Malware Devil

Tuesday, September 15, 2020

Joint Cybersecurity Advisory on Threat Hunting and Incident Response Released

A joint cybersecurity advisory released on September 1st detailed technical methods for uncovering and responding to malicious activity including best practice mitigations and common missteps. A collaborative effort, this advisory (coded AA20-245A) is the product of research from the cybersecurity organizations of five nations. Those include the United States’ Cybersecurity and Infrastructure Security Agency (CISA) […]… Read More

The post Joint Cybersecurity Advisory on Threat Hunting and Incident Response Released appeared first on The State of Security.

The post Joint Cybersecurity Advisory on Threat Hunting and Incident Response Released appeared first on Security Boulevard.

The post Joint Cybersecurity Advisory on Threat Hunting and Incident Response Released appeared first on Malware Devil.

https://malwaredevil.com/2020/09/15/joint-cybersecurity-advisory-on-threat-hunting-and-incident-response-released/?utm_source=rss&utm_medium=rss&utm_campaign=joint-cybersecurity-advisory-on-threat-hunting-and-incident-response-released

Using the Cost of a Data Breach to Maximize Your ROI on Your Security Tools

The 2020 Cost of Data Breach report from IBM and the Ponemon is out. It provides a detailed analysis of causes, costs and controls that appeared in their sampling of data breaches. The report is full of data, and the website allows you to interact with its information so that you can do your own […]… Read More

The post Using the Cost of a Data Breach to Maximize Your ROI on Your Security Tools appeared first on The State of Security.

The post Using the Cost of a Data Breach to Maximize Your ROI on Your Security Tools appeared first on Security Boulevard.

The post Using the Cost of a Data Breach to Maximize Your ROI on Your Security Tools appeared first on Malware Devil.

https://malwaredevil.com/2020/09/15/using-the-cost-of-a-data-breach-to-maximize-your-roi-on-your-security-tools/?utm_source=rss&utm_medium=rss&utm_campaign=using-the-cost-of-a-data-breach-to-maximize-your-roi-on-your-security-tools

Traffic Analysis Quiz: Oh No… Another Infection!, (Tue, Sep 15th)

Introduction

Today’s diary is another traffic analysis quiz (here’s the previous one) where you try to identify the malware based on a pcap of traffic from an infected Windows host. Download the pcap for today’s quiz from this page, which also has a JPG image of the alerts list. Don’t open or review the alerts file yet, because it gives away the answer.

As before, I’ll provide the requirements for this quiz and give some background on the infection.

Shown above: Screenshot of the pcap for this quiz open in Wireshark.

Requirements

This type of analysis requires Wireshark. Wireshark is my tool of choice to review packet captures (pcaps) of infection activity. However, default settings for Wireshark are not optimized for web-based malware traffic. That’s why I encourage people to customize Wireshark after installing it. To help, I’ve written a series of tutorials. The ones most helpful for this quiz are:

Another requirement: use a non-Windows environment like BSD, Linux, or macOS. Why? Because this pcap contains HTTP traffic sending Windows-based malware. If you’re using a Windows host to review the pcap, your antivirus (or Windows Defender) may delete the pcap or malware. Worst case? If you extract the malware from the pcap and accidentally run it, you might infect your Windows computer.

As always, beware, because there’s actual malware involved here.

Background on the infection

This infection was caused by a link from an email that returned a Word document. Unfortunately, I do not have a copy of the email. The downloaded document has macros designed to infect a vulnerable Windows host.

Shown above: Link from an email returning a Microsoft Word document.

Here is a link to any.run’s sandbox analysis of a document retrieved from the initial URL. Normally, I state how this type of malware is ineffective against an up-to-date Windows 10 host running the latest version of Microsoft Office with default security settings.

However, I was able to download the Word document from this link without any warnings from Windows, and I merely had to click twice: once to get past Protected View, and one more time to enable macros. Tamper Protection and all other security measures were in place, but my Windows 10 lab host still became infected.

Shown above: After downloading the Word document, I checked it with Microsoft Defender, which said it was okay.

Shown above: Default security settings still allowed me to click twice and get past two warnings (exit Protected View, then enable macros).

Shown above: Malware binary retrieved by Word macro was not detected or stopped by Microsoft’s security measures.

This is a good example of how malware authors can evade security measures baked into Windows 10 and Microsoft applications. Of course, this type of email has to get through the spam and virus filters before this could happen… I mean, what are the odds?

Shown above: A recent email that made it past my spam filters to my inbox.

Apparently, if malware distributors send out enough spam, some of it’s bound to reach somebody, somewhere. This malware is updated often enough, that someone might receive it, click their way through some warnings, and infect their computer.

I guess that’s why we still have a thriving market for security vendors and endpoint protection.

Reviewing the Pcap

I went over some of the basics last time, so I won’t do that here today. The alerts should let you know what type of malware is involved, and if more than one type of malware is involved.

Final words

As usual, this quiz might not be hard for an experienced malware analyst, but some of you might find this interesting. The alerts really give this one away.

Again, a pcap of the traffic and a jpeg image showing associated alerts can be found here.

—
Brad Duncan
brad [at] malware-traffic-analysis.net

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Read More

The post Traffic Analysis Quiz: Oh No… Another Infection!, (Tue, Sep 15th) appeared first on Malware Devil.

https://malwaredevil.com/2020/09/15/traffic-analysis-quiz-oh-no-another-infection-tue-sep-15th/?utm_source=rss&utm_medium=rss&utm_campaign=traffic-analysis-quiz-oh-no-another-infection-tue-sep-15th

Security Alert: Alert Regarding Vulnerabilities in Multiple MobileIron Products

JPCERT-AT-2020-0037
JPCERT/CC
2020-09-15

I. Overview

Multiple MDM (Mobile Device Management) related MobileIron products contain vulnerabilities (CVE-2020-15505, CVE-2020-15506, CVE-2020-15507).A remote attacker leveraging these vulnerabilities may execute arbitrary code, bypass authentication and read arbitrary file without authentication. For more information on the vulnerabilities, please refer to the information provided by MobileIron.

MobileIron
MobileIron Security Updates Available
https://www.mobileiron.com/en/blog/mobileiron-security-updates-available

The vulnerabilities have been disclosed and addressed in June 2020,and on September 12, the reporter of the vulnerabilities released an article and presentation report explaining the details of the vulnerabilities. Also, the codes that appear to exploit the vulnerabilities have already been confirmed in the wild.

Scans and exploits leveraging these vulnerabilities may be increased,and attackers may perform further attacks and intrusions after gaining information from the affected products. Users of the affected products are expected to check the situation and apply patches as soon as possible.

II. Affected Products and Versions

Following products and versions are affected by these vulnerabilities.

– MobileIron Core 10.6 and earlier versions
– MobileIron Sentry 9.8 and earlier versions
– MobileIron Cloud
– Enterprise Connector 10.6 and earlier versions
– Reporting Database (RDB)

III. Solution

On June 15, 2020, MobileIron released patches that address these vulnerabilities. It is recommended to apply patches as soon as possible by referring to the information published by MobileIron.

MobileIron
https://help.mobileiron.com/s/article-detail-page?Id=kA12T000000g065SAA (Requires Login)

IV. References

MobileIron
MobileIron Security Updates Available
https://www.mobileiron.com/en/blog/mobileiron-security-updates-available

Orange Tsai
How I Hacked Facebook Again! Unauthenticated RCE on MobileIron MDM
https://blog.orange.tw/2020/09/how-i-hacked-facebook-again-mobileiron-mdm-rce.html

If you have any information regarding this alert, please contact JPCERT/CC.

JPCERT Coordination Center (Early Warning Group)
MAIL: ew-info@jpcert.or.jp
https://www.jpcert.or.jp/english/

The post Security Alert: Alert Regarding Vulnerabilities in Multiple MobileIron Products appeared first on Malware Devil.

https://malwaredevil.com/2020/09/15/security-alert-alert-regarding-vulnerabilities-in-multiple-mobileiron-products/?utm_source=rss&utm_medium=rss&utm_campaign=security-alert-alert-regarding-vulnerabilities-in-multiple-mobileiron-products

Cracks in the Foundation: Understanding the New Endpoint Challenge – John Loucaides – BSW #187

Cyber adversaries have mastered the art of staying one step ahead of our controls. As endpoint protections grow stronger, attackers have adapted by going further down the stack – targeting firmware, hardware and device-level vulnerabilities. Eclypsium’s John Loucaides discusses recent exploits, and the steps business security leaders should be taking to protect the foundations of the enterprise.

This segment is sponsored by Eclypsium.

Visit https://securityweekly.com/eclypsium to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/bsw187

The post Cracks in the Foundation: Understanding the New Endpoint Challenge – John Loucaides – BSW #187 appeared first on Malware Devil.

https://malwaredevil.com/2020/09/15/cracks-in-the-foundation-understanding-the-new-endpoint-challenge-john-loucaides-bsw-187/?utm_source=rss&utm_medium=rss&utm_campaign=cracks-in-the-foundation-understanding-the-new-endpoint-challenge-john-loucaides-bsw-187

ESB-2020.3152 – [RedHat] dovecot: Denial of service – Remote/unauthenticated

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3152
                          dovecot security update
                             15 September 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           dovecot
Publisher:         Red Hat
Operating System:  Red Hat Enterprise Linux Server 8
                   Red Hat Enterprise Linux WS/Desktop 8
Impact/Access:     Denial of Service -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-12674 CVE-2020-12673 CVE-2020-12100

Reference:         ESB-2020.3120
                   ESB-2020.3032
                   ESB-2020.2821

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2020:3735
   https://access.redhat.com/errata/RHSA-2020:3736

Comment: This bulletin contains two (2) Red Hat security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: dovecot security update
Advisory ID:       RHSA-2020:3735-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:3735
Issue date:        2020-09-14
CVE Names:         CVE-2020-12100 CVE-2020-12673 CVE-2020-12674 
=====================================================================

1. Summary:

An update for dovecot is now available for Red Hat Enterprise Linux 8.0
Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream E4S (v. 8.0) - aarch64, ppc64le, s390x, x86_64

3. Description:

Dovecot is an IMAP server for Linux and other UNIX-like systems, written
primarily with security in mind. It also contains a small POP3 server, and
supports e-mail in either the maildir or mbox format. The SQL drivers and
authentication plug-ins are provided as subpackages. 

