ESB-2021.1210 – [Debian] qemu: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.1210
                           qemu security update
                               12 April 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           qemu
Publisher:         Debian
Operating System:  Debian GNU/Linux
Impact/Access:     Execute Arbitrary Code/Commands -- Existing Account
                   Denial of Service               -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-20257 CVE-2021-20255 CVE-2021-20203
                   CVE-2021-3416 CVE-2021-3409 CVE-2021-3392
                   CVE-2020-25085 CVE-2020-17380 

Reference:         ESB-2021.1181
                   ESB-2021.0652
                   ESB-2020.4246
                   ESB-2020.4245

Original Bulletin: 
   https://www.debian.org/lts/security/2021/dla-2623

- --------------------------BEGIN INCLUDED TEXT--------------------

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2623-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Markus Koschany
April 10, 2021                                https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : qemu
Version        : 1:2.8+dfsg-6+deb9u14
CVE ID         : CVE-2020-17380 CVE-2021-3392 CVE-2021-3409 CVE-2021-3416
                 CVE-2021-20203 CVE-2021-20255 CVE-2021-20257
Debian Bug     : 984450 984451 984452 984448 984449 970937

Several security vulnerabilities have been discovered in QEMU, a fast processor
emulator.

CVE-2021-20257

    net: e1000: infinite loop while processing transmit descriptors


CVE-2021-20255

    A stack overflow via an infinite recursion vulnerability was found in the
    eepro100 i8255x device emulator of QEMU. This issue occurs while processing
    controller commands due to a DMA reentry issue. This flaw allows a guest
    user or process to consume CPU cycles or crash the QEMU process on the
    host, resulting in a denial of service.

CVE-2021-20203

    An integer overflow issue was found in the vmxnet3 NIC emulator of the
    QEMU. It may occur if a guest was to supply invalid values for rx/tx queue
    size or other NIC parameters. A privileged guest user may use this flaw to
    crash the QEMU process on the host resulting in DoS scenario.

CVE-2021-3416

    A potential stack overflow via infinite loop issue was found in various NIC
    emulators of QEMU in versions up to and including 5.2.0. The issue occurs
    in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A
    guest user/process may use this flaw to consume CPU cycles or crash the
    QEMU process on the host resulting in DoS scenario.


CVE-2021-3416

    The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective,
    thus making QEMU vulnerable to the out-of-bounds read/write access issues
    previously found in the SDHCI controller emulation code. This flaw allows a
    malicious privileged guest to crash the QEMU process on the host, resulting
    in a denial of service or potential code execution.

For Debian 9 stretch, these problems have been fixed in version
1:2.8+dfsg-6+deb9u14.

We recommend that you upgrade your qemu packages.

For the detailed security status of qemu please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/qemu

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


- -----BEGIN PGP SIGNATURE-----

iQKTBAABCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmByFr5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeTA1Q//XYewqqQgjbVCVN/BRX++scKIbeQAAuubhjJabaxI8anwaLxGpNM/m7/A
fAG4uO6+nqQlSsJDjn3/OiPn0rU0uYGoCy1eFB9yI27H4G8e3h9MPCgyAYHR7xDp
nzFk/btxOMYP2gVB4kTJd/UWv8FLqwhAA6z5VduklzP19KQA0XtEnZ3x4iPzbP4j
wbqSz92xZEeSU5sIvAKpUmZ1HdnMSGYQORJwUK19r3+wqvRrk8bsYzEnMdikUi0m
/Vvr/syiDAe+7DWppBA2Vy8n/4Oi/eFHeWRng6KL2zaKqQO+irzXhO1gsRZ2ViHf
XFJ3vd4FvVZryJlqk7kS2QGGlYWk5674+rMf36fa/0mPRsW2vCk+7LCXgj0IPpPh
5ye1wsj1kGN83zNVnx2145xHulPOjMDxHUsOhCXTPWWev41j1IZ9GQZbrrA2vL1n
kR5t/qYKooe4Xp3obc4OVpYH2SUf55O44bYnnyRyG/w0uvBofKqLNrc7yHubwYGy
KOAZeb5imAYMrScws1jtI4ao/ZnAvAjZCQkd//GqPzCqsYeQBrcLzKXJsBJBqDK6
fDlHLme27aAblp5fGhK5A+IA011FFx1HkE0oCXqcFfMtZnXa23QeVzP7ET4voep7
ZS2vVediCldbK6lAj8jU2N33kBY7uFfMF5djVRX0YepnoK2QFhw=
=bgYG
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYHOhx+NLKJtyKPYoAQhbeQ/8DimMvoLdBq6FG23dTdB/tKRJVhxeCKia
0/hSRPvkfiN6NYnUCqgKHeg2nQcY5AekB6b9WwTDFz+d68guAvVzMNnshBdCf/N8
qu7d9gRpCptY9n+0VLKUg2vNp6tSgDQXCR6meTNttEvEnfEBpwzLLaMU8/U/9W0T
N0qVFkCO1dAkRfKpMcTf0KzD6gLXhoF5kyYF/GidgellCTiKhjybxwPfhL4rAmfT
y5ClXYpd8B7JNKf+A5W3CEeGAsNCBfKXiZivc3VeWUHTsS0YW8qx5xmC55JvV8oX
V55EjeMx5IQ5GoyaqbLrtlLC5mBqiKGTRzqyls9SVbG9zsDr5PSNnvTFYV2vGb2F
4MKRYeGV/uFVQ8Hk0982snItYkuxCSJmU17sym2zwqcO3e3KlUze8ILdETehgAcL
WMNS7qT3re7yypmzRncu7jALKJnv8NkTvf3T/tD1xkeR0P5hrgly8ae0p4dUMfMG
mnbfz/SD94a0SKmLI7awqboJBR8xjt52LFhy70O9TmG7Q9yHCKLzMWTU23u4jUFb
B2p/Mi3a8d3fUny3NBYWS6qhpYwz7CDf/YX9KeR65IUZsOTuutJeZ6FquUhelw31
XJXvVCVcsaWLiLXNy1RXQmSN4sc77Wd6L47Pl/vKuLdffZh27XgpB2vYuZUnLxYW
8DwS/QlmfVU=
=Q4Sw
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.1210 – [Debian] qemu: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/04/12/esb-2021-1210-debian-qemu-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1210-debian-qemu-multiple-vulnerabilities

ESB-2020.2918.5 – UPDATE [Appliance] BIG-IP products: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                              ESB-2020.2918.5
               BIG-IP Server SSL vulnerability CVE-2020-5913
                               12 April 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           BIG-IP products
Publisher:         F5 Networks
Operating System:  Network Appliance
Impact/Access:     Provide Misleading Information -- Remote with User Interaction
                   Access Confidential Data       -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-5913  

Original Bulletin: 
   https://support.f5.com/csp/article/K72752002

Revision History:  April     12 2021: Vendor updated advisory to note a new vulnerable component or feature.
                   December  14 2020: Vendor updated table with new fixed versions
                   November   2 2020: Vendor updated bulletin including Impact description
                   September 17 2020: Vendor updated vulnerable component or features
                   August    26 2020: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

K72752002: BIG-IP SSL/TLS CRL vulnerability CVE-2020-5913

Original Publication Date: 26 Aug, 2020
Latest   Publication Date: 09 Apr, 2021

Security Advisory Description

The BIG-IP Client or Server SSL profile ignores revoked certificates, even when
a valid CRL is present. This impacts SSL/TLS connections and may result in a
man-in-the-middle attack on the connections. (CVE-2020-5913)

Impact

The BIG-IP system does not enforce Transport Layer Security (TLS) certificate
chain restrictions as expected. As a result, SSL/TLS connections are
encrypted but may be vulnerable to man-in-the-middle attacks. This
vulnerability affects systems that have the following settings in their
configuration and connections that use a BIG-IP Client SSL or Server SSL
profile:

  o A Certificate Revocation List (CRL) enabled
  o A CRL with certificates in the Certificate Authority (CA) chain that are
    revoked, even though they have not expired
  o An OCSP responder object configured in a BIG-IP Client SSL or Server SSL
    profile

Beginning in BIG-IP 14.x, HTTPS monitors that have in-Traffic Management
Microkernel (in-TMM) monitoring enabled and use Server SSL profiles are also
affected by this vulnerability. For more information on in-TMM monitoring,
refer to K11323537: Configuring In-TMM monitoring.

