Tech Vendors’ Lack of Security Transparency Worries Firms

A majority of firms say they’re more likely to buy from suppliers that are open about security issues — yet that sentiment isn’t necessarily reflected in the technology providers they’re currently working with.

An increasing number of companies have identified security assurance as a major consideration in their decisions to purchase hardware, software, and services — yet many vendors fall short, according to a report published this week by the Ponemon Institute.

Nearly two-thirds (64%) of those polled in the survey consider it very important for their technology providers to be transparent about vulnerabilities, security updates, and ways to patch security issues. But most vendors fail to offer that transparency, according to 47% of those respondents who said they’re not satisfied with the security information provided by vendors. Nearly three-quarters of those surveyed are more likely to purchase technologies and services from companies that prioritize the finding and patching of vulnerabilities and the communications of those security issues, the Intel-sponsored report states.

The survey seems to indicate companies are worried not only about their own security, but that of their suppliers as well, says Larry Ponemon, chairman and founder of the Ponemon Institute.

“There are so many choices, and the complexity of security has [grown] over the years. What use to be simple is now much harder … this may be a call for help,” he says. “Companies that do security very well are looking for something that gives them more confidence that, by investing in a specific technology, they will be getting the security they need.”

The report is based on a survey of 1,875 security staff from the US, the UK, EMEA, and Latin America who know their company’s technology-purchase policies. The most significant considerations when evaluating security technology is interoperability issues, installation costs, system complexity, vendor support, and scalability. Yet the technology provider’s security capabilities — finding and mitigating bugs — are very important as well, according to 66% of respondents. Yet less than half of vendors have this capability, the respondents stated.

The survey indicates a clear preference among businesses for technology partners that practice transparency and are proactive in tackling security issues, Intel said in a statement on the survey.

“Building security and privacy into products from concept to retirement is not only a strong development practice but also important to enable customers to understand their security posture and truly unleash the power of data,” the company stated.

Yet the research also seems to indicate that, while companies have a preference for more transparency, the factor may not be prioritized in buying decisions, or at least not in past transactions. Consistently, two-thirds or more of those surveyed rated transparency, vulnerability programs, and mitigation as very important capabilities for their technology providers, but less than half actually believed their current technology provider had those capabilities.

So are companies not happy with their current suppliers? Or do they want transparency but are not willing to fight their suppliers for it?

“It’s a combination of the two,” says Ponemon. “They see the lack of transparency in their universe and they know that causes all sorts of problems,” but they — for whatever reason — have not made it a priority to date.

Instead, some other factors seem to trump transparency in purchasing products. The two most important factors in endpoint and network IT solutions, according to the survey, are improved productivity and interoperability. The metrics used to measure the economic benefits of security technologies appear to support these priorities, with return on investment the most significant factor (58%), followed by the decrease in false positive rates (48%) and the total cost of ownership (46%) ranking as the most common considerations.

Ponemon sees the shift to more mature security programs, transparency on security issues, and collaboration with clients as part of a slow evolution for the industry.

“The industry has come a long way,” he says. “Ten years ago, if you talked about transparency, you would be laughed out on the street because [for the vendor] it was all about selling and making huge amounts of money. Now there is a general awakening in the industry that they have to collaborate with others and be a good player, and if you are not a good player, you will eventually be ostracized.”

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT’s Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline … View Full Bio

Recommended Reading:

Comment |

Email This |

Print |

RSS

More Insights

Webcasts
More Webcasts

White Papers

7 Experts on Implementing Microsoft Defender for Endpoint

IDC Workbook: Best Practices for Cloud Security

More White Papers

Reports

The Infoblox Q4 2020 Cyberthreat Intelligence Report

Are Unprotected Cloud Databases Leaking Your Data?

More Reports

The post Tech Vendors’ Lack of Security Transparency Worries Firms appeared first on Malware Devil.

https://malwaredevil.com/2021/03/18/tech-vendors-lack-of-security-transparency-worries-firms/?utm_source=rss&utm_medium=rss&utm_campaign=tech-vendors-lack-of-security-transparency-worries-firms

Facebook Expands Security Key Support to iOS & Android

Facebook’s announcement arrives the same week Twitter enabled support for multiple security keys on user accounts.

Facebook today announced global support for security keys on iOS and Android, underscoring a broader trend of social media companies expanding secure login options for high-risk accounts.

A physical security key notifies its user when someone tries to access their account from an unfamiliar browser or device. Its use is encouraged for people at higher risk of being targeted by cybercriminals, such as public figures, politicians, human rights activists, and journalists.

Facebook has provided support for physical security keys on desktop since 2017; now, it’s bringing that support to mobile. The news arrives as more people access Facebook via mobile devices in general; especially the high-risk populations for whom security keys are designed.

“We see threat actors increasingly target high-value or highly targeted users, whether we’re talking about journalists, activists, politicians or campaigns … to take them down, embarrass them, impersonate them, also to steal their information and use that to facilitate some type of influence operations,” says Nathaniel Gleicher, Facebook’s head of security policy.

Many of these targeted communities live on mobile, and it’s where they interact with Facebook most, Gleicher continues.

Among the target groups are senior government officials and senior company officials, he says, a sign that physical security keys should play a role in enterprise security. Cybercriminals after a specific individual will target not only their business accounts, but personal accounts as well. An attacker with access to a personal social media account can unearth sensitive information they could use to expose or blackmail the target or learn more details about their professional lives.

“If you are a senior official at a company, if you are a senior official on a board, if you are a senior government official, remember that your personal accounts are just as likely to be targeted as your official ones,” Gleicher says.

Ant Allan, research vice president for Gartner, says the company is seeing greater support for security keys among service providers, and more people are using them — though overall adoption is still niche. He says the greatest interest among clients is in FIDO2 security keys. Facebook supports the Universal 2nd Factor (U2F) protocol; FIDO2 is a further development of the U2F protocol.

“Our projection is that FIDO2 … will be increasingly significant over the next two to three years,” Allan says. “Enterprise adoption will be significantly encouraged by Microsoft’s support for FIDO2 in Windows 10 and Azure AD Premium.”

Adoption of security keys may have increased, but their user base remains small. Physical security keys, while a strong form of protection, have the reputation of being difficult to use or intimidating for most everyday users. The goal of Facebook’s announcement is not to get all people to adopt a security key but to make them more accessible to those at highest risk.

“The percentage of people that use security keys is always going to be a small percentage,” Gleicher says. “It is a burden to use a security key; it is a choice that you make.” Some might prefer two-factor authentication for an app-generated code or rely on a password manager.

“I do think it’s important that people should adapt the security profile that make the most sense for the risk that they face, and we don’t need everyone to adapt security keys to call that a win,” he adds.

How to Use It
Security keys can be bought directly from any company that makes them — Facebook doesn’t — and used with Bluetooth or by directly plugging it into your phone. They can be enrolled in two-factor authentication by going to Settings > Security and Login. Facebook doesn’t require a specific brand or implementation of key, and the same key can be used across multiple services.

What’s Next for Physical Security Keys?
Facebook’s news is a few months behind Twitter, which announced in December it was giving account holders the option to log in with a physical security key on Android and iOS, in addition to desktop. Twitter reported this week it will now provide the option to enroll and log in with multiple keys for both Web and mobile. Before, users were limited to one key per account.

Soon, Twitter says users will have the option to add and use security keys as their only authentication method, without other methods turned on.

“This is really important,” says Allan of the option to exclusively use the security key to log in. “There’s little point in investing in a robust authentication mechanism like FIDO2 (with or without security keys) if you leave [out-of-band] SMS switched on and available for an attacker to exploit.”

While much of the hype is around security keys, given the shift away from hardware tokens over the past 20 years, Gartner’s projection is that FIDO2-enabled phones will be more common in the future. A FIDO2 internal authenticator will support access from the phone, and the FIDO2-enabled phone will serve as an external authenticator to support access from other devices.

“While a FIDO2 security key provides more confidence than a FIDO2 internal authenticator, it’s not clear that that’s justified for social media or for most enterprise use cases,” Allan says. What’s more, he adds, is the cost of security keys could be a barrier to adoption, in addition to the inconvenience of having to carry a key all the time and run the risk of losing it.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial … View Full Bio

Recommended Reading:

Comment |

Email This |

Print |

RSS

More Insights

Webcasts

Advancing the Hybrid Cloud & App Modernization Journey with IBM

More Webcasts

White Papers

7 Experts on Implementing Microsoft Defender for Endpoint

The Dark Side of SD-WAN

More White Papers

Reports

Tech Insights: Detecting and Preventing Insider Data Leaks

How Data Breaches Affect the Enterprise (2020)

More Reports

The post Facebook Expands Security Key Support to iOS & Android appeared first on Malware Devil.

https://malwaredevil.com/2021/03/18/facebook-expands-security-key-support-to-ios-android/?utm_source=rss&utm_medium=rss&utm_campaign=facebook-expands-security-key-support-to-ios-android

🔴 LIVE: Paul’s Security Weekly #687

This week, first we welcome Dan DeCloss, Founder and CEO of PlexTrac, then we jump right into this week’s Security News, and we close out the show with a special premiere of the first episode of our new Podcast Mini Series with PlexTrac: Getting The Real Work Done in Cybersecurity!

