Red Hat Security Advisory 2024-0279-03 - An update for gstreamer-plugins-bad-free is now available for Red Hat Enterprise Linux 7. Issues addressed include a use-after-free vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0279.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: gstreamer-plugins-bad-free security updateAdvisory ID:        RHSA-2024:0279-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0279Issue date:         2024-01-17Revision:           03CVE Names:          CVE-2023-44446====================================================================Summary: An update for gstreamer-plugins-bad-free is now available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-bad-free package contains a collection of plug-ins for GStreamer.Security Fix(es):* gstreamer: MXF demuxer use-after-free vulnerability (CVE-2023-44446)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-44446References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2250249

Red Hat Security Advisory 2024-0279-03

Red Hat Security Advisory 2024-0278-03 - Red Hat AMQ Broker 7.11.5 is now available from the Red Hat Customer Portal.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0278.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: Red Hat AMQ Broker 7.11.5 release and security updateAdvisory ID:        RHSA-2024:0278-03Product:            Red Hat JBoss AMQAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0278Issue date:         2024-01-17Revision:           03CVE Names:          CVE-2023-33201====================================================================Summary: Red Hat AMQ Broker 7.11.5 is now available from the Red Hat Customer Portal.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms.This release of Red Hat AMQ Broker 7.11.5 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.Security Fix(es):* (CVE-2023-33201) bouncycastle: potential blind LDAP injection attack using a self-signed certificateFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.Solution:CVEs:CVE-2023-33201References:https://access.redhat.com/security/updates/classification/#moderatehttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.amq.broker&version=7.11.5https://access.redhat.com/documentation/en-us/red_hat_amq_broker/7.11https://bugzilla.redhat.com/show_bug.cgi?id=2215465

Red Hat Security Advisory 2024-0278-03

Red Hat Security Advisory 2024-0267-03 - An update for java-17-openjdk is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.8 Extended Update Support, Red Hat Enterprise Linux 9, and Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include code execution and out of bounds access vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0267.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: java-17-openjdk security and bug fix update  
Advisory ID:        RHSA-2024:0267-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0267  
Issue date:         2024-01-17  
Revision:           03  
CVE Names:          CVE-2024-20918  
====================================================================

Summary: 

An update for java-17-openjdk is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.8 Extended Update Support, Red Hat Enterprise Linux 9, and Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.

Security Fix(es):

* OpenJDK: array out-of-bounds access due to missing range check in C1 compiler (8314468) (CVE-2024-20918)

* OpenJDK: incorrect handling of ZIP files with duplicate entries (8276123) (CVE-2024-20932)

* OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547) (CVE-2024-20952)

* OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295) (CVE-2024-20919)

* OpenJDK: range check loop optimization issue (8314307) (CVE-2024-20921)

* OpenJDK: logging of digital signature private keys (8316976) (CVE-2024-20945)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* When Transparent Huge Pages (THP) are unconditionally enabled on a system, Java applications using many threads were found to have a large Resident Set Size (RSS). This was due to a race between the kernel transforming thread stack memory into huge pages and the Java Virtual Machine (JVM) shattering these pages into smaller ones when adding a guard page. This release resolves this issue by getting glibc to insert a guard page and prevent the creation of huge pages. (RHEL-13930, RHEL-13931, RHEL-13934, RHEL-13935)

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-20918

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2257720  
https://bugzilla.redhat.com/show_bug.cgi?id=2257728  
https://bugzilla.redhat.com/show_bug.cgi?id=2257837  
https://bugzilla.redhat.com/show_bug.cgi?id=2257853  
https://bugzilla.redhat.com/show_bug.cgi?id=2257859  
https://bugzilla.redhat.com/show_bug.cgi?id=2257874

