A North Korean espionage group tracked as UNC2970 has been observed employing previously undocumented malware families as part of a spear-phishing campaign targeting U.S. and European media and technology organizations since June 2022.
Google-owned Mandiant said the threat cluster shares "multiple overlaps" with a long-running operation dubbed "Dream Job" that employs job recruitment lures in

A North Korean espionage group tracked as **UNC2970** has been observed employing previously undocumented malware families as part of a spear-phishing campaign targeting U.S. and European media and technology organizations since June 2022.

Google-owned Mandiant said the threat cluster shares "multiple overlaps" with a long-running operation dubbed "Dream Job" that employs job recruitment lures in email messages to trigger the infection sequence.

UNC2970 is the new moniker designated by the threat intelligence firm to a set of North Korean cyber activity that maps to UNC577 (aka **Temp.Hermit**), and which also comprises another nascent threat cluster tracked as UNC4034.

The UNC4034 activity, as documented by Mandiant in September 2022, entailed the use of WhatsApp to socially engineer targets into downloading a backdoor called AIRDRY.V2 under the pretext of sharing a skills assessment test.

"UNC2970 has a concerted effort towards obfuscation and employs multiple methods to do this throughout the entire chain of delivery and execution," Mandiant researchers said in a detailed two-part analysis, adding the effort specifically targeted security researchers.

Temp.Hermit is one of the primary hacking units associated with North Korea's Reconnaissance General Bureau (RGB) alongside Andariel and APT38 (aka BlueNoroff). All three actor sets are collectively referred to as the Lazarus Group (aka Hidden Cobra or Zinc).

"TEMP.Hermit is an actor that has been around since at least 2013," Mandiant noted in a March 2022 report. "Their operations since that time are representative of Pyongyang's efforts to collect strategic intelligence to benefit North Korean interests."

The latest set of UNC2970 attacks are characterized by initially approaching users directly on LinkedIn using "well designed and professionally curated" fake accounts posing as recruiters.

The conversation is subsequently shifted to WhatsApp, after which a phishing payload is delivered to the target under the guise of a job description.

In some instances, these attack chains have been observed to deploy trojanized versions of TightVNC (named LIDSHIFT), which is engineered to load a next-stage payload labeled as LIDSHOT that's capable of downloading and executing shellcode from a remote server.

Establishing a foothold within compromised environments is achieved by means of a C++-based backdoor known as PLANKWALK that then paves the way for the distribution of additional tooling such as -

*   **TOUCHSHIFT** - A malware dropper that loads follow-on malware ranging from keyloggers and screenshot utilities to full-featured backdoors
*   **TOUCHSHOT** - A software that's configured to take a screenshot every three seconds
*   **TOUCHKEY** - A keylogger that captures keystrokes and clipboard data
*   **HOOKSHOT** - A tunneling tool that connects over TCP to communicate with the command-and-control (C2) server
*   **TOUCHMOVE** - A loader that's designed to decrypt and execute a payload on the machine
*   **SIDESHOW** - A C/C++ backdoor that runs arbitrary commands and communicates via HTTP POST requests with its C2 server

UNC2970 is also said to have leveraged Microsoft Intune, an endpoint management solution, to drop a bespoke PowerShell script containing a Base64-encoded payload referred to as CLOUDBURST, a C-based backdoor that communicates via HTTP.

WEBINAR

Discover the Hidden Dangers of Third-Party SaaS Apps

Are you aware of the risks associated with third-party app access to your company's SaaS apps? Join our webinar to learn about the types of permissions being granted and how to minimize risk.

RESERVE YOUR SEAT

In what's a continuing use of the Bring Your Own Vulnerable Driver (BYOVD) technique by North Korea-aligned actors, the intrusions further employ an in-memory-only dropper called LIGHTSHIFT that facilitates the distribution of another piece of malware codenamed LIGHTSHOW.

The utility, besides taking steps to hinder dynamic and static analysis, drops a legitimate version of a driver with known vulnerabilities to perform read and write operations to kernel memory and ultimately disarm security software installed on the infected host.

"The identified malware tools highlight continued malware development and deployment of new tools by UNC2970," Mandiant said. "Although the group has previously targeted defense, media, and technology industries, the targeting of security researchers suggests a shift in strategy or an expansion of its operations."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

North Korean UNC2970 Hackers Expands Operations with New Malware Families

WebAssembly v1.0.29 was discovered to contain a heap overflow via the component component wabt::Node::operator.

**Environment**

    OS      : Linux ubuntu 5.15.0-46-generic #49~20.04.1-Ubuntu SMP Thu Aug 4 19:15:44 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
    Commit  : 3054d61f703d609995798f872fc86b462617c294
    Version : 1.0.29
    Build   : make clang-debug-asan
    

**Proof of concept**

poc-2.wasm.zip

**Stack dump**

    =================================================================
    ==1704949==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x610000000010 at pc 0x0000005f2828 bp 0x7ffc769a3c60 sp 0x7ffc769a3c58
    READ of size 4 at 0x610000000010 thread T0
        #0 0x5f2827 in wabt::Node::operator=(wabt::Node&&) /wabt/out/clang/Debug/asan/../../../../src/decompiler-ast.h:67:17
        #1 0x5dc955 in wabt::Node::Node(wabt::Node&&) /wabt/out/clang/Debug/asan/../../../../src/decompiler-ast.h:65:28
        #2 0x5f54b0 in std::enable_if<__and_<std::__not_<std::__is_tuple_like<wabt::Node>>, std::is_move_constructible<wabt::Node>, std::is_move_assignable<wabt::Node>>::value, void>::type std::swap<wabt::Node>(wabt::Node&, wabt::Node&) /usr/lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/move.h:197:19
        #3 0x5f501e in void std::iter_swap<__gnu_cxx::__normal_iterator<wabt::Node*, std::vector<wabt::Node, std::allocator<wabt::Node>>>, __gnu_cxx::__normal_iterator<wabt::Node*, std::vector<wabt::Node, std::allocator<wabt::Node>>>>(__gnu_cxx::__normal_iterator<wabt::Node*, std::vector<wabt::Node, std::allocator<wabt::Node>>>, __gnu_cxx::__normal_iterator<wabt::Node*, std::vector<wabt::Node, std::allocator<wabt::Node>>>) /usr/lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/stl_algobase.h:182:7
        #4 0x5f46ed in __gnu_cxx::__normal_iterator<wabt::Node*, std::vector<wabt::Node, std::allocator<wabt::Node>>> std::_V2::__rotate<__gnu_cxx::__normal_iterator<wabt::Node*, std::vector<wabt::Node, std::allocator<wabt::Node>>>>(__gnu_cxx::__normal_iterator<wabt::Node*, std::vector<wabt::Node, std::allocator<wabt::Node>>>, __gnu_cxx::__normal_iterator<wabt::Node*, std::vector<wabt::Node, std::allocator<wabt::Node>>>, __gnu_cxx::__normal_iterator<wabt::Node*, std::vector<wabt::Node, std::allocator<wabt::Node>>>, std::random_access_iterator_tag) /usr/lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/stl_algo.h:1394:5
        #5 0x5dd60f in __gnu_cxx::__normal_iterator<wabt::Node*, std::vector<wabt::Node, std::allocator<wabt::Node>>> std::_V2::rotate<__gnu_cxx::__normal_iterator<wabt::Node*, std::vector<wabt::Node, std::allocator<wabt::Node>>>>(__gnu_cxx::__normal_iterator<wabt::Node*, std::vector<wabt::Node, std::allocator<wabt::Node>>>, __gnu_cxx::__normal_iterator<wabt::Node*, std::vector<wabt::Node, std::allocator<wabt::Node>>>, __gnu_cxx::__normal_iterator<wabt::Node*, std::vector<wabt::Node, std::allocator<wabt::Node>>>) /usr/lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/stl_algo.h:1439:14
        #6 0x5dd066 in wabt::AST::Construct(wabt::intrusive_list<wabt::Expr> const&, unsigned int, unsigned int, bool)::'lambda'(unsigned long)::operator()(unsigned long) const /wabt/out/clang/Debug/asan/../../../../src/decompiler-ast.h:279:11
        #7 0x5c8556 in wabt::AST::Construct(wabt::intrusive_list<wabt::Expr> const&, unsigned int, unsigned int, bool) /wabt/out/clang/Debug/asan/../../../../src/decompiler-ast.h:307:13
        #8 0x5ee577 in void wabt::AST::Block<(wabt::ExprType)8>(wabt::BlockExprBase<(wabt::ExprType)8> const&, wabt::LabelType) /wabt/out/clang/Debug/asan/../../../../src/decompiler-ast.h:159:5
        #9 0x5dc2fd in wabt::AST::Construct(wabt::Expr const&) /wabt/out/clang/Debug/asan/../../../../src/decompiler-ast.h:212:9
        #10 0x5c7b64 in wabt::AST::Construct(wabt::intrusive_list<wabt::Expr> const&, unsigned int, unsigned int, bool) /wabt/out/clang/Debug/asan/../../../../src/decompiler-ast.h:248:7
        #11 0x5c281f in wabt::Decompiler::Decompile[abi:cxx11]() /wabt/out/clang/Debug/asan/../../../../src/decompiler.cc:795:13
        #12 0x5be6bd in wabt::Decompile[abi:cxx11](wabt::Module const&, wabt::DecompileOptions const&) /wabt/out/clang/Debug/asan/../../../../src/decompiler.cc:854:21
        #13 0x4f16bd in ProgramMain(int, char**) /wabt/out/clang/Debug/asan/../../../../src/tools/wasm-decompile.cc:103:18
        #14 0x4f2101 in main /wabt/out/clang/Debug/asan/../../../../src/tools/wasm-decompile.cc:116:10
        #15 0x7f9cae44d082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
        #16 0x43f04d in _start (/wabt/out/clang/Debug/asan/wasm-decompile+0x43f04d)
    
