Malware Devil

Thursday, April 29, 2021

ESB-2021.1464 – [SUSE] libnettle: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1464
Security update for libnettle
29 April 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: libnettle
Publisher: SUSE
Operating System: SUSE
Impact/Access: Denial of Service — Remote/Unauthenticated
Access Confidential Data — Remote/Unauthenticated
Reduced Security — Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2021-20305

Reference: ESB-2021.1320
ESB-2021.1279
ESB-2021.1226

Original Bulletin:
https://www.suse.com/support/update/announcement/2021/suse-su-20211412-1
https://www.suse.com/support/update/announcement/2021/suse-su-20211399-1

Comment: This bulletin contains two (2) SUSE security advisories.

– ————————–BEGIN INCLUDED TEXT——————–

SUSE Security Update: Security update for libnettle

______________________________________________________________________________

Announcement ID: SUSE-SU-2021:1412-1
Rating: important
References: #1184401
Cross-References: CVE-2021-20305
Affected Products:
SUSE MicroOS 5.0
SUSE Manager Server 4.0
SUSE Manager Retail Branch Server 4.0
SUSE Manager Proxy 4.0
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP2
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Enterprise Storage 6
SUSE CaaS Platform 4.0
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for libnettle fixes the following issues:

o CVE-2021-20305: Fixed the multiply function which was being called with
out-of-range scalars (bsc#1184401).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:

o SUSE MicroOS 5.0:
zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1412=1
o SUSE Manager Server 4.0:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1412=1
o SUSE Manager Retail Branch Server 4.0:
zypper in -t patch
SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1412=1
o SUSE Manager Proxy 4.0:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1412=1
o SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1412=1
o SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1412=1
o SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1412=1
o SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1412=1
o SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2021-1412=1
o SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1412=1
o SUSE Linux Enterprise Module for Basesystem 15-SP2:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1412=1
o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1412=1
o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1412=1
o SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1412=1
o SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1412=1
o SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2021-1412=1
o SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform ‘skuba’ tool. I will
inform you if it detects new updates and let you then trigger updating of
the complete cluster in a controlled way.

Package List:

o SUSE MicroOS 5.0 (aarch64 x86_64):
libhogweed4-3.4.1-4.15.1
libhogweed4-debuginfo-3.4.1-4.15.1
libnettle-debugsource-3.4.1-4.15.1
libnettle6-3.4.1-4.15.1
libnettle6-debuginfo-3.4.1-4.15.1
o SUSE Manager Server 4.0 (ppc64le s390x x86_64):
libhogweed4-3.4.1-4.15.1
libhogweed4-debuginfo-3.4.1-4.15.1
libnettle-debugsource-3.4.1-4.15.1
libnettle-devel-3.4.1-4.15.1
libnettle6-3.4.1-4.15.1
libnettle6-debuginfo-3.4.1-4.15.1
o SUSE Manager Server 4.0 (x86_64):
libhogweed4-32bit-3.4.1-4.15.1
libhogweed4-32bit-debuginfo-3.4.1-4.15.1
libnettle6-32bit-3.4.1-4.15.1
libnettle6-32bit-debuginfo-3.4.1-4.15.1
o SUSE Manager Retail Branch Server 4.0 (x86_64):
libhogweed4-3.4.1-4.15.1
libhogweed4-32bit-3.4.1-4.15.1
libhogweed4-32bit-debuginfo-3.4.1-4.15.1
libhogweed4-debuginfo-3.4.1-4.15.1
libnettle-debugsource-3.4.1-4.15.1
libnettle-devel-3.4.1-4.15.1
libnettle6-3.4.1-4.15.1
libnettle6-32bit-3.4.1-4.15.1
libnettle6-32bit-debuginfo-3.4.1-4.15.1
libnettle6-debuginfo-3.4.1-4.15.1
o SUSE Manager Proxy 4.0 (x86_64):
libhogweed4-3.4.1-4.15.1
libhogweed4-32bit-3.4.1-4.15.1
libhogweed4-32bit-debuginfo-3.4.1-4.15.1
libhogweed4-debuginfo-3.4.1-4.15.1
libnettle-debugsource-3.4.1-4.15.1
libnettle-devel-3.4.1-4.15.1
libnettle6-3.4.1-4.15.1
libnettle6-32bit-3.4.1-4.15.1
libnettle6-32bit-debuginfo-3.4.1-4.15.1
libnettle6-debuginfo-3.4.1-4.15.1
o SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
libhogweed4-3.4.1-4.15.1
libhogweed4-debuginfo-3.4.1-4.15.1
libnettle-debugsource-3.4.1-4.15.1
libnettle-devel-3.4.1-4.15.1
libnettle6-3.4.1-4.15.1
libnettle6-debuginfo-3.4.1-4.15.1
o SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64):
libhogweed4-32bit-3.4.1-4.15.1
libhogweed4-32bit-debuginfo-3.4.1-4.15.1
libnettle6-32bit-3.4.1-4.15.1
libnettle6-32bit-debuginfo-3.4.1-4.15.1
o SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
libhogweed4-3.4.1-4.15.1
libhogweed4-debuginfo-3.4.1-4.15.1
libnettle-debugsource-3.4.1-4.15.1
libnettle-devel-3.4.1-4.15.1
libnettle6-3.4.1-4.15.1
libnettle6-debuginfo-3.4.1-4.15.1
o SUSE Linux Enterprise Server for SAP 15 (x86_64):
libhogweed4-32bit-3.4.1-4.15.1
libhogweed4-32bit-debuginfo-3.4.1-4.15.1
libnettle6-32bit-3.4.1-4.15.1
libnettle6-32bit-debuginfo-3.4.1-4.15.1
o SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
libhogweed4-3.4.1-4.15.1
libhogweed4-debuginfo-3.4.1-4.15.1
libnettle-debugsource-3.4.1-4.15.1
libnettle-devel-3.4.1-4.15.1
libnettle6-3.4.1-4.15.1
libnettle6-debuginfo-3.4.1-4.15.1
o SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64):
libhogweed4-32bit-3.4.1-4.15.1
libhogweed4-32bit-debuginfo-3.4.1-4.15.1
libnettle6-32bit-3.4.1-4.15.1
libnettle6-32bit-debuginfo-3.4.1-4.15.1
o SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
libhogweed4-3.4.1-4.15.1
libhogweed4-32bit-3.4.1-4.15.1
libhogweed4-32bit-debuginfo-3.4.1-4.15.1
libhogweed4-debuginfo-3.4.1-4.15.1
libnettle-debugsource-3.4.1-4.15.1
libnettle-devel-3.4.1-4.15.1
libnettle6-3.4.1-4.15.1
libnettle6-32bit-3.4.1-4.15.1
libnettle6-32bit-debuginfo-3.4.1-4.15.1
libnettle6-debuginfo-3.4.1-4.15.1
o SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
libhogweed4-3.4.1-4.15.1
libhogweed4-debuginfo-3.4.1-4.15.1
libnettle-debugsource-3.4.1-4.15.1
libnettle-devel-3.4.1-4.15.1
libnettle6-3.4.1-4.15.1
libnettle6-debuginfo-3.4.1-4.15.1
o SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x
x86_64):
libhogweed4-3.4.1-4.15.1
libhogweed4-debuginfo-3.4.1-4.15.1
libnettle-debugsource-3.4.1-4.15.1
libnettle-devel-3.4.1-4.15.1
libnettle6-3.4.1-4.15.1
libnettle6-debuginfo-3.4.1-4.15.1
o SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64):
libhogweed4-32bit-3.4.1-4.15.1
libhogweed4-32bit-debuginfo-3.4.1-4.15.1
libnettle6-32bit-3.4.1-4.15.1
libnettle6-32bit-debuginfo-3.4.1-4.15.1
o SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x
x86_64):
libhogweed4-3.4.1-4.15.1
libhogweed4-debuginfo-3.4.1-4.15.1
libnettle-debugsource-3.4.1-4.15.1
libnettle-devel-3.4.1-4.15.1
libnettle6-3.4.1-4.15.1
libnettle6-debuginfo-3.4.1-4.15.1
o SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64):
libhogweed4-32bit-3.4.1-4.15.1
libhogweed4-32bit-debuginfo-3.4.1-4.15.1
libnettle6-32bit-3.4.1-4.15.1
libnettle6-32bit-debuginfo-3.4.1-4.15.1
o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64
x86_64):
libhogweed4-3.4.1-4.15.1
libhogweed4-debuginfo-3.4.1-4.15.1
libnettle-debugsource-3.4.1-4.15.1
libnettle-devel-3.4.1-4.15.1
libnettle6-3.4.1-4.15.1
libnettle6-debuginfo-3.4.1-4.15.1
o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64):
libhogweed4-32bit-3.4.1-4.15.1
libhogweed4-32bit-debuginfo-3.4.1-4.15.1
libnettle6-32bit-3.4.1-4.15.1
libnettle6-32bit-debuginfo-3.4.1-4.15.1
o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64
x86_64):
libhogweed4-3.4.1-4.15.1
libhogweed4-debuginfo-3.4.1-4.15.1
libnettle-debugsource-3.4.1-4.15.1
libnettle-devel-3.4.1-4.15.1
libnettle6-3.4.1-4.15.1
libnettle6-debuginfo-3.4.1-4.15.1
o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64):
libhogweed4-32bit-3.4.1-4.15.1
libhogweed4-32bit-debuginfo-3.4.1-4.15.1
libnettle6-32bit-3.4.1-4.15.1
libnettle6-32bit-debuginfo-3.4.1-4.15.1
o SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
libhogweed4-3.4.1-4.15.1
libhogweed4-debuginfo-3.4.1-4.15.1
libnettle-debugsource-3.4.1-4.15.1
libnettle-devel-3.4.1-4.15.1
libnettle6-3.4.1-4.15.1
libnettle6-debuginfo-3.4.1-4.15.1
o SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64):
libhogweed4-32bit-3.4.1-4.15.1
libhogweed4-32bit-debuginfo-3.4.1-4.15.1
libnettle6-32bit-3.4.1-4.15.1
libnettle6-32bit-debuginfo-3.4.1-4.15.1
o SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
libhogweed4-3.4.1-4.15.1
libhogweed4-debuginfo-3.4.1-4.15.1
libnettle-debugsource-3.4.1-4.15.1
libnettle-devel-3.4.1-4.15.1
libnettle6-3.4.1-4.15.1
libnettle6-debuginfo-3.4.1-4.15.1
o SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64):
libhogweed4-32bit-3.4.1-4.15.1
libhogweed4-32bit-debuginfo-3.4.1-4.15.1
libnettle6-32bit-3.4.1-4.15.1
libnettle6-32bit-debuginfo-3.4.1-4.15.1
o SUSE Enterprise Storage 6 (aarch64 x86_64):
libhogweed4-3.4.1-4.15.1
libhogweed4-debuginfo-3.4.1-4.15.1
libnettle-debugsource-3.4.1-4.15.1
libnettle-devel-3.4.1-4.15.1
libnettle6-3.4.1-4.15.1
libnettle6-debuginfo-3.4.1-4.15.1
o SUSE Enterprise Storage 6 (x86_64):
libhogweed4-32bit-3.4.1-4.15.1
libhogweed4-32bit-debuginfo-3.4.1-4.15.1
libnettle6-32bit-3.4.1-4.15.1
libnettle6-32bit-debuginfo-3.4.1-4.15.1
o SUSE CaaS Platform 4.0 (x86_64):
libhogweed4-3.4.1-4.15.1
libhogweed4-32bit-3.4.1-4.15.1
libhogweed4-32bit-debuginfo-3.4.1-4.15.1
libhogweed4-debuginfo-3.4.1-4.15.1
libnettle-debugsource-3.4.1-4.15.1
libnettle-devel-3.4.1-4.15.1
libnettle6-3.4.1-4.15.1
libnettle6-32bit-3.4.1-4.15.1
libnettle6-32bit-debuginfo-3.4.1-4.15.1
libnettle6-debuginfo-3.4.1-4.15.1

References:

o https://www.suse.com/security/cve/CVE-2021-20305.html
o https://bugzilla.suse.com/1184401

– ——————————————————————————–

SUSE Security Update: Security update for libnettle

______________________________________________________________________________

Announcement ID: SUSE-SU-2021:1399-1
Rating: important
References: #1183835 #1184401
Cross-References: CVE-2021-20305
Affected Products:
SUSE OpenStack Cloud Crowbar 9
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud 8
SUSE Linux Enterprise Software Development Kit 12-SP5
SUSE Linux Enterprise Server for SAP 12-SP4
SUSE Linux Enterprise Server for SAP 12-SP3
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server 12-SP4-LTSS
SUSE Linux Enterprise Server 12-SP3-LTSS
SUSE Linux Enterprise Server 12-SP3-BCL
SUSE Linux Enterprise Server 12-SP2-LTSS-SAP
SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON
SUSE Linux Enterprise Server 12-SP2-BCL
HPE Helion Openstack 8
______________________________________________________________________________

An update that solves one vulnerability and has one errata is now available.