Red Hat Security Advisory 2024-0267-03

Red Hat Security Advisory 2024-0265-03 - An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.8 Extended Update Support, Red Hat Enterprise Linux 9, and Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include code execution and out of bounds access vulnerabilities.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0265.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: java-1.8.0-openjdk security and bug fix updateAdvisory ID:        RHSA-2024:0265-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0265Issue date:         2024-01-17Revision:           03CVE Names:          CVE-2024-20918====================================================================Summary: An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.8 Extended Update Support, Red Hat Enterprise Linux 9, and Red Hat Enterprise Linux 9.2 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.Security Fix(es):* OpenJDK: array out-of-bounds access due to missing range check in C1 compiler (8314468) (CVE-2024-20918)* OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547) (CVE-2024-20952)* OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295) (CVE-2024-20919)* OpenJDK: range check loop optimization issue (8314307) (CVE-2024-20921)* OpenJDK: arbitrary Java code execution in Nashorn (8314284) (CVE-2024-20926)* OpenJDK: logging of digital signature private keys (8316976) (CVE-2024-20945)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Bug Fix(es):* In the previous release in October 2023 (8u392), the RPMs on RHEL 8 were changed to use Provides for java, jre, java-headless, jre-headless, java-devel and java-sdk which included the full RPM version. This prevented the Provides being used to resolve a dependency on Java 1.8.0 (for example, \"Requires: java-headless 1:1.8.0\"). This change has now been reverted to the old \"1:1.8.0\" value. (RHEL-19636, RHEL-19637)Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-20918References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2257728https://bugzilla.redhat.com/show_bug.cgi?id=2257837https://bugzilla.redhat.com/show_bug.cgi?id=2257850https://bugzilla.redhat.com/show_bug.cgi?id=2257853https://bugzilla.redhat.com/show_bug.cgi?id=2257859https://bugzilla.redhat.com/show_bug.cgi?id=2257874

Red Hat Security Advisory 2024-0265-03

Red Hat Security Advisory 2024-0250-03 - An update is now available for OpenJDK. Issues addressed include code execution and out of bounds access vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0250.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: OpenJDK 21.0.2 security update  
Advisory ID:        RHSA-2024:0250-03  
Product:            OpenJDK  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0250  
Issue date:         2024-01-17  
Revision:           03  
CVE Names:          CVE-2024-20918  
====================================================================

Summary: 

An update is now available for OpenJDK.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The OpenJDK 21 packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit.

This release of the Red Hat build of OpenJDK 21 (21.0.2) for Windows serves as a replacement for the Red Hat build of OpenJDK 21 (21.0.1) and includes security and bug fixes. For further information, refer to the release notes linked to in the References section.

Security Fix(es):

* OpenJDK: array out-of-bounds access due to missing range check in C1 compiler (8314468) (CVE-2024-20918)

* OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547) (CVE-2024-20952)

* OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295) (CVE-2024-20919)

* OpenJDK: range check loop optimization issue (8314307) (CVE-2024-20921)

* OpenJDK: logging of digital signature private keys (8316976) (CVE-2024-20945)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-20918

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2257728  
https://bugzilla.redhat.com/show_bug.cgi?id=2257837  
https://bugzilla.redhat.com/show_bug.cgi?id=2257853  
https://bugzilla.redhat.com/show_bug.cgi?id=2257859  
https://bugzilla.redhat.com/show_bug.cgi?id=2257874

Red Hat Security Advisory 2024-0250-03

Red Hat Security Advisory 2024-0249-03 - An update for java-21-openjdk is now available for Red Hat Enterprise Linux 9. Issues addressed include code execution and out of bounds access vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0249.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: java-21-openjdk security update  
Advisory ID:        RHSA-2024:0249-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0249  
Issue date:         2024-01-17  
Revision:           03  
CVE Names:          CVE-2024-20918  
====================================================================

Summary: 

An update for java-21-openjdk is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The java-21-openjdk packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit.

Security Fix(es):

* OpenJDK: array out-of-bounds access due to missing range check in C1 compiler (8314468) (CVE-2024-20918)

* OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547) (CVE-2024-20952)

* OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295) (CVE-2024-20919)

* OpenJDK: range check loop optimization issue (8314307) (CVE-2024-20921)

* OpenJDK: logging of digital signature private keys (8316976) (CVE-2024-20945)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-20918

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2257728  
https://bugzilla.redhat.com/show_bug.cgi?id=2257837  
https://bugzilla.redhat.com/show_bug.cgi?id=2257853  
https://bugzilla.redhat.com/show_bug.cgi?id=2257859  
https://bugzilla.redhat.com/show_bug.cgi?id=2257874

Red Hat Security Advisory 2024-0249-03

Red Hat Security Advisory 2024-0248-03 - An update for java-21-openjdk is now available for Red Hat Enterprise Linux 8. Issues addressed include code execution and out of bounds access vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0248.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: java-21-openjdk security update  
Advisory ID:        RHSA-2024:0248-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0248  
Issue date:         2024-01-17  
Revision:           03  
CVE Names:          CVE-2024-20918  
====================================================================

Summary: 

An update for java-21-openjdk is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The java-21-openjdk packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit.

