ESB-2021.0955 – [SUSE] linux kernel: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0955
                   Security update for the Linux Kernel
                               18 March 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           linux kernel
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Root Compromise                 -- Existing Account      
                   Execute Arbitrary Code/Commands -- Existing Account      
                   Overwrite Arbitrary Files       -- Existing Account      
                   Denial of Service               -- Existing Account      
                   Access Confidential Data        -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-3347 CVE-2021-0342 CVE-2020-29368
                   CVE-2020-28374 CVE-2020-27786 CVE-2020-25645
                   CVE-2020-1749 CVE-2020-0429 

Reference:         ESB-2021.0924
                   ESB-2021.0920
                   ESB-2021.0861
                   ESB-2021.0837

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2021/suse-su-20210870-1
   https://www.suse.com/support/update/announcement/2021/suse-su-20210868-1
   https://www.suse.com/support/update/announcement/2021/suse-su-20210864-1
   https://www.suse.com/support/update/announcement/2021/suse-su-20210853-1
   https://www.suse.com/support/update/announcement/2021/suse-su-20210859-1
   https://www.suse.com/support/update/announcement/2021/suse-su-20210818-1
   https://www.suse.com/support/update/announcement/2021/suse-su-20210809-1
   https://www.suse.com/support/update/announcement/2021/suse-su-20210849-1
   https://www.suse.com/support/update/announcement/2021/suse-su-20210842-1
   https://www.suse.com/support/update/announcement/2021/suse-su-20210835-1
   https://www.suse.com/support/update/announcement/2021/suse-su-20210826-1
   https://www.suse.com/support/update/announcement/2021/suse-su-20210869-1
   https://www.suse.com/support/update/announcement/2021/suse-su-20210841-1
   https://www.suse.com/support/update/announcement/2021/suse-su-20210840-1
   https://www.suse.com/support/update/announcement/2021/suse-su-20210808-1

Comment: This bulletin contains fifteen (15) SUSE security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

SUSE Security Update: Security update for the Linux Kernel (Live Patch 36 for
SLE 12 SP2)

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:0870-1
Rating:            important
References:        #1178684 #1179616 #1181553
Cross-References:  CVE-2020-27786 CVE-2020-28374 CVE-2021-3347
Affected Products:
                   SUSE OpenStack Cloud 7
                   SUSE Linux Enterprise Server for SAP 12-SP3
                   SUSE Linux Enterprise Server for SAP 12-SP2
                   SUSE Linux Enterprise Server 12-SP3-LTSS
                   SUSE Linux Enterprise Server 12-SP2-LTSS
______________________________________________________________________________

An update that fixes three vulnerabilities is now available.

Description:

This update for the Linux Kernel 4.4.121-92_138 fixes several issues.
The following security issues were fixed:

  o CVE-2021-3347: Fixed a use-after-free in the PI futexes during fault
    handling, allowing local users to execute code in the kernel (bsc#1181553).
  o CVE-2020-27786: Fixed a potential user after free which could have led to
    memory corruption or privilege escalation (bsc#1179616).
  o CVE-2020-28374: Fixed insufficient identifier checking in the LIO SCSI
    target code which could have been used by remote attackers to read or write
    files via directory traversal in an XCOPY request (bsc#1178684).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE OpenStack Cloud 7:
    zypper in -t patch SUSE-OpenStack-Cloud-7-2021-870=1
  o SUSE Linux Enterprise Server for SAP 12-SP3:
    zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-829=1
    SUSE-SLE-SAP-12-SP3-2021-830=1 SUSE-SLE-SAP-12-SP3-2021-831=1
    SUSE-SLE-SAP-12-SP3-2021-832=1 SUSE-SLE-SAP-12-SP3-2021-833=1
    SUSE-SLE-SAP-12-SP3-2021-834=1
  o SUSE Linux Enterprise Server for SAP 12-SP2:
    zypper in -t patch SUSE-SLE-SAP-12-SP2-2021-836=1
    SUSE-SLE-SAP-12-SP2-2021-837=1 SUSE-SLE-SAP-12-SP2-2021-838=1
    SUSE-SLE-SAP-12-SP2-2021-839=1 SUSE-SLE-SAP-12-SP2-2021-870=1
  o SUSE Linux Enterprise Server 12-SP3-LTSS:
    zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-829=1
    SUSE-SLE-SERVER-12-SP3-2021-830=1 SUSE-SLE-SERVER-12-SP3-2021-831=1
    SUSE-SLE-SERVER-12-SP3-2021-832=1 SUSE-SLE-SERVER-12-SP3-2021-833=1
    SUSE-SLE-SERVER-12-SP3-2021-834=1
  o SUSE Linux Enterprise Server 12-SP2-LTSS:
    zypper in -t patch SUSE-SLE-SERVER-12-SP2-2021-836=1
    SUSE-SLE-SERVER-12-SP2-2021-837=1 SUSE-SLE-SERVER-12-SP2-2021-838=1
    SUSE-SLE-SERVER-12-SP2-2021-839=1 SUSE-SLE-SERVER-12-SP2-2021-870=1

Package List:

  o SUSE OpenStack Cloud 7 (x86_64):
       kgraft-patch-4_4_121-92_138-default-7-2.2
  o SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64):
       kgraft-patch-4_4_180-94_116-default-8-2.2
       kgraft-patch-4_4_180-94_116-default-debuginfo-8-2.2
       kgraft-patch-4_4_180-94_121-default-7-2.2
       kgraft-patch-4_4_180-94_121-default-debuginfo-7-2.2
       kgraft-patch-4_4_180-94_124-default-7-2.2
       kgraft-patch-4_4_180-94_124-default-debuginfo-7-2.2
       kgraft-patch-4_4_180-94_127-default-7-2.2
       kgraft-patch-4_4_180-94_127-default-debuginfo-7-2.2
       kgraft-patch-4_4_180-94_130-default-6-2.2
       kgraft-patch-4_4_180-94_130-default-debuginfo-6-2.2
       kgraft-patch-4_4_180-94_135-default-4-2.2
       kgraft-patch-4_4_180-94_135-default-debuginfo-4-2.2
  o SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64):
       kgraft-patch-4_4_121-92_129-default-9-2.2
       kgraft-patch-4_4_121-92_135-default-7-2.2
       kgraft-patch-4_4_121-92_138-default-7-2.2
       kgraft-patch-4_4_121-92_141-default-6-2.2
       kgraft-patch-4_4_121-92_146-default-4-2.2
  o SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64):
       kgraft-patch-4_4_180-94_116-default-8-2.2
       kgraft-patch-4_4_180-94_116-default-debuginfo-8-2.2
       kgraft-patch-4_4_180-94_121-default-7-2.2
       kgraft-patch-4_4_180-94_121-default-debuginfo-7-2.2
       kgraft-patch-4_4_180-94_124-default-7-2.2
       kgraft-patch-4_4_180-94_124-default-debuginfo-7-2.2
       kgraft-patch-4_4_180-94_127-default-7-2.2
       kgraft-patch-4_4_180-94_127-default-debuginfo-7-2.2
       kgraft-patch-4_4_180-94_130-default-6-2.2
       kgraft-patch-4_4_180-94_130-default-debuginfo-6-2.2
       kgraft-patch-4_4_180-94_135-default-4-2.2
       kgraft-patch-4_4_180-94_135-default-debuginfo-4-2.2
  o SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le x86_64):
       kgraft-patch-4_4_121-92_129-default-9-2.2
       kgraft-patch-4_4_121-92_135-default-7-2.2
       kgraft-patch-4_4_121-92_138-default-7-2.2
       kgraft-patch-4_4_121-92_141-default-6-2.2
       kgraft-patch-4_4_121-92_146-default-4-2.2


References:

  o https://www.suse.com/security/cve/CVE-2020-27786.html
  o https://www.suse.com/security/cve/CVE-2020-28374.html
  o https://www.suse.com/security/cve/CVE-2021-3347.html
  o https://bugzilla.suse.com/1178684
  o https://bugzilla.suse.com/1179616
  o https://bugzilla.suse.com/1181553


- --------------------------------------------------------------------------------


SUSE Security Update: Security update for the Linux Kernel (Live Patch 18 for
SLE 15)

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:0868-1
Rating:            important
References:        #1178684 #1179616 #1179664 #1181553
Cross-References:  CVE-2020-27786 CVE-2020-28374 CVE-2020-29368 CVE-2021-3347
Affected Products:
                   SUSE Linux Enterprise Module for Live Patching 15
                   SUSE Linux Enterprise Live Patching 12-SP4
______________________________________________________________________________

An update that fixes four vulnerabilities is now available.

