Malware Devil

2021 Top Enterprise IT TrendsWe’ve identified the key trends that are poised to impact the IT landscape in 2021. Find out why they’re important and how they will affect you today!

Back Issues | Must Reads

Flash Poll

All Polls

How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.

Download Now!

Assessing Cybersecurity Risk in Today’s Enterprises

0 comments

The Malware Threat Landscape

0 comments

How Data Breaches Affect the Enterprise (2020)

0 comments

More Reports

Twitter Feed

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database
CVE-2021-30638
PUBLISHED: 2021-04-27

Information Exposure vulnerability in context asset handling of Apache Tapestry allows an attacker to download files inside WEB-INF if using a specially-constructed URL. This was caused by an incomplete fix for CVE-2020-13953. This issue affects Apache Tapestry Apache Tapestry 5.4.0 version to Apach…

CVE-2020-21987
PUBLISHED: 2021-04-27

HomeAutomation 3.3.2 is affected by persistent Cross Site Scripting (XSS). XSS vulnerabilities occur when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s br…

CVE-2020-21989
PUBLISHED: 2021-04-27

HomeAutomation 3.3.2 is affected by Cross Site Request Forgery (CSRF). The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if…

CVE-2020-21998
PUBLISHED: 2021-04-27

In HomeAutomation 3.3.2 input passed via the ‘redirect’ GET parameter in ‘api.php’ script is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a…

CVE-2020-22000
PUBLISHED: 2021-04-27

HomeAutomation 3.3.2 suffers from an authenticated OS command execution vulnerability using custom command v0.1 plugin. This can be exploited with a CSRF vulnerability to execute arbitrary shell commands as the web user via the ‘set_command_on’ and ‘set_command_off’ POST parameters in ‘/system/syste…

The post Emotet Malware Uninstalled From Infected Devices appeared first on Malware Devil.

https://malwaredevil.com/2021/04/27/emotet-malware-uninstalled-from-infected-devices/?utm_source=rss&utm_medium=rss&utm_campaign=emotet-malware-uninstalled-from-infected-devices

ATT&CK and CTID, Part 2 – Richard Struse – SCW #71

Richard Struse, Director of The Center for Threat-Informed Defense from MITRE Engenuity joins the SCW crew for a two part interview!

-What is threat-informed defense and how does it relate to other aspects of cybersecurity
-The importance of ATT&CK as a lens through which you can view your security posture
-Center for Threat-Informed Defense R&D products aimed at helping defenders better assess the efficacy of the controls they have in place

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://securityweekly.com/scw71

The post ATT&CK and CTID, Part 2 – Richard Struse – SCW #71 appeared first on Malware Devil.

https://malwaredevil.com/2021/04/27/attck-and-ctid-part-2-richard-struse-scw-71/?utm_source=rss&utm_medium=rss&utm_campaign=attck-and-ctid-part-2-richard-struse-scw-71

Linux Kernel Bug Opens Door to Wider Cyberattacks

The information-disclosure flaw allows KASLR bypass and the discovery of additional, unpatched vulnerabilities in ARM devices.
Read More

The post Linux Kernel Bug Opens Door to Wider Cyberattacks appeared first on Malware Devil.

https://malwaredevil.com/2021/04/27/linux-kernel-bug-opens-door-to-wider-cyberattacks/?utm_source=rss&utm_medium=rss&utm_campaign=linux-kernel-bug-opens-door-to-wider-cyberattacks

10K Hackers Defend the Planet Against Extraterrestrials

Hack the Planet’s Cyber Apocalypse capture-the-flag contest attracts 10,000 competitors from across the globe.

(image by Yulyia, via Adobe Stock)

Extraterrestrial hackers pelted Earth with a hideous array of cyberattacks in a nefarious effort to take over the planet — and during Earth Day celebrations, no less. Fortunately, thousands of volunteer security defenders were at the ready to save the planet.

So goes the tale of “Cyber Apocalypse 2021,” the first capture-the-flag (CTF) competition that Hack the Box (HTB) opened up to any and all players across the globe. HTB has a dedicated CTF platform, which has been used to host closed CTF events for universities and businesses. As Daphne Deiktaki, Hack the Box’s head of marketing, said in an interview before the event, Cyber Apocalypse was different because, “We are inviting absolutely everyone in the world. Anyone can join.”

By the time the CTF event closed Friday, 4,470 teams and 9,900 individual players had participated and collectively submitted over 23,000 flags.

Why the week of Earth Day? “The message is, ‘It’s only you who can save us from this terrible fate,'” said Deiktaki. “It’s a way of raising awareness of environmental issues and educating people about cybersecurity at the same time.”

Challenges were created by subject matter experts from Hack the Box and partner CryptoHack, and ranged from difficulty level “beginner” to “insane.” The tasks fell into seven categories: Web, Pwn, Reversing, Cryptography, Forensics, Hardware, and Miscellaneous.

The most dominant flag catchers of the tournament were teams AIGenerated, HackTheCardboardBox, and bootplug. They didn’t just earn top bragging rights either. Prizes included cash, swag, VIP memberships, and credits for training courses, for a total value of US$16,000.

Another big winner of the event: Code.org, a nonprofit organization dedicated to expanding access to computer science education and increasing participation by young women and students from underrepresented groups.

“We wanted to give back,” Deiktaki said. “We wanted to find organizations that were close to our mission. And Code.org just seemed like a great match.” The Cyber Apocalypse event raised $3,000 for the organization.

And the final big winner: Planet Earth, which wasn’t taken over by extraterrestrials. (Probably.)

Deiktaki said the global community CTF will be annual, and Cyber Apocalypse was just the beginning. She also hinted that HTB is planning something special for July, but she didn’t say anymore than that.

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad … View Full Bio

Recommended Reading:

Comment |

Email This |

Print |

RSS

More Insights

Webcasts

Take DevOps to the Next Level

More Webcasts

White Papers

Top Threats to Cloud Computing: The Egregious 11

Data-Driven Vulnerability Remediation with Vulcan Cyber – A Case Study With Snowflake

More White Papers

Reports

Improving Security by Moving Beyond VPN

Accelerate Threat Resolutions with DNS

More Reports

The post 10K Hackers Defend the Planet Against Extraterrestrials appeared first on Malware Devil.

https://malwaredevil.com/2021/04/27/10k-hackers-defend-the-planet-against-extraterrestrials/?utm_source=rss&utm_medium=rss&utm_campaign=10k-hackers-defend-the-planet-against-extraterrestrials

ESB-2021.1403 – [RedHat] thunderbird: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1403
thunderbird security update
27 April 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: thunderbird
Publisher: Red Hat
Operating System: Red Hat
Impact/Access: Execute Arbitrary Code/Commands — Remote with User Interaction
Increased Privileges — Remote with User Interaction
Denial of Service — Remote with User Interaction
Provide Misleading Information — Remote with User Interaction
Access Confidential Data — Remote with User Interaction
Reduced Security — Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2021-29948 CVE-2021-29946 CVE-2021-29945
CVE-2021-24002 CVE-2021-23999 CVE-2021-23998
CVE-2021-23995 CVE-2021-23994 CVE-2021-23961

Reference: ESB-2021.1380
ESB-2021.1313

Original Bulletin:
https://access.redhat.com/errata/RHSA-2021:1350
https://access.redhat.com/errata/RHSA-2021:1351
https://access.redhat.com/errata/RHSA-2021:1352
https://access.redhat.com/errata/RHSA-2021:1353

Comment: This bulletin contains four (4) Red Hat security advisories.

– ————————–BEGIN INCLUDED TEXT——————–

– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: thunderbird security update
Advisory ID: RHSA-2021:1350-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:1350
Issue date: 2021-04-26
CVE Names: CVE-2021-23961 CVE-2021-23994 CVE-2021-23995
CVE-2021-23998 CVE-2021-23999 CVE-2021-24002
CVE-2021-29945 CVE-2021-29946 CVE-2021-29948
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) – x86_64
Red Hat Enterprise Linux Server Optional (v. 7) – ppc64le, x86_64
Red Hat Enterprise Linux Workstation (v. 7) – x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 78.10.0.

