Malware Devil

Monday, March 22, 2021

ESB-2021.0982 – [Win][UNIX/Linux][RedHat] OpenJDK: Increased privileges – Existing account

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0982
  Red Hat Build of OpenJDK (container images) release and security update
                               22 March 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           OpenJDK 11
                   OpenJDK 1.8
Publisher:         Red Hat
Operating System:  Red Hat
                   UNIX variants (UNIX, Linux, OSX)
                   Windows
Impact/Access:     Increased Privileges -- Existing Account
                   Reduced Security     -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-20264  

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2021:0945
   https://access.redhat.com/errata/RHSA-2021:0946

Comment: This advisory references vulnerabilities in products which run on 
         platforms other than Red Hat. It is recommended that administrators
         running OpenJDK 11 or OpenJDK 1.8 check for an updated version of 
         the software for their operating system.
         
         This bulletin contains two (2) Red Hat security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: Red Hat Build of OpenJDK 11 (container images) release and security update
Advisory ID:       RHSA-2021:0945-01
Product:           OpenJDK
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:0945
Issue date:        2021-03-19
Keywords:          openjdk,images
CVE Names:         CVE-2021-20264 
=====================================================================

1. Summary:

The Red Hat Build of OpenJDK 11 (container images) is now available from
the Red Hat Customer Portal.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

The OpenJDK 11 container images provide the OpenJDK 11 Java Runtime
Environment and the OpenJDK 11 Java Software Development Kit.

This release of the Red Hat Build of OpenJDK 11 (openjdk-11-rhel7:1.1-12
and ubi8-openjdk-11:1.3-10) serves as a replacement for the Red Hat Build
of OpenJDK 11 (openjdk-11-rhel7:1.1-11 and ubi8-openjdk-11:1.3-9), and
includes security and bug fixes, and enhancements. For further information,
refer to the release notes linked to in the References section. 

Security Fix(es):

* ubi8/openjdk-11: containers/openjdk: /etc/passwd is given incorrect
privileges (CVE-2021-20264)

* openjdk/openjdk-11-rhel7: containers/openjdk: /etc/passwd is given
incorrect privileges (CVE-2021-20264)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

3. Solution:

Before applying the update, back up your existing installation, including
all applications, configuration files, databases and database settings, and
so on.

The References section of this erratum contains a link to the updated
containers.

4. Bugs fixed (https://bugzilla.redhat.com/):

1932283 - CVE-2021-20264 containers/openjdk: /etc/passwd is given incorrect privileges

5. References:

https://access.redhat.com/security/cve/CVE-2021-20264
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/articles/4859371
https://catalog.redhat.com/software/containers/openjdk/openjdk-11-rhel7/5bf57185dd19c775cddc4ce5?tag=1.1-12&push_date=1616089599000
https://catalog.redhat.com/software/containers/ubi8/openjdk-11/5dd6a4b45a13461646f677f4?container-tabs=overview&tag=1.3-10&push_date=1616090044000

6. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYFTX7tzjgjWX9erEAQg2YRAAnDwOkQx7Pqq3VnxJi5mxdUiN0JAJ4L2C
N/kh4yGMz9ZbqFXQfdXRdSlTIJoO6cyVe/ObV2WBzaKJRh1XrHzQgaN62rfTntu2
L2NcycAnZXSthY4Hx0gHNkF52zgPibDjjMFvsDasvlbmr2ga82tZvj1Dq3mwE81K
XrvFY1f+FP05RHkJP3oGtfOGPBNGXTqYCHyFguQwj2XNVr9gUus/NWLweDxkJrhS
QQD/Q1qCg6VwI+O+LfxQilkXgnvtHFk7ICxVDt1hiEoBeBeFqKbLUXJ7xsqxzmmj
V8sgy9Va82qA51CJnXZHpY4rbwnQoUI82D9BRWyyHvjFQfe+zBNjf1qIW7c7zhyd
U65h8nLhJgjhdFpojH7nQvCib2c12a4Y/CO1hq9OUc/RN4enemRWH9oNOcMekn+7
SakvTsZp3Y0IxakiSFPuwnMnGaVJnDn+iLOqyxGk0oCxdgzvWCrU7x+SNJz/JSVr
OFJ+Mn1x6P05RMsmL2eSJc06dutDOpztcXrToWHjuzkCXSjN3ABpJoigsaKHvNsG
F0n9SzoAa2m+f0NbUwUC4/KArnqSp/w07VS3q4hvJkdnzSq8Rc1OsV3vOWOBibIm
mSgpIaGjKZBqRT63I4DcpVxmtknxJhLd6YaFVv3sw1NPi6+AhgSEuDelI2i/S4AK
5qt1hDnJtNA=
=e0p2
- -----END PGP SIGNATURE-----


- --------------------------------------------------------------------------------


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: Red Hat Build of OpenJDK 1.8 (container images) release and security update
Advisory ID:       RHSA-2021:0946-01
Product:           OpenJDK
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:0946
Issue date:        2021-03-19
Keywords:          openjdk,images
CVE Names:         CVE-2021-20264 
=====================================================================

1. Summary:

The Red Hat Build of OpenJDK 8 (container images) is now available from the
Red Hat Container Catalog.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

The OpenJDK 8 container images provide the OpenJDK 8 Java Runtime
Environment and the OpenJDK 8 Java Software Development Kit.

This release of the Red Hat build of OpenJDK 8 (openjdk18-openshift:1.8-26
and ubi8-openjdk-8:1.3-9) serves as a replacement for the Red Hat build of
OpenJDK 8 (openjdk18-openshift:1.8-25 and ubi8-openjdk-8:1.3-8), and
includes security and bug fixes, and enhancements. For further information,
refer to the release notes linked to in the References section. 

Security Fix(es):

* ubi8/openjdk-8: containers/openjdk: /etc/passwd is given incorrect
privileges (CVE-2021-20264)

* redhat-openjdk-18/openjdk18-openshift: containers/openjdk: /etc/passwd is
given incorrect privileges (CVE-2021-20264)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

3. Solution:

Before applying the update, back up your existing installation, including
all applications, configuration files, databases and database settings, and
so on.

The References section of this erratum contains a link to the updated
containers.

4. Bugs fixed (https://bugzilla.redhat.com/):

1932283 - CVE-2021-20264 containers/openjdk: /etc/passwd is given incorrect privileges

5. References:

https://access.redhat.com/security/cve/CVE-2021-20264
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/articles/4859371
https://catalog.redhat.com/software/containers/redhat-openjdk-18/openjdk18-openshift/58ada5701fbe981673cd6b10?tag=1.8-26&push_date=1616089599000
https://catalog.redhat.com/software/containers/ubi8/openjdk-8/5dd6a48dbed8bd164a09589a?tag=1.3-9&push_date=1616090044000

6. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYFTYC9zjgjWX9erEAQicdg//XcrznVl6lL0ia0iASxS5TxKyCme9cpqi
+wIfgO2cnYdD5zszQREx+1+U97QgFOfz7jjeHlikhf4xrRLt2bH9mwaKEOxvRe60
mT/rTjsu75SNtJON8+g+LgvpYx7CFvVul90Nxf875EIQizVjpAGIddbbBY5G969Q
N/HgQHPSZjnLHUUa4J5MvzRxW1pPrIdQHXyXtK3TSj6WB1IhpWZ12xTvQnfyQ6Yd
Ue2mat5sM0iIrRMeATtH7VrEnkaIgwrliYk5Uvs2FZ6dBJeh7aa9IVZMw3YyiXt7
HkM/oT6RDqGx8x9xij1xbffoziggnJnzzYTP1b42lo3N+ykc82Ye5t6bwzSNomjA
bqxoTxkzcyJ9SsnU5VY+bi73CU6xC599R1yhElyvdRTCYXniHMsPigrnRQNXkukB
K7KWWa1UHpBABqcheXX+QpYZWhxIY6IiH2ceBhRo8+UnmxQ6TJb5YPLAltMrwsh8
jzXk1nf9sQOufjH1jwKPPY1MxE9dfNAve/vzXc7BWGPh1VyXVhGtnYzsGb5jy97d
FDzVha6aWGas030hrLfG4nEIil4RT06zTFRbeY2WpkW8dMJ9OL3UdKJEYhuH4RkN
I2GRxSVDoCrXvKHfN7Zf8LNq3Z9oR0uU6rgBU+ERGj5vVnCeqQFwaVsSiwLbayht
QXege6hsBbQ=
=YsgT
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYFgFuuNLKJtyKPYoAQgJ4g//dwwD8SbEAaFqtkM4itICe5hXtbUxEgsE
54q25JA7SaHkMmmWnW3tbiIaJN7R2k0FGJZxzdTwtbGBtVbhdue51jGmskluen/O
v2metRU0oft+2UfJ5YZjT9XcZS5gjWibB9UdDFJ5zSWRLuMNPjN3cf+vs0Ig4J9w
GcIMQOYZeuO8jgA+kyD5YsDNtZDk/3wo/GiHBfcKKY3+OSFNKllXJ563d8B33Fd8
sngFd1aG0zdDdgSF5WIb93pT03NTGYJ5S0MLZb+aAesSdQ7ic9vJgTDx/6tEoE+o
jYH5UhZ9W4SzbCc+NkRJamuCEAqYR62sU5+bPMEbNrBNOziPEEBLljM4pSvXHRgf
fIzj8yGyYFEsxiv39QO+jz6dhuYuxqqVVhxCJ14pkVxd4uzBGS/PsKSNM3kdHulv
C3jcvpcJO1+eqaF9dOtuk4ny7oSfpCjUZ6gp7STZ2CI7YpVbo1yBsLV4L9AGB41b
XC1TiazXBQvtU7hOdDcF44CO3iyEfvHrIELg3dB2dG8S/ZnHxW7/tWN+yRoqo7yF
WDEbWmwD+krm8CdCrsIe9Mty0udjIp4sYg3yPGEP0kZK9P6H0y3DKH8bdfF2+BYS
0FLkzDsKCZT8zCP+d8O8yuBgv4oyj/yvhukgtUREPu5IQI93E07v573Cj/cnWn+w
B1dQHc837D8=
=ZO/o
-----END PGP SIGNATURE-----