Security Advisory Status

F5 Product Development has assigned ID 879025 (BIG-IP) to this vulnerability.

To determine if your product and version have been evaluated for this
vulnerability, refer to the Applies to (see versions) box. To determine if your
release is known to be vulnerable, the components or features that are affected
by the vulnerability, and for information about releases, point releases, or
hotfixes that address the vulnerability, refer to the following table. For more
information about security advisory versioning, refer to K51812227:
Understanding security advisory versioning.

+-----------+------+----------+---------------+----------+------+------------------------+
|           |      |Versions  |               |          |CVSSv3|                        |
|Product    |Branch|known to  |Fixes          |Severity  |score^|Vulnerable component or |
|           |      |be        |introduced in  |          |1     |feature                 |
|           |      |vulnerable|               |          |      |                        |
+-----------+------+----------+---------------+----------+------+------------------------+
|           |16.x  |None      |16.0.0         |          |      |14.x and later:         |
|           |      |          |               |          |      |                        |
|           +------+----------+---------------+          |      |BIG-IP Client or Server |
|           |      |15.0.0 -  |               |          |      |SSL profile             |
|BIG-IP     |15.x  |15.1.0    |15.1.0.2       |          |      |                        |
|(LTM, AAM, |      |          |               |          |      |HTTPS monitors^3        |
|Advanced   +------+----------+---------------+          |      |                        |
|WAF, AFM,  |      |          |14.1.2.5       |          |      |The                     |
|Analytics, |14.x  |14.1.0 -  |14.1.2-0.89.37^|          |      |iRule SSL::verify_result|
|APM, ASM,  |      |14.1.2    |2              |High      |7.4   |command                 |
|DDHD, DNS, |      |          |               |          |      |                        |
|FPS, GTM,  +------+----------+---------------+          |      +------------------------+
|Link       |13.x  |13.1.0 -  |13.1.3.5       |          |      |13.x and earlier:       |
|Controller,|      |13.1.3    |               |          |      |                        |
|PEM, SSLO) +------+----------+---------------+          |      |BIG-IP Client or Server |
|           |12.x  |12.1.0 -  |12.1.5.2       |          |      |SSL profile.            |
|           |      |12.1.5    |               |          |      |                        |
|           +------+----------+---------------+          |      |The                     |
|           |11.x  |11.6.1 -  |None           |          |      |iRule SSL::verify_result|
|           |      |11.6.5    |               |          |      |command                 |
+-----------+------+----------+---------------+----------+------+------------------------+
|           |16.x  |None      |16.0.0         |          |      |                        |
|BIG-IP     +------+----------+---------------+          |      |                        |
|(LTM, AAM, |15.x  |15.0.0 -  |15.1.0.2       |          |      |                        |
|Advanced   |      |15.1.0    |               |          |      |                        |
|WAF, AFM,  +------+----------+---------------+          |      |                        |
|Analytics, |14.x  |14.1.0 -  |14.1.2.5       |          |      |OCSP responder^4        |
|APM, ASM,  |      |14.1.2    |               |High      |7.4   |in a BIG-IP Client SSL  |
|DDHD, DNS, +------+----------+---------------+          |      |or Server SSL profile   |
|FPS, GTM,  |13.x  |13.1.0 -  |13.1.3.5       |          |      |                        |
|Link       |      |13.1.3    |               |          |      |                        |
|Controller,+------+----------+---------------+          |      |                        |
|PEM, SSLO) |12.x  |None      |Not applicable |          |      |                        |
|           +------+----------+---------------+          |      |                        |
|           |11.x  |None      |Not applicable |          |      |                        |
+-----------+------+----------+---------------+----------+------+------------------------+
|           |7.x   |None      |Not applicable |          |      |                        |
|BIG-IQ     +------+----------+---------------+Not       |      |                        |
|Centralized|6.x   |None      |Not applicable |vulnerable|None  |None                    |
|Management +------+----------+---------------+          |      |                        |
|           |5.x   |None      |Not applicable |          |      |                        |
+-----------+------+----------+---------------+----------+------+------------------------+
|Traffix SDC|5.x   |None      |Not applicable |Not       |None  |None                    |
|           |      |          |               |vulnerable|      |                        |
+-----------+------+----------+---------------+----------+------+------------------------+

^1The CVSSv3 score link takes you to a resource outside of AskF5, and it is
possible that the document may be removed without our knowledge.

^2To fix this vulnerability, F5 released an engineering hotfix for virtual
images of BIG-IP 14.1.2 (BIGIP-14.1.2-0.89.37) on various platforms and the
public cloud marketplace.

^3Beginning in BIG-IP 14.x, HTTPS monitors that have in-TMM monitoring enabled
and use Server SSL profiles are affected by this vulnerability.

^4Beginning in BIG-IP 13.0.0, the OCSP responder is directly associated with
the certificate. For more information, refer to K42000239: The OCSP stapling
profile is now associated with the certificate and K75106155: Configuring OCSP
stapling (13.x - 15.x)

Recommended Actions

If you are running a version listed in the Versions known to be vulnerable
column, you can eliminate this vulnerability by upgrading to a version listed
in the Fixes introduced in column. If the table lists only an older version
than what you are currently running, or does not list a non-vulnerable version,
then no upgrade candidate currently exists.

Mitigation

None

Supplemental Information

o K41942608: Overview of security advisory articles
  o K4602: Overview of the F5 security vulnerability response policy
  o K4918: Overview of the F5 critical issue hotfix policy
  o K9502: BIG-IP hotfix and point release matrix
  o K13123: Managing BIG-IP product hotfixes (11.x - 16.x)
  o K167: Downloading software and firmware from F5
  o K9970: Subscribing to email notifications regarding F5 products
  o K9957: Creating a custom RSS feed to view new and updated documents

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYHOlfuNLKJtyKPYoAQjbFQ/+MqgKBD1vyYM5hUg99L6Df0jVgu8dMAN2
SEMjwO8OmhUFOtNlBAKo8n59ywGEFmwlgrzKBKwspR1rvzwXDr1uCYrz5TwxSNMz
1AcHg/UjPh52U14f8soCPcnmHMGTTRTbZ2/JxWWqFaOcEPtj30DbA5ytZ5fDWLP8
4EZkx+KczTc0xeT9s0ZmNPtUV3bR/sCnCd6fDYsH34ZLRgg7z915VlVNZcOu8WGV
lmUDnjwml6+Lsgi90SJwGJaUdLHFJR1ZxDOFNvoXWnL2ZSmchZnMszkoZRmaRXn/
Gmcex7MrBpBdWEcHfxtqwKRvblxUiUOumLpoCsT7ouVw4qZ03LzVR5jsp+RqF4Ed
0osnvhszt8GXU2dwNuVZLxCisRMfI5TWU8NjuvMu77tngyz3iDJ/LVQ3gp/vh3Xi
pcnvHB7G0/pFc0a+zvWYpwY3xAHweE/mzP2glwpIhiNXltvCSdCrUK9jC6ajGBB4
BM47C7obwMcm5iuiTHMJAZRMYg4jPXnslBcL2KrlNHi4aCaMc2yIlimKnwdU3tFw
4tVlegyYlBQgk9ZhuogbHKUakjBBj8WlUjZVXYqsuFOZF6p68h73dV24YHY7qFs1
pHrA5lUL9v4Ln5NHrkNmpjue1KK+CjzmGBrWN2K6CT6AaSAxhtnVVifagOVHek8Q
W1Xr5ipPg+A=
=/dn/
-----END PGP SIGNATURE-----