Description:

This update for the Linux Kernel 4.12.14-150_52 fixes several issues.
The following security issues were fixed:

  o CVE-2020-29368: Fixed an issue in copy-on-write implementation which could
    have granted unintended write access because of a race condition in a THP
    mapcount check (bsc#1179664).
  o CVE-2021-3347: Fixed a use-after-free in the PI futexes during fault
    handling, allowing local users to execute code in the kernel (bsc#1181553).
  o CVE-2020-27786: Fixed a potential user after free which could have led to
    memory corruption or privilege escalation (bsc#1179616).
  o CVE-2020-28374: Fixed insufficient identifier checking in the LIO SCSI
    target code which could have been used by remote attackers to read or write
    files via directory traversal in an XCOPY request (bsc#1178684).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Module for Live Patching 15:
    zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2021-865=1
    SUSE-SLE-Module-Live-Patching-15-2021-866=1
    SUSE-SLE-Module-Live-Patching-15-2021-867=1
    SUSE-SLE-Module-Live-Patching-15-2021-868=1
  o SUSE Linux Enterprise Live Patching 12-SP4:
    zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2021-822=1

Package List:

  o SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64):
       kernel-livepatch-4_12_14-150_52-default-7-2.2
       kernel-livepatch-4_12_14-150_52-default-debuginfo-7-2.2
       kernel-livepatch-4_12_14-150_55-default-7-2.2
       kernel-livepatch-4_12_14-150_55-default-debuginfo-7-2.2
       kernel-livepatch-4_12_14-150_58-default-6-2.2
       kernel-livepatch-4_12_14-150_58-default-debuginfo-6-2.2
       kernel-livepatch-4_12_14-150_63-default-4-2.2
       kernel-livepatch-4_12_14-150_63-default-debuginfo-4-2.2
  o SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64):
       kgraft-patch-4_12_14-95_65-default-3-2.2


References:

  o https://www.suse.com/security/cve/CVE-2020-27786.html
  o https://www.suse.com/security/cve/CVE-2020-28374.html
  o https://www.suse.com/security/cve/CVE-2020-29368.html
  o https://www.suse.com/security/cve/CVE-2021-3347.html
  o https://bugzilla.suse.com/1178684
  o https://bugzilla.suse.com/1179616
  o https://bugzilla.suse.com/1179664
  o https://bugzilla.suse.com/1181553


- --------------------------------------------------------------------------------


SUSE Security Update: Security update for the Linux Kernel (Live Patch 22 for
SLE 15)

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:0864-1
Rating:            important
References:        #1179664
Cross-References:  CVE-2020-29368
Affected Products:
                   SUSE Linux Enterprise Module for Live Patching 15-SP1
                   SUSE Linux Enterprise Module for Live Patching 15
                   SUSE Linux Enterprise Live Patching 12-SP4
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for the Linux Kernel 4.12.14-150_66 fixes one issue.
The following security issue was fixed:

  o CVE-2020-29368: Fixed an issue in copy-on-write implementation which could
    have granted unintended write access because of a race condition in a THP
    mapcount check (bsc#1179664).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Module for Live Patching 15-SP1:
    zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2021-850=1
  o SUSE Linux Enterprise Module for Live Patching 15:
    zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2021-864=1
  o SUSE Linux Enterprise Live Patching 12-SP4:
    zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2021-821=1

Package List:

  o SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64):
       kernel-livepatch-4_12_14-197_83-default-2-2.2
  o SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64):
       kernel-livepatch-4_12_14-150_66-default-2-2.2
       kernel-livepatch-4_12_14-150_66-default-debuginfo-2-2.2
  o SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64):
       kgraft-patch-4_12_14-95_68-default-2-2.2


References:

  o https://www.suse.com/security/cve/CVE-2020-29368.html
  o https://bugzilla.suse.com/1179664


- --------------------------------------------------------------------------------


SUSE Security Update: Security update for the Linux Kernel (Live Patch 19 for
SLE 15 SP1)

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:0853-1
Rating:            important
References:        #1178684 #1179616 #1179664 #1180859 #1181553 #1182468
Cross-References:  CVE-2020-27786 CVE-2020-28374 CVE-2020-29368 CVE-2021-0342
                   CVE-2021-3347
Affected Products:
                   SUSE Linux Enterprise Module for Live Patching 15-SP1
______________________________________________________________________________

An update that solves 5 vulnerabilities and has one errata is now available.

Description:

This update for the Linux Kernel 4.12.14-197_72 fixes several issues.
The following security issues were fixed:

  o CVE-2020-29368: Fixed an issue in copy-on-write implementation which could
    have granted unintended write access because of a race condition in a THP
    mapcount check (bsc#1179664).
  o Fixed an issue where NFS client filesystems got unmounted on fail-over (bsc
    #1182468).
  o CVE-2021-3347: Fixed a use-after-free in the PI futexes during fault
    handling, allowing local users to execute code in the kernel (bsc#1181553).
  o CVE-2020-27786: Fixed a potential user after free which could have led to
    memory corruption or privilege escalation (bsc#1179616).
  o CVE-2020-28374: Fixed insufficient identifier checking in the LIO SCSI
    target code which could have been used by remote attackers to read or write
    files via directory traversal in an XCOPY request (bsc#1178684).
  o CVE-2021-0342: Fixed a potential memory corruption due to a use after free
    which could have led to local escalation of privilege with System execution
    privileges required (bsc#1180859).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Module for Live Patching 15-SP1:
    zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2021-853=1
    SUSE-SLE-Module-Live-Patching-15-SP1-2021-854=1
    SUSE-SLE-Module-Live-Patching-15-SP1-2021-855=1
    SUSE-SLE-Module-Live-Patching-15-SP1-2021-861=1
    SUSE-SLE-Module-Live-Patching-15-SP1-2021-862=1
    SUSE-SLE-Module-Live-Patching-15-SP1-2021-863=1

Package List:

  o SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64):
       kernel-livepatch-4_12_14-197_34-default-10-2.2
       kernel-livepatch-4_12_14-197_37-default-10-2.2
       kernel-livepatch-4_12_14-197_40-default-9-2.2
       kernel-livepatch-4_12_14-197_64-default-4-2.2
       kernel-livepatch-4_12_14-197_67-default-4-2.2
       kernel-livepatch-4_12_14-197_72-default-3-2.2


References:

  o https://www.suse.com/security/cve/CVE-2020-27786.html
  o https://www.suse.com/security/cve/CVE-2020-28374.html
  o https://www.suse.com/security/cve/CVE-2020-29368.html
  o https://www.suse.com/security/cve/CVE-2021-0342.html
  o https://www.suse.com/security/cve/CVE-2021-3347.html
  o https://bugzilla.suse.com/1178684
  o https://bugzilla.suse.com/1179616
  o https://bugzilla.suse.com/1179664
  o https://bugzilla.suse.com/1180859
  o https://bugzilla.suse.com/1181553
  o https://bugzilla.suse.com/1182468


- --------------------------------------------------------------------------------


SUSE Security Update: Security update for the Linux Kernel (Live Patch 13 for
SLE 15 SP1)

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:0859-1
Rating:            important
References:        #1178684 #1179616 #1179664 #1180859 #1181553 #1182108
                   #1182468
Cross-References:  CVE-2020-27786 CVE-2020-28374 CVE-2020-29368 CVE-2021-0342
                   CVE-2021-3347
Affected Products:
                   SUSE Linux Enterprise Module for Live Patching 15-SP1
______________________________________________________________________________

An update that solves 5 vulnerabilities and has two fixes is now available.

Description:

This update for the Linux Kernel 4.12.14-197_48 fixes several issues.
The following security issues were fixed:

  o CVE-2020-29368: Fixed an issue in copy-on-write implementation which could
    have granted unintended write access because of a race condition in a THP
    mapcount check (bsc#1179664).
  o Fixed an issue where NFS client filesystems got unmounted on fail-over (bsc
    #1182468).
  o Fixed an issue where NFS client hanged on write errors (bsc#1182108).
  o CVE-2021-3347: Fixed a use-after-free in the PI futexes during fault
    handling, allowing local users to execute code in the kernel (bsc#1181553).
  o CVE-2020-27786: Fixed a potential user after free which could have led to
    memory corruption or privilege escalation (bsc#1179616).
  o CVE-2020-28374: Fixed insufficient identifier checking in the LIO SCSI
    target code which could have been used by remote attackers to read or write
    files via directory traversal in an XCOPY request (bsc#1178684).
  o CVE-2021-0342: Fixed a potential memory corruption due to a use after free
    which could have led to local escalation of privilege with System execution
    privileges required (bsc#1180859).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Module for Live Patching 15-SP1:
    zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2021-856=1
    SUSE-SLE-Module-Live-Patching-15-SP1-2021-857=1
    SUSE-SLE-Module-Live-Patching-15-SP1-2021-858=1
    SUSE-SLE-Module-Live-Patching-15-SP1-2021-859=1
    SUSE-SLE-Module-Live-Patching-15-SP1-2021-860=1

Package List:

  o SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64):
       kernel-livepatch-4_12_14-197_45-default-7-2.2
       kernel-livepatch-4_12_14-197_48-default-7-2.2
       kernel-livepatch-4_12_14-197_51-default-7-2.2
       kernel-livepatch-4_12_14-197_56-default-6-2.2
       kernel-livepatch-4_12_14-197_61-default-5-2.2


References:

  o https://www.suse.com/security/cve/CVE-2020-27786.html
  o https://www.suse.com/security/cve/CVE-2020-28374.html
  o https://www.suse.com/security/cve/CVE-2020-29368.html
  o https://www.suse.com/security/cve/CVE-2021-0342.html
  o https://www.suse.com/security/cve/CVE-2021-3347.html
  o https://bugzilla.suse.com/1178684
  o https://bugzilla.suse.com/1179616
  o https://bugzilla.suse.com/1179664
  o https://bugzilla.suse.com/1180859
  o https://bugzilla.suse.com/1181553
  o https://bugzilla.suse.com/1182108
  o https://bugzilla.suse.com/1182468


- --------------------------------------------------------------------------------


SUSE Security Update: Security update for the Linux Kernel (Live 

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:0818-1
Rating:            important
References:        #1178684 #1179616 #1179664 #1180859 #1181553
Cross-References:  CVE-2020-27786 CVE-2020-28374 CVE-2020-29368 CVE-2021-0342
                   CVE-2021-3347
Affected Products:
                   SUSE Linux Enterprise Module for Live Patching 15-SP1
                   SUSE Linux Enterprise Live Patching 12-SP5
______________________________________________________________________________

Patch 5 for
SLE 12 SP5)

An update that fixes 5 vulnerabilities is now available.