The post ESB-2021.0982 – [Win][UNIX/Linux][RedHat] OpenJDK: Increased privileges – Existing account appeared first on Malware Devil.

https://malwaredevil.com/2021/03/22/esb-2021-0982-winunix-linuxredhat-openjdk-increased-privileges-existing-account/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0982-winunix-linuxredhat-openjdk-increased-privileges-existing-account

ESB-2021.0981 – [Ubuntu] Linux Kernel: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0981
                 USN-4883-1: Linux kernel vulnerabilities
                               22 March 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Linux kernel
                   Linux kernel (OEM)
Publisher:         Ubuntu
Operating System:  Ubuntu
Impact/Access:     Execute Arbitrary Code/Commands -- Existing Account
                   Increased Privileges            -- Existing Account
                   Denial of Service               -- Existing Account
                   Access Confidential Data        -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-27365 CVE-2021-27364 CVE-2021-27363
                   CVE-2021-20194 CVE-2021-3348 CVE-2021-3347

Reference:         ESB-2021.0920
                   ESB-2021.0837

Original Bulletin: 
   https://ubuntu.com/security/notices/USN-4883-1
   https://ubuntu.com/security/notices/USN-4884-1

Comment: This bulletin contains two (2) Ubuntu security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

USN-4883-1: Linux kernel vulnerabilities
20 March 2021

Several security issues were fixed in the Linux kernel.
Releases

  o Ubuntu 18.04 LTS
  o Ubuntu 16.04 LTS
  o Ubuntu 14.04 ESM

Packages

  o linux - Linux kernel
  o linux-aws - Linux kernel for Amazon Web Services (AWS) systems
  o linux-aws-hwe - Linux kernel for Amazon Web Services (AWS-HWE) systems
  o linux-azure - Linux kernel for Microsoft Azure Cloud systems
  o linux-azure-4.15 - Linux kernel for Microsoft Azure Cloud systems
  o linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
  o linux-gcp-4.15 - Linux kernel for Google Cloud Platform (GCP) systems
  o linux-hwe - Linux hardware enablement (HWE) kernel
  o linux-kvm - Linux kernel for cloud environments
  o linux-oracle - Linux kernel for Oracle Cloud systems
  o linux-raspi2 - Linux kernel for Raspberry Pi (V8) systems
  o linux-snapdragon - Linux kernel for Qualcomm Snapdragon processors

Details

Adam Nichols discovered that heap overflows existed in the iSCSI subsystem
in the Linux kernel. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. ( CVE-2021-27365 )

Adam Nichols discovered that the iSCSI subsystem in the Linux kernel did
not properly restrict access to iSCSI transport handles. A local attacker
could use this to cause a denial of service or expose sensitive information
(kernel pointer addresses). ( CVE-2021-27363 )

Adam Nichols discovered that an out-of-bounds read existed in the iSCSI
subsystem in the Linux kernel. A local attacker could use this to cause a
denial of service (system crash) or expose sensitive information (kernel
memory). ( CVE-2021-27364 )

Update instructions

The problem can be corrected by updating your system to the following package
versions:

Ubuntu 18.04

  o linux-image-4.15.0-1081-raspi2 - 4.15.0-1081.86
  o linux-image-powerpc-e500mc - 4.15.0.139.126
  o linux-image-4.15.0-1096-aws - 4.15.0-1096.103
  o linux-image-4.15.0-139-lowlatency - 4.15.0-139.143
  o linux-image-gcp-lts-18.04 - 4.15.0.1095.113
  o linux-image-4.15.0-1087-kvm - 4.15.0-1087.89
  o linux-image-oracle-lts-18.04 - 4.15.0.1067.77
  o linux-image-4.15.0-1095-gcp - 4.15.0-1095.108
  o linux-image-virtual - 4.15.0.139.126
  o linux-image-4.15.0-139-generic-lpae - 4.15.0-139.143
  o linux-image-snapdragon - 4.15.0.1098.101
  o linux-image-powerpc64-emb - 4.15.0.139.126
  o linux-image-4.15.0-1067-oracle - 4.15.0-1067.75
  o linux-image-aws-lts-18.04 - 4.15.0.1096.99
  o linux-image-4.15.0-1110-azure - 4.15.0-1110.122
  o linux-image-generic - 4.15.0.139.126
  o linux-image-4.15.0-1098-snapdragon - 4.15.0-1098.107
  o linux-image-kvm - 4.15.0.1087.83
  o linux-image-raspi2 - 4.15.0.1081.78
  o linux-image-azure-lts-18.04 - 4.15.0.1110.83
  o linux-image-powerpc-smp - 4.15.0.139.126
  o linux-image-generic-lpae - 4.15.0.139.126
  o linux-image-4.15.0-139-generic - 4.15.0-139.143
  o linux-image-powerpc64-smp - 4.15.0.139.126
  o linux-image-lowlatency - 4.15.0.139.126

Ubuntu 16.04

  o linux-image-powerpc-e500mc - 4.4.0.206.212
  o linux-image-4.4.0-206-powerpc-smp - 4.4.0-206.238
  o linux-image-4.4.0-206-powerpc-e500mc - 4.4.0-206.238
  o linux-image-4.15.0-1096-aws - 4.15.0-1096.103~16.04.1
  o linux-image-generic-hwe-16.04 - 4.15.0.139.134
  o linux-image-4.15.0-139-lowlatency - 4.15.0-139.143~16.04.1
  o linux-image-virtual-hwe-16.04 - 4.15.0.139.134
  o linux-image-oracle - 4.15.0.1067.55
  o linux-image-azure - 4.15.0.1110.101
  o linux-image-generic-lpae-hwe-16.04 - 4.15.0.139.134
  o linux-image-4.4.0-1090-kvm - 4.4.0-1090.99
  o linux-image-4.15.0-1095-gcp - 4.15.0-1095.108~16.04.1
  o linux-image-virtual - 4.4.0.206.212
  o linux-image-4.15.0-139-generic-lpae - 4.15.0-139.143~16.04.1
  o linux-image-4.4.0-206-generic-lpae - 4.4.0-206.238
  o linux-image-snapdragon - 4.4.0.1152.144
  o linux-image-powerpc64-smp - 4.4.0.206.212
  o linux-image-4.15.0-139-generic - 4.15.0-139.143~16.04.1
  o linux-image-4.4.0-206-lowlatency - 4.4.0-206.238
  o linux-image-gke - 4.15.0.1095.96
  o linux-image-4.4.0-206-powerpc64-smp - 4.4.0-206.238
  o linux-image-azure-edge - 4.15.0.1110.101
  o linux-image-4.15.0-1110-azure - 4.15.0-1110.122~16.04.1
  o linux-image-generic - 4.4.0.206.212
  o linux-image-4.4.0-1124-aws - 4.4.0-1124.138
  o linux-image-oem - 4.15.0.139.134
  o linux-image-aws - 4.4.0.1124.129
  o linux-image-kvm - 4.4.0.1090.88
  o linux-image-powerpc-smp - 4.4.0.206.212
  o linux-image-generic-lpae - 4.4.0.206.212
  o linux-image-4.4.0-206-powerpc64-emb - 4.4.0-206.238
  o linux-image-gcp - 4.15.0.1095.96
  o linux-image-lowlatency-hwe-16.04 - 4.15.0.139.134
  o linux-image-4.4.0-1152-snapdragon - 4.4.0-1152.162
  o linux-image-powerpc64-emb - 4.4.0.206.212
  o linux-image-4.4.0-206-generic - 4.4.0-206.238
  o linux-image-4.15.0-1067-oracle - 4.15.0-1067.75~16.04.1
  o linux-image-lowlatency - 4.4.0.206.212
  o linux-image-aws-hwe - 4.15.0.1096.89

Ubuntu 14.04

  o linux-image-4.15.0-1110-azure - 4.15.0-1110.122~14.04.1
  o linux-image-aws - 4.4.0.1088.85
  o linux-image-4.4.0-1088-aws - 4.4.0-1088.92
  o linux-image-azure - 4.15.0.1110.83

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

  o CVE-2021-27365
  o CVE-2021-27363
  o CVE-2021-27364


- --------------------------------------------------------------------------------


USN-4884-1: Linux kernel (OEM) vulnerabilities
20 March 2021

Several security issues were fixed in the Linux kernel.
Releases

  o Ubuntu 20.04 LTS

Packages

  o linux-oem-5.10 - Linux kernel for OEM systems

Details

Loris Reiff discovered that the BPF implementation in the Linux kernel did
not properly validate attributes in the getsockopt BPF hook. A local
attacker could possibly use this to cause a denial of service (system
crash). ( CVE-2021-20194 )

It was discovered that the priority inheritance futex implementation in the
Linux kernel contained a race condition, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. ( CVE-2021-3347 )

It was discovered that the network block device (nbd) driver in the Linux
kernel contained a use-after-free vulnerability during device setup. A
local attacker with access to the nbd device could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
( CVE-2021-3348 )

Update instructions

The problem can be corrected by updating your system to the following package
versions:

Ubuntu 20.04

  o linux-image-oem-20.04b - 5.10.0.1017.18
  o linux-image-5.10.0-1017-oem - 5.10.0-1017.18