→Full Show Notes: https://securityweekly.com/psw687
→Join the Security Weekly Discord Server: https://discord.gg/pqSwWm4
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly

The post 🔴 LIVE: Paul’s Security Weekly #687 appeared first on Malware Devil.

https://malwaredevil.com/2021/03/18/%f0%9f%94%b4-live-pauls-security-weekly-687/?utm_source=rss&utm_medium=rss&utm_campaign=%25f0%259f%2594%25b4-live-pauls-security-weekly-687

Fiserv Forgets to Buy Domain It Used as System Default

Fintech security provider Fiserv acknowledges it used unregistered domain as default email.
Read More

The post Fiserv Forgets to Buy Domain It Used as System Default appeared first on Malware Devil.

https://malwaredevil.com/2021/03/18/fiserv-forgets-to-buy-domain-it-used-as-system-default/?utm_source=rss&utm_medium=rss&utm_campaign=fiserv-forgets-to-buy-domain-it-used-as-system-default

2021-03-17 – TA551 (Shathak) Italian template Word docs push Ursnif/Gozi/ISFB

The post 2021-03-17 – TA551 (Shathak) Italian template Word docs push Ursnif/Gozi/ISFB appeared first on Malware Devil.

https://malwaredevil.com/2021/03/18/2021-03-17-ta551-shathak-italian-template-word-docs-push-ursnif-gozi-isfb/?utm_source=rss&utm_medium=rss&utm_campaign=2021-03-17-ta551-shathak-italian-template-word-docs-push-ursnif-gozi-isfb

2021-03-18 – Hancitor (Chanitor) activity (MAN1/Moskalvzapoe/TA511)

The post 2021-03-18 – Hancitor (Chanitor) activity (MAN1/Moskalvzapoe/TA511) appeared first on Malware Devil.

https://malwaredevil.com/2021/03/18/2021-03-18-hancitor-chanitor-activity-man1-moskalvzapoe-ta511/?utm_source=rss&utm_medium=rss&utm_campaign=2021-03-18-hancitor-chanitor-activity-man1-moskalvzapoe-ta511

Trojanized Xcode Project Slips MacOS Malware to Apple Developers

In a new campaign, threat actors are bundling macOS malware in trojanized Apple Xcode developer projects.
Read More

The post Trojanized Xcode Project Slips MacOS Malware to Apple Developers appeared first on Malware Devil.

https://malwaredevil.com/2021/03/18/trojanized-xcode-project-slips-macos-malware-to-apple-developers/?utm_source=rss&utm_medium=rss&utm_campaign=trojanized-xcode-project-slips-macos-malware-to-apple-developers

Maximize ROI with Greater Efficacy Using Unsupervised AI

Within the first 24 hours after deployment, MixMode had enabled the government entity to regain control over the security environment and network data infrastructure. No longer limited to log data analysis, they were able to identify and address real-time threats as well as network and operational configuration challenges.

The post Maximize ROI with Greater Efficacy Using Unsupervised AI appeared first on Security Boulevard.

Read More

The post Maximize ROI with Greater Efficacy Using Unsupervised AI appeared first on Malware Devil.

https://malwaredevil.com/2021/03/18/maximize-roi-with-greater-efficacy-using-unsupervised-ai/?utm_source=rss&utm_medium=rss&utm_campaign=maximize-roi-with-greater-efficacy-using-unsupervised-ai

Women’s History Month: Making Mentorship Meaningful

This month is a perfect opportunity for us to take a step back and think about what role we want to play as women in the technology sector.

Twenty years ago, I had just left one male-dominated industry (sports broadcasting) for another (technology). Fresh into my career in Silicon Valley, I met a colleague who would change my outlook on work forever. She taught me how to handle difficult meetings, how to have fun at work, and how to approach things with a smile and always keep my cool. Tracy Eiler, now the CMO at Alation, was my mentor; I still carry her advice with me years later in my career.

As women in tech, we both needed each other — to share ideas, to talk about the struggles of being the only women in the room, and for the everyday comradery that made us feel part of something bigger. Especially during Women’s History Month, I’m here to tell you that a good mentor can be life-changing and show you how to find and maintain that relationship.

Research from ISACA found that the leading barriers experienced by women in tech are lack of mentorship and lack of female role models — that’s above unequal pay, gender bias, and uneven growth opportunities. But it isn’t surprising when you consider that 9 in 10 workers who have a career mentor are happy in their jobs, while 4 in 10 workers without a mentor recently considered quitting, according to CNBC’s 2019 Workplace Happiness survey. Throw in the fact that we are now totally isolated from our colleagues during the pandemic, and the desire for good mentorship goes through the roof.

I can tell you from experience that these relationships are mutually beneficial. I’ve kept in touch with colleagues from my sportscaster days all the way through my years in Silicon Valley and now have a wide network of folks that are just a phone call away — men and women to whom I’ve been able to give opportunities and who have since achieved so much.

Don’t Be Shy
The first thing I’ll say about being a mentee or mentor is to never, ever wait around for someone to approach you. Find a person you admire and pursue them as a mentor. When I met Tracy, she was several levels above me in the company. I approached her and asked if I could learn from her. Take the initiative. Think about the person in (or out) of your organization with whom you’d like to connect. If you don’t have a formal mentorship program at your company, I encourage you to challenge the status quo and forge those connections yourself.

Just Keep Chatting
There’s a group chat on my iPhone between myself and several other CMOs where we connect with one another on a regular basis. I can’t tell you how many times that group chat has helped me think through a complex situation or simply get through a loaded afternoon of meetings. Emotional support is an amazing benefit of mentorships, and it goes both ways. You’d be surprised how mutually beneficial emotional support can be, especially in our new remote work environment. We’re not seeing each other in the hallway or in the kitchen anymore, which means it’s really important to keep the conversation going in whatever way we can. Sometimes that’s a group text with colleagues or peers, sometimes it’s a monthly video call, and other times it’s sending a one-off email to keep that connection going. Setting up continuous chatter between you and a mentor or mentee will help build trust and knock down walls to allow for deeper connection and long-term growth.

Pay It Forward
Successful people help other people become successful. One of the first things Tracy told me after I was hired at Business Objects, the company at which we worked together, was that I now had an obligation to give another person without the perfect resume and experience a chance. I’ve carried that advice with me throughout my career. I always look for someone I think can do the job but may not be a perfect fit on paper. Tracy taught me to appreciate the opportunity I was given and to pay it forward. No matter what your professional title may be, you can always offer to provide feedback to women around you: Offer feedback on resumes, role-play promotion discussions, give their presentation a proofread. I promise you won’t regret it; there is no greater feeling than seeing those you’ve helped achieve their goals and succeed.

Mental health experts preach the role of good friendships — personal or professional — in warding off loneliness, depression, and anxiety. Even before the pandemic, 61% of Americans reported feeling lonely, and that loneliness results in “less engagement, less productivity, and lower retention levels” at a business level. I imagine the loneliness phenomenon has only multiplied since the start of social distancing.

Investing in a solution to the issue of isolation will require companies to “put their money where their mouth is” and put time and resources into mentorship initiatives. A year after he co-founded Exabeam, our CEO, Nir Polak, started a program to support and empower women at the company and within the greater tech community. The program offers career development, industry education, and personal growth opportunities for women in the tech field. Programs such as this one are a way for women to meet and develop mentor relationships, and any organization that sets up a similar program would enhance company culture and help attract the best female talent in the industry.

In homage to women’s history, the month of March is a perfect opportunity for us to take a step back and think about what role we want to play as women in the technology sector. I’d be willing to bet most of us want to be a Tracy Eiler: someone who invests in the women around us, helping them succeed and fostering mentorships that matter. So, reach out, and stay connected.

Sherry Lowe leads the global marketing organization for Exabeam as CMO. Sherry is a 20-year veteran of tech companies in Silicon Valley. Prior to joining Exabeam, she was most recently the CMO of Expanse, acquired by Palo Alto Networks. Before Expanse, Sherry was the CMO of … View Full Bio

Recommended Reading:

Comment |

Email This |

Print |

RSS

More Insights

Webcasts
More Webcasts

White Papers

7 Experts on Implementing Microsoft Defender for Endpoint

A Guide to Build vs Buy Service Models for Threat Detection and Response

More White Papers

Reports

Intelligent Outcomes Are Key to Business Resilience

The Malware Threat Landscape

More Reports

The post Women’s History Month: Making Mentorship Meaningful appeared first on Malware Devil.

https://malwaredevil.com/2021/03/18/womens-history-month-making-mentorship-meaningful/?utm_source=rss&utm_medium=rss&utm_campaign=womens-history-month-making-mentorship-meaningful

ESB-2021.0957 – [SUSE] crmsh: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0957
                         Security update for crmsh
                               18 March 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           crmsh
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Execute Arbitrary Code/Commands -- Existing Account
                   Increased Privileges            -- Existing Account
                   Reduced Security                -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-3020 CVE-2020-35459 

Reference:         ESB-2021.0895
                   ESB-2021.0296

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2021/suse-su-20210806-1

- --------------------------BEGIN INCLUDED TEXT--------------------

SUSE Security Update: Security update for crmsh

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:0806-1
Rating:            important
References:        #1154927 #1178454 #1178869 #1179999 #1180137 #1180571
                   #1180688
Cross-References:  CVE-2020-35459 CVE-2021-3020
Affected Products:
                   SUSE Linux Enterprise High Availability 15
______________________________________________________________________________

An update that solves two vulnerabilities, contains one feature and has 5 fixes
is now available.

