Zoom watermarking: pros and cons

Metadata, which gives background information on pieces of data, is typically hidden. It becomes a problem when accidentally revealed. Often tied to photography mishaps, it can be timestamps. It might be location. In some cases, it can be log analysis. Many tutorials exist to strip this information out. This is because it can reveal more than intended when it hits the public domain. Default settings are often to blame. For example, a mobile photography app or camera may embed GPS data by default.

Some people may find this useful; quite a few more may object to it as a creepy privacy invasion.

Well, that’s metadata. Now you have an idea what kind of things can lurk without knowledge. We can see what happens when we deliberately enable a data / tagging related function.

Watermarking: what’s the deal?

An interesting story has recently emerged on The Intercept, of voluntary data (in the form of watermarks) wrapped into Zoom recordings, which could cause headaches in unexpected ways. Watermarks aren’t hidden—they’re right there by design, if people choose to use them. And the visual side of this data is supposed to be viewable during the call.

The Intercept talks about accidental identity reveals, via data embedded into calls, in relation to the ever-present videoconferencing tool. You’d be forgiven for thinking the identity reveal referenced in the article had something to do with the watermarks, but no.

The reveal happened because someone recorded a video call and dropped it online, with participant’s faces on display. The people involved appear to be at least reasonably well known. The secret identity game was up regardless of what was under the hood.

Cause and effect

What the rest of the article is about, is theorising on the ways embedded metadata could cause issues for participants. Zoom allows for video and audio watermarking, with video of course being visual and so easier to spot. Video displays a portion of a user’s email address when someone is sharing their screen. Audio embeds the information of anyone recording the call into the audio, and Zoom lets you know who shared it. You must ask Zoom to do this, and the clip has to be more than 2 minutes in length.

Essentially, video watermarking is to help you know who is sharing and talking during the call. Audio watermarking is to allow you to figure out if someone is sharing without permission. The Intercept explores ways this could cause problems where confidentiality is a concern.

Some identity caveats

If Zoom content is shared online without permission, it may not matter much if revealing metadata is included, unless the video call is audio only. This is because people can be easy to identify visually. Is a public figure of some sort involved? The game is already lost. If they’re not normally a public facing persona, people could still find them via reverse image search or other matching tools. And if they can’t, a well-known location, or a name-badge, could give them away. There are so many variables at work, only the participants may know for sure.

Hunting the leaker: does it matter?

While the other concern of identifying the leaker is still important, your mileage may vary in terms of how useful it is, versus how much of an inadvertent threat it presents. It’s possible the leaker may not care much if they’re revealed. They may have used a fake identity, or even compromised a legitimate account in order to do the leaking.

It’s also possible that someone with a grudge could leak something then pretend they’d been compromised. If this happened, would you have a way of being able to determine the truth of the matter? Or would you simply take their word for it?

Weighing up the risk

All good questions, and a valuable reminder to consider which videoconferencing tools you want to make use of. For some organisations and individuals, there’s a valid use for the metadata dropped into the files. For others, it might be safer on balance to leave them out. It might even be worth using a virtual background instead of something which reveals personal information. It might be worth asking if you even need video at all, depending on sensitivity of call.

The choice, as always, is yours.

The post Zoom watermarking: pros and cons appeared first on Malwarebytes Labs.

The post Zoom watermarking: pros and cons appeared first on Malware Devil.

https://malwaredevil.com/2021/01/20/zoom-watermarking-pros-and-cons/?utm_source=rss&utm_medium=rss&utm_campaign=zoom-watermarking-pros-and-cons

DEF CON 28 Safe Mode IoT Village – Mark Bereza’s ‘VULNtron 4 CVEs Turn A Teleconference Bot Into A Spy’

Many thanks to DEF CON and Conference Speakers for publishing their outstanding presentations; of which, originally appeared at the organization’s DEFCON 28 SAFE MODE Conference, and on the DEF CON YouTube channel. Enjoy!

Permalink

The post DEF CON 28 Safe Mode IoT Village – Mark Bereza’s ‘VULNtron 4 CVEs Turn A Teleconference Bot Into A Spy’ appeared first on Security Boulevard.

Read More

The post DEF CON 28 Safe Mode IoT Village – Mark Bereza’s ‘VULNtron 4 CVEs Turn A Teleconference Bot Into A Spy’ appeared first on Malware Devil.

https://malwaredevil.com/2021/01/20/def-con-28-safe-mode-iot-village-mark-berezas-vulntron-4-cves-turn-a-teleconference-bot-into-a-spy/?utm_source=rss&utm_medium=rss&utm_campaign=def-con-28-safe-mode-iot-village-mark-berezas-vulntron-4-cves-turn-a-teleconference-bot-into-a-spy

The Joy of Tech® ‘The Return Of MagSafe’

via the Comic Noggins of Nitrozac and Snaggy at The Joy of Tech®!

Permalink

The post The Joy of Tech® ‘The Return Of MagSafe’ appeared first on Security Boulevard.

Read More

The post The Joy of Tech® ‘The Return Of MagSafe’ appeared first on Malware Devil.

https://malwaredevil.com/2021/01/20/the-joy-of-tech-the-return-of-magsafe/?utm_source=rss&utm_medium=rss&utm_campaign=the-joy-of-tech-the-return-of-magsafe

Has the coronavirus pandemic affected Apple’s hardware design?

The more things change… the more they stay the same!
Read More

The post Has the coronavirus pandemic affected Apple’s hardware design? appeared first on Malware Devil.

https://malwaredevil.com/2021/01/20/has-the-coronavirus-pandemic-affected-apples-hardware-design-2/?utm_source=rss&utm_medium=rss&utm_campaign=has-the-coronavirus-pandemic-affected-apples-hardware-design-2

Has the coronavirus pandemic affected Apple’s hardware design?

The more things change… the more they stay the same!
Read More

The post Has the coronavirus pandemic affected Apple’s hardware design? appeared first on Malware Devil.

https://malwaredevil.com/2021/01/20/has-the-coronavirus-pandemic-affected-apples-hardware-design/?utm_source=rss&utm_medium=rss&utm_campaign=has-the-coronavirus-pandemic-affected-apples-hardware-design

ESB-2021.0225 – [RedHat] linux-firmware: Increased privileges – Remote/unauthenticated

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0225
                      linux-firmware security update
                              20 January 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           linux-firmware
Publisher:         Red Hat
Operating System:  Red Hat
Impact/Access:     Increased Privileges -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-12321  

Reference:         ESB-2020.4429
                   ESB-2020.4422
                   ESB-2020.4083

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2021:0183

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: linux-firmware security update
Advisory ID:       RHSA-2021:0183-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:0183
Issue date:        2021-01-19
CVE Names:         CVE-2020-12321 
=====================================================================

1. Summary:

An update for linux-firmware is now available for Red Hat Enterprise Linux
8.1 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS EUS (v. 8.1) - noarch

3. Description:

The linux-firmware packages contain all of the firmware files that are
required by various devices to operate.

Security Fix(es):

* hardware: buffer overflow in bluetooth firmware (CVE-2020-12321)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1893914 - CVE-2020-12321 hardware: buffer overflow in bluetooth firmware

6. Package List:

Red Hat Enterprise Linux BaseOS EUS (v. 8.1):

Source:
linux-firmware-20190516-96.git711d3297.el8_1.src.rpm

noarch:
iwl100-firmware-39.31.5.1-96.el8_1.1.noarch.rpm
iwl1000-firmware-39.31.5.1-96.el8_1.1.noarch.rpm
iwl105-firmware-18.168.6.1-96.el8_1.1.noarch.rpm
iwl135-firmware-18.168.6.1-96.el8_1.1.noarch.rpm
iwl2000-firmware-18.168.6.1-96.el8_1.1.noarch.rpm
iwl2030-firmware-18.168.6.1-96.el8_1.1.noarch.rpm
iwl3160-firmware-25.30.13.0-96.el8_1.1.noarch.rpm
iwl3945-firmware-15.32.2.9-96.el8_1.1.noarch.rpm
iwl4965-firmware-228.61.2.24-96.el8_1.1.noarch.rpm
iwl5000-firmware-8.83.5.1_1-96.el8_1.1.noarch.rpm
iwl5150-firmware-8.24.2.2-96.el8_1.1.noarch.rpm
iwl6000-firmware-9.221.4.1-96.el8_1.1.noarch.rpm
iwl6000g2a-firmware-18.168.6.1-96.el8_1.1.noarch.rpm
iwl6000g2b-firmware-18.168.6.1-96.el8_1.1.noarch.rpm
iwl6050-firmware-41.28.5.1-96.el8_1.1.noarch.rpm
iwl7260-firmware-25.30.13.0-96.el8_1.1.noarch.rpm
libertas-sd8686-firmware-20190516-96.git711d3297.el8_1.noarch.rpm
libertas-sd8787-firmware-20190516-96.git711d3297.el8_1.noarch.rpm
libertas-usb8388-firmware-20190516-96.git711d3297.el8_1.noarch.rpm
libertas-usb8388-olpc-firmware-20190516-96.git711d3297.el8_1.noarch.rpm
linux-firmware-20190516-96.git711d3297.el8_1.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-12321
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYAa6tdzjgjWX9erEAQjqsBAAoqdhUb8NNg9aFUQWg9CJ7iCO1vbxevut
jYW2G3mwivRFbc6fDRnIOSA0SJl5GMJ1RCzzXxH51UWrO+IFMrvPHqFFn+c+Ed43
B7GvKUdFChshCC38l//5hMmIJaw+0Vw6rhHqtRDLztIoIn9gT2RwdeBA1musgrY7
qZAiMRmid0wnXTUWdSsG/fqUtjJ7+236C3AIj1+tD3IiXxKFWyQMIqwUJK7d88br
ooIVMpUORrwBSfoH8xrnM5x2ulB7nTrgpi9IHD7GleLFsGtdfRJOCLztQtQxRrrs
BiqXoRKqMFNb/sf0fo9OJtj/9aWonYIc/WV31++VLYNniuBAnQwF0wco88JHdvLh
JnnSKPi5G/pGfvaO7BIhyBROYyIIxvfaphuSK7sAU2o2A4kJcGtXpaczNecoWKgE
Lx7azLGOoroJZXzZ03EZEtKayJHFxvCXuwC1w7h8qr6CkiXxB6o5L4IsA1NVzjiA
BogYfTOzXctaoCmlL2RdwV6RHbrfkBEL1GLMY/PPZ2cTlKpMEp8h5VnUeusGOEd+
13TtY5k3P0FHYxYUuV77j2rgWKIgVNQj4RotW5rML3bN9ENu4KzCV3ICbYyy6X7a
lxEnZaHoDsSzLZkVxNogYIT4rjAvrmTICFPxWrvHJlkjbm/+iaEpK+nsyS4EifGx
+LPgIdUgBzY=
=jEAE
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYAd7sONLKJtyKPYoAQhHsg//WqmjS7fuuzb4DnGWNaWMC6qJIxl10f17
E0i+lCThHmyA4GK6v2QUTi5LRYqDkHp1BId1tOrwJXjxRE6c2pJMY5DjKB6SG7wz
yUdpFAACbRvjDrj54aKP0ITXoLGZn9Y71nVrrrCruOniSQ9mk7EfrS9XFe75IFzL
7Nk6Kog9m4rNLBvRzlrflR4ot+7p/kFbCN9rKlxJsi0GtdcwWRA6BOrUqGXCAF8F
QwvjijRMQlYMXShonmgN4atJm86jgH5dcZaCCrAQR0zBPKIe/G6maw7NpiDUiery
ArlJzbS1zSi3OqBR+j1MziWCmTSGNfIGQLheDnm41I86QlcRejd1Fj/DJ06Sl0Lg
JEwc5aWwXi0iClcX2D51mdLI8Fptsh+50Eufm/xCjGOF17RdzDz6AObNto7cgbbs
Sy9PHzNGmWP2KmKp2hYk3xEbFDesGfSX1eEL2f35kUTiuWbYDZZ/v2fNJg6DnvqK
Ydr5Qoqv3HePjaw12cXqGC+n6T5UvasQ4I6WFN6IQqMF/RzRs94Q7hMYV7uOg1eh
B+vgaG9dapwUQGKtq0zlRqZwR00alVTXRDpJ+sXoslRFU3AFMgl9vy6c3UXiq/rK
sIAaau00ZtSudVeHIjHX2VB056c0qqGZzVqa0mcStUhSG4hP+tLFHOA0dun+FpAm
+5AI7PjlBCU=
=p6rO
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.0225 – [RedHat] linux-firmware: Increased privileges – Remote/unauthenticated appeared first on Malware Devil.