Read More

The post ESB-2020.2918.5 – UPDATE [Appliance] BIG-IP products: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/04/12/esb-2020-2918-5-update-appliance-big-ip-products-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-2918-5-update-appliance-big-ip-products-multiple-vulnerabilities

ESB-2021.1208 – [Debian] python-django: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.1208
                       python-django security update
                               12 April 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           python-django
Publisher:         Debian
Operating System:  Debian GNU/Linux
Impact/Access:     Create Arbitrary Files    -- Remote/Unauthenticated
                   Overwrite Arbitrary Files -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-28658  

Reference:         ESB-2021.1153

Original Bulletin: 
   http://www.debian.org/lts/security/2021/dla-2622

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2622-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                           Chris Lamb
April 09, 2021                                https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------

Package        : python-django
Version        : 1:1.10.7-2+deb9u12
CVE ID         : CVE-2021-28658
Debian Bug     : #986447

It was discovered that there was a potential directory traversal
issue in Django, a Python-based web development framework.

The vulnerability could have been exploited by maliciously crafted
filenames. However, the upload handlers built into Django itself
were not affected.

For Debian 9 "Stretch", this problem has been fixed in version
1:1.10.7-2+deb9u12.

We recommend that you upgrade your python-django packages.

For the detailed security status of python-django please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/python-django

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmBwPekACgkQHpU+J9Qx
Hli1TA/9HV3MkXufNm8DQC8xvyG/G8zOUccDAtNJsYFRKxhm3YRrt2xC7AIQvPHw
PAVb5+o9jqNuK32s9Ezmidcuz8+nf6/F022RJNj3chEh6ChQs1W1J7I7tbKpUVMl
Ci/57o1gKvk/7ejU1xoY4gLaO+XtjbWFgaC/LgJsaxhGgHar2gFqZMJW+0/XVJIx
XOfPUTt/93FHXYgF+Yx+noN8uK/JjsO1X2CBFsWc3TDTAj9U4LskGxpcnUcRVdWV
JOPVZbtTHla1hB0n9NPrriVoHf9vWYK5ZKR9jX3Ntp+B3MngBb9bYkPW+iq7ocOV
SJzbOKXMHXerXopZTf1tSCx6ccJuFidcbbdh7bczN8hqtkdTv0HyPk3rtvvEriI5
crSRom1zqEUc7Somebw3Mgbo1UF0dHTA0ZWlNvwRnPR1GanKCee++tm9mKaSePC6
0KGBlWKZffk3vZO7bNc3TcuEMzaXF7s5cWNa/KCtrS/2tiM3g0gV3rzKhq69Fcu+
RxCcoQharQbZxdAH8WyepByF6v45xgjiYbP9ClYJPxVus1KU7F+zKadqKSwYlIrS
dfMvkLIb9LucZUyzB/+b9yuObaWs+NoC8U9pcY8JcjixXId3bQKCVCEE1YIN+9j6
o0vop0ZuCBu95/i1WBF04WW0SI/UKdVcoBbK9+YCODdssOSpSFo=
=hYiv
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYHOhmuNLKJtyKPYoAQgZ7BAAhB/5eECtIhOAAmh4T/uJXJP6dYs02Fal
90aU7JCFtHN4mGehfqWGZdq9MFvrVx6sr/4kn/EnPTnF5vNp/DZm99FOog+8JLDN
byIn6/3cJvj+DqF7fGnn7DCbhX8orrzb7pSy+ZuKPs/bIhJ68nnwKyS4BcyZWlvS
JPrwGxDje5mX4Y2Y1Wc7XbNuYUycgqqzbSNHrvl8pZ7DFlIYYRsuE0I4GrSSc2n0
VoC2g6ApW6hGj1et4oRN4ocJgcx7ZqCKTQLMcGzcTgq9efcDw4dvjBrwvQVhetbS
QEAjQ2iZO3NcgCTlsqDr2zdTahPdfoQidWrQsNK+dSfKcvaypWdda86yXKRSaJfj
Uetaeu4mKpWR6BKEiH5GQ6wueJdoH5LMbqxItFZErK3YeD7uxQ1dp1DsXtjc23PW
wPCT8dWh6n6P5/CfuW0vn8kApshsNnsluRGeZPSsfzsPDzxO1OFlOmp+Da8lgZUH
hTI2ANmqE9DnjRJiNW5/mrQvmmoe4vhTMtkKLZHGzKIhOGJb0ZenM32hEHQzNONS
T5ukhZY3o0JlagtMniFDwgJS21Vvlp247wbt/dUg7AbXbOcIE6luqlUxSwJQZhRQ
NCJJQcvdiLsbYwZh5wWA9k+aKN1Cr+CdsDEI4JmmuquTh+8vLpily03T2aqEH5B/
pGuwTSxKJjc=
=MnLT
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.1208 – [Debian] python-django: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/04/12/esb-2021-1208-debian-python-django-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1208-debian-python-django-multiple-vulnerabilities

ESB-2021.1207 – [RedHat] Red Hat Ansible Automation Platform Operator 1.2: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.1207
     Red Hat Ansible Automation Platform Operator 1.2 security update
                               12 April 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Red Hat Ansible Automation Platform Operator 1.2
Publisher:         Red Hat
Operating System:  Red Hat
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Root Compromise                 -- Existing Account      
                   Increased Privileges            -- Existing Account      
                   Overwrite Arbitrary Files       -- Existing Account      
                   Create Arbitrary Files          -- Existing Account      
                   Denial of Service               -- Remote/Unauthenticated
                   Access Confidential Data        -- Remote/Unauthenticated
                   Reduced Security                -- Remote/Unauthenticated
                   Unauthorised Access             -- Existing Account      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-20228 CVE-2021-20191 CVE-2021-20180
                   CVE-2021-20178 CVE-2021-3447 CVE-2021-3156
                   CVE-2020-15999 CVE-2020-14422 CVE-2020-12403
                   CVE-2020-12402 CVE-2020-12401 CVE-2020-12400
                   CVE-2020-12243 CVE-2020-8625 CVE-2020-8177
                   CVE-2020-7595 CVE-2020-6829 CVE-2020-5313
                   CVE-2020-1971 CVE-2019-20907 CVE-2019-20388
                   CVE-2019-19956 CVE-2019-17546 CVE-2019-17498
                   CVE-2019-17023 CVE-2019-17006 CVE-2019-15903
                   CVE-2019-14973 CVE-2019-14866 CVE-2019-12749
                   CVE-2019-11756 CVE-2019-11727 CVE-2019-11719
                   CVE-2019-5188 CVE-2019-5094 CVE-2018-20843
                   CVE-2017-12652  

Reference:         ESB-2021.1193
                   ESB-2021.1091
                   ESB-2021.0986
                   ESB-2021.0845

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2021:1079

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: Red Hat Ansible Automation Platform Operator 1.2 security update
Advisory ID:       RHSA-2021:1079-01
Product:           Red Hat Ansible Automation Platform
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:1079
Issue date:        2021-04-06
Keywords:          Security Update
CVE Names:         CVE-2017-12652 CVE-2018-20843 CVE-2019-5094 
                   CVE-2019-5188 CVE-2019-11719 CVE-2019-11727 
                   CVE-2019-11756 CVE-2019-12749 CVE-2019-14866 
                   CVE-2019-14973 CVE-2019-15903 CVE-2019-17006 
                   CVE-2019-17023 CVE-2019-17498 CVE-2019-17546 
                   CVE-2019-19956 CVE-2019-20388 CVE-2019-20907 
                   CVE-2020-1971 CVE-2020-5313 CVE-2020-6829 
                   CVE-2020-7595 CVE-2020-8177 CVE-2020-8625 
                   CVE-2020-12243 CVE-2020-12400 CVE-2020-12401 
                   CVE-2020-12402 CVE-2020-12403 CVE-2020-14422 
                   CVE-2020-15999 CVE-2021-3156 CVE-2021-3447 
                   CVE-2021-20178 CVE-2021-20180 CVE-2021-20191 
                   CVE-2021-20228 
=====================================================================

1. Summary:

Red Hat Ansible Automation Platform Resource Operator 1.2 (technical
preview) images that fix several security issues.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

Red Hat Ansible Automation Platform Resource Operator container images 
with security fixes.