Description:

This update for the Linux Kernel 4.12.14-122_23 fixes several issues.
The following security issues were fixed:

  o CVE-2020-29368: Fixed an issue in copy-on-write implementation which could
    have granted unintended write access because of a race condition in a THP
    mapcount check (bsc#1179664).
  o CVE-2021-3347: Fixed a use-after-free in the PI futexes during fault
    handling, allowing local users to execute code in the kernel (bsc#1181553).
  o CVE-2020-27786: Fixed a potential user after free which could have led to
    memory corruption or privilege escalation (bsc#1179616).
  o CVE-2020-28374: Fixed insufficient identifier checking in the LIO SCSI
    target code which could have been used by remote attackers to read or write
    files via directory traversal in an XCOPY request (bsc#1178684).
  o CVE-2021-0342: Fixed a potential memory corruption due to a use after free
    which could have led to local escalation of privilege with System execution
    privileges required (bsc#1180859).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Module for Live Patching 15-SP1:
    zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2021-852=1
  o SUSE Linux Enterprise Live Patching 12-SP5:
    zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2021-810=1
    SUSE-SLE-Live-Patching-12-SP5-2021-811=1
    SUSE-SLE-Live-Patching-12-SP5-2021-812=1
    SUSE-SLE-Live-Patching-12-SP5-2021-813=1
    SUSE-SLE-Live-Patching-12-SP5-2021-814=1
    SUSE-SLE-Live-Patching-12-SP5-2021-815=1
    SUSE-SLE-Live-Patching-12-SP5-2021-816=1
    SUSE-SLE-Live-Patching-12-SP5-2021-817=1
    SUSE-SLE-Live-Patching-12-SP5-2021-818=1
    SUSE-SLE-Live-Patching-12-SP5-2021-819=1
    SUSE-SLE-Live-Patching-12-SP5-2021-820=1

Package List:

  o SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64):
       kernel-livepatch-4_12_14-197_75-default-3-2.2
  o SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64):
       kgraft-patch-4_12_14-122_17-default-11-2.2
       kgraft-patch-4_12_14-122_20-default-10-2.2
       kgraft-patch-4_12_14-122_23-default-9-2.2
       kgraft-patch-4_12_14-122_26-default-9-2.2
       kgraft-patch-4_12_14-122_29-default-9-2.2
       kgraft-patch-4_12_14-122_32-default-9-2.2
       kgraft-patch-4_12_14-122_37-default-8-2.2
       kgraft-patch-4_12_14-122_41-default-7-2.2
       kgraft-patch-4_12_14-122_46-default-5-2.2
       kgraft-patch-4_12_14-122_51-default-5-2.2
       kgraft-patch-4_12_14-122_54-default-3-2.2


References:

  o https://www.suse.com/security/cve/CVE-2020-27786.html
  o https://www.suse.com/security/cve/CVE-2020-28374.html
  o https://www.suse.com/security/cve/CVE-2020-29368.html
  o https://www.suse.com/security/cve/CVE-2021-0342.html
  o https://www.suse.com/security/cve/CVE-2021-3347.html
  o https://bugzilla.suse.com/1178684
  o https://bugzilla.suse.com/1179616
  o https://bugzilla.suse.com/1179664
  o https://bugzilla.suse.com/1180859
  o https://bugzilla.suse.com/1181553


- --------------------------------------------------------------------------------


SUSE Security Update: Security update for the Linux Kernel (Live Patch 14 for
SLE 12 SP5)

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:0809-1
Rating:            important
References:        #1179616 #1179664 #1180859 #1181553
Cross-References:  CVE-2020-27786 CVE-2020-29368 CVE-2021-0342 CVE-2021-3347
Affected Products:
                   SUSE Linux Enterprise Module for Live Patching 15-SP1
                   SUSE Linux Enterprise Live Patching 12-SP5
______________________________________________________________________________

An update that fixes four vulnerabilities is now available.

Description:

This update for the Linux Kernel 4.12.14-122_57 fixes several issues.
The following security issues were fixed:

  o CVE-2020-29368: Fixed an issue in copy-on-write implementation which could
    have granted unintended write access because of a race condition in a THP
    mapcount check (bsc#1179664).
  o CVE-2021-3347: Fixed a use-after-free in the PI futexes during fault
    handling, allowing local users to execute code in the kernel (bsc#1181553).
  o CVE-2020-27786: Fixed a potential user after free which could have led to
    memory corruption or privilege escalation (bsc#1179616).
  o CVE-2021-0342: Fixed a potential memory corruption due to a use after free
    which could have led to local escalation of privilege with System execution
    privileges required (bsc#1180859).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Module for Live Patching 15-SP1:
    zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2021-851=1
  o SUSE Linux Enterprise Live Patching 12-SP5:
    zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2021-809=1

Package List:

  o SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64):
       kernel-livepatch-4_12_14-197_78-default-3-2.2
  o SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64):
       kgraft-patch-4_12_14-122_57-default-3-2.2


References:

  o https://www.suse.com/security/cve/CVE-2020-27786.html
  o https://www.suse.com/security/cve/CVE-2020-29368.html
  o https://www.suse.com/security/cve/CVE-2021-0342.html
  o https://www.suse.com/security/cve/CVE-2021-3347.html
  o https://bugzilla.suse.com/1179616
  o https://bugzilla.suse.com/1179664
  o https://bugzilla.suse.com/1180859
  o https://bugzilla.suse.com/1181553


- --------------------------------------------------------------------------------


SUSE Security Update: Security update for the Linux Kernel (Live 

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:0849-1
Rating:            important
References:        #1178684 #1179664 #1180859 #1181553 #1182468
Cross-References:  CVE-2020-28374 CVE-2020-29368 CVE-2021-0342 CVE-2021-3347
Affected Products:
                   SUSE Linux Enterprise Module for Live Patching 15-SP2
______________________________________________________________________________

Patch 0 for
SLE 15 SP2)

An update that solves four vulnerabilities and has one errata is now available.

Description:

This update for the Linux Kernel 5.3.18-22 fixes several issues.
The following security issues were fixed:

  o CVE-2020-29368: Fixed an issue in copy-on-write implementation which could
    have granted unintended write access because of a race condition in a THP
    mapcount check (bsc#1179664).
  o Fixed an issue where NFS client filesystems got unmounted on fail-over (bsc
    #1182468).
  o CVE-2021-3347: Fixed a use-after-free in the PI futexes during fault
    handling, allowing local users to execute code in the kernel (bsc#1181553).
  o CVE-2020-28374: Fixed insufficient identifier checking in the LIO SCSI
    target code which could have been used by remote attackers to read or write
    files via directory traversal in an XCOPY request (bsc#1178684).
  o CVE-2021-0342: Fixed a potential memory corruption due to a use after free
    which could have led to local escalation of privilege with System execution
    privileges required (bsc#1180859).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Module for Live Patching 15-SP2:
    zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2021-849=1

Package List:

  o SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x
    x86_64):
       kernel-livepatch-5_3_18-22-default-8-5.2
       kernel-livepatch-5_3_18-22-default-debuginfo-8-5.2
       kernel-livepatch-SLE15-SP2_Update_0-debugsource-8-5.2


References:

  o https://www.suse.com/security/cve/CVE-2020-28374.html
  o https://www.suse.com/security/cve/CVE-2020-29368.html
  o https://www.suse.com/security/cve/CVE-2021-0342.html
  o https://www.suse.com/security/cve/CVE-2021-3347.html
  o https://bugzilla.suse.com/1178684
  o https://bugzilla.suse.com/1179664
  o https://bugzilla.suse.com/1180859
  o https://bugzilla.suse.com/1181553
  o https://bugzilla.suse.com/1182468


- --------------------------------------------------------------------------------


SUSE Security Update: Security update for the Linux Kernel (Live 

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:0842-1
Rating:            important
References:        #1178684 #1179664 #1181553 #1182468
Cross-References:  CVE-2020-28374 CVE-2020-29368 CVE-2021-3347
Affected Products:
                   SUSE Linux Enterprise Module for Live Patching 15-SP2
______________________________________________________________________________

Patch 7 for
SLE 15 SP2)

An update that solves three vulnerabilities and has one errata is now
available.

Description:

This update for the Linux Kernel 5.3.18-24_37 fixes several issues.
The following security issues were fixed:

  o CVE-2020-29368: Fixed an issue in copy-on-write implementation which could
    have granted unintended write access because of a race condition in a THP
    mapcount check (bsc#1179664).
  o Fixed an issue where NFS client filesystems got unmounted on fail-over (bsc
    #1182468).
  o CVE-2021-3347: Fixed a use-after-free in the PI futexes during fault
    handling, allowing local users to execute code in the kernel (bsc#1181553).
  o CVE-2020-28374: Fixed insufficient identifier checking in the LIO SCSI
    target code which could have been used by remote attackers to read or write
    files via directory traversal in an XCOPY request (bsc#1178684).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Module for Live Patching 15-SP2:
    zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2021-842=1
    SUSE-SLE-Module-Live-Patching-15-SP2-2021-843=1
    SUSE-SLE-Module-Live-Patching-15-SP2-2021-844=1
    SUSE-SLE-Module-Live-Patching-15-SP2-2021-845=1
    SUSE-SLE-Module-Live-Patching-15-SP2-2021-846=1
    SUSE-SLE-Module-Live-Patching-15-SP2-2021-847=1
    SUSE-SLE-Module-Live-Patching-15-SP2-2021-848=1

Package List:

  o SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x
    x86_64):
       kernel-livepatch-5_3_18-24_12-default-6-2.2
       kernel-livepatch-5_3_18-24_12-default-debuginfo-6-2.2
       kernel-livepatch-5_3_18-24_15-default-6-2.2
       kernel-livepatch-5_3_18-24_15-default-debuginfo-6-2.2
       kernel-livepatch-5_3_18-24_24-default-6-2.2
       kernel-livepatch-5_3_18-24_24-default-debuginfo-6-2.2
       kernel-livepatch-5_3_18-24_29-default-4-2.2
       kernel-livepatch-5_3_18-24_29-default-debuginfo-4-2.2
       kernel-livepatch-5_3_18-24_34-default-4-2.2
       kernel-livepatch-5_3_18-24_34-default-debuginfo-4-2.2
       kernel-livepatch-5_3_18-24_37-default-4-2.2
       kernel-livepatch-5_3_18-24_37-default-debuginfo-4-2.2
       kernel-livepatch-5_3_18-24_9-default-7-2.2
       kernel-livepatch-5_3_18-24_9-default-debuginfo-7-2.2
       kernel-livepatch-SLE15-SP2_Update_1-debugsource-7-2.2
       kernel-livepatch-SLE15-SP2_Update_2-debugsource-6-2.2
       kernel-livepatch-SLE15-SP2_Update_3-debugsource-6-2.2
       kernel-livepatch-SLE15-SP2_Update_4-debugsource-6-2.2
       kernel-livepatch-SLE15-SP2_Update_5-debugsource-4-2.2
       kernel-livepatch-SLE15-SP2_Update_6-debugsource-4-2.2
       kernel-livepatch-SLE15-SP2_Update_7-debugsource-4-2.2


