Stopping VPN Abuse, Corruption by BPH Providers

Toward the end of 2020, law enforcement agencies from a multi-country task force seized the web domains and server infrastructure of three virtual private network (VPN) services that provided a safe haven for cybercriminals. The services in question had been active for more than a decade, and were extensively advertised on both Russian- and English-speaking..

The post Stopping VPN Abuse, Corruption by BPH Providers appeared first on Security Boulevard.

Read More

The post Stopping VPN Abuse, Corruption by BPH Providers appeared first on Malware Devil.

https://malwaredevil.com/2021/02/01/stopping-vpn-abuse-corruption-by-bph-providers/?utm_source=rss&utm_medium=rss&utm_campaign=stopping-vpn-abuse-corruption-by-bph-providers

Attacks on Healthcare Applications Increased in December 2020

A new report highlighted in Security Boulevard,  is showing a 51 percent increase in attacks on web applications hosted by healthcare providers during December 2020, the timing of which coincides with the initial distribution of COVID-19 vaccines.

The post Attacks on Healthcare Applications Increased in December 2020 appeared first on K2io.

The post Attacks on Healthcare Applications Increased in December 2020 appeared first on Security Boulevard.

Read More

The post Attacks on Healthcare Applications Increased in December 2020 appeared first on Malware Devil.

https://malwaredevil.com/2021/02/01/attacks-on-healthcare-applications-increased-in-december-2020/?utm_source=rss&utm_medium=rss&utm_campaign=attacks-on-healthcare-applications-increased-in-december-2020

Google Discloses Severe Bug in Libgcrypt Encryption Library—Impacting Many Projects

A “severe” vulnerability in GNU Privacy Guard (GnuPG)’s Libgcrypt encryption software could have allowed an attacker to write arbitrary data to the target machine, potentially leading to remote code execution.
The flaw, which affects version 1.9.0 of libgcrypt, was discovered on January 28 by Tavis Ormandy of Project Zero, a security research unit within Google dedicated to finding zero-day bugs
Read More

The post Google Discloses Severe Bug in Libgcrypt Encryption Library—Impacting Many Projects appeared first on Malware Devil.

https://malwaredevil.com/2021/02/01/google-discloses-severe-bug-in-libgcrypt-encryption-library-impacting-many-projects/?utm_source=rss&utm_medium=rss&utm_campaign=google-discloses-severe-bug-in-libgcrypt-encryption-library-impacting-many-projects

Can Third-Party Security Programs Prevent the Next SolarWinds?

While the U.S. government was focused on election security last year, unbeknownst to senior American officials a secret cyber espionage campaign by a major nation-state adversary of unprecedented magnitude was already underway – lethal, stealthy and undetected. In early December 2020, the U.S. cybersecurity firm FireEye Inc. announced that it had been the victim of a..

The post Can Third-Party Security Programs Prevent the Next SolarWinds? appeared first on Security Boulevard.

Read More

The post Can Third-Party Security Programs Prevent the Next SolarWinds? appeared first on Malware Devil.

https://malwaredevil.com/2021/02/01/can-third-party-security-programs-prevent-the-next-solarwinds/?utm_source=rss&utm_medium=rss&utm_campaign=can-third-party-security-programs-prevent-the-next-solarwinds

Taking a Data-Centric Approach to Cloud Security

The pandemic and resulting migration to remote work emphasized the importance of having a digital transformation process in place. The companies that did so appeared to be the companies that had the smoothest transition. Cloud computing played a pivotal role, allowing employees to have the access they needed to do their work. The downside was..

The post Taking a Data-Centric Approach to Cloud Security appeared first on Security Boulevard.

Read More

The post Taking a Data-Centric Approach to Cloud Security appeared first on Malware Devil.

https://malwaredevil.com/2021/02/01/taking-a-data-centric-approach-to-cloud-security/?utm_source=rss&utm_medium=rss&utm_campaign=taking-a-data-centric-approach-to-cloud-security

Ince and Mission Secure Launch Cybersecurity Solution for Maritime

Earlier this week, Ince, the international legal and professional services firm, in cooperation with Mission Secure, launched a new integrated cybersecurity solution for the maritime sector as part of what is called InceMaritime. This cooperation offers the industry’s first integrated cybersecurity legal advisory, business consultancy, and technology offering helping ship owners and operators navigate the sector’s greatest challenges and IMO 2021 cyber compliance.

The post Ince and Mission Secure Launch Cybersecurity Solution for Maritime appeared first on Security Boulevard.

Read More

The post Ince and Mission Secure Launch Cybersecurity Solution for Maritime appeared first on Malware Devil.

https://malwaredevil.com/2021/02/01/ince-and-mission-secure-launch-cybersecurity-solution-for-maritime/?utm_source=rss&utm_medium=rss&utm_campaign=ince-and-mission-secure-launch-cybersecurity-solution-for-maritime

Malicious Actors Reserving Their Cyber Attacks for the Hospitality Industry

Cyber attacks that lead to data breaches are becoming increasingly common in all industries, but there are certain types of businesses that are more vulnerable than others. The hospitality industry in particular is one of the most likely industries to be targeted by cybercriminals in addition to retail and finance. It only makes sense that […]… Read More

The post Malicious Actors Reserving Their Cyber Attacks for the Hospitality Industry appeared first on The State of Security.

The post Malicious Actors Reserving Their Cyber Attacks for the Hospitality Industry appeared first on Security Boulevard.

Read More

The post Malicious Actors Reserving Their Cyber Attacks for the Hospitality Industry appeared first on Malware Devil.

https://malwaredevil.com/2021/02/01/malicious-actors-reserving-their-cyber-attacks-for-the-hospitality-industry/?utm_source=rss&utm_medium=rss&utm_campaign=malicious-actors-reserving-their-cyber-attacks-for-the-hospitality-industry

ISC Stormcast For Monday, February 1st, 2021 https://isc.sans.edu/podcastdetail.html?id=7352, (Mon, Feb 1st)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Read More

The post ISC Stormcast For Monday, February 1st, 2021 https://isc.sans.edu/podcastdetail.html?id=7352, (Mon, Feb 1st) appeared first on Malware Devil.

https://malwaredevil.com/2021/02/01/isc-stormcast-for-monday-february-1st-2021-https-isc-sans-edu-podcastdetail-htmlid7352-mon-feb-1st/?utm_source=rss&utm_medium=rss&utm_campaign=isc-stormcast-for-monday-february-1st-2021-https-isc-sans-edu-podcastdetail-htmlid7352-mon-feb-1st

Network Security News Summary for Monday February 1st, 2021

A brief daily summary of what is important in cybersecurity. The podcast is published every weekday and designed to get you ready for the day with a brief, usually about 5 minutes long, summary of current network security-related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Storm Center. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .

The post Network Security News Summary for Monday February 1st, 2021 appeared first on Malware Devil.

https://malwaredevil.com/2021/02/01/network-security-news-summary-for-monday-february-1st-2021/?utm_source=rss&utm_medium=rss&utm_campaign=network-security-news-summary-for-monday-february-1st-2021

Emotet takedown – Europol attacks “world’s most dangerous malware”

Great news from Europol – if you’ve heard of Emotet, you’ll have a good idea how badly things often end for its victims.
Read More

The post Emotet takedown – Europol attacks “world’s most dangerous malware” appeared first on Malware Devil.

https://malwaredevil.com/2021/02/01/emotet-takedown-europol-attacks-worlds-most-dangerous-malware/?utm_source=rss&utm_medium=rss&utm_campaign=emotet-takedown-europol-attacks-worlds-most-dangerous-malware

ESB-2021.0340 – [Win] JP1/VERITAS Backup Exec 21: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0340
                   A vulnerability exists in JP1/VERITAS
                              1 February 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           JP1/VERITAS Backup Exec 21
Publisher:         Hitachi
Operating System:  Windows
Impact/Access:     Administrator Compromise        -- Existing Account
                   Execute Arbitrary Code/Commands -- Existing Account
                   Access Confidential Data        -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-36167 CVE-2020-36169 CVE-2020-36163

Original Bulletin: 
   https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2021-101/index.html
   https://www.veritas.com/content/support/en_US/security/VTS20-016
   https://www.veritas.com/content/support/en_US/security/VTS20-010

- --------------------------BEGIN INCLUDED TEXT--------------------

Security Information ID

hitachi-sec-2021-101

Vulnerability description

A vulnerability exists in JP1/VERITAS.