Security Fix(es):

* Mozilla: Out of bound write due to lazy initialization (CVE-2021-23994)

* Mozilla: Use-after-free in Responsive Design Mode (CVE-2021-23995)

* Mozilla: More internal network hosts could have been probed by a
malicious webpage (CVE-2021-23961)

* Mozilla: Secure Lock icon could have been spoofed (CVE-2021-23998)

* Mozilla: Blob URLs may have been granted additional privileges
(CVE-2021-23999)

* Mozilla: Arbitrary FTP command execution on FTP servers using an encoded
URL (CVE-2021-24002)

* Mozilla: Incorrect size computation in WebAssembly JIT could lead to
null-reads (CVE-2021-29945)

* Mozilla: Port blocking could be bypassed (CVE-2021-29946)

* Mozilla: Race condition when reading from disk while verifying signatures
(CVE-2021-29948)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1951364 – CVE-2021-23994 Mozilla: Out of bound write due to lazy initialization
1951365 – CVE-2021-23995 Mozilla: Use-after-free in Responsive Design Mode
1951366 – CVE-2021-23998 Mozilla: Secure Lock icon could have been spoofed
1951367 – CVE-2021-23961 Mozilla: More internal network hosts could have been probed by a malicious webpage
1951368 – CVE-2021-23999 Mozilla: Blob URLs may have been granted additional privileges
1951369 – CVE-2021-24002 Mozilla: Arbitrary FTP command execution on FTP servers using an encoded URL
1951370 – CVE-2021-29945 Mozilla: Incorrect size computation in WebAssembly JIT could lead to null-reads
1951371 – CVE-2021-29946 Mozilla: Port blocking could be bypassed
1951381 – CVE-2021-29948 Mozilla: Race condition when reading from disk while verifying signatures

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
thunderbird-78.10.0-1.el7_9.src.rpm

x86_64:
thunderbird-78.10.0-1.el7_9.x86_64.rpm
thunderbird-debuginfo-78.10.0-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

Source:
thunderbird-78.10.0-1.el7_9.src.rpm

ppc64le:
thunderbird-78.10.0-1.el7_9.ppc64le.rpm
thunderbird-debuginfo-78.10.0-1.el7_9.ppc64le.rpm

x86_64:
thunderbird-78.10.0-1.el7_9.x86_64.rpm
thunderbird-debuginfo-78.10.0-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
thunderbird-78.10.0-1.el7_9.src.rpm

x86_64:
thunderbird-78.10.0-1.el7_9.x86_64.rpm
thunderbird-debuginfo-78.10.0-1.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-23961
https://access.redhat.com/security/cve/CVE-2021-23994
https://access.redhat.com/security/cve/CVE-2021-23995
https://access.redhat.com/security/cve/CVE-2021-23998
https://access.redhat.com/security/cve/CVE-2021-23999
https://access.redhat.com/security/cve/CVE-2021-24002
https://access.redhat.com/security/cve/CVE-2021-29945
https://access.redhat.com/security/cve/CVE-2021-29946
https://access.redhat.com/security/cve/CVE-2021-29948
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

iQIVAwUBYIZa7tzjgjWX9erEAQgxUA/+NkFcwhBSQrMLks80W3dULm3VdsLjR+JT
id4qMhlVJ51F2hd+IHv2SAVukOnXyyj2JlYr0pd93fmHABsZWDxrz6CtUnmeQwM8
HyPke7obm4ACct/dGYs60YPGIH+mWuqG2ta4bSTacBQICl8wFp+3Tg3aucI5g6i/
vssCy0lK8sDI1FMbBQ6qF3VM5VIBSodC/pxqIuYMDRVrLw0XNKv2b/6JJrcS/oYH
ZRqj3BA3XWoq9Tu5yIiX0mfrMWqOr/dg1RLbGOybyWyBCWhzUQc6/aY1urMzwvUb
YqoJlXULCl4L9Mt1lwmLPESxLDAuSE6SGDhvkekCeXk7gMvzAs3iQk9ixT76yn9S
UeZIy/K0FoerauQ8oY0tWg3SVzbzA+HUROXZRfCXHitTplH02cFFY9bvcRy2JszD
BB5Z7U1DR401C2xkIrhyKpW1P6mq23PQifM3ENNUhp0cKG3WX/7SwOEZ2rxJaUO6
NL4Ah0IsaERi6NzrcIXWo3rgX7UfaVymxaoMCW7UAOPYu0OY7BsTDEetii7cILS2
47uFcx+zRVZ0PeINr0F8e89woqu+t15Cb5NljbZxPZxsLjnJLf8e6KUTPqwqF/ix
6i48nomJx9/52WufIArL570Q+xRCnOo5WXVFxi9Sv74IyWbWghVVtneFXGLb83kv
mJG4iS62vm0=
=ibFx
– —–END PGP SIGNATURE—–

– ——————————————————————————–

– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: thunderbird security update
Advisory ID: RHSA-2021:1351-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:1351
Issue date: 2021-04-26
CVE Names: CVE-2021-23961 CVE-2021-23994 CVE-2021-23995
CVE-2021-23998 CVE-2021-23999 CVE-2021-24002
CVE-2021-29945 CVE-2021-29946 CVE-2021-29948
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.1
Extended Update Support.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v. 8.1) – ppc64le, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 78.10.0.

Security Fix(es):

* Mozilla: Out of bound write due to lazy initialization (CVE-2021-23994)

* Mozilla: Use-after-free in Responsive Design Mode (CVE-2021-23995)

* Mozilla: More internal network hosts could have been probed by a
malicious webpage (CVE-2021-23961)

* Mozilla: Secure Lock icon could have been spoofed (CVE-2021-23998)

* Mozilla: Blob URLs may have been granted additional privileges
(CVE-2021-23999)

* Mozilla: Arbitrary FTP command execution on FTP servers using an encoded
URL (CVE-2021-24002)

* Mozilla: Incorrect size computation in WebAssembly JIT could lead to
null-reads (CVE-2021-29945)

* Mozilla: Port blocking could be bypassed (CVE-2021-29946)

* Mozilla: Race condition when reading from disk while verifying signatures
(CVE-2021-29948)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v. 8.1):

Source:
thunderbird-78.10.0-1.el8_1.src.rpm

ppc64le:
thunderbird-78.10.0-1.el8_1.ppc64le.rpm
thunderbird-debuginfo-78.10.0-1.el8_1.ppc64le.rpm
thunderbird-debugsource-78.10.0-1.el8_1.ppc64le.rpm

x86_64:
thunderbird-78.10.0-1.el8_1.x86_64.rpm
thunderbird-debuginfo-78.10.0-1.el8_1.x86_64.rpm
thunderbird-debugsource-78.10.0-1.el8_1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

iQIVAwUBYIZUtNzjgjWX9erEAQiCkA/9E4WUCvlBPu/+IG3ZkdG7cg8tsPmMtsX6
gpVIOnUobYXth1n7w7wo4ehiNRL4vB8My4kmJ+Qf/3UKGCNxtGOiqHEV7z0tMAVb
gTF13jCX/uNm5l4z9kEqiY0dP1gNvl4vAJvy2ax4JjXY93MraHsFCyaSPywyd8hJ
G4AGKBcNJZD9VgvHR/uM6rAO2y6fHAc97P/gTXz2wfZYRhDu8PHLWw4HuTagRux9
eBjVC1C8FF3fGntuCLVZfJe99kzQ5dQ3p3w/No/PidDqdyXZEpHn6Nij22Da0Zvj
WRXldT/JdWk8CxmmQtXaiWP3RbiX0cGVBi/JAn4DlkwpSPTMW6RdcLADjW9F4kAe
wB5vPS3SMZel+mHpnAwSrrj2pEj4lt/UQoWXfF0Iz+lcxHFdQ+8diK3BFQuzc1ve
V/c77CvWGgRMJhxZi7iForvaeMF/Notm17+7NJP0zIOmjR7Z0rI8T8cCQKnOzU00
rT7mLIM+/NRQtIQpiq8gHG0Hkzpfpxu8D1SYOOuGBtsxLtigBBjIkYdkOlDeHYzJ
8XYGiG7aYnZhWenGL6XVdeCJ7tVAh6pgYcWfMYpazHUKmMmBP7A7NTRj6hasFYwQ
dAYbOL2w9AhEKXqx07U/NdLUtEs0xuaIqYKyZ57yoML7IHL8Q4ec0+3wDAk3NdfC
XJkQXWRP3Ng=
=EJak
– —–END PGP SIGNATURE—–