Security Fix(es):

* dovecot: Resource exhaustion via deeply nested MIME parts
(CVE-2020-12100)

* dovecot: Out of bound reads in dovecot NTLM implementation
(CVE-2020-12673)

* dovecot: Crash due to assert in RPA implementation (CVE-2020-12674)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1866309 - CVE-2020-12100 dovecot: Resource exhaustion via deeply nested MIME parts
1866313 - CVE-2020-12673 dovecot: Out of bound reads in dovecot NTLM implementation
1866317 - CVE-2020-12674 dovecot: Crash due to assert in RPA implementation

6. Package List:

Red Hat Enterprise Linux AppStream E4S (v. 8.0):

Source:
dovecot-2.2.36-5.el8_0.3.src.rpm

aarch64:
dovecot-2.2.36-5.el8_0.3.aarch64.rpm
dovecot-debuginfo-2.2.36-5.el8_0.3.aarch64.rpm
dovecot-debugsource-2.2.36-5.el8_0.3.aarch64.rpm
dovecot-mysql-2.2.36-5.el8_0.3.aarch64.rpm
dovecot-mysql-debuginfo-2.2.36-5.el8_0.3.aarch64.rpm
dovecot-pgsql-2.2.36-5.el8_0.3.aarch64.rpm
dovecot-pgsql-debuginfo-2.2.36-5.el8_0.3.aarch64.rpm
dovecot-pigeonhole-debuginfo-2.2.36-5.el8_0.3.aarch64.rpm

ppc64le:
dovecot-2.2.36-5.el8_0.3.ppc64le.rpm
dovecot-debuginfo-2.2.36-5.el8_0.3.ppc64le.rpm
dovecot-debugsource-2.2.36-5.el8_0.3.ppc64le.rpm
dovecot-mysql-2.2.36-5.el8_0.3.ppc64le.rpm
dovecot-mysql-debuginfo-2.2.36-5.el8_0.3.ppc64le.rpm
dovecot-pgsql-2.2.36-5.el8_0.3.ppc64le.rpm
dovecot-pgsql-debuginfo-2.2.36-5.el8_0.3.ppc64le.rpm
dovecot-pigeonhole-debuginfo-2.2.36-5.el8_0.3.ppc64le.rpm

s390x:
dovecot-2.2.36-5.el8_0.3.s390x.rpm
dovecot-debuginfo-2.2.36-5.el8_0.3.s390x.rpm
dovecot-debugsource-2.2.36-5.el8_0.3.s390x.rpm
dovecot-mysql-2.2.36-5.el8_0.3.s390x.rpm
dovecot-mysql-debuginfo-2.2.36-5.el8_0.3.s390x.rpm
dovecot-pgsql-2.2.36-5.el8_0.3.s390x.rpm
dovecot-pgsql-debuginfo-2.2.36-5.el8_0.3.s390x.rpm
dovecot-pigeonhole-debuginfo-2.2.36-5.el8_0.3.s390x.rpm

x86_64:
dovecot-2.2.36-5.el8_0.3.x86_64.rpm
dovecot-debuginfo-2.2.36-5.el8_0.3.x86_64.rpm
dovecot-debugsource-2.2.36-5.el8_0.3.x86_64.rpm
dovecot-mysql-2.2.36-5.el8_0.3.x86_64.rpm
dovecot-mysql-debuginfo-2.2.36-5.el8_0.3.x86_64.rpm
dovecot-pgsql-2.2.36-5.el8_0.3.x86_64.rpm
dovecot-pgsql-debuginfo-2.2.36-5.el8_0.3.x86_64.rpm
dovecot-pigeonhole-debuginfo-2.2.36-5.el8_0.3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-12100
https://access.redhat.com/security/cve/CVE-2020-12673
https://access.redhat.com/security/cve/CVE-2020-12674
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBX19lZtzjgjWX9erEAQij2xAAmpqGFb5CfdWt0n3ophSPsAuij6RZ/wPa
QJ/GSliN+T4jITRbPI5lyNsqvt9KY2ZirCNvaWvDODC+jp5oCkz920NEjU769v7F
/UlMS059FW3IBjnkfLkhUg6Iz2O4YksD7WHnS17ANUEbY/r/F/9/eCdFD5v9dIdR
bnIaNFQKpMvNd8J64ore79NGxJi1THSWuf1kBIu4AG3s/M11wB6YskXYY8j1JlY6
5EBXywpZhOp+bmdGCV9dBdUCgwe0fOd6Wz8/kUKKfPEqnOO/0G8KRdBzcv/O6WOW
he9nMcGE4rydrB10+pE0biBG802lpVwl8bkUN0FMNvIaq2qLddpbHB49FxfSdhtW
peq8l5ze+ka/WkKgfwYXlXCPmZUrXqJ/Qgfr5Pj1ykZfGBj9pwBH8iycub3Rh3Yd
3NP0I+ezrzMMV0tuiqMmsmnYrDdGONmuBqjPs9YFOWNONRY1vRNRDcrNNC5eB2NO
cjVgG0Ze3KrbAimyTViRouDCvK6STvWNSZzLhoM22P5EVTYjYfiTUOkSXeVOOMHx
rFGxgjXhTBfSmGmVbf5LJByODMK54OS9qGZDJ/CIhyK4Uce50/bpEtElqPi0Yo/p
UmZJr1n0nfMa4jeoB38Xd3+z7wABSNm0wEyjKHo/68n7NfnCg/m5F5+F8Kd2GGUL
eaA2rOH5l9o=
=ipgu
- -----END PGP SIGNATURE-----------------------

- ---------------------------------------------------------------------------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: dovecot security update
Advisory ID:       RHSA-2020:3736-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:3736
Issue date:        2020-09-14
CVE Names:         CVE-2020-12100 CVE-2020-12673 CVE-2020-12674 
=====================================================================

1. Summary:

An update for dovecot is now available for Red Hat Enterprise Linux 8.1
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v. 8.1) - aarch64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux AppStream EUS (v. 8.1) - aarch64, ppc64le, s390x, x86_64

3. Description:

Dovecot is an IMAP server for Linux and other UNIX-like systems, written
primarily with security in mind. It also contains a small POP3 server, and
supports e-mail in either the maildir or mbox format. The SQL drivers and
authentication plug-ins are provided as subpackages. 

Security Fix(es):

* dovecot: Resource exhaustion via deeply nested MIME parts
(CVE-2020-12100)

* dovecot: Out of bound reads in dovecot NTLM implementation
(CVE-2020-12673)

* dovecot: Crash due to assert in RPA implementation (CVE-2020-12674)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1866309 - CVE-2020-12100 dovecot: Resource exhaustion via deeply nested MIME parts
1866313 - CVE-2020-12673 dovecot: Out of bound reads in dovecot NTLM implementation
1866317 - CVE-2020-12674 dovecot: Crash due to assert in RPA implementation

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v. 8.1):

Source:
dovecot-2.2.36-10.el8_1.2.src.rpm

aarch64:
dovecot-2.2.36-10.el8_1.2.aarch64.rpm
dovecot-debuginfo-2.2.36-10.el8_1.2.aarch64.rpm
dovecot-debugsource-2.2.36-10.el8_1.2.aarch64.rpm
dovecot-mysql-2.2.36-10.el8_1.2.aarch64.rpm
dovecot-mysql-debuginfo-2.2.36-10.el8_1.2.aarch64.rpm
dovecot-pgsql-2.2.36-10.el8_1.2.aarch64.rpm
dovecot-pgsql-debuginfo-2.2.36-10.el8_1.2.aarch64.rpm
dovecot-pigeonhole-2.2.36-10.el8_1.2.aarch64.rpm
dovecot-pigeonhole-debuginfo-2.2.36-10.el8_1.2.aarch64.rpm

ppc64le:
dovecot-2.2.36-10.el8_1.2.ppc64le.rpm
dovecot-debuginfo-2.2.36-10.el8_1.2.ppc64le.rpm
dovecot-debugsource-2.2.36-10.el8_1.2.ppc64le.rpm
dovecot-mysql-2.2.36-10.el8_1.2.ppc64le.rpm
dovecot-mysql-debuginfo-2.2.36-10.el8_1.2.ppc64le.rpm
dovecot-pgsql-2.2.36-10.el8_1.2.ppc64le.rpm
dovecot-pgsql-debuginfo-2.2.36-10.el8_1.2.ppc64le.rpm
dovecot-pigeonhole-2.2.36-10.el8_1.2.ppc64le.rpm
dovecot-pigeonhole-debuginfo-2.2.36-10.el8_1.2.ppc64le.rpm

s390x:
dovecot-2.2.36-10.el8_1.2.s390x.rpm
dovecot-debuginfo-2.2.36-10.el8_1.2.s390x.rpm
dovecot-debugsource-2.2.36-10.el8_1.2.s390x.rpm
dovecot-mysql-2.2.36-10.el8_1.2.s390x.rpm
dovecot-mysql-debuginfo-2.2.36-10.el8_1.2.s390x.rpm
dovecot-pgsql-2.2.36-10.el8_1.2.s390x.rpm
dovecot-pgsql-debuginfo-2.2.36-10.el8_1.2.s390x.rpm
dovecot-pigeonhole-2.2.36-10.el8_1.2.s390x.rpm
dovecot-pigeonhole-debuginfo-2.2.36-10.el8_1.2.s390x.rpm

x86_64:
dovecot-2.2.36-10.el8_1.2.x86_64.rpm
dovecot-debuginfo-2.2.36-10.el8_1.2.x86_64.rpm
dovecot-debugsource-2.2.36-10.el8_1.2.x86_64.rpm
dovecot-mysql-2.2.36-10.el8_1.2.x86_64.rpm
dovecot-mysql-debuginfo-2.2.36-10.el8_1.2.x86_64.rpm
dovecot-pgsql-2.2.36-10.el8_1.2.x86_64.rpm
dovecot-pgsql-debuginfo-2.2.36-10.el8_1.2.x86_64.rpm
dovecot-pigeonhole-2.2.36-10.el8_1.2.x86_64.rpm
dovecot-pigeonhole-debuginfo-2.2.36-10.el8_1.2.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v. 8.1):

aarch64:
dovecot-debuginfo-2.2.36-10.el8_1.2.aarch64.rpm
dovecot-debugsource-2.2.36-10.el8_1.2.aarch64.rpm
dovecot-devel-2.2.36-10.el8_1.2.aarch64.rpm
dovecot-mysql-debuginfo-2.2.36-10.el8_1.2.aarch64.rpm
dovecot-pgsql-debuginfo-2.2.36-10.el8_1.2.aarch64.rpm
dovecot-pigeonhole-debuginfo-2.2.36-10.el8_1.2.aarch64.rpm

ppc64le:
dovecot-debuginfo-2.2.36-10.el8_1.2.ppc64le.rpm
dovecot-debugsource-2.2.36-10.el8_1.2.ppc64le.rpm
dovecot-devel-2.2.36-10.el8_1.2.ppc64le.rpm
dovecot-mysql-debuginfo-2.2.36-10.el8_1.2.ppc64le.rpm
dovecot-pgsql-debuginfo-2.2.36-10.el8_1.2.ppc64le.rpm
dovecot-pigeonhole-debuginfo-2.2.36-10.el8_1.2.ppc64le.rpm