      + VTS20-010: Backup Exec OpenSSL advisory (Display new window)
      + VTS20-016: NetBackup and OpsCenter Advisory (Display new window)

Affected products and versions are listed below. Please upgrade your version to
the appropriate version.

Affected products

The information is organized under the following headings:

(Example)
Product name: Gives the name of the affected product.

Version:

Platform
    Gives the affected version.

Product name: JP1/VERITAS Backup Exec 21
VERITAS product name: Veritas Backup Exec 21

Version(s):

Windows
    12-10 (BE21.x)

Product name: JP1/VERITAS Backup Exec 20.1
VERITAS product name: Veritas Backup Exec 20.1

Version(s):

Windows
    11-50 (BE20.x)

Product name: JP1/VERITAS Backup Exec 16
VERITAS product name: Veritas Backup Exec 16

Version(s):

Windows
    11-10 (BE16 FP1, BE16 FP2)

Product name: JP1/VERITAS NetBackup 8.3
VERITAS product name: Veritas NetBackup 8.3

Version(s):

Windows
    8.3 (12-50)

Product name: JP1/VERITAS NetBackup 8.2
VERITAS product name: Veritas NetBackup 8.2

Version(s):

Windows
    8.2 (12-00 to 12-00-/C)

Product name: JP1/VERITAS NetBackup 8.1
VERITAS product name: Veritas NetBackup 8.1

Version(s):

Windows
    8.1 (11-50 to 11-50-/C)

Product name: JP1/VERITAS NetBackup 8.0
VERITAS product name: Veritas NetBackup 8.0

Version(s):

Windows
    8.0 (11-10 to 11-10-/D)

Product name: JP1/VERITAS NetBackup 7.7
VERITAS product name: Veritas NetBackup 7.7

Version(s):

Windows
    7.7.3 (11-01 to 11-01-/B)
    7.7.1 (11-00)

For details on the fixed products, contact your Hitachi support service
representative.

Revision history

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYBd8SONLKJtyKPYoAQgijg//czE1tNVtY4v3C5zZD+q9C05v43X5dzYO
t4NxOsnIw/uT8uIUsitPloFC2J5jiRGOY3QIUjPRv823Z2wPXL+9pwri/QUW0nnD
WUUHJ5C8SOlZuI7wmKlZRxn5OlP/w+jHdpu8bYXu2gwySUnqgZsboUKsUj6ipIgA
fgjPzI4MKIHbYch+6XYTWC8FBNimrZJ7fqtto0Rn+dOBM+aUFc9VQebT9XqsTKaa
tLYQaTdU0W6xcFcbl6ppxXee7BY4EpJC7qsnnAC8snBX07i4gnfelaSbcU7PQKJD
lUK7bNPs61XnppEarRz5M4ZK8tKTGZL9zeHpsmSJdfDgx0PABDbNGZJf7bZ8vhv2
H6QgkUvYbTHlV6baFyriu1aziKLBM+lS/BBLb1CteEyd4Kuug5p3RGIcEZil8n0S
/ub1DfqUAOw+vcW9FjAk7IjH1rX6bYI7+XR99A7SCGYbBptmjPAtbww1oLcd01SM
3ntpNSafVTrI+ynNsWXdHYZRQzw41IWAWUaAjnMmEsyIMX64wlN8PieyobVtDmBp
PGJ94B/jwny8PFZOHAjI0pO+sV7UrEZAXsmorZFEgcoSR0DZBkavp7HAitMhp0xd
i06osEYkFKXkEBgZBD6R6wSSqmemJUhnrxE1r6S1uCgNNLYXqU3lICBD2NN8PZDY
lF6i/4e+R1Q=
=kQw7
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.0340 – [Win] JP1/VERITAS Backup Exec 21: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/02/01/esb-2021-0340-win-jp1-veritas-backup-exec-21-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0340-win-jp1-veritas-backup-exec-21-multiple-vulnerabilities

ESB-2021.0339 – [Debian] thunderbird: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0339
                        thunderbird security update
                              1 February 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           thunderbird
Publisher:         Debian
Operating System:  Debian GNU/Linux
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
                   Access Confidential Data        -- Remote with User Interaction
                   Reduced Security                -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-23964 CVE-2021-23960 CVE-2021-23954
                   CVE-2021-23953 CVE-2020-26976 CVE-2020-16044
                   CVE-2020-15685  

Reference:         ASB-2021.0035
                   ESB-2021.0333
                   ESB-2021.0332
                   ESB-2021.0323
                   ESB-2021.0321

Original Bulletin: 
   http://www.debian.org/security/2021/dsa-4842

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4842-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
January 31, 2021                      https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : thunderbird
CVE ID         : CVE-2020-15685 CVE-2020-16044 CVE-2020-26976 CVE-2021-23953 
                 CVE-2021-23954 CVE-2021-23960 CVE-2021-23964

Multiple security issues have been found in Thunderbird, which may lead
to the execution of arbitrary code, denial of service or an information
leak.

For the stable distribution (buster), these problems have been fixed in
version 1:78.7.0-1~deb10u1.

We recommend that you upgrade your thunderbird packages.

For the detailed security status of thunderbird please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/thunderbird

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmAXHIUACgkQEMKTtsN8
TjYQoxAAqM/S2aU96mroe+0UyRB93JSn1c0LThNkzHvCAWqkQsCN1uaGuklI5WLa
wfDx8bxmV1TOcaxTCH1RbGfaupTrIztGP00ti3MIN2hxHdCccfbSL0NI705SRjq/
itCSHgcP6igfGMPbKiqii8KW4BXZjn6tLp2jIvWt5sWnhuMVi3z3Pai5H6b91wCj
tLIOqxgKkLQ8bcJIkLE+jcAJS/UkrcsqsC1ffc678t+qTEtRjgCSCEy3xU/1ZuGp
jyOj+WzneD9ece6Phn5w9Fo415hHkbtLcD3r3ILKkT420hu9joV6a5J46F08U6/D
gXl+DtzvPcjlZJe7lCTqVdr2XJ9EpKto0malgeuooajtvz3SPE+08vvC101yJeId
/nhfJ7YFUhztDTyG8DC5bSTCArt/c+4dw7gtji2bYItjiiRSEqIN5Gh5ZyEyDFV7
WwgZ6+z4+AJkoLffHK501CETs9d6mdfDsaqz6JqgQ6zSwrfjXVmLqu0auiJNjhSX
H0jvoyhXlwVrxkWrePBlCHAw5qVsidku/iXxEO1D+sbgoA6meoSALvhInYWPNI3y
OXr46etKAwPsASV7Qo4vix8SJi0XwycY8bPopsitnje7FNGAenCH2Z6evd2JzEvt
jmMhDwqGFZAvWAXCBeqwvvkrWlvJE50WR/+WDoqdnb9i4FHK20Y=
=jErN
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYBdiHONLKJtyKPYoAQgT/w/6Axtn1HiJeUwiK+AunOg8DkppkE0PP09X
tCMOXcSDxLAaDzHsBSmGNyPw+K4CSIdsWon5n5qVkktSQYbdW2LvWv8Pos+YhZ6v
H1yXlaUpEQyn9WIZ0HGO6cvpcbd870xZ8F26fEVUkvS58B5YGwibYE2Gl5rhM7rh
geZUkFXX69mT43psLmxzPMEP/OCADdsYex79+/vpYzKWj6uDv/USdlr9fik6nhyM
IQHEirbZ1sZeUFRXywgS07iCY9OhIaSfw6q52zducNPB8k9JwMv9GYpaI7i2nHmU
eysmnwfUKQIpE6ZjEmcjtYb7h2FW6UZczf8wTZV3QCiWbit1aTzzh34MSY5dobqv
INwIrVxN1tUIVzorOpduQ+n7UN5JM3DNn9QJgu28rTxOzjzd7CcvqIKzHcwl47RW
wAoK4LbwOg+sGHdJXqRlcctMgyRMj0Blc4/0DoSSoTZ0XXJD+V8UZ+b41ee2fPwa
rSDFlHJ4OiJvjcinT3rJnYd/eqwXvuvXglpRKHud7PFVTjMhf87YKmDB7Q9jlgYd
mhU695eEiXh7uO3BN8CtkXaE60ThELCPUOUdSR40KuuEYqnsCs0aTusSge00Y3EK
Ix7WJ1b8jqYYyDG34OO6BeIZZS9dqg5HdB4PwiLw/U3gxY75pOmZcnMBo7CsEg8e
1Jv1ebePTWo=
=5JdM
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.0339 – [Debian] thunderbird: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/02/01/esb-2021-0339-debian-thunderbird-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0339-debian-thunderbird-multiple-vulnerabilities