https://malwaredevil.com/2021/01/20/esb-2021-0225-redhat-linux-firmware-increased-privileges-remote-unauthenticated/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0225-redhat-linux-firmware-increased-privileges-remote-unauthenticated

ESB-2021.0226 – [RedHat] kpatch-patch: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0226
                       kpatch-patch security update
                              20 January 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           kpatch-patch
Publisher:         Red Hat
Operating System:  Red Hat
Impact/Access:     Denial of Service        -- Existing Account
                   Access Confidential Data -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-25211  

Reference:         ESB-2021.0034
                   ESB-2020.4284
                   ESB-2020.4275.2

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2021:0189

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kpatch-patch security update
Advisory ID:       RHSA-2021:0189-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:0189
Issue date:        2021-01-19
CVE Names:         CVE-2020-25211 
=====================================================================

1. Summary:

An update is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS EUS (v. 8.1) - ppc64le, x86_64

3. Description:

This is a kernel live patch module which is automatically loaded by the RPM
post-install script to modify the code of a running kernel.

Security Fix(es):

* kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in
net/netfilter/nf_conntrack_netlink.c (CVE-2020-25211)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1877571 - CVE-2020-25211 kernel: Local buffer overflow in ctnetlink_parse_tuple_filter 
in net/netfilter/nf_conntrack_netlink.c

6. Package List:

Red Hat Enterprise Linux BaseOS EUS (v. 8.1):

Source:
kpatch-patch-4_18_0-147_13_2-1-6.el8_1.src.rpm
kpatch-patch-4_18_0-147_20_1-1-5.el8_1.src.rpm
kpatch-patch-4_18_0-147_24_2-1-3.el8_1.src.rpm
kpatch-patch-4_18_0-147_27_1-1-3.el8_1.src.rpm
kpatch-patch-4_18_0-147_32_1-1-1.el8_1.src.rpm
kpatch-patch-4_18_0-147_34_1-1-1.el8_1.src.rpm
kpatch-patch-4_18_0-147_5_1-1-10.el8_1.src.rpm
kpatch-patch-4_18_0-147_8_1-1-8.el8_1.src.rpm

ppc64le:
kpatch-patch-4_18_0-147_13_2-1-6.el8_1.ppc64le.rpm
kpatch-patch-4_18_0-147_13_2-debuginfo-1-6.el8_1.ppc64le.rpm
kpatch-patch-4_18_0-147_13_2-debugsource-1-6.el8_1.ppc64le.rpm
kpatch-patch-4_18_0-147_20_1-1-5.el8_1.ppc64le.rpm
kpatch-patch-4_18_0-147_20_1-debuginfo-1-5.el8_1.ppc64le.rpm
kpatch-patch-4_18_0-147_20_1-debugsource-1-5.el8_1.ppc64le.rpm
kpatch-patch-4_18_0-147_24_2-1-3.el8_1.ppc64le.rpm
kpatch-patch-4_18_0-147_24_2-debuginfo-1-3.el8_1.ppc64le.rpm
kpatch-patch-4_18_0-147_24_2-debugsource-1-3.el8_1.ppc64le.rpm
kpatch-patch-4_18_0-147_27_1-1-3.el8_1.ppc64le.rpm
kpatch-patch-4_18_0-147_27_1-debuginfo-1-3.el8_1.ppc64le.rpm
kpatch-patch-4_18_0-147_27_1-debugsource-1-3.el8_1.ppc64le.rpm
kpatch-patch-4_18_0-147_32_1-1-1.el8_1.ppc64le.rpm
kpatch-patch-4_18_0-147_32_1-debuginfo-1-1.el8_1.ppc64le.rpm
kpatch-patch-4_18_0-147_32_1-debugsource-1-1.el8_1.ppc64le.rpm
kpatch-patch-4_18_0-147_34_1-1-1.el8_1.ppc64le.rpm
kpatch-patch-4_18_0-147_34_1-debuginfo-1-1.el8_1.ppc64le.rpm
kpatch-patch-4_18_0-147_34_1-debugsource-1-1.el8_1.ppc64le.rpm
kpatch-patch-4_18_0-147_5_1-1-10.el8_1.ppc64le.rpm
kpatch-patch-4_18_0-147_8_1-1-8.el8_1.ppc64le.rpm

x86_64:
kpatch-patch-4_18_0-147_13_2-1-6.el8_1.x86_64.rpm
kpatch-patch-4_18_0-147_13_2-debuginfo-1-6.el8_1.x86_64.rpm
kpatch-patch-4_18_0-147_13_2-debugsource-1-6.el8_1.x86_64.rpm
kpatch-patch-4_18_0-147_20_1-1-5.el8_1.x86_64.rpm
kpatch-patch-4_18_0-147_20_1-debuginfo-1-5.el8_1.x86_64.rpm
kpatch-patch-4_18_0-147_20_1-debugsource-1-5.el8_1.x86_64.rpm
kpatch-patch-4_18_0-147_24_2-1-3.el8_1.x86_64.rpm
kpatch-patch-4_18_0-147_24_2-debuginfo-1-3.el8_1.x86_64.rpm
kpatch-patch-4_18_0-147_24_2-debugsource-1-3.el8_1.x86_64.rpm
kpatch-patch-4_18_0-147_27_1-1-3.el8_1.x86_64.rpm
kpatch-patch-4_18_0-147_27_1-debuginfo-1-3.el8_1.x86_64.rpm
kpatch-patch-4_18_0-147_27_1-debugsource-1-3.el8_1.x86_64.rpm
kpatch-patch-4_18_0-147_32_1-1-1.el8_1.x86_64.rpm
kpatch-patch-4_18_0-147_32_1-debuginfo-1-1.el8_1.x86_64.rpm
kpatch-patch-4_18_0-147_32_1-debugsource-1-1.el8_1.x86_64.rpm
kpatch-patch-4_18_0-147_34_1-1-1.el8_1.x86_64.rpm
kpatch-patch-4_18_0-147_34_1-debuginfo-1-1.el8_1.x86_64.rpm
kpatch-patch-4_18_0-147_34_1-debugsource-1-1.el8_1.x86_64.rpm
kpatch-patch-4_18_0-147_5_1-1-10.el8_1.x86_64.rpm
kpatch-patch-4_18_0-147_8_1-1-8.el8_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-25211
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYAbQYtzjgjWX9erEAQgm8w//X3r7OPdWupWUb+F/gNoDtR/MFqxgLNEb
cxNXhXGSTxs3QUtgWWxIBto8ieIi/PlIJdud5f5f6Vr8STAOC3IlTK2xsfmNHbe4
2Uw+ONslXYclGDqZ/fcs4lWu/Zu+ZKu51qSHvHbaBXICNBG3U25Lz78XOueItclp
yIRZnnsr+9paYSkb6Ci9ACaMHogJCqQpLsGllYIwY3SLdWcMQ1yoUMJR0iS8b461
GrwtDGG4bj8fy0jPo5oq+fX74EnPnp6BJHXWCHGwT/UEIXDm0BH3jub9bf0vFKQv
pv0YBDSsZEYYLnlGXeDuRfLhKv6bVIQq755Fy0RC0Ax328Epkq9esTFV4CtSx4vF
4sN67xr9K5WVM7khmaFemfcOqyCF59dgkfFTONr2qyaS2hMHXRiwGWn7zQH2jnwK
0VfjJXPH0rwGWuyOl6JmvGWcnjdjWMO+TSVXu798Lr3C7QAOxiO3ydQ8Ic8x0a/f
xu8/THJ8x9fXKeT8pz+Y8HCOabCEPoDwM1MSYBJhPGQS5TCsDGU5QyNslgD45Pjo
Z52W/wjgGW+GcVCa5+ARu7iNYYo/Pa6hE1P6v5VW0TTINg6AbrgLEctLWkAskYO4
A1VdZsPVbij39/QUXaHGTTc72duBwcfLoaChydyVBgE7hKh2lpz6Hg9A8/4GJu1j
KihsJmkvvyE=
=oyds
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYAd7veNLKJtyKPYoAQg8KA//e3YhRqhDlw2g2ASGnoS4pSuR5eKijNPU
XhT3IvrRsaKELv4Orx/fEApURxwKgMrbF+67wvroAozxM0PdjFq/IQ/E0BSTlkzg
pi7ssoW9MohAl7KjnOaFGZxbrdrssMT5gZJBgrQYkKiwnk9bsi+9/fpn11rIJ9GN
vt9cX9O6Y56gTr09WrUBM807Jbqg4b44+bXWll2RSimW28BurfReNAeKSP4FcnDV
ODI80RF/eOrwJzjurUPkyFiH/KPB7IwSmT//yWpTVmBPENNjsXbtaZ4P6E1b+cYT
yqtIDbntqAlF6q0kA4aQAvxaMIFIs55WPE+zZIToDOMBaaic8bPI1YwZw5lmPscu
29px3F26tB3Qp695f8V+XXpHylh+cEdGf2XeXSErZC4rIglItk8AqybbHG8YjYfu
aEFExS8dky3OIK/NYT/QW5SOzo9eLUDAtauKO/8uWkYbej5P4WUA5j7phWGZnroz
PzjOXsNfeYINz2vLYy7FrSJk0f3pDWaBWE7Fj0Y91SYNqDU4jbhVsb8a4USsRYCr
SQDwCiVqmnsHN+ZRZawCln7UjPEEOPJxK+YDMeslxSI+uc+Nt1llWNe8DRXvlpNf
AKfVGMPvMnhxmEYqmIghcauuomo6o/zknqjUBuT5iOXUOCYQygw2mzYSuzXsRmKk
E/lqVQ8cHzw=
=ikIA
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.0226 – [RedHat] kpatch-patch: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/01/20/esb-2021-0226-redhat-kpatch-patch-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0226-redhat-kpatch-patch-multiple-vulnerabilities

