Cybersecurity researchers have disclosed a new phishing kit that has been put to use in campaigns targeting Australia, Japan, Spain, the U.K., and the U.S. since at least September 2024.
Netcraft said more than 2,000 phishing websites have been identified the kit, known as Xiū gǒu, with the offering used in attacks aimed at a variety of verticals, such as public sectors, postal, digital services

Cybersecurity researchers have disclosed a new phishing kit that has been put to use in campaigns targeting Australia, Japan, Spain, the U.K., and the U.S. since at least September 2024.

Netcraft said more than 2,000 phishing websites have been identified the kit, known as Xiū gǒu, with the offering used in attacks aimed at a variety of verticals, such as public sectors, postal, digital services, and banking services.

"Threat actors using the kit to deploy phishing websites often rely on Cloudflare's anti-bot and hosting obfuscation capabilities to prevent detection," Netcraft said in a report published Thursday.

Some aspects of the phishing kit were documented by security researchers Will Thomas (@ BushidoToken) and Fox\_threatintel (@banthisguy9349) last month.

Phishing kits like Xiū gǒu pose a risk because they could lower the barrier of entry for less skilled hackers, potentially leading to an increase in malicious campaigns that could lead to theft of sensitive information.

Xiū gǒu, which is developed by a Chinese-speaking threat actor, provides users with an admin panel and is developed using technologies like Golang and Vue.js. The kit is also designed to exfiltrate credentials and other information from the fake phishing pages hosted on the ".top" top-level domain via Telegram.

The phishing attacks are propagated via Rich Communications Services (RCS) messages rather than SMS, warning recipients of purported parking penalties and failed package deliveries. The messages also instruct them to click on a link that's shortened using a URL shortener service to pay the fine or update the delivery address.

"The scams typically manipulate victims into providing their personal details and making payments, for example, to release a parcel or fulfill a fine," Netcraft said.

RCS, which is primarily available via Apple Messages (starting with iOS 18) and Google Messages for Android, offers users an upgraded messaging experience with support for file-sharing, typing indicators, and optional support for end-to-end encryption (E2EE).

In a blog post late last month, the tech giant detailed the new protections it's taking to combat phishing scams, including rolling out enhanced scam detection using on-device machine learning models to specifically filter out fraudulent messages related to package delivery and job opportunities.

Google also said it's piloting security warnings when users in India, Thailand, Malaysia, and Singapore receive text messages from unknown senders with potentially dangerous links. The new protections, which are expected to be expanded globally later this year, also block messages with links from suspicious senders.

Lastly, the search major is adding the option to "automatically hide messages from international senders who are not existing contacts" by moving them to the "Spam & blocked" folder. The feature was first enabled as a pilot in Singapore.

The disclosure comes as Cisco Talos revealed that Facebook business and advertising account users in Taiwan are being targeted by an unknown threat actor as part of a phishing campaign designed to deliver stealer malware such as Lumma or Rhadamanthys.

The lure messages come embedded with a link that, when clicked, takes the victim to a Dropbox or Google Appspot domain, triggering the download of a RAR archive packing a fake PDF executable, which serves as a conduit to drop the stealer malware.

"The decoy email and fake PDF filenames are designed to impersonate a company's legal department, attempting to lure the victim into downloading and executing malware," Talos researcher Joey Chen said, adding the activity has been ongoing since July 2024.

"The emails demand the removal of the infringing content within 24 hours, cessation of further use without written permission, and warn of potential legal action and compensation claims for non-compliance."

Phishing campaigns have also been observed impersonating OpenAI targeting businesses worldwide, instructing them to immediately update their payment information by clicking on an obfuscated hyperlink.

"This attack was sent from a single domain to over 1,000 recipients," Barracuda said in a report. "The email did, however, use different hyperlinks within the email body, possibly to evade detection. The email passed DKIM and SPF checks, which means that the email was sent from a server authorized to send emails on behalf of the domain. However, the domain itself is suspicious."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

New Phishing Kit Xiū gǒu Targets Users Across Five Countries With 2,000 Fake Sites

Cybersecurity researchers uncovered the “Xiū gǒu” phishing kit targeting users in the UK, US, Spain, Australia, and Japan.…

Cybersecurity researchers uncovered the “Xiū gǒu” phishing kit targeting users in the UK, US, Spain, Australia, and Japan. Active across public, postal, and banking sectors, the kit mimics legitimate services to harvest data.