Security Fix(es):

* OpenJDK: array out-of-bounds access due to missing range check in C1 compiler (8314468) (CVE-2024-20918)

* OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547) (CVE-2024-20952)

* OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295) (CVE-2024-20919)

* OpenJDK: range check loop optimization issue (8314307) (CVE-2024-20921)

* OpenJDK: logging of digital signature private keys (8316976) (CVE-2024-20945)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-20918

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2257728  
https://bugzilla.redhat.com/show_bug.cgi?id=2257837  
https://bugzilla.redhat.com/show_bug.cgi?id=2257853  
https://bugzilla.redhat.com/show_bug.cgi?id=2257859  
https://bugzilla.redhat.com/show_bug.cgi?id=2257874

Red Hat Security Advisory 2024-0248-03

Red Hat Security Advisory 2024-0247-03 - An update is now available for OpenJDK. Issues addressed include code execution and out of bounds access vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0247.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: OpenJDK 21.0.2 security update  
Advisory ID:        RHSA-2024:0247-03  
Product:            OpenJDK  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0247  
Issue date:         2024-01-17  
Revision:           03  
CVE Names:          CVE-2024-20918  
====================================================================

Summary: 

An update is now available for OpenJDK.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The OpenJDK 21 packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit.

This release of the Red Hat build of OpenJDK 21 (21.0.2) for portable Linux serves as a replacement for the Red Hat build of OpenJDK 21 (21.0.1) and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.

Security Fix(es):

* OpenJDK: array out-of-bounds access due to missing range check in C1 compiler (8314468) (CVE-2024-20918)

* OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547) (CVE-2024-20952)

* OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295) (CVE-2024-20919)

* OpenJDK: range check loop optimization issue (8314307) (CVE-2024-20921)

* OpenJDK: logging of digital signature private keys (8316976) (CVE-2024-20945)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-20918

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2257728  
https://bugzilla.redhat.com/show_bug.cgi?id=2257837  
https://bugzilla.redhat.com/show_bug.cgi?id=2257853  
https://bugzilla.redhat.com/show_bug.cgi?id=2257859  
https://bugzilla.redhat.com/show_bug.cgi?id=2257874

Red Hat Security Advisory 2024-0247-03

Red Hat Security Advisory 2024-0246-03 - An update is now available for OpenJDK. Issues addressed include code execution and out of bounds access vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0246.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: OpenJDK 17.0.10 security update  
Advisory ID:        RHSA-2024:0246-03  
Product:            OpenJDK  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0246  
Issue date:         2024-01-17  
Revision:           03  
CVE Names:          CVE-2024-20918  
====================================================================

Summary: 

An update is now available for OpenJDK.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.

This release of the Red Hat build of OpenJDK 17 (17.0.10) for Windows serves as a replacement for the Red Hat build of OpenJDK 17 (17.0.9) and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.

Security Fix(es):

* OpenJDK: array out-of-bounds access due to missing range check in C1 compiler (8314468) (CVE-2024-20918)

* OpenJDK: incorrect handling of ZIP files with duplicate entries (8276123) (CVE-2024-20932)

* OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547) (CVE-2024-20952)

* OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295) (CVE-2024-20919)

* OpenJDK: range check loop optimization issue (8314307) (CVE-2024-20921)

* OpenJDK: logging of digital signature private keys (8316976) (CVE-2024-20945)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-20918

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2257720  
https://bugzilla.redhat.com/show_bug.cgi?id=2257728  
https://bugzilla.redhat.com/show_bug.cgi?id=2257837  
https://bugzilla.redhat.com/show_bug.cgi?id=2257853  
https://bugzilla.redhat.com/show_bug.cgi?id=2257859  
https://bugzilla.redhat.com/show_bug.cgi?id=2257874

Red Hat Security Advisory 2024-0246-03

The Russia-linked threat actor known as COLDRIVER has been observed evolving its tradecraft to go beyond credential harvesting to deliver its first-ever custom malware written in the Rust programming language.
Google's Threat Analysis Group (TAG), which shared details of the latest activity, said the attack chains leverage PDFs as decoy documents to trigger the infection sequence. The lures are

The Russia-linked threat actor known as **COLDRIVER** has been observed evolving its tradecraft to go beyond credential harvesting to deliver its first-ever custom malware written in the Rust programming language.