ESB-2021.0202.2 – UPDATE [SUSE] slurm_20_02: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                              ESB-2021.0202.2
                      Security update for slurm_20_02
                              20 January 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           slurm_20_02
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Access Confidential Data        -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-27746 CVE-2020-27745 

Reference:         ESB-2020.4537
                   ESB-2020.4501
                   ESB-2020.4484
                   ESB-2020.4176

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2021/suse-su-20210139-1
   https://www.suse.com/support/update/announcement/2021/suse-su-20210155-1

Comment: This bulletin contains two (2) SUSE security advisories.

Revision History:  January 20 2021: Vendor released associated advisory
                   January 18 2021: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

SUSE Security Update: Security update for slurm_20_02

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:0139-1
Rating:            moderate
References:        #1178890 #1178891
Cross-References:  CVE-2020-27745 CVE-2020-27746
Affected Products:
                   SUSE Linux Enterprise Module for HPC 15-SP1
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for slurm_20_02 fixes the following issues:
Updated to 20.02.6, addresses two security fixes:
* PMIx - fix potential buffer overflows from use of unpackmem(). CVE-2020-27745
(bsc#1178890) * X11 forwarding - fix potential leak of the magic cookie when
sent as an argument to the xauth command. CVE-2020-27746 (bsc#1178891)
And many other bugfixes, full log and details available at: * https://
lists.schedmd.com/pipermail/slurm-announce/2020/000045.html
Updated to 20.02.5, changes:
* Fix leak of TRESRunMins when job time is changed with --time-min * pam_slurm
- - explicitly initialize slurm config to support configless mode. * scontrol -
Fix exit code when creating/updating reservations with wrong Flags. * When a
GRES has a no_consume flag, report 0 for allocated. * Fix cgroup cleanup by
jobacct_gather/cgroup. * When creating reservations/jobs don't allow counts on
a feature unless using an XOR. * Improve number of boards discovery * Fix
updating a reservation NodeCnt on a zero-count reservation. * slurmrestd -
provide an explicit error messages when PSK auth fails. * cons_tres - fix job
requesting single gres per-node getting two or more nodes with less CPUs than
requested per-task. * cons_tres - fix calculation of cores when using gres and
cpus-per-task. * cons_tres - fix job not getting access to socket without GPU
or with less than --gpus-per-socket when not enough cpus available on required
socket and not using --gres-flags=enforce binding. * Fix HDF5 type version
build error. * Fix creation of CoreCnt only reservations when the first node
isn't available. * Fix wrong DBD Agent queue size in sdiag when using
accounting_storage/none. * Improve job constraints XOR option logic. * Fix
preemption of hetjobs when needed nodes not in leader component. * Fix wrong
bit_or() messing potential preemptor jobs node bitmap, causing bad node
deallocations and even allocation of nodes from other partitions. * Fix
double-deallocation of preempted non-leader hetjob components. * slurmdbd -
prevent truncation of the step nodelists over 4095. * Fix nodes remaining in
drain state state after rebooting with ASAP option.
changes from 20.02.4:
* srun - suppress job step creation warning message when waiting on
PrologSlurmctld. * slurmrestd - fix incorrect return values in
data_list_for_each() functions. * mpi/pmix - fix issue where HetJobs could fail
to launch. * slurmrestd - set content-type header in responses. * Fix cons_res
GRES overallocation for --gres-flags=disable-binding. * Fix cons_res
incorrectly filtering cores with respect to GRES locality for --gres-flags=
disable-binding requests. * Fix regression where a dependency on multiple jobs
in a single array using underscores would only add the first job. * slurmrestd
- - fix corrupted output due to incorrect use of memcpy(). * slurmrestd - address
a number of minor Coverity warnings. * Handle retry failure when slurmstepd is
communicating with srun correctly. * Fix jobacct_gather possibly duplicate
stats when _is_a_lwp error shows up. * Fix tasks binding to GRES which are
closest to the allocated CPUs. * Fix AMD GPU ROCM 3.5 support. * Fix handling
of job arrays in sacct when querying specific steps. * slurmrestd - avoid
fallback to local socket authentication if JWT authentication is ill-formed. *
slurmrestd - restrict ability of requests to use different authentication
plugins. * slurmrestd - unlink named unix sockets before closing. * slurmrestd
- - fix invalid formatting in openapi.json. * Fix batch jobs stuck in CF state on
FrontEnd mode. * Add a separate explicit error message when rejecting changes
to active node features. * cons_common/job_test - fix slurmctld SIGABRT due to
double-free. * Fix updating reservations to set the duration correctly if
updating the start time. * Fix update reservation to promiscuous mode. * Fix
override of job tasks count to max when ntasks-per-node present. * Fix min CPUs
per node not being at least CPUs per task requested. * Fix CPUs allocated to
match CPUs requested when requesting GRES and threads per core equal to one. *
Fix NodeName config parsing with Boards and without CPUs. * Ensure
SLURM_JOB_USER and SLURM_JOB_UID are set in SrunProlog/Epilog. * Fix error
messages for certain invalid salloc/sbatch/srun options. * pmi2 - clean up
sockets at step termination. * Fix 'scontrol hold' to work with 'JobName'. *
sbatch - handle --uid/--gid in #SBATCH directives properly. * Fix race
condition in job termination on slurmd. * Print specific error messages if
trying to run use certain priority/multifactor factors that cannot work without
SlurmDBD. * Avoid partial GRES allocation when --gpus-per-job is not satisfied.
* Cray - Avoid referencing a variable outside of it's correct scope when
dealing with creating steps within a het job. * slurmrestd - correctly handle
larger addresses from accept(). * Avoid freeing wrong pointer with
SlurmctldParameters=max_dbd_msg_action with another option after that. *
Restore MCS label when suspended job is resumed. * Fix insufficient lock
levels. * slurmrestd - use errno from job submission. * Fix "user" filter for
sacctmgr show transactions. * Fix preemption logic. * Fix no_consume GRES for
exclusive (whole node) requests. * Fix regression in 20.02 that caused an
infinite loop in slurmctld when requesting --distribution=plane for the job. *
Fix parsing of the --distribution option. * Add CONF READ_LOCK to
_handle_fed_send_job_sync. * prep/script - always call slurmctld PrEp callback
in _run_script(). * Fix node estimation for jobs that use GPUs or
- --cpus-per-task. * Fix jobcomp, job_submit and cli_filter Lua implementation
plugins causing slurmctld and/or job submission CLI tools segfaults due to bad
return handling when the respective Lua script failed to load. * Fix
propagation of gpu options through hetjob components. * Add SLURM_CLUSTERS
environment variable to scancel. * Fix packing/unpacking of "unlinked" jobs. *
Connect slurmstepd's stderr to srun for steps launched with --pty. * Handle MPS
correctly when doing exclusive allocations. * slurmrestd - fix compiling
against libhttpparser in a non-default path. * slurmrestd - avoid compilation
issues with libhttpparser 

Read More

The post ESB-2021.0202.2 – UPDATE [SUSE] slurm_20_02: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/01/20/esb-2021-0202-2-update-suse-slurm_20_02-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0202-2-update-suse-slurm_20_02-multiple-vulnerabilities

ESB-2021.0205.2 – UPDATE [SUSE] ImageMagick: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                              ESB-2021.0205.2
                      Security update for ImageMagick
                              20 January 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           ImageMagick
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Execute Arbitrary Code/Commands -- Existing Account
                   Denial of Service               -- Existing Account
                   Reduced Security                -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-29599 CVE-2020-27776 CVE-2020-27775
                   CVE-2020-27774 CVE-2020-27773 CVE-2020-27772
                   CVE-2020-27771 CVE-2020-27770 CVE-2020-27769
                   CVE-2020-27768 CVE-2020-27767 CVE-2020-27766
                   CVE-2020-27765 CVE-2020-27764 CVE-2020-27763
                   CVE-2020-27762 CVE-2020-27761 CVE-2020-27760
                   CVE-2020-27759 CVE-2020-27758 CVE-2020-27757
                   CVE-2020-27756 CVE-2020-27755 CVE-2020-27754
                   CVE-2020-27753 CVE-2020-27752 CVE-2020-27751
                   CVE-2020-27750 CVE-2020-25676 CVE-2020-25675
                   CVE-2020-25674 CVE-2020-25666 CVE-2020-25665
                   CVE-2020-25664 CVE-2020-19667 

Reference:         ESB-2021.0165
                   ESB-2021.0110
                   ESB-2021.0038

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2021/suse-su-202114598-1
   https://www.suse.com/support/update/announcement/2021/suse-su-20210153-1
   https://www.suse.com/support/update/announcement/2021/suse-su-20210156-1

Comment: This bulletin contains three (3) SUSE security advisories.