References:

  o https://www.suse.com/security/cve/CVE-2020-28374.html
  o https://www.suse.com/security/cve/CVE-2020-29368.html
  o https://www.suse.com/security/cve/CVE-2021-3347.html
  o https://bugzilla.suse.com/1178684
  o https://bugzilla.suse.com/1179664
  o https://bugzilla.suse.com/1181553
  o https://bugzilla.suse.com/1182468


- --------------------------------------------------------------------------------


SUSE Security Update: Security update for the Linux Kernel (Live Patch 39 for
SLE 12 SP2)

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:0835-1
Rating:            important
References:        #1165631 #1176931 #1177513 #1178684 #1179616
Cross-References:  CVE-2020-0429 CVE-2020-1749 CVE-2020-25645 CVE-2020-27786
                   CVE-2020-28374
Affected Products:
                   SUSE Linux Enterprise Server for SAP 12-SP3
                   SUSE Linux Enterprise Server for SAP 12-SP2
                   SUSE Linux Enterprise Server 12-SP3-LTSS
                   SUSE Linux Enterprise Server 12-SP2-LTSS
______________________________________________________________________________

An update that fixes 5 vulnerabilities is now available.

Description:

This update for the Linux Kernel 4.4.121-92_149 fixes several issues.
The following security issues were fixed:

  o CVE-2020-27786: Fixed a potential user after free which could have led to
    memory corruption or privilege escalation (bsc#1179616).
  o CVE-2020-28374: Fixed insufficient identifier checking in the LIO SCSI
    target code which could have been used by remote attackers to read or write
    files via directory traversal in an XCOPY request (bsc#1178684).
  o CVE-2020-25645: Fixed an issue where the traffic between two Geneve
    endpoints may have been unencrypted when IPsec was configured to encrypt
    traffic for the specific UDP port used by the GENEVE tunnel allowing anyone
    between the two endpoints to read the traffic unencrypted (bsc#1177513).
  o CVE-2020-0429: Fixed a potential memory corruption due to a use after free
    which could have led local escalation of privilege with System execution
    privileges needed (bsc#1176931).
  o CVE-2020-1749: Fixed an issue in some networking protocols in IPsec, such
    as VXLAN and GENEVE tunnels over IPv6 where the kernel was not correctly
    routing tunneled data over the encrypted link rather sending the data
    unencrypted (bsc#1165631).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Server for SAP 12-SP3:
    zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-828=1
  o SUSE Linux Enterprise Server for SAP 12-SP2:
    zypper in -t patch SUSE-SLE-SAP-12-SP2-2021-835=1
  o SUSE Linux Enterprise Server 12-SP3-LTSS:
    zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-828=1
  o SUSE Linux Enterprise Server 12-SP2-LTSS:
    zypper in -t patch SUSE-SLE-SERVER-12-SP2-2021-835=1

Package List:

  o SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64):
       kgraft-patch-4_4_180-94_138-default-2-2.2
       kgraft-patch-4_4_180-94_138-default-debuginfo-2-2.2
  o SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64):
       kgraft-patch-4_4_121-92_149-default-2-2.2
  o SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64):
       kgraft-patch-4_4_180-94_138-default-2-2.2
       kgraft-patch-4_4_180-94_138-default-debuginfo-2-2.2
  o SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le x86_64):
       kgraft-patch-4_4_121-92_149-default-2-2.2


References:

  o https://www.suse.com/security/cve/CVE-2020-0429.html
  o https://www.suse.com/security/cve/CVE-2020-1749.html
  o https://www.suse.com/security/cve/CVE-2020-25645.html
  o https://www.suse.com/security/cve/CVE-2020-27786.html
  o https://www.suse.com/security/cve/CVE-2020-28374.html
  o https://bugzilla.suse.com/1165631
  o https://bugzilla.suse.com/1176931
  o https://bugzilla.suse.com/1177513
  o https://bugzilla.suse.com/1178684
  o https://bugzilla.suse.com/1179616


- --------------------------------------------------------------------------------


SUSE Security Update: Security update for the Linux Kernel (Live Patch 13 for
SLE 12 SP4)

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:0826-1
Rating:            important
References:        #1178684 #1179616 #1179664 #1181553 #1182468
Cross-References:  CVE-2020-27786 CVE-2020-28374 CVE-2020-29368 CVE-2021-3347
Affected Products:
                   SUSE Linux Enterprise Live Patching 12-SP4
______________________________________________________________________________

An update that solves four vulnerabilities and has one errata is now available.

Description:

This update for the Linux Kernel 4.12.14-95_51 fixes several issues.
The following security issues were fixed:

  o CVE-2020-29368: Fixed an issue in copy-on-write implementation which could
    have granted unintended write access because of a race condition in a THP
    mapcount check (bsc#1179664).
  o Fixed an issue where NFS client filesystems got unmounted on fail-over (bsc
    #1182468).
  o CVE-2021-3347: Fixed a use-after-free in the PI futexes during fault
    handling, allowing local users to execute code in the kernel (bsc#1181553).
  o CVE-2020-27786: Fixed a potential user after free which could have led to
    memory corruption or privilege escalation (bsc#1179616).
  o CVE-2020-28374: Fixed insufficient identifier checking in the LIO SCSI
    target code which could have been used by remote attackers to read or write
    files via directory traversal in an XCOPY request (bsc#1178684).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Live Patching 12-SP4:
    zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2021-826=1
    SUSE-SLE-Live-Patching-12-SP4-2021-827=1

Package List:

  o SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64):
       kgraft-patch-4_12_14-95_51-default-9-2.2
  o SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le x86_64):
       kgraft-patch-4_12_14-95_48-default-10-2.2


References:

  o https://www.suse.com/security/cve/CVE-2020-27786.html
  o https://www.suse.com/security/cve/CVE-2020-28374.html
  o https://www.suse.com/security/cve/CVE-2020-29368.html
  o https://www.suse.com/security/cve/CVE-2021-3347.html
  o https://bugzilla.suse.com/1178684
  o https://bugzilla.suse.com/1179616
  o https://bugzilla.suse.com/1179664
  o https://bugzilla.suse.com/1181553
  o https://bugzilla.suse.com/1182468


- --------------------------------------------------------------------------------


SUSE Security Update: Security update for the Linux Kernel (Live Patch 10 for
SLE 15 SP2)

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:0869-1
Rating:            important
References:        #1179664 #1179779
Cross-References:  CVE-2020-29368 CVE-2020-29373
Affected Products:
                   SUSE Linux Enterprise Module for Live Patching 15-SP2
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for the Linux Kernel 5.3.18-24_49 fixes several issues.
The following security issues were fixed:

  o CVE-2020-29368: Fixed an issue in copy-on-write implementation which could
    have granted unintended write access because of a race condition in a THP
    mapcount check (bsc#1179664).
  o CVE-2020-29373: Fixed an issue where kernel unsafely handles the root
    directory during path lookups, and thus a process inside a mount namespace
    could escape to unintended filesystem locations (bsc#1179779).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Module for Live Patching 15-SP2:
    zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2021-869=1

Package List:

  o SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x
    x86_64):
       kernel-livepatch-5_3_18-24_49-default-2-2.2
       kernel-livepatch-5_3_18-24_49-default-debuginfo-2-2.2
       kernel-livepatch-SLE15-SP2_Update_10-debugsource-2-2.2


References:

  o https://www.suse.com/security/cve/CVE-2020-29368.html
  o https://www.suse.com/security/cve/CVE-2020-29373.html
  o https://bugzilla.suse.com/1179664
  o https://bugzilla.suse.com/1179779


- --------------------------------------------------------------------------------


SUSE Security Update: Security update for the Linux Kernel (Live 

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:0841-1
Rating:            important
References:        #1178684 #1179664 #1181553
Cross-References:  CVE-2020-28374 CVE-2020-29368 CVE-2021-3347
Affected Products:
                   SUSE Linux Enterprise Module for Live Patching 15-SP2
______________________________________________________________________________

Patch 8 for
SLE 15 SP2)

An update that fixes three vulnerabilities is now available.

Description:

This update for the Linux Kernel 5.3.18-24_43 fixes several issues.
The following security issues were fixed:

  o CVE-2020-29368: Fixed an issue in copy-on-write implementation which could
    have granted unintended write access because of a race condition in a THP
    mapcount check (bsc#1179664).
  o CVE-2021-3347: Fixed a use-after-free in the PI futexes during fault
    handling, allowing local users to execute code in the kernel (bsc#1181553).
  o CVE-2020-28374: Fixed insufficient identifier checking in the LIO SCSI
    target code which could have been used by remote attackers to read or write
    files via directory traversal in an XCOPY request (bsc#1178684).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Module for Live Patching 15-SP2:
    zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2021-841=1

Package List:

  o SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x
    x86_64):
       kernel-livepatch-5_3_18-24_43-default-3-2.2
       kernel-livepatch-5_3_18-24_43-default-debuginfo-3-2.2
       kernel-livepatch-SLE15-SP2_Update_8-debugsource-3-2.2


References:

  o https://www.suse.com/security/cve/CVE-2020-28374.html
  o https://www.suse.com/security/cve/CVE-2020-29368.html
  o https://www.suse.com/security/cve/CVE-2021-3347.html
  o https://bugzilla.suse.com/1178684
  o https://bugzilla.suse.com/1179664
  o https://bugzilla.suse.com/1181553


- --------------------------------------------------------------------------------


SUSE Security Update: Security update for the Linux Kernel (Live 

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:0840-1
Rating:            important
References:        #1179664 #1181553
Cross-References:  CVE-2020-29368 CVE-2021-3347
Affected Products:
                   SUSE Linux Enterprise Module for Live Patching 15-SP2
______________________________________________________________________________

Patch 9 for
SLE 15 SP2)

An update that fixes two vulnerabilities is now available.