– ——————————————————————————–

– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: thunderbird security update
Advisory ID: RHSA-2021:1352-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:1352
Issue date: 2021-04-26
CVE Names: CVE-2021-23961 CVE-2021-23994 CVE-2021-23995
CVE-2021-23998 CVE-2021-23999 CVE-2021-24002
CVE-2021-29945 CVE-2021-29946 CVE-2021-29948
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.2
Extended Update Support.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v. 8.2) – aarch64, ppc64le, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 78.10.0.

Security Fix(es):

* Mozilla: Out of bound write due to lazy initialization (CVE-2021-23994)

* Mozilla: Use-after-free in Responsive Design Mode (CVE-2021-23995)

* Mozilla: More internal network hosts could have been probed by a
malicious webpage (CVE-2021-23961)

* Mozilla: Secure Lock icon could have been spoofed (CVE-2021-23998)

* Mozilla: Blob URLs may have been granted additional privileges
(CVE-2021-23999)

* Mozilla: Arbitrary FTP command execution on FTP servers using an encoded
URL (CVE-2021-24002)

* Mozilla: Incorrect size computation in WebAssembly JIT could lead to
null-reads (CVE-2021-29945)

* Mozilla: Port blocking could be bypassed (CVE-2021-29946)

* Mozilla: Race condition when reading from disk while verifying signatures
(CVE-2021-29948)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v. 8.2):

Source:
thunderbird-78.10.0-1.el8_2.src.rpm

aarch64:
thunderbird-78.10.0-1.el8_2.aarch64.rpm
thunderbird-debuginfo-78.10.0-1.el8_2.aarch64.rpm
thunderbird-debugsource-78.10.0-1.el8_2.aarch64.rpm

ppc64le:
thunderbird-78.10.0-1.el8_2.ppc64le.rpm
thunderbird-debuginfo-78.10.0-1.el8_2.ppc64le.rpm
thunderbird-debugsource-78.10.0-1.el8_2.ppc64le.rpm

x86_64:
thunderbird-78.10.0-1.el8_2.x86_64.rpm
thunderbird-debuginfo-78.10.0-1.el8_2.x86_64.rpm
thunderbird-debugsource-78.10.0-1.el8_2.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

iQIVAwUBYIZXLtzjgjWX9erEAQgTZw//QiZ3trn6aQ5vly6gipmwMaObmMmM3kgD
ark13V1WauBzhMhdqUh84bkI0h/FO0ZqSOYAASGnWHku1ZNbgU2J9Ein6WK/P0z+
VrPUtgEJqi8cLks7PQncTt4aTgNdrUOtawKPL4XhcCKqvHEYhT7xAnMfNmIgy3nM
LQtrTYb1cfoWkzjujv8mAZNahQPK7tbISaVgOWGMaO2fvTxxT8jIOEI26c1v9d7U
Se98HabejHoMBlYiLRkUhtv+7nIRIaWd48CBLFxxmWZWPCka9tLxCXLnfrW6g4jz
AvYHXLnSCu8ZnCq9WLVhVkEyyOhRMUkyGty+4OTezBDZhm8wJLXOoASN8Q1qOLVq
MU+WZZAyiFX/xdIB+Wdh4OllDMHgQVZD04ywN0LA1wp5QR+6eVjkMbEUZH/StEfm
biQqZjdIjK8JTTGwi6zOD47+GF+XY4jCe9PPUKZkv3rl2KorA5S1SpGxWZsFA87B
3xZQF7PN6EZsD5SnbXSVNIpZfU3sJRg5TF77uYZkaO/EKqZuBEnb//cvlv/mnbG8
D2u9VIjORdE8elO3j1gmm+3Gx+YYB2FCGJnZXMGsmUdoliDL0fuhBqDN6sGVtcQK
T8W4vp4s2JWsLdQ7eCnpKJ0zoMhMSP3Gp5XQoZzfPCNnduxm9K5zAgUtOno7rz1m
zBbjpOr6Cbs=
=YopE
– —–END PGP SIGNATURE—–

– ——————————————————————————–

– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: thunderbird security update
Advisory ID: RHSA-2021:1353-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:1353
Issue date: 2021-04-26
CVE Names: CVE-2021-23961 CVE-2021-23994 CVE-2021-23995
CVE-2021-23998 CVE-2021-23999 CVE-2021-24002
CVE-2021-29945 CVE-2021-29946 CVE-2021-29948
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) – aarch64, ppc64le, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 78.10.0.

Security Fix(es):

* Mozilla: Out of bound write due to lazy initialization (CVE-2021-23994)

* Mozilla: Use-after-free in Responsive Design Mode (CVE-2021-23995)

* Mozilla: More internal network hosts could have been probed by a
malicious webpage (CVE-2021-23961)

* Mozilla: Secure Lock icon could have been spoofed (CVE-2021-23998)

* Mozilla: Blob URLs may have been granted additional privileges
(CVE-2021-23999)

* Mozilla: Arbitrary FTP command execution on FTP servers using an encoded
URL (CVE-2021-24002)

* Mozilla: Incorrect size computation in WebAssembly JIT could lead to
null-reads (CVE-2021-29945)

* Mozilla: Port blocking could be bypassed (CVE-2021-29946)

* Mozilla: Race condition when reading from disk while verifying signatures
(CVE-2021-29948)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:
thunderbird-78.10.0-1.el8_3.src.rpm

aarch64:
thunderbird-78.10.0-1.el8_3.aarch64.rpm
thunderbird-debuginfo-78.10.0-1.el8_3.aarch64.rpm
thunderbird-debugsource-78.10.0-1.el8_3.aarch64.rpm

ppc64le:
thunderbird-78.10.0-1.el8_3.ppc64le.rpm
thunderbird-debuginfo-78.10.0-1.el8_3.ppc64le.rpm
thunderbird-debugsource-78.10.0-1.el8_3.ppc64le.rpm

x86_64:
thunderbird-78.10.0-1.el8_3.x86_64.rpm
thunderbird-debuginfo-78.10.0-1.el8_3.x86_64.rpm
thunderbird-debugsource-78.10.0-1.el8_3.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

iQIVAwUBYIZT5tzjgjWX9erEAQh+cw//UaYUfVaXfEvGHpKHT5yTRHxkUB/S3ZbP
uTOQ58Tf5zc2Wy/mQl97Fbp8OL4lIPyPh7iHiZyjpeLBwe9Mgptu0idJDb8w3zrY
FsFFRrmFqWfEK+c9C1+gCGJIRqYTbpWXZxDKPvrYA9FptsHKUmD6LYefCxSQSgyb
R5G2ADRD6LeMRxwKQgaha5vODee8tv9MKq05Bt6DIxyiwGL6NzvSMzeGwhLYQ3FZ
pPLsLnFGMQlZdR400kR0sCkJspu55SlgXmDidafX4KvXEspyO6bxREyD9iF6uOtT
nv0EuGMzax6aLqD/8HeB5UDxI/SsDpB6lNlaS+zzyousIxoFjlp5AKqqUYDx0uRs
zhWJq/Ds60X3Gccm4mK6DgpzivjFW0wrHSLFmOu2Vs0YxL5Q2FbStPfpo92NBQT/
4GilOvYeIB+9NmX96xtKJ4zFB75pDD5DCCmDLJrQweRfwIbCnazbvxGQhEpO2Cle
tZv1qFpOTyEeirUCp+aPs1UWhP2kLJqTJa+1+aEn25gjsx/yBwb84dXrRcfdhLUY
/Zuv4p5aszK8ufLrejVgp3pnBm9XZIsOGPKSZMTDA1O99cJDlhtphT+uquxfODUj
r5zKsnLU/ImEZky7TFMPX4faGUh+Zjq1Km1uVqO7joJ0/Gz4ZMmfaAfnLSuG4hzt
nyVUTma1nXc=
=cLlX
– —–END PGP SIGNATURE—–

