-26496
nbd-3.24-1.fc35
Update to 3.24: fix CVE-2022-26495, CVE-2022-26496
nbd-3.24-1.fc34
Update to 3.24: fix CVE-2022-26495, CVE-2022-26496
nbd-3.24-1.fc36
Update to 3.24: fix CVE-2022-26495, CVE-2022-26496
nbd-3.24-1.fc37
Automatic update for nbd-3.24-1.fc37.
* Tue Mar 8 2022 Robin Lee <cheeselee@fedoraproject.org> 3.24-1
– Update to 3.24: fix CVE-2022-26495(RHBZ#2061541),
CVE-2022-26496(RHBZ#2061542)
It was discovered that SPIP, a website engine for publishing, would
allow a malicious user to execute arbitrary code.
Two security issues were discovered in Thunderbird, which could result
in the execution of arbitrary code.
FortiGuard Labs is aware of a report that RuRAT malware was distributed in the recent spear-phishing attack against media organizations in the United States. While the tactic used in this attack is not sophisticated, the installed RuRAT malware provides the attacker a foothold into the victim’s network where confidential information will be collected for further activities.Why is this Significant?This is significant because media organizations in the United States are reported to have been targeted in the spear-phishing attack. RuRAT payload provides the attacker an opportunity to collect confidential information from the compromised machine and perform lateral movement in the victim’s network. Not connected in any way to this attack, TV broadcasters in South Korea were affected by a wiper malware served through a malicious backdoor program in 2013 in which their operations were significantly disrupted. How does the Attack Work?According to the report by Cluster25, the victims received an email with a link. The email has the following content:”Hello, we are a group of venture capitalists investing in promising projects. We saw your website and were astounded by your product. We want to discuss the opportunity to invest or buy a part of the share in your project. Please get in touch with us by phone or in Vuxner chat. Your agent is Philip Bennett. His username in Vuxner is philipbennett Make sure you contact us ASAP because we are not usually so generous with our offers. Thank you in advance!”Upon clicking the link, the victim is redirected to a Web page where the victim is instructed to click a link to download and install a software Vuxner chat. The downloaded file is an installer for Vuxner Trillian not Vuxner chat. After the victim completes the installation and exits the installer, another remote file, turns out to be an installer for RuRAT, is downloaded and installed onto the victim’s machine. What is RuRAT?RuRAT, the first report of which goes back to at least October 2020, is a Remote Access Trojan (RAT) that provides an attacker a remote access to the compromised machine. Functionalities of RuRAT include:- Listening for incoming communications- Taking screenshots- Keylogging- Recording AudioWhat is the Status of Coverage?FortiGuard Labs provides the following AV coverage for files involved in this attack: W32/IndigoRose.AP!tr.dldrW32/RemoteUtilities.W!trW32/Agent.9EE5!trAll network IOCs are blocked by the WebFiltering client.
python-fastapi-0.75.0-2.fc36
python-ujson-5.1.0-1.fc36
Update python-ujson to 5.1.0 (compatible with 3.x and 4.x). Loosen version specification in python-fastapi to allow the update.
Fixes security bug CVE-2021-45958 (GHSA-fh56-85cw-5pq6).
5.1.0
Changed
Strip debugging symbols from Linux binaries
5.0.0
Added
Use cibuildwheel to build wheels
Removed
Drop support for soon-EOL Python 3.6
Fixed
Install Twine to upload to PyPI
4.3.0
Added
Enable Windows on ARM64 target
4.2.0
Added
Add a default keyword argument to dumps
Add support for Python 3.10
Build 32-bit wheels for Windows
Build PyPy3 wheels for manylinux
Build wheels for musl aarch64 (aka ARM) Linux (musllinux_1_1_aarch64)
Build wheels for musl Linux (musllinux_1_1_x86_64)
Changed
Use declarative setup metadata
Wheel building updates
Rename master to main
Replace README.rst with Markdown
4.1.0
Added
Add gcov coverage testing for C code
Test Python 3.10-dev
Changed
Remove unused variable
Remove explicit handling of manylinux platform tag
Fixed
dconv no longer uses global instances of StringToDoubleConverter and…
Switch shebang for the manylinux-wheels script
Fix typos in error message
Update to 0.75.0 (close RHBZ#2061006)
✨ Add support for custom generate_unique_id_function and docs for generating clients. New docs: Advanced – Generate Clients. PR #4650 by @tiangolo.