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

  o CVE-2021-3348
  o CVE-2021-20194
  o CVE-2021-3347

Related notices

  o USN-4878-1 : linux-image-gke-5.4, linux-image-5.4.0-1038-gcp,
    linux-image-5.4.0-67-lowlatency, linux-image-oem, linux-azure-5.4,
    linux-hwe-5.4, linux, linux-image-gcp, linux-gke-5.4, linux-oracle-5.4,
    linux-image-raspi2, linux-image-raspi-hwe-18.04, linux-image-oracle,
    linux-image-snapdragon-hwe-18.04, linux-raspi, linux-image-5.4.0-1039-aws,
    linux-image-5.4.0-67-generic, linux-gcp-5.4, linux-gkeop,
    linux-image-generic-hwe-18.04, linux-image-5.4.0-1041-azure,
    linux-image-gkeop-5.4, linux-image-5.4.0-67-generic-lpae,
    linux-image-raspi, linux-image-gkeop, linux-gcp, linux-gkeop-5.4,
    linux-image-virtual-hwe-18.04, linux-image-lowlatency-hwe-18.04, linux-aws,
    linux-image-generic-lpae-hwe-18.04, linux-image-5.4.0-1034-kvm,
    linux-image-5.4.0-1011-gkeop, linux-image-oem-osp1,
    linux-image-5.4.0-1037-gke, linux-image-aws, linux-image-aws-edge,
    linux-image-generic-lpae, linux-oracle, linux-image-azure, linux-kvm,
    linux-image-virtual, linux-image-5.4.0-1030-raspi,
    linux-image-5.4.0-1039-oracle, linux-image-kvm, linux-raspi-5.4,
    linux-image-gcp-edge, linux-image-lowlatency, linux-image-generic,
    linux-azure, linux-image-azure-edge, linux-aws-5.4
  o USN-4879-1 : linux-image-gke, linux-image-generic-lpae-hwe-20.04,
    linux-image-5.8.0-1024-azure, linux-image-5.8.0-45-generic-lpae,
    linux-image-5.8.0-45-generic-64k, linux, linux-image-gcp,
    linux-image-5.8.0-1025-aws, linux-image-lowlatency-hwe-20.04,
    linux-image-generic-64k, linux-hwe-5.8, linux-image-oracle, linux-raspi,
    linux-image-5.8.0-1020-kvm, linux-image-raspi,
    linux-image-generic-64k-hwe-20.04, linux-image-generic-hwe-20.04,
    linux-gcp, linux-image-5.8.0-1017-raspi-nolpae,
    linux-image-5.8.0-1022-oracle, linux-aws, linux-image-5.8.0-45-generic,
    linux-image-aws, linux-image-generic-lpae, linux-oracle, linux-image-azure,
    linux-kvm, linux-image-virtual-hwe-20.04, linux-image-oem-20.04,
    linux-image-virtual, linux-image-5.8.0-1024-gcp,
    linux-image-5.8.0-1017-raspi, linux-image-kvm, linux-image-raspi-nolpae,
    linux-image-lowlatency, linux-image-generic,
    linux-image-5.8.0-45-lowlatency, linux-azure

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYFgFpuNLKJtyKPYoAQiiHxAAmwToC3TSwFpBlmlhCnM0MIXA4MqIj3Ty
MuQkRf0I7fbeyb4T7Mq9uf351homRDgBCn0Sc1R2LJwoCoz9Uve21psCpVgVgPjM
UY1kd/tC5tqPLnhjVdtoxO33nI2V5KGxb2tsUeJNjrUDX4mGkiGkCpHjZAik8UAO
uC4roz/FhDiBvz9sz0ecEzn0AsUS+5f0oGWtYOGvnlu0eWSeaze/NRyOESNXt1vM
3r00c/luKvatm7eXsxAl2vwxTo0l8xEST/66fE9Jvoh11v8mooffgI9PmcibHcfs
h16HF0CJc+GCdOK265wYiCwJf5DGmZ4no8rzUPcWnZah7hekYW73xw7tCbRsc1PJ
KlcaUxu4087FaH9PNbhFx+hl9zSi8ye2WOZsucNytRpB5ryrKkJSHHWMqr1aRDYg
0846V/gwi22yG7sEB60hHb5yCXLoAiBg0P+lxn2kt1lUMAfKfpVcBNmbxPCQp13Q
af3jx87NvXgjGFOdJWpf2SVK/rpAATKyh3lD5wuo7eA90g2nsJRPaVeMbNd5nM76
sV4lWTkqIDHac886n9BM+JztA344456C0yEsamFE0k7bzPWuScOkQ0zeH3wOw5pg
6U7SIqwhFkccHQYZmZ+T7iUqfz5QGG4BV8L9hkeBhpfKo3CNTg7h06bdedHysaxO
71KUJNjUeio=
=VMBs
-----END PGP SIGNATURE-----

The post ESB-2021.0981 – [Ubuntu] Linux Kernel: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/03/22/esb-2021-0981-ubuntu-linux-kernel-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0981-ubuntu-linux-kernel-multiple-vulnerabilities

ESB-2021.0980 – [Appliance] BIG-IP Products: Denial of service – Remote/unauthenticated

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0980
                     TMM vulnerability CVE-2021-23007
                               22 March 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           BIG-IP Products
Publisher:         F5 Networks
Operating System:  Network Appliance
Impact/Access:     Denial of Service -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-23007  

Original Bulletin: 
   https://support.f5.com/csp/article/K37451543

- --------------------------BEGIN INCLUDED TEXT--------------------

K37451543: TMM vulnerability CVE-2021-23007

Original Publication Date: 20 Mar, 2021

Security Advisory Description

When the Traffic Management Microkernel (TMM) process handles certain
undisclosed traffic, it may start dropping all fragmented IP traffic. 
(CVE-2021-23007)

Impact

TMM incorrectly determines that the fragment memory limit has been reached and
drops all fragments it receives, disrupting traffic to the BIG-IP system.

You can determine if your system is impacted by running the tmctl ip_stat
command from the BIG-IP command line and reviewing the output for an unusually
large value in the frag_bytes_used column for a given TMM. You may observe that
some TMM processes have high values and others do not. For example:

   rx_frag rx_frag_dropped err_frag_mem_limit_reached      frag_bytes_used
  -------- --------------- -------------------------- --------------------
  46406517             508                          0                    0

   rx_frag rx_frag_dropped err_frag_mem_limit_reached      frag_bytes_used
  -------- --------------- -------------------------- --------------------
  44739031             217                          0                    0

   rx_frag rx_frag_dropped err_frag_mem_limit_reached      frag_bytes_used
  -------- --------------- -------------------------- --------------------
  39322744         8404728                    8404628 18446744073709547072

   rx_frag rx_frag_dropped err_frag_mem_limit_reached      frag_bytes_used
  -------- --------------- -------------------------- --------------------
  33528060        15659496                   15659334 18446744073709547072

   rx_frag rx_frag_dropped err_frag_mem_limit_reached      frag_bytes_used
  -------- --------------- -------------------------- --------------------
  46712180             157                          0                    0

   rx_frag rx_frag_dropped err_frag_mem_limit_reached      frag_bytes_used
  -------- --------------- -------------------------- --------------------
  38912369        10588696                   10588558 18446744073709547072

Security Advisory Status

F5 Product Development has assigned ID 1002561 (BIG-IP) to this vulnerability.

To determine if your product and version have been evaluated for this
vulnerability, refer to the Applies to (see versions) box. To determine if your
release is known to be vulnerable, the components or features that are affected
by the vulnerability, and for information about releases, point releases, or
hotfixes that address the vulnerability, refer to the following table. For more
information about security advisory versioning, refer to K51812227:
Understanding security advisory versioning.

Note: After a fix is introduced for a vulnerable version, that fix applies to
all subsequent point releases for that version and no additional fixes for that
version will be listed in the table. For example, when a fix is introduced in
14.1.2.3, the fix applies to 14.1.2.4 and all later point releases.

+-----------+------+----------+-------------------------------------+----------+------+----------+
|           |      |Versions  |                                     |          |CVSSv3|Vulnerable|
|Product    |Branch|known to  |Fixes introduced in                  |Severity  |score^|component |
|           |      |be        |                                     |          |1     |or feature|
|           |      |vulnerable|                                     |          |      |          |
+-----------+------+----------+-------------------------------------+----------+------+----------+
|           |16.x  |16.0.1.1  |Hotfix-BIGIP-16.0.1.1.9.6-ENG.iso^2  |          |      |          |
|           +------+----------+-------------------------------------+          |      |          |
|           |15.x  |None      |Not applicable                       |          |      |          |
|           +------+----------+-------------------------------------+          |      |          |
|           |14.x  |14.1.4    |Hotfix-BIGIP-14.1.4.0.120.11-ENG.iso^|          |      |TMM (IP   |
|BIG-IP (all|      |          |2                                    |Medium    |5.3   |Fragment  |
|modules)   +------+----------+-------------------------------------+          |      |Handling) |
|           |13.x  |None      |Not applicable                       |          |      |          |
|           +------+----------+-------------------------------------+          |      |          |
|           |12.x  |None      |Not applicable                       |          |      |          |
|           +------+----------+-------------------------------------+          |      |          |
|           |11.x  |None      |Not applicable                       |          |      |          |
+-----------+------+----------+-------------------------------------+----------+------+----------+
|           |8.x   |None      |Not applicable                       |          |      |          |
|BIG-IQ     +------+----------+-------------------------------------+Not       |      |          |
|Centralized|7.x   |None      |Not applicable                       |vulnerable|None  |None      |
|Management +------+----------+-------------------------------------+          |      |          |
|           |6.x   |None      |Not applicable                       |          |      |          |
+-----------+------+----------+-------------------------------------+----------+------+----------+
|F5OS       |1.x   |None      |Not applicable                       |Not       |None  |None      |
|           |      |          |                                     |vulnerable|      |          |
+-----------+------+----------+-------------------------------------+----------+------+----------+
|Traffix SDC|5.x   |None      |Not applicable                       |Not       |None  |None      |
|           |      |          |                                     |vulnerable|      |          |
+-----------+------+----------+-------------------------------------+----------+------+----------+

^1The CVSSv3 score link takes you to a resource outside of AskF5, and it is
possible that the document may be removed without our knowledge.

^2You can download engineering hotfix releases from the following locations:

  o Engineering hotfix for 16.0.1.1: https://downloads.f5.com/esd/ecc.svsw=
    BIG-IP&pro=big-ip_v16.x&ver=16.0.1&container=HotFix-BIGIP-16.0.1.1.9.6-EHF9
  o Engineering hotfix for 14.1.4: https://downloads.f5.com/esd/ecc.svsw=
    BIG-IP&pro=big-ip_v14.x&ver=14.1.4&container=
    HotFix-BIGIP-14.1.4.0.120.11-EHF120

Recommended Actions

If you are running a version listed in the Versions known to be vulnerable
column, you can eliminate this vulnerability by installing a version listed in
the Fixes introduced in column. If the Fixes introduced in column does not list
a version for your branch, then no update candidate currently exists for that
branch and F5 recommends upgrading to a version with the fix (refer to the
table).