Description:

This update for libnettle fixes the following issues:

o CVE-2021-20305: Fixed the multiply function which was being called with
out-of-range scalars (bsc#1184401, bsc#1183835).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:

o SUSE OpenStack Cloud Crowbar 9:
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-1399=1
o SUSE OpenStack Cloud Crowbar 8:
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-1399=1
o SUSE OpenStack Cloud 9:
zypper in -t patch SUSE-OpenStack-Cloud-9-2021-1399=1
o SUSE OpenStack Cloud 8:
zypper in -t patch SUSE-OpenStack-Cloud-8-2021-1399=1
o SUSE Linux Enterprise Software Development Kit 12-SP5:
zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1399=1
o SUSE Linux Enterprise Server for SAP 12-SP4:
zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-1399=1
o SUSE Linux Enterprise Server for SAP 12-SP3:
zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-1399=1
o SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1399=1
o SUSE Linux Enterprise Server 12-SP4-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-1399=1
o SUSE Linux Enterprise Server 12-SP3-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-1399=1
o SUSE Linux Enterprise Server 12-SP3-BCL:
zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-1399=1
o SUSE Linux Enterprise Server 12-SP2-LTSS-SAP:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-SAP-2021-1399=1
o SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-ERICSSON-2021-1399=1
o SUSE Linux Enterprise Server 12-SP2-BCL:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-1399=1
o HPE Helion Openstack 8:
zypper in -t patch HPE-Helion-OpenStack-8-2021-1399=1

Package List:

o SUSE OpenStack Cloud Crowbar 9 (x86_64):
libhogweed2-2.7.1-13.3.1
libhogweed2-32bit-2.7.1-13.3.1
libhogweed2-debuginfo-2.7.1-13.3.1
libhogweed2-debuginfo-32bit-2.7.1-13.3.1
libnettle-debugsource-2.7.1-13.3.1
libnettle4-2.7.1-13.3.1
libnettle4-32bit-2.7.1-13.3.1
libnettle4-debuginfo-2.7.1-13.3.1
libnettle4-debuginfo-32bit-2.7.1-13.3.1
o SUSE OpenStack Cloud Crowbar 8 (x86_64):
libhogweed2-2.7.1-13.3.1
libhogweed2-32bit-2.7.1-13.3.1
libhogweed2-debuginfo-2.7.1-13.3.1
libhogweed2-debuginfo-32bit-2.7.1-13.3.1
libnettle-debugsource-2.7.1-13.3.1
libnettle4-2.7.1-13.3.1
libnettle4-32bit-2.7.1-13.3.1
libnettle4-debuginfo-2.7.1-13.3.1
libnettle4-debuginfo-32bit-2.7.1-13.3.1
o SUSE OpenStack Cloud 9 (x86_64):
libhogweed2-2.7.1-13.3.1
libhogweed2-32bit-2.7.1-13.3.1
libhogweed2-debuginfo-2.7.1-13.3.1
libhogweed2-debuginfo-32bit-2.7.1-13.3.1
libnettle-debugsource-2.7.1-13.3.1
libnettle4-2.7.1-13.3.1
libnettle4-32bit-2.7.1-13.3.1
libnettle4-debuginfo-2.7.1-13.3.1
libnettle4-debuginfo-32bit-2.7.1-13.3.1
o SUSE OpenStack Cloud 8 (x86_64):
libhogweed2-2.7.1-13.3.1
libhogweed2-32bit-2.7.1-13.3.1
libhogweed2-debuginfo-2.7.1-13.3.1
libhogweed2-debuginfo-32bit-2.7.1-13.3.1
libnettle-debugsource-2.7.1-13.3.1
libnettle4-2.7.1-13.3.1
libnettle4-32bit-2.7.1-13.3.1
libnettle4-debuginfo-2.7.1-13.3.1
libnettle4-debuginfo-32bit-2.7.1-13.3.1
o SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le
s390x x86_64):
libnettle-debugsource-2.7.1-13.3.1
libnettle-devel-2.7.1-13.3.1
o SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):
libhogweed2-2.7.1-13.3.1
libhogweed2-debuginfo-2.7.1-13.3.1
libnettle-debugsource-2.7.1-13.3.1
libnettle4-2.7.1-13.3.1
libnettle4-debuginfo-2.7.1-13.3.1
o SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64):
libhogweed2-32bit-2.7.1-13.3.1
libhogweed2-debuginfo-32bit-2.7.1-13.3.1
libnettle4-32bit-2.7.1-13.3.1
libnettle4-debuginfo-32bit-2.7.1-13.3.1
o SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64):
libhogweed2-2.7.1-13.3.1
libhogweed2-debuginfo-2.7.1-13.3.1
libnettle-debugsource-2.7.1-13.3.1
libnettle4-2.7.1-13.3.1
libnettle4-debuginfo-2.7.1-13.3.1
o SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64):
libhogweed2-32bit-2.7.1-13.3.1
libhogweed2-debuginfo-32bit-2.7.1-13.3.1
libnettle4-32bit-2.7.1-13.3.1
libnettle4-debuginfo-32bit-2.7.1-13.3.1
o SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
libhogweed2-2.7.1-13.3.1
libhogweed2-debuginfo-2.7.1-13.3.1
libnettle-debugsource-2.7.1-13.3.1
libnettle4-2.7.1-13.3.1
libnettle4-debuginfo-2.7.1-13.3.1
o SUSE Linux Enterprise Server 12-SP5 (s390x x86_64):
libhogweed2-32bit-2.7.1-13.3.1
libhogweed2-debuginfo-32bit-2.7.1-13.3.1
libnettle4-32bit-2.7.1-13.3.1
libnettle4-debuginfo-32bit-2.7.1-13.3.1
o SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):
libhogweed2-2.7.1-13.3.1
libhogweed2-debuginfo-2.7.1-13.3.1
libnettle-debugsource-2.7.1-13.3.1
libnettle4-2.7.1-13.3.1
libnettle4-debuginfo-2.7.1-13.3.1
o SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64):
libhogweed2-32bit-2.7.1-13.3.1
libhogweed2-debuginfo-32bit-2.7.1-13.3.1
libnettle4-32bit-2.7.1-13.3.1
libnettle4-debuginfo-32bit-2.7.1-13.3.1
o SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64):
libhogweed2-2.7.1-13.3.1
libhogweed2-debuginfo-2.7.1-13.3.1
libnettle-debugsource-2.7.1-13.3.1
libnettle4-2.7.1-13.3.1
libnettle4-debuginfo-2.7.1-13.3.1
o SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64):
libhogweed2-32bit-2.7.1-13.3.1
libhogweed2-debuginfo-32bit-2.7.1-13.3.1
libnettle4-32bit-2.7.1-13.3.1
libnettle4-debuginfo-32bit-2.7.1-13.3.1
o SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):
libhogweed2-2.7.1-13.3.1
libhogweed2-32bit-2.7.1-13.3.1
libhogweed2-debuginfo-2.7.1-13.3.1
libhogweed2-debuginfo-32bit-2.7.1-13.3.1
libnettle-debugsource-2.7.1-13.3.1
libnettle4-2.7.1-13.3.1
libnettle4-32bit-2.7.1-13.3.1
libnettle4-debuginfo-2.7.1-13.3.1
libnettle4-debuginfo-32bit-2.7.1-13.3.1
o SUSE Linux Enterprise Server 12-SP2-LTSS-SAP (x86_64):
libhogweed2-2.7.1-13.3.1
libhogweed2-32bit-2.7.1-13.3.1
libhogweed2-debuginfo-2.7.1-13.3.1
libhogweed2-debuginfo-32bit-2.7.1-13.3.1
libnettle-debugsource-2.7.1-13.3.1
libnettle4-2.7.1-13.3.1
libnettle4-32bit-2.7.1-13.3.1
libnettle4-debuginfo-2.7.1-13.3.1
libnettle4-debuginfo-32bit-2.7.1-13.3.1
o SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON (x86_64):
libhogweed2-2.7.1-13.3.1
libhogweed2-32bit-2.7.1-13.3.1
libhogweed2-debuginfo-2.7.1-13.3.1
libhogweed2-debuginfo-32bit-2.7.1-13.3.1
libnettle-debugsource-2.7.1-13.3.1
libnettle4-2.7.1-13.3.1
libnettle4-32bit-2.7.1-13.3.1
libnettle4-debuginfo-2.7.1-13.3.1
libnettle4-debuginfo-32bit-2.7.1-13.3.1
o SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):
libhogweed2-2.7.1-13.3.1
libhogweed2-32bit-2.7.1-13.3.1
libhogweed2-debuginfo-2.7.1-13.3.1
libhogweed2-debuginfo-32bit-2.7.1-13.3.1
libnettle-debugsource-2.7.1-13.3.1
libnettle4-2.7.1-13.3.1
libnettle4-32bit-2.7.1-13.3.1
libnettle4-debuginfo-2.7.1-13.3.1
libnettle4-debuginfo-32bit-2.7.1-13.3.1
o HPE Helion Openstack 8 (x86_64):
libhogweed2-2.7.1-13.3.1
libhogweed2-32bit-2.7.1-13.3.1
libhogweed2-debuginfo-2.7.1-13.3.1
libhogweed2-debuginfo-32bit-2.7.1-13.3.1
libnettle-debugsource-2.7.1-13.3.1
libnettle4-2.7.1-13.3.1
libnettle4-32bit-2.7.1-13.3.1
libnettle4-debuginfo-2.7.1-13.3.1
libnettle4-debuginfo-32bit-2.7.1-13.3.1