s390x:
dovecot-debuginfo-2.2.36-10.el8_1.2.s390x.rpm
dovecot-debugsource-2.2.36-10.el8_1.2.s390x.rpm
dovecot-devel-2.2.36-10.el8_1.2.s390x.rpm
dovecot-mysql-debuginfo-2.2.36-10.el8_1.2.s390x.rpm
dovecot-pgsql-debuginfo-2.2.36-10.el8_1.2.s390x.rpm
dovecot-pigeonhole-debuginfo-2.2.36-10.el8_1.2.s390x.rpm

x86_64:
dovecot-2.2.36-10.el8_1.2.i686.rpm
dovecot-debuginfo-2.2.36-10.el8_1.2.i686.rpm
dovecot-debuginfo-2.2.36-10.el8_1.2.x86_64.rpm
dovecot-debugsource-2.2.36-10.el8_1.2.i686.rpm
dovecot-debugsource-2.2.36-10.el8_1.2.x86_64.rpm
dovecot-devel-2.2.36-10.el8_1.2.i686.rpm
dovecot-devel-2.2.36-10.el8_1.2.x86_64.rpm
dovecot-mysql-debuginfo-2.2.36-10.el8_1.2.i686.rpm
dovecot-mysql-debuginfo-2.2.36-10.el8_1.2.x86_64.rpm
dovecot-pgsql-debuginfo-2.2.36-10.el8_1.2.i686.rpm
dovecot-pgsql-debuginfo-2.2.36-10.el8_1.2.x86_64.rpm
dovecot-pigeonhole-debuginfo-2.2.36-10.el8_1.2.i686.rpm
dovecot-pigeonhole-debuginfo-2.2.36-10.el8_1.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-12100
https://access.redhat.com/security/cve/CVE-2020-12673
https://access.redhat.com/security/cve/CVE-2020-12674
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBX19mVtzjgjWX9erEAQiWVQ/9GfaUcoIuwW9qiOnU3WvzEthaCvR8tIuh
xqAVA+Z80s8shDOMnFrtlFi+A0pqYxddpa3HQY4r04Gtqkn1F752Dothq0eXFaYD
xmOIThpiHiSetwQA5jCsqwLNz+90AL79A4VdocweDJHKC0DDgPkioLtrwe9qBetb
KZObH3+rXNn3AIb7qfU9NWZ+nYFUbXYYMcZuKphhNuJeOJH678kWeD3bv5xIRjoM
5n8+kvptghRmBeZGVDPZBDdeXGJClJFoLgSNFU5tvHkklqkO+WwsOOUUJvpNJSBc
fXdTLOpQj7GH80VyS0dn51XtEzFFqmRIpTnm4sL6Szcuor6PhzdHLdZlUXZG0FkV
7nqPL7kxqwA7kNt0TQ0ZsaQo8LEWrg1SYqqRAyyz6nUcMsjxuwH+GY/xIFkD2oZ8
dwR8uYlfG32EPDKN4kE6EGaJwHtWYhgmociSQxbBWYY0nfOBXsnAa8oAuK3L1KTl
l7LKVDvk0UIiuOC89h1J9MiOThzUePs/9MLjV2b7RYku/wfJt3p3OT6Y/OeKp825
o/WnC1aYPibXNNe42QLP7+7rnxrIYjAbgjI4Nu6vRtuOyeHROwDyH+ROdPdjV7kn
H9XXNCgA8HuFu24ktf3xbdxJVURlHkmdlaEbBIZt2cII/nW0hf8ow+BIeg4dnTCE
mk06nJwoznc=
=JfEb
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX2ALX+NLKJtyKPYoAQh/ZQ//RxwTneySiuAM2oGA/t/0bK1QLJfSAnfc
c0+kVLdqK7Gsc3lZ0AS+Hopabh1EB6S9l+Wpzrh8FbY55PQol/6PqNK0ITKWyvSR
Qe1cr9aNcp91xS/TdIc5RyajgcfrEIQDPLMTnE7uE7+S95sO35RSAPmmIsCvLlRl
+iYnLmceoeG3ZabsyD4+u0keXd8TGrOX9LossztwMez8sqMncUffTSxtfEjSq0yO
KHdem+ndu5WED6Y9MNHtxZ7xczLaK8RTqGFaer9Pdpq6O6KHebwis7uonJy3bHnK
YpHJg6wKOZnKueYxiQ8zaWtNsPqBN4NfGDSRb8ZK+zxuAUWXzr1C4DF7LUfVk2/+
4iauN1fubZwW59ycYo/V5xZxTE9bHayt6auuee5MITam9HwApN1dWI43fbP1YgTL
TIrDPEkpfLWdb+ddAWF7uN9HuHJ5DuVRZqXU+ylWyUu38FNW85tVlwPHROAqnrTN
Nh5hBVCxbomdsMj5sdNLXYGVDM68IcXm1bGlzU3OwlerhZP8jDN+srGd6icy6UZw
GUZh2YAbzkB8B1bh90Boh1T0+44B3eqj+vwWhcOeYK5LEe6ucIqtymseXDAjlR+q
kXuCWU4b7pzhSCvhfYFv5AXaJt/PgfgWHFE9Wwp+mIW68UJP5x4iqjitkZQ11waZ
T4VTA9ik5wM=
=ZwCx
-----END PGP SIGNATURE-----

The post ESB-2020.3152 – [RedHat] dovecot: Denial of service – Remote/unauthenticated appeared first on Malware Devil.

https://malwaredevil.com/2020/09/15/esb-2020-3152-redhat-dovecot-denial-of-service-remote-unauthenticated/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3152-redhat-dovecot-denial-of-service-remote-unauthenticated

ESB-2020.3151 – [RedHat] mysql:8.0: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3151
                         mysql:8.0 security update
                             15 September 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           mysql:8.0
Publisher:         Red Hat
Operating System:  Red Hat Enterprise Linux Server 8
                   Red Hat Enterprise Linux WS/Desktop 8
Impact/Access:     Modify Arbitrary Files   -- Existing Account      
                   Denial of Service        -- Remote/Unauthenticated
                   Access Confidential Data -- Remote/Unauthenticated
                   Unauthorised Access      -- Existing Account      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-14725 CVE-2020-14702 CVE-2020-14697
                   CVE-2020-14680 CVE-2020-14678 CVE-2020-14663
                   CVE-2020-14656 CVE-2020-14654 CVE-2020-14651
                   CVE-2020-14643 CVE-2020-14641 CVE-2020-14634
                   CVE-2020-14633 CVE-2020-14632 CVE-2020-14631
                   CVE-2020-14624 CVE-2020-14623 CVE-2020-14620
                   CVE-2020-14619 CVE-2020-14614 CVE-2020-14597
                   CVE-2020-14586 CVE-2020-14576 CVE-2020-14575
                   CVE-2020-14568 CVE-2020-14567 CVE-2020-14559
                   CVE-2020-14553 CVE-2020-14550 CVE-2020-14547
                   CVE-2020-14540 CVE-2020-14539 CVE-2020-2930
                   CVE-2020-2928 CVE-2020-2926 CVE-2020-2925
                   CVE-2020-2924 CVE-2020-2923 CVE-2020-2922
                   CVE-2020-2921 CVE-2020-2904 CVE-2020-2903
                   CVE-2020-2901 CVE-2020-2898 CVE-2020-2897
                   CVE-2020-2896 CVE-2020-2895 CVE-2020-2893
                   CVE-2020-2892 CVE-2020-2853 CVE-2020-2814
                   CVE-2020-2812 CVE-2020-2804 CVE-2020-2780
                   CVE-2020-2779 CVE-2020-2774 CVE-2020-2770
                   CVE-2020-2765 CVE-2020-2763 CVE-2020-2762
                   CVE-2020-2761 CVE-2020-2760 CVE-2020-2759
                   CVE-2020-2752 CVE-2020-2694 CVE-2020-2686
                   CVE-2020-2679 CVE-2020-2660 CVE-2020-2627
                   CVE-2020-2589 CVE-2020-2588 CVE-2020-2584
                   CVE-2020-2580 CVE-2020-2579 CVE-2020-2577
                   CVE-2020-2574 CVE-2020-2573 CVE-2020-2570
                   CVE-2019-3018 CVE-2019-3011 CVE-2019-3009
                   CVE-2019-3004 CVE-2019-2998 CVE-2019-2997
                   CVE-2019-2993 CVE-2019-2991 CVE-2019-2982
                   CVE-2019-2974 CVE-2019-2968 CVE-2019-2967
                   CVE-2019-2966 CVE-2019-2963 CVE-2019-2960
                   CVE-2019-2957 CVE-2019-2946 CVE-2019-2938
                   CVE-2019-2914 CVE-2019-2911 

Reference:         ASB-2020.0132
                   ASB-2020.0087
                   ESB-2020.2862
                   ESB-2020.2584
                   ESB-2020.1583
                   ESB-2020.1108

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2020:3732

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: mysql:8.0 security update
Advisory ID:       RHSA-2020:3732-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:3732
Issue date:        2020-09-14
CVE Names:         CVE-2019-2911 CVE-2019-2914 CVE-2019-2938 
                   CVE-2019-2946 CVE-2019-2957 CVE-2019-2960 
                   CVE-2019-2963 CVE-2019-2966 CVE-2019-2967 
                   CVE-2019-2968 CVE-2019-2974 CVE-2019-2982 
                   CVE-2019-2991 CVE-2019-2993 CVE-2019-2997 
                   CVE-2019-2998 CVE-2019-3004 CVE-2019-3009 
                   CVE-2019-3011 CVE-2019-3018 CVE-2020-2570 
                   CVE-2020-2573 CVE-2020-2574 CVE-2020-2577 
                   CVE-2020-2579 CVE-2020-2580 CVE-2020-2584 
                   CVE-2020-2588 CVE-2020-2589 CVE-2020-2627 
                   CVE-2020-2660 CVE-2020-2679 CVE-2020-2686 
                   CVE-2020-2694 CVE-2020-2752 CVE-2020-2759 
                   CVE-2020-2760 CVE-2020-2761 CVE-2020-2762 
                   CVE-2020-2763 CVE-2020-2765 CVE-2020-2770 
                   CVE-2020-2774 CVE-2020-2779 CVE-2020-2780 
                   CVE-2020-2804 CVE-2020-2812 CVE-2020-2814 
                   CVE-2020-2853 CVE-2020-2892 CVE-2020-2893 
                   CVE-2020-2895 CVE-2020-2896 CVE-2020-2897 
                   CVE-2020-2898 CVE-2020-2901 CVE-2020-2903 
                   CVE-2020-2904 CVE-2020-2921 CVE-2020-2922 
                   CVE-2020-2923 CVE-2020-2924 CVE-2020-2925 
                   CVE-2020-2926 CVE-2020-2928 CVE-2020-2930 
                   CVE-2020-14539 CVE-2020-14540 CVE-2020-14547 
                   CVE-2020-14550 CVE-2020-14553 CVE-2020-14559 
                   CVE-2020-14567 CVE-2020-14568 CVE-2020-14575 
                   CVE-2020-14576 CVE-2020-14586 CVE-2020-14597 
                   CVE-2020-14614 CVE-2020-14619 CVE-2020-14620 
                   CVE-2020-14623 CVE-2020-14624 CVE-2020-14631 
                   CVE-2020-14632 CVE-2020-14633 CVE-2020-14634 
                   CVE-2020-14641 CVE-2020-14643 CVE-2020-14651 
                   CVE-2020-14654 CVE-2020-14656 CVE-2020-14663 
                   CVE-2020-14678 CVE-2020-14680 CVE-2020-14697 
                   CVE-2020-14702 CVE-2020-14725 
=====================================================================

1. Summary:

An update for the mysql:8.0 module is now available for Red Hat Enterprise
Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

MySQL is a multi-user, multi-threaded SQL database server. It consists of
the MySQL server daemon (mysqld) and many client programs and libraries.