Ansible Automation Platform manages Ansible Platform jobs and workflows
that can interface with any infrastructure on a Red Hat OpenShift Container
Platform cluster, or on a traditional infrastructure that is running
off-cluster.

Security fixes:

CVE-2021-20191 ansible: multiple modules expose secured values
[ansible_automation_platform-1.2] (BZ#1916813)

CVE-2021-20178 ansible: user data leak in snmp_facts module
[ansible_automation_platform-1.2] (BZ#1914774)

CVE-2021-20180 ansible: ansible module: bitbucket_pipeline_variable exposes
secured values [ansible_automation_platform-1.2] (BZ#1915808)

CVE-2021-20228 ansible: basic.py no_log with fallback option
[ansible_automation_platform-1.2] (BZ#1925002)

CVE-2021-3447 ansible: multiple modules expose secured values
[ansible_automation_platform-1.2] (BZ#1939349)

For more details about the security issue, including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

3. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

1914774 - CVE-2021-20178 ansible: user data leak in snmp_facts module
1915808 - CVE-2021-20180 ansible module: bitbucket_pipeline_variable exposes secured values
1916813 - CVE-2021-20191 ansible: multiple modules expose secured values
1925002 - CVE-2021-20228 ansible: basic.py no_log with fallback option
1939349 - CVE-2021-3447 ansible: multiple modules expose secured values

5. References:

https://access.redhat.com/security/cve/CVE-2017-12652
https://access.redhat.com/security/cve/CVE-2018-20843
https://access.redhat.com/security/cve/CVE-2019-5094
https://access.redhat.com/security/cve/CVE-2019-5188
https://access.redhat.com/security/cve/CVE-2019-11719
https://access.redhat.com/security/cve/CVE-2019-11727
https://access.redhat.com/security/cve/CVE-2019-11756
https://access.redhat.com/security/cve/CVE-2019-12749
https://access.redhat.com/security/cve/CVE-2019-14866
https://access.redhat.com/security/cve/CVE-2019-14973
https://access.redhat.com/security/cve/CVE-2019-15903
https://access.redhat.com/security/cve/CVE-2019-17006
https://access.redhat.com/security/cve/CVE-2019-17023
https://access.redhat.com/security/cve/CVE-2019-17498
https://access.redhat.com/security/cve/CVE-2019-17546
https://access.redhat.com/security/cve/CVE-2019-19956
https://access.redhat.com/security/cve/CVE-2019-20388
https://access.redhat.com/security/cve/CVE-2019-20907
https://access.redhat.com/security/cve/CVE-2020-1971
https://access.redhat.com/security/cve/CVE-2020-5313
https://access.redhat.com/security/cve/CVE-2020-6829
https://access.redhat.com/security/cve/CVE-2020-7595
https://access.redhat.com/security/cve/CVE-2020-8177
https://access.redhat.com/security/cve/CVE-2020-8625
https://access.redhat.com/security/cve/CVE-2020-12243
https://access.redhat.com/security/cve/CVE-2020-12400
https://access.redhat.com/security/cve/CVE-2020-12401
https://access.redhat.com/security/cve/CVE-2020-12402
https://access.redhat.com/security/cve/CVE-2020-12403
https://access.redhat.com/security/cve/CVE-2020-14422
https://access.redhat.com/security/cve/CVE-2020-15999
https://access.redhat.com/security/cve/CVE-2021-3156
https://access.redhat.com/security/cve/CVE-2021-3447
https://access.redhat.com/security/cve/CVE-2021-20178
https://access.redhat.com/security/cve/CVE-2021-20180
https://access.redhat.com/security/cve/CVE-2021-20191
https://access.redhat.com/security/cve/CVE-2021-20228
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/security/cve/CVE-2021-20191
https://access.redhat.com/security/cve/CVE-2021-20178
https://access.redhat.com/security/cve/CVE-2021-20180
https://access.redhat.com/security/cve/CVE-2021-20228
https://access.redhat.com/security/cve/CVE-2021-3447

6. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYHBeatzjgjWX9erEAQhLuw//QLV4QWc4E9o8cG3IJr3xIt6b/OHs6b9s
hp04e5kT7IWFpmR3VXK+BEK2dd+NiGdvXPOpwe4BaOUWEDmq+dx4Vac5Z0GcZJUK
AJz8dXFPYBgIafuIkWyY9UIvSO/VsQ2Dr4+KUnB1obALAz3ndSoQJFS1hysFBXHS
+MulKiYVwFw7UbfvGuFLjmLrNTAflVa9MHmdh3P53bU+U2mCgzuHTFIpodkZhuIt
aIR0H/dgHXXG8co20Zb5Nciqr0CxqejQ+xz84Yu0I+y1LWdBAhi34c3zJY4rlEQS
6/nfcsSPEadNCTXQu/TX6yvo6sE8A7/xGh1PDf0PLVv+Xh7TE53MtmTnYcl8uiRO
9m3CfJ7PLO2hpl6QuJzuUe7nXx65/qIoKQjZfNpZVXj/LQtL1F4RE7szmswIGNZL
IG51pYEUE98aR3gIlLpoMjW4vtC+rdcwSBaLW5gH1Q5hNRlTLmFBTKmYNkCpd4Ho
NP3AKEwx9R8ZdGYcCuZwYPvSQSqX+B9qURw5G4E/vbso8Vh9RYQ3kusnf93Q/1LG
ImHCbsVWJDMMt/NRj5OvqgZc18ROqHhSpuJ+A44VCI+UihkZb2ai4DjGef0WHZhq
XTMyLECTJIwM4aY+BC1ohYm0Whvs/w/hd03tGFBJhlIoBYakY6o8lRD7hCc8E/YI
dEQ0aSabgEY=
=D/Lt
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYHOhgONLKJtyKPYoAQgEjQ//Qx9OYAtqVr1OMZXQ0Ay9ACSMnsFwBmg0
iI+WTWaHRJKNTiEGuhGdpY/pchi5RQyMlpreNTRSe/+L49Vu2XTo09N3HV2qS3na
lQlrzwD9nimYOci2joGN3G9+zkWkYbWu2w2/yWRPZz2p/JhEPpAYUxiVToIxTi4b
gm3A5rX+z1xhuIw9dYPWVeP6X09lW6Uo/DKeNGUyXiQynvA1WpjLk6GhwBJczN56
4lSUHfIdYR3D5WEu1fH5GILc/vUJa6rStOwnGPk2mhXAfyFc2S/lsMPl7MLyBaXB
potZ3CNDnmkbETqCN5MJe4qp5RDTeRM3RC9bkEtFlPhRta5b3NAYmTXbhwr9pnHA
XG3Yyhp2AOlLv3GqPaIu2ncqYSa5EO6X00vI1EkBT6hiufxxLnb6qdJdZTqri/c3
taGnn6S1/rEaOfqRGdg0mQWtmV4Rfhe+VtBLHssORYEjjXU09m8HqfcuXitsDtFT
d5KWCjC264MuJ0MjbIw7GA4sEgxz8ebXzU/FR2bNS/kvI9+0Ym89j6Hy2Jvrq59C
bB7neXTh/GUS3qG6zWl9i8sN+C+v8lrlKfeVvAyIooBZRBfRzn4ueHRqdYmXguGe
oZxh07tf7VQRuL62vIi18eM5Tjc9pd/+FLmaCqsPcnkny24MTnSwaol/vZw/wSTC
yhWiQ6rUals=
=/zlA
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.1207 – [RedHat] Red Hat Ansible Automation Platform Operator 1.2: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/04/12/esb-2021-1207-redhat-red-hat-ansible-automation-platform-operator-1-2-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1207-redhat-red-hat-ansible-automation-platform-operator-1-2-multiple-vulnerabilities