References:

o https://www.suse.com/security/cve/CVE-2021-20305.html
o https://bugzilla.suse.com/1183835
o https://bugzilla.suse.com/1184401

– ————————–END INCLUDED TEXT——————–

You have received this e-mail bulletin as a result of your organisation’s
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT’s members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation’s
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author’s website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
—–BEGIN PGP SIGNATURE—–
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYIokTeNLKJtyKPYoAQjrixAAjoauRHSQsJV+3rhxn+yLIgrHq3dxhCvx
56UE8GuR7Q7hafWRZSk63Y5NI2erIggGDlxxHDVPtwCmAkoAc2U05JyNqLznp6sA
zO9XcKx3rgTyuIIotEMbspUdhb4MKqyS+tEUHPYicQLwXa2tBAinRhp90xoSNTut
jA4yZfYBiMcHIt0LWDWzp+zj2Qgwc9J+k7/xh3wFCWxKo/GmCHy4SgIY7yTuspxS
7uwJK73lRA0pNKSmPwRShhLakHyEh6bVRMKMdu4++8cCx2dP4JiGIBARkzYmOK8a
XFd1oodqTS/HTeAfxaY3c0I89Yq6AN45gB6K6jiSfGK9Q6KxNtaSOftbsuK8JCVJ
tmVDbbwkU0rdOz7B2lu37I6DqGiJTxC4tcKFe/Tv8Ir/cdh8JX+TjHoUqUENnBtn
BPcSkEb42Y74oHGvgvnkr9M1BSAj1LIED9e0VswB0ajR3WZ5rcewjdykADRolBMY
9UMJ1fWw7GBlWzd8ouBg93clNkfaTWFyXZCr2sP2JMWVq40IqK7Oh4B37LrLZf/B
Mu4fkoGL/brRCg3ccLNZNb9gy1lsuEqIPOG76qYTyMP1smj8Yw1JIZpP4bBkoAAZ
j0pGRSKdLG73NUlRTIVAtoCRrJ98fwG391pe3y1FgvyI14hWUGF5mtI7AMdWrerM
6zJ+GVByH3U=
=Tv81
—–END PGP SIGNATURE—–

The post ESB-2021.1464 – [SUSE] libnettle: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/04/29/esb-2021-1464-suse-libnettle-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1464-suse-libnettle-multiple-vulnerabilities

ESB-2021.1465 – ALERT [UNIX/Linux][SUSE] librsvg: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1465
Security update for librsvg
29 April 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: librsvg
Publisher: SUSE
Operating System: SUSE
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Execute Arbitrary Code/Commands — Remote/Unauthenticated
Denial of Service — Remote/Unauthenticated
Access Confidential Data — Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2021-25900

Original Bulletin:
https://www.suse.com/support/update/announcement/2021/suse-su-20211408-1

Comment: This advisory references vulnerabilities in products which run on
platforms other than SUSE. It is recommended that administrators
running librsvg check for an updated version of the software for
their operating system.

– ————————–BEGIN INCLUDED TEXT——————–

SUSE Security Update: Security update for librsvg

______________________________________________________________________________

Announcement ID: SUSE-SU-2021:1408-1
Rating: important
References: #1183403
Cross-References: CVE-2021-25900
Affected Products:
SUSE Linux Enterprise Module for Desktop Applications 15-SP3
SUSE Linux Enterprise Module for Desktop Applications 15-SP2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP2
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for librsvg fixes the following issues:

o librsvg was updated to 2.46.5: * Update dependent crates that had security
vulnerabilities: smallvec to 0.6.14 – RUSTSEC-2018-0003 – CVE-2021-25900
(bsc#1183403)

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:

o SUSE Linux Enterprise Module for Desktop Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-1408=1
o SUSE Linux Enterprise Module for Desktop Applications 15-SP2:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-1408=1
o SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1408=1
o SUSE Linux Enterprise Module for Basesystem 15-SP2:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1408=1

Package List:

o SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64
ppc64le s390x x86_64):
librsvg-debugsource-2.46.5-3.3.1
librsvg-devel-2.46.5-3.3.1
typelib-1_0-Rsvg-2_0-2.46.5-3.3.1
o SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64
ppc64le s390x x86_64):
librsvg-debugsource-2.46.5-3.3.1
librsvg-devel-2.46.5-3.3.1
typelib-1_0-Rsvg-2_0-2.46.5-3.3.1
o SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x
x86_64):
gdk-pixbuf-loader-rsvg-2.46.5-3.3.1
gdk-pixbuf-loader-rsvg-debuginfo-2.46.5-3.3.1
librsvg-2-2-2.46.5-3.3.1
librsvg-2-2-debuginfo-2.46.5-3.3.1
librsvg-debugsource-2.46.5-3.3.1
o SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x
x86_64):
gdk-pixbuf-loader-rsvg-2.46.5-3.3.1
gdk-pixbuf-loader-rsvg-debuginfo-2.46.5-3.3.1
librsvg-2-2-2.46.5-3.3.1
librsvg-2-2-debuginfo-2.46.5-3.3.1
librsvg-debugsource-2.46.5-3.3.1