The following packages have been upgraded to a later upstream version:
mysql (8.0.21).

Security Fix(es):

* mysql: Server: Security: Privileges multiple unspecified vulnerabilities
(CVE-2020-14663, CVE-2020-14678, CVE-2020-14697, CVE-2020-2761,
CVE-2020-2774, CVE-2020-2779, CVE-2020-2853, CVE-2020-14586,
CVE-2020-14702)

* mysql: Server: Security: Encryption multiple unspecified vulnerabilities
(CVE-2019-2914, CVE-2019-2957)

* mysql: InnoDB multiple unspecified vulnerabilities (CVE-2019-2938,
CVE-2019-2963, CVE-2019-2968, CVE-2019-3018, CVE-2020-2577, CVE-2020-2589,
CVE-2020-2760, CVE-2020-2762, CVE-2020-2814, CVE-2020-2893, CVE-2020-2895,
CVE-2020-14568, CVE-2020-14623, CVE-2020-14633, CVE-2020-14634)

* mysql: Server: PS multiple unspecified vulnerabilities (CVE-2019-2946,
CVE-2020-2925)

* mysql: Server: Replication multiple unspecified vulnerabilities
(CVE-2019-2960, CVE-2020-2759, CVE-2020-2763, CVE-2020-14567)

* mysql: Server: Optimizer multiple unspecified vulnerabilities
(CVE-2019-2966, CVE-2019-2967, CVE-2019-2974, CVE-2019-2982, CVE-2019-2991,
CVE-2019-2998, CVE-2020-2579, CVE-2020-2660, CVE-2020-2679, CVE-2020-2686,
CVE-2020-2765, CVE-2020-2892, CVE-2020-2897, CVE-2020-2901, CVE-2020-2904,
CVE-2020-2923, CVE-2020-2924, CVE-2020-2928, CVE-2020-14539,
CVE-2020-14547, CVE-2020-14597, CVE-2020-14614, CVE-2020-14654,
CVE-2020-14680, CVE-2020-14725)

* mysql: Server: C API multiple unspecified vulnerabilities (CVE-2019-2993,
CVE-2019-3011)

* mysql: Server: DDL multiple unspecified vulnerabilities (CVE-2019-2997,
CVE-2020-2580)

* mysql: Server: Parser multiple unspecified vulnerabilities
(CVE-2019-3004, CVE-2020-2627, CVE-2020-2930, CVE-2020-14619)

* mysql: Server: Connection unspecified vulnerability (CVE-2019-3009)

* mysql: Server: Options multiple unspecified vulnerabilities
(CVE-2020-2584, CVE-2020-14632)

* mysql: Server: DML multiple unspecified vulnerabilities (CVE-2020-2588,
CVE-2020-2780, CVE-2020-14540, CVE-2020-14575, CVE-2020-14620)

* mysql: C API multiple unspecified vulnerabilities (CVE-2020-2752,
CVE-2020-2922, CVE-2020-14550, CVE-2020-2570, CVE-2020-2573, CVE-2020-2574)

* mysql: Server: Logging unspecified vulnerability (CVE-2020-2770)

* mysql: Server: Memcached unspecified vulnerability (CVE-2020-2804)

* mysql: Server: Stored Procedure unspecified vulnerability (CVE-2020-2812)

* mysql: Server: Information Schema multiple unspecified vulnerabilities
(CVE-2020-2896, CVE-2020-14559, CVE-2020-2694)

* mysql: Server: Charsets unspecified vulnerability (CVE-2020-2898)

* mysql: Server: Connection Handling unspecified vulnerability
(CVE-2020-2903)

* mysql: Server: Group Replication Plugin unspecified vulnerability
(CVE-2020-2921)

* mysql: Server: Group Replication GCS unspecified vulnerability
(CVE-2020-2926)

* mysql: Server: Pluggable Auth unspecified vulnerability (CVE-2020-14553)

* mysql: Server: UDF unspecified vulnerability (CVE-2020-14576)

* mysql: Server: JSON unspecified vulnerability (CVE-2020-14624)

* mysql: Server: Security: Audit unspecified vulnerability (CVE-2020-14631)

* mysql: Server: Security: Roles multiple unspecified vulnerabilities
(CVE-2020-14641, CVE-2020-14643, CVE-2020-14651)

* mysql: Server: Locking unspecified vulnerability (CVE-2020-14656)

* mysql: Information Schema unspecified vulnerability (CVE-2019-2911)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the MySQL server daemon (mysqld) will be
restarted automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1764675 - CVE-2019-2911 mysql: Information Schema unspecified vulnerability (CPU Oct 2019)
1764676 - CVE-2019-2914 mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2019)
1764680 - CVE-2019-2938 mysql: InnoDB unspecified vulnerability (CPU Oct 2019)
1764681 - CVE-2019-2946 mysql: Server: PS unspecified vulnerability (CPU Oct 2019)
1764684 - CVE-2019-2957 mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2019)
1764685 - CVE-2019-2960 mysql: Server: Replication unspecified vulnerability (CPU Oct 2019)
1764686 - CVE-2019-2963 mysql: InnoDB unspecified vulnerability (CPU Oct 2019)
1764687 - CVE-2019-2966 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019)
1764688 - CVE-2019-2967 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019)
1764689 - CVE-2019-2968 mysql: InnoDB unspecified vulnerability (CPU Oct 2019)
1764691 - CVE-2019-2974 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019)
1764692 - CVE-2019-2982 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019)
1764693 - CVE-2019-2991 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019)
1764694 - CVE-2019-2993 mysql: Server: C API unspecified vulnerability (CPU Oct 2019)
1764695 - CVE-2019-2997 mysql: Server: DDL unspecified vulnerability (CPU Oct 2019)
1764696 - CVE-2019-2998 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019)
1764698 - CVE-2019-3004 mysql: Server: Parser unspecified vulnerability (CPU Oct 2019)
1764699 - CVE-2019-3009 mysql: Server: Connection unspecified vulnerability (CPU Oct 2019)
1764700 - CVE-2019-3011 mysql: Server: C API unspecified vulnerability (CPU Oct 2019)
1764701 - CVE-2019-3018 mysql: InnoDB unspecified vulnerability (CPU Oct 2019)
1796880 - CVE-2020-2577 mysql: InnoDB unspecified vulnerability (CPU Jan 2020)
1796881 - CVE-2020-2579 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2020)
1796882 - CVE-2020-2580 mysql: Server: DDL unspecified vulnerability (CPU Jan 2020)
1796883 - CVE-2020-2584 mysql: Server: Options unspecified vulnerability (CPU Jan 2020)
1796884 - CVE-2020-2588 mysql: Server: DML unspecified vulnerability (CPU Jan 2020)
1796885 - CVE-2020-2589 mysql: InnoDB unspecified vulnerability (CPU Jan 2020)
1796886 - CVE-2020-2660 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2020)
1796887 - CVE-2020-2679 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2020)
1796888 - CVE-2020-2686 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2020)
1796889 - CVE-2020-2694 mysql: Server: Information Schema unspecified vulnerability (CPU Jan 2020)
1796905 - CVE-2020-2627 mysql: Server: Parser unspecified vulnerability (CPU Jan 2020)
1798559 - CVE-2020-2570 mysql: C API unspecified vulnerability (CPU Jan 2020)
1798576 - CVE-2020-2573 mysql: C API unspecified vulnerability (CPU Jan 2020)
1798587 - CVE-2020-2574 mysql: C API unspecified vulnerability (CPU Jan 2020)
1830048 - CVE-2020-2759 mysql: Server: Replication unspecified vulnerability (CPU Apr 2020)
1830049 - CVE-2020-2761 mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2020)
1830050 - CVE-2020-2762 mysql: InnoDB unspecified vulnerability (CPU Apr 2020)
1830051 - CVE-2020-2763 mysql: Server: Replication unspecified vulnerability (CPU Apr 2020)
1830052 - CVE-2020-2765 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2020)
1830053 - CVE-2020-2770 mysql: Server: Logging unspecified vulnerability (CPU Apr 2020)
1830054 - CVE-2020-2774 mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2020)
1830055 - CVE-2020-2779 mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2020)
1830056 - CVE-2020-2780 mysql: Server: DML unspecified vulnerability (CPU Apr 2020)
1830058 - CVE-2020-2804 mysql: Server: Memcached unspecified vulnerability (CPU Apr 2020)
1830059 - CVE-2020-2812 mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020)
1830060 - CVE-2020-2814 mysql: InnoDB unspecified vulnerability (CPU Apr 2020)
1830061 - CVE-2020-2853 mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2020)
1830062 - CVE-2020-2892 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2020)
1830064 - CVE-2020-2893 mysql: InnoDB unspecified vulnerability (CPU Apr 2020)
1830066 - CVE-2020-2895 mysql: InnoDB unspecified vulnerability (CPU Apr 2020)
1830067 - CVE-2020-2896 mysql: Server: Information Schema unspecified vulnerability (CPU Apr 2020)
1830068 - CVE-2020-2897 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2020)
1830069 - CVE-2020-2898 mysql: Server: Charsets unspecified vulnerability (CPU Apr 2020)
1830070 - CVE-2020-2901 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2020)
1830071 - CVE-2020-2903 mysql: Server: Connection Handling unspecified vulnerability (CPU Apr 2020)
1830072 - CVE-2020-2904 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2020)
1830073 - CVE-2020-2921 mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Apr 2020)
1830074 - CVE-2020-2923 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2020)
1830075 - CVE-2020-2924 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2020)
1830076 - CVE-2020-2925 mysql: Server: PS unspecified vulnerability (CPU Apr 2020)
1830077 - CVE-2020-2926 mysql: Server: Group Replication GCS unspecified vulnerability (CPU Apr 2020)
1830078 - CVE-2020-2928 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2020)
1830079 - CVE-2020-2930 mysql: Server: Parser unspecified vulnerability (CPU Apr 2020)
1830082 - CVE-2020-2760 mysql: InnoDB unspecified vulnerability (CPU Apr 2020)
1835849 - CVE-2020-2752 mysql: C API unspecified vulnerability (CPU Apr 2020)
1835850 - CVE-2020-2922 mysql: C API unspecified vulnerability (CPU Apr 2020)
1865945 - CVE-2020-14539 mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2020)
1865947 - CVE-2020-14540 mysql: Server: DML unspecified vulnerability (CPU Jul 2020)
1865948 - CVE-2020-14547 mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2020)
1865949 - CVE-2020-14550 mysql: C API unspecified vulnerability (CPU Jul 2020)
1865950 - CVE-2020-14553 mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2020)
1865951 - CVE-2020-14559 mysql: Server: Information Schema unspecified vulnerability (CPU Jul 2020)
1865952 - CVE-2020-14567 mysql: Server: Replication unspecified vulnerability (CPU Jul 2020)
1865953 - CVE-2020-14568 mysql: InnoDB unspecified vulnerability (CPU Jul 2020)
1865954 - CVE-2020-14575 mysql: Server: DML unspecified vulnerability (CPU Jul 2020)
1865955 - CVE-2020-14576 mysql: Server: UDF unspecified vulnerability (CPU Jul 2020)
1865956 - CVE-2020-14586 mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2020)
1865958 - CVE-2020-14597 mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2020)
1865959 - CVE-2020-14614 mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2020)
1865960 - CVE-2020-14619 mysql: Server: Parser unspecified vulnerability (CPU Jul 2020)
1865961 - CVE-2020-14620 mysql: Server: DML unspecified vulnerability (CPU Jul 2020)
1865962 - CVE-2020-14623 mysql: InnoDB unspecified vulnerability (CPU Jul 2020)
1865963 - CVE-2020-14624 mysql: Server: JSON unspecified vulnerability (CPU Jul 2020)
1865964 - CVE-2020-14631 mysql: Server: Security: Audit unspecified vulnerability (CPU Jul 2020)
1865965 - CVE-2020-14632 mysql: Server: Options unspecified vulnerability (CPU Jul 2020)
1865966 - CVE-2020-14633 mysql: InnoDB unspecified vulnerability (CPU Jul 2020)
1865967 - CVE-2020-14634 mysql: InnoDB unspecified vulnerability (CPU Jul 2020)
1865968 - CVE-2020-14641 mysql: Server: Security: Roles unspecified vulnerability (CPU Jul 2020)
1865969 - CVE-2020-14643 mysql: Server: Security: Roles unspecified vulnerability (CPU Jul 2020)
1865970 - CVE-2020-14654 mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2020)
1865971 - CVE-2020-14656 mysql: Server: Locking unspecified vulnerability (CPU Jul 2020)
1865972 - CVE-2020-14663 mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2020)
1865973 - CVE-2020-14678 mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2020)
1865974 - CVE-2020-14680 mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2020)
1865975 - CVE-2020-14697 mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2020)
1865976 - CVE-2020-14702 mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2020)
1865977 - CVE-2020-14725 mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2020)
1865982 - CVE-2020-14651 mysql: Server: Security: Roles unspecified vulnerability (CPU Jul 2020)
1874040 - Module stream mysql:8.0 does not have correct module.md file [rhel-8.2.0.z]