Google's Threat Analysis Group (TAG), which shared details of the latest activity, said the attack chains leverage PDFs as decoy documents to trigger the infection sequence. The lures are sent from impersonation accounts.

COLDRIVER, also known by the names Blue Callisto, BlueCharlie (or TAG-53), Calisto (alternately spelled Callisto), Gossamer Bear, Star Blizzard (formerly SEABORGIUM), TA446, and UNC4057, is known to be active since 2019, targeting a wide range of sectors.

This includes academia, defense, governmental organizations, NGOs, think tanks, political outfits, and, recently, defense-industrial targets and energy facilities.

"Targets in the U.K. and U.S. appear to have been most affected by Star Blizzard activity, however activity has also been observed against targets in other NATO countries, and countries neighboring Russia," the U.S. government disclosed last month.

Spear-phishing campaigns mounted by the group are designed to engage and build trust with the prospective victims with the ultimate goal of sharing bogus sign-in pages in order to harvest their credentials and gain access to the accounts.

Microsoft, in an analysis of the COLDRIVER's tactics, called out its use of server-side scripts to prevent automated scanning of the actor-controlled infrastructure and determine targets of interest, before redirecting them to the phishing landing pages.

The latest findings from Google TAG show that the threat actor has been using benign PDF documents as a starting point as far back as November 2022 to entice the targets into opening the files.

"COLDRIVER presents these documents as a new op-ed or other type of article that the impersonation account is looking to publish, asking for feedback from the target," the tech giant said. "When the user opens the benign PDF, the text appears encrypted."

In the event the recipient responds to the message stating they cannot read the document, the threat actor responds with a link to a purported decryption tool ("Proton-decrypter.exe") hosted on a cloud storage service.

The choice of the name "Proton-decrypter.exe" is notable because Microsoft had previously revealed that the adversary predominantly uses Proton Drive to send the PDF lures through the phishing messages.

In reality, the decryptor is a backdoor named SPICA that grants COLDRIVER covert access to the machine, while simultaneously displaying a decoy document to keep up the ruse.

Prior findings from WithSecure (formerly F-Secure) have revealed the threat actor's use of a lightweight backdoor called Scout, a malware tool from the HackingTeam Remote Control System (RCS) Galileo hacking platform, as part of phishing campaigns observed in early 2016.

Scout is "intended to be used as an initial reconnaissance tool to gather basic system information and screenshots from a compromised computer, as well as enable the installation of additional malware," the Finnish cybersecurity company noted at the time.

SPICA, which is the first custom malware developed and used by COLDRIVER, uses JSON over WebSockets for command-and-control (C2), facilitating the execution of arbitrary shell commands, theft of cookies from web browsers, uploading and downloading files, and enumerating and exfiltrating files. Persistence is achieved by means of a scheduled task.

"Once executed, SPICA decodes an embedded PDF, writes it to disk, and opens it as a decoy for the user," Google TAG said. "In the background, it establishes persistence and starts the main C2 loop, waiting for commands to execute."

There is evidence to suggest that the nation-state actor's use of the implant goes back to November 2022, with the cybersecurity arm multiple variants of the "encrypted" PDF lure, indicating that there could be different versions of SPICA to to match the lure document sent to targets.

As part of its efforts to disrupt the campaign and prevent further exploitation, Google TAG said it added all known websites, domains, and files associated with the hacking crew to Safe Browsing blocklists.

The development comes over a month after the U.K. and the U.S. governments sanctioned two Russian members of COLDRIVER, Ruslan Aleksandrovich Peretyatko and Andrey Stanislavovich Korinets, for their involvement in conducting the spear-phishing operations.

French cybersecurity firm Sekoia has since publicized links between Korinets and known infrastructure used by the group, which comprises dozens of phishing domains and multiple servers.

  
"Calisto contributes to Russian intelligence efforts to support Moscow's strategic interests," the company said. "It seems that domain registration was one of \[Korinets'\] main skills, plausibly used by Russian intelligence, either directly or through a contractor relationship."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Tag

#js