    0x610000000010 is located 48 bytes to the left of 192-byte region [0x610000000040,0x610000000100)
    allocated by thread T0 here:
        #0 0x4edc5d in operator new(unsigned long) /home/build-user/llvm-project/compiler-rt/lib/asan/asan_new_delete.cpp:95:3
        #1 0x5f05c8 in __gnu_cxx::new_allocator<wabt::Node>::allocate(unsigned long, void const*) /usr/lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/ext/new_allocator.h:115:27
        #2 0x5f0570 in std::allocator_traits<std::allocator<wabt::Node>>::allocate(std::allocator<wabt::Node>&, unsigned long) /usr/lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/alloc_traits.h:460:20
        #3 0x5effaf in std::_Vector_base<wabt::Node, std::allocator<wabt::Node>>::_M_allocate(unsigned long) /usr/lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/stl_vector.h:346:20
        #4 0x5f3462 in void std::vector<wabt::Node, std::allocator<wabt::Node>>::_M_realloc_insert<wabt::Node>(__gnu_cxx::__normal_iterator<wabt::Node*, std::vector<wabt::Node, std::allocator<wabt::Node>>>, wabt::Node&&) /usr/lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/vector.tcc:440:33
        #5 0x5f3124 in wabt::Node& std::vector<wabt::Node, std::allocator<wabt::Node>>::emplace_back<wabt::Node>(wabt::Node&&) /usr/lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/vector.tcc:121:4
        #6 0x5dcbdc in std::vector<wabt::Node, std::allocator<wabt::Node>>::push_back(wabt::Node&&) /usr/lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/stl_vector.h:1204:9
        #7 0x5de429 in wabt::AST::InsertNode(wabt::NodeType, wabt::ExprType, wabt::Expr const*, unsigned int) /wabt/out/clang/Debug/asan/../../../../src/decompiler-ast.h:104:15
        #8 0x5dc5d0 in wabt::AST::Construct(wabt::Expr const&) /wabt/out/clang/Debug/asan/../../../../src/decompiler-ast.h:230:9
        #9 0x5c7b64 in wabt::AST::Construct(wabt::intrusive_list<wabt::Expr> const&, unsigned int, unsigned int, bool) /wabt/out/clang/Debug/asan/../../../../src/decompiler-ast.h:248:7
        #10 0x5ee577 in void wabt::AST::Block<(wabt::ExprType)8>(wabt::BlockExprBase<(wabt::ExprType)8> const&, wabt::LabelType) /wabt/out/clang/Debug/asan/../../../../src/decompiler-ast.h:159:5
        #11 0x5dc2fd in wabt::AST::Construct(wabt::Expr const&) /wabt/out/clang/Debug/asan/../../../../src/decompiler-ast.h:212:9
        #12 0x5c7b64 in wabt::AST::Construct(wabt::intrusive_list<wabt::Expr> const&, unsigned int, unsigned int, bool) /wabt/out/clang/Debug/asan/../../../../src/decompiler-ast.h:248:7
        #13 0x5c281f in wabt::Decompiler::Decompile[abi:cxx11]() /wabt/out/clang/Debug/asan/../../../../src/decompiler.cc:795:13
        #14 0x5be6bd in wabt::Decompile[abi:cxx11](wabt::Module const&, wabt::DecompileOptions const&) /wabt/out/clang/Debug/asan/../../../../src/decompiler.cc:854:21
        #15 0x4f16bd in ProgramMain(int, char**) /wabt/out/clang/Debug/asan/../../../../src/tools/wasm-decompile.cc:103:18
        #16 0x4f2101 in main /wabt/out/clang/Debug/asan/../../../../src/tools/wasm-decompile.cc:116:10
        #17 0x7f9cae44d082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
    
    SUMMARY: AddressSanitizer: heap-buffer-overflow /wabt/out/clang/Debug/asan/../../../../src/decompiler-ast.h:67:17 in wabt::Node::operator=(wabt::Node&&)
    Shadow bytes around the buggy address:
      0x0c207fff7fb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      0x0c207fff7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      0x0c207fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      0x0c207fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      0x0c207fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    =>0x0c207fff8000: fa fa[fa]fa fa fa fa fa 00 00 00 00 00 00 00 00
      0x0c207fff8010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      0x0c207fff8020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      0x0c207fff8030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      0x0c207fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      0x0c207fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
    Shadow byte legend (one shadow byte represents 8 application bytes):
      Addressable:           00
      Partially addressable: 01 02 03 04 05 06 07 
      Heap left redzone:       fa
      Freed heap region:       fd
      Stack left redzone:      f1
      Stack mid redzone:       f2
      Stack right redzone:     f3
      Stack after return:      f5
      Stack use after scope:   f8
      Global redzone:          f9
      Global init order:       f6
      Poisoned by user:        f7
      Container overflow:      fc
      Array cookie:            ac
      Intra object redzone:    bb
      ASan internal:           fe
      Left alloca redzone:     ca
      Right alloca redzone:    cb
    ==1704949==ABORTING

CVE-2023-27117: heap overflow in wabt::Node::operator=(wabt::Node&&) · Issue #1989 · WebAssembly/wabt

WebAssembly v1.0.29 discovered to contain an abort in CWriter::MangleType.