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:
mecab-0.996-1.module+el8.0.0+3898+e09bb8de.9.src.rpm
mecab-ipadic-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de.src.rpm
mysql-8.0.21-1.module+el8.2.0+7855+47abd494.src.rpm

aarch64:
mecab-0.996-1.module+el8.0.0+3898+e09bb8de.9.aarch64.rpm
mecab-debuginfo-0.996-1.module+el8.0.0+3898+e09bb8de.9.aarch64.rpm
mecab-debugsource-0.996-1.module+el8.0.0+3898+e09bb8de.9.aarch64.rpm
mecab-ipadic-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de.aarch64.rpm
mecab-ipadic-EUCJP-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de.aarch64.rpm
mysql-8.0.21-1.module+el8.2.0+7855+47abd494.aarch64.rpm
mysql-common-8.0.21-1.module+el8.2.0+7855+47abd494.aarch64.rpm
mysql-debuginfo-8.0.21-1.module+el8.2.0+7855+47abd494.aarch64.rpm
mysql-debugsource-8.0.21-1.module+el8.2.0+7855+47abd494.aarch64.rpm
mysql-devel-8.0.21-1.module+el8.2.0+7855+47abd494.aarch64.rpm
mysql-devel-debuginfo-8.0.21-1.module+el8.2.0+7855+47abd494.aarch64.rpm
mysql-errmsg-8.0.21-1.module+el8.2.0+7855+47abd494.aarch64.rpm
mysql-libs-8.0.21-1.module+el8.2.0+7855+47abd494.aarch64.rpm
mysql-libs-debuginfo-8.0.21-1.module+el8.2.0+7855+47abd494.aarch64.rpm
mysql-server-8.0.21-1.module+el8.2.0+7855+47abd494.aarch64.rpm
mysql-server-debuginfo-8.0.21-1.module+el8.2.0+7855+47abd494.aarch64.rpm
mysql-test-8.0.21-1.module+el8.2.0+7855+47abd494.aarch64.rpm
mysql-test-debuginfo-8.0.21-1.module+el8.2.0+7855+47abd494.aarch64.rpm

ppc64le:
mecab-0.996-1.module+el8.0.0+3898+e09bb8de.9.ppc64le.rpm
mecab-debuginfo-0.996-1.module+el8.0.0+3898+e09bb8de.9.ppc64le.rpm
mecab-debugsource-0.996-1.module+el8.0.0+3898+e09bb8de.9.ppc64le.rpm
mecab-ipadic-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de.ppc64le.rpm
mecab-ipadic-EUCJP-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de.ppc64le.rpm
mysql-8.0.21-1.module+el8.2.0+7855+47abd494.ppc64le.rpm
mysql-common-8.0.21-1.module+el8.2.0+7855+47abd494.ppc64le.rpm
mysql-debuginfo-8.0.21-1.module+el8.2.0+7855+47abd494.ppc64le.rpm
mysql-debugsource-8.0.21-1.module+el8.2.0+7855+47abd494.ppc64le.rpm
mysql-devel-8.0.21-1.module+el8.2.0+7855+47abd494.ppc64le.rpm
mysql-devel-debuginfo-8.0.21-1.module+el8.2.0+7855+47abd494.ppc64le.rpm
mysql-errmsg-8.0.21-1.module+el8.2.0+7855+47abd494.ppc64le.rpm
mysql-libs-8.0.21-1.module+el8.2.0+7855+47abd494.ppc64le.rpm
mysql-libs-debuginfo-8.0.21-1.module+el8.2.0+7855+47abd494.ppc64le.rpm
mysql-server-8.0.21-1.module+el8.2.0+7855+47abd494.ppc64le.rpm
mysql-server-debuginfo-8.0.21-1.module+el8.2.0+7855+47abd494.ppc64le.rpm
mysql-test-8.0.21-1.module+el8.2.0+7855+47abd494.ppc64le.rpm
mysql-test-debuginfo-8.0.21-1.module+el8.2.0+7855+47abd494.ppc64le.rpm

s390x:
mecab-0.996-1.module+el8.0.0+3898+e09bb8de.9.s390x.rpm
mecab-debuginfo-0.996-1.module+el8.0.0+3898+e09bb8de.9.s390x.rpm
mecab-debugsource-0.996-1.module+el8.0.0+3898+e09bb8de.9.s390x.rpm
mecab-ipadic-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de.s390x.rpm
mecab-ipadic-EUCJP-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de.s390x.rpm
mysql-8.0.21-1.module+el8.2.0+7855+47abd494.s390x.rpm
mysql-common-8.0.21-1.module+el8.2.0+7855+47abd494.s390x.rpm
mysql-debuginfo-8.0.21-1.module+el8.2.0+7855+47abd494.s390x.rpm
mysql-debugsource-8.0.21-1.module+el8.2.0+7855+47abd494.s390x.rpm
mysql-devel-8.0.21-1.module+el8.2.0+7855+47abd494.s390x.rpm
mysql-devel-debuginfo-8.0.21-1.module+el8.2.0+7855+47abd494.s390x.rpm
mysql-errmsg-8.0.21-1.module+el8.2.0+7855+47abd494.s390x.rpm
mysql-libs-8.0.21-1.module+el8.2.0+7855+47abd494.s390x.rpm
mysql-libs-debuginfo-8.0.21-1.module+el8.2.0+7855+47abd494.s390x.rpm
mysql-server-8.0.21-1.module+el8.2.0+7855+47abd494.s390x.rpm
mysql-server-debuginfo-8.0.21-1.module+el8.2.0+7855+47abd494.s390x.rpm
mysql-test-8.0.21-1.module+el8.2.0+7855+47abd494.s390x.rpm
mysql-test-debuginfo-8.0.21-1.module+el8.2.0+7855+47abd494.s390x.rpm

