FEDORA-2022-04f206996b
Packages in this update:
mingw-expat-2.4.6-1.fc34
Update description:
Update to expat-2.4.6, see https://github.com/libexpat/libexpat/blob/R_2_4_6/expat/Changes for details.
mingw-expat-2.4.6-1.fc34
Update to expat-2.4.6, see https://github.com/libexpat/libexpat/blob/R_2_4_6/expat/Changes for details.
libxml2-2.9.13-1.fc35
Update to 2.9.13
Fix CVE-2022-23308
duck before 0.10 did not properly handle loading of untrusted code from the current directory.
UPDATE January 19: Updated Coverage section about the third malware that FortiGuard Labs has confirmed as a wiper malware..FortiGuard Labs is aware of a report that multiple organizations in the Ukraine were impacted by destructive malware. The malware looks to be some kind of ransomware at first glance; however, it does not have the telltale signs of ransomware. It overwrites the victim’s Master Boot Record (MBR) and files with specific file extensions without any recovery mechanism, which are enough to classify the malware as a destructive wiper malware.Why is this Significant?This is significant because the attack involves a wiper malware that destroys the victim’s MBR and certain files without any recovery mechanism.How Widespread is the Attack?At this point, the attack only affected multiple unnamed organizations in Ukraine.What the Details of the Attack?Initial attack vector has not yet been identified.This attack involves three malware.The first malware overwrites the victim’s Master Boot Record (MBR) which makes Windows OS unbootable and leaves a ransom note that reads below:Your hard drive has been corrupted.In case you want to recover all hard drivesof your organization,You should pay us $10k via bitcoin wallet1AVNM68gj6PGPFcJuftKATa4WLnzg8fpfv and send message viatox ID 8BEDC411012A33BA34F49130D0F186993C6A32DAD8976F6A5D82C1ED23054C057ECED5496F65with your organization name.We will contact you to give further instructions.The second malware simply downloads a wiper malware hosted on a Discord channel and executes it.The wiper malware searches for and overwrites files with the following file extensions on the victim’s machine:.3DM .3DS .7Z .ACCDB .AI .ARC .ASC .ASM .ASP .ASPX .BACKUP .BAK .BAT .BMP .BRD .BZ .BZ2 .CGM .CLASS .CMD .CONFIG .CPP .CRT .CS .CSR .CSV .DB .DBF .DCH .DER .DIF .DIP .DJVU.SH .DOC .DOCB .DOCM .DOCX .DOT .DOTM .DOTX .DWG .EDB .EML .FRM .GIF .GO .GZ .HDD .HTM .HTML .HWP .IBD .INC .INI .ISO .JAR .JAVA .JPEG .JPG .JS .JSP .KDBX .KEY .LAY .LAY6 .LDF .LOG .MAX .MDB .MDF .MML .MSG .MYD .MYI .NEF .NVRAM .ODB .ODG .ODP .ODS .ODT .OGG .ONETOC2 .OST .OTG .OTP .OTS .OTT .P12 .PAQ .PAS .PDF .PEM .PFX .PHP .PHP3 .PHP4 .PHP5 .PHP6 .PHP7 .PHPS .PHTML .PL .PNG .POT .POTM .POTX .PPAM .PPK .PPS .PPSM .PPSX .PPT .PPTM .PPTX .PS1 .PSD .PST .PY .RAR .RAW .RB .RTF .SAV .SCH .SHTML .SLDM .SLDX .SLK .SLN .SNT .SQ3 .SQL .SQLITE3 .SQLITEDB .STC .STD .STI .STW .SUO .SVG .SXC .SXD .SXI .SXM .SXW .TAR .TBK .TGZ .TIF .TIFF .TXT .UOP .UOT .VB .VBS .VCD .VDI .VHD .VMDK .VMEM .VMSD .VMSN .VMSS .VMTM .VMTX .VMX .VMXF .VSD .VSDX .VSWP .WAR .WB2 .WK1 .WKS .XHTML .XLC .XLM .XLS .XLSB .XLSM .XLSX .XLT .XLTM .XLTX .XLW .YML .ZIPIt also changes the file extension of the affected file to a random four-byte extension.What is the Status of Coverage?FortiGuard Labs provides the following AV coverage against the malware involved:W32/KillMBR.NGI!trMSIL/Agent.FP!tr.dldrMSIL/Agent.QWILJV!trW32/KillFiles.NKU!tr.ransomMSIL/VVH!trThe following AV coverage is available for the the third malware which FortiGuard Labs has confirmed as a wiper malware: MSIL/Agent.VVH!tr
sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm’s runtime is proportional to the square of the length of the password.
The following vulnerabilities have been discovered in the WPE WebKit
web engine:
The following vulnerabilities have been discovered in the WebKitGTK
web engine:
MediaWiki before 1.23.16, 1.24.x through 1.27.x before 1.27.2, and 1.28.x before 1.28.1 allows remote attackers to discover the IP addresses of Wiki visitors via a style=”background-image: attr(title url);” attack within a DIV element that has an attacker-controlled URL in the title attribute.