ESB-2021.0338 – [Win][UNIX/Linux] wireshark: Reduced security – Unknown/unspecified

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0338
                     Wireshark 3.4.3 is now available
                              1 February 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           wireshark
Publisher:         Wireshark
Operating System:  UNIX variants (UNIX, Linux, OSX)
                   Windows
Impact/Access:     Reduced Security -- Unknown/Unspecified
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-22174 CVE-2021-22173 

Original Bulletin: 
   https://www.wireshark.org/lists/wireshark-announce/202101/msg00000.html

- --------------------------BEGIN INCLUDED TEXT--------------------

I'm proud to announce the release of Wireshark 3.4.3.

  What is Wireshark?

   Wireshark is the world's most popular network protocol analyzer. It is
   used for troubleshooting, analysis, development and education.

  What's New

   The Windows installers now ship with Npcap 1.10. They previously
   shipped with Npcap 1.00.

   Bug Fixes

    The following vulnerabilities have been fixed:

      o wnpa-sec-2021-01[1] USB HID dissector memory leak. Bug 17124[2].
        CVE-2021-22173[3].

      o wnpa-sec-2021-02[4] USB HID dissector crash. Bug 17165[5].
        CVE-2021-22174[6].

    The following bugs have been fixed:

      o SIP response single-line multiple Contact-URIs decoding error Bug
        13752[7].

      o Adding filter while "Telephony->VoIP Calls->Flow Sequence" open
        causes OOB memory reads and potential crashes. Bug 16952[8].

      o QUIC packet not fully dissected Bug 17077[9].

      o SOMEIP-SD hidden entries are off Bug 17091[10].

      o Problem with calculation on UDP checksum in SRv6 Bug 17097[11].

      o Dark mode not working in Wireshark 3.4.2 on macOS Bug 17098[12].

      o Wireshark 3.4.0: build failure on older MacOS releases, due to
        'CLOCK_REALTIME' Bug 17101[13].

      o TECMP: Status Capture Module messages shows 3 instead of 2 bytes
        for HW version Bug 17133[14].

      o Documentation - editorial error - README.dissector bad reference
        Bug 17141[15].

      o Cannot save capture with comments to a format that doesn't
        support it (no pop-up) Bug 17146[16].

      o AUTOSAR-NM: PNI TF-String wrong way around Bug 17154[17].

      o Fibre Channel parsing errors even with the fix for #17084 Bug
        17168[18].

      o f5ethtrailer: Won't find a trailer after an FCS that begins with
        a 0x00 byte Bug 17171[19].

      o f5ethtrailer: legacy format, low noise only, no vip name trailers
        no longer detected Bug 17172[20].

      o Buildbot crash output: fuzz-2021-01-22-3387835.pcap Bug
        17174[21].

      o Dissection error on large ZVT packets Bug 17177[22].

      o TShark crashes with -T ek option Bug 17179[23].

   New and Updated Features

   New Protocol Support

    There are no new protocols in this release.

   Updated Protocol Support

    AUTOSAR-NM, DHCPv6, DoIP, FC ELS, GQUIC, IPv6, NAS 5GS, NAS EPS,
    QUIC, SIP, SOME/IP-SD, TECMP, TLS, TPNCP, USB HID, and ZVT

   New and Updated Capture File Support

    f5ethtrailer and pcapng

  Getting Wireshark

   Wireshark source code and installation packages are available from
   https://www.wireshark.org/download.html.

   Vendor-supplied Packages

    Most Linux and Unix vendors supply their own Wireshark packages. You
    can usually install or upgrade Wireshark using the package management
    system specific to that platform. A list of third-party packages can
    be found on the download page[24] on the Wireshark web site.

  File Locations

   Wireshark and TShark look in several different locations for
   preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
   locations vary from platform to platform. You can use About -> Folders
   to find the default locations on your system.

  Getting Help

   The User's Guide, manual pages and various other documentation can be
   found at https://www.wireshark.org/docs/

   Community support is available on Wireshark'sQ&A site[25] and on the
   wireshark-users mailing list. Subscription information and archives
   for all of Wireshark's mailing lists can be found on the web site[26].

   Issues and feature requests can be reported on the issue tracker[27].

  Frequently Asked Questions

   A complete FAQ is available on the Wireshark web site[28].

   Last updated 2021-01-29 18:02:26 UTC

  References

    1. https://www.wireshark.org/security/wnpa-sec-2021-01
    2. https://gitlab.com/wireshark/wireshark/-/issues/17124
    3. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22173
    4. https://www.wireshark.org/security/wnpa-sec-2021-02
    5. https://gitlab.com/wireshark/wireshark/-/issues/17165
    6. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22174
    7. https://gitlab.com/wireshark/wireshark/-/issues/13752
    8. https://gitlab.com/wireshark/wireshark/-/issues/16952
    9. https://gitlab.com/wireshark/wireshark/-/issues/17077
   10. https://gitlab.com/wireshark/wireshark/-/issues/17091
   11. https://gitlab.com/wireshark/wireshark/-/issues/17097
   12. https://gitlab.com/wireshark/wireshark/-/issues/17098
   13. https://gitlab.com/wireshark/wireshark/-/issues/17101
   14. https://gitlab.com/wireshark/wireshark/-/issues/17133
   15. https://gitlab.com/wireshark/wireshark/-/issues/17141
   16. https://gitlab.com/wireshark/wireshark/-/issues/17146
   17. https://gitlab.com/wireshark/wireshark/-/issues/17154
   18. https://gitlab.com/wireshark/wireshark/-/issues/17168
   19. https://gitlab.com/wireshark/wireshark/-/issues/17171
   20. https://gitlab.com/wireshark/wireshark/-/issues/17172
   21. https://gitlab.com/wireshark/wireshark/-/issues/17174
   22. https://gitlab.com/wireshark/wireshark/-/issues/17177
   23. https://gitlab.com/wireshark/wireshark/-/issues/17179
   24. https://www.wireshark.org/download.html#thirdparty
   25. https://ask.wireshark.org/
   26. https://www.wireshark.org/lists/
   27. https://gitlab.com/wireshark/wireshark/-/issues
   28. https://www.wireshark.org/faq.html