**Title**

Aborted in CWriter::MangleType at wasm2c

**Environment**

    OS      : Linux ubuntu 5.15.0-46-generic #49~20.04.1-Ubuntu SMP Thu Aug 4 19:15:44 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
    Commit  : 3054d61f703d609995798f872fc86b462617c294
    Version : 1.0.29
    Build   : make clang-debug-asan
    

**Proof of concept**

poc.wasm2c-2.wasm  
poc\_wasm2c-2.wasm.zip

**Stack dump**

    gdb /wabt/out/clang/Debug/asan/wasm2c
    pwndbg> r  --enable-multi-memory ./poc.wasm2c-2.wasm
    context:
     LEGEND: STACK | HEAP | CODE | DATA | RWX | RODATA
    ─────────────────────────────────[ REGISTERS ]──────────────────────────────────
     RAX  0x0
    *RBX  0x7ffff7a357c0 ◂— 0x7ffff7a357c0
    *RCX  0x7ffff7a7b00b (raise+203) —▸ 0x10824848b48 ◂— 0x0
     RDX  0x0
    *RDI  0x2
    *RSI  0x7fffffff9a90 ◂— 0x0
     R8   0x0
    *R9   0x7fffffff9a90 ◂— 0x0
    *R10  0x8
    *R11  0x246
    *R12  0x43e420 (_start) ◂— endbr64
    *R13  0x7fffffffe070 ◂— 0x3
     R14  0x0
     R15  0x0
    *RBP  0x7fffffff9df0 —▸ 0x7fffffffa270 —▸ 0x7fffffffa3c0 —▸ 0x7fffffffa690 —▸ 0x7fffffffc3c0 ◂— ...
    *RSP  0x7fffffff9a90 ◂— 0x0
    *RIP  0x7ffff7a7b00b (raise+203) —▸ 0x10824848b48 ◂— 0x0
    ───────────────────────────────────[ DISASM ]───────────────────────────────────
     ► 0x7ffff7a7b00b <raise+203>    mov    rax, qword ptr [rsp + 0x108]
       0x7ffff7a7b013 <raise+211>    xor    rax, qword ptr fs:[0x28]
       0x7ffff7a7b01c <raise+220>    jne    raise+260                <raise+260>
        ↓
       0x7ffff7a7b044 <raise+260>    call   __stack_chk_fail                <__stack_chk_fail>
    
       0x7ffff7a7b049                nop    dword ptr [rax]
       0x7ffff7a7b050 <killpg>       endbr64
       0x7ffff7a7b054 <killpg+4>     test   edi, edi
       0x7ffff7a7b056 <killpg+6>     js     killpg+16                <killpg+16>
    
       0x7ffff7a7b058 <killpg+8>     neg    edi
       0x7ffff7a7b05a <killpg+10>    jmp    kill                <kill>
    
       0x7ffff7a7b05f <killpg+15>    nop
    ───────────────────────────────────[ STACK ]────────────────────────────────────
    00:0000│ rsi r9 rsp 0x7fffffff9a90 ◂— 0x0
    01:0008│            0x7fffffff9a98 ◂— 0xfffffffffffffffb
    02:0010│            0x7fffffff9aa0 —▸ 0x757525 ◂— cli
    03:0018│            0x7fffffff9aa8 ◂— 0x0
    ... ↓               4 skipped
    ─────────────────────────────────[ BACKTRACE ]──────────────────────────────────
     ► f 0   0x7ffff7a7b00b raise+203
       f 1   0x7ffff7a5a859 abort+299
       f 2         0x5074f0
       f 3         0x52cebf
       f 4         0x545a44
       f 5         0x535a2f
       f 6         0x528543
       f 7         0x51dd51
    ────────────────────────────────────────────────────────────────────────────────
    backtrace_msg:
    #0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
    #1  0x00007ffff7a5a859 in __GI_abort () at abort.c:79
    #2  0x00000000005074f0 in wabt::(anonymous namespace)::CWriter::MangleType (type=...) at ../../../../src/c-writer.cc:427
    #3  0x000000000052cebf in wabt::(anonymous namespace)::CWriter::Write (this=0x7fffffffce30, sv=...) at ../../../../src/c-writer.cc:701
    #4  0x0000000000545a44 in wabt::(anonymous namespace)::CWriter::Write<wabt::(anonymous namespace)::StackVar, char const (&) [4], char const*, char const (&) [2], wabt::(anonymous namespace)::Name<2>, char const (&) [9], wabt::(anonymous namespace)::StackVar> (this=0x7fffffffce30, t=..., u=..., args=..., args=..., args=..., args=..., args=...) at ../../../../src/c-writer.cc:204
    #5  0x0000000000535a2f in wabt::(anonymous namespace)::CWriter::Write (this=0x7fffffffce30, expr=warning: RTTI symbol not found for class 'wabt::LoadStoreExpr<(wabt::ExprType)47>'
    ...) at ../../../../src/c-writer.cc:2752
    #6  0x0000000000528543 in wabt::(anonymous namespace)::CWriter::Write (this=0x7fffffffce30, exprs=...) at ../../../../src/c-writer.cc:2043
    #7  0x000000000051dd51 in wabt::(anonymous namespace)::CWriter::Write<wabt::intrusive_list<wabt::Expr> const&, wabt::(anonymous namespace)::LabelDecl> (this=0x7fffffffce30, t=..., u=...) at ../../../../src/c-writer.cc:204
    #8  0x000000000051bd15 in wabt::(anonymous namespace)::CWriter::Write (this=0x7fffffffce30, func=...) at ../../../../src/c-writer.cc:1423
    #9  0x000000000051b647 in wabt::(anonymous namespace)::CWriter::Write<wabt::(anonymous namespace)::Newline, wabt::Func const&, wabt::(anonymous namespace)::Newline> (this=0x7fffffffce30, t=..., u=..., args=...) at ../../../../src/c-writer.cc:205
    #10 0x000000000051182d in wabt::(anonymous namespace)::CWriter::WriteFuncs (this=0x7fffffffce30) at ../../../../src/c-writer.cc:1393
    #11 0x0000000000500bf4 in wabt::(anonymous namespace)::CWriter::WriteCSource (this=0x7fffffffce30) at ../../../../src/c-writer.cc:2794
    #12 0x00000000004ffcd7 in wabt::(anonymous namespace)::CWriter::WriteModule (this=0x7fffffffce30, module=...) at ../../../../src/c-writer.cc:2807
    #13 0x00000000004ff48d in wabt::WriteC (c_stream=0x7fffffffdaa0, h_stream=0x7fffffffdaa0, header_name=0x7ccce0 <str> "wasm.h", module=0x7fffffffd2b0, options=...) at ../../../../src/c-writer.cc:2819
    #14 0x00000000004f11b4 in ProgramMain (argc=3, argv=0x7fffffffe078) at ../../../../src/tools/wasm2c.cc:179
    #15 0x00000000004f37f2 in main (argc=3, argv=0x7fffffffe078) at ../../../../src/tools/wasm2c.cc:190
    #16 0x00007ffff7a5c083 in __libc_start_main (main=0x4f37d0 <main(int, char**)>, argc=3, argv=0x7fffffffe078, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe068) at ../csu/libc-start.c:308
    #17 0x000000000043e44e in _start ()

CVE-2023-27116: Aborted in CWriter::MangleType at wasm2c · Issue #1984 · WebAssembly/wabt

WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::cat_compute_size.