Description:

This update for crmsh fixes the following issues:

  o Update to version 4.3.0+20210219.5d1bf034: * Fix: hb_report: walk through
    hb_report process under hacluster(CVE-2020-35459, bsc#1179999;
    CVE-2021-3020, bsc#1180571) * Fix: bootstrap: setup authorized ssh access
    for hacluster(CVE-2020-35459, bsc#1179999; CVE-2021-3020, bsc#1180571) *
    Dev: analyze: Add analyze sublevel and put preflight_check in it(jsc#
    ECO-1658) * Dev: utils: change default file mod as 644 for str2file
    function * Dev: hb_report: Detect if any ocfs2 partitions exist * Dev:
    lock: give more specific error message when raise ClaimLockError * Fix:
    Replace mktemp() to mkstemp() for security * Fix: Remove the duplicate
    --cov-report html in tox. * Fix: fix some lint issues. * Fix: Replace
    utils.msg_info to task.info * Fix: Solve a circular import error of
    utils.py * Fix: hb_report: run lsof with specific ocfs2 device(bsc#1180688)
    * Dev: corosync: change the permission of corosync.conf to 644 * Fix:
    preflight_check: task: raise error when report_path isn't a directory *
    Fix: bootstrap: Use class Watchdog to simplify watchdog config(bsc#1154927,
    bsc#1178869) * Dev: Polish the sbd feature. * Dev: Replace -f with -c and
    run check when no parameter provide. * Fix: Fix the yes option not working
    * Fix: Remove useless import and show help when no input. * Dev: Correct
    SBD device id inconsistenc during ASR * Fix: completers: return complete
    start/stop resource id list correctly(bsc#1180137) * Dev: Makefile.am:
    change makefile to integrate preflight_check * Medium: integrate
    preflight_check into crmsh(jsc#ECO-1658) * Fix: bootstrap: make sure sbd
    device UUID was the same between nodes(bsc#1178454)

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise High Availability 15:
    zypper in -t patch SUSE-SLE-Product-HA-15-2021-806=1

Package List:

  o SUSE Linux Enterprise High Availability 15 (noarch):
       crmsh-4.3.0+20210219.5d1bf034-3.62.3
       crmsh-scripts-4.3.0+20210219.5d1bf034-3.62.3


References:

  o https://www.suse.com/security/cve/CVE-2020-35459.html
  o https://www.suse.com/security/cve/CVE-2021-3020.html
  o https://bugzilla.suse.com/1154927
  o https://bugzilla.suse.com/1178454
  o https://bugzilla.suse.com/1178869
  o https://bugzilla.suse.com/1179999
  o https://bugzilla.suse.com/1180137
  o https://bugzilla.suse.com/1180571
  o https://bugzilla.suse.com/1180688

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYFLkyONLKJtyKPYoAQhb7w/+MHKsgVsccNVdcyYbW1wuQtteHCBFXl3y
fgGW3Q+yl8ubVqnypHymI0wffydrBNRDjjBTE+C0fjLlWB3u9yFZObW5G/rBLnq3
6SkT/OXREveyvGN1/dGRr1uYFqQETBp02jFkxlRow4DW+O0/bE4ISvoEExXDv4xs
zkfctXglWlB7wiPeKjiBXqQgtbBBPGPY5WKoB0TCjMItiS+0ku+nlEs5TFjW/NaN
hj1XTTWD/39RowcdI6MXyYRprQvekBfB02TxLIIROjmkgnnQvRhiEMsWHx49gXLJ
vbfoisV39JI+fdBLM9PfnYn6pSiOksoK5w3zPLwMemo6QFuaaziFlmcdL2ONDi+z
UhQTDj/3qmcJO4pbGasrQzTIYBUQHEEvFtNS4w65eqtdCxmZzTV62ZSrEtRd4ALu
GIz2v+mV5GWWq4dpnF5hGRlwSU9qi9PFih1N3H3Iksk47sIgf8FPyLQFcn9k3MxC
zdHaBOVqhDjtXTL/FZP9SUZECFOI98Dw0r2QfxvXSqXcZ6ZZexRwh87Zr+PiU4QN
hIbCtGHkna50flL4AOqlsNOVSnTYgY6yel/sLTHUZ+LcwGtuUJ/1AnCINf2cG4ES
7DR3pRMHC8h1sYNs6qizAyNpN41msNVISGCmd4XjeOeNANq4Rux53QYaVokXEQWI
NyENhO60lLY=
=Dah0
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.0957 – [SUSE] crmsh: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/03/18/esb-2021-0957-suse-crmsh-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0957-suse-crmsh-multiple-vulnerabilities

ESB-2021.0956 – [SUSE] php53: Denial of service – Remote/unauthenticated

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0956
                         Security update for php53
                               18 March 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           php53
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Denial of Service -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-21702  

Reference:         ESB-2021.0704

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2021/suse-su-202114668-1

- --------------------------BEGIN INCLUDED TEXT--------------------

SUSE Security Update: Security update for php53

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:14668-1
Rating:            important
References:        #1182049
Cross-References:  CVE-2021-21702
Affected Products:
                   SUSE Linux Enterprise Server 11-SP4-LTSS
                   SUSE Linux Enterprise Point of Sale 11-SP3
                   SUSE Linux Enterprise Debuginfo 11-SP4
                   SUSE Linux Enterprise Debuginfo 11-SP3
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for php53 fixes the following issues:

  o CVE-2021-21702 [bsc#1182049]: NULL pointer dereference in SoapClient

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Server 11-SP4-LTSS:
    zypper in -t patch slessp4-php53-14668=1
  o SUSE Linux Enterprise Point of Sale 11-SP3:
    zypper in -t patch sleposp3-php53-14668=1
  o SUSE Linux Enterprise Debuginfo 11-SP4:
    zypper in -t patch dbgsp4-php53-14668=1
  o SUSE Linux Enterprise Debuginfo 11-SP3:
    zypper in -t patch dbgsp3-php53-14668=1

Package List:

  o SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64):
       apache2-mod_php53-5.3.17-112.99.2
       php53-5.3.17-112.99.2
       php53-bcmath-5.3.17-112.99.2
       php53-bz2-5.3.17-112.99.2
       php53-calendar-5.3.17-112.99.2
       php53-ctype-5.3.17-112.99.2
       php53-curl-5.3.17-112.99.2
       php53-dba-5.3.17-112.99.2
       php53-dom-5.3.17-112.99.2
       php53-exif-5.3.17-112.99.2
       php53-fastcgi-5.3.17-112.99.2
       php53-fileinfo-5.3.17-112.99.2
       php53-ftp-5.3.17-112.99.2
       php53-gd-5.3.17-112.99.2
       php53-gettext-5.3.17-112.99.2
       php53-gmp-5.3.17-112.99.2
       php53-iconv-5.3.17-112.99.2
       php53-intl-5.3.17-112.99.2
       php53-json-5.3.17-112.99.2
       php53-ldap-5.3.17-112.99.2
       php53-mbstring-5.3.17-112.99.2
       php53-mcrypt-5.3.17-112.99.2
       php53-mysql-5.3.17-112.99.2
       php53-odbc-5.3.17-112.99.2
       php53-openssl-5.3.17-112.99.2
       php53-pcntl-5.3.17-112.99.2
       php53-pdo-5.3.17-112.99.2
       php53-pear-5.3.17-112.99.2
       php53-pgsql-5.3.17-112.99.2
       php53-pspell-5.3.17-112.99.2
       php53-shmop-5.3.17-112.99.2
       php53-snmp-5.3.17-112.99.2
       php53-soap-5.3.17-112.99.2
       php53-suhosin-5.3.17-112.99.2
       php53-sysvmsg-5.3.17-112.99.2
       php53-sysvsem-5.3.17-112.99.2
       php53-sysvshm-5.3.17-112.99.2
       php53-tokenizer-5.3.17-112.99.2
       php53-wddx-5.3.17-112.99.2
       php53-xmlreader-5.3.17-112.99.2
       php53-xmlrpc-5.3.17-112.99.2
       php53-xmlwriter-5.3.17-112.99.2
       php53-xsl-5.3.17-112.99.2
       php53-zip-5.3.17-112.99.2
       php53-zlib-5.3.17-112.99.2
  o SUSE Linux Enterprise Point of Sale 11-SP3 (i586):
       apache2-mod_php53-5.3.17-112.99.2
       php53-5.3.17-112.99.2
       php53-bcmath-5.3.17-112.99.2
       php53-bz2-5.3.17-112.99.2
       php53-calendar-5.3.17-112.99.2
       php53-ctype-5.3.17-112.99.2
       php53-curl-5.3.17-112.99.2
       php53-dba-5.3.17-112.99.2
       php53-dom-5.3.17-112.99.2
       php53-exif-5.3.17-112.99.2
       php53-fastcgi-5.3.17-112.99.2
       php53-fileinfo-5.3.17-112.99.2
       php53-ftp-5.3.17-112.99.2
       php53-gd-5.3.17-112.99.2
       php53-gettext-5.3.17-112.99.2
       php53-gmp-5.3.17-112.99.2
       php53-iconv-5.3.17-112.99.2
       php53-intl-5.3.17-112.99.2
       php53-json-5.3.17-112.99.2
       php53-ldap-5.3.17-112.99.2
       php53-mbstring-5.3.17-112.99.2
       php53-mcrypt-5.3.17-112.99.2
       php53-mysql-5.3.17-112.99.2
       php53-odbc-5.3.17-112.99.2
       php53-openssl-5.3.17-112.99.2
       php53-pcntl-5.3.17-112.99.2
       php53-pdo-5.3.17-112.99.2
       php53-pear-5.3.17-112.99.2
       php53-pgsql-5.3.17-112.99.2
       php53-pspell-5.3.17-112.99.2
       php53-shmop-5.3.17-112.99.2
       php53-snmp-5.3.17-112.99.2
       php53-soap-5.3.17-112.99.2
       php53-suhosin-5.3.17-112.99.2
       php53-sysvmsg-5.3.17-112.99.2
       php53-sysvsem-5.3.17-112.99.2
       php53-sysvshm-5.3.17-112.99.2
       php53-tokenizer-5.3.17-112.99.2
       php53-wddx-5.3.17-112.99.2
       php53-xmlreader-5.3.17-112.99.2
       php53-xmlrpc-5.3.17-112.99.2
       php53-xmlwriter-5.3.17-112.99.2
       php53-xsl-5.3.17-112.99.2
       php53-zip-5.3.17-112.99.2
       php53-zlib-5.3.17-112.99.2
  o SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64):
       php53-debuginfo-5.3.17-112.99.2
       php53-debugsource-5.3.17-112.99.2
  o SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64):
       php53-debuginfo-5.3.17-112.99.2
       php53-debugsource-5.3.17-112.99.2