Cybersecurity researchers at Netcraft have discovered a new phishing kit in action named “Xiū gǒu,” which has been actively targeting unsuspecting users in the UK, US, Spain, Australia, and Japan since September 2024.

This kit, notable for its unique branding and interactive features, has been identified in over 2,000 phishing websites, exposing both individuals and organizations across different sectors to the risk of being compromised.

The phishing kit, dubbed “Xiū gǒu” (修狗) after the Mandarin Chinese internet slang “xiū gǒu,” which translates to “doggo,” currently focuses on scams related to motorists, government payments, and postal services. The admin panel and associated Telegram account feature a cartoon dog mascot holding a soda bottle, adding an element of entertainment to the otherwise malicious tool.

According to the technical blog post shared with Hackread.com ahead of publishing on Thursday, Xiū gǒu’s front end utilizes Vue.js for both phishing pages and the admin panel, while the back end is powered by Golang through the SynPhishServer executable. This combination allows for a more active and harder-to-detect phishing infrastructure.

The kit has been deployed across more than 1,500 IP addresses and phishing domains, targeting victims with scams related to motorists, government payments, and postal services. Organizations in the public sector, postal, digital services, and banking sectors have been particularly vulnerable. Some of the notable impersonations include the following:

*   **Evri**
*   **Linkt**
*   **USPS**
*   **Lloyds**
*   **Services Australia**
*   **New Zealand Post**
*   **UK Government (gov.uk and DVSA)**

Threat actors using Xiū gǒu leverage Cloudflare’s anti-bot and hosting obfuscation capabilities to evade detection. They often register domains with the “.top” top-level domain (TLD), choosing names that relate to their scams, such as ‘parking’ or ‘living,’ or incorporating parts of the target brand’s name.

The attack flow typically begins with a Rich Communications Services (RCS) message containing a shortened link, which directs victims to a phishing website designed to mimic legitimate sites like gov.uk. Bots are redirected to non-malicious sites to further obfuscate the activity. Once victims enter their personal and payment details, the information is exfiltrated to Telegram via a bot set up by the fraudster.

Fake UK Government parking fine payment page powered by Xiū gǒu phishing kit (Screenshot: Netcraft)

Fake USPS package release page powered by Xiū gǒu phishing kit (Screenshot: Netcraft)

Netcraft’s research provides a window into the minds of the kit’s authors stating, “Our research provides an interesting perspective into the minds and methods of the authors behind the kits and we can see by xiū gǒu’s use of specific scripting languages as well as the inclusion of user tutorials._“_

_“_The author has also chosen to measure and analyze the use of their kit, most likely so that they can optimize and improve their competitiveness over time. We also get a sense of how—as with the doggo mascot—authors inject personality and humour into their kits, leaving their own distinctive mark_.”_

The Xiū gǒu phishing kit remains active and is part of an ongoing global campaign targeting both businesses and individuals. To protect yourself, use caution with unsolicited messages and follow these steps to avoid becoming its next victim:

*   **Verify Links Before Clicking**: Always hover over links in emails or texts to check the actual URL, and avoid clicking shortened links unless verified. Phishing kits often use misleading URLs to trick users.
*   **Be Careful with Personal Information**: Avoid entering sensitive information on websites reached through unsolicited messages, especially if the site requests personal or payment details.
*   **Enable Multi-Factor Authentication (MFA)**: MFA adds an extra layer of protection. Even if a phishing kit collects your credentials, MFA can help prevent unauthorized access to your accounts.
*   **Use Anti-Phishing Software**: Many anti-phishing tools can detect suspicious sites and prevent you from accessing them, even if you accidentally click on a phishing link.
*   **Educate Yourself on Phishing Tactics**: Stay informed about common phishing strategies and indicators, like unusual language or suspicious domain names, which can help you identify threats before they become issues.