Revision History:  January 20 2021: Vendor released associated advisory SUSE-SU-2021:0156-1
                   January 18 2021: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

SUSE Security Update: Security update for ImageMagick

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:14598-1
Rating:            moderate
References:        #1179103 #1179202 #1179212 #1179269 #1179281 #1179311
                   #1179312 #1179313 #1179315 #1179321 #1179322 #1179327
                   #1179336 #1179338 #1179339 #1179345 #1179346 #1179347
                   #1179397
Cross-References:  CVE-2020-19667 CVE-2020-25664 CVE-2020-25666 CVE-2020-27751
                   CVE-2020-27752 CVE-2020-27753 CVE-2020-27754 CVE-2020-27755
                   CVE-2020-27759 CVE-2020-27760 CVE-2020-27761 CVE-2020-27763
                   CVE-2020-27765 CVE-2020-27767 CVE-2020-27768 CVE-2020-27769
                   CVE-2020-27771 CVE-2020-27772 CVE-2020-27775
Affected Products:
                   SUSE Linux Enterprise Server 11-SP4-LTSS
                   SUSE Linux Enterprise Point of Sale 11-SP3
                   SUSE Linux Enterprise Debuginfo 11-SP4
                   SUSE Linux Enterprise Debuginfo 11-SP3
______________________________________________________________________________

An update that fixes 19 vulnerabilities is now available.

Description:

This update for ImageMagick fixes the following issues:

  o CVE-2020-19667: Fixed a stack buffer overflow in XPM coder could result in
    a crash (bsc#1179103).
  o CVE-2020-25664: Fixed a heap-based buffer overflow in PopShortPixel (bsc#
    1179202).
  o CVE-2020-25666: Fixed an outside the range of representable values of type
    'int' and signed integer overflow (bsc#1179212).
  o CVE-2020-27751: Fixed an integer overflow in MagickCore/quantum-export.c
    (bsc#1179269).
  o CVE-2020-27752: Fixed a heap-based buffer overflow in PopShortPixel in
    MagickCore/quantum-private.h (bsc#1179346).
  o CVE-2020-27753: Fixed memory leaks in AcquireMagickMemory function (bsc#
    1179397).
  o CVE-2020-27754: Fixed an outside the range of representable values of type
    'long' and signed integer overflow at MagickCore/quantize.c (bsc#1179336).
  o CVE-2020-27755: Fixed memory leaks in ResizeMagickMemory function in
    ImageMagick/MagickCore/memory.c (bsc#1179345).
  o CVE-2020-27757: Fixed an outside the range of representable values of type
    'unsigned long long' at MagickCore/quantum-private.h (bsc#1179268).
  o CVE-2020-27759: Fixed an outside the range of representable values of type
    'int' at MagickCore/quantize.c (bsc#1179313).
  o CVE-2020-27760: Fixed a division by zero at MagickCore/enhance.c (bsc#
    1179281).
  o CVE-2020-27761: Fixed an outside the range of representable values of type
    'unsigned long' at coders/palm.c (bsc#1179315).
  o CVE-2020-27763: Fixed a division by zero at MagickCore/resize.c (bsc#
    1179312).
  o CVE-2020-27765: Fixed a division by zero at MagickCore/segment.c (bsc#
    1179311).
  o CVE-2020-27767: Fixed an outside the range of representable values of type
    'float' at MagickCore/quantum.h (bsc#1179322).
  o CVE-2020-27768: Fixed an outside the range of representable values of type
    'unsigned int' at MagickCore/quantum-private.h (bsc#1179339).
  o CVE-2020-27769: Fixed an outside the range of representable values of type
    'float' at MagickCore/quantize.c (bsc#1179321).
  o CVE-2020-27771: Fixed an outside the range of representable values of type
    'unsigned char' at coders/pdf.c (bsc#1179327).
  o CVE-2020-27772: Fixed an outside the range of representable values of type
    'unsigned int' at coders/bmp.c (bsc#1179347).
  o CVE-2020-27775: Fixed an outside the range of representable values of type
    'unsigned char' at MagickCore/quantum.h (bsc#1179338).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Server 11-SP4-LTSS:
    zypper in -t patch slessp4-ImageMagick-14598=1
  o SUSE Linux Enterprise Point of Sale 11-SP3:
    zypper in -t patch sleposp3-ImageMagick-14598=1
  o SUSE Linux Enterprise Debuginfo 11-SP4:
    zypper in -t patch dbgsp4-ImageMagick-14598=1
  o SUSE Linux Enterprise Debuginfo 11-SP3:
    zypper in -t patch dbgsp3-ImageMagick-14598=1

Package List:

  o SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64):
       libMagickCore1-6.4.3.6-78.135.1
  o SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64):
       libMagickCore1-32bit-6.4.3.6-78.135.1
  o SUSE Linux Enterprise Point of Sale 11-SP3 (i586):
       libMagickCore1-6.4.3.6-78.135.1
  o SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64):
       ImageMagick-debuginfo-6.4.3.6-78.135.1
       ImageMagick-debugsource-6.4.3.6-78.135.1
  o SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64):
       ImageMagick-debuginfo-6.4.3.6-78.135.1
       ImageMagick-debugsource-6.4.3.6-78.135.1


References:

  o https://www.suse.com/security/cve/CVE-2020-19667.html
  o https://www.suse.com/security/cve/CVE-2020-25664.html
  o https://www.suse.com/security/cve/CVE-2020-25666.html
  o https://www.suse.com/security/cve/CVE-2020-27751.html
  o https://www.suse.com/security/cve/CVE-2020-27752.html
  o https://www.suse.com/security/cve/CVE-2020-27753.html
  o https://www.suse.com/security/cve/CVE-2020-27754.html
  o https://www.suse.com/security/cve/CVE-2020-27755.html
  o https://www.suse.com/security/cve/CVE-2020-27759.html
  o https://www.suse.com/security/cve/CVE-2020-27760.html
  o https://www.suse.com/security/cve/CVE-2020-27761.html
  o https://www.suse.com/security/cve/CVE-2020-27763.html
  o https://www.suse.com/security/cve/CVE-2020-27765.html
  o https://www.suse.com/security/cve/CVE-2020-27767.html
  o https://www.suse.com/security/cve/CVE-2020-27768.html
  o https://www.suse.com/security/cve/CVE-2020-27769.html
  o https://www.suse.com/security/cve/CVE-2020-27771.html
  o https://www.suse.com/security/cve/CVE-2020-27772.html
  o https://www.suse.com/security/cve/CVE-2020-27775.html
  o https://bugzilla.suse.com/1179103
  o https://bugzilla.suse.com/1179202
  o https://bugzilla.suse.com/1179212
  o https://bugzilla.suse.com/1179269
  o https://bugzilla.suse.com/1179281
  o https://bugzilla.suse.com/1179311
  o https://bugzilla.suse.com/1179312
  o https://bugzilla.suse.com/1179313
  o https://bugzilla.suse.com/1179315
  o https://bugzilla.suse.com/1179321
  o https://bugzilla.suse.com/1179322
  o https://bugzilla.suse.com/1179327
  o https://bugzilla.suse.com/1179336
  o https://bugzilla.suse.com/1179338
  o https://bugzilla.suse.com/1179339
  o https://bugzilla.suse.com/1179345
  o https://bugzilla.suse.com/1179346
  o https://bugzilla.suse.com/1179347
  o https://bugzilla.suse.com/1179397

- --------------------------------------------------------------------------------

SUSE Security Update: Security update for ImageMagick

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:0153-1
Rating:            moderate
References:        #1179202 #1179208 #1179212 #1179221 #1179223 #1179240
                   #1179244 #1179260 #1179268 #1179269 #1179276 #1179278
                   #1179281 #1179285 #1179311 #1179312 #1179313 #1179315
                   #1179317 #1179321 #1179322 #1179327 #1179333 #1179336
                   #1179338 #1179339 #1179343 #1179345 #1179346 #1179347
                   #1179361 #1179362 #1179397 #1179753
Cross-References:  CVE-2020-25664 CVE-2020-25665 CVE-2020-25666 CVE-2020-25674
                   CVE-2020-25675 CVE-2020-25676 CVE-2020-27750 CVE-2020-27751
                   CVE-2020-27752 CVE-2020-27753 CVE-2020-27754 CVE-2020-27755
                   CVE-2020-27756 CVE-2020-27757 CVE-2020-27758 CVE-2020-27759
                   CVE-2020-27760 CVE-2020-27761 CVE-2020-27762 CVE-2020-27763
                   CVE-2020-27764 CVE-2020-27765 CVE-2020-27766 CVE-2020-27767
                   CVE-2020-27768 CVE-2020-27769 CVE-2020-27770 CVE-2020-27771
                   CVE-2020-27772 CVE-2020-27773 CVE-2020-27774 CVE-2020-27775
                   CVE-2020-27776 CVE-2020-29599
Affected Products:
                   SUSE Linux Enterprise Module for Development Tools 15-SP2
                   SUSE Linux Enterprise Module for Desktop Applications 15-SP2
______________________________________________________________________________

An update that fixes 34 vulnerabilities is now available.