References:

  o https://www.suse.com/security/cve/CVE-2021-21702.html
  o https://bugzilla.suse.com/1182049

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYFLkvONLKJtyKPYoAQgpPQ//RK9+4HiX+dl5yhF7CHk7Q1JFWaJtfQCn
uwzn32De12d1f3E9paoB0837svWM99TUW/nSzmmvGRcwPERvO0ynaFbQ6eYYlT9H
HYvuv4Q00vYQsNb8W5FmuTfKFGWercM22DYxopH/l7+zpn8kI1g+02OuyMidW2St
yWOSbwf0cSAagQmxz4dqH1UjGQg0Q3L9xX/AqluVDBNXcINEE2GAnacDdHwrSg9H
EW79mFUVJ887vswdV0dpxm9VJrk8czt/mMFCRnxLgwRrhsp9Pi7cRkgmJb6anwlx
eQUGZRowMmQe7X4iSZjdEix+vEuTBgz5RzaTTUe1F/fKf/3MKvou4ayN+CTAgaIg
Hl35hCMmeBg61hlnHtCiGQFbiryQvD5AHEUyqD1uFBbdd5cSSwZ8NG8/de8B5x8Y
fw7h4mWnNB5/cRZyQ6NQk13iEdB6tCVsGwvmAIE7GJCxRnfM60bQr//5SZcyF9fT
omPNliVBoZEVElsUgLI25B+DIYqK3O/MWVex8qkeCCc+iYAhJ2DeW8lAtn2J97jh
oC0DvQmpYGfQm8TZ8zyLt6vMPG6OLxjkHitH2SOT6iOdeArS1RDRJqeQtCPihJPa
iaQOPnRIOfNgRJlcW2ejbZjCvslNEt8H9MlwusUneMCxSfD1sP0curVQyj5IXYfH
rcn7pKjgH2c=
=VmXl
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.0956 – [SUSE] php53: Denial of service – Remote/unauthenticated appeared first on Malware Devil.

https://malwaredevil.com/2021/03/18/esb-2021-0956-suse-php53-denial-of-service-remote-unauthenticated/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0956-suse-php53-denial-of-service-remote-unauthenticated

ESB-2021.0955 – [SUSE] linux kernel: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0955
                   Security update for the Linux Kernel
                               18 March 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           linux kernel
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Root Compromise                 -- Existing Account      
                   Execute Arbitrary Code/Commands -- Existing Account      
                   Overwrite Arbitrary Files       -- Existing Account      
                   Denial of Service               -- Existing Account      
                   Access Confidential Data        -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-3347 CVE-2021-0342 CVE-2020-29368
                   CVE-2020-28374 CVE-2020-27786 CVE-2020-25645
                   CVE-2020-1749 CVE-2020-0429 

Reference:         ESB-2021.0924
                   ESB-2021.0920
                   ESB-2021.0861
                   ESB-2021.0837

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2021/suse-su-20210870-1
   https://www.suse.com/support/update/announcement/2021/suse-su-20210868-1
   https://www.suse.com/support/update/announcement/2021/suse-su-20210864-1
   https://www.suse.com/support/update/announcement/2021/suse-su-20210853-1
   https://www.suse.com/support/update/announcement/2021/suse-su-20210859-1
   https://www.suse.com/support/update/announcement/2021/suse-su-20210818-1
   https://www.suse.com/support/update/announcement/2021/suse-su-20210809-1
   https://www.suse.com/support/update/announcement/2021/suse-su-20210849-1
   https://www.suse.com/support/update/announcement/2021/suse-su-20210842-1
   https://www.suse.com/support/update/announcement/2021/suse-su-20210835-1
   https://www.suse.com/support/update/announcement/2021/suse-su-20210826-1
   https://www.suse.com/support/update/announcement/2021/suse-su-20210869-1
   https://www.suse.com/support/update/announcement/2021/suse-su-20210841-1
   https://www.suse.com/support/update/announcement/2021/suse-su-20210840-1
   https://www.suse.com/support/update/announcement/2021/suse-su-20210808-1

Comment: This bulletin contains fifteen (15) SUSE security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

SUSE Security Update: Security update for the Linux Kernel (Live Patch 36 for
SLE 12 SP2)

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:0870-1
Rating:            important
References:        #1178684 #1179616 #1181553
Cross-References:  CVE-2020-27786 CVE-2020-28374 CVE-2021-3347
Affected Products:
                   SUSE OpenStack Cloud 7
                   SUSE Linux Enterprise Server for SAP 12-SP3
                   SUSE Linux Enterprise Server for SAP 12-SP2
                   SUSE Linux Enterprise Server 12-SP3-LTSS
                   SUSE Linux Enterprise Server 12-SP2-LTSS
______________________________________________________________________________

An update that fixes three vulnerabilities is now available.

Description:

This update for the Linux Kernel 4.4.121-92_138 fixes several issues.
The following security issues were fixed:

  o CVE-2021-3347: Fixed a use-after-free in the PI futexes during fault
    handling, allowing local users to execute code in the kernel (bsc#1181553).
  o CVE-2020-27786: Fixed a potential user after free which could have led to
    memory corruption or privilege escalation (bsc#1179616).
  o CVE-2020-28374: Fixed insufficient identifier checking in the LIO SCSI
    target code which could have been used by remote attackers to read or write
    files via directory traversal in an XCOPY request (bsc#1178684).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE OpenStack Cloud 7:
    zypper in -t patch SUSE-OpenStack-Cloud-7-2021-870=1
  o SUSE Linux Enterprise Server for SAP 12-SP3:
    zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-829=1
    SUSE-SLE-SAP-12-SP3-2021-830=1 SUSE-SLE-SAP-12-SP3-2021-831=1
    SUSE-SLE-SAP-12-SP3-2021-832=1 SUSE-SLE-SAP-12-SP3-2021-833=1
    SUSE-SLE-SAP-12-SP3-2021-834=1
  o SUSE Linux Enterprise Server for SAP 12-SP2:
    zypper in -t patch SUSE-SLE-SAP-12-SP2-2021-836=1
    SUSE-SLE-SAP-12-SP2-2021-837=1 SUSE-SLE-SAP-12-SP2-2021-838=1
    SUSE-SLE-SAP-12-SP2-2021-839=1 SUSE-SLE-SAP-12-SP2-2021-870=1
  o SUSE Linux Enterprise Server 12-SP3-LTSS:
    zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-829=1
    SUSE-SLE-SERVER-12-SP3-2021-830=1 SUSE-SLE-SERVER-12-SP3-2021-831=1
    SUSE-SLE-SERVER-12-SP3-2021-832=1 SUSE-SLE-SERVER-12-SP3-2021-833=1
    SUSE-SLE-SERVER-12-SP3-2021-834=1
  o SUSE Linux Enterprise Server 12-SP2-LTSS:
    zypper in -t patch SUSE-SLE-SERVER-12-SP2-2021-836=1
    SUSE-SLE-SERVER-12-SP2-2021-837=1 SUSE-SLE-SERVER-12-SP2-2021-838=1
    SUSE-SLE-SERVER-12-SP2-2021-839=1 SUSE-SLE-SERVER-12-SP2-2021-870=1

Package List:

  o SUSE OpenStack Cloud 7 (x86_64):
       kgraft-patch-4_4_121-92_138-default-7-2.2
  o SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64):
       kgraft-patch-4_4_180-94_116-default-8-2.2
       kgraft-patch-4_4_180-94_116-default-debuginfo-8-2.2
       kgraft-patch-4_4_180-94_121-default-7-2.2
       kgraft-patch-4_4_180-94_121-default-debuginfo-7-2.2
       kgraft-patch-4_4_180-94_124-default-7-2.2
       kgraft-patch-4_4_180-94_124-default-debuginfo-7-2.2
       kgraft-patch-4_4_180-94_127-default-7-2.2
       kgraft-patch-4_4_180-94_127-default-debuginfo-7-2.2
       kgraft-patch-4_4_180-94_130-default-6-2.2
       kgraft-patch-4_4_180-94_130-default-debuginfo-6-2.2
       kgraft-patch-4_4_180-94_135-default-4-2.2
       kgraft-patch-4_4_180-94_135-default-debuginfo-4-2.2
  o SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64):
       kgraft-patch-4_4_121-92_129-default-9-2.2
       kgraft-patch-4_4_121-92_135-default-7-2.2
       kgraft-patch-4_4_121-92_138-default-7-2.2
       kgraft-patch-4_4_121-92_141-default-6-2.2
       kgraft-patch-4_4_121-92_146-default-4-2.2
  o SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64):
       kgraft-patch-4_4_180-94_116-default-8-2.2
       kgraft-patch-4_4_180-94_116-default-debuginfo-8-2.2
       kgraft-patch-4_4_180-94_121-default-7-2.2
       kgraft-patch-4_4_180-94_121-default-debuginfo-7-2.2
       kgraft-patch-4_4_180-94_124-default-7-2.2
       kgraft-patch-4_4_180-94_124-default-debuginfo-7-2.2
       kgraft-patch-4_4_180-94_127-default-7-2.2
       kgraft-patch-4_4_180-94_127-default-debuginfo-7-2.2
       kgraft-patch-4_4_180-94_130-default-6-2.2
       kgraft-patch-4_4_180-94_130-default-debuginfo-6-2.2
       kgraft-patch-4_4_180-94_135-default-4-2.2
       kgraft-patch-4_4_180-94_135-default-debuginfo-4-2.2
  o SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le x86_64):
       kgraft-patch-4_4_121-92_129-default-9-2.2
       kgraft-patch-4_4_121-92_135-default-7-2.2
       kgraft-patch-4_4_121-92_138-default-7-2.2
       kgraft-patch-4_4_121-92_141-default-6-2.2
       kgraft-patch-4_4_121-92_146-default-4-2.2