x86_64:
mecab-0.996-1.module+el8.0.0+3898+e09bb8de.9.x86_64.rpm
mecab-debuginfo-0.996-1.module+el8.0.0+3898+e09bb8de.9.x86_64.rpm
mecab-debugsource-0.996-1.module+el8.0.0+3898+e09bb8de.9.x86_64.rpm
mecab-ipadic-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de.x86_64.rpm
mecab-ipadic-EUCJP-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de.x86_64.rpm
mysql-8.0.21-1.module+el8.2.0+7855+47abd494.x86_64.rpm
mysql-common-8.0.21-1.module+el8.2.0+7855+47abd494.x86_64.rpm
mysql-debuginfo-8.0.21-1.module+el8.2.0+7855+47abd494.x86_64.rpm
mysql-debugsource-8.0.21-1.module+el8.2.0+7855+47abd494.x86_64.rpm
mysql-devel-8.0.21-1.module+el8.2.0+7855+47abd494.x86_64.rpm
mysql-devel-debuginfo-8.0.21-1.module+el8.2.0+7855+47abd494.x86_64.rpm
mysql-errmsg-8.0.21-1.module+el8.2.0+7855+47abd494.x86_64.rpm
mysql-libs-8.0.21-1.module+el8.2.0+7855+47abd494.x86_64.rpm
mysql-libs-debuginfo-8.0.21-1.module+el8.2.0+7855+47abd494.x86_64.rpm
mysql-server-8.0.21-1.module+el8.2.0+7855+47abd494.x86_64.rpm
mysql-server-debuginfo-8.0.21-1.module+el8.2.0+7855+47abd494.x86_64.rpm
mysql-test-8.0.21-1.module+el8.2.0+7855+47abd494.x86_64.rpm
mysql-test-debuginfo-8.0.21-1.module+el8.2.0+7855+47abd494.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-2911
https://access.redhat.com/security/cve/CVE-2019-2914
https://access.redhat.com/security/cve/CVE-2019-2938
https://access.redhat.com/security/cve/CVE-2019-2946
https://access.redhat.com/security/cve/CVE-2019-2957
https://access.redhat.com/security/cve/CVE-2019-2960
https://access.redhat.com/security/cve/CVE-2019-2963
https://access.redhat.com/security/cve/CVE-2019-2966
https://access.redhat.com/security/cve/CVE-2019-2967
https://access.redhat.com/security/cve/CVE-2019-2968
https://access.redhat.com/security/cve/CVE-2019-2974
https://access.redhat.com/security/cve/CVE-2019-2982
https://access.redhat.com/security/cve/CVE-2019-2991
https://access.redhat.com/security/cve/CVE-2019-2993
https://access.redhat.com/security/cve/CVE-2019-2997
https://access.redhat.com/security/cve/CVE-2019-2998
https://access.redhat.com/security/cve/CVE-2019-3004
https://access.redhat.com/security/cve/CVE-2019-3009
https://access.redhat.com/security/cve/CVE-2019-3011
https://access.redhat.com/security/cve/CVE-2019-3018
https://access.redhat.com/security/cve/CVE-2020-2570
https://access.redhat.com/security/cve/CVE-2020-2573
https://access.redhat.com/security/cve/CVE-2020-2574
https://access.redhat.com/security/cve/CVE-2020-2577
https://access.redhat.com/security/cve/CVE-2020-2579
https://access.redhat.com/security/cve/CVE-2020-2580
https://access.redhat.com/security/cve/CVE-2020-2584
https://access.redhat.com/security/cve/CVE-2020-2588
https://access.redhat.com/security/cve/CVE-2020-2589
https://access.redhat.com/security/cve/CVE-2020-2627
https://access.redhat.com/security/cve/CVE-2020-2660
https://access.redhat.com/security/cve/CVE-2020-2679
https://access.redhat.com/security/cve/CVE-2020-2686
https://access.redhat.com/security/cve/CVE-2020-2694
https://access.redhat.com/security/cve/CVE-2020-2752
https://access.redhat.com/security/cve/CVE-2020-2759
https://access.redhat.com/security/cve/CVE-2020-2760
https://access.redhat.com/security/cve/CVE-2020-2761
https://access.redhat.com/security/cve/CVE-2020-2762
https://access.redhat.com/security/cve/CVE-2020-2763
https://access.redhat.com/security/cve/CVE-2020-2765
https://access.redhat.com/security/cve/CVE-2020-2770
https://access.redhat.com/security/cve/CVE-2020-2774
https://access.redhat.com/security/cve/CVE-2020-2779
https://access.redhat.com/security/cve/CVE-2020-2780
https://access.redhat.com/security/cve/CVE-2020-2804
https://access.redhat.com/security/cve/CVE-2020-2812
https://access.redhat.com/security/cve/CVE-2020-2814
https://access.redhat.com/security/cve/CVE-2020-2853
https://access.redhat.com/security/cve/CVE-2020-2892
https://access.redhat.com/security/cve/CVE-2020-2893
https://access.redhat.com/security/cve/CVE-2020-2895
https://access.redhat.com/security/cve/CVE-2020-2896
https://access.redhat.com/security/cve/CVE-2020-2897
https://access.redhat.com/security/cve/CVE-2020-2898
https://access.redhat.com/security/cve/CVE-2020-2901
https://access.redhat.com/security/cve/CVE-2020-2903
https://access.redhat.com/security/cve/CVE-2020-2904
https://access.redhat.com/security/cve/CVE-2020-2921
https://access.redhat.com/security/cve/CVE-2020-2922
https://access.redhat.com/security/cve/CVE-2020-2923
https://access.redhat.com/security/cve/CVE-2020-2924
https://access.redhat.com/security/cve/CVE-2020-2925
https://access.redhat.com/security/cve/CVE-2020-2926
https://access.redhat.com/security/cve/CVE-2020-2928
https://access.redhat.com/security/cve/CVE-2020-2930
https://access.redhat.com/security/cve/CVE-2020-14539
https://access.redhat.com/security/cve/CVE-2020-14540
https://access.redhat.com/security/cve/CVE-2020-14547
https://access.redhat.com/security/cve/CVE-2020-14550
https://access.redhat.com/security/cve/CVE-2020-14553
https://access.redhat.com/security/cve/CVE-2020-14559
https://access.redhat.com/security/cve/CVE-2020-14567
https://access.redhat.com/security/cve/CVE-2020-14568
https://access.redhat.com/security/cve/CVE-2020-14575
https://access.redhat.com/security/cve/CVE-2020-14576
https://access.redhat.com/security/cve/CVE-2020-14586
https://access.redhat.com/security/cve/CVE-2020-14597
https://access.redhat.com/security/cve/CVE-2020-14614
https://access.redhat.com/security/cve/CVE-2020-14619
https://access.redhat.com/security/cve/CVE-2020-14620
https://access.redhat.com/security/cve/CVE-2020-14623
https://access.redhat.com/security/cve/CVE-2020-14624
https://access.redhat.com/security/cve/CVE-2020-14631
https://access.redhat.com/security/cve/CVE-2020-14632
https://access.redhat.com/security/cve/CVE-2020-14633
https://access.redhat.com/security/cve/CVE-2020-14634
https://access.redhat.com/security/cve/CVE-2020-14641
https://access.redhat.com/security/cve/CVE-2020-14643
https://access.redhat.com/security/cve/CVE-2020-14651
https://access.redhat.com/security/cve/CVE-2020-14654
https://access.redhat.com/security/cve/CVE-2020-14656
https://access.redhat.com/security/cve/CVE-2020-14663
https://access.redhat.com/security/cve/CVE-2020-14678
https://access.redhat.com/security/cve/CVE-2020-14680
https://access.redhat.com/security/cve/CVE-2020-14697
https://access.redhat.com/security/cve/CVE-2020-14702
https://access.redhat.com/security/cve/CVE-2020-14725
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBX19oUNzjgjWX9erEAQifaw/8DTIXqUrqB9JegebbhGZrz6hOg/2qF4k6
HdSLuHG/ol9x2QeQ/4BrJj3z5v6hfWVVe0NpkSkQbev9Qboe6aKXUKO5Lt+E31eG
Ig7poBL0WjvBx7HrI1IJaaP9S1jwo9xOD4Vo8Kz7nS2/3eAn4opPSng7UTkiY5QX
UHm8WBRF0oQZcxKdk4Rpbg/etJ50p1wQJThpSqYyERd0Vz5IOpje/BXEsmpZaE22
PEXBuSnh7XH+MVzkJHMyBRjEMBy+Lz3LM5kkScnyT8sg3cuvL6N5GoYXI993QBNp
/C4hs2YDS/MQnSGL4YEbrasToj3PjPj7lXhfuAvPZ7vtF6xo35lbt3QREe4kn1WT
wfCDIKUE4bRlVU0ayooCp8qU2LYFPsOS6LNWuO6PfuhLdaOw9GqRULzR5wcSAXeQ
3wVCqRmYfXBg4kLnDBm9tnkIBKvGKeTWh1ERA8m0SQ4h44lrVrloDT8lAyl4w8HT
ge9E4w8J9afOioCbd3x27vme5rfrcOaO3VYLbBQysXyED9IV9jAHd5DL4ABxMmrD
6OI376+V1RmVbmWQcT5nXf8ggFjCl+y30b4N0ttKR9jWHH76NaYCwFGd5wxhM5b8
Mc8gJdNgV8A2O5ASoGuL0tV65gMOVGk8AzraABbOwwF+tGWjGu3C3/LPh8eUA1Qy
ohCJYNSMA1Q=
=F0vQ
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX1/02+NLKJtyKPYoAQgmbw//fiCgbex25URNpRMlypr1ruJkoxWMaW99
cBL8yGVArOjxshhENNB9DIkWqFnQRxey1dUxD7Zw82/QEIosVCcrUDOEvhP53HNr
WsHGNdPg4srE9ER3Bw/r3o61iVfqieLt6DLMKb5qK1IrgJjmv2eGvcSBPuupS1a3
jXpbO9CvEicaJRCfI+LOq/2Srw/9q0Kf9u7hh9ulHFqG6dgsLDu5SrtyEIrf0qDo
w0wfN6Xf/vRTKt1IfG5Z0Slx/y9ITcFexJj4HYtrEHuHHJ+MvTH7Ug8hQL53WB39
NJ+rEzPtu3dgcnXewLhNAtmfEsB5IglYey9vohisRqvP/ksId0f3W4TeTUOCc0MY
M5gd+s2NNs4ZpBz3m8LGYCTApzoMx9FRr2sdI7AWC0h6fqYWasnVXGMl5sLzkBtE
zej0gzmXQPocf2a4O0F37KUqgvy/LpoOPqGqnfjqRLMIC0sVHt40HpEhkkR44a9f
ir/KRnuVgAt540niKNS2HzSH6IuvSNS80QGQFVHTo3C1/RRz8krUAsM4mlKJzv4O
/O79ueCDwhm4CieiWb94e+OSSftI4Pgt9J51IxDJrh67/sZJ5bqMiFVxyScwrEJN
bYcJ+tNqq7R+h+j7JFN5dZiQ5cdYHhBSKWbG4tKSmJgbUktX+0gETjEgd8ljgS8d
stVf82mMvJI=
=846J
-----END PGP SIGNATURE-----

The post ESB-2020.3151 – [RedHat] mysql:8.0: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2020/09/15/esb-2020-3151-redhat-mysql8-0-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3151-redhat-mysql8-0-multiple-vulnerabilities

ESB-2020.3149 – [Appliance] BIG-IP: Reduced security – Unknown/unspecified

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3149
       The BIG-IP system may not interpret an HTTP request the same
                  way the target web server interprets it
                             15 September 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           BIG-IP
Publisher:         F5 Networks
Operating System:  Network Appliance
Impact/Access:     Reduced Security -- Unknown/Unspecified
Resolution:        Mitigation

Original Bulletin: 
   https://support.f5.com/csp/article/K27551003

- --------------------------BEGIN INCLUDED TEXT--------------------

K27551003:The BIG-IP system may not interpret an HTTP request the same way the 
target web server interprets it

Security Advisory

Original Publication Date: 24 Jun, 2020

Latest   Publication Date: 15 Sep, 2020

Security Advisory Description

This issue occurs when all of the following conditions are met:

  o A virtual server is associated with an HTTP profile.
  o An iRule or LTM policy that uses HTTP header information is associated with
    the virtual server.
  o The BIG-IP system receives a specially crafted HTTP request.

Impact

Customers should evaluate whether this behavior is in line with how their
application processes this traffic, especially when using iRules or Local
Traffic Policies in a security context such as determining ACL or selecting ASM
policies based on request content.