Digests

wireshark-3.4.3.tar.xz: 32287304 bytes
SHA256(wireshark-3.4.3.tar.xz)=f467cc77f0fc73fce0b854cdbc292f132d4879fca69d417eccad5f967fbf262b
RIPEMD160(wireshark-3.4.3.tar.xz)=6b4174c94fa9f111937ad075a5a7265fc98b0f41
SHA1(wireshark-3.4.3.tar.xz)=7dec4332f21827e360b5830d1d6d566365796a67

Wireshark-win64-3.4.3.exe: 61482312 bytes
SHA256(Wireshark-win64-3.4.3.exe)=3bb02427d9c29d7fc04bf011f2e4ebd4f23ebe68f275f51d4ae36ee167b6cb03
RIPEMD160(Wireshark-win64-3.4.3.exe)=137d9615b4aceb2ea48be43c2c87fbfef5d77f1c
SHA1(Wireshark-win64-3.4.3.exe)=506cd5ed2973b23106b067c3dd84dd82988c25a6

Wireshark-win32-3.4.3.exe: 56533576 bytes
SHA256(Wireshark-win32-3.4.3.exe)=6f99517f1e3c35be1de40ab9d333e6b3f053a60b7622798b171fef9e0da33c95
RIPEMD160(Wireshark-win32-3.4.3.exe)=f7fbf73dbf8a3aeda68898b71472ef465933a5a4
SHA1(Wireshark-win32-3.4.3.exe)=bf62c9b95863d77e85456d63f9341be6d744427b

Wireshark-win32-3.4.3.msi: 44769280 bytes
SHA256(Wireshark-win32-3.4.3.msi)=4a9e8dce82fb265fccf13e5864312f8af8dc199dfe8bd8b044683323a12064a3
RIPEMD160(Wireshark-win32-3.4.3.msi)=6db7ad54a15e4a16b6213645a5a3ccd1fa73f11c
SHA1(Wireshark-win32-3.4.3.msi)=e3e412933b2b4ac1c53e39ad7f2d4573216727bf

Wireshark-win64-3.4.3.msi: 49803264 bytes
SHA256(Wireshark-win64-3.4.3.msi)=191d7a4403689e94cd89c4468b0f8ee5e5ed81addac6faedd2912a5803a898d1
RIPEMD160(Wireshark-win64-3.4.3.msi)=13ec6d4cb59098574f790dc8efc52ef3062916c6
SHA1(Wireshark-win64-3.4.3.msi)=2c172244fe5c8edb78f03aa82f159a646dc19650

WiresharkPortable_3.4.3.paf.exe: 115216256 bytes
SHA256(WiresharkPortable_3.4.3.paf.exe)=e14e92708d99c691f8647cb23b8e43e6fc6ffdf2a417f0044684e94ea156b041
RIPEMD160(WiresharkPortable_3.4.3.paf.exe)=8b1f254f484d6911aa90b90c609daa484d039812
SHA1(WiresharkPortable_3.4.3.paf.exe)=b8dd1401ca77a3aab2245e95bc88266132fedc87

Wireshark 3.4.3 Intel 64.dmg: 130901551 bytes
SHA256(Wireshark 3.4.3 Intel 64.dmg)=d3574ea99758abed0fddacec8dcaf1e3c6b767e6e3651b93f4315d6d0d41c8f8
RIPEMD160(Wireshark 3.4.3 Intel 64.dmg)=dbfa7f7d6433790fff6e4e7fdafd8b64ed6b8da9
SHA1(Wireshark 3.4.3 Intel 64.dmg)=f44c22c86dcad1a9978f02da3aecee34f1ccbba8

You can validate these hashes using the following commands (among others):

     Windows: certutil -hashfile Wireshark-win64-x.y.z.exe SHA256
     Linux (GNU Coreutils): sha256sum wireshark-x.y.z.tar.xz
     macOS: shasum -a 256 "Wireshark x.y.z Intel 64.dmg"
     Other: openssl sha256 wireshark-x.y.z.tar.xz

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYBddHeNLKJtyKPYoAQhhww/9HdxmAMxOPTyR+7P41E4C99lzSgJkOf0Z
a0SBdzggJVSEl0YWsL+OQ5l0/hC+ZStX3aduMJ1FmKOalnS63O1gjGvUrVIeb0fK
FJOegtSdYJTW97JWHtQkfZwkPH9pxgHaBy0Nqv7aSJbV2SfyaKl/gPpaOV1xaEv/
1s1Y9c+ITruW7pggrAKXIAC337GofdKqYzImQ/H90wPWk5+q8yVO9X/01i3xRhFA
FuGbSIRQkrp/NwoV0tsh7/XKWUKwDa78qOCiqMZAdKYJfTraxeg03R3m+LFQMqUa
w1pQpIX1sk2SJt7+HJ8wvFNGRBlmDLuKuAALmU+QAjU29BTlvqYZzw9kpjLU6hqJ
NEj1TobyKOdrhxYVcUr7zlRIO/r77Vx0Iw0ybS1kQse9y8hryn27ffbAr9CCaY+N
uRwgItBylYiy8aL4UFVJu/x4Za26u25c9RIr4+MXJnTJokA2nqV6nMF4pIg2QFL+
f+7atBMoDZq3MIrJ3Z59nUklkIwLfmCQR2+Rpl4RIgdmHQgWH8s7GKoV1lVHtkUm
f7xwUPkGlYhy/+nwGwsFfiv7UnWhhP6iZm1EhBCO4obCFCCdoz49ScqSfNrSUm8c
+yhz1q/+J3f+nSb0Z+pJzabbzKAvsKX3HZvMc+dxLn5DMTZQtWqAlKDIG4bGapIc
2Aob4gIeTuw=
=QIln
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.0338 – [Win][UNIX/Linux] wireshark: Reduced security – Unknown/unspecified appeared first on Malware Devil.

https://malwaredevil.com/2021/02/01/esb-2021-0338-winunix-linux-wireshark-reduced-security-unknown-unspecified/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0338-winunix-linux-wireshark-reduced-security-unknown-unspecified

ESB-2021.0337 – [Debian] mariadb-10.1: Denial of service – Existing account

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0337
                       mariadb-10.1 security update
                              1 February 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           mariadb-10.1
Publisher:         Debian
Operating System:  Debian GNU/Linux
Impact/Access:     Denial of Service -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-14812 CVE-2020-14765 

Reference:         ASB-2020.0176
                   ESB-2020.4527
                   ESB-2020.4427
                   ESB-2020.4309

Original Bulletin: 
   https://www.debian.org/lts/security/2021/dla-2538

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2538-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
January 31, 2021                              https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------

Package        : mariadb-10.1
Version        : 10.1.48-0+deb9u1
CVE ID         : CVE-2020-14765 CVE-2020-14812

Two vulnerabilities were fixed by upgrading the MariaDB database server
packages to the latest version on the 10.1 branch.

For Debian 9 stretch, these problems have been fixed in version
10.1.48-0+deb9u1.

We recommend that you upgrade your mariadb-10.1 packages.