References:

  o https://www.suse.com/security/cve/CVE-2020-27786.html
  o https://www.suse.com/security/cve/CVE-2020-28374.html
  o https://www.suse.com/security/cve/CVE-2021-3347.html
  o https://bugzilla.suse.com/1178684
  o https://bugzilla.suse.com/1179616
  o https://bugzilla.suse.com/1181553


- --------------------------------------------------------------------------------


SUSE Security Update: Security update for the Linux Kernel (Live Patch 18 for
SLE 15)

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:0868-1
Rating:            important
References:        #1178684 #1179616 #1179664 #1181553
Cross-References:  CVE-2020-27786 CVE-2020-28374 CVE-2020-29368 CVE-2021-3347
Affected Products:
                   SUSE Linux Enterprise Module for Live Patching 15
                   SUSE Linux Enterprise Live Patching 12-SP4
______________________________________________________________________________

An update that fixes four vulnerabilities is now available.

Description:

This update for the Linux Kernel 4.12.14-150_52 fixes several issues.
The following security issues were fixed:

  o CVE-2020-29368: Fixed an issue in copy-on-write implementation which could
    have granted unintended write access because of a race condition in a THP
    mapcount check (bsc#1179664).
  o CVE-2021-3347: Fixed a use-after-free in the PI futexes during fault
    handling, allowing local users to execute code in the kernel (bsc#1181553).
  o CVE-2020-27786: Fixed a potential user after free which could have led to
    memory corruption or privilege escalation (bsc#1179616).
  o CVE-2020-28374: Fixed insufficient identifier checking in the LIO SCSI
    target code which could have been used by remote attackers to read or write
    files via directory traversal in an XCOPY request (bsc#1178684).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Module for Live Patching 15:
    zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2021-865=1
    SUSE-SLE-Module-Live-Patching-15-2021-866=1
    SUSE-SLE-Module-Live-Patching-15-2021-867=1
    SUSE-SLE-Module-Live-Patching-15-2021-868=1
  o SUSE Linux Enterprise Live Patching 12-SP4:
    zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2021-822=1

Package List:

  o SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64):
       kernel-livepatch-4_12_14-150_52-default-7-2.2
       kernel-livepatch-4_12_14-150_52-default-debuginfo-7-2.2
       kernel-livepatch-4_12_14-150_55-default-7-2.2
       kernel-livepatch-4_12_14-150_55-default-debuginfo-7-2.2
       kernel-livepatch-4_12_14-150_58-default-6-2.2
       kernel-livepatch-4_12_14-150_58-default-debuginfo-6-2.2
       kernel-livepatch-4_12_14-150_63-default-4-2.2
       kernel-livepatch-4_12_14-150_63-default-debuginfo-4-2.2
  o SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64):
       kgraft-patch-4_12_14-95_65-default-3-2.2


References:

  o https://www.suse.com/security/cve/CVE-2020-27786.html
  o https://www.suse.com/security/cve/CVE-2020-28374.html
  o https://www.suse.com/security/cve/CVE-2020-29368.html
  o https://www.suse.com/security/cve/CVE-2021-3347.html
  o https://bugzilla.suse.com/1178684
  o https://bugzilla.suse.com/1179616
  o https://bugzilla.suse.com/1179664
  o https://bugzilla.suse.com/1181553


- --------------------------------------------------------------------------------


SUSE Security Update: Security update for the Linux Kernel (Live Patch 22 for
SLE 15)

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:0864-1
Rating:            important
References:        #1179664
Cross-References:  CVE-2020-29368
Affected Products:
                   SUSE Linux Enterprise Module for Live Patching 15-SP1
                   SUSE Linux Enterprise Module for Live Patching 15
                   SUSE Linux Enterprise Live Patching 12-SP4
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for the Linux Kernel 4.12.14-150_66 fixes one issue.
The following security issue was fixed:

  o CVE-2020-29368: Fixed an issue in copy-on-write implementation which could
    have granted unintended write access because of a race condition in a THP
    mapcount check (bsc#1179664).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Module for Live Patching 15-SP1:
    zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2021-850=1
  o SUSE Linux Enterprise Module for Live Patching 15:
    zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2021-864=1
  o SUSE Linux Enterprise Live Patching 12-SP4:
    zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2021-821=1

Package List:

  o SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64):
       kernel-livepatch-4_12_14-197_83-default-2-2.2
  o SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64):
       kernel-livepatch-4_12_14-150_66-default-2-2.2
       kernel-livepatch-4_12_14-150_66-default-debuginfo-2-2.2
  o SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64):
       kgraft-patch-4_12_14-95_68-default-2-2.2


References:

  o https://www.suse.com/security/cve/CVE-2020-29368.html
  o https://bugzilla.suse.com/1179664


- --------------------------------------------------------------------------------


SUSE Security Update: Security update for the Linux Kernel (Live Patch 19 for
SLE 15 SP1)

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:0853-1
Rating:            important
References:        #1178684 #1179616 #1179664 #1180859 #1181553 #1182468
Cross-References:  CVE-2020-27786 CVE-2020-28374 CVE-2020-29368 CVE-2021-0342
                   CVE-2021-3347
Affected Products:
                   SUSE Linux Enterprise Module for Live Patching 15-SP1
______________________________________________________________________________

An update that solves 5 vulnerabilities and has one errata is now available.

Description:

This update for the Linux Kernel 4.12.14-197_72 fixes several issues.
The following security issues were fixed:

  o CVE-2020-29368: Fixed an issue in copy-on-write implementation which could
    have granted unintended write access because of a race condition in a THP
    mapcount check (bsc#1179664).
  o Fixed an issue where NFS client filesystems got unmounted on fail-over (bsc
    #1182468).
  o CVE-2021-3347: Fixed a use-after-free in the PI futexes during fault
    handling, allowing local users to execute code in the kernel (bsc#1181553).
  o CVE-2020-27786: Fixed a potential user after free which could have led to
    memory corruption or privilege escalation (bsc#1179616).
  o CVE-2020-28374: Fixed insufficient identifier checking in the LIO SCSI
    target code which could have been used by remote attackers to read or write
    files via directory traversal in an XCOPY request (bsc#1178684).
  o CVE-2021-0342: Fixed a potential memory corruption due to a use after free
    which could have led to local escalation of privilege with System execution
    privileges required (bsc#1180859).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Module for Live Patching 15-SP1:
    zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2021-853=1
    SUSE-SLE-Module-Live-Patching-15-SP1-2021-854=1
    SUSE-SLE-Module-Live-Patching-15-SP1-2021-855=1
    SUSE-SLE-Module-Live-Patching-15-SP1-2021-861=1
    SUSE-SLE-Module-Live-Patching-15-SP1-2021-862=1
    SUSE-SLE-Module-Live-Patching-15-SP1-2021-863=1

Package List:

  o SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64):
       kernel-livepatch-4_12_14-197_34-default-10-2.2
       kernel-livepatch-4_12_14-197_37-default-10-2.2
       kernel-livepatch-4_12_14-197_40-default-9-2.2
       kernel-livepatch-4_12_14-197_64-default-4-2.2
       kernel-livepatch-4_12_14-197_67-default-4-2.2
       kernel-livepatch-4_12_14-197_72-default-3-2.2


References:

  o https://www.suse.com/security/cve/CVE-2020-27786.html
  o https://www.suse.com/security/cve/CVE-2020-28374.html
  o https://www.suse.com/security/cve/CVE-2020-29368.html
  o https://www.suse.com/security/cve/CVE-2021-0342.html
  o https://www.suse.com/security/cve/CVE-2021-3347.html
  o https://bugzilla.suse.com/1178684
  o https://bugzilla.suse.com/1179616
  o https://bugzilla.suse.com/1179664
  o https://bugzilla.suse.com/1180859
  o https://bugzilla.suse.com/1181553
  o https://bugzilla.suse.com/1182468


- --------------------------------------------------------------------------------


SUSE Security Update: Security update for the Linux Kernel (Live Patch 13 for
SLE 15 SP1)

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:0859-1
Rating:            important
References:        #1178684 #1179616 #1179664 #1180859 #1181553 #1182108
                   #1182468
Cross-References:  CVE-2020-27786 CVE-2020-28374 CVE-2020-29368 CVE-2021-0342
                   CVE-2021-3347
Affected Products:
                   SUSE Linux Enterprise Module for Live Patching 15-SP1
______________________________________________________________________________

An update that solves 5 vulnerabilities and has two fixes is now available.