1.  **EvilProxy Phishing Kit Hits 100+ Firms as It Bypasses MFA**
2.  **Chinese ‘Smishing Triad’ Group Hits Pakistan with SMS Phishing**
3.  **V3B Phishing Kit Steals Logins and OTPs from EU Banking Users**
4.  **FishXProxy Phishing Kit Makes Phishing Ready for Script Kiddies**
5.  **EvilProxy Phishing Kit Targets Microsoft Users via Indeed.com Flaw**
6.  **Russian Hackers Employ Telekopye Toolkit in Broad Phishing Attacks**

New Xiū gǒu Phishing Kit Hits UK, US, Japan, Australia Across Key Sectors

The jsonProxy.php endpoint on the ABB BMS/BAS controller is vulnerable to username enumeration. An unauthenticated attacker can interact with the UserManager servlet to enumerate valid usernames on the system. Since jsonProxy.php proxies requests to internal services without requiring authentication, attackers can gain unauthorized insights into valid usernames.

ABB Cylon Aspect 3.08.01 (badassMode) File Upload MD5 Checksum Bypass

LottieFiles has revealed that its npm package "lottie-player" was compromised as part of a supply chain attack, prompting it to release an updated version of the library.
"On October 30th ~6:20 PM UTC - LottieFiles were notified that our popular open source npm package for the web player @lottiefiles/lottie-player had unauthorized new versions pushed with malicious code," the company said in a

Cryptocurrency / Software Development

LottieFiles has revealed that its npm package "lottie-player" was compromised as part of a supply chain attack, prompting it to release an updated version of the library.

"On October 30th ~6:20 PM UTC - LottieFiles were notified that our popular open source npm package for the web player @lottiefiles/lottie-player had unauthorized new versions pushed with malicious code," the company said in a statement on X. "This does not impact our dotlottie player and/or SaaS service."

LottieFiles is an animation workflow platform that enables designers to create, edit, and share animations in a JSON-based animation file format called Lottie. It's also the developer behind an npm package named lottie-player, which allows for embedding and playing Lottie animations on websites.

According to the company, "a large number of users using the library via third-party CDNs without a pinned version were automatically served the compromised version as the latest release."

The malicious versions of the package contained code that prompted users to connect their cryptocurrency wallets, with the likely goal of draining their funds. Users who are on versions 2.0.5, 2.0.6, and 2.0.7 are recommended to update to 2.0.8.

"Versions 2.0.5, 2.0.6, 2.0.7 were published directly to https://npmjs.com over the course of an hour using a compromised access token from a developer with the required privileges," LottieFiles noted.

Besides releasing a fix, the three rogue versions have been unpublished from the npm package repository. LottieFiles said it has also activated its incident response plan and engaged an external incident response team to assist with the investigation.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

LottieFiles Issues Warning About Compromised "lottie-player" npm Package

Red Hat Security Advisory 2024-8680-03 - An update for mod_http2 is now available for Red Hat Enterprise Linux 9. Issues addressed include denial of service and null pointer vulnerabilities.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8680.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Low: mod_http2 security updateAdvisory ID:        RHSA-2024:8680-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:8680Issue date:         2024-10-31Revision:           03CVE Names:          CVE-2024-36387====================================================================Summary: An update for mod_http2 is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers.Security Fix(es):* mod_http2: DoS by null pointer in websocket over HTTP/2 (CVE-2024-36387)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-36387References:https://access.redhat.com/security/updates/classification/#lowhttps://bugzilla.redhat.com/show_bug.cgi?id=2295006

Red Hat Security Advisory 2024-8680-03

Red Hat Security Advisory 2024-8679-03 - An update for podman is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8679.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: podman security updateAdvisory ID:        RHSA-2024:8679-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:8679Issue date:         2024-10-30Revision:           03CVE Names:          CVE-2024-9675====================================================================Summary: An update for podman is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.Security Fix(es):* buildah: Buildah allows arbitrary directory mount (CVE-2024-9675)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-9675References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2317458

Red Hat Security Advisory 2024-8679-03

Red Hat Security Advisory 2024-8678-03 - An update for grafana is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Issues addressed include a cross site scripting vulnerability.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8678.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: grafana security updateAdvisory ID:        RHSA-2024:8678-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:8678Issue date:         2024-10-30Revision:           03CVE Names:          CVE-2024-9355====================================================================Summary: An update for grafana is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es):* golang-fips: Golang FIPS zeroed buffer (CVE-2024-9355)* dompurify: nesting-based mutation XSS vulnerability (CVE-2024-47875)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-9355References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2315719https://bugzilla.redhat.com/show_bug.cgi?id=2318052

Red Hat Security Advisory 2024-8678-03

Red Hat Security Advisory 2024-8676-03 - Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.17.0 on Red Hat Enterprise Linux 9.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8676.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: Red Hat OpenShift Data Foundation 4.17.0 Security, Enhancement, & Bug Fix Update  
Advisory ID:        RHSA-2024:8676-03  
Product:            Red Hat OpenShift Data Foundation  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:8676  
Issue date:         2024-10-30  
Revision:           03  
CVE Names:          CVE-2023-26136  
====================================================================

Summary: 

Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.17.0 on Red Hat Enterprise Linux 9.