Description:

This update for ImageMagick fixes the following issues:

  o CVE-2020-25664: Fixed a heap-based buffer overflow in PopShortPixel (bsc#
    1179202).
  o CVE-2020-25665: Fixed a heap-based buffer overflow in WritePALMImage (bsc#
    1179208).
  o CVE-2020-25666: Fixed an outside the range of representable values of type
    'int' and signed integer overflow (bsc#1179212).
  o CVE-2020-25674: Fixed a heap-based buffer overflow in WriteOnePNGImage (bsc
    #1179223).
  o CVE-2020-25675: Fixed an outside the range of representable values of type
    'long' and integer overflow (bsc#1179240).
  o CVE-2020-25676: Fixed an outside the range of representable values of type
    'long' and integer overflow at MagickCore/pixel.c (bsc#1179244).
  o CVE-2020-27750: Fixed a division by zero in MagickCore/colorspace-private.h
    (bsc#1179260).
  o CVE-2020-27751: Fixed an integer overflow in MagickCore/quantum-export.c
    (bsc#1179269).
  o CVE-2020-27752: Fixed a heap-based buffer overflow in PopShortPixel in
    MagickCore/quantum-private.h (bsc#1179346).
  o CVE-2020-27752: Fixed a heap-based buffer overflow in PopShortPixel in
    MagickCore/quantum-private.h (bsc#1179346).
  o CVE-2020-27753: Fixed memory leaks in AcquireMagickMemory function (bsc#
    1179397).
  o CVE-2020-27755: Fixed memory leaks in ResizeMagickMemory function in
    ImageMagick/MagickCore/memory.c (bsc#1179345).
  o CVE-2020-27756: Fixed a division by zero at MagickCore/geometry.c (bsc#
    1179221).
  o CVE-2020-27757: Fixed an outside the range of representable values of type
    'unsigned long long' at MagickCore/quantum-private.h (bsc#1179268).
  o CVE-2020-27758: Fixed an outside the range of representable values of type
    'unsigned long long' (bsc#1179276).
  o CVE-2020-27759: Fixed an outside the range of representable values of type
    'int' at MagickCore/quantize.c (bsc#1179313).
  o CVE-2020-27760: Fixed a division by zero at MagickCore/enhance.c (bsc#
    1179281).
  o CVE-2020-27761: Fixed an outside the range of representable values of type
    'unsigned long' at coders/palm.c (bsc#1179315).
  o CVE-2020-27762: Fixed an outside the range of representable values of type
    'unsigned char' (bsc#1179278).
  o CVE-2020-27763: Fixed a division by zero at MagickCore/resize.c (bsc#
    1179312).
  o CVE-2020-27764: Fixed an outside the range of representable values of type
    'unsigned long' at MagickCore/statistic.c (bsc#1179317).
  o CVE-2020-27765: Fixed a division by zero at MagickCore/segment.c (bsc#
    1179311).
  o CVE-2020-27766: Fixed an outside the range of representable values of type
    'unsigned long' at MagickCore/statistic.c (bsc#1179361).
  o CVE-2020-27767: Fixed an outside the range of representable values of type
    'float' at MagickCore/quantum.h (bsc#1179322).
  o CVE-2020-27768: Fixed an outside the range of representable values of type
    'unsigned int' at MagickCore/quantum-private.h (bsc#1179339).
  o CVE-2020-27770: Fixed an unsigned offset overflowed at MagickCore/string.c
    (bsc#1179343).
  o CVE-2020-27771: Fixed an outside the range of representable values of type
    'unsigned char' at coders/pdf.c (bsc#1179327).
  o CVE-2020-27772: Fixed an outside the range of representable values of type
    'unsigned int' at coders/bmp.c (bsc#1179347).
  o CVE-2020-27773: Fixed a division by zero at MagickCore/gem-private.h (bsc#
    1179285).
  o CVE-2020-27774: Fixed an integer overflow at MagickCore/statistic.c (bsc#
    1179333).
  o CVE-2020-27775: Fixed an outside the range of representable values of type
    'unsigned char' at MagickCore/quantum.h (bsc#1179338).
  o CVE-2020-27776: Fixed an outside the range of representable values of type
    'unsigned long' at MagickCore/statistic.c (bsc#1179362).
  o CVE-2020-29599: Fixed a shell command injection in -authenticate (bsc#
    1179753).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Module for Development Tools 15-SP2:
    zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-153=1
  o SUSE Linux Enterprise Module for Desktop Applications 15-SP2:
    zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-153=1

Package List:

  o SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le
    s390x x86_64):
       ImageMagick-debuginfo-7.0.7.34-10.9.1
       ImageMagick-debugsource-7.0.7.34-10.9.1
       perl-PerlMagick-7.0.7.34-10.9.1
       perl-PerlMagick-debuginfo-7.0.7.34-10.9.1
  o SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64
    ppc64le s390x x86_64):
       ImageMagick-7.0.7.34-10.9.1
       ImageMagick-config-7-SUSE-7.0.7.34-10.9.1
       ImageMagick-config-7-upstream-7.0.7.34-10.9.1
       ImageMagick-debuginfo-7.0.7.34-10.9.1
       ImageMagick-debugsource-7.0.7.34-10.9.1
       ImageMagick-devel-7.0.7.34-10.9.1
       libMagick++-7_Q16HDRI4-7.0.7.34-10.9.1
       libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-10.9.1
       libMagick++-devel-7.0.7.34-10.9.1
       libMagickCore-7_Q16HDRI6-7.0.7.34-10.9.1
       libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-10.9.1
       libMagickWand-7_Q16HDRI6-7.0.7.34-10.9.1
       libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-10.9.1


References:

  o https://www.suse.com/security/cve/CVE-2020-25664.html
  o https://www.suse.com/security/cve/CVE-2020-25665.html
  o https://www.suse.com/security/cve/CVE-2020-25666.html
  o https://www.suse.com/security/cve/CVE-2020-25674.html
  o https://www.suse.com/security/cve/CVE-2020-25675.html
  o https://www.suse.com/security/cve/CVE-2020-25676.html
  o https://www.suse.com/security/cve/CVE-2020-27750.html
  o https://www.suse.com/security/cve/CVE-2020-27751.html
  o https://www.suse.com/security/cve/CVE-2020-27752.html
  o https://www.suse.com/security/cve/CVE-2020-27753.html
  o https://www.suse.com/security/cve/CVE-2020-27754.html
  o https://www.suse.com/security/cve/CVE-2020-27755.html
  o https://www.suse.com/security/cve/CVE-2020-27756.html
  o https://www.suse.com/security/cve/CVE-2020-27757.html
  o https://www.suse.com/security/cve/CVE-2020-27758.html
  o https://www.suse.com/security/cve/CVE-2020-27759.html
  o https://www.suse.com/security/cve/CVE-2020-27760.html
  o https://www.suse.com/security/cve/CVE-2020-27761.html
  o https://www.suse.com/security/cve/CVE-2020-27762.html
  o https://www.suse.com/security/cve/CVE-2020-27763.html
  o https://www.suse.com/security/cve/CVE-2020-27764.html
  o https://www.suse.com/security/cve/CVE-2020-27765.html
  o https://www.suse.com/security/cve/CVE-2020-27766.html
  o https://www.suse.com/security/cve/CVE-2020-27767.html
  o https://www.suse.com/security/cve/CVE-2020-27768.html
  o https://www.suse.com/security/cve/CVE-2020-27769.html
  o https://www.suse.com/security/cve/CVE-2020-27770.html
  o https://www.suse.com/security/cve/CVE-2020-27771.html
  o https://www.suse.com/security/cve/CVE-2020-27772.html
  o https://www.suse.com/security/cve/CVE-2020-27773.html
  o https://www.suse.com/security/cve/CVE-2020-27774.html
  o https://www.suse.com/security/cve/CVE-2020-27775.html
  o https://www.suse.com/security/cve/CVE-2020-27776.html
  o https://www.suse.com/security/cve/CVE-2020-29599.html
  o https://bugzilla.suse.com/1179202
  o https://bugzilla.suse.com/1179208
  o https://bugzilla.suse.com/1179212
  o https://bugzilla.suse.com/1179221
  o https://bugzilla.suse.com/1179223
  o https://bugzilla.suse.com/1179240
  o https://bugzilla.suse.com/1179244
  o https://bugzilla.suse.com/1179260
  o https://bugzilla.suse.com/1179268
  o https://bugzilla.suse.com/1179269
  o https://bugzilla.suse.com/1179276
  o https://bugzilla.suse.com/1179278
  o https://bugzilla.suse.com/1179281
  o https://bugzilla.suse.com/1179285
  o https://bugzilla.suse.com/1179311
  o https://bugzilla.suse.com/1179312
  o https://bugzilla.suse.com/1179313
  o https://bugzilla.suse.com/1179315
  o https://bugzilla.suse.com/1179317
  o https://bugzilla.suse.com/1179321
  o https://bugzilla.suse.com/1179322
  o https://bugzilla.suse.com/1179327
  o https://bugzilla.suse.com/1179333
  o https://bugzilla.suse.com/1179336
  o https://bugzilla.suse.com/1179338
  o https://bugzilla.suse.com/1179339
  o https://bugzilla.suse.com/1179343
  o https://bugzilla.suse.com/1179345
  o https://bugzilla.suse.com/1179346
  o https://bugzilla.suse.com/1179347
  o https://bugzilla.suse.com/1179361
  o https://bugzilla.suse.com/1179362
  o https://bugzilla.suse.com/1179397
  o https://bugzilla.suse.com/1179753

- -------------------------------------------------------------------------------

SUSE Security Update: Security update for ImageMagick

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:0156-1
Rating:            moderate
References:        #1179103 #1179202 #1179208 #1179212 #1179221 #1179223
                   #1179240 #1179244 #1179260 #1179268 #1179269 #1179276
                   #1179278 #1179281 #1179285 #1179311 #1179312 #1179313
                   #1179315 #1179317 #1179321 #1179322 #1179327 #1179333
                   #1179336 #1179338 #1179339 #1179343 #1179345 #1179346
                   #1179347 #1179361 #1179362 #1179397 #1179753
Cross-References:  CVE-2020-19667 CVE-2020-25664 CVE-2020-25665 CVE-2020-25666
                   CVE-2020-25674 CVE-2020-25675 CVE-2020-25676 CVE-2020-27750
                   CVE-2020-27751 CVE-2020-27752 CVE-2020-27753 CVE-2020-27754
                   CVE-2020-27755 CVE-2020-27756 CVE-2020-27757 CVE-2020-27758
                   CVE-2020-27759 CVE-2020-27760 CVE-2020-27761 CVE-2020-27762
                   CVE-2020-27763 CVE-2020-27764 CVE-2020-27765 CVE-2020-27766
                   CVE-2020-27767 CVE-2020-27768 CVE-2020-27769 CVE-2020-27770
                   CVE-2020-27771 CVE-2020-27772 CVE-2020-27773 CVE-2020-27774
                   CVE-2020-27775 CVE-2020-27776 CVE-2020-29599
Affected Products:
                   SUSE Manager Server 4.0
                   SUSE Manager Retail Branch Server 4.0
                   SUSE Manager Proxy 4.0
                   SUSE Linux Enterprise Server for SAP 15-SP1
                   SUSE Linux Enterprise Server for SAP 15
                   SUSE Linux Enterprise Server 15-SP1-LTSS
                   SUSE Linux Enterprise Server 15-SP1-BCL
                   SUSE Linux Enterprise Server 15-LTSS
                   SUSE Linux Enterprise Module for Development Tools 15-SP1
                   SUSE Linux Enterprise Module for Desktop Applications 15-SP1
                   SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
                   SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
                   SUSE Linux Enterprise High Performance Computing 15-LTSS
                   SUSE Linux Enterprise High Performance Computing 15-ESPOS
                   SUSE Enterprise Storage 6
                   SUSE CaaS Platform 4.0
______________________________________________________________________________

An update that fixes 35 vulnerabilities is now available.