**Environment**

    OS      : Linux ubuntu 5.15.0-46-generic #49~20.04.1-Ubuntu SMP Thu Aug 4 19:15:44 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
    Commit  : 3054d61f703d609995798f872fc86b462617c294
    Version : 1.0.29
    Build   : make clang-debug-asan
    

**Proof of concept**

poc-5.wasm.zip

**Stack dump**

    AddressSanitizer:DEADLYSIGNAL
    =================================================================
    ==1681910==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f858ec47234 bp 0x7ffce2314ff0 sp 0x7ffce2314ef8 T0)
    ==1681910==The signal is caused by a READ memory access.
    ==1681910==Hint: address points to the zero page.
        #0 0x7f858ec47234 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>::operator std::basic_string_view<char, std::char_traits<char>>() const (/lib/x86_64-linux-gnu/libstdc++.so.6+0x186234)
        #1 0x61d4eb in unsigned long wabt::cat_compute_size<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, char [3]>(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, char const (&) [3]) /wabt/out/clang/Debug/asan/../../../../src/string-util.h:68:27
        #2 0x61d39d in unsigned long wabt::cat_compute_size<char [5], std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, char [3]>(char const (&) [5], std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, char const (&) [3]) /wabt/out/clang/Debug/asan/../../../../src/string-util.h:68:39
        #3 0x61d235 in unsigned long wabt::cat_compute_size<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, char [5], std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, char [3]>(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, char const (&) [5], std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, char const (&) [3]) /wabt/out/clang/Debug/asan/../../../../src/string-util.h:68:39
        #4 0x61d005 in unsigned long wabt::cat_compute_size<char [5], std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, char [5], std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, char [3]>(char const (&) [5], std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, char const (&) [5], std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, char const (&) [3]) /wabt/out/clang/Debug/asan/../../../../src/string-util.h:68:39
        #5 0x60f57f in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> wabt::cat<char [5], std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, char [5], std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, char [3]>(char const (&) [5], std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, char const (&) [5], std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, char const (&) [3]) /wabt/out/clang/Debug/asan/../../../../src/string-util.h:75:13
        #6 0x5d137d in wabt::Decompiler::DecompileExpr(wabt::Node const&, wabt::Node const*) /wabt/out/clang/Debug/asan/../../../../src/decompiler.cc:530:20
        #7 0x5ccb59 in wabt::Decompiler::DecompileExpr(wabt::Node const&, wabt::Node const*) /wabt/out/clang/Debug/asan/../../../../src/decompiler.cc:357:22
        #8 0x5c30b4 in wabt::Decompiler::Decompile[abi:cxx11]() /wabt/out/clang/Debug/asan/../../../../src/decompiler.cc:825:20
        #9 0x5be6bd in wabt::Decompile[abi:cxx11](wabt::Module const&, wabt::DecompileOptions const&) /wabt/out/clang/Debug/asan/../../../../src/decompiler.cc:854:21
        #10 0x4f16bd in ProgramMain(int, char**) /wabt/out/clang/Debug/asan/../../../../src/tools/wasm-decompile.cc:103:18
        #11 0x4f2101 in main /wabt/out/clang/Debug/asan/../../../../src/tools/wasm-decompile.cc:116:10
        #12 0x7f858e754082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
        #13 0x43f04d in _start (/wabt/out/clang/Debug/asan/wasm-decompile+0x43f04d)
    
    AddressSanitizer can not provide additional info.
    SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libstdc++.so.6+0x186234) in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>::operator std::basic_string_view<char, std::char_traits<char>>() const
    ==1681910==ABORTING

CVE-2023-27115: SEGV in wabt::cat_compute_size · Issue #1992 · WebAssembly/wabt

WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::Decompiler::WrapChild.

    OS      : Linux ubuntu 5.15.0-46-generic #49~20.04.1-Ubuntu SMP Thu Aug 4 19:15:44 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
    Commit  : 3054d61f703d609995798f872fc86b462617c294
    Version : 1.0.29
    Build   : make clang-debug-asan
    

    AddressSanitizer:DEADLYSIGNAL
    =================================================================
    ==1814123==ERROR: AddressSanitizer: SEGV on unknown address 0xffffffffffffffe8 (pc 0x7f12f2723bfe bp 0x7ffe034681e0 sp 0x7ffe03467e18 T0)
    ==1814123==The signal is caused by a READ memory access.
        #0 0x7f12f2723bfe in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>::append(char const*, unsigned long) (/lib/x86_64-linux-gnu/libstdc++.so.6+0x144bfe)
        #1 0x609269 in wabt::Decompiler::WrapChild(wabt::Decompiler::Value&, std::basic_string_view<char, std::char_traits<char>>, std::basic_string_view<char, std::char_traits<char>>, wabt::Decompiler::Precedence) /wabt/out/clang/Debug/asan/../../../../src/decompiler.cc:125:18
        #2 0x619663 in wabt::Decompiler::BracketIfNeeded(wabt::Decompiler::Value&, wabt::Decompiler::Precedence) /wabt/out/clang/Debug/asan/../../../../src/decompiler.cc:143:11
        #3 0x60ce08 in wabt::Decompiler::WrapBinary(std::vector<wabt::Decompiler::Value, std::allocator<wabt::Decompiler::Value>>&, std::basic_string_view<char, std::char_traits<char>>, bool, wabt::Decompiler::Precedence) /wabt/out/clang/Debug/asan/../../../../src/decompiler.cc:153:5
        #4 0x5cfb8b in wabt::Decompiler::DecompileExpr(wabt::Node const&, wabt::Node const*) /wabt/out/clang/Debug/asan/../../../../src/decompiler.cc:473:16
        #5 0x5ccb59 in wabt::Decompiler::DecompileExpr(wabt::Node const&, wabt::Node const*) /wabt/out/clang/Debug/asan/../../../../src/decompiler.cc:357:22
        #6 0x5ccb59 in wabt::Decompiler::DecompileExpr(wabt::Node const&, wabt::Node const*) /wabt/out/clang/Debug/asan/../../../../src/decompiler.cc:357:22
        #7 0x5ccb59 in wabt::Decompiler::DecompileExpr(wabt::Node const&, wabt::Node const*) /wabt/out/clang/Debug/asan/../../../../src/decompiler.cc:357:22
        #8 0x5ccb59 in wabt::Decompiler::DecompileExpr(wabt::Node const&, wabt::Node const*) /wabt/out/clang/Debug/asan/../../../../src/decompiler.cc:357:22
        #9 0x5ccb59 in wabt::Decompiler::DecompileExpr(wabt::Node const&, wabt::Node const*) /wabt/out/clang/Debug/asan/../../../../src/decompiler.cc:357:22
        #10 0x5c30b4 in wabt::Decompiler::Decompile[abi:cxx11]() /wabt/out/clang/Debug/asan/../../../../src/decompiler.cc:825:20
        #11 0x5be6bd in wabt::Decompile[abi:cxx11](wabt::Module const&, wabt::DecompileOptions const&) /wabt/out/clang/Debug/asan/../../../../src/decompiler.cc:854:21
        #12 0x4f16bd in ProgramMain(int, char**) /wabt/out/clang/Debug/asan/../../../../src/tools/wasm-decompile.cc:103:18
        #13 0x4f2101 in main /wabt/out/clang/Debug/asan/../../../../src/tools/wasm-decompile.cc:116:10
        #14 0x7f12f2272082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
        #15 0x43f04d in _start (/wabt/out/clang/Debug/asan/wasm-decompile+0x43f04d)
    
    AddressSanitizer can not provide additional info.
    SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libstdc++.so.6+0x144bfe) in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>::append(char const*, unsigned long)
    ==1814123==ABORTING

CVE-2023-27119: SEGV in wabt::Decompiler::WrapChild · Issue #1990 · WebAssembly/wabt

Prometei botnet continued its activity since Cisco Talos first reported about it in 2020.  Since November 2022, we have observed Prometei improving the infrastructure components and capabilities.