Description:

Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multicloud data management service with an S3 compatible API.

These updated packages include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:

https://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/4.17/html/4.17_release_notes/index

All Red Hat OpenShift Data Foundation users are advised to upgrade to these packages that provide these bug fixes and enhancements.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-26136

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2059669  
https://bugzilla.redhat.com/show_bug.cgi?id=2190161  
https://bugzilla.redhat.com/show_bug.cgi?id=2219310  
https://bugzilla.redhat.com/show_bug.cgi?id=2241329  
https://bugzilla.redhat.com/show_bug.cgi?id=2245068  
https://bugzilla.redhat.com/show_bug.cgi?id=2250364  
https://bugzilla.redhat.com/show_bug.cgi?id=2253013  
https://bugzilla.redhat.com/show_bug.cgi?id=2257271  
https://bugzilla.redhat.com/show_bug.cgi?id=2259668  
https://bugzilla.redhat.com/show_bug.cgi?id=2262777  
https://bugzilla.redhat.com/show_bug.cgi?id=2268046  
https://bugzilla.redhat.com/show_bug.cgi?id=2268820  
https://bugzilla.redhat.com/show_bug.cgi?id=2271773  
https://bugzilla.redhat.com/show_bug.cgi?id=2272597  
https://bugzilla.redhat.com/show_bug.cgi?id=2275225  
https://bugzilla.redhat.com/show_bug.cgi?id=2275965  
https://bugzilla.redhat.com/show_bug.cgi?id=2276393  
https://bugzilla.redhat.com/show_bug.cgi?id=2276672  
https://bugzilla.redhat.com/show_bug.cgi?id=2279751  
https://bugzilla.redhat.com/show_bug.cgi?id=2279876  
https://bugzilla.redhat.com/show_bug.cgi?id=2280308  
https://bugzilla.redhat.com/show_bug.cgi?id=2280608  
https://bugzilla.redhat.com/show_bug.cgi?id=2280637  
https://bugzilla.redhat.com/show_bug.cgi?id=2283994  
https://bugzilla.redhat.com/show_bug.cgi?id=2292435  
https://bugzilla.redhat.com/show_bug.cgi?id=2292668  
https://bugzilla.redhat.com/show_bug.cgi?id=2294234  
https://bugzilla.redhat.com/show_bug.cgi?id=2294723  
https://bugzilla.redhat.com/show_bug.cgi?id=2297265  
https://bugzilla.redhat.com/show_bug.cgi?id=2297295  
https://bugzilla.redhat.com/show_bug.cgi?id=2297447  
https://bugzilla.redhat.com/show_bug.cgi?id=2297454  
https://bugzilla.redhat.com/show_bug.cgi?id=2299630  
https://bugzilla.redhat.com/show_bug.cgi?id=2299639  
https://bugzilla.redhat.com/show_bug.cgi?id=2300021  
https://bugzilla.redhat.com/show_bug.cgi?id=2300312  
https://bugzilla.redhat.com/show_bug.cgi?id=2300331  
https://bugzilla.redhat.com/show_bug.cgi?id=2300499  
https://bugzilla.redhat.com/show_bug.cgi?id=2301889  
https://bugzilla.redhat.com/show_bug.cgi?id=2302201  
https://bugzilla.redhat.com/show_bug.cgi?id=2302257  
https://bugzilla.redhat.com/show_bug.cgi?id=2302448  
https://bugzilla.redhat.com/show_bug.cgi?id=2302507  
https://bugzilla.redhat.com/show_bug.cgi?id=2302575  
https://bugzilla.redhat.com/show_bug.cgi?id=2302774  
https://bugzilla.redhat.com/show_bug.cgi?id=2302841  
https://bugzilla.redhat.com/show_bug.cgi?id=2302842  
https://bugzilla.redhat.com/show_bug.cgi?id=2303028  
https://bugzilla.redhat.com/show_bug.cgi?id=2303342  
https://bugzilla.redhat.com/show_bug.cgi?id=2303403  
https://bugzilla.redhat.com/show_bug.cgi?id=2303619  
https://bugzilla.redhat.com/show_bug.cgi?id=2303820  
https://bugzilla.redhat.com/show_bug.cgi?id=2303821  
https://bugzilla.redhat.com/show_bug.cgi?id=2303822  
https://bugzilla.redhat.com/show_bug.cgi?id=2303823  
https://bugzilla.redhat.com/show_bug.cgi?id=2303824  
https://bugzilla.redhat.com/show_bug.cgi?id=2303825  
https://bugzilla.redhat.com/show_bug.cgi?id=2303829  
https://bugzilla.redhat.com/show_bug.cgi?id=2304073  
https://bugzilla.redhat.com/show_bug.cgi?id=2304231  