Description:

This update for the Linux Kernel 4.12.14-197_48 fixes several issues.
The following security issues were fixed:

  o CVE-2020-29368: Fixed an issue in copy-on-write implementation which could
    have granted unintended write access because of a race condition in a THP
    mapcount check (bsc#1179664).
  o Fixed an issue where NFS client filesystems got unmounted on fail-over (bsc
    #1182468).
  o Fixed an issue where NFS client hanged on write errors (bsc#1182108).
  o CVE-2021-3347: Fixed a use-after-free in the PI futexes during fault
    handling, allowing local users to execute code in the kernel (bsc#1181553).
  o CVE-2020-27786: Fixed a potential user after free which could have led to
    memory corruption or privilege escalation (bsc#1179616).
  o CVE-2020-28374: Fixed insufficient identifier checking in the LIO SCSI
    target code which could have been used by remote attackers to read or write
    files via directory traversal in an XCOPY request (bsc#1178684).
  o CVE-2021-0342: Fixed a potential memory corruption due to a use after free
    which could have led to local escalation of privilege with System execution
    privileges required (bsc#1180859).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Module for Live Patching 15-SP1:
    zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2021-856=1
    SUSE-SLE-Module-Live-Patching-15-SP1-2021-857=1
    SUSE-SLE-Module-Live-Patching-15-SP1-2021-858=1
    SUSE-SLE-Module-Live-Patching-15-SP1-2021-859=1
    SUSE-SLE-Module-Live-Patching-15-SP1-2021-860=1

Package List:

  o SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64):
       kernel-livepatch-4_12_14-197_45-default-7-2.2
       kernel-livepatch-4_12_14-197_48-default-7-2.2
       kernel-livepatch-4_12_14-197_51-default-7-2.2
       kernel-livepatch-4_12_14-197_56-default-6-2.2
       kernel-livepatch-4_12_14-197_61-default-5-2.2


References:

  o https://www.suse.com/security/cve/CVE-2020-27786.html
  o https://www.suse.com/security/cve/CVE-2020-28374.html
  o https://www.suse.com/security/cve/CVE-2020-29368.html
  o https://www.suse.com/security/cve/CVE-2021-0342.html
  o https://www.suse.com/security/cve/CVE-2021-3347.html
  o https://bugzilla.suse.com/1178684
  o https://bugzilla.suse.com/1179616
  o https://bugzilla.suse.com/1179664
  o https://bugzilla.suse.com/1180859
  o https://bugzilla.suse.com/1181553
  o https://bugzilla.suse.com/1182108
  o https://bugzilla.suse.com/1182468


- --------------------------------------------------------------------------------


SUSE Security Update: Security update for the Linux Kernel (Live 

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:0818-1
Rating:            important
References:        #1178684 #1179616 #1179664 #1180859 #1181553
Cross-References:  CVE-2020-27786 CVE-2020-28374 CVE-2020-29368 CVE-2021-0342
                   CVE-2021-3347
Affected Products:
                   SUSE Linux Enterprise Module for Live Patching 15-SP1
                   SUSE Linux Enterprise Live Patching 12-SP5
______________________________________________________________________________

Patch 5 for
SLE 12 SP5)

An update that fixes 5 vulnerabilities is now available.

Description:

This update for the Linux Kernel 4.12.14-122_23 fixes several issues.
The following security issues were fixed:

  o CVE-2020-29368: Fixed an issue in copy-on-write implementation which could
    have granted unintended write access because of a race condition in a THP
    mapcount check (bsc#1179664).
  o CVE-2021-3347: Fixed a use-after-free in the PI futexes during fault
    handling, allowing local users to execute code in the kernel (bsc#1181553).
  o CVE-2020-27786: Fixed a potential user after free which could have led to
    memory corruption or privilege escalation (bsc#1179616).
  o CVE-2020-28374: Fixed insufficient identifier checking in the LIO SCSI
    target code which could have been used by remote attackers to read or write
    files via directory traversal in an XCOPY request (bsc#1178684).
  o CVE-2021-0342: Fixed a potential memory corruption due to a use after free
    which could have led to local escalation of privilege with System execution
    privileges required (bsc#1180859).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Module for Live Patching 15-SP1:
    zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2021-852=1
  o SUSE Linux Enterprise Live Patching 12-SP5:
    zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2021-810=1
    SUSE-SLE-Live-Patching-12-SP5-2021-811=1
    SUSE-SLE-Live-Patching-12-SP5-2021-812=1
    SUSE-SLE-Live-Patching-12-SP5-2021-813=1
    SUSE-SLE-Live-Patching-12-SP5-2021-814=1
    SUSE-SLE-Live-Patching-12-SP5-2021-815=1
    SUSE-SLE-Live-Patching-12-SP5-2021-816=1
    SUSE-SLE-Live-Patching-12-SP5-2021-817=1
    SUSE-SLE-Live-Patching-12-SP5-2021-818=1
    SUSE-SLE-Live-Patching-12-SP5-2021-819=1
    SUSE-SLE-Live-Patching-12-SP5-2021-820=1

Package List:

  o SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64):
       kernel-livepatch-4_12_14-197_75-default-3-2.2
  o SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64):
       kgraft-patch-4_12_14-122_17-default-11-2.2
       kgraft-patch-4_12_14-122_20-default-10-2.2
       kgraft-patch-4_12_14-122_23-default-9-2.2
       kgraft-patch-4_12_14-122_26-default-9-2.2
       kgraft-patch-4_12_14-122_29-default-9-2.2
       kgraft-patch-4_12_14-122_32-default-9-2.2
       kgraft-patch-4_12_14-122_37-default-8-2.2
       kgraft-patch-4_12_14-122_41-default-7-2.2
       kgraft-patch-4_12_14-122_46-default-5-2.2
       kgraft-patch-4_12_14-122_51-default-5-2.2
       kgraft-patch-4_12_14-122_54-default-3-2.2


References:

  o https://www.suse.com/security/cve/CVE-2020-27786.html
  o https://www.suse.com/security/cve/CVE-2020-28374.html
  o https://www.suse.com/security/cve/CVE-2020-29368.html
  o https://www.suse.com/security/cve/CVE-2021-0342.html
  o https://www.suse.com/security/cve/CVE-2021-3347.html
  o https://bugzilla.suse.com/1178684
  o https://bugzilla.suse.com/1179616
  o https://bugzilla.suse.com/1179664
  o https://bugzilla.suse.com/1180859
  o https://bugzilla.suse.com/1181553


- --------------------------------------------------------------------------------


SUSE Security Update: Security update for the Linux Kernel (Live Patch 14 for
SLE 12 SP5)

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:0809-1
Rating:            important
References:        #1179616 #1179664 #1180859 #1181553
Cross-References:  CVE-2020-27786 CVE-2020-29368 CVE-2021-0342 CVE-2021-3347
Affected Products:
                   SUSE Linux Enterprise Module for Live Patching 15-SP1
                   SUSE Linux Enterprise Live Patching 12-SP5
______________________________________________________________________________

An update that fixes four vulnerabilities is now available.

Description:

This update for the Linux Kernel 4.12.14-122_57 fixes several issues.
The following security issues were fixed:

  o CVE-2020-29368: Fixed an issue in copy-on-write implementation which could
    have granted unintended write access because of a race condition in a THP
    mapcount check (bsc#1179664).
  o CVE-2021-3347: Fixed a use-after-free in the PI futexes during fault
    handling, allowing local users to execute code in the kernel (bsc#1181553).
  o CVE-2020-27786: Fixed a potential user after free which could have led to
    memory corruption or privilege escalation (bsc#1179616).
  o CVE-2021-0342: Fixed a potential memory corruption due to a use after free
    which could have led to local escalation of privilege with System execution
    privileges required (bsc#1180859).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Module for Live Patching 15-SP1:
    zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2021-851=1
  o SUSE Linux Enterprise Live Patching 12-SP5:
    zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2021-809=1

Package List:

  o SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64):
       kernel-livepatch-4_12_14-197_78-default-3-2.2
  o SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64):
       kgraft-patch-4_12_14-122_57-default-3-2.2


References:

  o https://www.suse.com/security/cve/CVE-2020-27786.html
  o https://www.suse.com/security/cve/CVE-2020-29368.html
  o https://www.suse.com/security/cve/CVE-2021-0342.html
  o https://www.suse.com/security/cve/CVE-2021-3347.html
  o https://bugzilla.suse.com/1179616
  o https://bugzilla.suse.com/1179664
  o https://bugzilla.suse.com/1180859
  o https://bugzilla.suse.com/1181553


- --------------------------------------------------------------------------------


SUSE Security Update: Security update for the Linux Kernel (Live 

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:0849-1
Rating:            important
References:        #1178684 #1179664 #1180859 #1181553 #1182468
Cross-References:  CVE-2020-28374 CVE-2020-29368 CVE-2021-0342 CVE-2021-3347
Affected Products:
                   SUSE Linux Enterprise Module for Live Patching 15-SP2
______________________________________________________________________________

Patch 0 for
SLE 15 SP2)

An update that solves four vulnerabilities and has one errata is now available.

Description:

This update for the Linux Kernel 5.3.18-22 fixes several issues.
The following security issues were fixed:

  o CVE-2020-29368: Fixed an issue in copy-on-write implementation which could
    have granted unintended write access because of a race condition in a THP
    mapcount check (bsc#1179664).
  o Fixed an issue where NFS client filesystems got unmounted on fail-over (bsc
    #1182468).
  o CVE-2021-3347: Fixed a use-after-free in the PI futexes during fault
    handling, allowing local users to execute code in the kernel (bsc#1181553).
  o CVE-2020-28374: Fixed insufficient identifier checking in the LIO SCSI
    target code which could have been used by remote attackers to read or write
    files via directory traversal in an XCOPY request (bsc#1178684).
  o CVE-2021-0342: Fixed a potential memory corruption due to a use after free
    which could have led to local escalation of privilege with System execution
    privileges required (bsc#1180859).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Module for Live Patching 15-SP2:
    zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2021-849=1

Package List:

  o SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x
    x86_64):
       kernel-livepatch-5_3_18-22-default-8-5.2
       kernel-livepatch-5_3_18-22-default-debuginfo-8-5.2
       kernel-livepatch-SLE15-SP2_Update_0-debugsource-8-5.2


References:

  o https://www.suse.com/security/cve/CVE-2020-28374.html
  o https://www.suse.com/security/cve/CVE-2020-29368.html
  o https://www.suse.com/security/cve/CVE-2021-0342.html
  o https://www.suse.com/security/cve/CVE-2021-3347.html
  o https://bugzilla.suse.com/1178684
  o https://bugzilla.suse.com/1179664
  o https://bugzilla.suse.com/1180859
  o https://bugzilla.suse.com/1181553
  o https://bugzilla.suse.com/1182468


- --------------------------------------------------------------------------------


SUSE Security Update: Security update for the Linux Kernel (Live 

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:0842-1
Rating:            important
References:        #1178684 #1179664 #1181553 #1182468
Cross-References:  CVE-2020-28374 CVE-2020-29368 CVE-2021-3347
Affected Products:
                   SUSE Linux Enterprise Module for Live Patching 15-SP2
______________________________________________________________________________

Patch 7 for
SLE 15 SP2)

An update that solves three vulnerabilities and has one errata is now
available.