Prometei botnet improves modules and exhibits new capabilities in recent updates

Iranian state-sponsored actors are continuing to engage in social engineering campaigns targeting researchers by impersonating a U.S. think tank.
"Notably the targets in this instance were all women who are actively involved in political affairs and human rights in the Middle East region," Secureworks Counter Threat Unit (CTU) said in a report shared with The Hacker News.
The cybersecurity

Iranian state-sponsored actors are continuing to engage in social engineering campaigns targeting researchers by impersonating a U.S. think tank.

"Notably the targets in this instance were all women who are actively involved in political affairs and human rights in the Middle East region," Secureworks Counter Threat Unit (CTU) said in a report shared with The Hacker News.

The cybersecurity company attributed the activity to a hacking group it tracks as **Cobalt Illusion**, and which is also known by the names APT35, Charming Kitten, ITG18, Phosphorus, TA453, and Yellow Garuda.

The targeting of academics, activists, diplomats, journalists, politicians, and researchers by the threat actor has been well-documented over the years.

The group is suspected to be operating on behalf of Iran's Islamic Revolutionary Guard Corps (IRGC) and has exhibited a pattern of using fake personas to establish contact with individuals who are of strategic interest to the government.

"It is common for Cobalt Illusion to interact with its targets multiple times over different messaging platforms," SecureWorks said. "The threat actors first send benign links and documents to build rapport. They then send a malicious link or document to phish credentials for systems that Cobalt Illusion seeks to access."

Chief among its tactics include leveraging credential harvesting to gain control of victims' mailboxes as well as employing custom tools like HYPERSCRAPE (aka EmailDownloader) to steal data from Gmail, Yahoo!, and Microsoft Outlook accounts using the stolen passwords.

Another bespoke malware linked to the group is a C++-based Telegram "grabber" tool that facilitates data harvesting on a large scale from Telegram accounts after obtaining the target's credentials.

The latest activity involves the adversary passing off as an employee of the Atlantic Council, a U.S.-based think tank, and reaching out to political affairs and human rights researchers under the pretext of contributing to a report.

WEBINAR

Discover the Hidden Dangers of Third-Party SaaS Apps

Are you aware of the risks associated with third-party app access to your company's SaaS apps? Join our webinar to learn about the types of permissions being granted and how to minimize risk.

RESERVE YOUR SEAT

To make the ruse convincing, the social media accounts associated with the fraudulent "Sara Shokouhi" persona (@SaShokouhi on Twitter and @sarashokouhii on Instagram) claimed to have a PhD in Middle East politics.

What's more, the profile photos in these accounts, per SecureWorks, are said to have been taken from an Instagram account belonging to a psychologist and tarot card reader based in Russia.

It's not immediately clear if the effort resulted in any successful phishing attacks. The Twitter account, created in October 2022, remains active to date as is the Instagram account.

"Phishing and bulk data collection are core tactics of Cobalt Illusion," Rafe Pilling, principal researcher and Iran thematic lead at SecureWorks CTU, said in a statement.

"The group undertakes intelligence gathering, often human focused intelligence, like extracting the contents of mailboxes, contact lists, travel plans, relationships, physical location, etc. This intel is likely blended with other sources and used to inform military and security operations by Iran, foreign and domestic."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Iranian Hackers Target Women Involved in Human Rights and Middle East Politics

emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification.

Previous Next

Reported by: Ulrich Müller <ulm <at> gentoo.org>

Date: Mon, 19 Dec 2022 16:15:02 UTC

Severity: normal

Found in version 28.2

**Done:** Eli Zaretskii <eliz <at> gnu.org>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending  
a message to control AT debbugs.gnu.org, with _unarchive 60204_ in the body.  
You can then email your comments to 60204 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

**Report forwarded** to bug-gnu-emacs <at> gnu.org:  
bug#60204; Package emacs. (Mon, 19 Dec 2022 16:15:02 GMT) Full text and rfc822 format available.

**Acknowledgement sent** to Ulrich Müller <ulm <at> gentoo.org>:  
New bug report received and forwarded. Copy sent to bug-gnu-emacs <at> gnu.org. (Mon, 19 Dec 2022 16:15:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

Apparently the emacsclient-mail.desktop file doesn't conform to the
Desktop Entry Specification at
https://specifications.freedesktop.org/desktop-entry-spec/desktop-entry-spec-latest.html#exec-variables
which says about the Exec key:

| Field codes must not be used inside a quoted argument, the result of
| field code expansion inside a quoted argument is undefined.

However, the %u field code is used inside a quoted argument of the
Exec key in both the \[Desktop Entry\] and \[Desktop Action new-window\]
sections.

See patch included below.


From 1ee6903cccde01c36dd58951102252abadada994 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ulrich=20M=C3=BCller?= <ulm <at> gentoo.org>
Date: Mon, 19 Dec 2022 16:51:20 +0100
Subject: \[PATCH\] Fix quoted argument in emacsclient-mail.desktop Exec key

\* etc/emacsclient-mail.desktop (Exec): The Desktop Entry
Specification does not allow field codes like %u inside a quoted
argument. Work around it by passing %u as first parameter ($1)
to the shell wrapper.
\* etc/emacsclient.desktop (Exec): Use \`sh\` rather than \`placeholder\`
as the command name of the shell wrapper.
---
 etc/emacsclient-mail.desktop | 4 ++--
 etc/emacsclient.desktop      | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/etc/emacsclient-mail.desktop b/etc/emacsclient-mail.desktop
index b575a41758a..91df122c594 100644
--- a/etc/emacsclient-mail.desktop
+++ b/etc/emacsclient-mail.desktop
@@ -1,7 +1,7 @@
 \[Desktop Entry\]
 Categories=Network;Email;
 Comment=GNU Emacs is an extensible, customizable text editor - and more
-Exec=sh -c "exec emacsclient --alternate-editor= --display=\\\\"\\\\$DISPLAY\\\\" --eval \\\\\\\$message-mailto\\\\\\\\ \\\\\\\\\\\\"%u\\\\\\\\\\\\"\\\\\\\$"
+Exec=sh -c "exec emacsclient --alternate-editor= --display=\\\\"\\\\$DISPLAY\\\\" --eval \\\\"(message-mailto \\\\\\\\\\\\"\\\\$1\\\\\\\\\\\\")\\\\"" sh %u
 Icon=emacs
 Name=Emacs (Mail, Client)
 MimeType=x-scheme-handler/mailto;
@@ -13,7 +13,7 @@ Actions=new-window;new-instance;
 