ESB-2021.1206 – [Debian] mediawiki: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.1206
                         mediawiki security update
                               12 April 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           mediawiki
Publisher:         Debian
Operating System:  Debian GNU/Linux
Impact/Access:     Denial of Service    -- Remote/Unauthenticated      
                   Cross-site Scripting -- Remote with User Interaction
                   Reduced Security     -- Existing Account            
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-30159 CVE-2021-30158 CVE-2021-30157
                   CVE-2021-30155 CVE-2021-30154 CVE-2021-30152
                   CVE-2021-27291 CVE-2021-20270 

Reference:         ESB-2021.1100
                   ESB-2021.1070
                   ESB-2021.0984
                   ESB-2021.0849

Original Bulletin: 
   http://www.debian.org/security/2021/dsa-4889

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4889-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
April 10, 2021                        https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : mediawiki
CVE ID         : CVE-2021-20270 CVE-2021-27291 CVE-2021-30152 CVE-2021-30159
                 CVE-2021-30154 CVE-2021-30155 CVE-2021-30157 CVE-2021-30158 

Multiple security issues were found in MediaWiki, a website engine for
collaborative work, which could result in incomplete page/blocking
protection, denial of service or cross-site scripting.

For the stable distribution (buster), these problems have been fixed in
version 1:1.31.14-1~deb10u1.

We recommend that you upgrade your mediawiki packages.

For the detailed security status of mediawiki please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/mediawiki

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmBxxgYACgkQEMKTtsN8
TjbL0Q//d2FNakdYWEaMiFH4zEDwqOAe7wDyfrlfG4upPyaiary3O512E2rd2pkZ
nSGYLbkY2UJW0lSl7qXUpFe4i+VVtajaabwSZgaXlGNTj+qCRWWPCnZcJDHcGrhW
FkN8vmCGrFsQneRWPlDKnFd6NSPF/aVhVwROO7ykOdDajZPi+9uz+dxUEnyhUIvC
871NHo3P9FXUKe3bqbmC3t4CFe2fAy3OfP5byeqYs6t/cV1+aR5QyZEo7V8jdbx0
z1gsBQi6wc1UOUYoX3cX7iAX6PMohFfSgas7iyECRznqSKcmgDFBFtQ5WHp1Uq2W
QELfi3PGD/0eYq7Nl6xlO8q5GbPU8/FLrRHR6NybK+L95RVh8LwJvz5uPmKgLCEZ
KZMgRdO3JOc+DQp5gP8+F8E29fQSrhyBO1JRo9hmTbLkcwsi1LLaMsMbiVUfpR3N
BE9IRhkGfipErR/FYrVgjzy+aWlJeZH5ECkopkYQU3umYuoVjz770w3pRSISmldB
b+I664kJOXJyAMdmtfm/oArEtcqIxHA82g3d597A5t3aqgrQuO3IYfwZVuwTqI7K
dvllJ4fhVm45QDIBeis25IfVcMyFVSJk4HhhqgjyDYThMq0sqgJpzw6Nx+5qht+N
mvpRf54pBJ5WVVc9aKRVIpjhHXPLh6iAICQ9n2MpgLl8QVtGt6Y=
=UyFn
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYHOJa+NLKJtyKPYoAQjMNQ/9EwZWj1V4i/pgQMSphex5ERqI3k3TyZx8
Yuw4VK3+QDzwUg3cwd9Ltjma7cVeG27cAKTaURwU6uYqFsUS1A870iS1/wL4+4Ww
bc6DoIKUdqreP7U35nvZj/EKVTgSlt884L1PeK9Ll+lizqNEYlvpgueGurUm/uEC
S4UTIOnIyc562kbXfgSAStoY7a15j6rJpu1xAxD2PAjyB8JYGA3f1lYpURbA47v8
/c4XK893M3A+QDwYlVGcCOBgMIQ6SPuRUk3jBodfhQdxusCw8IBY2EwT/MZt8xMJ
JsqUm2v4VoCfKTj4N6oCfgIbvpHbm6+AgypfTx0DNHLIbhbgH+tWEhQzIGLpzJ9I
5By8av/lRunY+FkBViHzsDNZy6G4D3xorayneU0X5Mqbl++PDFA0VHLINmqVKiI4
r9hXfgk1/iN8VmxURsTXrKwJahVtdybSmVbef5AgJQjL+6PmlVfkNGoULq2eshJc
GALI6rJN9ELds9iXMjWI2Eq4Fwy8hwfH/0fMJo07zbMEZsHnAsdi8RqzIxc4Lzq6
+xEbxM9EjQP3BtY3epGtZX2pU4T5/GbVvr2+GXyJOpr/35dO5JnJHhnrQmWCvT9u
2tzZAjWRSwA3W3UbAjcXqxNwC1jD3LfR0q9/8N6JKPVvXL6A1THRsZ08l2znhQo2
QENT9SGP5ZM=
=Z9Co
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.1206 – [Debian] mediawiki: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/04/12/esb-2021-1206-debian-mediawiki-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1206-debian-mediawiki-multiple-vulnerabilities

ESB-2021.1204 – [Win][UNIX/Linux][SUSE] wpa_supplicant: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.1204
                    Security update for wpa_supplicant
                               12 April 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           wpa_supplicant
Publisher:         SUSE
Operating System:  SUSE
                   UNIX variants (UNIX, Linux, OSX)
                   Windows
Impact/Access:     Provide Misleading Information -- Remote/Unauthenticated
                   Reduced Security               -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-30004  

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2021/suse-su-20211125-1

Comment: This advisory references vulnerabilities in products which run on 
         platforms other than SUSE. It is recommended that administrators 
         running wpa_supplicant check for an updated version of the software
         for their operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

SUSE Security Update: Security update for wpa_supplicant

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:1125-1
Rating:            moderate
References:        #1184348
Cross-References:  CVE-2021-30004
Affected Products:
                   SUSE Linux Enterprise Server 12-SP5
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for wpa_supplicant fixes the following issues:

  o CVE-2021-30004: Fixed an issue where forging attacks might have occured
    because AlgorithmIdentifier parameters were mishandled in tls/pkcs1.c and
    tls/x509v3.c (bsc#1184348)

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Server 12-SP5:
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1125=1

Package List:

  o SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
       wpa_supplicant-2.9-23.12.1
       wpa_supplicant-debuginfo-2.9-23.12.1
       wpa_supplicant-debugsource-2.9-23.12.1


References:

  o https://www.suse.com/security/cve/CVE-2021-30004.html
  o https://bugzilla.suse.com/1184348