Description:

This update for ImageMagick fixes the following issues:

  o CVE-2020-19667: Fixed a stack buffer overflow in XPM coder could result in
    a crash (bsc#1179103).
  o CVE-2020-25664: Fixed a heap-based buffer overflow in PopShortPixel (bsc#
    1179202).
  o CVE-2020-25665: Fixed a heap-based buffer overflow in WritePALMImage (bsc#
    1179208).
  o CVE-2020-25666: Fixed an outside the range of representable values of type
    'int' and signed integer overflow (bsc#1179212).
  o CVE-2020-25674: Fixed a heap-based buffer overflow in WriteOnePNGImage (bsc
    #1179223).
  o CVE-2020-25675: Fixed an outside the range of representable values of type
    'long' and integer overflow (bsc#1179240).
  o CVE-2020-25676: Fixed an outside the range of representable values of type
    'long' and integer overflow at MagickCore/pixel.c (bsc#1179244).
  o CVE-2020-27750: Fixed a division by zero in MagickCore/colorspace-private.h
    (bsc#1179260).
  o CVE-2020-27751: Fixed an integer overflow in MagickCore/quantum-export.c
    (bsc#1179269).
  o CVE-2020-27752: Fixed a heap-based buffer overflow in PopShortPixel in
    MagickCore/quantum-private.h (bsc#1179346).
  o CVE-2020-27753: Fixed memory leaks in AcquireMagickMemory function (bsc#
    1179397).
  o CVE-2020-27754: Fixed an outside the range of representable values of type
    'long' and signed integer overflow at MagickCore/quantize.c (bsc#1179336).
  o CVE-2020-27755: Fixed memory leaks in ResizeMagickMemory function in
    ImageMagick/MagickCore/memory.c (bsc#1179345).
  o CVE-2020-27756: Fixed a division by zero at MagickCore/geometry.c (bsc#
    1179221).
  o CVE-2020-27757: Fixed an outside the range of representable values of type
    'unsigned long long' at MagickCore/quantum-private.h (bsc#1179268).
  o CVE-2020-27758: Fixed an outside the range of representable values of type
    'unsigned long long' (bsc#1179276).
  o CVE-2020-27759: Fixed an outside the range of representable values of type
    'int' at MagickCore/quantize.c (bsc#1179313).
  o CVE-2020-27760: Fixed a division by zero at MagickCore/enhance.c (bsc#
    1179281).
  o CVE-2020-27761: Fixed an outside the range of representable values of type
    'unsigned long' at coders/palm.c (bsc#1179315).
  o CVE-2020-27762: Fixed an outside the range of representable values of type
    'unsigned char' (bsc#1179278).
  o CVE-2020-27763: Fixed a division by zero at MagickCore/resize.c (bsc#
    1179312).
  o CVE-2020-27764: Fixed an outside the range of representable values of type
    'unsigned long' at MagickCore/statistic.c (bsc#1179317).
  o CVE-2020-27765: Fixed a division by zero at MagickCore/segment.c (bsc#
    1179311).
  o CVE-2020-27766: Fixed an outside the range of representable values of type
    'unsigned long' at MagickCore/statistic.c (bsc#1179361).
  o CVE-2020-27767: Fixed an outside the range of representable values of type
    'float' at MagickCore/quantum.h (bsc#1179322).
  o CVE-2020-27768: Fixed an outside the range of representable values of type
    'unsigned int' at MagickCore/quantum-private.h (bsc#1179339).
  o CVE-2020-27769: Fixed an outside the range of representable values of type
    'float' at MagickCore/quantize.c (bsc#1179321).
  o CVE-2020-27770: Fixed an unsigned offset overflowed at MagickCore/string.c
    (bsc#1179343).
  o CVE-2020-27771: Fixed an outside the range of representable values of type
    'unsigned char' at coders/pdf.c (bsc#1179327).
  o CVE-2020-27772: Fixed an outside the range of representable values of type
    'unsigned int' at coders/bmp.c (bsc#1179347).
  o CVE-2020-27773: Fixed a division by zero at MagickCore/gem-private.h (bsc#
    1179285).
  o CVE-2020-27774: Fixed an integer overflow at MagickCore/statistic.c (bsc#
    1179333).
  o CVE-2020-27775: Fixed an outside the range of representable values of type
    'unsigned char' at MagickCore/quantum.h (bsc#1179338).
  o CVE-2020-27776: Fixed an outside the range of representable values of type
    'unsigned long' at MagickCore/statistic.c (bsc#1179362).
  o CVE-2020-29599: Fixed a shell command injection in -authenticate (bsc#
    1179753).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Manager Server 4.0:
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-156=1
  o SUSE Manager Retail Branch Server 4.0:
    zypper in -t patch
    SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-156=1
  o SUSE Manager Proxy 4.0:
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-156=1
  o SUSE Linux Enterprise Server for SAP 15-SP1:
    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-156=1
  o SUSE Linux Enterprise Server for SAP 15:
    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-156=1
  o SUSE Linux Enterprise Server 15-SP1-LTSS:
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-156=1
  o SUSE Linux Enterprise Server 15-SP1-BCL:
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-156=1
  o SUSE Linux Enterprise Server 15-LTSS:
    zypper in -t patch SUSE-SLE-Product-SLES-15-2021-156=1
  o SUSE Linux Enterprise Module for Development Tools 15-SP1:
    zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2021-156=1
  o SUSE Linux Enterprise Module for Desktop Applications 15-SP1:
    zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2021-156=1
  o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-156=1
  o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-156=1
  o SUSE Linux Enterprise High Performance Computing 15-LTSS:
    zypper in -t patch SUSE-SLE-Product-HPC-15-2021-156=1
  o SUSE Linux Enterprise High Performance Computing 15-ESPOS:
    zypper in -t patch SUSE-SLE-Product-HPC-15-2021-156=1
  o SUSE Enterprise Storage 6:
    zypper in -t patch SUSE-Storage-6-2021-156=1
  o SUSE CaaS Platform 4.0:
    To install this update, use the SUSE CaaS Platform 'skuba' tool. I will
    inform you if it detects new updates and let you then trigger updating of
    the complete cluster in a controlled way.

Package List:

