Beware Macro! Ukrainian users and cyberinfrastructure are being hit by a new malware campaign in which hackers are…

Beware Macro! Ukrainian users and cyberinfrastructure are being hit by a new malware campaign in which hackers are using a multi-stage malware strategy to deliver the Cobalt Strike.

A recent cyberattack targeting Microsoft Windows-based endpoints in Ukrainian has been discovered by Fortinet’s FortiGuard Labs where attackers leverage a malicious Excel file to deploy Cobalt Strike, a notorious tool used for post-exploitation activities. 

In this attack, an apparently harmless Excel file is embedded with a VBA (Visual Basic for Applications) macro, a scripting language used in Microsoft Office applications. The attacker uses a multi-stage malware strategy to deliver the “Cobalt Strike” payload and establish communication with a command and control server.

The malicious Excel document contains Ukrainian elements to lure users into enabling its macros. The macro deploys a HEX-encoded DLL downloader, which executes the DLL (Dynamic Link Library) file using a shell command.

The DLL file, also disguised as a harmless component, is the key to deploying Cobalt Strike. The downloader examines process names for specific strings related to analysis tools and antivirus software, terminates the program if it detects a matching process, and executes the decoded file using “rundll32.exe”.

As per FortiGuard Labs’s report, The DLL Injector, “ResetEngine.dll,” is responsible for decrypting and injecting the final payload. It uses “NtDelayExecution” to evade detection of malicious activities within sandboxes and then, it decrypts the final payload using an AES algorithm. The code then injects the decrypted data into itself and uses various APIs to execute the final Cobalt Strike.

For your information, Cobalt Strike is a powerful tool that allows attackers to gain a foothold within a compromised system, steal sensitive data, deploy additional malware, and establish network persistence.

Fortinet researchers discovered a geolocation check within the VBA code, ensuring the payload is only downloaded on systems located in Ukraine. This targeted approach indicates a well-orchestrated operation with a specific goal in mind.

Attack flow (FortiGuard Labs)

This isn’t the first time a malicious Excel file was used to target Ukraine in recent years due to the ongoing geopolitical situation. In 2022, FortiGuard Labs reported a campaign using a malicious Excel document to deliver a Cobalt Strike loader, while Ukraine’s Computer Emergency Response Team confirmed UAC-0057’s involvement in an attack using a malicious XLS file to deploy PicassoLoader and Cobalt Strike Beacon.

This recent attack further highlights the evolving tactics of cybercriminals and the importance of robust cybersecurity measures. Users should be cautious of enabling macros in Excel files, especially from unknown sources and use reliable endpoint security software that can detect and prevent malicious macros.

1.  RomCom RAT Targets Pro-Ukraine Guests at NATO Summit
2.  UAC-0099 Used Old WinRAR Flaw in New Attack on Ukraine
3.  Google, Microsoft and Oracle generated most vulnerabilities
4.  AcidRain Linux Malware Variant “AcidPour” Targeting Ukraine
5.  Microsoft Office Most Exploited Software in Malware Attacks

Ukraine Hit by Cobalt Strike Campaign Using Malicious Excel Files

Red Hat Security Advisory 2024-3568-03 - New Red Hat Single Sign-On 7.6.9 package are now available for Red Hat Enterprise Linux 9.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3568.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Low: Red Hat Single Sign-On 7.6.9 security update on RHEL 9Advisory ID:        RHSA-2024:3568-03Product:            Red Hat Single Sign-OnAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3568Issue date:         2024-06-03Revision:           03CVE Names:          CVE-2024-4540====================================================================Summary: New Red Hat Single Sign-On 7.6.9 package are now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Low and package name 'rh-sso7-keycloak'. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.This release of Red Hat Single Sign-On 7.6.9 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.8, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.Security Fix(es):* exposure of sensitive information in Pushed Authorization Requests (PAR)KC_RESTART cookie (CVE-2024-4540)For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-4540References:https://access.redhat.com/security/updates/classification/#lowhttps://bugzilla.redhat.com/show_bug.cgi?id=2279303

Red Hat Security Advisory 2024-3568-03

Red Hat Security Advisory 2024-3567-03 - New Red Hat Single Sign-On 7.6.9 package are now available for Red Hat Enterprise Linux 8.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3567.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Low: Red Hat Single Sign-On 7.6.9 security update on RHEL 8Advisory ID:        RHSA-2024:3567-03Product:            Red Hat Single Sign-OnAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3567Issue date:         2024-06-03Revision:           03CVE Names:          CVE-2024-4540====================================================================Summary: New Red Hat Single Sign-On 7.6.9 package are now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Low and package name 'rh-sso7-keycloak'. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.This release of Red Hat Single Sign-On 7.6.9 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.6.8, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.Security Fix(es):* exposure of sensitive information in Pushed Authorization Requests (PAR)KC_RESTART cookie (CVE-2024-4540)For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-4540References:https://access.redhat.com/security/updates/classification/#lowhttps://bugzilla.redhat.com/show_bug.cgi?id=2279303

