Post Content
Category Archives: Advisories
DSA-5724-1 openssh – security update
The Qualys Threat Research Unit (TRU) discovered that OpenSSH, an
implementation of the SSH protocol suite, is prone to a signal handler
race condition. If a client does not authenticate within LoginGraceTime
seconds (120 by default), then sshd’s SIGALRM handler is called
asynchronously and calls various functions that are not
async-signal-safe. A remote unauthenticated attacker can take advantage
of this flaw to execute arbitrary code with root privileges. This flaw
affects sshd in its default configuration.
Details can be found in the Qualys advisory at
https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt
GLSA 202407-09: OpenSSH: Remote Code Execution
netatalk-3.2.1-1.fc40
FEDORA-2024-900475e0f7
Packages in this update:
netatalk-3.2.1-1.fc40
Update description:
Security fix for CVE-2024-38439, CVE-2024-38440, and CVE-2024-38441
Brain Cipher Ransomware Attack
What is the attack?A significant ransomware attack has struck Pusat Data Nasional (PDN), one of Indonesia’s government-owned national data centers. This incident involved threat actors encrypting government data, which disrupted digital services for immigration, airport checks, and several public services. This ransomware attack represents a new variant of the LockBit 3.0 ransomware. In 2023, the LockBit hacker group also severely disrupted the Bank Syariah Indonesia (BSI) systems.What is the recommended Mitigation?Ensure that all systems are up to date with robust cybersecurity measures. Also, maintain general awareness and training about the risk of phishing and social engineering attacks in the organization. What FortiGuard Coverage is available?FortiGuard Labs has AV signatures to block all the known malware variants used by the Ransomware group.Behavior-based detection through FortiSandbox and FortiEDR detects new and unknown ransomware malware samples.All the known IoCs related to the campaign are blocked via Web filtering service. These IOCs are available for threat hunting through FortiAnalyzer, FortiSIEM, and FortiSOAR.
USN-6851-2: Netplan regression
USN-6851-1 fixed vulnerabilities in Netplan. The update lead to the discovery of
a regression in netplan which caused systemctl enable to fail on systems where
systemd is not running. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Andreas Hasenack discovered that netplan incorrectly handled the permissions
for netdev files containing wireguard configuration. An attacker could use
this to obtain wireguard secret keys.
It was discovered that netplan configuration could be manipulated into injecting
arbitrary commands while setting up network interfaces. An attacker could
use this to execute arbitrary commands or escalate privileges.
USN-6844-2: CUPS regression
USN-6844-1 fixed vulnerabilities in the CUPS package. The update
lead to the discovery of a regression in CUPS with regards to
how the cupsd daemon handles Listen configuration directive.
This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Rory McNamara discovered that when starting the cupsd server with a
Listen configuration item, the cupsd process fails to validate if
bind call passed. An attacker could possibly trick cupsd to perform
an arbitrary chmod of the provided argument, providing world-writable
access to the target.
USN-6855-1: libcdio vulnerability
Mansour Gashasbi discovered that libcdio incorrectly handled certain
memory operations when parsing an ISO file, leading to a buffer overflow
vulnerability. An attacker could use this to cause a denial of service
or possibly execute arbitrary code.
GLSA 202406-06: GStreamer, GStreamer Plugins: Multiple Vulnerabilities
USN-5615-3: SQLite vulnerability
USN-5615-1 fixed several vulnerabilities in SQLite. This update provides
the corresponding fix for CVE-2020-35525 for Ubuntu 14.04 LTS.
Original advisory details:
It was discovered that SQLite incorrectly handled INTERSEC query
processing. An attacker could use this issue to cause SQLite to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2020-35525)
It was discovered that SQLite incorrectly handled ALTER TABLE for views
that have a nested FROM clause. An attacker could use this issue to cause
SQLite to crash, resulting in a denial of service, or possibly execute
arbitrary code. This issue was only addressed in Ubuntu 20.04 LTS.
(CVE-2020-35527)
It was discovered that SQLite incorrectly handled embedded null characters
when tokenizing certain unicode strings. This issue could result in
incorrect results. This issue only affected Ubuntu 20.04 LTS.
(CVE-2021-20223)