 \[Desktop Action new-window\]
 Name=New Window
-Exec=emacsclient --alternate-editor= --create-frame --eval "(message-mailto \\\\"%u\\\\")"
+Exec=sh -c "exec emacsclient --alternate-editor= --create-frame --eval \\\\"(message-mailto \\\\\\\\\\\\"\\\\$1\\\\\\\\\\\\")\\\\"" sh %u
 
 \[Desktop Action new-instance\]
 Name=New Instance
diff --git a/etc/emacsclient.desktop b/etc/emacsclient.desktop
index 1ecdecffafd..a9f840c7033 100644
--- a/etc/emacsclient.desktop
+++ b/etc/emacsclient.desktop
@@ -3,7 +3,7 @@ Name=Emacs (Client)
 GenericName=Text Editor
 Comment=Edit text
 MimeType=text/english;text/plain;text/x-makefile;text/x-c++hdr;text/x-c++src;text/x-chdr;text/x-csrc;text/x-java;text/x-moc;text/x-pascal;text/x-tcl;text/x-tex;application/x-shellscript;text/x-c;text/x-c++;
-Exec=sh -c "if \[ -n \\\\"\\\\$\*\\\\" \]; then exec emacsclient --alternate-editor= --display=\\\\"\\\\$DISPLAY\\\\" \\\\"\\\\$@\\\\"; else exec emacsclient --alternate-editor= --create-frame; fi" placeholder %F
+Exec=sh -c "if \[ -n \\\\"\\\\$\*\\\\" \]; then exec emacsclient --alternate-editor= --display=\\\\"\\\\$DISPLAY\\\\" \\\\"\\\\$@\\\\"; else exec emacsclient --alternate-editor= --create-frame; fi" sh %F
 Icon=emacs
 Type=Application
 Terminal=false
-- 
2.39.0

**Reply sent** to Eli Zaretskii <eliz <at> gnu.org>:  
You have taken responsibility. (Sat, 24 Dec 2022 07:22:01 GMT) Full text and rfc822 format available.

**Notification sent** to Ulrich Müller <ulm <at> gentoo.org>:  
bug acknowledged by developer. (Sat, 24 Dec 2022 07:22:02 GMT) Full text and rfc822 format available.

Message #10 received at 60204-done <at> debbugs.gnu.org (full text, mbox):

\> From: Ulrich Müller <ulm <at> gentoo.org>
> Date: Mon, 19 Dec 2022 17:14:09 +0100
> 
> Apparently the emacsclient-mail.desktop file doesn't conform to the
> Desktop Entry Specification at
> https://specifications.freedesktop.org/desktop-entry-spec/desktop-entry-spec-latest.html#exec-variables
> which says about the Exec key:
> 
> | Field codes must not be used inside a quoted argument, the result of
> | field code expansion inside a quoted argument is undefined.
> 
> However, the %u field code is used inside a quoted argument of the
> Exec key in both the \[Desktop Entry\] and \[Desktop Action new-window\]
> sections.
> 
> See patch included below.

Thanks, I installed this on the emacs-29 branch, and I'm closing the
bug.

**bug archived.** Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Sat, 21 Jan 2023 12:24:04 GMT) Full text and rfc822 format available.

This bug report was last modified 46 days ago.

Previous Next

GNU bug tracking system  
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

CVE-2023-27985: #60204 - 28.2; Invalid Exec key in etc/emacsclient-mail.desktop

Red Hat Security Advisory 2023-1141-01 - The gnutls packages provide the GNU Transport Layer Security library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: gnutls security and bug fix update  
Advisory ID:       RHSA-2023:1141-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1141  
Issue date:        2023-03-07  
CVE Names:         CVE-2023-0361   
=====================================================================

1. Summary:

An update for gnutls is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

The gnutls packages provide the GNU Transport Layer Security (GnuTLS)  
library, which implements cryptographic algorithms and protocols such as  
SSL, TLS, and DTLS.

Security Fix(es):

* gnutls: timing side-channel in the TLS RSA key exchange code  
(CVE-2023-0361)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* CCM tag length should be limited to known values (BZ#2144535)

* In FIPS mode, gnutls should reject RSASSA-PSS salt lengths larger than  
the output size of the hash function used, or provide an indicator  
(BZ#2144537)

* dracut-cmdline[554]: Error in GnuTLS initialization: Error while  
performing self checks i FIPS mode (BZ#2149640)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2144537 - In FIPS mode, gnutls should reject RSASSA-PSS salt lengths larger than the output size of the hash function used, or provide an indicator [rhel-9.1.0.z]  
2149640 - dracut-cmdline[554]: Error in GnuTLS initialization: Error while performing self checks i FIPS mode [rhel-9.1.0.z]  
2162596 - CVE-2023-0361 gnutls: timing side-channel in the TLS RSA key exchange code

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

aarch64:  
gnutls-c++-3.7.6-18.el9_1.aarch64.rpm  
gnutls-c++-debuginfo-3.7.6-18.el9_1.aarch64.rpm  
gnutls-dane-3.7.6-18.el9_1.aarch64.rpm  
gnutls-dane-debuginfo-3.7.6-18.el9_1.aarch64.rpm  
gnutls-debuginfo-3.7.6-18.el9_1.aarch64.rpm  
gnutls-debugsource-3.7.6-18.el9_1.aarch64.rpm  
gnutls-devel-3.7.6-18.el9_1.aarch64.rpm  
gnutls-utils-3.7.6-18.el9_1.aarch64.rpm  
gnutls-utils-debuginfo-3.7.6-18.el9_1.aarch64.rpm

ppc64le:  
gnutls-c++-3.7.6-18.el9_1.ppc64le.rpm  
gnutls-c++-debuginfo-3.7.6-18.el9_1.ppc64le.rpm  
gnutls-dane-3.7.6-18.el9_1.ppc64le.rpm  
gnutls-dane-debuginfo-3.7.6-18.el9_1.ppc64le.rpm  
gnutls-debuginfo-3.7.6-18.el9_1.ppc64le.rpm  
gnutls-debugsource-3.7.6-18.el9_1.ppc64le.rpm  
gnutls-devel-3.7.6-18.el9_1.ppc64le.rpm  
gnutls-utils-3.7.6-18.el9_1.ppc64le.rpm  
gnutls-utils-debuginfo-3.7.6-18.el9_1.ppc64le.rpm

s390x:  
gnutls-c++-3.7.6-18.el9_1.s390x.rpm  
gnutls-c++-debuginfo-3.7.6-18.el9_1.s390x.rpm  
gnutls-dane-3.7.6-18.el9_1.s390x.rpm  
gnutls-dane-debuginfo-3.7.6-18.el9_1.s390x.rpm  
gnutls-debuginfo-3.7.6-18.el9_1.s390x.rpm  
gnutls-debugsource-3.7.6-18.el9_1.s390x.rpm  
gnutls-devel-3.7.6-18.el9_1.s390x.rpm  
gnutls-utils-3.7.6-18.el9_1.s390x.rpm  
gnutls-utils-debuginfo-3.7.6-18.el9_1.s390x.rpm

x86_64:  
gnutls-c++-3.7.6-18.el9_1.i686.rpm  
gnutls-c++-3.7.6-18.el9_1.x86_64.rpm  
gnutls-c++-debuginfo-3.7.6-18.el9_1.i686.rpm  
gnutls-c++-debuginfo-3.7.6-18.el9_1.x86_64.rpm  
gnutls-dane-3.7.6-18.el9_1.i686.rpm  
gnutls-dane-3.7.6-18.el9_1.x86_64.rpm  
gnutls-dane-debuginfo-3.7.6-18.el9_1.i686.rpm  
gnutls-dane-debuginfo-3.7.6-18.el9_1.x86_64.rpm  
gnutls-debuginfo-3.7.6-18.el9_1.i686.rpm  
gnutls-debuginfo-3.7.6-18.el9_1.x86_64.rpm  
gnutls-debugsource-3.7.6-18.el9_1.i686.rpm  
gnutls-debugsource-3.7.6-18.el9_1.x86_64.rpm  
gnutls-devel-3.7.6-18.el9_1.i686.rpm  
gnutls-devel-3.7.6-18.el9_1.x86_64.rpm  
gnutls-utils-3.7.6-18.el9_1.x86_64.rpm  
gnutls-utils-debuginfo-3.7.6-18.el9_1.i686.rpm  
gnutls-utils-debuginfo-3.7.6-18.el9_1.x86_64.rpm