Symptoms

As a result of this issue, you may encounter one or more of the following
symptoms:

  o The BIG-IP HTTP parser may not parse requests in the same manner as a web
    server.
  o The following examples illustrate how the BIG-IP system interprets the
    different HTTP requests:
       Interpretation of non-encoded white spaces in HTTP URIs
       Interpretation of HTTP/0.9 requests that include HTTP headers beyond
        the method, URI, and version
       Interpretation of white space in HTTP headers between the header name
        and the separating colon
       Interpretation of multiple HTTP Host headers
       Interpretation of absolute URIs containing Host information
     
       Interpretation of non-encoded white spaces in HTTP URIs

        Review the following request:

            GET /file.txt foo/file2.txt HTTP/1.1rn
            Host: www.example.comrn
            Connection: closernrn

        The following is true about the previous request:

        The request is sent to the server as previously noted (without any
        changes).

        An iRule or Local Traffic Policy extracting the path/URL captures the
        string up to the first white space.

        For example:

            [HTTP::path] = /file.txt
            [HTTP::uri] = /file.txt

        Note: You can configure the BIG-IP ASM system to block such requests by
        ensuring the Bad HTTP Version violation within the HTTP Protocol
        Compliance Failed category is enabled.

        F5 has assigned ID858285 to the requirement to have an option to reject
        such requests within the BIG-IP LTM HTTP profile configuration.
         

       Interpretation of HTTP/0.9 requests that include HTTP headers beyond
        the method, URI, and version

        Review the following request:

            GET /file.txt HTTP/0.9
            Host: www.example.com

        The following is true about the previous request:

        The request is sent to the server as previously noted (without any
        changes).

        An iRule or Local Traffic Policy extracting the HTTP Host header
        returns an empty result.

        Per RFC 1945, HTTP/0.9 Simple-Requests do not contain any headers or
        information beyond the URI requested. The BIG-IP LTM ignores all data
        beyond the URI and passes it to the target pool member unmodified and
        without additional inspection or parsing.

        For example:

            [HTTP::host] = 

        Note: You can configure the BIG-IP ASM system to block requests that
        lack an explicitly defined HTTP version (for example, 0.9 requests)
        through the HTTP Protocol Compliance Failed violation. If you want to
        block all HTTP/0.9 requests, including those with a version explicitly
        defined, consider entering a simple iRule such as the following:

        when HTTP_REQUEST {
          if {[HTTP::version] eq "0.9"} {
            reject
          }
        }
         

       Interpretation of white space in HTTP headers between the header name
        and the separating colon

        Review the following request:

            GET /file.txt HTTP/1.0
            Host : www.example.com
            Connection: close

        The following is true about the previous request:

        The request is sent to the server as previously noted (without any
        changes).

        The BIG-IP system ignores any additional white space between the header
        name and the separating colon, processes the HTTP headers as
        normal, and makes the values available to iRules and Local Traffic
        Policies with the additional white space removed.

        For example:

            [HTTP::header names] = Host Connection
            [HTTP::host] = www.example.com
            [HTTP::header value Host] = www.example.com

        The HTTP RFCs do not define white space characters between HTTP header
        names and the separating colon (see RFC 2616 section 4.2 and RFC 7230
        section 3.2.3) and you should evaluate how your application handles
        such white space.

        F5 has assigned ID858289 to the requirement to have an option to reject
        such requests within the BIG-IP LTM HTTP profile configuration.
         

       Interpretation of multiple HTTP Host headers

        Review the following request:

            GET /file.txt HTTP/1.0
            Host: host1.example.com
            Host: host2.example.com
            Connection: close

        The following is true about the previous request:

        The request is sent to the server as previously noted (without any
        changes).

        An iRule or Local Traffic Policy extracting the HTTP Host header
        returns only the last header value, per the documentation for
        HTTP::header (https://clouddocs.f5.com/api/irules/HTTP__header.html)
        and HTTP::host (https://clouddocs.f5.com/api/irules/HTTP__host.html).

        For example:

            [HTTP::header names] = Host Host Connection
            [HTTP::host] = host2.example.com
            [HTTP::header value Host] = host2.example.com
            [HTTP::header values Host] = host1.example.com host2.example.com

        Note: You can configure the BIG-IP ASM system to block requests with
        multiple Host headers by enabling the Multiple Host Headers violation
        within the HTTP Protocol Compliance Failed violation category.

        Additionally, the following iRule example concatenates multiple Host
        header values together before examining them:

        when HTTP_REQUEST {
          if { [HTTP::header values "Host"] eq "www.example.com" } then {
            # A single Host-header was received containing www.example.com
          }
        }

        F5 has assigned ID858297 to the requirement to have an option to reject
        such requests within the BIG-IP LTM HTTP profile configuration.
         

       Interpretation of absolute URIs containing Host information

        Review the following request:

            GET http://www.bar.com/file.txt HTTP/1.1
            Host: www.example.com
            Connection: close

        The following is true about the previous request:

        The request is sent to the server as previously noted (without any
        changes).

        An iRule or Local Traffic Policy extracting the HTTP Host header
        returns only the host information contained in the Host header and not
        the information contained in the absolute URI.

        For example:

            [HTTP::host] = www.example.com
            [HTTP::header value Host] = www.example.com

        If the target application complies with RFC 2616 section 5.2 or RFC
        7230 section 5.5, then it may honor the host portion of the Absolute
        URI and may, therefore, interpret the request in a different manner
        than the BIG-IP system does.

        F5 has assigned ID858301 to the requirement to have the BIG-IP LTM HTTP
        profile handle such Absolute-URI requests per the guidance in RFC 7230.

Security Advisory Status

F5 Product Development has assigned IDs 858285, 858289, 858297, and 858301 to
this issue. F5 has confirmed that this issue exists in the products listed in
the Applies to (see versions) box, located in the upper-right corner of this
article. For information about releases, point releases, or hotfixes that
resolve this issue, refer to the following table.

+------------------+-----------------+----------------------------------------+
|Type of fix       |Fixes introduced |Related articles                        |
|                  |in               |                                        |
+------------------+-----------------+----------------------------------------+
|Release           |16.0.0           |K2200: Most recent versions of F5       |
|                  |                 |software                                |
+------------------+-----------------+----------------------------------------+
|Point release/    |15.0.1.4         |K9502: BIG-IP hotfix and point release  |
|hotfix            |13.1.3.4         |matrix                                  |
|                  |12.1.5.2^1       |                                        |
+------------------+-----------------+----------------------------------------+

^1In addition to the versions listed in the Fixes introduced in column, fixes
for ID 858297 and ID 858301 were also introduced in the 12.1.5.2 point release.

Security Advisory Recommended Actions

Workaround

On BIG-IP versions that include mitigations for the IDs discussed in this
article, note that enforcing RFC Compliance is achieved differently depending
on the version, per the following table.
 
+--------+--------------------------------------------------------------------+
|BIG-IP  |Mitigations                                                         |
|versions|                                                                    |
+--------+--------------------------------------------------------------------+
|        |The Enforce RFC Compliance checkbox is available in the Enforcement |
|        |section of the HTTP profile. To fix the issue described in this     |
|15.1.0  |article, you must select this checkbox in the HTTP profile for the  |
|or later|affected BIG-IP virtual server. Selecting this checkbox causes the  |
|        |system to silently drop HTTP requests that do not conform to HTTP   |
|        |RFCs as described in this article.                                  |
+--------+--------------------------------------------------------------------+
|15.0.1.1|The system database variable tmm.http.rfc.enforcement is available. |
|or later|To fix the issue described in this article, you must enable this    |
|14.1.2.4|database variable by entering the following command:                |
|or later|tmsh modify sys db tmm.http.rfc.enforcement value enable            |
+--------+--------------------------------------------------------------------+

Important: If either HTTP PSM or ASM are configured on a virtual server, the
state of the tmm.http.rfc.enforcement variable or the "Enforce RFC Compliance"
check box (15.1.0+) is ignored on that virtual server. Requests will be allowed
or blocked based on the configured ASM or PSM policy.


Alternatively, to avoid this issue, customers should evaluate how their
application interprets HTTP requests in accordance with published RFCs and how
any customer-defined conditional traffic handling (for example, iRules or Local
Traffic Policies) interprets the same HTTP requests to ensure that the
application stack behaves consistently.

Acknowledgements

F5 would like to acknowledge the F5 DevCentral MVP Kai Wilke of itacs GmbH for
bringing this issue to our attention, and for following the highest standards
of responsible disclosure.

Supplemental Information

o K51812227: Understanding Security Advisory versioning
  o K41942608: Overview of AskF5 Security Advisory articles
  o K4602: Overview of the F5 security vulnerability response policy
  o K4918: Overview of the F5 critical issue hotfix policy
  o K9502: BIG-IP hotfix and point release matrix
  o K13123: Managing BIG-IP product hotfixes (11.x - 16.x)
  o K48955220: Installing an OPSWAT Endpoint Security update on BIG-IP APM
    systems (11.4.x and later)
  o K167: Downloading software and firmware from F5
  o K9970: Subscribing to email notifications regarding F5 products
  o K9957: Creating a custom RSS feed to view new and updated documents

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX1/s4eNLKJtyKPYoAQhY2w/+KRXiFFHnx6IBi3QW7//d0oREu6/KY5C7
QQI3G36Mmu+wKoadimHHZoly5VdRmszD2Swm6JIJB+L26HkNDhllK0ABDr44dQ5n
0lemzmbTDeITEhPncHlpf0KAJsQYCrHw2zvBhxYw00lms1qS6SDMD5COSLERF5aN
34H2KRZPIiuht7GwMERhBEHSd05khtLSp3RfOQGUhXWtkdjicbZA5rfeDkaiiZvn
CYYY/TU9faL4onu6E7DrwO4O7QUPLorLlUq7soymhkWTfGHg4hoQQPlUiooU9Yf9
iR9fTceD+cRCeDTm5mp1Waik/aEWOaJdGMUM15+rMhlFPrBAjJxhOC/7GF8xxlJg
Uw9XwQ5wJ1lRMYgmfrgMqfPlwIyItBC3IeTOjQtc5b+sZYsIa7yhFaN+qZwj/maf
FXIFCxS1dk1U/BtPyg7Iz0jk8cMf1ZLYPBag1/P4EXt1bkoUwnBXsOqNB5vxqjCr
TxjCq7EGe7GXjet+jh2u6vjO11/xMp1ssPb0ImKyjR7+6nfAhrmlIrxDrcxjfZlb
ozsZGRvD3jjvFTZtLwntN+p3ZF8pMEmtXhI5UzCCHHOnCK1aoPmjtc8vbQeNulKg
KYLX3ScykdvYh5QzuHeBCFvho14N+5wLhvsRePkTkBe0KpiIoILr8Aq3nTjXZ1JZ
cXffNCExMJc=
=EYJL
-----END PGP SIGNATURE-----

The post ESB-2020.3149 – [Appliance] BIG-IP: Reduced security – Unknown/unspecified appeared first on Malware Devil.

https://malwaredevil.com/2020/09/15/esb-2020-3149-appliance-big-ip-reduced-security-unknown-unspecified/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3149-appliance-big-ip-reduced-security-unknown-unspecified

ESB-2020.3148 – [RedHat] Red Hat JBoss Enterprise Application Platform 6.4: Denial of service – Remote/unauthenticated

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3148
     Red Hat JBoss Enterprise Application Platform 6.4 security update
                             15 September 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Red Hat JBoss Enterprise Application Platform 6.4
Publisher:         Red Hat
Operating System:  Red Hat Enterprise Linux Server 5
                   Red Hat Enterprise Linux Server 6
                   Red Hat Enterprise Linux Server 7
Impact/Access:     Denial of Service -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-14384  

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2020:3730
   https://access.redhat.com/errata/RHSA-2020:3731

Comment: This bulletin contains two (2) Red Hat security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: Red Hat JBoss Enterprise Application Platform 6.4 security update
Advisory ID:       RHSA-2020:3730-01
Product:           Red Hat JBoss Enterprise Application Platform
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:3730
Issue date:        2020-09-14
CVE Names:         CVE-2020-14384 
=====================================================================

1. Summary:

An update is now available for Red Hat JBoss Enterprise Application
Platform 6.4.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server - noarch
Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server - noarch
Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server - noarch

3. Description:

Red Hat JBoss Enterprise Application Platform is a platform for Java
applications based on the JBoss Application Server.