  o SUSE Manager Server 4.0 (ppc64le s390x x86_64):
       ImageMagick-7.0.7.34-3.90.1
       ImageMagick-config-7-SUSE-7.0.7.34-3.90.1
       ImageMagick-config-7-upstream-7.0.7.34-3.90.1
       ImageMagick-debuginfo-7.0.7.34-3.90.1
       ImageMagick-debugsource-7.0.7.34-3.90.1
       ImageMagick-devel-7.0.7.34-3.90.1
       libMagick++-7_Q16HDRI4-7.0.7.34-3.90.1
       libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-3.90.1
       libMagick++-devel-7.0.7.34-3.90.1
       libMagickCore-7_Q16HDRI6-7.0.7.34-3.90.1
       libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-3.90.1
       libMagickWand-7_Q16HDRI6-7.0.7.34-3.90.1
       libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-3.90.1
       perl-PerlMagick-7.0.7.34-3.90.1
       perl-PerlMagick-debuginfo-7.0.7.34-3.90.1
  o SUSE Manager Retail Branch Server 4.0 (x86_64):
       ImageMagick-7.0.7.34-3.90.1
       ImageMagick-config-7-SUSE-7.0.7.34-3.90.1
       ImageMagick-config-7-upstream-7.0.7.34-3.90.1
       ImageMagick-debuginfo-7.0.7.34-3.90.1
       ImageMagick-debugsource-7.0.7.34-3.90.1
       ImageMagick-devel-7.0.7.34-3.90.1
       libMagick++-7_Q16HDRI4-7.0.7.34-3.90.1
       libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-3.90.1
       libMagick++-devel-7.0.7.34-3.90.1
       libMagickCore-7_Q16HDRI6-7.0.7.34-3.90.1
       libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-3.90.1
       libMagickWand-7_Q16HDRI6-7.0.7.34-3.90.1
       libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-3.90.1
       perl-PerlMagick-7.0.7.34-3.90.1
       perl-PerlMagick-debuginfo-7.0.7.34-3.90.1
  o SUSE Manager Proxy 4.0 (x86_64):
       ImageMagick-7.0.7.34-3.90.1
       ImageMagick-config-7-SUSE-7.0.7.34-3.90.1
       ImageMagick-config-7-upstream-7.0.7.34-3.90.1
       ImageMagick-debuginfo-7.0.7.34-3.90.1
       ImageMagick-debugsource-7.0.7.34-3.90.1
       ImageMagick-devel-7.0.7.34-3.90.1
       libMagick++-7_Q16HDRI4-7.0.7.34-3.90.1
       libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-3.90.1
       libMagick++-devel-7.0.7.34-3.90.1
       libMagickCore-7_Q16HDRI6-7.0.7.34-3.90.1
       libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-3.90.1
       libMagickWand-7_Q16HDRI6-7.0.7.34-3.90.1
       libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-3.90.1
       perl-PerlMagick-7.0.7.34-3.90.1
       perl-PerlMagick-debuginfo-7.0.7.34-3.90.1
  o SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
       ImageMagick-7.0.7.34-3.90.1
       ImageMagick-config-7-SUSE-7.0.7.34-3.90.1
       ImageMagick-config-7-upstream-7.0.7.34-3.90.1
       ImageMagick-debuginfo-7.0.7.34-3.90.1
       ImageMagick-debugsource-7.0.7.34-3.90.1
       ImageMagick-devel-7.0.7.34-3.90.1
       libMagick++-7_Q16HDRI4-7.0.7.34-3.90.1
       libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-3.90.1
       libMagick++-devel-7.0.7.34-3.90.1
       libMagickCore-7_Q16HDRI6-7.0.7.34-3.90.1
       libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-3.90.1
       libMagickWand-7_Q16HDRI6-7.0.7.34-3.90.1
       libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-3.90.1
       perl-PerlMagick-7.0.7.34-3.90.1
       perl-PerlMagick-debuginfo-7.0.7.34-3.90.1
  o SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
       ImageMagick-debuginfo-7.0.7.34-3.90.1
       ImageMagick-debugsource-7.0.7.34-3.90.1
       perl-PerlMagick-7.0.7.34-3.90.1
       perl-PerlMagick-debuginfo-7.0.7.34-3.90.1
  o SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
       ImageMagick-7.0.7.34-3.90.1
       ImageMagick-config-7-SUSE-7.0.7.34-3.90.1
       ImageMagick-config-7-upstream-7.0.7.34-3.90.1
       ImageMagick-debuginfo-7.0.7.34-3.90.1
       ImageMagick-debugsource-7.0.7.34-3.90.1
       ImageMagick-devel-7.0.7.34-3.90.1
       libMagick++-7_Q16HDRI4-7.0.7.34-3.90.1
       libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-3.90.1
       libMagick++-devel-7.0.7.34-3.90.1
       libMagickCore-7_Q16HDRI6-7.0.7.34-3.90.1
       libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-3.90.1
       libMagickWand-7_Q16HDRI6-7.0.7.34-3.90.1
       libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-3.90.1
       perl-PerlMagick-7.0.7.34-3.90.1
       perl-PerlMagick-debuginfo-7.0.7.34-3.90.1
  o SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
       ImageMagick-7.0.7.34-3.90.1
       ImageMagick-config-7-SUSE-7.0.7.34-3.90.1
       ImageMagick-config-7-upstream-7.0.7.34-3.90.1
       ImageMagick-debuginfo-7.0.7.34-3.90.1
       ImageMagick-debugsource-7.0.7.34-3.90.1
       ImageMagick-devel-7.0.7.34-3.90.1
       libMagick++-7_Q16HDRI4-7.0.7.34-3.90.1
       libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-3.90.1
       libMagick++-devel-7.0.7.34-3.90.1
       libMagickCore-7_Q16HDRI6-7.0.7.34-3.90.1
       libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-3.90.1
       libMagickWand-7_Q16HDRI6-7.0.7.34-3.90.1
       libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-3.90.1
       perl-PerlMagick-7.0.7.34-3.90.1
       perl-PerlMagick-debuginfo-7.0.7.34-3.90.1
  o SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
       ImageMagick-debuginfo-7.0.7.34-3.90.1
       ImageMagick-debugsource-7.0.7.34-3.90.1
       perl-PerlMagick-7.0.7.34-3.90.1
       perl-PerlMagick-debuginfo-7.0.7.34-3.90.1
  o SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le
    s390x x86_64):
       ImageMagick-debuginfo-7.0.7.34-3.90.1
       ImageMagick-debugsource-7.0.7.34-3.90.1
       perl-PerlMagick-7.0.7.34-3.90.1
       perl-PerlMagick-debuginfo-7.0.7.34-3.90.1
  o SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64
    ppc64le s390x x86_64):
       ImageMagick-7.0.7.34-3.90.1
       ImageMagick-config-7-SUSE-7.0.7.34-3.90.1
       ImageMagick-config-7-upstream-7.0.7.34-3.90.1
       ImageMagick-debuginfo-7.0.7.34-3.90.1
       ImageMagick-debugsource-7.0.7.34-3.90.1
       ImageMagick-devel-7.0.7.34-3.90.1
       libMagick++-7_Q16HDRI4-7.0.7.34-3.90.1
       libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-3.90.1
       libMagick++-devel-7.0.7.34-3.90.1
       libMagickCore-7_Q16HDRI6-7.0.7.34-3.90.1
       libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-3.90.1
       libMagickWand-7_Q16HDRI6-7.0.7.34-3.90.1
       libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-3.90.1
  o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64
    x86_64):
       ImageMagick-7.0.7.34-3.90.1
       ImageMagick-config-7-SUSE-7.0.7.34-3.90.1
       ImageMagick-config-7-upstream-7.0.7.34-3.90.1
       ImageMagick-debuginfo-7.0.7.34-3.90.1
       ImageMagick-debugsource-7.0.7.34-3.90.1
       ImageMagick-devel-7.0.7.34-3.90.1
       libMagick++-7_Q16HDRI4-7.0.7.34-3.90.1
       libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-3.90.1
       libMagick++-devel-7.0.7.34-3.90.1
       libMagickCore-7_Q16HDRI6-7.0.7.34-3.90.1
       libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-3.90.1
       libMagickWand-7_Q16HDRI6-7.0.7.34-3.90.1
       libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-3.90.1
       perl-PerlMagick-7.0.7.34-3.90.1
       perl-PerlMagick-debuginfo-7.0.7.34-3.90.1
  o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64
    x86_64):
       ImageMagick-7.0.7.34-3.90.1
       ImageMagick-config-7-SUSE-7.0.7.34-3.90.1
       ImageMagick-config-7-upstream-7.0.7.34-3.90.1
       ImageMagick-debuginfo-7.0.7.34-3.90.1
       ImageMagick-debugsource-7.0.7.34-3.90.1
       ImageMagick-devel-7.0.7.34-3.90.1
       libMagick++-7_Q16HDRI4-7.0.7.34-3.90.1
       libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-3.90.1
       libMagick++-devel-7.0.7.34-3.90.1
       libMagickCore-7_Q16HDRI6-7.0.7.34-3.90.1
       libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-3.90.1
       libMagickWand-7_Q16HDRI6-7.0.7.34-3.90.1
       libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-3.90.1
       perl-PerlMagick-7.0.7.34-3.90.1
       perl-PerlMagick-debuginfo-7.0.7.34-3.90.1
  o SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
       ImageMagick-debuginfo-7.0.7.34-3.90.1
       ImageMagick-debugsource-7.0.7.34-3.90.1
       perl-PerlMagick-7.0.7.34-3.90.1
       perl-PerlMagick-debuginfo-7.0.7.34-3.90.1
  o SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
       ImageMagick-debuginfo-7.0.7.34-3.90.1
       ImageMagick-debugsource-7.0.7.34-3.90.1
       perl-PerlMagick-7.0.7.34-3.90.1
       perl-PerlMagick-debuginfo-7.0.7.34-3.90.1
  o SUSE Enterprise Storage 6 (aarch64 x86_64):
       ImageMagick-7.0.7.34-3.90.1
       ImageMagick-config-7-SUSE-7.0.7.34-3.90.1
       ImageMagick-config-7-upstream-7.0.7.34-3.90.1
       ImageMagick-debuginfo-7.0.7.34-3.90.1
       ImageMagick-debugsource-7.0.7.34-3.90.1
       ImageMagick-devel-7.0.7.34-3.90.1
       libMagick++-7_Q16HDRI4-7.0.7.34-3.90.1
       libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-3.90.1
       libMagick++-devel-7.0.7.34-3.90.1
       libMagickCore-7_Q16HDRI6-7.0.7.34-3.90.1
       libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-3.90.1
       libMagickWand-7_Q16HDRI6-7.0.7.34-3.90.1
       libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-3.90.1
       perl-PerlMagick-7.0.7.34-3.90.1
       perl-PerlMagick-debuginfo-7.0.7.34-3.90.1
  o SUSE CaaS Platform 4.0 (x86_64):
       ImageMagick-7.0.7.34-3.90.1
       ImageMagick-config-7-SUSE-7.0.7.34-3.90.1
       ImageMagick-config-7-upstream-7.0.7.34-3.90.1
       ImageMagick-debuginfo-7.0.7.34-3.90.1
       ImageMagick-debugsource-7.0.7.34-3.90.1
       ImageMagick-devel-7.0.7.34-3.90.1
       libMagick++-7_Q16HDRI4-7.0.7.34-3.90.1
       libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-3.90.1
       libMagick++-devel-7.0.7.34-3.90.1
       libMagickCore-7_Q16HDRI6-7.0.7.34-3.90.1
       libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-3.90.1
       libMagickWand-7_Q16HDRI6-7.0.7.34-3.90.1
       libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-3.90.1
       perl-PerlMagick-7.0.7.34-3.90.1
       perl-PerlMagick-debuginfo-7.0.7.34-3.90.1


References:

  o https://www.suse.com/security/cve/CVE-2020-19667.html
  o https://www.suse.com/security/cve/CVE-2020-25664.html
  o https://www.suse.com/security/cve/CVE-2020-25665.html
  o https://www.suse.com/security/cve/CVE-2020-25666.html
  o https://www.suse.com/security/cve/CVE-2020-25674.html
  o https://www.suse.com/security/cve/CVE-2020-25675.html
  o https://www.suse.com/security/cve/CVE-2020-25676.html
  o https://www.suse.com/security/cve/CVE-2020-27750.html
  o https://www.suse.com/security/cve/CVE-2020-27751.html
  o https://www.suse.com/security/cve/CVE-2020-27752.html
  o https://www.suse.com/security/cve/CVE-2020-27753.html
  o https://www.suse.com/security/cve/CVE-2020-27754.html
  o https://www.suse.com/security/cve/CVE-2020-27755.html
  o https://www.suse.com/security/cve/CVE-2020-27756.html
  o https://www.suse.com/security/cve/CVE-2020-27757.html
  o https://www.suse.com/security/cve/CVE-2020-27758.html
  o https://www.suse.com/security/cve/CVE-2020-27759.html
  o https://www.suse.com/security/cve/CVE-2020-27760.html
  o https://www.suse.com/security/cve/CVE-2020-27761.html
  o https://www.suse.com/security/cve/CVE-2020-27762.html
  o https://www.suse.com/security/cve/CVE-2020-27763.html
  o https://www.suse.com/security/cve/CVE-2020-27764.html
  o https://www.suse.com/security/cve/CVE-2020-27765.html
  o https://www.suse.com/security/cve/CVE-2020-27766.html
  o https://www.suse.com/security/cve/CVE-2020-27767.html
  o https://www.suse.com/security/cve/CVE-2020-27768.html
  o https://www.suse.com/security/cve/CVE-2020-27769.html
  o https://www.suse.com/security/cve/CVE-2020-27770.html
  o https://www.suse.com/security/cve/CVE-2020-27771.html
  o https://www.suse.com/security/cve/CVE-2020-27772.html
  o https://www.suse.com/security/cve/CVE-2020-27773.html
  o https://www.suse.com/security/cve/CVE-2020-27774.html
  o https://www.suse.com/security/cve/CVE-2020-27775.html
  o https://www.suse.com/security/cve/CVE-2020-27776.html
  o https://www.suse.com/security/cve/CVE-2020-29599.html
  o https://bugzilla.suse.com/1179103
  o https://bugzilla.suse.com/1179202
  o https://bugzilla.suse.com/1179208
  o https://bugzilla.suse.com/1179212
  o https://bugzilla.suse.com/1179221
  o https://bugzilla.suse.com/1179223
  o https://bugzilla.suse.com/1179240
  o https://bugzilla.suse.com/1179244
  o https://bugzilla.suse.com/1179260
  o https://bugzilla.suse.com/1179268
  o https://bugzilla.suse.com/1179269
  o https://bugzilla.suse.com/1179276
  o https://bugzilla.suse.com/1179278
  o https://bugzilla.suse.com/1179281
  o https://bugzilla.suse.com/1179285
  o https://bugzilla.suse.com/1179311
  o https://bugzilla.suse.com/1179312
  o https://bugzilla.suse.com/1179313
  o https://bugzilla.suse.com/1179315
  o https://bugzilla.suse.com/1179317
  o https://bugzilla.suse.com/1179321
  o https://bugzilla.suse.com/1179322
  o https://bugzilla.suse.com/1179327
  o https://bugzilla.suse.com/1179333
  o https://bugzilla.suse.com/1179336
  o https://bugzilla.suse.com/1179338
  o https://bugzilla.suse.com/1179339
  o https://bugzilla.suse.com/1179343
  o https://bugzilla.suse.com/1179345
  o https://bugzilla.suse.com/1179346
  o https://bugzilla.suse.com/1179347
  o https://bugzilla.suse.com/1179361
  o https://bugzilla.suse.com/1179362
  o https://bugzilla.suse.com/1179397
  o https://bugzilla.suse.com/1179753