Red Hat Enterprise Linux BaseOS (v. 9):

Source:  
gnutls-3.7.6-18.el9_1.src.rpm

aarch64:  
gnutls-3.7.6-18.el9_1.aarch64.rpm  
gnutls-c++-debuginfo-3.7.6-18.el9_1.aarch64.rpm  
gnutls-dane-debuginfo-3.7.6-18.el9_1.aarch64.rpm  
gnutls-debuginfo-3.7.6-18.el9_1.aarch64.rpm  
gnutls-debugsource-3.7.6-18.el9_1.aarch64.rpm  
gnutls-utils-debuginfo-3.7.6-18.el9_1.aarch64.rpm

ppc64le:  
gnutls-3.7.6-18.el9_1.ppc64le.rpm  
gnutls-c++-debuginfo-3.7.6-18.el9_1.ppc64le.rpm  
gnutls-dane-debuginfo-3.7.6-18.el9_1.ppc64le.rpm  
gnutls-debuginfo-3.7.6-18.el9_1.ppc64le.rpm  
gnutls-debugsource-3.7.6-18.el9_1.ppc64le.rpm  
gnutls-utils-debuginfo-3.7.6-18.el9_1.ppc64le.rpm

s390x:  
gnutls-3.7.6-18.el9_1.s390x.rpm  
gnutls-c++-debuginfo-3.7.6-18.el9_1.s390x.rpm  
gnutls-dane-debuginfo-3.7.6-18.el9_1.s390x.rpm  
gnutls-debuginfo-3.7.6-18.el9_1.s390x.rpm  
gnutls-debugsource-3.7.6-18.el9_1.s390x.rpm  
gnutls-utils-debuginfo-3.7.6-18.el9_1.s390x.rpm

x86_64:  
gnutls-3.7.6-18.el9_1.i686.rpm  
gnutls-3.7.6-18.el9_1.x86_64.rpm  
gnutls-c++-debuginfo-3.7.6-18.el9_1.i686.rpm  
gnutls-c++-debuginfo-3.7.6-18.el9_1.x86_64.rpm  
gnutls-dane-debuginfo-3.7.6-18.el9_1.i686.rpm  
gnutls-dane-debuginfo-3.7.6-18.el9_1.x86_64.rpm  
gnutls-debuginfo-3.7.6-18.el9_1.i686.rpm  
gnutls-debuginfo-3.7.6-18.el9_1.x86_64.rpm  
gnutls-debugsource-3.7.6-18.el9_1.i686.rpm  
gnutls-debugsource-3.7.6-18.el9_1.x86_64.rpm  
gnutls-utils-debuginfo-3.7.6-18.el9_1.i686.rpm  
gnutls-utils-debuginfo-3.7.6-18.el9_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0361  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZAiXKtzjgjWX9erEAQj1PhAAm9pbTVkxqdaH6LY4JzDurjlXVLuvsCBE  
RetJQTum/aKtOCXwIFWesFH7Rsg4rXYXFtEw+aNElduH9lkD4O8TMh25NW4E3eHa  
/laWHNySOuAA+CsUR4vEs1pm/UKZ1hAPKlLn/RGDugy2nhcqPo84Th8e72rura3q  
PBzuo+7bmrp3Mu0XNFPbi8prayBH5VAer+Pg4F8rke2T++I2u2vMgNx0u28TmxQo  
qMyfsYR86VGYoc1GY1lR6wlrs96ZwNgsaySABoFK8yv4kSuuX1XArwEsdmJ7eXIt  
ZCo/Wgr7oqB2vpKx/bRrCrk6sZMQCQZpYnT+I4wlfAk/RNyBzo+ppUlTrWElbQjg  
OoullWaH0qt4BQJdPwznekWaUOV0yOlerW0en33ICiMQ+nseCEBSOuH8y24iI/XB  
ikp7Ivulwqe+z4oeJREKtbY2/cOKwbLhP6ZvKKzuFjwDLkPXF2cudSHKGJZPnZVw  
KSj7Y0U5EbcXcN422BRN03lw6dihC2efNxFy8W56KPEhZi6mmeCAwWtFP0iNFqnf  
ZtrgTW6fbSn5r7hjQe8oU+R5O1ylojoxhSrgOVmjLpXZEkbKCO9zLga+nL0L4KIW  
M87LjOeJ1aXu2IjHISxNRNTcqWrUPLVevk09KVqbNe47vl2B+g7qJxVKY2k20i/4  
YFb0PskSBR0=  
=ER5a  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1141-01

Red Hat Security Advisory 2023-1095-01 - The zlib packages provide a general-purpose lossless data compression library that is used by many different programs. Issues addressed include a buffer over-read vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: zlib security update  
Advisory ID:       RHSA-2023:1095-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1095  
Issue date:        2023-03-07  
CVE Names:         CVE-2022-37434  
====================================================================  
1. Summary:

An update for zlib is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64  
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64  
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64  
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64  
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Workstation (v. 7) - x86_64  
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

The zlib packages provide a general-purpose lossless data compression  
library that is used by many different programs.

Security Fix(es):

* zlib: heap-based buffer over-read and overflow in inflate() in inflate.c  
via a large gzip header extra field (CVE-2022-37434)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2116639 - CVE-2022-37434 zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:  
zlib-1.2.7-21.el7_9.src.rpm

x86_64:  
zlib-1.2.7-21.el7_9.i686.rpm  
zlib-1.2.7-21.el7_9.x86_64.rpm  
zlib-debuginfo-1.2.7-21.el7_9.i686.rpm  
zlib-debuginfo-1.2.7-21.el7_9.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:  
minizip-1.2.7-21.el7_9.i686.rpm  
minizip-1.2.7-21.el7_9.x86_64.rpm  
minizip-devel-1.2.7-21.el7_9.i686.rpm  
minizip-devel-1.2.7-21.el7_9.x86_64.rpm  
zlib-debuginfo-1.2.7-21.el7_9.i686.rpm  
zlib-debuginfo-1.2.7-21.el7_9.x86_64.rpm  
zlib-devel-1.2.7-21.el7_9.i686.rpm  
zlib-devel-1.2.7-21.el7_9.x86_64.rpm  
zlib-static-1.2.7-21.el7_9.i686.rpm  
zlib-static-1.2.7-21.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:  
zlib-1.2.7-21.el7_9.src.rpm