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYHOI2eNLKJtyKPYoAQgAjQ/9GlLXgiVDM2FT6ECesYkbv2xT3DrERf4a
GwJmB4GVmuCWbU8kidu3Kk8c0sTFl/yi4fTzFv+H4ZAkozfIkhEV9Y4FQJA6a/3i
ISfu3OoAlZ1RQ8Y7Zr+cmdCbQRq6COur1U6hf+AuzuEtOtRtjlYTl4su0ueS4ejb
4o0X3sC2LrLjdTJ4snH++McIQvEEGAuSokILFkw8M7LiRN4YKqnGmBEGwSVJYPHb
Ln7/+t6UqPsL2j9Z3kf4VZ2u5NMpsx7CL3wU+TEF/55JlgXdI0nA/T/zn1FcH3op
38n+W7Jyo71s56J1Z3/hTE1M0+mifv3usav5Cbu/WgKtETNNMOJmPJFSRtTkE0uo
DeBhv01/6Vp0N+UlEQkkDI2qzh7D+JRIwmlxp0EFxDwvR+coU46brFVX4NTBQ43h
JkFOY+y3YpeJWIdPYwEh+VtRwetkpJfH/h6PuYLjH4Z8h6+VOxvnUWofCThiogFW
Z4NCbmFIO6Sfq30Rdvg34jIFtqYbK3RIinDz+OSqgV1uNjK6/ile1Hclrvbx453K
Is7iy/SDTwSQdexitiNKWWQO5ZljdWE2dooyDZI1cUg60yELkOvV/vDbaL5AzShq
n/7XZPtZ7SwDWb09S1jcBptAQBn3wJLc/qsWMQI4AfHqVOQD7WLTh+MujlkRipTQ
PlyNqxv7bY4=
=NONp
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.1204 – [Win][UNIX/Linux][SUSE] wpa_supplicant: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/04/12/esb-2021-1204-winunix-linuxsuse-wpa_supplicant-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1204-winunix-linuxsuse-wpa_supplicant-multiple-vulnerabilities

ESB-2021.1203 – [UNIX/Linux][SUSE] umoci: Overwrite arbitrary files – Existing account

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.1203
                         Security update for umoci
                               12 April 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           umoci
Publisher:         SUSE
Operating System:  SUSE
                   UNIX variants (UNIX, Linux, OSX)
Impact/Access:     Overwrite Arbitrary Files -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-29136  

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2021/suse-su-20211116-1

Comment: This advisory references vulnerabilities in products which run on 
         platforms other than SUSE. It is recommended that administrators 
         running umoci check for an updated version of the software for their
         operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

SUSE Security Update: Security update for umoci

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:1116-1
Rating:            important
References:        #1184147
Cross-References:  CVE-2021-29136
Affected Products:
                   SUSE Manager Server 4.0
                   SUSE Manager Retail Branch Server 4.0
                   SUSE Manager Proxy 4.0
                   SUSE Linux Enterprise Server for SAP 15-SP1
                   SUSE Linux Enterprise Server 15-SP1-LTSS
                   SUSE Linux Enterprise Server 15-SP1-BCL
                   SUSE Linux Enterprise Module for Containers 15-SP3
                   SUSE Linux Enterprise Module for Containers 15-SP2
                   SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
                   SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
                   SUSE Enterprise Storage 6
                   SUSE CaaS Platform 4.0
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for umoci fixes the following issues:

  o Update to umoci v0.4.6.
  o CVE-2021-29136: malicious layer allows overwriting of host files (bsc#
    1184147)

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Manager Server 4.0:
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1116=1
  o SUSE Manager Retail Branch Server 4.0:
    zypper in -t patch
    SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1116=1
  o SUSE Manager Proxy 4.0:
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1116=1
  o SUSE Linux Enterprise Server for SAP 15-SP1:
    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1116=1
  o SUSE Linux Enterprise Server 15-SP1-LTSS:
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1116=1
  o SUSE Linux Enterprise Server 15-SP1-BCL:
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1116=1
  o SUSE Linux Enterprise Module for Containers 15-SP3:
    zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2021-1116=1
  o SUSE Linux Enterprise Module for Containers 15-SP2:
    zypper in -t patch SUSE-SLE-Module-Containers-15-SP2-2021-1116=1
  o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1116=1
  o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1116=1
  o SUSE Enterprise Storage 6:
    zypper in -t patch SUSE-Storage-6-2021-1116=1
  o SUSE CaaS Platform 4.0:
    To install this update, use the SUSE CaaS Platform 'skuba' tool. I will
    inform you if it detects new updates and let you then trigger updating of
    the complete cluster in a controlled way.

Package List:

  o SUSE Manager Server 4.0 (ppc64le s390x x86_64):
       umoci-0.4.6-3.9.1
  o SUSE Manager Retail Branch Server 4.0 (x86_64):
       umoci-0.4.6-3.9.1
  o SUSE Manager Proxy 4.0 (x86_64):
       umoci-0.4.6-3.9.1
  o SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
       umoci-0.4.6-3.9.1
  o SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
       umoci-0.4.6-3.9.1
  o SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
       umoci-0.4.6-3.9.1
  o SUSE Linux Enterprise Module for Containers 15-SP3 (aarch64 ppc64le s390x
    x86_64):
       umoci-0.4.6-3.9.1
  o SUSE Linux Enterprise Module for Containers 15-SP2 (aarch64 ppc64le s390x
    x86_64):
       umoci-0.4.6-3.9.1
  o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64
    x86_64):
       umoci-0.4.6-3.9.1
  o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64
    x86_64):
       umoci-0.4.6-3.9.1
  o SUSE Enterprise Storage 6 (aarch64 x86_64):
       umoci-0.4.6-3.9.1
  o SUSE CaaS Platform 4.0 (x86_64):
       umoci-0.4.6-3.9.1


References:

  o https://www.suse.com/security/cve/CVE-2021-29136.html
  o https://bugzilla.suse.com/1184147

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYHOHb+NLKJtyKPYoAQjO2g/6A9FoVbcoQjTJYpkuh9e6i9c5eO6RvpPP
xfBYZ+HiGGW1XVooFpabZGV+7hm58B9geLfLcAR6hAU9guTrSjpbfxXDl8r1mXIn
jdeQlP7F6ThwJ+JYEf6qJtVu3qXctQBtDbe3nzV3xQ6vHyqhP9BKdQHCDG35czWq
9E4+3zYFm04RISE2/JNsOupbgUOhUXaJkotvDd5wltiweZru95RqnD4B/8e2y1Gr
yseO9W20SHAxGHKCIGb39VoUveOkIHI7IympuBKYo0WIizTfFwI7ozp5P06DiJdR
FltKqbwOhX/tx7RsdOg0wm8NTE5rlJXhFUyAeUsaaa5rOywHCSpwUu759AWuWZXP
FDGoX/Mf5f/MOkxsQPjKFgoIzz9fedwT8jKHOWv8eabc4MU8Xt897z+fhOT8R6Ez
Jczo18u8Xnk+RjZ1dhYWo/eswc9DXAGaTGu/Pxibh4Cmn2joQg7Qcp+pBpGYSmDV
12kvtcvl7uNm/jBYom8BO/gqDHUQq34WBWnaoTi7Gb+YKrObCBUMrrVvmJuXBJKM
wnh6d8c4vdvZroDw3qJwmI3uK79P7FgsT7d7UIhkh7EycKNw+o+mE5ndNDa0/mpV
LegdvDKqmNR4mnSqMWQI951jj28G7KO+MaVzAqy1VTMUOSnRPcRVrf+THJl5Wvsr
5HjWulaYGXA=
=joa5
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.1203 – [UNIX/Linux][SUSE] umoci: Overwrite arbitrary files – Existing account appeared first on Malware Devil.

https://malwaredevil.com/2021/04/12/esb-2021-1203-unix-linuxsuse-umoci-overwrite-arbitrary-files-existing-account/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1203-unix-linuxsuse-umoci-overwrite-arbitrary-files-existing-account

ESB-2021.1205 – [Debian] xen: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.1205
                            xen security update
                               12 April 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           xen
Publisher:         Debian
Operating System:  Debian GNU/Linux
Impact/Access:     Increased Privileges     -- Existing Account
                   Denial of Service        -- Existing Account
                   Access Confidential Data -- Existing Account
                   Reduced Security         -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-27379 CVE-2021-26933 

Reference:         ESB-2021.0583

Original Bulletin: 
   http://www.debian.org/security/2021/dsa-4888

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4888-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
April 10, 2021                        https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : xen
CVE ID         : CVE-2021-26933 CVE-2021-27379

Multiple vulnerabilities have been discovered in the Xen hypervisor,
which could result in denial of service, privilege escalation or memory
disclosure.