– ————————–END INCLUDED TEXT——————–

You have received this e-mail bulletin as a result of your organisation’s
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT’s members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation’s
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author’s website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
—–BEGIN PGP SIGNATURE—–
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYIdm0uNLKJtyKPYoAQhtcA//eBxcOFvIf8xZ+R2M5UdMXTbjxaXb79Vh
gIjbfR7Ml3s5q+aCc7V1uUkaqZiiqF/LBwjhIEXjB02Wgra+VdW5YQUk1K3UKZ0J
shOER7+r15aCo8oHrBx7/ox1rTL5INv1WGNNGyfXiQUOaKaveX00Mg2D97H4p3GE
uvZK7U+QwJZTm2RD0QAIhuUdjvk94t2O7GxfIEwBKaybiqOvoKOqdHLYjpO6hrk5
2FWQSheJujEQ5lyDWe1KzfA1MAh/bhTp6bA7QuyaXtFV+LjG/NuXzcv2T69aa7GE
vI2z5Scl8+Q9gUB9RLc69upBqENglT8kAWi/tT720KNISE5I/Usw+NfvVtwC4KFD
vVod4UUK1ZVQxOn25VMNtILRCM+AwPV/hrIc735Wk6JF0vVhqAYDEImuzx/sOsrM
woKshv3Nl17Uc/7bloRk4vXp1/gKJ//F51vfQ4xo48QTAZ8QvnOhMDY5VeCCqDCx
EU8HAzYL2FasJMjyKAkd3tLZVV/WB/S0rhsr48EUktF3dIHVvAEQpyS5UOmMP3fg
YNtQiu3oqNT4o2gh2+i7xxnCEcN4HtVnPAFwmO71Mv3G4exG4OXLo4K60V6PNhkz
nkLUemzcSym1t2qnmauRSdC5wsS6ul5XpxexJe2NLM7aW07UGCSVbGYXbfqvOx/0
hXXGH570hXY=
=ObFP
—–END PGP SIGNATURE—–

The post ESB-2021.1403 – [RedHat] thunderbird: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/04/27/esb-2021-1403-redhat-thunderbird-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1403-redhat-thunderbird-multiple-vulnerabilities

ESB-2021.1404 – [RedHat] firefox: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1404
firefox security update
27 April 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: firefox
Publisher: Red Hat
Operating System: Red Hat
Impact/Access: Execute Arbitrary Code/Commands — Remote with User Interaction
Increased Privileges — Remote with User Interaction
Denial of Service — Remote with User Interaction
Provide Misleading Information — Remote with User Interaction
Access Confidential Data — Remote with User Interaction
Reduced Security — Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2021-29946 CVE-2021-29945 CVE-2021-24002
CVE-2021-23999 CVE-2021-23998 CVE-2021-23995
CVE-2021-23994 CVE-2021-23961

Reference: ESB-2021.1393
ESB-2021.1390
ESB-2021.1327

Original Bulletin:
https://access.redhat.com/errata/RHSA-2021:1360
https://access.redhat.com/errata/RHSA-2021:1361
https://access.redhat.com/errata/RHSA-2021:1362
https://access.redhat.com/errata/RHSA-2021:1363

Comment: This bulletin contains four (4) Red Hat security advisories.

– ————————–BEGIN INCLUDED TEXT——————–

– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: firefox security update
Advisory ID: RHSA-2021:1360-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:1360
Issue date: 2021-04-26
CVE Names: CVE-2021-23961 CVE-2021-23994 CVE-2021-23995
CVE-2021-23998 CVE-2021-23999 CVE-2021-24002
CVE-2021-29945 CVE-2021-29946
=====================================================================

1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 8.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) – aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance, and portability.

This update upgrades Firefox to version 78.10.0 ESR.

Security Fix(es):

* Mozilla: Out of bound write due to lazy initialization (CVE-2021-23994)

* Mozilla: Use-after-free in Responsive Design Mode (CVE-2021-23995)

* Mozilla: More internal network hosts could have been probed by a
malicious webpage (CVE-2021-23961)

* Mozilla: Secure Lock icon could have been spoofed (CVE-2021-23998)

* Mozilla: Blob URLs may have been granted additional privileges
(CVE-2021-23999)

* Mozilla: Arbitrary FTP command execution on FTP servers using an encoded
URL (CVE-2021-24002)

* Mozilla: Incorrect size computation in WebAssembly JIT could lead to
null-reads (CVE-2021-29945)

* Mozilla: Port blocking could be bypassed (CVE-2021-29946)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:
firefox-78.10.0-1.el8_3.src.rpm

aarch64:
firefox-78.10.0-1.el8_3.aarch64.rpm
firefox-debuginfo-78.10.0-1.el8_3.aarch64.rpm
firefox-debugsource-78.10.0-1.el8_3.aarch64.rpm

ppc64le:
firefox-78.10.0-1.el8_3.ppc64le.rpm
firefox-debuginfo-78.10.0-1.el8_3.ppc64le.rpm
firefox-debugsource-78.10.0-1.el8_3.ppc64le.rpm

s390x:
firefox-78.10.0-1.el8_3.s390x.rpm
firefox-debuginfo-78.10.0-1.el8_3.s390x.rpm
firefox-debugsource-78.10.0-1.el8_3.s390x.rpm

x86_64:
firefox-78.10.0-1.el8_3.x86_64.rpm
firefox-debuginfo-78.10.0-1.el8_3.x86_64.rpm
firefox-debugsource-78.10.0-1.el8_3.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

iQIVAwUBYIahPtzjgjWX9erEAQizTg//ccaflllRZhoozYES3WC8jRTpTW2Hewre
Hhoh2Qr328yH4f7sUr6IGsW/7+ta0oYD7x2sI+X/Xd3Y3hE7nEkwKG9nbjoiorK9
qZoGffWIYLih49o/Yd7jQ4ruqQlLiiqv3atikpnwxsgyEFglvfZ1bRVJMyb7rSHx
ivYIuZtLxnXVDjQLzL+3EawsZeen6SVCJ/Wr0eYSzXsj/RUtQPeSxeQm6/8y7ckA
5ab5eDf2dBsGwUqgInEJhTn/r08pVwmMifKkPYDhmLhEGw86s+XXEvqzaLqr0zDa
8aiRyruRTkxce+3PCgEfzEXE76iwp0+oCmzgCp2M0012bqWImZX7HlRn67F/FkAF
yXidsEPe9dfMfOcjUV6hhajxh6hZIpSY5Aq+CarxRK5Qu1ng57hrZn4VzHNhu5ee
Qq+aWRMKU43um768d2W7e7RM/OTKRS8Kl5yH3k6UR9w04PKcFEMMUEdlZu4oiAKg
uZx9Ij25Dnl/FRrBxMrCh/M+cndoMI5H6B9GkGGJypsvETIbMiedJUYD3kSCXkF7
94UkShwn4v+3Ko543N65FxjFHjCf+zG8HfVhsZyFVhE6PZllGJxP7NpLvT69Ib0M
x1oYhpfw6PXY+HgqXaQc7/iyn2/EFgtMIiYvLSxoroB/tjiROte0NchIcJ+tjYEh
6kcqGeaOe24=
=NvLu
– —–END PGP SIGNATURE—–

– ——————————————————————————–

– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: firefox security update
Advisory ID: RHSA-2021:1361-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:1361
Issue date: 2021-04-26
CVE Names: CVE-2021-23961 CVE-2021-23994 CVE-2021-23995
CVE-2021-23998 CVE-2021-23999 CVE-2021-24002
CVE-2021-29945 CVE-2021-29946
=====================================================================

1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 8.2
Extended Update Support.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v. 8.2) – aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance, and portability.