If the Fixes introduced in column lists a version prior to the one you are
running, in the same branch, then your version should have the fix.

Mitigation

You can restart the TMM process to recover from the condition; however, this is
not a permanent fix. To do so, perform the following procedure:

Impact of procedure: Performing the following procedure causes a temporary
traffic disruption while the TMM process restarts. You should perform this
procedure only during a scheduled maintenance period.

 1. Log in to the TMOS Shell (tmsh) by entering the following command:

    tmsh

 2. To restart the TMM process, enter the following command:

    restart /sys service tmm

Supplemental Information

o K41942608: Overview of security advisory articles
  o K4602: Overview of the F5 security vulnerability response policy
  o K4918: Overview of the F5 critical issue hotfix policy
  o K9502: BIG-IP hotfix and point release matrix
  o K13123: Managing BIG-IP product hotfixes (11.x - 16.x)
  o K167: Downloading software and firmware from F5
  o K9970: Subscribing to email notifications regarding F5 products
  o K9957: Creating a custom RSS feed to view new and updated documents

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYFgFm+NLKJtyKPYoAQjeBQ/5ARSvrMQ9E7hIgzf4Q0uDJQwrpts/i2Vd
/g9xc/Us5t9Wv8Pn+Jt91O3Lut55g8yFM8T3/U6YBpf2+kd5fbH0AK9vuriUxMy6
ANKaoyGrVaErv8t7jZOCXua4YxbQHhaJOm11xypuMhgFWYWQv87ouOfCCK2JBj2k
hcf/vRChKDrSW+M9jA1Jv4pEa5+WJUTCLCZrVmg6WvPBGUwEVcUxdfRoe/RUsHWT
V2EFtbwgvGLfzqwghUmHoqELpKaDYPnecEBW8+Mfjp1AcxpYR/OvQ8x9w3eBafHt
dyP3AkngQXWwXeW4oVkFmEXeVktOnduCc4qEAIcI3PHEQZvynxQMJtM9HRwNY44E
1ZxuGNOWt/OUgAKA4VbV9FfInyuOBUGPXIyOfmw7bj+xIWqtBrclihs9Rd0Nb1qQ
BeQWnhns36KFhYilszQH3tRg7XC/R4XSjZrIFJHV6OJByT02BrdW/Td8nXuiJfrM
WcR4vfYVzr/d/BPa4J8+Gcd5T+aSpAJtSuoDNqzbLOF3XB49P8Klm2rquINZB4nP
17t7IVz+DDIXF5npeG8e3ECOZhLy0L9erzApCAhdumBvfe03IeI3d9TeZ86+GKRg
RtNfzrbV5sIOZxuQ838crJfRjoXciYtbQpJoa5pEd2CAcAhTOxDQcVo1TAFlOYsn
Qek8LpmTW64=
=f3c/
-----END PGP SIGNATURE-----

The post ESB-2021.0980 – [Appliance] BIG-IP Products: Denial of service – Remote/unauthenticated appeared first on Malware Devil.

https://malwaredevil.com/2021/03/22/esb-2021-0980-appliance-big-ip-products-denial-of-service-remote-unauthenticated/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0980-appliance-big-ip-products-denial-of-service-remote-unauthenticated

ESB-2021.0978 – [SUSE] SUSE Manager Server 4.1: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0978
                Security update for SUSE Manager Server 4.1
                               22 March 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           SUSE Manager Server 4.1
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Delete Arbitrary Files          -- Existing Account      
                   Denial of Service               -- Remote/Unauthenticated
                   Access Confidential Data        -- Existing Account      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-28477 CVE-2020-26259 CVE-2020-26258
                   CVE-2020-26217  

Reference:         ESB-2021.0977
                   ESB-2021.0436
                   ESB-2021.0381
                   ESB-2021.0328

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2021/suse-su-20210906-1

- --------------------------BEGIN INCLUDED TEXT--------------------

SUSE Security Update: Security update for SUSE Manager Server 4.1

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:0906-1
Rating:            moderate
References:        #1157711 #1173893 #1175660 #1177508 #1179579 #1180145
                   #1180146 #1180224 #1180439 #1180547 #1180558 #1180757
                   #1180994 #1181048 #1181165 #1181228 #1181290 #1181416
                   #1181423 #1181635 #1181807 #1181814 #1182001 #1182006
                   #1182008 #1182071 #1182200 #1182492 #1182685
Cross-References:  CVE-2020-26217 CVE-2020-26258 CVE-2020-26259 CVE-2020-28477
Affected Products:
                   SUSE Linux Enterprise Module for SUSE Manager Server 4.1
                   SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1
______________________________________________________________________________

An update that solves four vulnerabilities and has 25 fixes is now available.

Description:

This update fixes the following issues:
cobbler:

  o Fix string replacement for @@xyz@@
  o Better performing string replacements


grafana-formula:

  o Set `supported` to false for unsupported systems (bsc#1182001)
  o Add SLES 15 SP3 and openSUSE Leap 15.3 to supported versions


mgr-libmod:

  o Fix 'list_modules' JSON serialization (bsc#1182492)


mgr-osad:

  o Adapt to new SSL implementation of rhnlib (bsc#1181807)


prometheus-exporters-formula:

  o Add Ubuntu support for Prometheus exporters' reverse proxy


prometheus-formula:

  o Set server hostname from pillar data (bsc#1180439)


py26-compat-salt:

  o Do not crash when unexpected cmd output at listing patches (bsc#1181290)


rhnlib:

  o Change SSL implementation to python ssl for better SAN and hostname
    matching support (bsc#1181807)


smdba:

  o Do not remove the database if there is no backup and deal with manifest


spacewalk-backend:

  o Open repomd files as binary (bsc#1173893)
  o Fix requesting Release file in debian repos (bsc#1182006)
  o Reposync: Fixed Kickstart functionality.
  o Reposync: Fixed URLGrabber error handling.
  o Reposync: Fix modular data handling for cloned channels (bsc#1177508)


spacewalk-client-tools:

  o Adapt to new SSL implementation of rhnlib (bsc#1181807)


spacewalk-config:

  o Increase apache ssl logs to include response code and process time


spacewalk-java:

  o Homogenizes style in filter buttons, facilitating testability
  o Cleanup sessions via SQL query instead of SQL function (bsc#1180224)
  o Rebuild and improve rendering of error pages 404 and 500 pages (bsc#
    1181228)
  o Fix user creation with pam auth and no password (bsc#1179579)
  o Fix action chains for saltssh minions (bsc#1182200)
  o FIX: Slow response of 'Software > Install' in Ubuntu minions (bsc#1181165)
  o Do not call page decorator in HEAD requests (bsc#1181228)
  o Add 'mgr_origin_server' to Salt pillar data (bsc#1180439)
  o Ensure new files are synced just after writing them (bsc#1175660)
  o Enable openscap auditing for salt systems in SSM (bsc#1157711)
  o Detect debian products (bsc#1181416)
  o Show packages from channels assigned to the targeted system (bsc#1181423)
  o Add an API endpoint to allow/disallow scheduling irrelevant patches (bsc#
    1180757)
  o Open raw output in new tab for ScriptRunAction (bsc#1180547)
  o Default to preferred items per page in content lifecycle lists (bsc#
    1180558)
  o Fix modular data handling for cloned channels (bsc#1177508)
  o Fix: login gets an ISE when SSO is enabled (bsc#1181048)


spacewalk-utils:

  o Fix modular data handling for cloned channels (bsc#1177508)


spacewalk-web:

  o Replace CRLF in ssh priv key when bootstrapping (bsc#1182685)
  o Upgrade immer to fix CVE-2020-28477
  o Default to preferred items per page in content lifecycle lists (bsc#
    1180558)
  o Fix sorting in content lifecycle projects and cluster tables (bsc#1180558)


susemanager:

  o Add SLE 15 SP3 bootstrap repository definitions (bsc#1182008)
  o Python3-dbus-python and dependencies not installed by default on JeOS SLE15
    images, add them to the bootstrap repository list of packages for
    traditional (bsc#1182071)


susemanager-doc-indexes:

  o Updated Command Line Registration with Salt section in the Client
    Configuration Guide for clarity.
  o Adds openSUSE Leap SP migration to the SP migration section of the Client
    Configuration Guide
  o Adds note that bootstrap procedure for selecting a parent channel is
    optional in Client Configuration Guide (bsc#1181635)
  o Adds note about checking for valid UUIDs in fstab when backing up (bsc#
    1181814)
  o Updated command for running configure proxy script when replacing a proxy
  o Fixed bad SUSE Customer Center URL


susemanager-docs_en:

  o Updated Command Line Registration with Salt section in the Client
    Configuration Guide for clarity.
  o Adds openSUSE Leap SP migration to the SP migration section of the Client
    Configuration Guide
  o Adds note that bootstrap procedure for selecting a parent channel is
    optional in Client Configuration Guide (bsc#1181635)
  o Adds note about checking for valid UUIDs in fstab when backing up (bsc#
    1181814)
  o Updated command for running configure proxy script when replacing a proxy
  o Fixed bad SUSE Customer Center URL


susemanager-schema:

  o Drop "pxt_session_cleanup" function (bsc#1180224)
  o Enable openscap auditing for salt systems in SSM (bsc#1157711)


susemanager-sls:

  o Ubuntu 18 has version of apt which does not correctly support auth.conf.d
    directory. Detect the working version and use this feature only when we
    have a higher version installed


xstream:
Upgrade to 1.4.15

  o fixes bsc#1180146, CVE-2020-26258 and bsc#1180145, CVE-2020-26259
  o fixes bsc#1180994, CVE-2020-26217


subscription-matcher:

  o Update the xstream dependency to 1.4.15


How to apply this update: 1. Log in as root user to the SUSE Manager server. 2.
Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using
either zypper patch or YaST Online Update. 4. Start the Spacewalk service:
`spacewalk-service start`

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Module for SUSE Manager Server 4.1:
    zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2021-906=1
  o SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1:
    zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.1-2021-906=1