For the stable distribution (buster), these problems have been fixed in
version 4.11.4+99-g8bce4698f6-1.

We recommend that you upgrade your xen packages.

For the detailed security status of xen please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/xen

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmBxxeMACgkQEMKTtsN8
TjYb0Q//eIxSJd8eZrlCY6s8xM3rCT89lyi76Mrmjfm7WRpwbzluMlRLGYqpO5Yn
y+PHRx9Z4yp1bZph8SVJoMF+azsjG2pQIYzbODV8kfV8GVTVI/Awlcp9OYU3ivor
oc36/aJawe5rruPUwJ1nDTICbeTjjOCfp6NeMhJoF6oAyo/FPchyuJV7l6Ll1KIC
bJBj3mk05FGFaDZAj5GU3WYX72wsr58lSy+cK2n+Bt8pSSlGrQHzDI9/5wTsiX2M
uDIrKSC0JiUgwCHqfVwfwhS3/ww2jVowvlCbNO24TKwaX5llMxAiSxUNvO2W8FkK
rGJ7rnXr5qg2U8kzs3d6PUk3XndcjFgbEM7adh9B+FiS9kEe07eAqNdleqeGc1rk
hypDUVyseV8muUrwDWR6/fKqH3ceqSqRHAbHCwaVtRBPYAbQ5g4/rW2wt5CoYYD3
0vuskMF92Qlo+sgwDZ51u2aeh6bG/KCd+hZSjuQJQzx2M+9WnMZfp32byhc2pVBo
8bxF8i0ufN2aK8BCF7Nzt8Mj84swlnhdK230e6GfwoqukWycC1gXwtT1wWJFxGq5
1OfIPHSLQq8dASJfope35HpTVMZuAIFRatzEjy2j2KRkqf1t7VbSAC07jnqzqo0a
8IKrLktEGoaqpgcSKmggrWbnKsNeB3YPVMm4fdCFOcI+xOtjjXo=
=gfEG
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYHOJQ+NLKJtyKPYoAQgw4g/9GOVv2QGOfUjpt6adBIKnNyf7Npy5dFoU
PJpEEIGh15ztrzxXC7fUWuzsAQhXXjr0+z9gZSpLF1+48WPb2tWf67lbw2OM/fkS
p3pZwqwbEpngrFjfKRF0Kzjo2HtaNVQLvG7y9mezYJ2DMy5b+qKYwr20hg2MW5B3
TrmSi9IUxjgPvqlJxDfB27V8lr+X05aUb3lflral9TqHVa7KqKSYbzPuBMWvohZz
LUSqa7c2/1OoeliZGBU3QPi/bTBrcCieCGr6yM2Nwam8i+Ou62yfhofm97V6Hmzs
dPi/o/0yWslqHfe/GkBcorfUjmxMfmrgKSxBqCqpD+bPEJDjlJ4EroT40T+NjIam
G61Qwi477+q/mHWK92tMe9grzyy7Q6bMe42EL7OA0x5whrjdllQpEH4grm4hW+P9
WnuUAPVE0KC0Qau+zxUoE8VY5jisl6eVJWZJbk8R22sKXE70dXT3CoWHQ2Bz61Pv
7GjlNNO36Qmg5pI3puphabbvBGgOuY3oZWJlFYfR215/J+Dl62JJuXiRsYNN9s99
4Y1fOwXavGmCnVvFdf4S4APhOy9iUqu52jOs6YU7G8YW/G16P3JhF8xk0kZsKuuB
xUSijV4SvzE0T+ZRm3L5HPBiAeWetjewI2Y911CsnVgEINWq7e6G2GwybyW73jg9
/J1SR7S2GSI=
=cgzd
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.1205 – [Debian] xen: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/04/12/esb-2021-1205-debian-xen-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1205-debian-xen-multiple-vulnerabilities

ESB-2021.1202 – [SUSE] fwupdate: Reduced security – Unknown/unspecified

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.1202
                       Security update for fwupdate
                               12 April 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           fwupdate
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Reduced Security -- Unknown/Unspecified
Resolution:        Patch/Upgrade

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2021/suse-su-20211123-1

- --------------------------BEGIN INCLUDED TEXT--------------------

SUSE Security Update: Security update for fwupdate

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:1123-1
Rating:            important
References:        #1182057
Affected Products:
                   SUSE OpenStack Cloud 7
                   SUSE Linux Enterprise Server 12-SP2-BCL
______________________________________________________________________________

An update that contains security fixes can now be installed.

Description:

This update for fwupdate fixes the following issues:

  o Add SBAT section to EFI images (bsc#1182057)

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE OpenStack Cloud 7:
    zypper in -t patch SUSE-OpenStack-Cloud-7-2021-1123=1
  o SUSE Linux Enterprise Server 12-SP2-BCL:
    zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-1123=1

Package List:

  o SUSE OpenStack Cloud 7 (x86_64):
       fwupdate-0.5-7.5.1
       fwupdate-debuginfo-0.5-7.5.1
       fwupdate-debugsource-0.5-7.5.1
       fwupdate-efi-0.5-7.5.1
       fwupdate-efi-debuginfo-0.5-7.5.1
       libfwup0-0.5-7.5.1
       libfwup0-debuginfo-0.5-7.5.1
  o SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):
       fwupdate-0.5-7.5.1
       fwupdate-debuginfo-0.5-7.5.1
       fwupdate-debugsource-0.5-7.5.1
       fwupdate-efi-0.5-7.5.1
       fwupdate-efi-debuginfo-0.5-7.5.1
       libfwup0-0.5-7.5.1
       libfwup0-debuginfo-0.5-7.5.1


References:

  o https://bugzilla.suse.com/1182057

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYHOHQeNLKJtyKPYoAQgxiQ//Z+yiFFQQxWJr+dHYhyES9fp45Mit5PWd
iAvVex2MmN6w6dxyWkfmgf6xQy68GHRM+AA1K9mulThLkZh6pb0R9h0FHNOIUr9/
ihdSL1YVbjfThqLLs77Nz3MAMUMGwaBT7GL4Dtc0ZKtr/UeuGbDJV0z0G86JkqTB
qSLUy4doQu9qTWi9clfj23F/NQQeZxJ9Z7SIH0S/eHAJ2FJ/KyZcnDq4fskmXlkn
id362wghpG6G8D0KvCdMSAcZ4zftzzyRSiK3vamNcuy3OCl2EnNURX4scXTYWaWn
P/hlCNOuCCTlDQQD4dmyJah/riQMiKKqNsyFa//TkXX+aT+r9LAK7dwY6JjxDPKe
z1uDlWp7lORE8ipyuqVd3HlY8lKFfe56DTtK9Ax54DRWx9byaMTTBOp67J+8SuX2
anabjidIJ/0EtdgIJRonLCx3wXnXxdfWCPs3z60Ve7V4HjZhALNEC038N5ld9dGD
Whq+/FD3/6YfcwrkgOfBcGCD4e5WNjDV6QUbIWvj3EsjnlxUhnEAHkFNpHItxEns
bah6GHMTMnb3wQlqo+acBhR/t0LfZZBwW6YvejKe+PgwPXyrTF6Z46ABHhSfq70Z
HKT64U6s1nXLuss9T3wvCyS8rJ5d/Pqz/P3tEUrZRnpkjSXbdHydaoIWKaQ2te9F
U72W09KWKII=
=M+Pe
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.1202 – [SUSE] fwupdate: Reduced security – Unknown/unspecified appeared first on Malware Devil.

