Category Archives: Advisories

ZDI-24-404: Apple macOS Metal Framework PVR File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

Read Time:16 Second

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the Metal Framework library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2024-23264.

Read More

USN-6750-1: Thunderbird vulnerabilities

Read Time:1 Minute, 13 Second

Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context, an
attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, bypass security restrictions, cross-site
tracing, or execute arbitrary code. (CVE-2024-2609, CVE-2024-3852,
CVE-2024-3864)

Bartek Nowotarski discovered that Thunderbird did not properly limit HTTP/2
CONTINUATION frames. An attacker could potentially exploit this issue to
cause a denial of service. (CVE-2024-3302)

Lukas Bernhard discovered that Thunderbird did not properly manage memory
during JIT optimisations, leading to an out-of-bounds read vulnerability.
An attacker could possibly use this issue to cause a denial of service or
expose sensitive information. (CVE-2024-3854)

Lukas Bernhard discovered that Thunderbird did not properly manage memory
when handling JIT created code during garbage collection. An attacker
could potentially exploit this issue to cause a denial of service, or
execute arbitrary code. (CVE-2024-3857)

Ronald Crane discovered that Thunderbird did not properly manage memory in
the OpenType sanitizer on 32-bit devices, leading to an out-of-bounds read
vulnerability. An attacker could possibly use this issue to cause a denial
of service or expose sensitive information. (CVE-2024-3859)

Ronald Crane discovered that Thunderbird did not properly manage memory
when handling an AlignedBuffer. An attacker could potentially exploit this
issue to cause denial of service, or execute arbitrary code. (CVE-2024-3861)

Read More

stalld-1.19.2-1.fc40

Read Time:12 Second

FEDORA-2024-d198253c42

Packages in this update:

stalld-1.19.2-1.fc40

Update description:

address issues found in Static Application Security testing
Fix a service startup issue
Fix file open issue when kernel lockdown is in effect

Read More

stalld-1.19.2-1.fc39

Read Time:12 Second

FEDORA-2024-9205c35b11

Packages in this update:

stalld-1.19.2-1.fc39

Update description:

address issues found in Static Application Security testing
Fix a service startup issue
Fix file open issue when kernel lockdown is in effect

Read More

stalld-1.19.2-1.fc38

Read Time:12 Second

FEDORA-2024-a047b1ca2d

Packages in this update:

stalld-1.19.2-1.fc38

Update description:

address issues found in Static Application Security testing
Fix a service startup issue
Fix file open issue when kernel lockdown is in effect

Read More

USN-6743-3: Linux kernel (Azure) vulnerabilities

Read Time:15 Second

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– JFS file system;
– BPF subsystem;
– Netfilter;
(CVE-2023-52600, CVE-2024-26589, CVE-2024-26591, CVE-2024-26581,
CVE-2023-52603)

Read More

ArcaneDoor Attack (CVE-2024-20353 and CVE-2024-20359)

Read Time:58 Second

What is the Attack?
Cisco issued an advisory on 24th April, regarding its Adaptive Security Appliances, multifunctional devices combining firewall, VPN, and other security functions. It reported that these appliances had become the focus of state-sponsored espionage, with attackers exploiting two previously unknown vulnerabilities to infiltrate government entities worldwide. In this campaign, two backdoors were deployed: “Line Runner” and “Line Dancer.” These backdoors operated in tandem to execute various malicious activities on the target systems, encompassing configuration alterations, reconnaissance, capturing/exfiltrating network traffic, and potentially facilitating lateral movement.

What is the recommended Mitigation?

According to Cisco’s advisory, the initial attack vector remains unidentified, two vulnerabilities (CVE-2024-20353 and CVE-2024-20359) have been pinpointed. Customers are strongly urged to adhere to the instructions outlined in the security advisories provided. https://sec.cloudapps.cisco.com/security/center/resources/asa_ftd_attacks_event_response

What FortiGuard Coverage is available?

FortiGuard Labs has blocked all the known Indicators of compromise (IoCs) related to this campaign as listed on Cisco’s advisory and is currently investigating for further protections. Meanwhile, FortiGuard Labs recommends users apply patches as provided by Cisco’s Product Security Incident Response Team (PSIRT).

Read More

USN-6657-2: Dnsmasq vulnerabilities

Read Time:40 Second

USN-6657-1 fixed several vulnerabilities in Dnsmasq. This update provides
the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

Original advisory details:

Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner discovered
that Dnsmasq icorrectly handled validating DNSSEC messages. A remote
attacker could possibly use this issue to cause Dnsmasq to consume
resources, leading to a denial of service. (CVE-2023-50387)

It was discovered that Dnsmasq incorrectly handled preparing an NSEC3
closest encloser proof. A remote attacker could possibly use this issue to
cause Dnsmasq to consume resources, leading to a denial of service.
(CVE-2023-50868)

It was discovered that Dnsmasq incorrectly set the maximum EDNS.0 UDP
packet size as required by DNS Flag Day 2020. This issue only affected
Ubuntu 23.10. (CVE-2023-28450)

Read More

Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution

Read Time:26 Second

Multiple vulnerabilities have been discovered in Google Chrome, which could allow for arbitrary code execution. Successful exploitation of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More