x86_64:  
zlib-1.2.7-21.el7_9.i686.rpm  
zlib-1.2.7-21.el7_9.x86_64.rpm  
zlib-debuginfo-1.2.7-21.el7_9.i686.rpm  
zlib-debuginfo-1.2.7-21.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:  
minizip-1.2.7-21.el7_9.i686.rpm  
minizip-1.2.7-21.el7_9.x86_64.rpm  
minizip-devel-1.2.7-21.el7_9.i686.rpm  
minizip-devel-1.2.7-21.el7_9.x86_64.rpm  
zlib-debuginfo-1.2.7-21.el7_9.i686.rpm  
zlib-debuginfo-1.2.7-21.el7_9.x86_64.rpm  
zlib-devel-1.2.7-21.el7_9.i686.rpm  
zlib-devel-1.2.7-21.el7_9.x86_64.rpm  
zlib-static-1.2.7-21.el7_9.i686.rpm  
zlib-static-1.2.7-21.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:  
zlib-1.2.7-21.el7_9.src.rpm

ppc64:  
zlib-1.2.7-21.el7_9.ppc.rpm  
zlib-1.2.7-21.el7_9.ppc64.rpm  
zlib-debuginfo-1.2.7-21.el7_9.ppc.rpm  
zlib-debuginfo-1.2.7-21.el7_9.ppc64.rpm  
zlib-devel-1.2.7-21.el7_9.ppc.rpm  
zlib-devel-1.2.7-21.el7_9.ppc64.rpm

ppc64le:  
zlib-1.2.7-21.el7_9.ppc64le.rpm  
zlib-debuginfo-1.2.7-21.el7_9.ppc64le.rpm  
zlib-devel-1.2.7-21.el7_9.ppc64le.rpm

s390x:  
zlib-1.2.7-21.el7_9.s390.rpm  
zlib-1.2.7-21.el7_9.s390x.rpm  
zlib-debuginfo-1.2.7-21.el7_9.s390.rpm  
zlib-debuginfo-1.2.7-21.el7_9.s390x.rpm  
zlib-devel-1.2.7-21.el7_9.s390.rpm  
zlib-devel-1.2.7-21.el7_9.s390x.rpm

x86_64:  
zlib-1.2.7-21.el7_9.i686.rpm  
zlib-1.2.7-21.el7_9.x86_64.rpm  
zlib-debuginfo-1.2.7-21.el7_9.i686.rpm  
zlib-debuginfo-1.2.7-21.el7_9.x86_64.rpm  
zlib-devel-1.2.7-21.el7_9.i686.rpm  
zlib-devel-1.2.7-21.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64:  
minizip-1.2.7-21.el7_9.ppc.rpm  
minizip-1.2.7-21.el7_9.ppc64.rpm  
minizip-devel-1.2.7-21.el7_9.ppc.rpm  
minizip-devel-1.2.7-21.el7_9.ppc64.rpm  
zlib-debuginfo-1.2.7-21.el7_9.ppc.rpm  
zlib-debuginfo-1.2.7-21.el7_9.ppc64.rpm  
zlib-static-1.2.7-21.el7_9.ppc.rpm  
zlib-static-1.2.7-21.el7_9.ppc64.rpm

ppc64le:  
minizip-1.2.7-21.el7_9.ppc64le.rpm  
minizip-devel-1.2.7-21.el7_9.ppc64le.rpm  
zlib-debuginfo-1.2.7-21.el7_9.ppc64le.rpm  
zlib-static-1.2.7-21.el7_9.ppc64le.rpm

s390x:  
minizip-1.2.7-21.el7_9.s390.rpm  
minizip-1.2.7-21.el7_9.s390x.rpm  
minizip-devel-1.2.7-21.el7_9.s390.rpm  
minizip-devel-1.2.7-21.el7_9.s390x.rpm  
zlib-debuginfo-1.2.7-21.el7_9.s390.rpm  
zlib-debuginfo-1.2.7-21.el7_9.s390x.rpm  
zlib-static-1.2.7-21.el7_9.s390.rpm  
zlib-static-1.2.7-21.el7_9.s390x.rpm

x86_64:  
minizip-1.2.7-21.el7_9.i686.rpm  
minizip-1.2.7-21.el7_9.x86_64.rpm  
minizip-devel-1.2.7-21.el7_9.i686.rpm  
minizip-devel-1.2.7-21.el7_9.x86_64.rpm  
zlib-debuginfo-1.2.7-21.el7_9.i686.rpm  
zlib-debuginfo-1.2.7-21.el7_9.x86_64.rpm  
zlib-static-1.2.7-21.el7_9.i686.rpm  
zlib-static-1.2.7-21.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
zlib-1.2.7-21.el7_9.src.rpm

x86_64:  
zlib-1.2.7-21.el7_9.i686.rpm  
zlib-1.2.7-21.el7_9.x86_64.rpm  
zlib-debuginfo-1.2.7-21.el7_9.i686.rpm  
zlib-debuginfo-1.2.7-21.el7_9.x86_64.rpm  
zlib-devel-1.2.7-21.el7_9.i686.rpm  
zlib-devel-1.2.7-21.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:  
minizip-1.2.7-21.el7_9.i686.rpm  
minizip-1.2.7-21.el7_9.x86_64.rpm  
minizip-devel-1.2.7-21.el7_9.i686.rpm  
minizip-devel-1.2.7-21.el7_9.x86_64.rpm  
zlib-debuginfo-1.2.7-21.el7_9.i686.rpm  
zlib-debuginfo-1.2.7-21.el7_9.x86_64.rpm  
zlib-static-1.2.7-21.el7_9.i686.rpm  
zlib-static-1.2.7-21.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-37434  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZAcuDNzjgjWX9erEAQhBfxAAnzhxAmg+iqzHC7pYiVpoAR4rHumYqU06  
6mzA0Y2UcTuzx/baoTpN2lxDJlKcJxijzXAVFDVK/FMfxeznMSl5LziNzdc07Vb0  
rlNzQ0UXCaRAOVrHI4cWIi+XOLnwfFT+3ZzLGnIni6ZvdMroQCNJ2AlfLCeQwZ4M  
59JZeHsYMJTg2E/sgQ9KALmCA+g+XVPmjrigoEG2DSOgXS/65t0SQ0DvMDeN8nT2  
G9fWqBwDZpJcgqUTDI/5JSQ0kgENR4KLmnxbRJETHvydH+0LBlthqNSGmEWuVJYe  
/Uw/YoffoP3tDzITzJEk5PdN6Y53atG25haf7wLmKWmfWdd2sfNqIOWZN7iUrpGG  
V/pWF0kamiyrJ3CzLCr73hKWwaN3+tKyX5NlwFyKg67EwujAVS8upcGLgCCy/TDc  
VuvvK6JiXgz0ieqhfoUXLOw4blF30OnUWWe2WHNTmXxEagRWFDmcyau0+xCs6ZtI  
0e/9w8fC8qG79T8tlfM3QbYljHeyDwYRLu8S4D00eQD/KBRTren40qhDiYMjcvtQ  
hAgDKEkcDR1cKDgalHCNpEWN+WWJdQbCetrAzkqinbVnjXVtNlrVQrgQrQF8RvsA  
4vKUM3m4sedi7CblWgtPtUU4KiLNlq2oF03RjrVnW1FohuOJ8oRQ4pnb/5iZ9b1h  
huKrzrky4/I=yKEJ  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#c++