Description:

This update for the Linux Kernel 5.3.18-24_46 fixes several issues.
The following security issues were fixed:

  o CVE-2020-29368: Fixed an issue in copy-on-write implementation which could
    have granted unintended write access because of a race condition in a THP
    mapcount check (bsc#1179664).
  o CVE-2021-3347: Fixed a use-after-free in the PI futexes during fault
    handling, allowing local users to execute code in the kernel (bsc#1181553).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Module for Live Patching 15-SP2:
    zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2021-840=1

Package List:

  o SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x
    x86_64):
       kernel-livepatch-5_3_18-24_46-default-3-2.2
       kernel-livepatch-5_3_18-24_46-default-debuginfo-3-2.2
       kernel-livepatch-SLE15-SP2_Update_9-debugsource-3-2.2


References:

  o https://www.suse.com/security/cve/CVE-2020-29368.html
  o https://www.suse.com/security/cve/CVE-2021-3347.html
  o https://bugzilla.suse.com/1179664
  o https://bugzilla.suse.com/1181553


- --------------------------------------------------------------------------------


SUSE Security Update: Security update for the Linux Kernel (Live Patch 15 for
SLE 12 SP5)

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:0808-1
Rating:            important
References:        #1179616 #1179664
Cross-References:  CVE-2020-27786 CVE-2020-29368
Affected Products:
                   SUSE Linux Enterprise Live Patching 12-SP5
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for the Linux Kernel 4.12.14-122_60 fixes several issues.
The following security issues were fixed:

  o CVE-2020-29368: Fixed an issue in copy-on-write implementation which could
    have granted unintended write access because of a race condition in a THP
    mapcount check (bsc#1179664).
  o CVE-2020-27786: Fixed a potential user after free which could have led to
    memory corruption or privilege escalation (bsc#1179616).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Live Patching 12-SP5:
    zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2021-808=1

Package List:

  o SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64):
       kgraft-patch-4_12_14-122_60-default-2-2.2


References:

  o https://www.suse.com/security/cve/CVE-2020-27786.html
  o https://www.suse.com/security/cve/CVE-2020-29368.html
  o https://bugzilla.suse.com/1179616
  o https://bugzilla.suse.com/1179664

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYFLkrONLKJtyKPYoAQhMhQ//fy6cCXBcx6DME7Fo2qdn/Hdmvaqq0Q+m
5tzEWsRtYieV9/Htsxdr3ssd3g28HKE+kxJjqQNBCV6U0ajCXHo1mC5sggC4KnKR
FxLrEWVYWqDN148w4+Xx4GmoO7AvHCm9Q/PE1+nHmrLNcYUJkgHqa/ALTFX4BwYq
fmN20as51EoOWo5uNPb3XMV4lLn4kwt7BIT3n4zDBa3flUGYvs5sxqFZ0sCN+Ji8
VjSmzZ9MKQpTXjsZt8EzGt+/HXr4GKQxms4P3poMr66+QW+R605nm63nnhKWSYRr
BfVs2n6COXqlwJhrt+orgtsSk+1SnxSVFgq0f4G4n3svtNP2ZrhuYgBc1kfRo0al
Y7n4TjVWShmOk9JJCPNS3qSSBnjQP+HpThCnpqRT8qmZMOvrqsdFaF4T3YIQpNbo
257siJwltj6WvQgkcrR3m0UTocdktHwrgcl9HDyrI2q3RMXgWOTh0WktjaqBKlgN
Ac/PVuJoaSpPcJiYTxX+tD5BhIGTxadgHCb6UgivgWrtroCPFiAYgjx2ht8Q+MfI
eyFQEvm+OMW8SwBYFgcMNGuxI7bi8GZpaUO+9oEpvCOsWppDLTHvCLzgqYNEs+Nn
/Z3D7eEK4qvEfw7ppOHB5QC9bj8KnrOFzbXv2bHwg/8wSoaXfTxpLzFqV82UHyug
holhoKEo5cE=
=NZnr
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.0955 – [SUSE] linux kernel: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/03/18/esb-2021-0955-suse-linux-kernel-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0955-suse-linux-kernel-multiple-vulnerabilities

ESB-2021.0954 – [UNIX/Linux][FreeBSD] dnsmasq: Provide misleading information – Unknown/unspecified

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0954
    dnsmasq -- cache poisoning vulnerability in certain configurations
                               18 March 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           dnsmasq
Publisher:         FreeBSD
Operating System:  FreeBSD
                   UNIX variants (UNIX, Linux, OSX)
Impact/Access:     Provide Misleading Information -- Unknown/Unspecified
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-3448  

Original Bulletin: 
   http://www.vuxml.org/freebsd/5b72b1ff-877c-11eb-bd4f-2f1d57dafe46.html

Comment: This advisory references vulnerabilities in products which run on 
         platforms other than FreeBSD. It is recommended that administrators
         running dnsmasq check for an updated version of the software for 
         their operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

dnsmasq -- cache poisoning vulnerability in certain configurations

Affected packages
  dnsmasq       

Read More

The post ESB-2021.0954 – [UNIX/Linux][FreeBSD] dnsmasq: Provide misleading information – Unknown/unspecified appeared first on Malware Devil.

https://malwaredevil.com/2021/03/18/esb-2021-0954-unix-linuxfreebsd-dnsmasq-provide-misleading-information-unknown-unspecified/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0954-unix-linuxfreebsd-dnsmasq-provide-misleading-information-unknown-unspecified

ESB-2021.0953 – [RedHat] Resilient SOAR: Access confidential data – Remote/unauthenticated

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0953
          Security Bulletin: IBM Resilient vulnerable to username
                        enumeration (CVE-2020-4635)
                               18 March 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Resilient SOAR
Publisher:         IBM
Operating System:  Red Hat
Impact/Access:     Access Confidential Data -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-4635  

Original Bulletin: 
   https://www.ibm.com/support/pages/node/6431265

- --------------------------BEGIN INCLUDED TEXT--------------------

IBM Resilient vulnerable to username enumeration (CVE-2020-4635)

Document Information

Document number    : 6431265
Modified date      : 17 March 2021
Product            : IBM Resilient
Software version   : IBM Resilient SOAR
Operating system(s): Red Hat

Summary

IBM Resilient could disclose sensitive information by allowing a user to
enumerate usernames. An attacker may use this to determine if a user exists or
not.

Vulnerability Details

CVEID: CVE-2020-4635
DESCRIPTION: IBM Resilient could disclose sensitive information by allowing a
user to enumerate usernames.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
185502 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

+-------------------+-----------------+
|Affected Product(s)|Version(s)       |
+-------------------+-----------------+
|Resilient OnPrem   |IBM Security SOAR|
+-------------------+-----------------+

Remediation/Fixes

Users must upgrade to v40.1 of IBM Resilient in order to obtain a fix for this
vulnerability. This version implements a rate-limiting and fuzzing feature to
defend against such attacks.

You can upgrade the platform by following the instructions in the " Upgrade
Procedure " section in the IBM Knowledge Center.

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

References

Complete CVSS v3 Guide
On-line Calculator v3

Off

Acknowledgement

John Zuccato, Rodney Ryan, Chris Shepherd, Nathan Roane, Kamil Sarbinowski,
Vince Dragnea, Troy Fisher and Elaheh Samani from IBM X-Force Ethical Hacking
Team.

Change History

16 Mar 2021: Initial Publication

Document Location

Worldwide

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYFKy1+NLKJtyKPYoAQgDahAAhu6C6mso2dI2uyZY6jZ1eyk2pqZjm5Ky
0KCrGGo9j+iTpgxuJO8L72GEyIiqrhR9avEqjOTVcydzDguXF5IlRnGVW4Lk/3sm
YpHlZ++ZiL5wwpDW0da/jTmYIYTjVTM/XA6vHsMHDYGLptKGuGdI9b3753hb5sg0
kjSZsUeX6BkJ4majxIRCNa1HpVJQT0CVmzyvo6jIj3b96SwoaEFGO5jvPwXqJkvZ
xT33AwMjslC+zhsK5SUG05VN5ALx4sNFts6aI2q7gkqn5xTR51JXaqt2vIH5+NHQ
cCv4HB7su/zI6LKEN2N5RX0/VLggrwx1uS2abXriPqQK6GsjKf2cQVtDry+xOAzz
ak7ydnstXqwNTfqKEZS/xV+RVlp5tGblVoYDbqP5BhMtrxq7kAm/W5IU+MFVNIdE
2PG5/pJTCC8LkCkgDx21zHDHd8DfyOrfyV2S+C/UYijqW0G2D7jBnm4vbJp45JAK
7hNb+PjrQ+7/lSX9P/USN6YNw18Fk6HETRDyHHqkftR3FmslhAknmmrVtAUHM9SD
HsqErIfmehvL6GHvx7bf5qZWGmAbAwCVxgALSLunDiP0nkOzP1vCLlq/u9/K+r8J
vpLlAYCrV6qodsxjZv3N0fbn0+PPZa1MuM3c/RFdYhloLE0XJu2EfrG5fZn8NeJ1
reWq3lP6WlY=
=U2Ux
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.0953 – [RedHat] Resilient SOAR: Access confidential data – Remote/unauthenticated appeared first on Malware Devil.

https://malwaredevil.com/2021/03/18/esb-2021-0953-redhat-resilient-soar-access-confidential-data-remote-unauthenticated/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0953-redhat-resilient-soar-access-confidential-data-remote-unauthenticated

ESB-2021.0952 – [Win][UNIX/Linux] Shibboleth SP: Provide misleading information – Unknown/unspecified

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0952
               Shibboleth Service Provider Security Advisory
                               18 March 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Shibboleth SP
Publisher:         Shibboleth
Operating System:  UNIX variants (UNIX, Linux, OSX)
                   Windows
Impact/Access:     Provide Misleading Information -- Unknown/Unspecified
Resolution:        Patch/Upgrade

Original Bulletin: 
   https://shibboleth.net/community/advisories/secadv_20210317.txt

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Shibboleth Service Provider Security Advisory [17 March 2021]

An updated version of the Service Provider software is available
which fixes a phishing vulnerability.