https://bugzilla.redhat.com/show_bug.cgi?id=2304232  
https://bugzilla.redhat.com/show_bug.cgi?id=2304235  
https://bugzilla.redhat.com/show_bug.cgi?id=2304238  
https://bugzilla.redhat.com/show_bug.cgi?id=2304799  
https://bugzilla.redhat.com/show_bug.cgi?id=2304810  
https://bugzilla.redhat.com/show_bug.cgi?id=2304815  
https://bugzilla.redhat.com/show_bug.cgi?id=2304993  
https://bugzilla.redhat.com/show_bug.cgi?id=2305274  
https://bugzilla.redhat.com/show_bug.cgi?id=2305295  
https://bugzilla.redhat.com/show_bug.cgi?id=2305660  
https://bugzilla.redhat.com/show_bug.cgi?id=2305880  
https://bugzilla.redhat.com/show_bug.cgi?id=2306026  
https://bugzilla.redhat.com/show_bug.cgi?id=2306387  
https://bugzilla.redhat.com/show_bug.cgi?id=2306577  
https://bugzilla.redhat.com/show_bug.cgi?id=2307823  
https://bugzilla.redhat.com/show_bug.cgi?id=2307835  
https://bugzilla.redhat.com/show_bug.cgi?id=2307909  
https://bugzilla.redhat.com/show_bug.cgi?id=2308091  
https://bugzilla.redhat.com/show_bug.cgi?id=2308101  
https://bugzilla.redhat.com/show_bug.cgi?id=2308144  
https://bugzilla.redhat.com/show_bug.cgi?id=2308193  
https://bugzilla.redhat.com/show_bug.cgi?id=2308304  
https://bugzilla.redhat.com/show_bug.cgi?id=2308442  
https://bugzilla.redhat.com/show_bug.cgi?id=2308446  
https://bugzilla.redhat.com/show_bug.cgi?id=2309191  
https://bugzilla.redhat.com/show_bug.cgi?id=2309195  
https://bugzilla.redhat.com/show_bug.cgi?id=2309485  
https://bugzilla.redhat.com/show_bug.cgi?id=2309486  
https://bugzilla.redhat.com/show_bug.cgi?id=2309487  
https://bugzilla.redhat.com/show_bug.cgi?id=2309488  
https://bugzilla.redhat.com/show_bug.cgi?id=2309489  
https://bugzilla.redhat.com/show_bug.cgi?id=2309700  
https://bugzilla.redhat.com/show_bug.cgi?id=2310369  
https://bugzilla.redhat.com/show_bug.cgi?id=2310385  
https://bugzilla.redhat.com/show_bug.cgi?id=2310841  
https://bugzilla.redhat.com/show_bug.cgi?id=2310908  
https://bugzilla.redhat.com/show_bug.cgi?id=2311042  
https://bugzilla.redhat.com/show_bug.cgi?id=2311043  
https://bugzilla.redhat.com/show_bug.cgi?id=2311152  
https://bugzilla.redhat.com/show_bug.cgi?id=2311153  
https://bugzilla.redhat.com/show_bug.cgi?id=2311154  
https://bugzilla.redhat.com/show_bug.cgi?id=2311171  
https://bugzilla.redhat.com/show_bug.cgi?id=2311468  
https://bugzilla.redhat.com/show_bug.cgi?id=2311551  
https://bugzilla.redhat.com/show_bug.cgi?id=2311790  
https://bugzilla.redhat.com/show_bug.cgi?id=2311867  
https://bugzilla.redhat.com/show_bug.cgi?id=2311885  
https://bugzilla.redhat.com/show_bug.cgi?id=2311893  
https://bugzilla.redhat.com/show_bug.cgi?id=2312137  
https://bugzilla.redhat.com/show_bug.cgi?id=2312442  
https://bugzilla.redhat.com/show_bug.cgi?id=2313178  
https://bugzilla.redhat.com/show_bug.cgi?id=2313203  
https://bugzilla.redhat.com/show_bug.cgi?id=2313515  
https://bugzilla.redhat.com/show_bug.cgi?id=2313717  
https://bugzilla.redhat.com/show_bug.cgi?id=2313736  
https://bugzilla.redhat.com/show_bug.cgi?id=2314200  
https://bugzilla.redhat.com/show_bug.cgi?id=2314211  
https://bugzilla.redhat.com/show_bug.cgi?id=2314404  
https://bugzilla.redhat.com/show_bug.cgi?id=2314454  
https://bugzilla.redhat.com/show_bug.cgi?id=2314636  
https://bugzilla.redhat.com/show_bug.cgi?id=2315624  
https://bugzilla.redhat.com/show_bug.cgi?id=2315651  
https://bugzilla.redhat.com/show_bug.cgi?id=2315666  
https://bugzilla.redhat.com/show_bug.cgi?id=2315709  
https://bugzilla.redhat.com/show_bug.cgi?id=2315733  
https://bugzilla.redhat.com/show_bug.cgi?id=2315846  
https://bugzilla.redhat.com/show_bug.cgi?id=2318490  
https://bugzilla.redhat.com/show_bug.cgi?id=2319102  
https://bugzilla.redhat.com/show_bug.cgi?id=2319238