Package List:

  o SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (ppc64le s390x
    x86_64):
       smdba-1.7.8-0.3.6.2
       susemanager-4.1.24-3.20.2
       susemanager-tools-4.1.24-3.20.2
  o SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch):
       cobbler-3.0.0+git20190806.32c4bae0-5.6.4
       grafana-formula-0.4.0-3.6.2
       mgr-libmod-4.1.7-3.16.2
       mgr-osa-dispatcher-4.1.5-2.9.4
       prometheus-exporters-formula-0.9.0-3.19.2
       prometheus-formula-0.3.1-3.6.2
       py26-compat-salt-2016.11.10-6.11.2
       python3-mgr-osa-common-4.1.5-2.9.4
       python3-mgr-osa-dispatcher-4.1.5-2.9.4
       python3-rhnlib-4.1.3-4.3.2
       python3-spacewalk-client-tools-4.1.9-4.12.4
       spacewalk-backend-4.1.21-4.22.7
       spacewalk-backend-app-4.1.21-4.22.7
       spacewalk-backend-applet-4.1.21-4.22.7
       spacewalk-backend-config-files-4.1.21-4.22.7
       spacewalk-backend-config-files-common-4.1.21-4.22.7
       spacewalk-backend-config-files-tool-4.1.21-4.22.7
       spacewalk-backend-iss-4.1.21-4.22.7
       spacewalk-backend-iss-export-4.1.21-4.22.7
       spacewalk-backend-package-push-server-4.1.21-4.22.7
       spacewalk-backend-server-4.1.21-4.22.7
       spacewalk-backend-sql-4.1.21-4.22.7
       spacewalk-backend-sql-postgresql-4.1.21-4.22.7
       spacewalk-backend-tools-4.1.21-4.22.7
       spacewalk-backend-xml-export-libs-4.1.21-4.22.7
       spacewalk-backend-xmlrpc-4.1.21-4.22.7
       spacewalk-base-4.1.23-3.18.6
       spacewalk-base-minimal-4.1.23-3.18.6
       spacewalk-base-minimal-config-4.1.23-3.18.6
       spacewalk-client-tools-4.1.9-4.12.4
       spacewalk-config-4.1.5-3.3.2
       spacewalk-html-4.1.23-3.18.6
       spacewalk-java-4.1.30-3.31.7
       spacewalk-java-config-4.1.30-3.31.7
       spacewalk-java-lib-4.1.30-3.31.7
       spacewalk-java-postgresql-4.1.30-3.31.7
       spacewalk-taskomatic-4.1.30-3.31.7
       spacewalk-utils-4.1.14-3.12.2
       spacewalk-utils-extras-4.1.14-3.12.2
       subscription-matcher-0.26-3.6.2
       susemanager-doc-indexes-4.1-11.28.4
       susemanager-docs_en-4.1-11.28.2
       susemanager-docs_en-pdf-4.1-11.28.2
       susemanager-schema-4.1.19-3.24.4
       susemanager-sls-4.1.21-3.26.2
       susemanager-web-libs-4.1.23-3.18.6
       uyuni-config-modules-4.1.21-3.26.2
       xpp3-1.1.4c-11.2.2
       xpp3-minimal-1.1.4c-11.2.2
       xstream-1.4.15-3.5.2
  o SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (noarch):
       mgr-osad-4.1.5-2.9.4
       python3-mgr-osa-common-4.1.5-2.9.4
       python3-mgr-osad-4.1.5-2.9.4
       python3-rhnlib-4.1.3-4.3.2
       python3-spacewalk-check-4.1.9-4.12.4
       python3-spacewalk-client-setup-4.1.9-4.12.4
       python3-spacewalk-client-tools-4.1.9-4.12.4
       spacewalk-backend-4.1.21-4.22.7
       spacewalk-base-minimal-4.1.23-3.18.6
       spacewalk-base-minimal-config-4.1.23-3.18.6
       spacewalk-check-4.1.9-4.12.4
       spacewalk-client-setup-4.1.9-4.12.4
       spacewalk-client-tools-4.1.9-4.12.4
       spacewalk-proxy-broker-4.1.4-3.9.4
       spacewalk-proxy-common-4.1.4-3.9.4
       spacewalk-proxy-installer-4.1.6-3.3.2
       spacewalk-proxy-management-4.1.4-3.9.4
       spacewalk-proxy-package-manager-4.1.4-3.9.4
       spacewalk-proxy-redirect-4.1.4-3.9.4
       spacewalk-proxy-salt-4.1.4-3.9.4


References:

  o https://www.suse.com/security/cve/CVE-2020-26217.html
  o https://www.suse.com/security/cve/CVE-2020-26258.html
  o https://www.suse.com/security/cve/CVE-2020-26259.html
  o https://www.suse.com/security/cve/CVE-2020-28477.html
  o https://bugzilla.suse.com/1157711
  o https://bugzilla.suse.com/1173893
  o https://bugzilla.suse.com/1175660
  o https://bugzilla.suse.com/1177508
  o https://bugzilla.suse.com/1179579
  o https://bugzilla.suse.com/1180145
  o https://bugzilla.suse.com/1180146
  o https://bugzilla.suse.com/1180224
  o https://bugzilla.suse.com/1180439
  o https://bugzilla.suse.com/1180547
  o https://bugzilla.suse.com/1180558
  o https://bugzilla.suse.com/1180757
  o https://bugzilla.suse.com/1180994
  o https://bugzilla.suse.com/1181048
  o https://bugzilla.suse.com/1181165
  o https://bugzilla.suse.com/1181228
  o https://bugzilla.suse.com/1181290
  o https://bugzilla.suse.com/1181416
  o https://bugzilla.suse.com/1181423
  o https://bugzilla.suse.com/1181635
  o https://bugzilla.suse.com/1181807
  o https://bugzilla.suse.com/1181814
  o https://bugzilla.suse.com/1182001
  o https://bugzilla.suse.com/1182006
  o https://bugzilla.suse.com/1182008
  o https://bugzilla.suse.com/1182071
  o https://bugzilla.suse.com/1182200
  o https://bugzilla.suse.com/1182492
  o https://bugzilla.suse.com/1182685

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYFgFKeNLKJtyKPYoAQhe0A//Qnls0l5DIV+5TSxaKT3bBUR4lqeL2HoS
pIWhfx1YEOO+LYv0Ve0o3i7aKMJVg8696tcHnoiJMr9C0Q1uATCB+5whutpzBbxf
koMe7Y0E20jm30xk1UefrTN6rq+GGQ6EILlwthCrVppCAXz9ZscMiWWNMFO7T5mn
fiIw4kP6VsS+lSIFAY6IwuKHhkJAFpqqghHppe4iHqAnnrSkrn/mnf6Res2UD1Z9
xiz6ncqYJySqXLnlY880fqFElDWzPEhnDFhGVVL+ZOXqJpOUqMQzdrwXDN2j8fB7
VRC3ieQ8m3p8khhv9nR5KhQ13hlc/vF+uw1myq3wvQw7aZOtjBJvfeL0na+NIu65
6xElzmrXQexKsNCbj2kdg4SPE1b+Kk0v/qHgtJ+CbMvZW7EmN5VDVj5O/1/J4b+q
zNjhlqrXupBQdmEiDDm+axfZlB842h+3b6jSMVVyv2s1niATQpguMm5ASqvz13lM
xgvlo4+/edKa82XrNYgz2/PBhLUUWQ/Bd/UqHG15YTrNhy5k4w4BwjdCvDND6C6T
aTpwS+DG1XZRpxfMgn8dpqLhKFUju+W8OPsbGFKDWorLflXAb0NKFX7lyKMhtxdy
sVWLyrExngeJna1M4UUmw308GDXAFl5XkQsajikM8+slb9DOvil+HfIpBwNqe+hD
A91FFKJJMVQ=
=5upt
-----END PGP SIGNATURE-----

The post ESB-2021.0978 – [SUSE] SUSE Manager Server 4.1: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/03/22/esb-2021-0978-suse-suse-manager-server-4-1-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0978-suse-suse-manager-server-4-1-multiple-vulnerabilities

ESB-2021.0979 – [Linux][AIX] WebSphere Application Server: Read-only data access – Existing account

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0979
    Security Bulletin: Websphere Application Server is vulnerable to a
             directory traversal vulnerability (CVE-2020-5016)
                               22 March 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           WebSphere Application Server
Publisher:         IBM
Operating System:  Linux variants
                   AIX
Impact/Access:     Read-only Data Access -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-5016  

Reference:         ESB-2021.0855

Original Bulletin: 
   https://www.ibm.com/support/pages/node/6434125

- --------------------------BEGIN INCLUDED TEXT--------------------

Websphere Application Server is vulnerable to a directory traversal
vulnerability (CVE-2020-5016)

Document Information

Document number    : 6434125
Modified date      : 19 March 2021
Product            : IBM Tivoli Service Automation Manager
Software version   : 4.1
Operating system(s): Linux
                     Linux on IBM Z Systems
                     AIX

Summary

WebSphere Application Server is vulnerable to a directory traversal
vulnerability. By providing required fixes for vulnerability affecting
WebSphere Application Server has been published in the security bulletin.