For the detailed security status of mariadb-10.1 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/mariadb-10.1

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmAXJxkACgkQiNJCh6LY
mLE/Zw/9GBX601InOmWcVYl/f5Z2CqevkGmMwBjDIr4Si2COYmYWNFWsdrDHj+gL
BTx9B+n5BRtQz12oZxKlAqRl27D8eScyvfuTe0ZBk/YDLCgtn2Oo+LlJmuc825RL
XGToX0RgGU6Apcmc2otprDVPAW/Wm4BjTKuOWmXhLsoHOddPuC8SEWHbebhJhZYd
CaVxSWR7OjPzcm0Y+JRu8p/LxYK/iEKWP/DKoCGUxW3pfTEvmeO31tDAHcS0CphB
2+WGxW+D/qITdiDsAGwS43UdWtbjkas1N4Y7VA2rymMGJS9NLd5y9G6+198jre8Z
6fcxbZ4GzaAYwG5iDLVPca6a3I0ux3r6p6pblS/TSTH4nZPfI3slNtFMszzS4PXf
hiPzwC6NekwyxzZ6AGfKYvA/+ASSPcoEueP+oeob31Rmov5Chjw9uhz9jBdy7QkR
Q0psDfczt8z93brXBN2u3Gwx7bgiuRJFYLxzAa0B3xmFF2Lp+4Ygw8LAu86Qug5P
wu23omp0CS4euWCe6ZEmQCVeGPc/PL3vexbjwsww7mnAHAVDwUJ2v8YY/TK+v/Od
Hbi4xYpkvWMeNTAoyegZSD+ocC0W5qjUepldreygcoJS2CS6zs7fCebfQVqbxAlJ
GgDE27hHJZfUlQuc+EoWzwox2andQrcupyt1/yOrPqMcOu9o29k=
=84hm
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYBdZ4eNLKJtyKPYoAQiOkw/+NNATRLPJxHKJCoptRhd+CJni85HHc6wJ
Y3gRBF8r2iKS5mEJMYyw2NrrBiljE4JsJZF1R4+Zefl80HjNwgKljwt3H6WzBFmg
5YZOBUQlDlwyyfqAne7DBb6Mb+Oe/+5GAVDFDwrCmF++Oc4QDDrZP/MNOgxmIL+b
0kOaubPUmrSxk3/0iiaPzD47yTeyinE1v5KYYenJkcwCtgTYe0o0uVmLqJOXb3F3
6xNIRWhTdSYdNclG88dPuG6o6vivfcGuZeUGOwpMfLntuxnCqc6jX5HW+Cejtfqz
/dA+t6bQMW7JK1sCYi5n7k+pBaU+pGssv0kZ7Av8K59CSZ1rCJnS3TP9UqJR7DQe
4SiBmsb8SkN2OwX2wktuF71qAf3BoISrBB4//EkVEGFGD9WuYDKX91ePUUp+PNbj
Rf5hz8njiLWjm8cIcPI+jkGzzJASQko9NZWNPHgEG8CGw2GTpxpCO2psuDyoiRbw
WvgOUYRXceKrF+tnf+TK5oNaEcwsy5u4NDr1TDRS7TuFuwUGXL/w+73jRB6yTItX
Z3f2Royh5RNS9k+5NHDyoipL7cbYB5/aLPUtyLmNFHJE/LpbdwkQ0ySq4y2AmRcP
oAwznl1PPhCvrp1FCasY2mlR4kVQcILds8KK3PUFmVH9FudmMD7Tr9AmjqZsZuDo
t2PBALWXNrU=
=Awtc
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.0337 – [Debian] mariadb-10.1: Denial of service – Existing account appeared first on Malware Devil.

https://malwaredevil.com/2021/02/01/esb-2021-0337-debian-mariadb-10-1-denial-of-service-existing-account/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0337-debian-mariadb-10-1-denial-of-service-existing-account

ESB-2021.0336 – [Debian] ffmpeg: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0336
                          ffmpeg security update
                              1 February 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           ffmpeg
Publisher:         Debian
Operating System:  Debian GNU/Linux
Impact/Access:     Denial of Service -- Remote/Unauthenticated
                   Reduced Security  -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-35965 CVE-2019-17539 

Reference:         ESB-2020.2514
                   ESB-2020.2338

Original Bulletin: 
   https://www.debian.org/lts/security/2021/dla-2537

- --------------------------BEGIN INCLUDED TEXT--------------------

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2537-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                  Roberto C. S=E1nchez
January 31, 2021                              https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : ffmpeg
Version        : 7:3.2.15-0+deb9u2
CVE ID         : CVE-2019-17539 CVE-2020-35965
Debian Bug     : 979999

Two vulnerabilities have been discovered in ffmpeg, a widely used
multimedia framework.

CVE-2019-17539

    a NULL pointer dereference and possibly unspecified other impact
    when there is no valid close function pointer

CVE-2020-35965

    an out-of-bounds write because of errors in calculations of when to
    perform memset zero operations

For Debian 9 stretch, these problems have been fixed in version
7:3.2.15-0+deb9u2.

We recommend that you upgrade your ffmpeg packages.

For the detailed security status of ffmpeg please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ffmpeg

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

- -----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEIYZ1DR4ae5UL01q7ldFmTdL1kUIFAmAWOukACgkQldFmTdL1
kUJxfQ/+MTNw8pr87IRdWtIQzd+coWpXGONRQojvDkD2f+lpusATiszDtwornBVB
OWru1YvwmWwuFg7kxVUlDKl12gic+qUd3BbrSS0MWrezQ2l5oUzsV2rM+W9pv380
x23sPiNz61tO34VZTKfOvSejozo1U9tlmoQXYo+4SqIedxScIAjpJdNkHMyXaebE
EyuiS6FkaxWpYIdcG3+LTPidsGsutevxONF0pQEEFuS0kA5Pb2NZj9v8XyC7Wxxl
ck57M6nQSxL2VWpt2ez0Xooa3rSwacpYdAf/jfXwfiWoDwf9EIvwx8ai6XxnIP31
V3Md4qtfOyjBfpHC/xbgZrVJB5JqcGUukozCinCAsvKhX3ApfvyQc2kVcxvkMB3Q
Lji3pz1ChcELpohU/zom71BvYbOW5PZmrq5sAqfIhu3QkIE7C1geHUKcQT8CsmR1
83oiSloiA+8Q1tnUk0dVfHvHrmeXZqFa4+0q2QhIAtvizbjDK7b4TXTeRJzEeipA
J5XOZ3qkJUoPFO7RB5f6UP5KED9LFkOfA3L7rRolvdpt1Pat78KDTF93MX+/fRCE
wO0jLEJeW5HphC4m7s4LMOSDl6Mtsdrz3/1YcbZGf/UP0iBEtWieAL/hZybpoykQ
give9GMAtFTLdZpzGbl66a0S5OlJiYXK5mDi/gtSPCVvHpy1lKs=
=f/U/

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYBdZ1eNLKJtyKPYoAQjcLBAAlpXGhUrifVwFm2wfTthA4uZgk6PemPi3
lgjnSFRKzBR2kgcQkyLcBex3yCkbKs4UTvmM9S2XvtNpIZnqXtDHVXFgH96MUECo
ez1UV6sMXyjXyxhSBW88B+YbIb4LCk0zsy65LeN+k157LE9rEnBW9HPA29FNL3cL
m4bfxmMdsVlQPG7+DcwdCnvdYs+J/w8/uKse9uUOu8vk75UWKJ7A6ZwuRKd7XYe5
cHOHqC/cmpTOKup2r5Dp1BbjFFJUEz9kf8zC3IZ0O1jtR8ozvdQDBVq1Ih6Pk3Hx
uUqkhWzPLWxU1RboOUOZjkHsRBDNLTrRWegATMBpG1/52GXPfW75Ob5sx3XI8JSW
uOkhvLPRKgS6acWwo50EPG+DlSFvMSI8Kf3r0OjIZTqroynMZzb7G1+R/ywbybX0
SjpYJLtI4g1Vs/WmGg8lNDK2ejaVd/FSeoxtCLlccuQNmn7AIpyYR6eJCpEN1Gzo
xl3fd4ngYdeNVzkV/4UQllgOTvkWWagd+Y3V5T88YJQz14uNx+A5Rg1iNdD/gAwi
ZMwvgxXW1SE8Jy1XvFjUY780cKFwMfhmTRAWYWpLcXIGCmzdhF/J7DxJoc4s3SRx
VEA71o2X9x+IrqaE9IaxQNIC2wlOSdaoccRHYI/GcHPEFXeiXOvhFt3feyo8RDt5
/GOSTGj1FLc=
=GaTd
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.0336 – [Debian] ffmpeg: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/02/01/esb-2021-0336-debian-ffmpeg-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0336-debian-ffmpeg-multiple-vulnerabilities