Description:

This update for the Linux Kernel 5.3.18-24_37 fixes several issues.
The following security issues were fixed:

  o CVE-2020-29368: Fixed an issue in copy-on-write implementation which could
    have granted unintended write access because of a race condition in a THP
    mapcount check (bsc#1179664).
  o Fixed an issue where NFS client filesystems got unmounted on fail-over (bsc
    #1182468).
  o CVE-2021-3347: Fixed a use-after-free in the PI futexes during fault
    handling, allowing local users to execute code in the kernel (bsc#1181553).
  o CVE-2020-28374: Fixed insufficient identifier checking in the LIO SCSI
    target code which could have been used by remote attackers to read or write
    files via directory traversal in an XCOPY request (bsc#1178684).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Module for Live Patching 15-SP2:
    zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2021-842=1
    SUSE-SLE-Module-Live-Patching-15-SP2-2021-843=1
    SUSE-SLE-Module-Live-Patching-15-SP2-2021-844=1
    SUSE-SLE-Module-Live-Patching-15-SP2-2021-845=1
    SUSE-SLE-Module-Live-Patching-15-SP2-2021-846=1
    SUSE-SLE-Module-Live-Patching-15-SP2-2021-847=1
    SUSE-SLE-Module-Live-Patching-15-SP2-2021-848=1

Package List:

  o SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x
    x86_64):
       kernel-livepatch-5_3_18-24_12-default-6-2.2
       kernel-livepatch-5_3_18-24_12-default-debuginfo-6-2.2
       kernel-livepatch-5_3_18-24_15-default-6-2.2
       kernel-livepatch-5_3_18-24_15-default-debuginfo-6-2.2
       kernel-livepatch-5_3_18-24_24-default-6-2.2
       kernel-livepatch-5_3_18-24_24-default-debuginfo-6-2.2
       kernel-livepatch-5_3_18-24_29-default-4-2.2
       kernel-livepatch-5_3_18-24_29-default-debuginfo-4-2.2
       kernel-livepatch-5_3_18-24_34-default-4-2.2
       kernel-livepatch-5_3_18-24_34-default-debuginfo-4-2.2
       kernel-livepatch-5_3_18-24_37-default-4-2.2
       kernel-livepatch-5_3_18-24_37-default-debuginfo-4-2.2
       kernel-livepatch-5_3_18-24_9-default-7-2.2
       kernel-livepatch-5_3_18-24_9-default-debuginfo-7-2.2
       kernel-livepatch-SLE15-SP2_Update_1-debugsource-7-2.2
       kernel-livepatch-SLE15-SP2_Update_2-debugsource-6-2.2
       kernel-livepatch-SLE15-SP2_Update_3-debugsource-6-2.2
       kernel-livepatch-SLE15-SP2_Update_4-debugsource-6-2.2
       kernel-livepatch-SLE15-SP2_Update_5-debugsource-4-2.2
       kernel-livepatch-SLE15-SP2_Update_6-debugsource-4-2.2
       kernel-livepatch-SLE15-SP2_Update_7-debugsource-4-2.2


References:

  o https://www.suse.com/security/cve/CVE-2020-28374.html
  o https://www.suse.com/security/cve/CVE-2020-29368.html
  o https://www.suse.com/security/cve/CVE-2021-3347.html
  o https://bugzilla.suse.com/1178684
  o https://bugzilla.suse.com/1179664
  o https://bugzilla.suse.com/1181553
  o https://bugzilla.suse.com/1182468


- --------------------------------------------------------------------------------


SUSE Security Update: Security update for the Linux Kernel (Live Patch 39 for
SLE 12 SP2)

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:0835-1
Rating:            important
References:        #1165631 #1176931 #1177513 #1178684 #1179616
Cross-References:  CVE-2020-0429 CVE-2020-1749 CVE-2020-25645 CVE-2020-27786
                   CVE-2020-28374
Affected Products:
                   SUSE Linux Enterprise Server for SAP 12-SP3
                   SUSE Linux Enterprise Server for SAP 12-SP2
                   SUSE Linux Enterprise Server 12-SP3-LTSS
                   SUSE Linux Enterprise Server 12-SP2-LTSS
______________________________________________________________________________

An update that fixes 5 vulnerabilities is now available.

Description:

This update for the Linux Kernel 4.4.121-92_149 fixes several issues.
The following security issues were fixed:

  o CVE-2020-27786: Fixed a potential user after free which could have led to
    memory corruption or privilege escalation (bsc#1179616).
  o CVE-2020-28374: Fixed insufficient identifier checking in the LIO SCSI
    target code which could have been used by remote attackers to read or write
    files via directory traversal in an XCOPY request (bsc#1178684).
  o CVE-2020-25645: Fixed an issue where the traffic between two Geneve
    endpoints may have been unencrypted when IPsec was configured to encrypt
    traffic for the specific UDP port used by the GENEVE tunnel allowing anyone
    between the two endpoints to read the traffic unencrypted (bsc#1177513).
  o CVE-2020-0429: Fixed a potential memory corruption due to a use after free
    which could have led local escalation of privilege with System execution
    privileges needed (bsc#1176931).
  o CVE-2020-1749: Fixed an issue in some networking protocols in IPsec, such
    as VXLAN and GENEVE tunnels over IPv6 where the kernel was not correctly
    routing tunneled data over the encrypted link rather sending the data
    unencrypted (bsc#1165631).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Server for SAP 12-SP3:
    zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-828=1
  o SUSE Linux Enterprise Server for SAP 12-SP2:
    zypper in -t patch SUSE-SLE-SAP-12-SP2-2021-835=1
  o SUSE Linux Enterprise Server 12-SP3-LTSS:
    zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-828=1
  o SUSE Linux Enterprise Server 12-SP2-LTSS:
    zypper in -t patch SUSE-SLE-SERVER-12-SP2-2021-835=1

Package List:

  o SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64):
       kgraft-patch-4_4_180-94_138-default-2-2.2
       kgraft-patch-4_4_180-94_138-default-debuginfo-2-2.2
  o SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64):
       kgraft-patch-4_4_121-92_149-default-2-2.2
  o SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64):
       kgraft-patch-4_4_180-94_138-default-2-2.2
       kgraft-patch-4_4_180-94_138-default-debuginfo-2-2.2
  o SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le x86_64):
       kgraft-patch-4_4_121-92_149-default-2-2.2


References:

  o https://www.suse.com/security/cve/CVE-2020-0429.html
  o https://www.suse.com/security/cve/CVE-2020-1749.html
  o https://www.suse.com/security/cve/CVE-2020-25645.html
  o https://www.suse.com/security/cve/CVE-2020-27786.html
  o https://www.suse.com/security/cve/CVE-2020-28374.html
  o https://bugzilla.suse.com/1165631
  o https://bugzilla.suse.com/1176931
  o https://bugzilla.suse.com/1177513
  o https://bugzilla.suse.com/1178684
  o https://bugzilla.suse.com/1179616


- --------------------------------------------------------------------------------


SUSE Security Update: Security update for the Linux Kernel (Live Patch 13 for
SLE 12 SP4)

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:0826-1
Rating:            important
References:        #1178684 #1179616 #1179664 #1181553 #1182468
Cross-References:  CVE-2020-27786 CVE-2020-28374 CVE-2020-29368 CVE-2021-3347
Affected Products:
                   SUSE Linux Enterprise Live Patching 12-SP4
______________________________________________________________________________

An update that solves four vulnerabilities and has one errata is now available.