Vulnerability Details

CVEID: CVE-2020-5016
DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could
allow a remote attacker to traverse directories on the system. When application
security is disabled and JAX-RPC applications are present, an attacker could
send a specially-crafted URL request containing "dot dot" sequences (/../) to
view arbitrary xml files on the system. This does not occur if Application
security is enabled. IBM X-Force ID: 193556.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
193556 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

+------------------------------------------------+----------+
|Affected Product(s)                             |Version(s)|
+------------------------------------------------+----------+
|IBM Tivoli System Automation Application Manager|4.1       |
+------------------------------------------------+----------+

Remediation/Fixes

+------------------+--------------+---------------------------------------+
|                  |Affected      |                                       |
|Principal Product |Supporting    |Affected Supporting Product Security   |
|and Version(s)    |Product and   |Bulletin                               |
|                  |Version       |                                       |
+------------------+--------------+---------------------------------------+
|IBM Tivoli System |WebSphere     |Security Bulletin: WebSphere           |
|Automation        |Application   |Application Server is vulnerable to a  |
|Application       |Server 8.5    |Directory Traversal vulnerability      |
|Manager 4.1       |              |(CVE-2020-5016)                        |
+------------------+--------------+---------------------------------------+
Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

References

Complete CVSS v3 Guide
On-line Calculator v3

Off

Change History

19 Mar 2021: Final Publication

Document Location

Worldwide

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYFgFiONLKJtyKPYoAQgichAAjzEEE2Sm609SYMuQywatw3nzYusu6TzL
B4hMTAf68r7jQOyucwzExhRYEnWmpHFAbU1nE/wbL8xoSO1KROEqeL5SPJ5/MKw7
wKuj5h3U7Sf4SLzv+CfzuEeDJllchMYTMds8VcX6DNTdsH8ZqMIQTknq7/LOWW2A
hHmIV/DvlKiykaioIMqCDSy9juS5Ahv4FiKdpm3nWqPSCZwKtAxPtwubu0WApLgF
xxkt7tfkE7QJXBi24zG9aLukGmzJJwbv/masny/yEiMid087wTDwqGQVCSsKfYDz
lural6ZZnTcV/SIGEcdlR7YhFMku0OZj//SOxaP00WxhpouILfEy224LXgQ/YZtE
Sm/KTF3IP2QBCmLJgCuCO/2OyUXdOVxpmqvEJ84GM6fKMgaRArZP6sr/fqZzoFjm
yKSp2NM7XBP2K6NhWkxtUn+3TEEkFiwGW9J/NU9Of2B7xPOzdAO3+Ix3Oqo3jnd/
QQjoZgV6mLetYZipUazGKejRrcvt9fs0m8w1xrQI7yFX6K/sH+J/93cZYsgyGMe1
GNdlCp/uj/rZP8ZWMg6qQS6evdnM8oOlyJml0wG4929+RsyCoKeyS2MkUgURB+BL
+nYCTaa/y/8guh7k/K4sT8tTLCb6k53hMRa0W5oydZ5RCfJ6Me2ISmAFBMvtp0Qc
PZlNkJ6QUNo=
=UnUF
-----END PGP SIGNATURE-----

The post ESB-2021.0979 – [Linux][AIX] WebSphere Application Server: Read-only data access – Existing account appeared first on Malware Devil.

https://malwaredevil.com/2021/03/22/esb-2021-0979-linuxaix-websphere-application-server-read-only-data-access-existing-account/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0979-linuxaix-websphere-application-server-read-only-data-access-existing-account

ESB-2021.0976 – [SUSE] Salt: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0976
                       Security Beta update for Salt
                               22 March 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Salt
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Increased Privileges            -- Existing Account      
                   Access Confidential Data        -- Remote/Unauthenticated
                   Reduced Security                -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-25284 CVE-2021-25283 CVE-2021-25282
                   CVE-2021-25281 CVE-2021-3197 CVE-2021-3148
                   CVE-2021-3144 CVE-2020-35662 CVE-2020-28972
                   CVE-2020-28243  

Reference:         ESB-2021.0976
                   ESB-2021.0745
                   ESB-2021.0740
                   ESB-2021.0727

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2021/suse-su-20210915-1
   https://www.suse.com/support/update/announcement/2021/suse-su-20210914-1

Comment: This bulletin contains two (2) SUSE security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

SUSE Security Update: Security Beta update for Salt

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:0915-1
Rating:            moderate
References:        #1099976 #1172110 #1174855 #1179696 #1180101 #1180818
                   #1181290 #1181347 #1181550 #1181556 #1181557 #1181558
                   #1181559 #1181560 #1181561 #1181562 #1181563 #1181564
                   #1181565 #1182740
Cross-References:  CVE-2020-28243 CVE-2020-28972 CVE-2020-35662 CVE-2021-25281
                   CVE-2021-25282 CVE-2021-25283 CVE-2021-25284 CVE-2021-3144
                   CVE-2021-3148 CVE-2021-3197
Affected Products:
                   SUSE Manager Tools 12-BETA
______________________________________________________________________________

An update that solves 10 vulnerabilities and has 10 fixes is now available.

Description:

This update fixes the following issues:
salt:

  o Only require python-certifi for CentOS7
  o Fix race conditions for corner cases when handling SIGTERM by minion (bsc#
    1172110)
  o Implementation of suse_ip execution module to prevent issues with
    network.managed (bsc#1099976)
  o Fix recursion false detection in payload (bsc#1180101)
  o Add sleep on exception handling on minion connection attempt to the master
    (bsc#1174855)
  o Allows for the VMware provider to handle CPU and memory hot-add in newer
    versions of the software. (bsc#1181347)
  o Always require python-certifi (used by salt.ext.tornado)
  o Exclude SLE 12 from requiring python-certifi
  o Do not crash when unexpected cmd output at listing patches (bsc#1181290)
  o Fix behavior for "onlyif/unless" when multiple conditions (bsc#1180818)
  o Fix regression on cmd.run when passing tuples as cmd (bsc#1182740)
  o Allow extra_filerefs as sanitized kwargs for SSH client
  o Fix errors with virt.update
  o Fix for multiple for security issues (CVE-2020-28243) (CVE-2020-28972)
    (CVE-2020-35662) (CVE-2021-3148) (CVE-2021-3144) (CVE-2021-25281)
    (CVE-2021-25282) (CVE-2021-25283) (CVE-2021-25284) (CVE-2021-3197) (bsc#
    1181550) (bsc#1181556) (bsc#1181557) (bsc#1181558) (bsc#1181559) (bsc#
    1181560) (bsc#1181561) (bsc#1181562) (bsc#1181563) (bsc#1181564) (bsc#
    1181565)
  o Virt: search for grub.xen path
  o Xen spicevmc, DNS SRV records backports: Fix virtual network generated DNS
    XML for SRV records Don't add spicevmc channel to xen VMs
  o Virt UEFI fix: virt.update when efi=True
  o Master can read grains (bsc#1179696)

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Manager Tools 12-BETA:
    zypper in -t patch SUSE-SLE-Manager-Tools-12-2021-915=1

Package List:

  o SUSE Manager Tools 12-BETA (aarch64 ppc64le s390x x86_64):
       python2-salt-3000-49.29.1
       python3-salt-3000-49.29.1
       salt-3000-49.29.1
       salt-doc-3000-49.29.1
       salt-minion-3000-49.29.1


References:

  o https://www.suse.com/security/cve/CVE-2020-28243.html
  o https://www.suse.com/security/cve/CVE-2020-28972.html
  o https://www.suse.com/security/cve/CVE-2020-35662.html
  o https://www.suse.com/security/cve/CVE-2021-25281.html
  o https://www.suse.com/security/cve/CVE-2021-25282.html
  o https://www.suse.com/security/cve/CVE-2021-25283.html
  o https://www.suse.com/security/cve/CVE-2021-25284.html
  o https://www.suse.com/security/cve/CVE-2021-3144.html
  o https://www.suse.com/security/cve/CVE-2021-3148.html
  o https://www.suse.com/security/cve/CVE-2021-3197.html
  o https://bugzilla.suse.com/1099976
  o https://bugzilla.suse.com/1172110
  o https://bugzilla.suse.com/1174855
  o https://bugzilla.suse.com/1179696
  o https://bugzilla.suse.com/1180101
  o https://bugzilla.suse.com/1180818
  o https://bugzilla.suse.com/1181290
  o https://bugzilla.suse.com/1181347
  o https://bugzilla.suse.com/1181550
  o https://bugzilla.suse.com/1181556
  o https://bugzilla.suse.com/1181557
  o https://bugzilla.suse.com/1181558
  o https://bugzilla.suse.com/1181559
  o https://bugzilla.suse.com/1181560
  o https://bugzilla.suse.com/1181561
  o https://bugzilla.suse.com/1181562
  o https://bugzilla.suse.com/1181563
  o https://bugzilla.suse.com/1181564
  o https://bugzilla.suse.com/1181565
  o https://bugzilla.suse.com/1182740

- --------------------------------------------------------------------------------

SUSE Security Update: Security Beta update for Salt

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:0914-1
Rating:            moderate
References:        #1099976 #1172110 #1174855 #1177474 #1179696 #1181347
                   #1181550 #1181556 #1181557 #1181558 #1181559 #1181560
                   #1181561 #1181562 #1181563 #1181564 #1181565 #1182382
                   #1182740
Cross-References:  CVE-2020-28243 CVE-2020-28972 CVE-2020-35662 CVE-2021-25281
                   CVE-2021-25282 CVE-2021-25283 CVE-2021-25284 CVE-2021-25315
                   CVE-2021-3144 CVE-2021-3148 CVE-2021-3197
Affected Products:
                   SUSE Manager Tools 15-BETA
______________________________________________________________________________

An update that solves 11 vulnerabilities and has 8 fixes is now available.