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYAdduONLKJtyKPYoAQjyzg//bJtQTNx9Pl+B7zJUROzXUVkkbmB5pSPY
piv5SAsxs/QRbXfU9f3rzbVbtaO7Mga2zC74pYcTY/qscskxCHnmm7QzBnLTjnAj
2wvoZYgCYdcnXu+6ho3CP5NMGwkwtmEf7xE96VHozIlzs+5G6K1hC9GycPYRJfr8
Ili078rdm+XxPy61Z/MXTDRcwijdavSqyZ2rAyaJRdZQdhyy9GgN4VqGic1PytQs
k5cIMzS42tJ42kSilUkalto32NRXyAxsgUiPMRuU+P+BN5o1ECNFOofXxUQIwosp
wIWadYXBmRyzGxCi3JbibPAu16Fc8vhU+mvQ2JLm+o8f5dvo1HNHDIUxqegULVdT
cEokieSqoqOdIinYc3SD9+OTF5dgPu3mLkavW9hlof2v0AX7BMJH37sLGCTSV06v
G+VrJlz7JiJDhJHDeudCFOstXwQ7dnBAs+WbkHt4dgQBC2T4aTLGT2l75xJVgvDf
eOG+OHzCJSc1tQghYY0vQ+BoC7nnlESkyvRvHmblJNMS7zLZtVEFc0pAO0js9uby
oIa/7o73V8Qw5+NUJ/0hhSO0V3xcUf89f3ExhvGyrWqZ3FLg9VNIII2YlMzVZH5s
uVRHATlY1M4wPUgn2r19e3ONmWC+DoK2PjT7/bvc2fJ8CWHnPiAIDBmqX1zYMlx6
R05edb7KSUQ=
=8LuS
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.0205.2 – UPDATE [SUSE] ImageMagick: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/01/20/esb-2021-0205-2-update-suse-imagemagick-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0205-2-update-suse-imagemagick-multiple-vulnerabilities

Application Risk From 4 of Top 5 Vulnerability Attack Types Grows, .NET Applications Become Bigger Target for Attacks

Industries across the spectrum are seeing rapid changes in their threat landscape. With the arrival of COVID-19, healthcare companies quickly became top targets for bad actors. The Chief Information Security Officer (CISO) of Johnson and Johnson recently indicated the company has seen a 30% increase in attack volume, including cyber attacks, from nation state threat actors since the start of the COVID-19 pandemic.

The post Application Risk From 4 of Top 5 Vulnerability Attack Types Grows, .NET Applications Become Bigger Target for Attacks appeared first on Security Boulevard.

Read More

The post Application Risk From 4 of Top 5 Vulnerability Attack Types Grows, .NET Applications Become Bigger Target for Attacks appeared first on Malware Devil.

https://malwaredevil.com/2021/01/20/application-risk-from-4-of-top-5-vulnerability-attack-types-grows-net-applications-become-bigger-target-for-attacks/?utm_source=rss&utm_medium=rss&utm_campaign=application-risk-from-4-of-top-5-vulnerability-attack-types-grows-net-applications-become-bigger-target-for-attacks

Qakbot activity resumes after holiday break, (Wed, Jan 20th)

Introduction

Although the botnet infrastructure behind Qakbot was active as we entered this year, we hadn’t seen any active campaigns spreading Qakbot.  Qakbot had been quiet since a few days before Christmas.  We saw no new malicious spam (malspam), and we saw no new Excel spreadsheets that we typically find during active campaigns.

It had been relatively quiet for Qakbot until Tuesday 2021-01-19, when we started seeing malicious spam (malspam) pushing Qakbot again.  @BushidoToken tweeted about it here.

Today’s diary examines a Qakbot infection from Tuesday 2021-01-19.

Shown above:  Flow chart for recent Qakbot activity.

The malspam

No changes here.  Qakbot malspam typically spoofs stolen email chains from previously-infected Windows hosts, and it feeds the data to currently-infected Windows hosts that send new malspam pushing updated files for Qakbot.  See the image below for an example from Tuesday 2021-01-19.

Shown above:  An example of Qakbot malspam from Tuesday 2021-01-19.

Shown above:  Screenshot from one of the spreadsheets I used to infected a Windows host with Qakbot.

Infection traffic

See the images below for my analysis of network traffic from the Qakbot infection.

Shown above:  Traffic from the Qakbot infection filtered in Wireshark.

Shown above:  Excel macro retrieving the initial DLL file for Qakbot.

Shown above:  More post-infection activity from the Qakbot-infected Windows host.

Shown above:  Traffic over TCP port 65400 caused by Trickbot.

Shown above:  Certificate issuer data for HTTPS traffic caused by Qakbot (example 1 of 3).

Shown above:  Certificate issuer data for HTTPS traffic caused by Qakbot (example 2 of 3).

Shown above:  Certificate issuer data for HTTPS traffic caused by Qakbot (example 3 of 3).

Forensics on infected Windows host

See the images below for my forensic investigation on the infected Windows host.

Shown above:  Initial Qakbot DLL saved to the infected Windows host.

Shown above:  Other artifacts from the infected Windows host.

Shown above:  Windows registry updates caused by Qakbot on the infected host.

Indicators of Compromise (IOCs)

SHA256 hash: 8ebba35fa60f107aa4e19fa39ae831feab4ffb1718bdca016670d3898b2fe4fc

• File size: 25,543 bytes
• File name: Complaint_Copy_1206700885_01192021.xlsm
• File description: Spreadsheet with macro for Qakbot

SHA256 hash: f9560829534803161c87666795f0feab028ff484fac5170b515390b50e8050fd

• File size: 1,545,688 bytes
• File location: hxxp://senzo-conseil-expat[.]fr/bqkckb/5555555555.jpg
• File location: C:Users[username]AppDataRoamingKKEEDTT.DEEREDTTDVD
• File description: Initial DLL for Qakbot
• Run method: rundll32.exe [filename],DllRegisterServer

HTTP request caused by Excel macro to retrieve DLL for Qakbot:

• 51.210.14[.]58 port 80 – senzo-conseil-expat[.]fr – GET /bqkckb/5555555555.jpg

HTTPS traffic from the infected host:

• 95.76.27[.]6 port 443
• 185.14.30[.]127 port 443
• 172.115.177[.]204 port 2222

Web traffic connectivity checks from the infected host (HTTPS traffic):

• port 443 – www.openssl.org
• port 443 – api.ipify.org

TCP traffic from the infected host:

• 54.36.108[.]120 port 65400

Connectivity checks to mail servers from the infected host:

• 172.217.195.109 port 993 – imap.gmail.com
• 108.177.104.28 port 25 – smtp-relay.gmail.com
• 108.177.104.28 port 465 – smtp-relay.gmail.com
• 108.177.104.28 port 587 – smtp-relay.gmail.com
• 64.29.151.102 port 110 – mail.myfairpoint.net
• 64.29.151.102 port 143 – mail.myfairpoint.net
• 74.6.106.29 port 995 – inbound.att.net

Certificate issuer data for HTTPS traffic to 95.76.27[.]6 over TCP port 443:

• id-at-countryName=NL
• id-at-stateOrProvinceName=ED
• id-at-localityName=Dadoe
• id-at-organizationName=Letx Uqe Dzcmtewzs Kctonlfg Inc.
• id-at-commonName=epeivate.biz

Certificate issuer data for HTTPS traffic to 185.14.30[.]127 over TCP port 443:

• id-at-countryName=US
• id-at-stateOrProvinceName=NY
• id-at-localityName=New York
• id-at-organizationName=cloudservers03.com
• id-at-commonName=cloudservers03.com

Certificate issuer data for HTTPS traffic to 172.115.117[.]204 over TCP port 2222:

• id-at-countryName=DE
• id-at-stateOrProvinceName=IQ
• id-at-localityName=Aeur
• id-at-organizationName=Cepasduq Nqo Ooifzetkp Mqen
• id-at-commonName=ltxkvijevns.com

Final words

A pcap of the infection traffic along with malware (Excel file and DLL) from an infected host can be found here.

—
Brad Duncan
brad [at] malware-traffic-analysis.net

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Read More

The post Qakbot activity resumes after holiday break, (Wed, Jan 20th) appeared first on Malware Devil.

https://malwaredevil.com/2021/01/20/qakbot-activity-resumes-after-holiday-break-wed-jan-20th/?utm_source=rss&utm_medium=rss&utm_campaign=qakbot-activity-resumes-after-holiday-break-wed-jan-20th

Automate Silo Log Correlation With New Splunk Integration for SOCs

New Silo for Safe Access feature provides Splunk integration for SOCs to monitor employee web and SaaS app access on any device, managed or unmanaged.

The post Automate Silo Log Correlation With New Splunk Integration for SOCs appeared first on Security Boulevard.

Read More

The post Automate Silo Log Correlation With New Splunk Integration for SOCs appeared first on Malware Devil.

https://malwaredevil.com/2021/01/19/automate-silo-log-correlation-with-new-splunk-integration-for-socs/?utm_source=rss&utm_medium=rss&utm_campaign=automate-silo-log-correlation-with-new-splunk-integration-for-socs