Description:

This update for the Linux Kernel 4.12.14-95_51 fixes several issues.
The following security issues were fixed:

  o CVE-2020-29368: Fixed an issue in copy-on-write implementation which could
    have granted unintended write access because of a race condition in a THP
    mapcount check (bsc#1179664).
  o Fixed an issue where NFS client filesystems got unmounted on fail-over (bsc
    #1182468).
  o CVE-2021-3347: Fixed a use-after-free in the PI futexes during fault
    handling, allowing local users to execute code in the kernel (bsc#1181553).
  o CVE-2020-27786: Fixed a potential user after free which could have led to
    memory corruption or privilege escalation (bsc#1179616).
  o CVE-2020-28374: Fixed insufficient identifier checking in the LIO SCSI
    target code which could have been used by remote attackers to read or write
    files via directory traversal in an XCOPY request (bsc#1178684).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Live Patching 12-SP4:
    zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2021-826=1
    SUSE-SLE-Live-Patching-12-SP4-2021-827=1

Package List:

  o SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64):
       kgraft-patch-4_12_14-95_51-default-9-2.2
  o SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le x86_64):
       kgraft-patch-4_12_14-95_48-default-10-2.2


References:

  o https://www.suse.com/security/cve/CVE-2020-27786.html
  o https://www.suse.com/security/cve/CVE-2020-28374.html
  o https://www.suse.com/security/cve/CVE-2020-29368.html
  o https://www.suse.com/security/cve/CVE-2021-3347.html
  o https://bugzilla.suse.com/1178684
  o https://bugzilla.suse.com/1179616
  o https://bugzilla.suse.com/1179664
  o https://bugzilla.suse.com/1181553
  o https://bugzilla.suse.com/1182468


- --------------------------------------------------------------------------------


SUSE Security Update: Security update for the Linux Kernel (Live Patch 10 for
SLE 15 SP2)

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:0869-1
Rating:            important
References:        #1179664 #1179779
Cross-References:  CVE-2020-29368 CVE-2020-29373
Affected Products:
                   SUSE Linux Enterprise Module for Live Patching 15-SP2
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for the Linux Kernel 5.3.18-24_49 fixes several issues.
The following security issues were fixed:

  o CVE-2020-29368: Fixed an issue in copy-on-write implementation which could
    have granted unintended write access because of a race condition in a THP
    mapcount check (bsc#1179664).
  o CVE-2020-29373: Fixed an issue where kernel unsafely handles the root
    directory during path lookups, and thus a process inside a mount namespace
    could escape to unintended filesystem locations (bsc#1179779).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Module for Live Patching 15-SP2:
    zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2021-869=1

Package List:

  o SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x
    x86_64):
       kernel-livepatch-5_3_18-24_49-default-2-2.2
       kernel-livepatch-5_3_18-24_49-default-debuginfo-2-2.2
       kernel-livepatch-SLE15-SP2_Update_10-debugsource-2-2.2


References:

  o https://www.suse.com/security/cve/CVE-2020-29368.html
  o https://www.suse.com/security/cve/CVE-2020-29373.html
  o https://bugzilla.suse.com/1179664
  o https://bugzilla.suse.com/1179779


- --------------------------------------------------------------------------------


SUSE Security Update: Security update for the Linux Kernel (Live 

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:0841-1
Rating:            important
References:        #1178684 #1179664 #1181553
Cross-References:  CVE-2020-28374 CVE-2020-29368 CVE-2021-3347
Affected Products:
                   SUSE Linux Enterprise Module for Live Patching 15-SP2
______________________________________________________________________________

Patch 8 for
SLE 15 SP2)

An update that fixes three vulnerabilities is now available.

Description:

This update for the Linux Kernel 5.3.18-24_43 fixes several issues.
The following security issues were fixed:

  o CVE-2020-29368: Fixed an issue in copy-on-write implementation which could
    have granted unintended write access because of a race condition in a THP
    mapcount check (bsc#1179664).
  o CVE-2021-3347: Fixed a use-after-free in the PI futexes during fault
    handling, allowing local users to execute code in the kernel (bsc#1181553).
  o CVE-2020-28374: Fixed insufficient identifier checking in the LIO SCSI
    target code which could have been used by remote attackers to read or write
    files via directory traversal in an XCOPY request (bsc#1178684).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Module for Live Patching 15-SP2:
    zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2021-841=1

Package List:

  o SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x
    x86_64):
       kernel-livepatch-5_3_18-24_43-default-3-2.2
       kernel-livepatch-5_3_18-24_43-default-debuginfo-3-2.2
       kernel-livepatch-SLE15-SP2_Update_8-debugsource-3-2.2


References:

  o https://www.suse.com/security/cve/CVE-2020-28374.html
  o https://www.suse.com/security/cve/CVE-2020-29368.html
  o https://www.suse.com/security/cve/CVE-2021-3347.html
  o https://bugzilla.suse.com/1178684
  o https://bugzilla.suse.com/1179664
  o https://bugzilla.suse.com/1181553


- --------------------------------------------------------------------------------


SUSE Security Update: Security update for the Linux Kernel (Live 

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:0840-1
Rating:            important
References:        #1179664 #1181553
Cross-References:  CVE-2020-29368 CVE-2021-3347
Affected Products:
                   SUSE Linux Enterprise Module for Live Patching 15-SP2
______________________________________________________________________________

Patch 9 for
SLE 15 SP2)

An update that fixes two vulnerabilities is now available.

Description:

This update for the Linux Kernel 5.3.18-24_46 fixes several issues.
The following security issues were fixed:

  o CVE-2020-29368: Fixed an issue in copy-on-write implementation which could
    have granted unintended write access because of a race condition in a THP
    mapcount check (bsc#1179664).
  o CVE-2021-3347: Fixed a use-after-free in the PI futexes during fault
    handling, allowing local users to execute code in the kernel (bsc#1181553).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Module for Live Patching 15-SP2:
    zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2021-840=1

Package List:

  o SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x
    x86_64):
       kernel-livepatch-5_3_18-24_46-default-3-2.2
       kernel-livepatch-5_3_18-24_46-default-debuginfo-3-2.2
       kernel-livepatch-SLE15-SP2_Update_9-debugsource-3-2.2


References:

  o https://www.suse.com/security/cve/CVE-2020-29368.html
  o https://www.suse.com/security/cve/CVE-2021-3347.html
  o https://bugzilla.suse.com/1179664
  o https://bugzilla.suse.com/1181553


- --------------------------------------------------------------------------------


SUSE Security Update: Security update for the Linux Kernel (Live Patch 15 for
SLE 12 SP5)

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:0808-1
Rating:            important
References:        #1179616 #1179664
Cross-References:  CVE-2020-27786 CVE-2020-29368
Affected Products:
                   SUSE Linux Enterprise Live Patching 12-SP5
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for the Linux Kernel 4.12.14-122_60 fixes several issues.
The following security issues were fixed:

  o CVE-2020-29368: Fixed an issue in copy-on-write implementation which could
    have granted unintended write access because of a race condition in a THP
    mapcount check (bsc#1179664).
  o CVE-2020-27786: Fixed a potential user after free which could have led to
    memory corruption or privilege escalation (bsc#1179616).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Live Patching 12-SP5:
    zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2021-808=1

Package List:

  o SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64):
       kgraft-patch-4_12_14-122_60-default-2-2.2


References:

  o https://www.suse.com/security/cve/CVE-2020-27786.html
  o https://www.suse.com/security/cve/CVE-2020-29368.html
  o https://bugzilla.suse.com/1179616
  o https://bugzilla.suse.com/1179664

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYFLkrONLKJtyKPYoAQhMhQ//fy6cCXBcx6DME7Fo2qdn/Hdmvaqq0Q+m
5tzEWsRtYieV9/Htsxdr3ssd3g28HKE+kxJjqQNBCV6U0ajCXHo1mC5sggC4KnKR
FxLrEWVYWqDN148w4+Xx4GmoO7AvHCm9Q/PE1+nHmrLNcYUJkgHqa/ALTFX4BwYq
fmN20as51EoOWo5uNPb3XMV4lLn4kwt7BIT3n4zDBa3flUGYvs5sxqFZ0sCN+Ji8
VjSmzZ9MKQpTXjsZt8EzGt+/HXr4GKQxms4P3poMr66+QW+R605nm63nnhKWSYRr
BfVs2n6COXqlwJhrt+orgtsSk+1SnxSVFgq0f4G4n3svtNP2ZrhuYgBc1kfRo0al
Y7n4TjVWShmOk9JJCPNS3qSSBnjQP+HpThCnpqRT8qmZMOvrqsdFaF4T3YIQpNbo
257siJwltj6WvQgkcrR3m0UTocdktHwrgcl9HDyrI2q3RMXgWOTh0WktjaqBKlgN
Ac/PVuJoaSpPcJiYTxX+tD5BhIGTxadgHCb6UgivgWrtroCPFiAYgjx2ht8Q+MfI
eyFQEvm+OMW8SwBYFgcMNGuxI7bi8GZpaUO+9oEpvCOsWppDLTHvCLzgqYNEs+Nn
/Z3D7eEK4qvEfw7ppOHB5QC9bj8KnrOFzbXv2bHwg/8wSoaXfTxpLzFqV82UHyug
holhoKEo5cE=
=NZnr
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.0955 – [SUSE] linux kernel: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/03/18/esb-2021-0955-suse-linux-kernel-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0955-suse-linux-kernel-multiple-vulnerabilities

ESB-2021.0954 – [UNIX/Linux][FreeBSD] dnsmasq: Provide misleading information – Unknown/unspecified

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0954
    dnsmasq -- cache poisoning vulnerability in certain configurations
                               18 March 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           dnsmasq
Publisher:         FreeBSD
Operating System:  FreeBSD
                   UNIX variants (UNIX, Linux, OSX)
Impact/Access:     Provide Misleading Information -- Unknown/Unspecified
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-3448  

Original Bulletin: 
   http://www.vuxml.org/freebsd/5b72b1ff-877c-11eb-bd4f-2f1d57dafe46.html

Comment: This advisory references vulnerabilities in products which run on 
         platforms other than FreeBSD. It is recommended that administrators
         running dnsmasq check for an updated version of the software for 
         their operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

dnsmasq -- cache poisoning vulnerability in certain configurations

Affected packages
  dnsmasq       

Read More

The post ESB-2021.0954 – [UNIX/Linux][FreeBSD] dnsmasq: Provide misleading information – Unknown/unspecified appeared first on Malware Devil.

https://malwaredevil.com/2021/03/18/esb-2021-0954-unix-linuxfreebsd-dnsmasq-provide-misleading-information-unknown-unspecified/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0954-unix-linuxfreebsd-dnsmasq-provide-misleading-information-unknown-unspecified