Template generation allows external parameters to override placeholders
======================================================================
The SP includes a primitive template engine used to render error pages
and various other status or transition pages, and it supports a syntax
for embedding placeholders that are replaced by internally supplied
values or configuration settings.

For reasons that are unclear in the code history, it was extended to
allow replacement via query parameters also, though this is not a
typical need. Because of this feature, it's possible to cause the SP
to display some templates containing values supplied externally by
URL manipulation.

Though the values are encoded to prevent script injection, the content
nevertheless appears to come from the server and so would be interpreted
as trustworthy, allowing email addresses, logos and style sheets, or
support URLs to be manipulated by an attacker.

All platforms are impacted by this issue.


Recommendations
===============
Update to V3.2.1 or later of the Service Provider software, which
is now available.

The update adds a new  setting to the configuration called
externalParameters, which defaults to false. When false, support for
this "feature" is disabled. In the unlikely event that a valid need
for this exists, the setting can be enabled temporarily to maintain
function until the use case requiring it is addressed in some other
way.

In the event that an update is not possible, reducing or eliminating
some of the more sensitive template replacement values with static
values in the templates may decrease the impact.


Other Notes
===========
The cpp-sp git commit containing the fix for this issue is
d1dbebfadc1bdb824fea63843c4c38fa69e54379


Credits
=======
Toni Huttunen, Fraktal Oy


History
=======
Edited to add credit, and a bit more discussion of style sheet risk
and workarounds.

URL for this Security Advisory:
https://shibboleth.net/community/advisories/secadv_20210317.txt

- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE3KoVAHvtneaQzZUjN4uEVAIneWIFAmBSD+MACgkQN4uEVAIn
eWJQtBAAp3xxDvDxiQ3bNw+vwJmEOVjJMlwLjBQPmYvV09Pu593xuQj4RWLbZRgK
lZlxHzvXb6dg+bHNl799uCFhcWe8NExB5GnTQPR8/JG1OwgJ0WogezpMYAAvKjkA
LXaDsz7u4DDQ4OBYemkMx3W+0CHhYPw+TLz9rHN+rAKOEGzPLWDT/cKJ75ps19/v
hnQKZ7i7mQobh61zAe5rpi+ziWmDqhzFv4uBOwbuY02UYZQm6+D3BRqAf62Cjnyh
Z/nuZ6Z/5BxitDZBPPSreSl7sMHYzI83RDZGHWgEDjHKZdpYSXpUM3vntuC1pdaO
r4izd97H7nptnuznslu1S0NfkeZlWF3XaaMa8ZrCvMvC62MVK+WvOgFZxE5wmeDZ
3f9Eei//LTE4+B1rQPU99wNbgXdelfXWKkN6hHIXcSlfqG4miAONA86U39JuNovy
S66o9uQG3y55Qp9YcGAca4/9azmr8xQlcKTPFfp2tJrvCwmK3yu0TPbeirPpE9SN
eJhl3/cCenOyN9pMZOZ9MqeIPdlkJ1Qwcd1xs/Jyzqo/LTsvnzVTzaCx0lc6qy/Z
ld3Amkcpo/K2NajWjFVvwx72Yj4Y3DCUvlDrQcNM8Oc2Sv195EDJpXIW8ynqB9aZ
RJUrsmhKRcQKMbfGlHAToMREruW1i3jH1twqS/IOxe7Z4jg5u3A=
=tv1A
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYFKtIeNLKJtyKPYoAQiKrQ/+Ijzytw+5FcbGH8r3BAVtcBeUTcrFQid5
FJgpOZwmT6CquxPlKq8ZrE3NF70JpXysGquTpd4+OIgV98CSuWYs2O1mkX51zSDm
iMiLt6WhFdfwCA0t7UlWF+3pcxx5oUshtH8OeWq46Y4H25nch+Z7wJhok3qbPE2U
O9sC+gxcUWeUA7DiEaC3V0MlamOdynRcp6pdAlFh07+cuPzuMz5ivqlvmNYGt8JO
CqNc2FfBxiBrX+P/x5bNEwFiS4L0KmHwdAG1Xi8o1gvrvJW/nQ2R91x0L7wx/VmD
eei9KfFGlTv58F4wdW1nt+0gf5wyNTAVuCvUjMv2P7L2BGfgnhJwwTQJ17TW5ceC
HYolhlXOmn92Ayya+JfemI0Xf1Nlxj7rrPehfvHHkGiZzGQXZPDZD9Z7/TN7VRr3
ULXW7wXZ6Urb3P8oVGB9a6Lrlpg09FuxcWHGnjmYZgxs5E/2H23vdHrarSg1kB+5
TXXybT+jz85I7ioeQye5NeTh8uYxks69xYriKbFOgB9/b82qY3AQZmWogGmlIQe+
AiQWpdiLtZf+1j2YmJXYc6NKwiUI3MwJtcihiKbrY2rDEtE/ztUkx/HwfIZprmeE
45JF8Q2XWsReDRREySaiL4qmT9Deqf/wk+fgOe/Umshx0t0zYtegqkuCLAwTtdK9
AwFyLRsFdSk=
=GKME
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.0952 – [Win][UNIX/Linux] Shibboleth SP: Provide misleading information – Unknown/unspecified appeared first on Malware Devil.

https://malwaredevil.com/2021/03/18/esb-2021-0952-winunix-linux-shibboleth-sp-provide-misleading-information-unknown-unspecified/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0952-winunix-linux-shibboleth-sp-provide-misleading-information-unknown-unspecified

ESB-2021.0951 – [Win][UNIX/Linux][Virtual] GitLab: Execute arbitrary code/commands – Existing account

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0951
       GitLab Critical Security Release: 13.9.4, 13.8.6, and 13.7.9
                               18 March 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           GitLab Community Edition
                   GitLab Enterprise Edition
Publisher:         GitLab
Operating System:  Windows
                   UNIX variants (UNIX, Linux, OSX)
                   Virtualisation
Impact/Access:     Execute Arbitrary Code/Commands -- Existing Account
Resolution:        Patch/Upgrade

Original Bulletin: 
   https://about.gitlab.com/releases/2021/03/17/security-release-gitlab-13-9-4-released/

- --------------------------BEGIN INCLUDED TEXT--------------------

Today we are releasing versions 13.9.4, 13.8.6, and 13.7.9 for GitLab Community
Edition (CE) and Enterprise Edition (EE).

These versions contain important security fixes, and we strongly recommend that
all GitLab installations be upgraded to one of these versions immediately.

GitLab releases patches for vulnerabilities in dedicated security releases.
There are two types of security releases: a monthly, scheduled security
release, released a week after the feature release (which deploys on the 22nd
of each month), and ad-hoc security releases for critical vulnerabilities. For
more information, you can visit our security FAQ. You can see all of our
regular and security release blog posts here. In addition, the issues detailing
each vulnerability are made public on our issue tracker 30 days after the
release in which they were patched.

We are dedicated to ensuring all aspects of GitLab that are exposed to
customers or that host customer data are held to the highest security
standards. As part of maintaining good security hygiene, it is highly
recommended that all customers upgrade to the latest security release for their
supported version. You can read more best practices in securing your GitLab
instance in our blog post.

Table of Fixes

                      Title                                              Severity


Remote code execution via unsafe user-controlled markdown                critical
rendering options




An issue has been discovered in GitLab CE/EE affecting all versions starting
from 13.2 allowing unauthorised authenticated users to execute arbitrary code
on the server. This is a critical severity issue (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/
S:C/C:H/I:H/A:H, 9.9). We have requested a CVE ID and will update this blog
post when it is assigned.

Thanks @vakzz for reporting this vulnerability through our HackerOne bug bounty
program.

Remediation

We strongly recommend that all installations running an affected version above
are upgraded to the latest version as soon as possible.