Red Hat Security Advisory 2024-3567-03

Red Hat Security Advisory 2024-3566-03 - New Red Hat Single Sign-On 7.6.9 package are now available for Red Hat Enterprise Linux 7.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3566.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Low: Red Hat Single Sign-On 7.6.9 security update on RHEL 7Advisory ID:        RHSA-2024:3566-03Product:            Red Hat Single Sign-OnAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3566Issue date:         2024-06-03Revision:           03CVE Names:          CVE-2024-4540====================================================================Summary: New Red Hat Single Sign-On 7.6.9 package are now available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impact of Low and package name 'rh-sso7-keycloak'. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.This release of Red Hat Single Sign-On 7.6.9 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.6.8, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.Security Fix(es):* exposure of sensitive information in Pushed Authorization Requests (PAR)KC_RESTART cookie (CVE-2024-4540)For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-4540References:https://access.redhat.com/security/updates/classification/#lowhttps://bugzilla.redhat.com/show_bug.cgi?id=2279303

Red Hat Security Advisory 2024-3566-03

Red Hat Security Advisory 2024-3561-03 - An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include a server-side request forgery vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3561.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: Red Hat JBoss Enterprise Application Platform 7.4.17 Security updateAdvisory ID:        RHSA-2024:3561-03Product:            Red Hat JBoss Enterprise Application PlatformAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3561Issue date:         2024-06-03Revision:           03CVE Names:          CVE-2021-23445====================================================================Summary: An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.17 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.16, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.17 Release Notes for information about the most significant bug fixes and enhancements included in this release.Security Fix(es):* cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding [eap-7.4.z] (CVE-2024-28752)* eap: JBoss EAP: wildfly-elytron has a SSRF security issue [eap-7.4.z] (CVE-2024-1233)* datatables.net: contents of array not escaped by HTML escape entities function [eap-7.4.z] (CVE-2021-23445)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:CVEs:CVE-2021-23445References:https://access.redhat.com/security/updates/classification/#importanthttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/https://bugzilla.redhat.com/show_bug.cgi?id=2257732https://bugzilla.redhat.com/show_bug.cgi?id=2270732https://issues.redhat.com/browse/JBEAP-25637https://issues.redhat.com/browse/JBEAP-25786https://issues.redhat.com/browse/JBEAP-26406https://issues.redhat.com/browse/JBEAP-26440https://issues.redhat.com/browse/JBEAP-26680https://issues.redhat.com/browse/JBEAP-26692https://issues.redhat.com/browse/JBEAP-26705https://issues.redhat.com/browse/JBEAP-26718https://issues.redhat.com/browse/JBEAP-26782https://issues.redhat.com/browse/JBEAP-26815https://issues.redhat.com/browse/JBEAP-26824https://issues.redhat.com/browse/JBEAP-26828https://issues.redhat.com/browse/JBEAP-26922https://issues.redhat.com/browse/JBEAP-26944https://issues.redhat.com/browse/JBEAP-26959

Red Hat Security Advisory 2024-3561-03

Red Hat Security Advisory 2024-3560-03 - An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include a server-side request forgery vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3560.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: Red Hat JBoss Enterprise Application Platform 7.4.17 Security updateAdvisory ID:        RHSA-2024:3560-03Product:            Red Hat JBoss Enterprise Application PlatformAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3560Issue date:         2024-06-03Revision:           03CVE Names:          CVE-2021-23445====================================================================Summary: An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.17 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.16, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.17 Release Notes for information about the most significant bug fixes and enhancements included in this release.Security Fix(es):* cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding[eap-7.4.z] (CVE-2024-28752)* eap: JBoss EAP: wildfly-elytron has a SSRF security issue [eap-7.4.z](CVE-2024-1233)* datatables.net: contents of array not escaped by HTML escape entities function[eap-7.4.z] (CVE-2021-23445)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:CVEs:CVE-2021-23445References:https://access.redhat.com/security/updates/classification/#importanthttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/https://bugzilla.redhat.com/show_bug.cgi?id=2257732https://bugzilla.redhat.com/show_bug.cgi?id=2270732https://issues.redhat.com/browse/JBEAP-25637https://issues.redhat.com/browse/JBEAP-25786https://issues.redhat.com/browse/JBEAP-26406https://issues.redhat.com/browse/JBEAP-26439https://issues.redhat.com/browse/JBEAP-26680https://issues.redhat.com/browse/JBEAP-26692https://issues.redhat.com/browse/JBEAP-26705https://issues.redhat.com/browse/JBEAP-26718https://issues.redhat.com/browse/JBEAP-26782https://issues.redhat.com/browse/JBEAP-26815https://issues.redhat.com/browse/JBEAP-26824https://issues.redhat.com/browse/JBEAP-26828https://issues.redhat.com/browse/JBEAP-26922https://issues.redhat.com/browse/JBEAP-26944https://issues.redhat.com/browse/JBEAP-26959