Description:

This update fixes the following issues:
salt:

  o virt.network_update: handle missing ipv4 netmask attribute
  o Do not monkey patch yaml loaders: Prevent breaking Ansible filter modules
    (bsc#1177474)
  o Fix race conditions for corner cases when handling SIGTERM by minion (bsc#
    1172110)
  o Allow extra_filerefs as sanitized kwargs for SSH client
  o Fix regression on cmd.run when passing tuples as cmd (bsc#1182740)
  o Fix for multiple for security issues (CVE-2020-28243) (CVE-2020-28972)
    (CVE-2020-35662) (CVE-2021-3148) (CVE-2021-3144) (CVE-2021-25281)
    (CVE-2021-25282) (CVE-2021-25283) (CVE-2021-25284) (CVE-2021-3197) (bsc#
    1181550) (bsc#1181556) (bsc#1181557) (bsc#1181558) (bsc#1181559) (bsc#
    1181560) (bsc#1181561) (bsc#1181562) (bsc#1181563) (bsc#1181564) (bsc#
    1181565)
  o Implementation of suse_ip execution module to prevent issues with
    network.managed (bsc#1099976)
  o Add sleep on exception handling on minion connection attempt to the master
    (bsc#1174855)
  o Allows for the VMware provider to handle CPU and memory hot-add in newer
    versions of the software. (bsc#1181347)
  o Always require python-certifi (used by salt.ext.tornado)
  o Bring missing part of async batch implementation back (bsc#1182382)
    (CVE-2021-25315)
  o Master can read grains (bsc#1179696)

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Manager Tools 15-BETA:
    zypper in -t patch SUSE-SLE-Manager-Tools-15-2021-914=1

Package List:

  o SUSE Manager Tools 15-BETA (aarch64 ppc64le s390x x86_64):
       python3-salt-3002.2-8.33.1
       salt-3002.2-8.33.1
       salt-api-3002.2-8.33.1
       salt-cloud-3002.2-8.33.1
       salt-doc-3002.2-8.33.1
       salt-master-3002.2-8.33.1
       salt-minion-3002.2-8.33.1
       salt-proxy-3002.2-8.33.1
       salt-ssh-3002.2-8.33.1
       salt-standalone-formulas-configuration-3002.2-8.33.1
       salt-syndic-3002.2-8.33.1
  o SUSE Manager Tools 15-BETA (noarch):
       salt-bash-completion-3002.2-8.33.1
       salt-fish-completion-3002.2-8.33.1
       salt-zsh-completion-3002.2-8.33.1


References:

  o https://www.suse.com/security/cve/CVE-2020-28243.html
  o https://www.suse.com/security/cve/CVE-2020-28972.html
  o https://www.suse.com/security/cve/CVE-2020-35662.html
  o https://www.suse.com/security/cve/CVE-2021-25281.html
  o https://www.suse.com/security/cve/CVE-2021-25282.html
  o https://www.suse.com/security/cve/CVE-2021-25283.html
  o https://www.suse.com/security/cve/CVE-2021-25284.html
  o https://www.suse.com/security/cve/CVE-2021-25315.html
  o https://www.suse.com/security/cve/CVE-2021-3144.html
  o https://www.suse.com/security/cve/CVE-2021-3148.html
  o https://www.suse.com/security/cve/CVE-2021-3197.html
  o https://bugzilla.suse.com/1099976
  o https://bugzilla.suse.com/1172110
  o https://bugzilla.suse.com/1174855
  o https://bugzilla.suse.com/1177474
  o https://bugzilla.suse.com/1179696
  o https://bugzilla.suse.com/1181347
  o https://bugzilla.suse.com/1181550
  o https://bugzilla.suse.com/1181556
  o https://bugzilla.suse.com/1181557
  o https://bugzilla.suse.com/1181558
  o https://bugzilla.suse.com/1181559
  o https://bugzilla.suse.com/1181560
  o https://bugzilla.suse.com/1181561
  o https://bugzilla.suse.com/1181562
  o https://bugzilla.suse.com/1181563
  o https://bugzilla.suse.com/1181564
  o https://bugzilla.suse.com/1181565
  o https://bugzilla.suse.com/1182382
  o https://bugzilla.suse.com/1182740

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYFgC1eNLKJtyKPYoAQh43w//QSaBurZaCe8WJPwoADE/BSiN8/8EtacI
cgAEIP+68o7XNSU4hD3bTKRM+Ig9RtAAnTENXK0CPrejDTR4yZ4io1qqOzakSr4i
m5SEsp7clKiiJfACcaJG9LcJRSJfocv5CNlsWfnOdljsKKhfJPlpJoY765QNPXnf
GmvoqWEYMbPr6pkHbuh9AkByS8ng9VxGrwEbupLkJ0hDGd6Cq+iRwYHwY7xv7Dxz
ZF6as0ApK5fnsbFq6yK7yM4ZYsirxYF3nzrB57jzdft1U8sj0nMnX0OZNGVL6cvp
FcrLm5wlJUde824zu5DVeyEJkL+xzcLz/WyknsYJcBDar02fhHZ75WqsqUgEcHdE
k7N7yM7TtQB5dYYNNBFxPCiE9b0k7XTH8wzIIjPGev3BEY3Df4hxB9dxbcDEFqg6
ih51ltpDRwXyXeIRhkiXcjGKfEOmK4Vqb03e0pcTEhaLREfSmA0N966u9HT0Srpl
90cGG0XHX99MhhwKVo1IlzWi8sZGmjw0A8m1w8TcbZCmptYuXwHeUE4mFyiDM2/C
gcyNM0IYXTZBgQtrgU/s0wdybljhTf1vGm3DUj23JFUAIbKMyl6vpzEyg4zR7xxb
3mrI1cnyo7S7i79oYidr57uhEUeFXtqlSLs9sDgqe0xPdAGXSzVw66ThSSNPQqyP
w/vGBwgeKDQ=
=8kP+
-----END PGP SIGNATURE-----

The post ESB-2021.0976 – [SUSE] Salt: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/03/22/esb-2021-0976-suse-salt-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0976-suse-salt-multiple-vulnerabilities

ESB-2021.0977 – [SUSE] SUSE Manager Proxy 4.1: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0977
                Security update for SUSE Manager Proxy 4.1
                               22 March 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           SUSE Manager Proxy 4.1
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Delete Arbitrary Files          -- Existing Account      
                   Denial of Service               -- Remote/Unauthenticated
                   Access Confidential Data        -- Existing Account      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-28477 CVE-2020-26259 CVE-2020-26258
                   CVE-2020-26217  

Reference:         ESB-2021.0436
                   ESB-2021.0381
                   ESB-2021.0328
                   ESB-2021.0254

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2021/suse-su-20210906-1

- --------------------------BEGIN INCLUDED TEXT--------------------

SUSE Security Update: Security update for SUSE Manager Server 4.1

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:0906-1
Rating:            moderate
References:        #1157711 #1173893 #1175660 #1177508 #1179579 #1180145
                   #1180146 #1180224 #1180439 #1180547 #1180558 #1180757
                   #1180994 #1181048 #1181165 #1181228 #1181290 #1181416
                   #1181423 #1181635 #1181807 #1181814 #1182001 #1182006
                   #1182008 #1182071 #1182200 #1182492 #1182685
Cross-References:  CVE-2020-26217 CVE-2020-26258 CVE-2020-26259 CVE-2020-28477
Affected Products:
                   SUSE Linux Enterprise Module for SUSE Manager Server 4.1
                   SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1
______________________________________________________________________________

An update that solves four vulnerabilities and has 25 fixes is now available.

Description:

This update fixes the following issues:
cobbler:

  o Fix string replacement for @@xyz@@
  o Better performing string replacements


grafana-formula:

  o Set `supported` to false for unsupported systems (bsc#1182001)
  o Add SLES 15 SP3 and openSUSE Leap 15.3 to supported versions


mgr-libmod:

  o Fix 'list_modules' JSON serialization (bsc#1182492)


mgr-osad:

  o Adapt to new SSL implementation of rhnlib (bsc#1181807)


prometheus-exporters-formula:

  o Add Ubuntu support for Prometheus exporters' reverse proxy


prometheus-formula:

  o Set server hostname from pillar data (bsc#1180439)


py26-compat-salt:

  o Do not crash when unexpected cmd output at listing patches (bsc#1181290)


rhnlib:

  o Change SSL implementation to python ssl for better SAN and hostname
    matching support (bsc#1181807)


smdba:

  o Do not remove the database if there is no backup and deal with manifest


spacewalk-backend:

  o Open repomd files as binary (bsc#1173893)
  o Fix requesting Release file in debian repos (bsc#1182006)
  o Reposync: Fixed Kickstart functionality.
  o Reposync: Fixed URLGrabber error handling.
  o Reposync: Fix modular data handling for cloned channels (bsc#1177508)


spacewalk-client-tools:

  o Adapt to new SSL implementation of rhnlib (bsc#1181807)


spacewalk-config:

  o Increase apache ssl logs to include response code and process time


spacewalk-java:

  o Homogenizes style in filter buttons, facilitating testability
  o Cleanup sessions via SQL query instead of SQL function (bsc#1180224)
  o Rebuild and improve rendering of error pages 404 and 500 pages (bsc#
    1181228)
  o Fix user creation with pam auth and no password (bsc#1179579)
  o Fix action chains for saltssh minions (bsc#1182200)
  o FIX: Slow response of 'Software > Install' in Ubuntu minions (bsc#1181165)
  o Do not call page decorator in HEAD requests (bsc#1181228)
  o Add 'mgr_origin_server' to Salt pillar data (bsc#1180439)
  o Ensure new files are synced just after writing them (bsc#1175660)
  o Enable openscap auditing for salt systems in SSM (bsc#1157711)
  o Detect debian products (bsc#1181416)
  o Show packages from channels assigned to the targeted system (bsc#1181423)
  o Add an API endpoint to allow/disallow scheduling irrelevant patches (bsc#
    1180757)
  o Open raw output in new tab for ScriptRunAction (bsc#1180547)
  o Default to preferred items per page in content lifecycle lists (bsc#
    1180558)
  o Fix modular data handling for cloned channels (bsc#1177508)
  o Fix: login gets an ISE when SSO is enabled (bsc#1181048)


spacewalk-utils:

  o Fix modular data handling for cloned channels (bsc#1177508)


spacewalk-web:

  o Replace CRLF in ssh priv key when bootstrapping (bsc#1182685)
  o Upgrade immer to fix CVE-2020-28477
  o Default to preferred items per page in content lifecycle lists (bsc#
    1180558)
  o Fix sorting in content lifecycle projects and cluster tables (bsc#1180558)


susemanager:

  o Add SLE 15 SP3 bootstrap repository definitions (bsc#1182008)
  o Python3-dbus-python and dependencies not installed by default on JeOS SLE15
    images, add them to the bootstrap repository list of packages for
    traditional (bsc#1182071)


susemanager-doc-indexes:

  o Updated Command Line Registration with Salt section in the Client
    Configuration Guide for clarity.
  o Adds openSUSE Leap SP migration to the SP migration section of the Client
    Configuration Guide
  o Adds note that bootstrap procedure for selecting a parent channel is
    optional in Client Configuration Guide (bsc#1181635)
  o Adds note about checking for valid UUIDs in fstab when backing up (bsc#
    1181814)
  o Updated command for running configure proxy script when replacing a proxy
  o Fixed bad SUSE Customer Center URL


susemanager-docs_en:

  o Updated Command Line Registration with Salt section in the Client
    Configuration Guide for clarity.
  o Adds openSUSE Leap SP migration to the SP migration section of the Client
    Configuration Guide
  o Adds note that bootstrap procedure for selecting a parent channel is
    optional in Client Configuration Guide (bsc#1181635)
  o Adds note about checking for valid UUIDs in fstab when backing up (bsc#
    1181814)
  o Updated command for running configure proxy script when replacing a proxy
  o Fixed bad SUSE Customer Center URL


susemanager-schema:

  o Drop "pxt_session_cleanup" function (bsc#1180224)
  o Enable openscap auditing for salt systems in SSM (bsc#1157711)


susemanager-sls:

  o Ubuntu 18 has version of apt which does not correctly support auth.conf.d
    directory. Detect the working version and use this feature only when we
    have a higher version installed


xstream:
Upgrade to 1.4.15

  o fixes bsc#1180146, CVE-2020-26258 and bsc#1180145, CVE-2020-26259
  o fixes bsc#1180994, CVE-2020-26217


subscription-matcher:

  o Update the xstream dependency to 1.4.15


How to apply this update: 1. Log in as root user to the SUSE Manager server. 2.
Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using
either zypper patch or YaST Online Update. 4. Start the Spacewalk service:
`spacewalk-service start`