ESB-2021.0335 – [Debian] libsdl2: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0335
                          libsdl2 security update
                              1 February 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           libsdl2
Publisher:         Debian
Operating System:  Debian GNU/Linux
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
                   Access Confidential Data        -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-14410 CVE-2020-14409 CVE-2019-13616
                   CVE-2019-7638 CVE-2019-7636 CVE-2019-7635
                   CVE-2019-7578 CVE-2019-7577 CVE-2019-7575

Reference:         ESB-2020.3973
                   ESB-2020.3900
                   ESB-2020.3689
                   ESB-2020.3383

Original Bulletin: 
   https://www.debian.org/lts/security/2021/dla-2536

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2536-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
January 30, 2021                              https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------

Package        : libsdl2
Version        : 2.0.5+dfsg1-2+deb9u1
CVE ID         : CVE-2019-7575 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635
                 CVE-2019-7636 CVE-2019-7638 CVE-2019-13616 CVE-2020-14409
                 CVE-2020-14410


Several issues have been found in libsdl2, a library for portable low
level access to a video framebuffer, audio output, mouse, and keyboard.
All issues are related to either buffer overflow, integer overflow or
heap-based buffer over-read, resulting in a DoS or remote code execution
by using crafted files of different formats.


For Debian 9 stretch, these problems have been fixed in version
2.0.5+dfsg1-2+deb9u1.

We recommend that you upgrade your libsdl2 packages.

For the detailed security status of libsdl2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libsdl2

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

- -----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmAV08lfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEfTHw/7BU/yBPrFoiUobcRMypK1S/5+JIXYwG5xLkAeNqDNNHMEKEkmWOKfgnXm
doQGL5qO68OU6wuqEY8zICpI/+kqTmuRGHpzprsyX/FfiKgY/qKC4k/IpwjHpjrR
5iJNmYWVS41InKk6wucwrK3YmDrqyIo/PWHvq7+IZtYt6iezgCNbARX+r+Ces47g
fdKXNckdxQ+hdADhu96KqAqwvowykWZMkdIl/PjTumgqe9eq57OKcC7D/e9rzV0j
MGIRJRl3q047w+2XPv4uO2qKasikq/eKBJQi653gi5phMnOJ4LP//vqVlANSzdwm
h1+AFw3NNMyT6HTqVAIQfUZ+kE1gktY+ixLOYVMyPKWdYaeoRUdfgsTvzR/hobuD
m3yW7PpuX7I9jbhm73+nkRuI7iKLpp/+pNc1TQfYJzymes1VhqlkQd/jWYOAPa5E
0wP+v59AKgz47nQjHPj89icR8uKFofs9l6RKQPeZISmzqIaUuPlLg6Kb1c4OwHhu
YO+NR3ipCugkC59BHsPYIBPpuy2DlNr4Iuxzs0O45kcgczd1ssUu69SCobRfExzY
y6eeUIlmTJwL/u3rGIqUrmfZxkW1qMHwRyk3DVoG6u8DNjZe/oJAvpM7OERhZt5P
mnEbEkwXffFS0u0230UvoXewA5XHvbRDDQMP3V6eNQ1eXws56a4=
=IS4U
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYBdZwuNLKJtyKPYoAQiT1Q/+LUbry8tnjaFD7xL/0Jh7WqLH82ePkKSL
3F2Kv9Bld2sYA0zZ2vdLcnJAgLMQ+Pb6jAgLOZVCptJ6TwSerskRqBO7Q1bibQVO
onv29j2AwQ9BiG3krnEfssPuJzm9fSFBZbTDyZnRAPBVrqqdLRoj+Nn49VPZL80E
b9LXRA0qzL1PayOnPWJit8Mgb93tPhNl9cEEwG43KRu82zS42y1VjDFC/BFGTxvf
7CQ3CybyUx8wZGMFBxnTfFrv4e72PKjgPJ6ahkrGI2nL59Rd92p1KKJCWTlCte/L
kMaW7QdSc/Ytw5CV1/LTnmF6SWsykoLYvlJvdgu5v0s87r2/vJh3HVupYKTeDyTm
W3XpCAWv5cbYqOS7NOmKYJoGe8MI/GcQViX3y49rJ3FfMe/5B47drWypik1XxDxb
Ex6XCoO+GTlBV7sjNBxSChK5V/cD/A6b2xTx/pax6jmG7tPHaEaPscFYObJoNyNm
y5I8n7ITTP2/nx0BXq3HuqFIAq5mOVOhg6ZxdzSKse5SvSwpQhCDlhOnXMFGzY+5
LBcnbt37pxlMxYv98eYUQQ+M0OulAX4WFn8+cS5bEtg2DtH4Kir3m+WqMyN29pRW
u5q5GdzDT2oHMHfYCKmmExZMT1rRUpSOHaIqjJu5Pij6EWNFfiVszjjg0kQp7DTu
orRWn3zltpw=
=1N5o
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.0335 – [Debian] libsdl2: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/02/01/esb-2021-0335-debian-libsdl2-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0335-debian-libsdl2-multiple-vulnerabilities

ESB-2021.0334 – [SUSE] jackson-databind: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0334
                   Security update for jackson-databind
                              1 February 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           jackson-databind
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Denial of Service        -- Remote/Unauthenticated
                   Access Confidential Data -- Remote/Unauthenticated
                   Reduced Security         -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-20190 CVE-2020-35728 CVE-2020-25649

Reference:         ESB-2020.4451
                   ESB-2020.4413
                   ESB-2020.4405
                   ESB-2020.3537

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2021/suse-su-20210243-1

- --------------------------BEGIN INCLUDED TEXT--------------------

SUSE Security Update: Security update for jackson-databind

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:0243-1
Rating:            moderate
References:        #1177616 #1180391 #1181118
Cross-References:  CVE-2020-25649 CVE-2020-35728 CVE-2021-20190
Affected Products:
                   SUSE Linux Enterprise Module for Development Tools 15-SP2
______________________________________________________________________________

An update that fixes three vulnerabilities is now available.