This release of Red Hat JBoss Enterprise Application Platform 6.4.23
includes bug fixes and enhancements, which are documented in the Release
Notes document listed in the References section.

Security Fix(es):

* jbossweb: Incomplete fix of CVE-2020-13935 for WebSocket in JBossWeb
could lead to DoS (CVE-2020-14384)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, see the CVE page(s) listed in the
References section.

All users of Red Hat JBoss Enterprise Application Platform 6.4 are advised
to upgrade to these updated packages.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1875176 - CVE-2020-14384 jbossweb: Incomplete fix of CVE-2020-13935 for WebSocket in JBossWeb could lead to DoS

6. Package List:

Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server:

Source:
jbossweb-7.5.31-3.Final_redhat_3.1.ep6.el5.src.rpm

noarch:
jbossweb-7.5.31-3.Final_redhat_3.1.ep6.el5.noarch.rpm

Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server:

Source:
jbossweb-7.5.31-3.Final_redhat_3.1.ep6.el6.src.rpm

noarch:
jbossweb-7.5.31-3.Final_redhat_3.1.ep6.el6.noarch.rpm

Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server:

Source:
jbossweb-7.5.31-3.Final_redhat_3.1.ep6.el7.src.rpm

noarch:
jbossweb-7.5.31-3.Final_redhat_3.1.ep6.el7.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-14384
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=6.4
https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/index.html
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=6.4

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBX19RttzjgjWX9erEAQgEvA/9Ekhb1Pn21VZWKDt1c3UBaJHY2Yl3m/SS
8gI8KrMrOQUdIKUCiwpVRgPa/aFDirVEepkedIVQFXxw2y798t3Krph2aH5ypZyQ
Kg4fDIrSmkXFZ24aNtj3/vLWNcSqiLjDlAWLULWhPG37uDNCJkQQEw18gXASn10p
ytKmPI6UuBUh80Wib5BH7ALxui2N5nDmCwmnvDApkB6WPDzAuK1o6F3glqKLGhus
kv0tgxRrzPY7iX83loRbdnnGjQTzucKLWBCug83F180x46z/wdFIqyx6YPlllI1g
+C/UYefJT57ZhjcnVNhuKsOxjOTEU2vnxxLMg1DULWi87XzSuw0ZVE8RojwSkIXC
4ZjKwJib94faHx41BAZaRVQezycj5NyVNv2znDC8h84JLxt8VPutR2T3/cqajvqx
UMfxAzcLUJ+LF0fjA2R8VnJNdI+//dGMsNPnb0yqGzm5EhIYzwqMwCNwnBSrXMIk
8T7e1wNqDJKIS1xWHM1z0qcy4F3QdWIJaCW8SR6ujwjOhJHXJRYvgn1JysQic1je
sUhyq7oy654CBecF7sfTZ81pCe4a2UwtL6AAJ+TQqEtMfjkPDUQgRHn38QxNWfJ8
lrgg80uqTmO1Vf4y9NTOmIcBt2anwWDamE0HjUX5mp9e41KGpsl/PtEESuMXbE82
M5wx+yB3iSw=
=DrWQ
- -----END PGP SIGNATURE-----

- --------------------------------------------------------------------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: Red Hat JBoss Enterprise Application Platform 6.4 security update
Advisory ID:       RHSA-2020:3731-01
Product:           Red Hat JBoss Enterprise Application Platform
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:3731
Issue date:        2020-09-14
CVE Names:         CVE-2020-14384 
=====================================================================

1. Summary:

An update is now available for Red Hat JBoss Enterprise Application
Platform 6.4.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Description:

Red Hat JBoss Enterprise Application Platform is a platform for Java
applications based on the JBoss Application Server.

This asynchronous patch is an update for JBoss Enterprise Application
Platform 6.4. All users of Red Hat JBoss Enterprise Application Platform
6.4 are advised to upgrade to these updated packages.

Security Fix(es):

* jbossweb: tomcat: multiple requests with invalid payload length in a
WebSocket frame could lead to DoS (CVE-2020-13935)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, see the CVE page(s) listed in the
References section.

3. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

1875176 - CVE-2020-14384 jbossweb: Incomplete fix of CVE-2020-13935 for WebSocket in JBossWeb could lead to DoS
1875869 - Tracker bug for the EAP 6.4.23 text only security update

5. References:

https://access.redhat.com/security/cve/CVE-2020-14384
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=6.4
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/6.4/

6. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBX19OqtzjgjWX9erEAQjfRQ//ZAd6WZfCQPvvXNwyux48MaQegjxgddKp
Ua52NTNUATQvDxaY9TLytrssCbrLlRoCIEvm4xFZE28YXb1u/AG8qOvhzWK/4syy
YOs5hilknqorcI+X4nFY40J+da/pGv5Nyrl2wmc3zoIS4oUznrqVlZMpuRtm3/Be
b5AcEe8XE9epN4xadwPjllwoHeNw4Nh5bfdPUWqBf54bGM7rU966VDIET7JaTfmj
qcVMFTOzNjDmKwZx8NKlsAN3PjDeW1N2/Ofqb2fWWQYh/mKBkwDgO5IhnkDgY29Z
EWoQyLEiNHcx3hS7WlXUWm1kEMwlgiuDFPRrO7kYby2VkzNvN1G9WCnVPf2vUepn
EdO2mxByJO8L65ZibaYmwguj3z5vhzCSV66C9IXk2Z4GPmMw3KRsFoaN7nKrwLKK
0MfzXSdHFZoL9jKn9pkdaidz0X6W7ehWo8RTrWfIHLjedWh34/5ZIl+HFUDov0mL
/ZZivdDH+NczpVueys/AaEFy5EY8oxas6DcQiIQit+bqaB4Od89K0eHiX75BW8O/
Y2d12gG0y7+dsWepyJfczRIrc0jhoO4tjR8bWaWUs71QyDpw5+byep+wrD8v0wGW
NHDinmgKzjsxy2EE3SePCw5EGJctgvk8yTd3c+uUV38FnJ2nXOYrsrFjbzgyffys
hpi8k49ONbk=
=Nqss
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX1/qGuNLKJtyKPYoAQhwrRAAg+Vkqm5MI4AgzdChZNzMqSk/eA7qaWHL
tS5XosYDhrR2fIN6SEB+8hur6k/S/pgOMZLGqvOWyqpqwrPhLS7lDRXi4UdX7i/g
HowP4E/w93SW1MNjj8NUeWsZnoRR9OiXC12e2C+Zro+SQYPRN9u3IuBcIdC+2iRZ
EE3hoKCo5Hgqufu98ByjqvItJiItFRkTRHo5IqaszR8UIsuUNUev9JZTFoR7QCxG
zqP95l5Dq9HA/m4+RdBq9+o1QGtShtRTSOVs+cJqZtWPYtDeJLo/bVU04fPTW0x1
uYNtClFFI9adkaGibKZhIObGJb8piE1n6zcq6mygIDctVuy5uNe4Liz8BMUtbx5E
tr95jfUBlyQ5STZfZzW3KEq0gr7v8+JoUBRMb9S2DueL6cD4kb8xqcOtTsC1X8op
BXgMcjllsTDzHAW5A1Vis6ek9gHM9puMtJ1YUl1dpAOjKt2Gg7Hivmy9FVZgASOu
EH3IKYK71EKfW9uJtU6/jBeeManpqvJRXr6ayTIElZTyefEM5HpJyu8n/rlCMqxQ
ncl6c24OnDShdKfRg/cBuf8lAVJv34sLvrRb61MKZZTOU/vA+204pd4/i6zm9Dd0
9CFoLFcnOQS3s3xHz8jB5BkSkQH5oUgbB4Kz7jOy9W5kxyGyW7rRE0MWVSGC5DE/
vOE/doHa4Sw=
=5534
-----END PGP SIGNATURE-----

The post ESB-2020.3148 – [RedHat] Red Hat JBoss Enterprise Application Platform 6.4: Denial of service – Remote/unauthenticated appeared first on Malware Devil.

https://malwaredevil.com/2020/09/15/esb-2020-3148-redhat-red-hat-jboss-enterprise-application-platform-6-4-denial-of-service-remote-unauthenticated/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3148-redhat-red-hat-jboss-enterprise-application-platform-6-4-denial-of-service-remote-unauthenticated

Malware Devil

Malware Devil

Tuesday, September 15, 2020

Joint Cybersecurity Advisory on Threat Hunting and Incident Response Released

Using the Cost of a Data Breach to Maximize Your ROI on Your Security Tools

Traffic Analysis Quiz: Oh No… Another Infection!, (Tue, Sep 15th)

Security Alert: Alert Regarding Vulnerabilities in Multiple MobileIron Products

I. Overview

II. Affected Products and Versions

III. Solution

IV. References

Cracks in the Foundation: Understanding the New Endpoint Challenge – John Loucaides – BSW #187

ESB-2020.3152 – [RedHat] dovecot: Denial of service – Remote/unauthenticated

ESB-2020.3151 – [RedHat] mysql:8.0: Multiple vulnerabilities

ESB-2020.3149 – [Appliance] BIG-IP: Reduced security – Unknown/unspecified

ESB-2020.3148 – [RedHat] Red Hat JBoss Enterprise Application Platform 6.4: Denial of service – Remote/unauthenticated

Barbary Pirates and Russian Cybercrime

Blog Archive

About Me