References:

o https://www.suse.com/security/cve/CVE-2021-25900.html
o https://bugzilla.suse.com/1183403

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYIom+ONLKJtyKPYoAQitTg//fyIHXSsIkNRBuN1BRq/bcVGLLDu+WE1z
Yr7lCvW1HqHNTw1zeHXlVuFWKVds4XkhLrC6FhdKmCitqJtuF0Zml+oobMIzZDKR
fiSN+Q66A8n5TmlXjhNFiVmhz5E6KhHLsAzUPeEyh8yh/4c61rJk9Wj7FFdIwH7q
/ckZn5C9KYaf/jdi+5J5L4HIHBUE3d2LrmyWaQNjLbvHl7mhg9NI8FJQnVr7QzdU
MI5E3Txd8xz64FXd0T0HxImSERTNB10ZEXfMG7MtOsGuMrC46I1tQN7s1A/NqULr
UuoQGZizuWgZXzh2mRhmMGz8j4nUIEv2avBFd4epylPnSVHVsy6lvn3novLpu88j
Y2g3vSBk85AulmT6xKadVafAp+5w3zrQrChSx3yubAkmPRsVuMlZqpFPG2ZSKeLd
tJqeoPGPfxjwHOkHVEjJ2nxJZ+nxsfx6XYEvsYdtoMedPmv4OCR11/Njf57DXYA4
9aEo3R9noscXPJ63PA+GSbVx7LM3W9weOfddhoPam9RrbEgprcdMS6SI+wA9zjry
nrSbx4vwKL+wmiX0W5VTUZFDfLeAAHeysyzuZi4Vxq14FRp5b54x4RH/ftsvxlzl
uqxwmqELUn/kygte9+cOHF5NvkSzFoOTpMSyRE1tkq0B1PbK2z+kkUX5Vnc58Acq
xKbDzrFk970=
=/vS9
—–END PGP SIGNATURE—–

The post ESB-2021.1465 – ALERT [UNIX/Linux][SUSE] librsvg: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/04/29/esb-2021-1465-alert-unix-linuxsuse-librsvg-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1465-alert-unix-linuxsuse-librsvg-multiple-vulnerabilities

ESB-2021.1466 – [SUSE] Linux kernel: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1466
Security update for the Linux Kernel
29 April 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: Linux kernel
Publisher: SUSE
Operating System: SUSE
Impact/Access: Execute Arbitrary Code/Commands — Existing Account
Denial of Service — Existing Account
Access Confidential Data — Existing Account
Reduced Security — Existing Account
Resolution: Mitigation
CVE Names: CVE-2021-28688 CVE-2021-28660 CVE-2021-26931
CVE-2021-26930 CVE-2021-3444

Reference: ESB-2021.1299
ESB-2021.1231
ESB-2021.1228

Original Bulletin:
https://www.suse.com/support/update/announcement/2021/suse-su-20211365-1
https://www.suse.com/support/update/announcement/2021/suse-su-20211344-1
https://www.suse.com/support/update/announcement/2021/suse-su-20211395-1
https://www.suse.com/support/update/announcement/2021/suse-su-20211347-1
https://www.suse.com/support/update/announcement/2021/suse-su-20211373-1
https://www.suse.com/support/update/announcement/2021/suse-su-20211341-1

Comment: This bulletin contains six (6) SUSE security advisories.

– ————————–BEGIN INCLUDED TEXT——————–

SUSE Security Update: Security update for the Linux Kernel (Live Patch 17 for
SLE 15 SP1)

______________________________________________________________________________

Announcement ID: SUSE-SU-2021:1365-1
Rating: important
References: #1182294 #1183658 #1184171
Cross-References: CVE-2021-26930 CVE-2021-26931 CVE-2021-28660 CVE-2021-28688
CVE-2021-3444
Affected Products:
SUSE Linux Enterprise Module for Live Patching 15-SP2
SUSE Linux Enterprise Module for Live Patching 15-SP1
SUSE Linux Enterprise Live Patching 12-SP5
______________________________________________________________________________

An update that fixes 5 vulnerabilities is now available.

Description:

This update for the Linux Kernel 4.12.14-197_64 fixes several issues.
The following security issues were fixed:

o CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly
handle mod32 destination register truncation when the source register was
known to be 0 leading to out of bounds read (bsc#1184171).
o CVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc#
1183658).
o CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc##1182294, bsc#
1183646).
o CVE-2021-26930: Fixed an improper error handling in blkback’s grant mapping
(XSA-365 bsc#1182294).
o CVE-2021-26931: Fixed an issue where Linux kernel was treating grant
mapping errors as bugs (XSA-362 bsc#1183022).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:

o SUSE Linux Enterprise Module for Live Patching 15-SP2:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2021-1369=1
SUSE-SLE-Module-Live-Patching-15-SP2-2021-1370=1
SUSE-SLE-Module-Live-Patching-15-SP2-2021-1386=1
SUSE-SLE-Module-Live-Patching-15-SP2-2021-1387=1
SUSE-SLE-Module-Live-Patching-15-SP2-2021-1388=1
SUSE-SLE-Module-Live-Patching-15-SP2-2021-1389=1
SUSE-SLE-Module-Live-Patching-15-SP2-2021-1390=1
SUSE-SLE-Module-Live-Patching-15-SP2-2021-1391=1
SUSE-SLE-Module-Live-Patching-15-SP2-2021-1392=1
SUSE-SLE-Module-Live-Patching-15-SP2-2021-1393=1
SUSE-SLE-Module-Live-Patching-15-SP2-2021-1394=1
o SUSE Linux Enterprise Module for Live Patching 15-SP1:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2021-1365=1
SUSE-SLE-Module-Live-Patching-15-SP1-2021-1366=1
SUSE-SLE-Module-Live-Patching-15-SP1-2021-1367=1
SUSE-SLE-Module-Live-Patching-15-SP1-2021-1368=1
SUSE-SLE-Module-Live-Patching-15-SP1-2021-1377=1
SUSE-SLE-Module-Live-Patching-15-SP1-2021-1378=1
SUSE-SLE-Module-Live-Patching-15-SP1-2021-1379=1
SUSE-SLE-Module-Live-Patching-15-SP1-2021-1380=1
SUSE-SLE-Module-Live-Patching-15-SP1-2021-1381=1
SUSE-SLE-Module-Live-Patching-15-SP1-2021-1382=1
SUSE-SLE-Module-Live-Patching-15-SP1-2021-1383=1
SUSE-SLE-Module-Live-Patching-15-SP1-2021-1384=1
o SUSE Linux Enterprise Live Patching 12-SP5:
zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2021-1348=1
SUSE-SLE-Live-Patching-12-SP5-2021-1349=1
SUSE-SLE-Live-Patching-12-SP5-2021-1350=1
SUSE-SLE-Live-Patching-12-SP5-2021-1351=1
SUSE-SLE-Live-Patching-12-SP5-2021-1352=1
SUSE-SLE-Live-Patching-12-SP5-2021-1353=1
SUSE-SLE-Live-Patching-12-SP5-2021-1354=1
SUSE-SLE-Live-Patching-12-SP5-2021-1355=1
SUSE-SLE-Live-Patching-12-SP5-2021-1356=1
SUSE-SLE-Live-Patching-12-SP5-2021-1357=1
SUSE-SLE-Live-Patching-12-SP5-2021-1358=1
SUSE-SLE-Live-Patching-12-SP5-2021-1359=1
SUSE-SLE-Live-Patching-12-SP5-2021-1375=1