https://malwaredevil.com/2021/04/12/esb-2021-1202-suse-fwupdate-reduced-security-unknown-unspecified/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1202-suse-fwupdate-reduced-security-unknown-unspecified

Network Security News Summary for Monday April 12nd, 2021

Bring Your Own Python; Facebook vs PSL; Malicious Ads Pushing Clubhouse Malware; Identifying Cobalt Strike DNS

No Python Interpreter? This Simple RAT Installs Its Own Copy
https://isc.sans.edu/forums/diary/No+Python+Interpreter+This+Simple+RAT+Installs+Its+Own+Copy/27292/

Facebook Mistakingly Suggests Adding Domains To Public Suffix List will Ease Tracking
https://publicsuffix.org
https://www.facebook.com/business/help/331612538028890?id=428636648170202

Facebook Ads Used to Push Clubhouse Related Malware
https://www.ehackingnews.com/2021/04/cybercriminals-used-facebook-ads-to.html

Identifying Cobalt Strike DNS Intrastructure
https://labs.f-secure.com/blog/detecting-exposed-cobalt-strike-dns-redirectors

keywords: cobalt strike; dns; facebook; clubhouse; malware; privacy; apple ; psl; tld; python; rat

The post Network Security News Summary for Monday April 12nd, 2021 appeared first on Malware Devil.

https://malwaredevil.com/2021/04/11/network-security-news-summary-for-monday-april-12nd-2021/?utm_source=rss&utm_medium=rss&utm_campaign=network-security-news-summary-for-monday-april-12nd-2021

BSides Philly 2020 – Christopher Lopez’ ‘Asking Questions And Writing Effectively’

Many thanks to BSides Philly for publishing their outstanding videos on the organization’s YouTube channel. Enjoy!

Permalink

The post BSides Philly 2020 – Christopher Lopez’ ‘Asking Questions And Writing Effectively’ appeared first on Security Boulevard.

Read More

The post BSides Philly 2020 – Christopher Lopez’ ‘Asking Questions And Writing Effectively’ appeared first on Malware Devil.

https://malwaredevil.com/2021/04/11/bsides-philly-2020-christopher-lopez-asking-questions-and-writing-effectively/?utm_source=rss&utm_medium=rss&utm_campaign=bsides-philly-2020-christopher-lopez-asking-questions-and-writing-effectively

XKCD ‘Eradication’

via the comic delivery system monikered Randall Munroe resident at XKCD!

Permalink

The post XKCD ‘Eradication’ appeared first on Security Boulevard.

Read More

The post XKCD ‘Eradication’ appeared first on Malware Devil.

https://malwaredevil.com/2021/04/11/xkcd-eradication/?utm_source=rss&utm_medium=rss&utm_campaign=xkcd-eradication

BSides Philly 2020 – Kelley Robinson’s ‘What If We Had TLS For Phone Numbers’

Many thanks to BSides Philly for publishing their outstanding videos on the organization’s YouTube channel. Enjoy!

Permalink

The post BSides Philly 2020 – Kelley Robinson’s ‘What If We Had TLS For Phone Numbers’ appeared first on Security Boulevard.

Read More

The post BSides Philly 2020 – Kelley Robinson’s ‘What If We Had TLS For Phone Numbers’ appeared first on Malware Devil.

https://malwaredevil.com/2021/04/11/bsides-philly-2020-kelley-robinsons-what-if-we-had-tls-for-phone-numbers/?utm_source=rss&utm_medium=rss&utm_campaign=bsides-philly-2020-kelley-robinsons-what-if-we-had-tls-for-phone-numbers

Top-21 Cybersecurity Experts You Must Follow on Twitter in 2021

There is nothing better than learning from the experts when it comes to Cybersecurity. Gaining insights from the industry’s top influencers can prove to be crucial in optimizing your Application Security strategy. Without further adieu, we are glad to share […]

The post Top-21 Cybersecurity Experts You Must Follow on Twitter in 2021 appeared first on Reflectiz.

The post Top-21 Cybersecurity Experts You Must Follow on Twitter in 2021 appeared first on Security Boulevard.

Read More

The post Top-21 Cybersecurity Experts You Must Follow on Twitter in 2021 appeared first on Malware Devil.

https://malwaredevil.com/2021/04/11/top-21-cybersecurity-experts-you-must-follow-on-twitter-in-2021/?utm_source=rss&utm_medium=rss&utm_campaign=top-21-cybersecurity-experts-you-must-follow-on-twitter-in-2021

Endpoint Isolation: Can endpoints be hardened while keeping users productive?

The Challenge   Enterprises, big and small, often need a high grade of endpoint security to comply with industry regulations, client requirements, or simply to prevent disruption to the business and protect internal sensitive information from falling into the wrong hands. However, to support the modern digital workforce, endpoint security restrictions (e.g. removal of local … Continued

The post Endpoint Isolation: Can endpoints be hardened while keeping users productive? appeared first on Hysolate.

The post Endpoint Isolation: Can endpoints be hardened while keeping users productive? appeared first on Security Boulevard.

Read More

The post Endpoint Isolation: Can endpoints be hardened while keeping users productive? appeared first on Malware Devil.

https://malwaredevil.com/2021/04/11/endpoint-isolation-can-endpoints-be-hardened-while-keeping-users-productive/?utm_source=rss&utm_medium=rss&utm_campaign=endpoint-isolation-can-endpoints-be-hardened-while-keeping-users-productive

Three Years In: An Update on the Georgia Cyber Center

Back in 2018, after interviewing technology and security leaders in Georgia, it was clear that the Georgia Cyber Center (GCC) was special — for many reasons. My interview with Calvin Rhodes, CIO of Georgia and executive director of the Georgia Technology Authority (GTA), described the vision, planning, teamwork and execution that made the vision a..

The post Three Years In: An Update on the Georgia Cyber Center appeared first on Security Boulevard.

Read More

The post Three Years In: An Update on the Georgia Cyber Center appeared first on Malware Devil.

https://malwaredevil.com/2021/04/11/three-years-in-an-update-on-the-georgia-cyber-center/?utm_source=rss&utm_medium=rss&utm_campaign=three-years-in-an-update-on-the-georgia-cyber-center

“You shouldn’t treat knowledge like it’s a competition”

A crucial point made in a lecture on computer heuristics by Richard Feynman is knowledge shouldn’t be treated like competition:

The post “You shouldn’t treat knowledge like it’s a competition” appeared first on Security Boulevard.

Read More

The post “You shouldn’t treat knowledge like it’s a competition” appeared first on Malware Devil.

https://malwaredevil.com/2021/04/11/you-shouldnt-treat-knowledge-like-its-a-competition/?utm_source=rss&utm_medium=rss&utm_campaign=you-shouldnt-treat-knowledge-like-its-a-competition