Updating

To update GitLab, see the Update page. To update Gitlab Runner, see the
Updating the Runner page.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYFKk5uNLKJtyKPYoAQjY3xAArdwrdl5B9g+QgAxUXqRQZC/EuomcDL/P
N368L5FEC0xjZdxcg7FEdzyYlQBFZeuDs9j+3f0M7drhpZhxJUX98b1Pzl3V47EU
84FH2akGAnOkKLZwSjyGa80T7nkTpvtBfTurUIRvdPLbaoTG/XS9newrSd/RHiHK
y9G+t7kZclFPJyfB1uw9BGu/+GPAqX9WErkFU7Hek2RnIjc6CmUcGXwO9YGE4DO1
o6FNVgXKCBrpjUy8WP9V/yiYzVsSdDpeDOJH0SYgXFkwZRTYptPQ9aN9FLAFxTyD
2kuPc1lYsKMrw7ucy0hX57hKsDZDFt37Lb/dl7TRQqQ2vEUGrZrxQ1PHVKCmc+u6
IYRSVXrc/Tjj32Ukcs/g6/8Xx1d5/7Wc6/kLdrSMGs82/ci8ohlCGZXenK8qS/Yf
0Cc2f1wq25Cy3oN/qb2s3m+yWYecTILyspu3Qz+YyDqB45k2jqdnRsYrxvA2PPV7
fylr2HNKW/UnFB4Q/w8Gy5QVCN/ud3OI31ad5kn2fxdZ0pxdXl/VSvyFHuFvTLo2
eof/eI3r1zib6SpInh+VYepYkA6ReRnuq3YUK77HjmnYh+hRy5aJSa3ewBuqPwRX
/S/pc1cSLPRVd1XCypQsnA3hd3jFhZIczzBhU233P10ZtOpRoJcdjAMhC+oOB1nL
Xq4WVC2Ym0Q=
=ayuT
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.0951 – [Win][UNIX/Linux][Virtual] GitLab: Execute arbitrary code/commands – Existing account appeared first on Malware Devil.

https://malwaredevil.com/2021/03/18/esb-2021-0951-winunix-linuxvirtual-gitlab-execute-arbitrary-code-commands-existing-account/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0951-winunix-linuxvirtual-gitlab-execute-arbitrary-code-commands-existing-account

ESB-2021.0950 – [Cisco] Cisco Products: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0950
           Cisco Small Business RV132W and RV134W Routers Remote
           Command Execution and Denial of Service Vulnerability
                               18 March 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           RV132W ADSL2+ Wireless-N VPN Routers
                   RV134W VDSL2 Wireless-AC VPN Routers
Publisher:         Cisco Systems
Operating System:  Cisco
Impact/Access:     Execute Arbitrary Code/Commands -- Existing Account
                   Denial of Service               -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-1287  

Original Bulletin: 
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-132w134w-overflow-Pptt4H2p

- --------------------------BEGIN INCLUDED TEXT--------------------

Cisco Small Business RV132W and RV134W Routers Management Interface Remote
Command Execution and Denial of Service Vulnerability

Priority:        High
Advisory ID:     cisco-sa-rv-132w134w-overflow-Pptt4H2p
First Published: 2021 March 17 16:00 GMT
Version 1.0:     Final
Workarounds:     No workarounds available
Cisco Bug IDs:   CSCvw65031 CSCvw65032
CVE Names:       CVE-2021-1287
CWEs:            CWE-121

Summary

  o A vulnerability in the web-based management interface of Cisco RV132W
    ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN
    Routers could allow an authenticated, remote attacker to execute arbitrary
    code on an affected device or cause the device to restart unexpectedly.

    The vulnerability exists because the web-based management interface does
    not properly validate user-supplied input. An attacker could exploit this
    vulnerability by sending crafted HTTP requests to an affected device. A
    successful exploit could allow the attacker to execute arbitrary code as
    the root user on the underlying operating system or cause the device to
    reload, resulting in a denial of service (DoS) condition on the affected
    device.

    Cisco has released software updates that address this vulnerability. There
    are no workarounds that address this vulnerability.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-132w134w-overflow-Pptt4H2p

Affected Products

  o Vulnerable Products

    This vulnerability affects the following Cisco devices:

       RV132W ADSL2+ Wireless-N VPN Routers if they are running a firmware
        release earlier than Release 1.0.1.15
       RV134W VDSL2 Wireless-AC VPN Routers if they are running a firmware
        release earlier than Release 1.0.1.21

    Products Confirmed Not Vulnerable

    Only products listed in the Vulnerable Products section of this advisory
    are known to be affected by this vulnerability.

Workarounds

  o There are no workarounds that address this vulnerability.

Fixed Software

  o Cisco has released free software updates that address the vulnerability
    described in this advisory. Customers may only install and expect support
    for software versions and feature sets for which they have purchased a
    license. By installing, downloading, accessing, or otherwise using such
    software upgrades, customers agree to follow the terms of the Cisco
    software license:
    https://www.cisco.com/c/en/us/products/end-user-license-agreement.html

    Additionally, customers may only download software for which they have a
    valid license, procured from Cisco directly, or through a Cisco authorized
    reseller or partner. In most cases this will be a maintenance upgrade to
    software that was previously purchased. Free security software updates do
    not entitle customers to a new software license, additional software
    feature sets, or major revision upgrades.

    When considering software upgrades , customers are advised to regularly
    consult the advisories for Cisco products, which are available from the
    Cisco Security Advisories page , to determine exposure and a complete
    upgrade solution.

    In all cases, customers should ensure that the devices to be upgraded
    contain sufficient memory and confirm that current hardware and software
    configurations will continue to be supported properly by the new release.
    If the information is not clear, customers are advised to contact the Cisco
    Technical Assistance Center (TAC) or their contracted maintenance
    providers.

    Customers Without Service Contracts

    Customers who purchase directly from Cisco but do not hold a Cisco service
    contract and customers who make purchases through third-party vendors but
    are unsuccessful in obtaining fixed software through their point of sale
    should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c
    /en/us/support/web/tsd-cisco-worldwide-contacts.html

    Customers should have the product serial number available and be prepared
    to provide the URL of this advisory as evidence of entitlement to a free
    upgrade.

    Fixed Releases

    Cisco fixed this vulnerability in the following Cisco products:

       RV132W ADSL2+ Wireless-N VPN Routers firmware releases 1.0.1.15 and
        later
       RV134W VDSL2 Wireless-AC VPN Routers firmware releases 1.0.1.21 and
        later

    To download the firmware updates from the Software Center on Cisco.com,
    click Browse all, choose Routers > Small Business Routers > Small Business
    RV Series Routers , and then choose the correct router model.

Exploitation and Public Announcements

  o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
    any public announcements or malicious use of the vulnerability that is
    described in this advisory.

Source

  o Cisco would like to thank Shizhi He of Wuhan University for reporting this
    vulnerability.

Cisco Security Vulnerability Policy

  o To learn about Cisco security vulnerability disclosure policies and
    publications, see the Security Vulnerability Policy . This document also
    contains instructions for obtaining fixed software and receiving security
    vulnerability information from Cisco.

URL

  o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-132w134w-overflow-Pptt4H2p

Revision History

  o +----------+---------------------------+----------+--------+--------------+
    | Version  |        Description        | Section  | Status |     Date     |
    +----------+---------------------------+----------+--------+--------------+
    | 1.0      | Initial public release.   | -        | Final  | 2021-MAR-17  |
    +----------+---------------------------+----------+--------+--------------+

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYFKcJeNLKJtyKPYoAQh4Ow//bWxg5DoY/ddpmsaLpka0PtmZpYoDNNrG
2xUu7nhjRs7SgUSJ/jZhVdlt+YJ+EJv84OQg9ctzySOGCOLQTNP8XMTUOsWH+hO7
1I9AE23XfuBoU8ghqQX1nYhca/Nt2haraEjXx/Sn66mRskGvxwkbJQI8mboj+f71
1DMN4o6uNJmz8qx7HgJgEQ9FbaI8cS8WqJ7WzLnQ3+zzAS1iFXLgS5Z9ubg9IVOt
wMdjU4pJbjjC4eoosjXRuhPaPLDQmey+8+o2kDiLg1NuRBkVNxV893QI3WEs1DVX
daCVgqv1AAR40wtjuoRhQBSmRiyu+LBwqm8S4eE4rMSogEhFDFCENSqe5gpp9Plc
YXqLfw8GCiu+GjuAdMNIgspHW/UCXivS9Op0saOilS24kjltktgK93wAY/YP8VwR
Ar38N5eKSFtdL1dw24R6ui7d01XQ6I113yRrUE9B+gHaG4zq8o7W08RTpIaV9aWo
2EZ0Zcq3zryW5/FrAeNn2LZrveGfRiyn6xEuDKyFYm9b72nEDbIJI1pcN7jNsvi6
hcxOF7h29THlzBpL4jXX8AgH1HF7zhHwIFHbXWgq8hv2ynJuwYEdpGRGN6OJQfNg
ftel9gDHrJ/cjDd86j42oyuYa1Q3ggIXGzGVjd+Ws9bWJeDInVB2EGGegVshzPrT
+I7hgapV9Cg=
=SU+p
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.0950 – [Cisco] Cisco Products: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/03/18/esb-2021-0950-cisco-cisco-products-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0950-cisco-cisco-products-multiple-vulnerabilities

ESB-2021.0949 – [Appliance] F5 Products: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0949
                BIG-IP APM VPN vulnerability CVE-2021-23002
                               18 March 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           BIG-IP APM
                   APM Clients
Publisher:         F5 Networks
Operating System:  Network Appliance
Impact/Access:     Access Confidential Data -- Existing Account
                   Reduced Security         -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-23002  

Original Bulletin: 
   https://support.f5.com/csp/article/K71891773

- --------------------------BEGIN INCLUDED TEXT--------------------

K71891773: BIG-IP APM VPN vulnerability CVE-2021-23002

Original Publication Date: 11 Mar, 2021
Latest   Publication Date: 18 Mar, 2021

Security Advisory Description

The session ID is visible in the arguments of the f5vpn.exe command when VPN is
launched from the browser on a Windows system. Addressing this issue requires
both the client and server fixes. (CVE-2021-23002)

Impact

An attacker with privileges to view the command line of the process may be able
to view the session ID. If the session ID is exposed to the attacker,
the attacker can use this information to launch further attacks.

Security Advisory Status

F5 Product Development has assigned IDs 937637, 976925, and 973177 (BIG-IP APM)
to this vulnerability.

To determine if your product and version have been evaluated for this
vulnerability, refer to the Applies to (see versions) box. To determine if your
release is known to be vulnerable, the components or features that are affected
by the vulnerability, and for information about releases, point releases, or
hotfixes that address the vulnerability, refer to the following table. For more
information about security advisory versioning, refer to K51812227:
Understanding security advisory versioning.