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Module for SUSE Manager Server 4.1:
    zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2021-906=1
  o SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1:
    zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.1-2021-906=1

Package List:

  o SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (ppc64le s390x
    x86_64):
       smdba-1.7.8-0.3.6.2
       susemanager-4.1.24-3.20.2
       susemanager-tools-4.1.24-3.20.2
  o SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch):
       cobbler-3.0.0+git20190806.32c4bae0-5.6.4
       grafana-formula-0.4.0-3.6.2
       mgr-libmod-4.1.7-3.16.2
       mgr-osa-dispatcher-4.1.5-2.9.4
       prometheus-exporters-formula-0.9.0-3.19.2
       prometheus-formula-0.3.1-3.6.2
       py26-compat-salt-2016.11.10-6.11.2
       python3-mgr-osa-common-4.1.5-2.9.4
       python3-mgr-osa-dispatcher-4.1.5-2.9.4
       python3-rhnlib-4.1.3-4.3.2
       python3-spacewalk-client-tools-4.1.9-4.12.4
       spacewalk-backend-4.1.21-4.22.7
       spacewalk-backend-app-4.1.21-4.22.7
       spacewalk-backend-applet-4.1.21-4.22.7
       spacewalk-backend-config-files-4.1.21-4.22.7
       spacewalk-backend-config-files-common-4.1.21-4.22.7
       spacewalk-backend-config-files-tool-4.1.21-4.22.7
       spacewalk-backend-iss-4.1.21-4.22.7
       spacewalk-backend-iss-export-4.1.21-4.22.7
       spacewalk-backend-package-push-server-4.1.21-4.22.7
       spacewalk-backend-server-4.1.21-4.22.7
       spacewalk-backend-sql-4.1.21-4.22.7
       spacewalk-backend-sql-postgresql-4.1.21-4.22.7
       spacewalk-backend-tools-4.1.21-4.22.7
       spacewalk-backend-xml-export-libs-4.1.21-4.22.7
       spacewalk-backend-xmlrpc-4.1.21-4.22.7
       spacewalk-base-4.1.23-3.18.6
       spacewalk-base-minimal-4.1.23-3.18.6
       spacewalk-base-minimal-config-4.1.23-3.18.6
       spacewalk-client-tools-4.1.9-4.12.4
       spacewalk-config-4.1.5-3.3.2
       spacewalk-html-4.1.23-3.18.6
       spacewalk-java-4.1.30-3.31.7
       spacewalk-java-config-4.1.30-3.31.7
       spacewalk-java-lib-4.1.30-3.31.7
       spacewalk-java-postgresql-4.1.30-3.31.7
       spacewalk-taskomatic-4.1.30-3.31.7
       spacewalk-utils-4.1.14-3.12.2
       spacewalk-utils-extras-4.1.14-3.12.2
       subscription-matcher-0.26-3.6.2
       susemanager-doc-indexes-4.1-11.28.4
       susemanager-docs_en-4.1-11.28.2
       susemanager-docs_en-pdf-4.1-11.28.2
       susemanager-schema-4.1.19-3.24.4
       susemanager-sls-4.1.21-3.26.2
       susemanager-web-libs-4.1.23-3.18.6
       uyuni-config-modules-4.1.21-3.26.2
       xpp3-1.1.4c-11.2.2
       xpp3-minimal-1.1.4c-11.2.2
       xstream-1.4.15-3.5.2
  o SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (noarch):
       mgr-osad-4.1.5-2.9.4
       python3-mgr-osa-common-4.1.5-2.9.4
       python3-mgr-osad-4.1.5-2.9.4
       python3-rhnlib-4.1.3-4.3.2
       python3-spacewalk-check-4.1.9-4.12.4
       python3-spacewalk-client-setup-4.1.9-4.12.4
       python3-spacewalk-client-tools-4.1.9-4.12.4
       spacewalk-backend-4.1.21-4.22.7
       spacewalk-base-minimal-4.1.23-3.18.6
       spacewalk-base-minimal-config-4.1.23-3.18.6
       spacewalk-check-4.1.9-4.12.4
       spacewalk-client-setup-4.1.9-4.12.4
       spacewalk-client-tools-4.1.9-4.12.4
       spacewalk-proxy-broker-4.1.4-3.9.4
       spacewalk-proxy-common-4.1.4-3.9.4
       spacewalk-proxy-installer-4.1.6-3.3.2
       spacewalk-proxy-management-4.1.4-3.9.4
       spacewalk-proxy-package-manager-4.1.4-3.9.4
       spacewalk-proxy-redirect-4.1.4-3.9.4
       spacewalk-proxy-salt-4.1.4-3.9.4


References:

  o https://www.suse.com/security/cve/CVE-2020-26217.html
  o https://www.suse.com/security/cve/CVE-2020-26258.html
  o https://www.suse.com/security/cve/CVE-2020-26259.html
  o https://www.suse.com/security/cve/CVE-2020-28477.html
  o https://bugzilla.suse.com/1157711
  o https://bugzilla.suse.com/1173893
  o https://bugzilla.suse.com/1175660
  o https://bugzilla.suse.com/1177508
  o https://bugzilla.suse.com/1179579
  o https://bugzilla.suse.com/1180145
  o https://bugzilla.suse.com/1180146
  o https://bugzilla.suse.com/1180224
  o https://bugzilla.suse.com/1180439
  o https://bugzilla.suse.com/1180547
  o https://bugzilla.suse.com/1180558
  o https://bugzilla.suse.com/1180757
  o https://bugzilla.suse.com/1180994
  o https://bugzilla.suse.com/1181048
  o https://bugzilla.suse.com/1181165
  o https://bugzilla.suse.com/1181228
  o https://bugzilla.suse.com/1181290
  o https://bugzilla.suse.com/1181416
  o https://bugzilla.suse.com/1181423
  o https://bugzilla.suse.com/1181635
  o https://bugzilla.suse.com/1181807
  o https://bugzilla.suse.com/1181814
  o https://bugzilla.suse.com/1182001
  o https://bugzilla.suse.com/1182006
  o https://bugzilla.suse.com/1182008
  o https://bugzilla.suse.com/1182071
  o https://bugzilla.suse.com/1182200
  o https://bugzilla.suse.com/1182492
  o https://bugzilla.suse.com/1182685

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYFgFFuNLKJtyKPYoAQj8QRAApqfPzfViVpds0kQccwEbxbvocqIyrEzg
dfpaZTmfHiDTnYbDTyVJGWk4QeZ6v+5zC4C9l569wTOsOxi+bwU8RAaCazxu6Z01
ZRaNVyYGURgF/Otp4a8JmJrV+VaZS3iff7EHacAEgUxs7ak+79wYJAWOctKvlcNT
u/wmO/w+ZLwz+XdN9c1IW1VuHItaE4baE64+JbcsTiRVx0dbW52tYFq04cijR5/+
cCfC3MXBp8tTO7qzU7kbcv3OOQ6GZynuvcq1+bl6TnWjl2Hdw0p1/60hJpyPgm/4
g1K7OCzwI42dimD9zBXdazwnr1whEvpJLYxxil4fsKnQC3AjWuCXe5VV06iYXyAP
ifbruebazSk/LDujCrDCQpXCAwu/ChAmfDZftlEZleH/oabIgF7At7UWZS4WIuYr
W3iaWswoerbdkk6JY7zKRQvHW9EARyUsMbEKOT+8cv7qUJDJNQ4HqHXUu60CbAIs
/aLwv/zFwF3sfhS5tSh0xfdzmeX6EjEhE8eAWTTZHnA9A8vJut/VHAuQx56RnIOj
5mx2Cid5bjplCzeJCAmxPI/simD0MO7vaMcVZml2MpSfc7b0SUrSavQ6UdeEei0x
49prLPfjn/O4txDlh7sAsWinJdf+WstvyV6YHZeddwr3LEn85g2Ppf4hRndwTTrO
hhNt8PTiJ7Y=
=cfOq
-----END PGP SIGNATURE-----

The post ESB-2021.0977 – [SUSE] SUSE Manager Proxy 4.1: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/03/22/esb-2021-0977-suse-suse-manager-proxy-4-1-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0977-suse-suse-manager-proxy-4-1-multiple-vulnerabilities

Malware Devil

Malware Devil

Monday, March 22, 2021

ESB-2021.0982 – [Win][UNIX/Linux][RedHat] OpenJDK: Increased privileges – Existing account

ESB-2021.0981 – [Ubuntu] Linux Kernel: Multiple vulnerabilities

ESB-2021.0980 – [Appliance] BIG-IP Products: Denial of service – Remote/unauthenticated

ESB-2021.0978 – [SUSE] SUSE Manager Server 4.1: Multiple vulnerabilities

ESB-2021.0979 – [Linux][AIX] WebSphere Application Server: Read-only data access – Existing account

ESB-2021.0976 – [SUSE] Salt: Multiple vulnerabilities

ESB-2021.0977 – [SUSE] SUSE Manager Proxy 4.1: Multiple vulnerabilities

Barbary Pirates and Russian Cybercrime

Blog Archive

About Me