Red Hat Security Advisory 2024-3560-03

Red Hat Security Advisory 2024-3559-03 - An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include a server-side request forgery vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3559.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: Red Hat JBoss Enterprise Application Platform 7.4.17 Security updateAdvisory ID:        RHSA-2024:3559-03Product:            Red Hat JBoss Enterprise Application PlatformAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3559Issue date:         2024-06-03Revision:           03CVE Names:          CVE-2021-23445====================================================================Summary: An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.17 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.16, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.17 Release Notes for information about the most significant bug fixes and enhancements included in this release.Security Fix(es):* cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding [eap-7.4.z] (CVE-2024-28752)* eap: JBoss EAP: wildfly-elytron has a SSRF security issue [eap-7.4.z] (CVE-2024-1233)* datatables.net: contents of array not escaped by HTML escape entities function [eap-7.4.z] (CVE-2021-23445)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:CVEs:CVE-2021-23445References:https://access.redhat.com/security/updates/classification/#importanthttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/https://bugzilla.redhat.com/show_bug.cgi?id=2257732https://bugzilla.redhat.com/show_bug.cgi?id=2270732https://issues.redhat.com/browse/JBEAP-25637https://issues.redhat.com/browse/JBEAP-25786https://issues.redhat.com/browse/JBEAP-26406https://issues.redhat.com/browse/JBEAP-26438https://issues.redhat.com/browse/JBEAP-26680https://issues.redhat.com/browse/JBEAP-26692https://issues.redhat.com/browse/JBEAP-26705https://issues.redhat.com/browse/JBEAP-26718https://issues.redhat.com/browse/JBEAP-26782https://issues.redhat.com/browse/JBEAP-26815https://issues.redhat.com/browse/JBEAP-26824https://issues.redhat.com/browse/JBEAP-26828https://issues.redhat.com/browse/JBEAP-26922https://issues.redhat.com/browse/JBEAP-26944https://issues.redhat.com/browse/JBEAP-26959

Red Hat Security Advisory 2024-3559-03

Red Hat Security Advisory 2024-3553-03 - An update for the nodejs:16 package is now available for Red Hat Enterprise Linux 8.6.0 Advanced Update Support. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3553.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: nodejs : security updateAdvisory ID:        RHSA-2024:3553-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3553Issue date:         2024-06-03Revision:           03CVE Names:          CVE-2024-27983====================================================================Summary: An update for the nodejs:16 package is now available for Red Hat EnterpriseLinux 8.6.0 Advanced Update Support.Red Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Node.js is a software development platform for building fast and scalablenetwork applications in the JavaScript programming language.Security Fix(es):* nodejs/16: CONTINUATION frames DoS (CVE-2024-27983)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-27983References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2272764

Red Hat Security Advisory 2024-3553-03

Red Hat Security Advisory 2024-3552-03 - An update for python-idna is now available for Red Hat Enterprise Linux 8.6. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3552.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: python-idna security and bug fix updateAdvisory ID:        RHSA-2024:3552-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3552Issue date:         2024-06-03Revision:           03CVE Names:          CVE-2024-3651====================================================================Summary: An update for python-idna is now available for Red Hat Enterprise Linux 8.6.Red Hat Product Security has rated this update as having a security impact ofModerate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.Description:Security Fix(es):* python-idna: potential DoS via resource consumption via specially craftedinputs to idna.encode() (CVE-2024-3651)Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-3651References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2274779

Red Hat Security Advisory 2024-3552-03

Red Hat Security Advisory 2024-3546-03 - An update for the ruby:3.1 module is now available for Red Hat Enterprise Linux 8.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3546.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: ruby:3.1 security, bug fix, and enhancement updateAdvisory ID:        RHSA-2024:3546-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3546Issue date:         2024-06-03Revision:           03CVE Names:          CVE-2024-27280====================================================================Summary: An update for the ruby:3.1 module is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.Security Fix(es):* ruby: RCE vulnerability with .rdoc_options in RDoc (CVE-2024-27281)* ruby: Buffer overread vulnerability in StringIO (CVE-2024-27280)* ruby: Arbitrary memory address read vulnerability with Regex search (CVE-2024-27282)For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-27280References:https://access.redhat.com/security/updates/classification/#moderatehttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.10_release_notes/indexhttps://bugzilla.redhat.com/show_bug.cgi?id=2270749https://bugzilla.redhat.com/show_bug.cgi?id=2270750https://bugzilla.redhat.com/show_bug.cgi?id=2276810

Tag

#linux