This update upgrades Firefox to version 78.10.0 ESR.

Security Fix(es):

* Mozilla: Out of bound write due to lazy initialization (CVE-2021-23994)

* Mozilla: Use-after-free in Responsive Design Mode (CVE-2021-23995)

* Mozilla: More internal network hosts could have been probed by a
malicious webpage (CVE-2021-23961)

* Mozilla: Secure Lock icon could have been spoofed (CVE-2021-23998)

* Mozilla: Blob URLs may have been granted additional privileges
(CVE-2021-23999)

* Mozilla: Arbitrary FTP command execution on FTP servers using an encoded
URL (CVE-2021-24002)

* Mozilla: Incorrect size computation in WebAssembly JIT could lead to
null-reads (CVE-2021-29945)

* Mozilla: Port blocking could be bypassed (CVE-2021-29946)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v. 8.2):

Source:
firefox-78.10.0-1.el8_2.src.rpm

aarch64:
firefox-78.10.0-1.el8_2.aarch64.rpm
firefox-debuginfo-78.10.0-1.el8_2.aarch64.rpm
firefox-debugsource-78.10.0-1.el8_2.aarch64.rpm

ppc64le:
firefox-78.10.0-1.el8_2.ppc64le.rpm
firefox-debuginfo-78.10.0-1.el8_2.ppc64le.rpm
firefox-debugsource-78.10.0-1.el8_2.ppc64le.rpm

s390x:
firefox-78.10.0-1.el8_2.s390x.rpm
firefox-debuginfo-78.10.0-1.el8_2.s390x.rpm
firefox-debugsource-78.10.0-1.el8_2.s390x.rpm

x86_64:
firefox-78.10.0-1.el8_2.x86_64.rpm
firefox-debuginfo-78.10.0-1.el8_2.x86_64.rpm
firefox-debugsource-78.10.0-1.el8_2.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

iQIVAwUBYIak/tzjgjWX9erEAQhfBA/9EmBBuAYkmUjm10Eg6Ym/DiQTNybKS/UC
iZR7AIy5jR8xAvhfGzloW2axl0BUk4BYt8X4WkEmf4Q6GNvTcplurmCDuBYD3C0z
j3EVgsn/Axpfr7xL8eaObKsc0qWUkB2e86DgnmJ2zz2JUguPTVkJWk9NV7KYiqnv
DGwN7FuhGnFwrkSzJcBFTm1Pp4dgwqeJr8a/iCYvwm842/lnO2nXYXBTrXxiLINS
8DQJ5vEcqTP2QFWd2axBoukoF03zkTtU7WVAQU0Cs9PB3TZGGYRuCpZsdfgUkjmk
oOYA6Y3lT3afQ2dK5HaT8E/F7jmnWVzchB3zP/yMrYPvdOl3Weo2/HpYpSdTjlLu
NMdpX0GKNdFzyixZ22K7hSFQPJNgsq6+zuJWxajBF5fNEOoI9X8eQgA3/8VV0HiA
qi3Tn70KYlTfjodcFxAc17pHjZ0UiakeSbAZ9QZ4ltV89qVXsbI2Zf8EPuoZN+Dv
5MA0IJOZaLAiaVz8oNoGXt6M5yBFGeSME9HD0RHicQPcfWWISJglWlk9oQnMnUWv
CoFHHKrMCQ9q2ty/DPZKi31tc7dQVhf/dcm+NlFa9Uix7e2wIXsVPoUYZh3cTnfx
p9xdlzD/8pCSGA72gMsGL9b34I+17kNwOOw9lobecpU5X3+YLr7uKMSL0t7g6W6r
khzJopw4knc=
=ZyGQ
– —–END PGP SIGNATURE—–

– ——————————————————————————–

– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: firefox security update
Advisory ID: RHSA-2021:1362-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:1362
Issue date: 2021-04-26
CVE Names: CVE-2021-23961 CVE-2021-23994 CVE-2021-23995
CVE-2021-23998 CVE-2021-23999 CVE-2021-24002
CVE-2021-29945 CVE-2021-29946
=====================================================================

1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 8.1
Extended Update Support.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v. 8.1) – aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance, and portability.

This update upgrades Firefox to version 78.10.0 ESR.

Security Fix(es):

* Mozilla: Out of bound write due to lazy initialization (CVE-2021-23994)

* Mozilla: Use-after-free in Responsive Design Mode (CVE-2021-23995)

* Mozilla: More internal network hosts could have been probed by a
malicious webpage (CVE-2021-23961)

* Mozilla: Secure Lock icon could have been spoofed (CVE-2021-23998)

* Mozilla: Blob URLs may have been granted additional privileges
(CVE-2021-23999)

* Mozilla: Arbitrary FTP command execution on FTP servers using an encoded
URL (CVE-2021-24002)

* Mozilla: Incorrect size computation in WebAssembly JIT could lead to
null-reads (CVE-2021-29945)

* Mozilla: Port blocking could be bypassed (CVE-2021-29946)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v. 8.1):

Source:
firefox-78.10.0-1.el8_1.src.rpm

aarch64:
firefox-78.10.0-1.el8_1.aarch64.rpm
firefox-debuginfo-78.10.0-1.el8_1.aarch64.rpm
firefox-debugsource-78.10.0-1.el8_1.aarch64.rpm

ppc64le:
firefox-78.10.0-1.el8_1.ppc64le.rpm
firefox-debuginfo-78.10.0-1.el8_1.ppc64le.rpm
firefox-debugsource-78.10.0-1.el8_1.ppc64le.rpm

s390x:
firefox-78.10.0-1.el8_1.s390x.rpm
firefox-debuginfo-78.10.0-1.el8_1.s390x.rpm
firefox-debugsource-78.10.0-1.el8_1.s390x.rpm

x86_64:
firefox-78.10.0-1.el8_1.x86_64.rpm
firefox-debuginfo-78.10.0-1.el8_1.x86_64.rpm
firefox-debugsource-78.10.0-1.el8_1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

iQIVAwUBYIahA9zjgjWX9erEAQjUmQ/9HW1avsMCMSDH5mBkJLBoCii1+7W+KxzQ
8opEZUkdZtRlWEILIvvZQq9ebJChZib8nkKQV2InLDZQcg5MOkjPrRgTRjQAzap4
hl3oYgfKKFL+hSSUNJAgoapCPznC7o5KpSOBiKrH85SlcqfPmNBgGoa9HvAkQ+49
hGo363dwLKvkTTeuG3CCA7tPF2A5kwocUaFadVvD08rJu+8vA06+Dsy0ltSZQEtC
9ise1HrImxEqnDqq8+fNvjzXRg5RkUd0VsOcmBhjD7mtRNYcNZc1vDINlcNjy/gX
fO/lfME/tgZR0KfmmQ3nF1XAl+1cru/nwVVDeG79LuBOFzPsBXryUXEpn6PI7qhq
9fXfFfkfcelo/lTqzsVj0Eb89eMgRfOr4HJ0/MEOybHTfbbeKBWYpH0Dd4sOdELT
uBvnBAmFPuwN5RN16KNnIhvhTti4+/f/IQs4AIUO+EafgIyk+UDhRQ2iRVbBSEJF
HtQ8P4CDmMM5s7EqKIuY3T6S0CXG0PzkbeXDry3c6GkG7tRMvzdlV8nFKCSe0mGJ
I6tUV660fMPQ/AX1fUmaeKFwKbUcqy8v6ez+ITyN+dVoApKaG8S6kSFn2Xdd5178
DXfgCLHPDslNhSVMyIXbydO0q/RkPVV7B6AwQN0Cs1FPwUYDCrIikJ2yX3Swn0uu
7MDNLBukpzM=
=xfHz
– —–END PGP SIGNATURE—–