Description:

This update for jackson-databind fixes the following issues:
jackson-databind was updated to 2.10.5.1: * #2589: `DOMDeserializer`:
setExpandEntityReferences(false) may not prevent external entity expansion in
all cases (CVE-2020-25649, bsc#1177616) * #2787 (partial fix): NPE after add
mixin for enum * #2679: 'ObjectMapper.readValue("123", Void.TYPE)' throws
"should never occur"

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Module for Development Tools 15-SP2:
    zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-243=1

Package List:

  o SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch):
       jackson-databind-2.10.5.1-3.3.2


References:

  o https://www.suse.com/security/cve/CVE-2020-25649.html
  o https://www.suse.com/security/cve/CVE-2020-35728.html
  o https://www.suse.com/security/cve/CVE-2021-20190.html
  o https://bugzilla.suse.com/1177616
  o https://bugzilla.suse.com/1180391
  o https://bugzilla.suse.com/1181118

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYBdNu+NLKJtyKPYoAQhVEhAAntoVIdGaHJtQOi5PDPFmAurjgYNeVGtH
8KsIs/QkkZ6Lo7EN5wv+w8wfH/0MQBBHzVrfz9Xy9/KJxkTphWzn/TzNiWOTPVAg
1n85DTAoe9eWlJnA5GaMgRp+OuvnyThIrk24C/YPaoYdJmDF8ZGxOMuche+FSMbX
AwEaeMnrdrJzTiZmC9cgANHR8IVpieOB0nqUgNJiLmgcBSCnLzhUgfwnNtVeAFon
y3EU44DAiGK7hfEhGfi18je92+9LVQSLu6ZnEcYUjiK2AEQB1rk+0ed1TXM1ssMk
G7NW0vnTYf+yrHJal7/yHw56bu4oGLPaOHh6WYB+wfj3n2XMmW//qNT7YKTOpdku
KmSRvQ7zSL8M1hygdZsuAH5dga7dW4BoI6bSoH5iISD+PD52Uk4LxZt1ouPz8CvQ
n0aRjGklNuaGcvYSr4CqWF74WrTDxB0NReHWdfeY1UBlhAcmeadmBaVka5FpQtp7
APjjbi53fcwCZnhJglOdljwd8oexIYxGah2NRmX+4tutXqpXECQ4sCyo2a1rGf7j
p3YutdYcKV+YMPtUwwgWdKxS4aBPzR3gAXDjr7gUEel+qMBZckvY8OUcFI6U0Psi
lzpxpQGpZRIIMgy1hK6x2DtDLtZ/ooKVuAPx2f5TlWTfa62uqXiIbXlmzN4XCvqJ
IPhsWZNl6pM=
=zkTJ
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.0334 – [SUSE] jackson-databind: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/02/01/esb-2021-0334-suse-jackson-databind-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0334-suse-jackson-databind-multiple-vulnerabilities

ESB-2021.0333 – [SUSE] MozillaThunderbird: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0333
                  Security update for MozillaThunderbird
                              1 February 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           MozillaThunderbird
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
                   Access Confidential Data        -- Remote with User Interaction
                   Reduced Security                -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-23964 CVE-2021-23960 CVE-2021-23954
                   CVE-2021-23953 CVE-2020-26976 CVE-2020-15685

Reference:         ESB-2021.0323
                   ESB-2021.0321
                   ESB-2021.0316
                   ESB-2021.0292

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2021/suse-su-20210245-1

- --------------------------BEGIN INCLUDED TEXT--------------------

SUSE Security Update: Security update for MozillaThunderbird

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:0245-1
Rating:            important
References:        #1181414
Cross-References:  CVE-2020-15685 CVE-2020-26976 CVE-2021-23953 CVE-2021-23954
                   CVE-2021-23960 CVE-2021-23964
Affected Products:
                   SUSE Linux Enterprise Workstation Extension 15-SP1
______________________________________________________________________________

An update that fixes 6 vulnerabilities is now available.

Description:

This update for MozillaThunderbird fixes the following issues:

  o Mozilla Thunderbird was updated to 78.7.0 ESR (MFSA 2021-05, bsc#1181414) *
    CVE-2021-23953: Fixed a Cross-origin information leakage via redirected PDF
    requests * CVE-2021-23954: Fixed a type confusion when using logical
    assignment operators in JavaScript switch statements * CVE-2020-26976:
    Fixed an issue where HTTPS pages could have been intercepted by a
    registered service worker when they should not have been * CVE-2021-23960:
    Fixed a use-after-poison for incorrectly redeclared JavaScript variables
    during GC * CVE-2021-23964: Fixed Memory safety bugs * CVE-2020-15685:
    Fixed an IMAP Response Injection when using STARTTLS

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Workstation Extension 15-SP1:
    zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2021-245=1

Package List:

  o SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64):
       MozillaThunderbird-78.7.0-3.119.1
       MozillaThunderbird-debuginfo-78.7.0-3.119.1
       MozillaThunderbird-debugsource-78.7.0-3.119.1
       MozillaThunderbird-translations-common-78.7.0-3.119.1
       MozillaThunderbird-translations-other-78.7.0-3.119.1


References:

  o https://www.suse.com/security/cve/CVE-2020-15685.html
  o https://www.suse.com/security/cve/CVE-2020-26976.html
  o https://www.suse.com/security/cve/CVE-2021-23953.html
  o https://www.suse.com/security/cve/CVE-2021-23954.html
  o https://www.suse.com/security/cve/CVE-2021-23960.html
  o https://www.suse.com/security/cve/CVE-2021-23964.html
  o https://bugzilla.suse.com/1181414

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYBdNq+NLKJtyKPYoAQjNOQ/+O9lU7kyo9/0jGBCIy0CvdN7mheEgwAQX
m7NUhZ1QYNXkVG9hdFapkZtXPiw9JbtxeAz88WhG9XuKQI0/sUDtPKymTAsU9rcb
WAHpFUtADFrStJ2A/wpsAWprx0flU0t6w3BtnaLkMAjP7hZOlnna+XCFXql/S7sH
5ZmS85aInAf8HK4ardty6UQqd4TGCffPfA407b87/O8KTG74E/mhWn8tHFQ7DGZF
fQZKblrDbIC2FkvHfLl/Iqo1bHr+g3xxxXMqSi8WbCEd4F/DbfeJffBT5jY/FErF
/oqqiF5bVhSLYjKwsO4h8kJylc7V7GgmnIZslRzc6V1HOxuU89Dfq9IaISz69L9S
mwDM1ygFyvw75WBACC4PnpteBdeupLb/PmpHZpRJBnEPvrAdRUVy0sj5AMUSgZlp
eyZ+xuTaLcuDkUNKOsE7/W+noULa/dqX6KvOc6+T22qASeyw/qLAQxHt1UybMrOU
9BQTrs1/HK28/SOBsbTs5xV/JjtcZKugC0da/gfwOYv+4O1Aw1KH1dNUieYpUZNW
5hqXi5JacdXkcPlWRiRHKkaRel3Bs/RgopQ6el7quYOE18mx80m7t9cV9B9sdDjV
A5lAgJ3tRDUJorVAR7WR8RYee1LGiOraAQvuoUTRQEzVUFjqK+5yfBj5xcIBGj83
OHLd4tXz3ts=
=GGpW
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.0333 – [SUSE] MozillaThunderbird: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/02/01/esb-2021-0333-suse-mozillathunderbird-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0333-suse-mozillathunderbird-multiple-vulnerabilities

ESB-2020.3899.2 – UPDATE [Debian] libonig: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                              ESB-2020.3899.2
                          libonig security update
                              1 February 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           libonig
Publisher:         Debian
Operating System:  Debian GNU/Linux
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Denial of Service               -- Remote/Unauthenticated
                   Access Confidential Data        -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-26159 CVE-2019-19246 CVE-2019-19204
                   CVE-2019-19203 CVE-2019-19012 CVE-2019-16163
                   CVE-2019-13224  

Reference:         ESB-2020.3072
                   ESB-2020.2827
                   ESB-2019.4556
                   ESB-2019.3485

Original Bulletin: 
   https://lists.debian.org/debian-lts-announce/2020/11/msg00006.html
   https://www.debian.org/lts/security/2021/dla-2431-2

Comment: This bulletin contains two (2) Debian security advisories.

Revision History:  February 1 2021: Patch for CVE-2020-26159 reverted due to false positive
                   November 6 2020: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2431-1               debian-lts@lists.debian.org
https://www.debian.org/lts/security/                     Markus Koschany
November 05, 2020                            https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------

Package        : libonig
Version        : 6.1.3-2+deb9u1
CVE ID         : CVE-2019-13224 CVE-2019-16163 CVE-2019-19012
                 CVE-2019-19203 CVE-2019-19204 CVE-2019-19246
                 CVE-2020-26159
Debian Bug     : 931878 939988 944959 945312 945313 946344 972113

Several vulnerabilities were discovered in the Oniguruma regular
expressions library, notably used in PHP mbstring.