Package List:

o SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x
x86_64):
kernel-livepatch-5_3_18-22-default-10-5.2
kernel-livepatch-5_3_18-22-default-debuginfo-10-5.2
kernel-livepatch-5_3_18-24_12-default-8-2.2
kernel-livepatch-5_3_18-24_12-default-debuginfo-8-2.2
kernel-livepatch-5_3_18-24_15-default-8-2.2
kernel-livepatch-5_3_18-24_15-default-debuginfo-8-2.2
kernel-livepatch-5_3_18-24_24-default-8-2.2
kernel-livepatch-5_3_18-24_24-default-debuginfo-8-2.2
kernel-livepatch-5_3_18-24_29-default-6-2.2
kernel-livepatch-5_3_18-24_29-default-debuginfo-6-2.2
kernel-livepatch-5_3_18-24_34-default-6-2.2
kernel-livepatch-5_3_18-24_34-default-debuginfo-6-2.2
kernel-livepatch-5_3_18-24_37-default-6-2.2
kernel-livepatch-5_3_18-24_37-default-debuginfo-6-2.2
kernel-livepatch-5_3_18-24_43-default-5-2.2
kernel-livepatch-5_3_18-24_43-default-debuginfo-5-2.2
kernel-livepatch-5_3_18-24_46-default-5-2.2
kernel-livepatch-5_3_18-24_46-default-debuginfo-5-2.2
kernel-livepatch-5_3_18-24_49-default-4-2.2
kernel-livepatch-5_3_18-24_49-default-debuginfo-4-2.2
kernel-livepatch-5_3_18-24_9-default-9-2.2
kernel-livepatch-5_3_18-24_9-default-debuginfo-9-2.2
kernel-livepatch-SLE15-SP2_Update_0-debugsource-10-5.2
kernel-livepatch-SLE15-SP2_Update_1-debugsource-9-2.2
kernel-livepatch-SLE15-SP2_Update_10-debugsource-4-2.2
kernel-livepatch-SLE15-SP2_Update_2-debugsource-8-2.2
kernel-livepatch-SLE15-SP2_Update_3-debugsource-8-2.2
kernel-livepatch-SLE15-SP2_Update_4-debugsource-8-2.2
kernel-livepatch-SLE15-SP2_Update_5-debugsource-6-2.2
kernel-livepatch-SLE15-SP2_Update_6-debugsource-6-2.2
kernel-livepatch-SLE15-SP2_Update_7-debugsource-6-2.2
kernel-livepatch-SLE15-SP2_Update_8-debugsource-5-2.2
kernel-livepatch-SLE15-SP2_Update_9-debugsource-5-2.2
o SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64):
kernel-livepatch-4_12_14-197_40-default-11-2.2
kernel-livepatch-4_12_14-197_45-default-9-2.2
kernel-livepatch-4_12_14-197_48-default-9-2.2
kernel-livepatch-4_12_14-197_51-default-9-2.2
kernel-livepatch-4_12_14-197_56-default-8-2.2
kernel-livepatch-4_12_14-197_61-default-7-2.2
kernel-livepatch-4_12_14-197_64-default-6-2.2
kernel-livepatch-4_12_14-197_67-default-6-2.2
kernel-livepatch-4_12_14-197_72-default-5-2.2
kernel-livepatch-4_12_14-197_75-default-5-2.2
kernel-livepatch-4_12_14-197_78-default-5-2.2
kernel-livepatch-4_12_14-197_83-default-4-2.2
o SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64):
kgraft-patch-4_12_14-122_20-default-12-2.2
kgraft-patch-4_12_14-122_23-default-11-2.2
kgraft-patch-4_12_14-122_26-default-11-2.2
kgraft-patch-4_12_14-122_29-default-11-2.2
kgraft-patch-4_12_14-122_32-default-11-2.2
kgraft-patch-4_12_14-122_37-default-10-2.2
kgraft-patch-4_12_14-122_41-default-9-2.2
kgraft-patch-4_12_14-122_46-default-7-2.2
kgraft-patch-4_12_14-122_51-default-7-2.2
kgraft-patch-4_12_14-122_54-default-5-2.2
kgraft-patch-4_12_14-122_57-default-5-2.2
kgraft-patch-4_12_14-122_60-default-4-2.2
kgraft-patch-4_12_14-122_63-default-3-2.2

References:

o https://www.suse.com/security/cve/CVE-2021-26930.html
o https://www.suse.com/security/cve/CVE-2021-26931.html
o https://www.suse.com/security/cve/CVE-2021-28660.html
o https://www.suse.com/security/cve/CVE-2021-28688.html
o https://www.suse.com/security/cve/CVE-2021-3444.html
o https://bugzilla.suse.com/1182294
o https://bugzilla.suse.com/1183658
o https://bugzilla.suse.com/1184171

– ——————————————————————————–

SUSE Security Update: Security update for the Linux Kernel (Live Patch 21 for
SLE 15)

______________________________________________________________________________

Announcement ID: SUSE-SU-2021:1344-1
Rating: important
References: #1182294 #1184171
Cross-References: CVE-2021-26930 CVE-2021-26931 CVE-2021-28688 CVE-2021-3444
Affected Products:
SUSE Linux Enterprise Module for Live Patching 15
SUSE Linux Enterprise Live Patching 12-SP4
______________________________________________________________________________

An update that fixes four vulnerabilities is now available.