+--------------+------+----------+------------+----------+------+-------------+
|              |      |Versions  |Fixes       |          |CVSSv3|Vulnerable   |
|Product       |Branch|known to  |introduced  |Severity  |score^|component or |
|              |      |be        |in          |          |1     |feature      |
|              |      |vulnerable|            |          |      |             |
+--------------+------+----------+------------+----------+------+-------------+
|              |16.x  |16.0.0 -  |16.0.1.1 ^  |          |      |             |
|              |      |16.0.1    |2,4         |          |      |             |
|              +------+----------+------------+          |      |             |
|              |15.x  |15.1.0 -  |15.1.2.1 ^  |          |      |             |
|              |      |15.1.2    |2,3         |          |      |             |
|              +------+----------+------------+          |      |             |
|              |14.x  |14.1.0 -  |14.1.4 ^2,4 |          |      |             |
|              |      |14.1.3    |            |          |      |BIG-IP APM   |
|BIG-IP APM    +------+----------+------------+Medium    |6.1   |browser-based|
|              |13.x  |13.1.0 -  |13.1.3.6 ^  |          |      |VPN          |
|              |      |13.1.3    |2,4         |          |      |             |
|              +------+----------+------------+          |      |             |
|              |12.x  |12.1.0 -  |None        |          |      |             |
|              |      |12.1.5    |            |          |      |             |
|              +------+----------+------------+          |      |             |
|              |11.x  |11.6.1 -  |None        |          |      |             |
|              |      |11.6.5    |            |          |      |             |
+--------------+------+----------+------------+----------+------+-------------+
|              |      |7.2.1     |7.2.1.1^5   |          |      |BIG-IP APM   |
|APM Clients   |7.x   |7.1.9     |7.1.9.8^5   |Medium    |6.1   |browser-based|
|              |      |7.1.5 -   |7.1.8.5^5   |          |      |VPN          |
|              |      |7.1.8     |            |          |      |             |
+--------------+------+----------+------------+----------+------+-------------+
|              |16.x  |None      |Not         |          |      |             |
|              |      |          |applicable  |          |      |             |
|              +------+----------+------------+          |      |             |
|              |15.x  |None      |Not         |          |      |             |
|BIG-IP (LTM,  |      |          |applicable  |          |      |             |
|AAM, Advanced +------+----------+------------+          |      |             |
|WAF, AFM,     |14.x  |None      |Not         |          |      |             |
|Analytics,    |      |          |applicable  |Not       |      |             |
|ASM, DDHD,    +------+----------+------------+vulnerable|None  |None         |
|DNS, FPS, GTM,|13.x  |None      |Not         |          |      |             |
|Link          |      |          |applicable  |          |      |             |
|Controller,   +------+----------+------------+          |      |             |
|PEM, SSLO)    |12.x  |None      |Not         |          |      |             |
|              |      |          |applicable  |          |      |             |
|              +------+----------+------------+          |      |             |
|              |11.x  |None      |Not         |          |      |             |
|              |      |          |applicable  |          |      |             |
+--------------+------+----------+------------+----------+------+-------------+
|              |8.x   |None      |Not         |          |      |             |
|              |      |          |applicable  |          |      |             |
|BIG-IQ        +------+----------+------------+          |      |             |
|Centralized   |7.x   |None      |Not         |Not       |None  |None         |
|Management    |      |          |applicable  |vulnerable|      |             |
|              +------+----------+------------+          |      |             |
|              |6.x   |None      |Not         |          |      |             |
|              |      |          |applicable  |          |      |             |
+--------------+------+----------+------------+----------+------+-------------+
|Traffix SDC   |5.x   |None      |Not         |Not       |None  |None         |
|              |      |          |applicable  |vulnerable|      |             |
+--------------+------+----------+------------+----------+------+-------------+

^1The CVSSv3 score link takes you to a resource outside of AskF5, and it is
possible that the document may be removed without our knowledge.

^2In BIG-IP APM 13.1.0 and later, the APM Clients components can be updated
independently from BIG-IP software. For more information, refer to K52547540:
Updating BIG-IP Edge Client for the BIG-IP APM system.

^3BIG-IP APM 15.1.2.1 includes the server fix but does not include the client
fix. After upgrading or updating to BIG-IP 15.1.2.1, you must also update APM
Clients to a version listed in the Fixes introduced in column and install the
fix on the client side. To install the fix on the client side, you can set
Component Update to Yes in the affected Connectivity Profile OR redeploy and
install the browser VPN helper application on all users' client machines. For
more information, refer to K81649656: Overview of APM Clients update on BIG-IP
APM. 

^4BIG-IP APM 13.1.3.6, 14.1.4 and 16.0.1.1 are shipped with APM Clients version
7.1.8.5, which includes the client fix. You need to install this fix on the
client side. You can do so by setting Component Update to Yes in the affected
Connectivity Profile or redeploy and install the browser VPN helper application
on all users' client machines. For more information, refer to 
K81649656: Overview of APM Clients update on BIG-IP APM 

^5When you update APM Clients to 7.1.8.5, 7.1.9.8, or 7.2.1.1 listed in the
fixed column, you may encounter the known issue described in K25173042: Browser
network access VPN clients may not establish the first time after an APM
Clients auto update and K39454429: Browser network access VPN clients fail to
establish a VPN connection.

Recommended Actions

If you are running a version listed in the Versions known to be vulnerable
column, you can eliminate this vulnerability by upgrading to a version listed
in the Fixes introduced in column. If the table lists only an older version
than what you are currently running, or does not list a non-vulnerable version,
then no upgrade candidate currently exists.

Mitigation

To mitigate this vulnerability, you can use the BIG-IP Edge Client for VPN
access instead of the browser-based VPN.

Acknowledgements

F5 acknowledges Raeez Abdulla of CodeGreen Systems, UAE for bringing this issue
to our attention and for following the highest standards of coordinated
disclosure.

Supplemental Information

o K13757: BIG-IP Edge Client version matrix
  o K41942608: Overview of security advisory articles
  o K4602: Overview of the F5 security vulnerability response policy
  o K4918: Overview of the F5 critical issue hotfix policy
  o K9502: BIG-IP hotfix and point release matrix
  o K13123: Managing BIG-IP product hotfixes (11.x - 16.x)
  o K48955220: Installing an OPSWAT Endpoint Security update on BIG-IP APM
    systems (11.4.x and later)
  o K167: Downloading software and firmware from F5
  o K9970: Subscribing to email notifications regarding F5 products
  o K9957: Creating a custom RSS feed to view new and updated documents

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYFKYd+NLKJtyKPYoAQielhAAkyOCAyj9fWKUV5e8P+umI5LbDWY1DMdm
FDL/pB/NXsCUMKZYG/JPc38+lnFasmFYk3tMse+IbZXpCLvFHgeibpJvdTHIhc1r
160kqi3vuzqk7Z9GT6ChMhjOyfW9tMFMTAyUuSWxZoo7lvUCPFu3uXHFsv2i/81P
THJtLuBxQj0ech4NDKW/Gp+LH6JXr0K6hOqDCHSuuayWy4pMUWJBas5L6adWhngA
+7TCyt9vRSYCevJq9CwGdT0mDs1Jzs7mn5whe/jXfV+AOBaG/6tRqFIOhdvwDdKb
+yOS6hwtJLvaLvrRGnmi1uQwV3nji2U2xvIIvb1/ikKy0NdcKjv1EdBIzpLbX0yb
BylGoDrPrtK1NZasC7NqO4pFc4E7Mc05fCq5rizNF89Gx0QpORNq7wpqz+G1tOtS
5Hg5f5P2A3O0slmxU1M6gTgE78qYx7RasjROsPuZHmqVETNMnCcjvR0rE5p9lPkR
NqYchmlfb0j0XRrEGyFQNdT2/ViJqnF53FokTwUSFVawUgEXJPhp1YT+xErQ/IoS
CGg9jAJEvOdD4yX4hlpIpmzbFK5JmsG6xV04Qe+V5kHBazjVAx+2otbkWQhm6o1U
xxcf07BhIWJb4qExrOM5NU/avXwGMllCWa/+sBB5/2YNt0ymrSjuRMRLOwOreb8N
U3kzNCShWys=
=YiMM
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.0949 – [Appliance] F5 Products: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/03/18/esb-2021-0949-appliance-f5-products-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0949-appliance-f5-products-multiple-vulnerabilities

Network Security News Summary for Thursday March 18th, 2021

A brief daily summary of what is important in cybersecurity. The podcast is published every weekday and designed to get you ready for the day with a brief, usually about 5 minutes long, summary of current network security-related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Storm Center. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .

The post Network Security News Summary for Thursday March 18th, 2021 appeared first on Malware Devil.

https://malwaredevil.com/2021/03/18/network-security-news-summary-for-thursday-march-18th-2021/?utm_source=rss&utm_medium=rss&utm_campaign=network-security-news-summary-for-thursday-march-18th-2021

Mimecast Says SolarWinds Attackers Accessed its Source Code Repositories

But the amount of code downloaded is too little to be of any use, the email security vendor says in its latest update.

The post Mimecast Says SolarWinds Attackers Accessed its Source Code Repositories appeared first on Malware Devil.

https://malwaredevil.com/2021/03/17/mimecast-says-solarwinds-attackers-accessed-its-source-code-repositories-2/?utm_source=rss&utm_medium=rss&utm_campaign=mimecast-says-solarwinds-attackers-accessed-its-source-code-repositories-2

AttackIQ now supports Atomic Red Team

AttackIQ has added Atomic Red Team to our assessment library, bolstering our testing capabilities to further improve our customers’ security effectiveness.

The post AttackIQ now supports Atomic Red Team appeared first on AttackIQ.

The post AttackIQ now supports Atomic Red Team appeared first on Security Boulevard.

Read More

The post AttackIQ now supports Atomic Red Team appeared first on Malware Devil.

https://malwaredevil.com/2021/03/17/attackiq-now-supports-atomic-red-team/?utm_source=rss&utm_medium=rss&utm_campaign=attackiq-now-supports-atomic-red-team