– ——————————————————————————–

– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: firefox security update
Advisory ID: RHSA-2021:1363-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:1363
Issue date: 2021-04-26
CVE Names: CVE-2021-23961 CVE-2021-23994 CVE-2021-23995
CVE-2021-23998 CVE-2021-23999 CVE-2021-24002
CVE-2021-29945 CVE-2021-29946
=====================================================================

1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 7.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) – x86_64
Red Hat Enterprise Linux Client Optional (v. 7) – x86_64
Red Hat Enterprise Linux Server (v. 7) – ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) – x86_64
Red Hat Enterprise Linux Workstation (v. 7) – x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) – x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance, and portability.

This update upgrades Firefox to version 78.10.0 ESR.

Security Fix(es):

* Mozilla: Out of bound write due to lazy initialization (CVE-2021-23994)

* Mozilla: Use-after-free in Responsive Design Mode (CVE-2021-23995)

* Mozilla: More internal network hosts could have been probed by a
malicious webpage (CVE-2021-23961)

* Mozilla: Secure Lock icon could have been spoofed (CVE-2021-23998)

* Mozilla: Blob URLs may have been granted additional privileges
(CVE-2021-23999)

* Mozilla: Arbitrary FTP command execution on FTP servers using an encoded
URL (CVE-2021-24002)

* Mozilla: Incorrect size computation in WebAssembly JIT could lead to
null-reads (CVE-2021-29945)

* Mozilla: Port blocking could be bypassed (CVE-2021-29946)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
firefox-78.10.0-1.el7_9.src.rpm

x86_64:
firefox-78.10.0-1.el7_9.x86_64.rpm
firefox-debuginfo-78.10.0-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:
firefox-78.10.0-1.el7_9.i686.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
firefox-78.10.0-1.el7_9.src.rpm

ppc64:
firefox-78.10.0-1.el7_9.ppc64.rpm
firefox-debuginfo-78.10.0-1.el7_9.ppc64.rpm

ppc64le:
firefox-78.10.0-1.el7_9.ppc64le.rpm
firefox-debuginfo-78.10.0-1.el7_9.ppc64le.rpm

s390x:
firefox-78.10.0-1.el7_9.s390x.rpm
firefox-debuginfo-78.10.0-1.el7_9.s390x.rpm

x86_64:
firefox-78.10.0-1.el7_9.x86_64.rpm
firefox-debuginfo-78.10.0-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

x86_64:
firefox-78.10.0-1.el7_9.i686.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
firefox-78.10.0-1.el7_9.src.rpm

x86_64:
firefox-78.10.0-1.el7_9.x86_64.rpm
firefox-debuginfo-78.10.0-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:
firefox-78.10.0-1.el7_9.i686.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

iQIVAwUBYIao+tzjgjWX9erEAQhzmQ/8DhtWDBfzXnyfQdPYghi3dH/nSeN5IYQZ
7RVywLz0EITJPS0peSM1ufBu9raeAe7M7Zx92usePp7ceTYXdGu3tUPDahVGRo6y
A+c9VGiK8SGPfwYc8QvG7DLkjZXrmmSrP8TFB7fChe6yeJVNPc5+FCoiMEdiv4l8
99VsuUeMlkhgtI0B0KmcKeqO6gziKnb42mCsOCt6vf7CDLNN/eL3FHR/YW5DJmzm
A7VBogIh94m936RJQfCq+MTY6R1+kjo698FqoNX0Nz95oJlzgVQVwzH60z/vGJFO
isanqciJ76p7yoUr0Yvv7CzZiXH22WazFKzQovd72SSNEj2ZRLLlNFCWhPyPyB4F
wFJC/ndcYcfFEP+0aJ5UMS32YlT5v32qDHY3Ti8YTsUqZtwmJgnK6YlAuJLQUTUU
IVHLbx9dNWrsrrW6SFAByhdnRh4lQcvsPmXWUye2t7BVF3eOCiPSo8c0ctIjLkri
TRZr23e+55DlAWGXCvgQMXMIlf60+vGFW1J6wA9I2J1E09Jj0q9RCqnEWecddVBM
n2KmROd9ZrU+RNiW+cv23roRg6We7fgCURXKWMOHmlX37WOfSZ5ZWAb4T9DICZw0
ad/8LyVCalZlOpignUfAxsC/htothdQJ7pL2rCm4nw7Q4U+IW9c9KZfMQAknvbgB
TXe44sBy4Ik=
=G+j3
– —–END PGP SIGNATURE—–

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYIdnHeNLKJtyKPYoAQhLDRAAkg+rtfM+QYZAYHBNdo7pkvAwrM8qwObE
POpmEctwlFYL1aAfmysoN6207hThs62cGPlme8qrpEaqKADPB57KYya8L7r77xhs
Dj+uJkhTR1+Sl+Hhn7QYo/TO0MjzqPRsjaziVCpoxbOdGPCLYYkkqQe7Akp6ZAGI
h8onu/HodLhAs9v8cGcRl9Mn1pyixd5U4k2864N2n/07ips1q5OsVkpp5O+heKDd
YEis01bwYyA2pBUqRlngRRzcdvanAOh61NXSLb8AEc6n7XSbShRIjyaejtS/vIH8
NJGiLxH3+Z94P4cHT6kPygptUsOCkmLax9xC931vfj/UU1Ycx5sRr6D5hToBfZSw
nJD/b66Tv5mdQ8VVmdpSSlbgdelWFZkhXTip4ltSGGiuglJWc9UvZ5tdMmxJXYdJ
A4ttxJHLdIrpyXIPyxYRROJtjsxZDSdq5B7KjqLpAyJ6HlVUGzPH0cQq/R6fyQM1
G7X6WImdxEFv+2ZhZdLMXkszgBCkr5JSCXXqjujnudHveqcuFChPu6OeIU53yfY2
eMLEBzvbjaQwT+ZZRwbbMfya+a0+6jUxWOlI/XuwJUjgEToSmgWmAxVt2cVblfhE
Wi2MG98DbiFC3+VPHrOD0VwixFsNpLCAG1yDC7q7Dbs7I+Bqy81gOpxrnF0Lq/b/
OIsGY61i6kI=
=SNou
—–END PGP SIGNATURE—–

The post ESB-2021.1404 – [RedHat] firefox: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/04/27/esb-2021-1404-redhat-firefox-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1404-redhat-firefox-multiple-vulnerabilities

ESB-2021.1405 – [RedHat] xstream: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1405
xstream security update
27 April 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: xstream
Publisher: Red Hat
Operating System: Red Hat
Impact/Access: Execute Arbitrary Code/Commands — Remote/Unauthenticated
Access Confidential Data — Remote/Unauthenticated
Denial of Service — Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2021-21350 CVE-2021-21347 CVE-2021-21346
CVE-2021-21345 CVE-2021-21344

Reference: ESB-2021.1138

Original Bulletin:
https://access.redhat.com/errata/RHSA-2021:1354

– ————————–BEGIN INCLUDED TEXT——————–

– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: xstream security update
Advisory ID: RHSA-2021:1354-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:1354
Issue date: 2021-04-26
CVE Names: CVE-2021-21344 CVE-2021-21345 CVE-2021-21346
CVE-2021-21347 CVE-2021-21350
=====================================================================

1. Summary:

An update for xstream is now available for Red Hat Enterprise Linux 7.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client Optional (v. 7) – noarch
Red Hat Enterprise Linux ComputeNode Optional (v. 7) – noarch
Red Hat Enterprise Linux Server Optional (v. 7) – noarch
Red Hat Enterprise Linux Workstation Optional (v. 7) – noarch

3. Description:

XStream is a Java XML serialization library to serialize objects to and
deserialize object from XML.