Red Hat Security Advisory 2024-8676-03

Red Hat Security Advisory 2024-8675-03 - An update for buildah is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8675.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: buildah security updateAdvisory ID:        RHSA-2024:8675-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:8675Issue date:         2024-10-30Revision:           03CVE Names:          CVE-2024-9675====================================================================Summary: An update for buildah is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. Security Fix(es):* buildah: Buildah allows arbitrary directory mount (CVE-2024-9675)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-9675References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2317458

Red Hat Security Advisory 2024-8675-03

Red Hat Security Advisory 2024-8428-03 - Red Hat OpenShift Container Platform release 4.15.37 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service and traversal vulnerabilities.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8428.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: OpenShift Container Platform 4.15.37 packages and security update  
Advisory ID:        RHSA-2024:8428-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:8428  
Issue date:         2024-10-31  
Revision:           03  
CVE Names:          CVE-2024-9341  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.15.37 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.15.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.15.37. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHSA-2024:8425

Security Fix(es):

* encoding/gob: golang: Calling Decoder.Decode on a message which contains  
deeply nested structures can cause a panic due to stack exhaustion  
(CVE-2024-34156)  
* Podman: Buildah: cri-o: FIPS Crypto-Policy Directory Mounting Issue in  
containers/common Go Library (CVE-2024-9341)  
* Podman: Buildah: CRI-O: symlink traversal vulnerability in the  
containers/storage library can cause Denial of Service (DoS)  
(CVE-2024-9676)  
* go/parser: golang: Calling any of the Parse functions containing deeply  
nested literals can cause a panic/stack exhaustion (CVE-2024-34155)  
* go/build/constraint: golang: Calling Parse on a \"// +build\" build tag  
line with deeply nested expressions can cause a panic due to stack  
exhaustion (CVE-2024-34158)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.15 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.15/updating/updating_a_cluster/updating-cluster-cli.html

Solution:

https://docs.openshift.com/container-platform/4.15/release_notes/ocp-4-15-release-notes.html

CVEs:

CVE-2024-9341

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2310527  
https://bugzilla.redhat.com/show_bug.cgi?id=2310528  
https://bugzilla.redhat.com/show_bug.cgi?id=2310529  
https://bugzilla.redhat.com/show_bug.cgi?id=2315691  
https://bugzilla.redhat.com/show_bug.cgi?id=2317467

Tag

#js