Description:

This update for the Linux Kernel 4.12.14-150_63 fixes several issues.
The following security issues were fixed:

o CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly
handle mod32 destination register truncation when the source register was
known to be 0 leading to out of bounds read (bsc#1184171).
o CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc##1182294, bsc#
1183646).
o CVE-2021-26930: Fixed an improper error handling in blkback’s grant mapping
(XSA-365 bsc#1182294).
o CVE-2021-26931: Fixed an issue where Linux kernel was treating grant
mapping errors as bugs (XSA-362 bsc#1183022).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:

o SUSE Linux Enterprise Module for Live Patching 15:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2021-1360=1
SUSE-SLE-Module-Live-Patching-15-2021-1361=1
SUSE-SLE-Module-Live-Patching-15-2021-1362=1
SUSE-SLE-Module-Live-Patching-15-2021-1363=1
SUSE-SLE-Module-Live-Patching-15-2021-1376=1
o SUSE Linux Enterprise Live Patching 12-SP4:
zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2021-1342=1
SUSE-SLE-Live-Patching-12-SP4-2021-1343=1
SUSE-SLE-Live-Patching-12-SP4-2021-1344=1
SUSE-SLE-Live-Patching-12-SP4-2021-1345=1
SUSE-SLE-Live-Patching-12-SP4-2021-1346=1
SUSE-SLE-Live-Patching-12-SP4-2021-1374=1

Package List:

o SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64):
kernel-livepatch-4_12_14-150_52-default-9-2.2
kernel-livepatch-4_12_14-150_52-default-debuginfo-9-2.2
kernel-livepatch-4_12_14-150_55-default-9-2.2
kernel-livepatch-4_12_14-150_55-default-debuginfo-9-2.2
kernel-livepatch-4_12_14-150_58-default-8-2.2
kernel-livepatch-4_12_14-150_58-default-debuginfo-8-2.2
kernel-livepatch-4_12_14-150_63-default-6-2.2
kernel-livepatch-4_12_14-150_63-default-debuginfo-6-2.2
kernel-livepatch-4_12_14-150_66-default-4-2.2
kernel-livepatch-4_12_14-150_66-default-debuginfo-4-2.2
o SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64):
kgraft-patch-4_12_14-95_51-default-11-2.2
kgraft-patch-4_12_14-95_54-default-9-2.2
kgraft-patch-4_12_14-95_57-default-9-2.2
kgraft-patch-4_12_14-95_60-default-8-2.2
kgraft-patch-4_12_14-95_65-default-5-2.2
kgraft-patch-4_12_14-95_68-default-4-2.2

References:

o https://www.suse.com/security/cve/CVE-2021-26930.html
o https://www.suse.com/security/cve/CVE-2021-26931.html
o https://www.suse.com/security/cve/CVE-2021-28688.html
o https://www.suse.com/security/cve/CVE-2021-3444.html
o https://bugzilla.suse.com/1182294
o https://bugzilla.suse.com/1184171

– ——————————————————————————–

SUSE Security Update: Security update for the Linux Kernel (Live Patch 23 for
SLE 15 SP1)

______________________________________________________________________________

Announcement ID: SUSE-SU-2021:1395-1
Rating: important
References: #1182294 #1183658 #1184171
Cross-References: CVE-2021-28660 CVE-2021-28688 CVE-2021-3444
Affected Products:
SUSE Linux Enterprise Module for Live Patching 15-SP2
SUSE Linux Enterprise Module for Live Patching 15-SP1
______________________________________________________________________________

An update that fixes three vulnerabilities is now available.

Description:

This update for the Linux Kernel 4.12.14-197_86 fixes several issues.
The following security issues were fixed:

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:

o SUSE Linux Enterprise Module for Live Patching 15-SP2:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2021-1395=1
o SUSE Linux Enterprise Module for Live Patching 15-SP1:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2021-1385=1

Package List:

o SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x
x86_64):
kernel-livepatch-5_3_18-24_52-default-3-2.2
kernel-livepatch-5_3_18-24_52-default-debuginfo-3-2.2
kernel-livepatch-SLE15-SP2_Update_11-debugsource-3-2.2
o SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64):
kernel-livepatch-4_12_14-197_86-default-3-2.2

References:

o https://www.suse.com/security/cve/CVE-2021-28660.html
o https://www.suse.com/security/cve/CVE-2021-28688.html
o https://www.suse.com/security/cve/CVE-2021-3444.html
o https://bugzilla.suse.com/1182294
o https://bugzilla.suse.com/1183658
o https://bugzilla.suse.com/1184171

– ——————————————————————————–

SUSE Security Update: Security update for the Linux Kernel (Live Patch 23 for
SLE 15)

______________________________________________________________________________

Announcement ID: SUSE-SU-2021:1347-1
Rating: important
References: #1182294 #1184171
Cross-References: CVE-2021-28688 CVE-2021-3444
Affected Products:
SUSE Linux Enterprise Module for Live Patching 15
SUSE Linux Enterprise Live Patching 12-SP4
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for the Linux Kernel 4.12.14-150_69 fixes several issues.
The following security issues were fixed:

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:

o SUSE Linux Enterprise Module for Live Patching 15:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2021-1364=1
o SUSE Linux Enterprise Live Patching 12-SP4:
zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2021-1347=1

Package List:

o SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64):
kernel-livepatch-4_12_14-150_69-default-3-2.2
kernel-livepatch-4_12_14-150_69-default-debuginfo-3-2.2
o SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le x86_64):
kgraft-patch-4_12_14-95_71-default-3-2.2

References:

o https://www.suse.com/security/cve/CVE-2021-28688.html
o https://www.suse.com/security/cve/CVE-2021-3444.html
o https://bugzilla.suse.com/1182294
o https://bugzilla.suse.com/1184171

– ——————————————————————————–

SUSE Security Update: Security update for the Linux Kernel (Live Patch 36 for
SLE 12 SP3)

______________________________________________________________________________

Announcement ID: SUSE-SU-2021:1373-1
Rating: important
References: #1182294
Cross-References: CVE-2021-26930 CVE-2021-26931 CVE-2021-28688
Affected Products:
SUSE Linux Enterprise Server for SAP 12-SP3
SUSE Linux Enterprise Server 12-SP3-LTSS
______________________________________________________________________________

An update that fixes three vulnerabilities is now available.

Description:

This update for the Linux Kernel 4.4.180-94_135 fixes one issue.
The following security issues were fixed:

o CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc##1182294, bsc#
1183646).
o CVE-2021-26930: Fixed an improper error handling in blkback’s grant mapping
(XSA-365 bsc#1182294).
o CVE-2021-26931: Fixed an issue where Linux kernel was treating grant
mapping errors as bugs (XSA-362 bsc#1183022).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:

o SUSE Linux Enterprise Server for SAP 12-SP3:
zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-1337=1
SUSE-SLE-SAP-12-SP3-2021-1338=1 SUSE-SLE-SAP-12-SP3-2021-1339=1
SUSE-SLE-SAP-12-SP3-2021-1340=1 SUSE-SLE-SAP-12-SP3-2021-1371=1
SUSE-SLE-SAP-12-SP3-2021-1372=1 SUSE-SLE-SAP-12-SP3-2021-1373=1
o SUSE Linux Enterprise Server 12-SP3-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-1337=1
SUSE-SLE-SERVER-12-SP3-2021-1338=1 SUSE-SLE-SERVER-12-SP3-2021-1339=1
SUSE-SLE-SERVER-12-SP3-2021-1340=1 SUSE-SLE-SERVER-12-SP3-2021-1371=1
SUSE-SLE-SERVER-12-SP3-2021-1372=1 SUSE-SLE-SERVER-12-SP3-2021-1373=1