Security Fix(es):

* XStream: Unsafe deserizaliation of javax.sql.rowset.BaseRowSet
(CVE-2021-21344)

* XStream: Unsafe deserizaliation of
com.sun.corba.se.impl.activation.ServerTableEntry (CVE-2021-21345)

* XStream: Unsafe deserizaliation of sun.swing.SwingLazyValue
(CVE-2021-21346)

* XStream: Unsafe deserizaliation of
com.sun.tools.javac.processing.JavacProcessingEnvironment
NameProcessIterator (CVE-2021-21347)

* XStream: Unsafe deserizaliation of
com.sun.org.apache.bcel.internal.util.ClassLoader (CVE-2021-21350)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1942554 – CVE-2021-21344 XStream: Unsafe deserizaliation of javax.sql.rowset.BaseRowSet
1942558 – CVE-2021-21345 XStream: Unsafe deserizaliation of com.sun.corba.se.impl.activation.ServerTableEntry
1942578 – CVE-2021-21346 XStream: Unsafe deserizaliation of sun.swing.SwingLazyValue
1942629 – CVE-2021-21347 XStream: Unsafe deserizaliation of com.sun.tools.javac.processing.JavacProcessingEnvironment NameProcessIterator
1942637 – CVE-2021-21350 XStream: Unsafe deserizaliation of com.sun.org.apache.bcel.internal.util.ClassLoader

6. Package List:

Red Hat Enterprise Linux Client Optional (v. 7):

Source:
xstream-1.3.1-13.el7_9.src.rpm

noarch:
xstream-1.3.1-13.el7_9.noarch.rpm
xstream-javadoc-1.3.1-13.el7_9.noarch.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

Source:
xstream-1.3.1-13.el7_9.src.rpm

noarch:
xstream-1.3.1-13.el7_9.noarch.rpm
xstream-javadoc-1.3.1-13.el7_9.noarch.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

Source:
xstream-1.3.1-13.el7_9.src.rpm

noarch:
xstream-1.3.1-13.el7_9.noarch.rpm
xstream-javadoc-1.3.1-13.el7_9.noarch.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

Source:
xstream-1.3.1-13.el7_9.src.rpm

noarch:
xstream-1.3.1-13.el7_9.noarch.rpm
xstream-javadoc-1.3.1-13.el7_9.noarch.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-21344
https://access.redhat.com/security/cve/CVE-2021-21345
https://access.redhat.com/security/cve/CVE-2021-21346
https://access.redhat.com/security/cve/CVE-2021-21347
https://access.redhat.com/security/cve/CVE-2021-21350
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

iQIVAwUBYIZUmtzjgjWX9erEAQinhg/+NACsFebALwjwqDakWHLCE9vxmDm+cfGM
jwVFv04id2onWd+6xLm3jZycbTTz1r59WMjvZ0GPOw1sHrPDzojOpx45ihcmBlNi
JQDgxvFbyJfNByPVBqKYa+yUcYzIYZ2e5OSmK+o59+e0k2jWJVa/5HkFdQ/vflDE
4h25iR6GBJyhFCZfLVrzGtUu+2SZS4h3ow7uywzyT1SjjlBrocUtsihMc2OnIOlZ
58P+TJGS9CmFdRdcdqS8n+xZDbZapl3fnrBe46sDomA233khmYHBRNeA5oICOj0k
lyGKEHdqqboZNi7xCejVYNqACGut0jB1CUczUkyh+qhJ3uRWb2fhownF2Ywcwrvh
m/fL8GGLEmqL6Ovclk1IWFXpP6bw7iB6KV/H0SWoRNFMCiTDjttY2BAZWvsafAtt
SlzBigZ8JsLmbmSxrF9IUiiCuYwLmW/PB5K16KJwVw0o2GQ0S35eBlY1Mjwr4UBp
lW6zdpdgJmLiuLn4/ogKR/DgK95+PXea/bN/2K2zwo+FLfUF6o9E5oNpYx6hJxwz
TdcCLRYDKjMAE6+NH29Xbr0kHRBxPg3JZuEwSGkSigsoUG+J8U84e4Av0j2QAqeN
IpzHif1i0OQ+q084hF36/x8xzY/8BIPEYHA5YazU79WNSw+0eMqcTv/WQpvpuk5U
0hdbrfx3P3c=
=Uige
– —–END PGP SIGNATURE—–

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYIdpkeNLKJtyKPYoAQjGew/+J//n1M6WlqirzGbZZn5f8Ny1g6nd546K
vAHIhs7aVqOmgrBOzxeGAMskjS+Lrw8IkJ/ySmkWbhaKtU7X4Ws7PReZ+yYQgqm6
ckbGe+4KeZL9RUhCapWZ7rc17hh8wERT9JrcpbAfyoOZmwczbbk+iGjyb2CAWfMd
SJiD/8DcBmEfZhu6fvbdUunmIeDjQqLMZ8MuNcXUR+MOIRCaCaQVPQQM+5WhvXxx
9jHLYmkcc6RX4JUz/BykR/2njC/yCDbS0Kly3Ei2Aoa7qONGBYfAoKlOFx9nKJMs
rO0R0v61CU0PiGxsa6a/d0RrWVnx4TirXira8p0jnCboULgMp5wWIxN0p5ClOFHy
/6sgIS+Hn9j2lZ7UiiMfI+EaFD6CPMlq8S/NvVK9BaxySpfqtZeDlKboFj8pD0SE
rYUzh72tlW3JpCJcyYUm+xIGNuWvYenVUf3mLXN6nPQfC68x09T1u7S8Azew9Qqq
fJAeJggYhiSEjqkIRub3vH/vub9MlhRzd0tNayZS6tHA+e4lsecpSqpuiJBMw+pf
m0mRSya9X/+ux28ndwyy4ocJ2YhdtNHJ3xk4tU+JgXdl23O40vkgmVaVSOKE4K/X
BIUUOMrP7WQ8Z9yMQZ5r+Ca6h3wSKSiir535q6UcZWIAgho8CQ4tQyZPZ1y51vkZ
n7gZhGnJniw=
=5MpZ
—–END PGP SIGNATURE—–

The post ESB-2021.1405 – [RedHat] xstream: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/04/27/esb-2021-1405-redhat-xstream-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1405-redhat-xstream-multiple-vulnerabilities

ESB-2021.1406 – [RedHat] Red Hat Advanced Cluster Management 2.1.6: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1406
Red Hat Advanced Cluster Management 2.1.6 security and bug fix updates
27 April 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: Red Hat Advanced Cluster Management 2.1.6
Publisher: Red Hat
Operating System: Red Hat
Impact/Access: Execute Arbitrary Code/Commands — Remote/Unauthenticated
Increased Privileges — Existing Account
Overwrite Arbitrary Files — Existing Account
Denial of Service — Remote/Unauthenticated
Unauthorised Access — Remote/Unauthenticated
Access Confidential Data — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-27365 CVE-2021-27364 CVE-2021-27363
CVE-2021-26708 CVE-2021-20305 CVE-2021-20218
CVE-2021-3450 CVE-2021-3449 CVE-2021-3347
CVE-2021-3121 CVE-2020-35149 CVE-2020-28374
CVE-2020-27152 CVE-2020-14040 CVE-2020-0466