CVE-2019-13224

   A use-after-free in onig_new_deluxe() in regext.c allows
   attackers to potentially cause information disclosure, denial of
   service, or possibly code execution by providing a crafted regular
   expression. The attacker provides a pair of a regex pattern and a
   string, with a multi-byte encoding that gets handled by
   onig_new_deluxe().

CVE-2019-16163

    Oniguruma allows Stack Exhaustion in regcomp.c because of recursion
    in regparse.c.

CVE-2019-19012

    An integer overflow in the search_in_range function in regexec.c in
    Onigurama leads to an out-of-bounds read, in which the offset of
    this read is under the control of an attacker. (This only affects
    the 32-bit compiled version). Remote attackers can cause a
    denial-of-service or information disclosure, or possibly have
    unspecified other impact, via a crafted regular expression.

CVE-2019-19203

    An issue was discovered in Oniguruma. In the function
    gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is
    dereferenced without checking if it passed the end of the matched
    string. This leads to a heap-based buffer over-read.

CVE-2019-19204

    An issue was discovered in Oniguruma. In the function
    fetch_interval_quantifier (formerly known as fetch_range_quantifier)
    in regparse.c, PFETCH is called without checking PEND. This leads to
    a heap-based buffer over-read.

CVE-2019-19246

    Oniguruma has a heap-based buffer over-read in str_lower_case_match
    in regexec.c.

CVE-2020-26159

    In Oniguruma an attacker able to supply a regular expression for
    compilation may be able to overflow a buffer by one byte in
    concat_opt_exact_str in src/regcomp.c

For Debian 9 stretch, these problems have been fixed in version
6.1.3-2+deb9u1.

We recommend that you upgrade your libonig packages.

For the detailed security status of libonig please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libonig

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl+jVXVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeRyuA/8DsmKwP4PqQ7ud9HQ/jkpqF6EdEpYJKTWFLvpeNW5RKuwRwI0XVXEfaVE
IQKdtu17GUYJIWDvvvS0RLzlqoEeiHvEfKZBMHRid7sxn6ydu3w4NE4vL1j5joIo
aNSRXWwSe6a5Z17x9n6QJ9QRgKCtWCCnO7H4iYM7WUzcXQqcT+EIj3CPnBcz2Yz1
kd/1csK8JJms2quxFdI34I+fdr1lIhX+KPWzGxcBs5cmKQ/Tk8NV5pCt77dfyGzk
dFiu6UivaAvcwmi3edvLT+lFkZF05j27hIyt+RbMjDzQ0E4hYeYqGAVrJVUkZyFT
dB+7gGHxD2xYgox3G5AAIfBCxEe88VY+w1JsV51NztRYZLi2xJPwnjZnVv10ZaG1
mA47tbeiSrc6iOHXZgw/kr1LL0+5/LxvtOMhC5Z5VwTAdk8SvUGU/eN1vnhYw5Jw
G1tIssLYddKj9ttIbpm/gzC3fm4QyxjYETg3q7275eq1E2hCWqD81SCwszjVe+sV
IPn84OokjMo5SWkX6YSunGXCGYD9MIkGeHkFKoDhI2DKbbBJcdEbb5iFAkG/sZLf
U7hABzCVVE6ZSdwq20yjuHBpxqUZeKeog6O/L20TzsVvGNeHMJAyb8L+5kNDpoZU
EbG57R3WtwP5UbGUvGnLsIUBrKrpvNXdpq+4Fh1KKd2L8byQk1g=
=JaKD
- -----END PGP SIGNATURE-----

- --------------------------------------------------------------------------------

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2431-2                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Markus Koschany
January 30, 2021                              https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : libonig
Version        : 6.1.3-2+deb9u2
CVE ID         : CVE-2020-26159

It was discovered that CVE-2020-26159 in the Oniguruma regular
expressions library, notably used in PHP mbstring, was a false-positive. In
consequence the patch for CVE-2020-26159 was reverted. For reference, the
original advisory text follows.

CVE-2020-26159

    In Oniguruma an attacker able to supply a regular expression for
    compilation may be able to overflow a buffer by one byte in
    concat_opt_exact_str in src/regcomp.c

For Debian 9 stretch, this problem has been fixed in version
6.1.3-2+deb9u2.

We recommend that you upgrade your libonig packages.

For the detailed security status of libonig please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libonig

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYBdNx+NLKJtyKPYoAQjA6Q//QjYc2z56YDGYsDxfZ5UqjK1FynzI1Rq2
znBZZIQ75LOZucNIXyx9Tbz4apx+5SgVQUIHY8m9LZ2ed+i6vdHrGbRQGXqA/8ni
u9WvZTDwoM3XrNaQ8ObNxV9CIfSLJ2KnihqdgGsZD6ZM+UdJPtdsOkD5wTCASJh+
D6wzGe73+ALo9OFLMrsejbyaL9UrrebmAwfPTtL3c4Yz9VRf8MvLR5toP8oncErw
TpeKBlImeBLtKUvDjYqisU+H+tyIP3PcC5oa/1IuEBOHaS/tupdCOWz1qy4/abZL
5aiPmxeNLpLtLDbmW1RFI9qp5O21biERFPbAifix9JRGL51aD38ZPb3Lbum/SFGj
VqIkZwWIZWznJ9p8lWZGxPt/Le9NGiIugFNeOamUU2FAW2vKM6H94X1nt0Ic2Mxc
ZYlZ1Se8QRrgYVnFjF/4/kbER9x5xP5SybJMy06L5RcjnIaBdID2mrYYPTZeDNSz
/PdNHkuOWKPnKDbJWQKPUH4BAkUlbMEGclRbTJtHA/5jiuCMgaCiS9SHxmtLL2vX
tvg++shttlUqSxZ4EBtPK2S4/A0P3VNnWnWNMyI0M1ChFDMdiyW3HZR/UPiVfVuk
8YUjpfhSFJza4L5RDeyj1fBtZDKldrq5BuZJvPD/jZsqGfyW5/qYFDDuFzeEC4Jd
wj7ja8UGBCU=
=Ayfr
-----END PGP SIGNATURE-----

Read More

The post ESB-2020.3899.2 – UPDATE [Debian] libonig: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/02/01/esb-2020-3899-2-update-debian-libonig-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3899-2-update-debian-libonig-multiple-vulnerabilities

BSidesSF 2020 – Ari Eitan’s ‘Mapping The Connections Inside Russia’s APT Ecosystem’

Many thanks to BSidesSF and Conference Speakers for publishing their outstanding presentations; of which, originally appeared at the organization’s BSidesSF 2020, and on the DEF CON YouTube channel. Additionally, the BSidesSF 2021 will take place on March 6 – 9, 2021 – with no cost to participate. Enjoy!

Permalink

The post BSidesSF 2020 – Ari Eitan’s ‘Mapping The Connections Inside Russia’s APT Ecosystem’ appeared first on Security Boulevard.

Read More

The post BSidesSF 2020 – Ari Eitan’s ‘Mapping The Connections Inside Russia’s APT Ecosystem’ appeared first on Malware Devil.

https://malwaredevil.com/2021/01/31/bsidessf-2020-ari-eitans-mapping-the-connections-inside-russias-apt-ecosystem/?utm_source=rss&utm_medium=rss&utm_campaign=bsidessf-2020-ari-eitans-mapping-the-connections-inside-russias-apt-ecosystem