Reference: ESB-2021.1378
ESB-2021.1340
ESB-2021.1299

Original Bulletin:
https://access.redhat.com/errata/RHSA-2021:1369

– ————————–BEGIN INCLUDED TEXT——————–

– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: Red Hat Advanced Cluster Management 2.1.6 security and bug fix updates
Advisory ID: RHSA-2021:1369-01
Product: Red Hat ACM
Advisory URL: https://access.redhat.com/errata/RHSA-2021:1369
Issue date: 2021-04-26
Keywords: management cluster kubernetes
CVE Names: CVE-2020-0466 CVE-2020-14040 CVE-2020-27152
CVE-2020-28374 CVE-2020-35149 CVE-2021-3121
CVE-2021-3347 CVE-2021-3449 CVE-2021-3450
CVE-2021-20218 CVE-2021-20305 CVE-2021-26708
CVE-2021-27363 CVE-2021-27364 CVE-2021-27365
=====================================================================

1. Summary:

Red Hat Advanced Cluster Management for Kubernetes 2.1.6 General
Availability release images, which fix several bugs and security issues.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

Red Hat Advanced Cluster Management for Kubernetes 2.1.6 images

Red Hat Advanced Cluster Management for Kubernetes provides the
capabilities to address common challenges that administrators and site
reliability engineers face as they work across a range of public and
private cloud environments. Clusters and applications are all visible and
managed from a single consoleÃ¢x{128}x{148}with security policy built in.

This advisory contains the container images for Red Hat Advanced Cluster
Management for Kubernetes, which fix several bugs and security issues. See
the following Release Notes documentation, which will be updated shortly
for this release, for additional details about this release:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana
gement_for_kubernetes/2.1/html/release_notes/

Security fixes:

* golang.org/x/text: possibility to trigger an infinite loop in
encoding/unicode could lead to crash (CVE-2020-14040)

* mquery: Code injection via merge or clone operation (CVE-2020-35149)

For more details about the security issue, including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug fixes:

* RHACM 2.1.6 images (BZ#1940581)

* When generating the import cluster string, it can include unescaped
characters (BZ#1934184)

3. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana
gement_for_kubernetes/2.1/html/install/installing#upgrading-by-using-the-op
erator

4. Bugs fixed (https://bugzilla.redhat.com/):

1853652 – CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash
1929338 – CVE-2020-35149 mquery: Code injection via merge or clone operation
1934184 – When generating the import cluster string, it can include unescaped characters
1940581 – RHACM 2.1.6 images

5. References:

https://access.redhat.com/security/cve/CVE-2020-0466
https://access.redhat.com/security/cve/CVE-2020-14040
https://access.redhat.com/security/cve/CVE-2020-27152
https://access.redhat.com/security/cve/CVE-2020-28374
https://access.redhat.com/security/cve/CVE-2020-35149
https://access.redhat.com/security/cve/CVE-2021-3121
https://access.redhat.com/security/cve/CVE-2021-3347
https://access.redhat.com/security/cve/CVE-2021-3449
https://access.redhat.com/security/cve/CVE-2021-3450
https://access.redhat.com/security/cve/CVE-2021-20218
https://access.redhat.com/security/cve/CVE-2021-20305
https://access.redhat.com/security/cve/CVE-2021-26708
https://access.redhat.com/security/cve/CVE-2021-27363
https://access.redhat.com/security/cve/CVE-2021-27364
https://access.redhat.com/security/cve/CVE-2021-27365
https://access.redhat.com/security/updates/classification/#moderate

6. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

iQIVAwUBYIbqItzjgjWX9erEAQis9w/+LgaC7JXG+4D1nBOaTdQkTShpKXBDBZPB
3pC7vT7V3s86VQmkDXAl6kwJhXlBuNCPRpudEFKKNbUtaEmjGWx8QXUhJethuZ9P
Nf+diMzrzVBOmE1tVPxbzXtF9C9uzFpsThC9BQk/9rsWJ/3nuTzUx6w5/VnxFejR
LqJDls2GEW5ztviy/etE46QfeOHjJTsPRQEoNsSVMae4rJrYrX0AjjLwG7NEX3bD
m6k6zKFe8BIhDNvI5Tpe3dvN6h2v2JCAF+V3im8jPJ3SJ2hzw373/ybZF8t6zFEF
yIqsWZumG1n6J9SS8k5NMcvAe+G+YJT86rccjbcaAYLWIHbYTFGkNUeqSPY89vxO
XSZP6lgfS1DNhxF1tZCFYph1/Jc6YbPqrGgHZeuDFK7+g6+gBFPNsSW9nuSYi7sH
3eTYU9G1/Dq6325dyvTxZnxeZkJhp8reezzgsuu8QvkWoglCVUMK4i6yOyEIS04I
ibQRTvMVP9R3x/WWn6TruQTUJgAf0PT3sG11L26HY2SwF4hcgy38uJoaLmaKaXKq
LtQ4DP1xYLKh3n4NqhJSSEg3Yct4ObyCJedhvux3eFlMXUf/9VIMGxVLrT1pI5cg
Y6irYxFgZMMmb45PiSkaN/lO0RNy05+j+cM3uVwgXNBSDNDP2mLrBNl7VywQJ4cw
hc5e51AhvfQ=
=l0FC
– —–END PGP SIGNATURE—–

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYIdrK+NLKJtyKPYoAQi60g//dxDyYMD/AyruOs5cPQUXtke/+3q9oWMR
QRXRlwBZuosaXGbrk7slYCSpZoWYkdT63aeiE13Z1+qMwv4JB70smj0b7kMAfkyv
ex8xXnia5std26r/61SOaSm69iy4aBElSim17ipqIpmXM9pi1cpIAmX1boYdCgH4
B7AK86L3Ad5SJmzHQd/bpNancg3eGf5V4D7jovB7G4NCMR3G7M4g9F8JXy9sFXOh
POvKg67a67o8xoTp31bBLWeskJQrbA1o5O5Sv8f6JxFI3xLiOtKPIhOxckpPSvnH
sxn8ltKTdjPfRYDk9YfnBKo799yAAPn/KPfVmpLuG9MuSTCz6Dn+Lkmx33Jb0xsP
TkPho59vNwNa9QNvvlVzOe3b+U+7Cuyw6O/W2AW7B3bc6HhlCL0JTTmjz0QeFG3O
yRNzXz3W5QMDofHT60k0P9jt4+w2NA5Ejq5Ew+1qzN3z/pf5UhHZvwMpKUqo0hAv
ab5aP9stgNmovRSDItUey1rbjizjx061FU2pWehdmo1GM6BcUnk2ogsXCkXaErbN
s58+cPsIzK7PUOSn8/seZ1dZFUoPcgj/W6D6RWFYE1i6tUIX5jP5tpqONRUxJbMH
i0zktT5uSz5JlaoNzoatBUpufpIXnofbFE3FF/robZmwYYzdNY5XUjlP8LoIqufT
bUjM5QlfDjU=
=JRNh
—–END PGP SIGNATURE—–

The post ESB-2021.1406 – [RedHat] Red Hat Advanced Cluster Management 2.1.6: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/04/27/esb-2021-1406-redhat-red-hat-advanced-cluster-management-2-1-6-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1406-redhat-red-hat-advanced-cluster-management-2-1-6-multiple-vulnerabilities

Malware Devil

Malware Devil

Tuesday, April 27, 2021

Emotet Malware Uninstalled From Infected Devices

ATT&CK and CTID, Part 2 – Richard Struse – SCW #71

Linux Kernel Bug Opens Door to Wider Cyberattacks

10K Hackers Defend the Planet Against Extraterrestrials

ESB-2021.1403 – [RedHat] thunderbird: Multiple vulnerabilities

ESB-2021.1404 – [RedHat] firefox: Multiple vulnerabilities

ESB-2021.1405 – [RedHat] xstream: Multiple vulnerabilities

ESB-2021.1406 – [RedHat] Red Hat Advanced Cluster Management 2.1.6: Multiple vulnerabilities

Barbary Pirates and Russian Cybercrime

Blog Archive

About Me