Package List:

o SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64):
kgraft-patch-4_4_180-94_116-default-10-2.2
kgraft-patch-4_4_180-94_116-default-debuginfo-10-2.2
kgraft-patch-4_4_180-94_121-default-9-2.2
kgraft-patch-4_4_180-94_121-default-debuginfo-9-2.2
kgraft-patch-4_4_180-94_124-default-9-2.2
kgraft-patch-4_4_180-94_124-default-debuginfo-9-2.2
kgraft-patch-4_4_180-94_127-default-9-2.2
kgraft-patch-4_4_180-94_127-default-debuginfo-9-2.2
kgraft-patch-4_4_180-94_130-default-8-2.2
kgraft-patch-4_4_180-94_130-default-debuginfo-8-2.2
kgraft-patch-4_4_180-94_135-default-6-2.2
kgraft-patch-4_4_180-94_135-default-debuginfo-6-2.2
kgraft-patch-4_4_180-94_138-default-4-2.2
kgraft-patch-4_4_180-94_138-default-debuginfo-4-2.2
o SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64):
kgraft-patch-4_4_180-94_116-default-10-2.2
kgraft-patch-4_4_180-94_116-default-debuginfo-10-2.2
kgraft-patch-4_4_180-94_121-default-9-2.2
kgraft-patch-4_4_180-94_121-default-debuginfo-9-2.2
kgraft-patch-4_4_180-94_124-default-9-2.2
kgraft-patch-4_4_180-94_124-default-debuginfo-9-2.2
kgraft-patch-4_4_180-94_127-default-9-2.2
kgraft-patch-4_4_180-94_127-default-debuginfo-9-2.2
kgraft-patch-4_4_180-94_130-default-8-2.2
kgraft-patch-4_4_180-94_130-default-debuginfo-8-2.2
kgraft-patch-4_4_180-94_135-default-6-2.2
kgraft-patch-4_4_180-94_135-default-debuginfo-6-2.2
kgraft-patch-4_4_180-94_138-default-4-2.2
kgraft-patch-4_4_180-94_138-default-debuginfo-4-2.2

References:

– ——————————————————————————–

SUSE Security Update: Security update for the Linux Kernel (Live Patch 38 for
SLE 12 SP3)

______________________________________________________________________________

Announcement ID: SUSE-SU-2021:1341-1
Rating: important
References: #1182294
Cross-References: CVE-2021-28688
Affected Products:
SUSE Linux Enterprise Server for SAP 12-SP3
SUSE Linux Enterprise Server 12-SP3-LTSS
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for the Linux Kernel 4.4.180-94_141 fixes one issue.
The following security issue was fixed:

o CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc##1182294, bsc#
1183646).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:

o SUSE Linux Enterprise Server for SAP 12-SP3:
zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-1341=1
o SUSE Linux Enterprise Server 12-SP3-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-1341=1

Package List:

o SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64):
kgraft-patch-4_4_180-94_141-default-3-2.2
kgraft-patch-4_4_180-94_141-default-debuginfo-3-2.2
o SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64):
kgraft-patch-4_4_180-94_141-default-3-2.2
kgraft-patch-4_4_180-94_141-default-debuginfo-3-2.2

References:

o https://www.suse.com/security/cve/CVE-2021-28688.html
o https://bugzilla.suse.com/1182294

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYIonC+NLKJtyKPYoAQjp8w/+L7Txs1ErEXYvEBw5XomnXL+j/gTX8jzN
QgIFM+VBWJ9/ggLxZC+T8PgfsHcF+pr4ze30vmFkx+qteMwd7O3gtq7WRINy21Fo
JiioB2wAPrtDJAghTbIMilLXMWZGUVa2V/3RUebvoVtE/bSSpzfjPVHyWiGGeZ8C
F2HTlA5l+cGveYBGwxlA/ygTKsEF3tJqlnMKoirLmK6UTFV2YclwC34xyitHGfM/
sRCnyjSmC6SufLv82wTIlthW0mrIi5lQ8NQY6xZ7+m54JfAXbJ2HMlZpENY5JVGb
2pES0DD9huGIYhMgrmJFAG6H/WHQZnrs+h9U1ofiwDmklQI7Gqnc5u47ji9LRUKz
aew/caAxr/0Y50aHxzTpHtE8fsqJjKx31/xI4DHsAwdNuwHKmuFCrXMCqOZjbVBR
Px/+30yXyh9QlwHDnheMkOc42OP1CTeLKbxmpNCZK+BuOK5QgIxIPczlArbXCRNR
weBY+epnS1HJu6JUuSag5M36UkOCFa+5bk4etky3W6XxegaunbeJPYyNJIL0gixV
mi2GtyQ7zf2Ix8/cZGybWCWX6LYxE6RT5VwMgUe1Cm1Bsq9xmwTE0NZBlpJqW0fq
K/gXLR7G3zX3229IJXWyddSoQcR9owX39AIYRy4CvK3L5f1xRPjUPQZ7NdUlm3Yr
4pEqQsCP0oU=
=yKJo
—–END PGP SIGNATURE—–

The post ESB-2021.1466 – [SUSE] Linux kernel: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/04/29/esb-2021-1466-suse-linux-kernel-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1466-suse-linux-kernel-multiple-vulnerabilities

ESB-2021.1452 – [Appliance] BIG-IP (Advanced WAF, ASM): Reduced security – Existing account

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1452
BIG-IP Advanced WAF and ASM Brute Force Protection feature may not properly
support the Post-Redirect-Get application flow
29 April 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: BIG-IP (Advanced WAF, ASM)
Publisher: F5 Networks
Operating System: Network Appliance
Impact/Access: Reduced Security — Existing Account
Resolution: Patch/Upgrade

Original Bulletin:
https://support.f5.com/csp/article/K91414704

– ————————–BEGIN INCLUDED TEXT——————–

K91414704: BIG-IP Advanced WAF and ASM Brute Force Protection feature may not
properly support the Post-Redirect-Get application flow

Original Publication Date: 29 Apr, 2021

Security Advisory Description

The Advanced WAF and BIG-IP ASM systems may not properly support the
Post-Redirect-Get (PRG) application flow implemented on a back-end web server.

This issue occurs when all of the following conditions are met:

o You enabled brute force protection in your security policy.
o You configure your security policy to use Client Side Integrity (CSI) or
CAPTCHA challenge for brute force protection.
o You associated the security policy with the virtual server to protect the
back-end web server with the PRG application flow.

The PRG flow is a common design for login URLs. After users log out, PRG
prevents users from clicking the Back button twice to re-post sensitive
information and log in again. When the brute force protection challenge
receives a response, the flow becomes Post-200OK-Post-Redirect-Get, resulting
in a broken flow.

Impact

After users log out of an application or site, they may log in again by
clicking the browser Back button a multiple times.

Symptoms

As a result of this issue, you may encounter the following symptom:

o After logging out, users log in to an application or site again by
clicking the Back button multiple times.

Security Advisory Status

F5 Product Development has assigned ID 941621 to this issue. F5 has confirmed
that this issue exists in the products listed in the Applies to (see versions)
box, located in the upper-right corner of this article. For information about
releases, point releases, or hotfixes that resolve this issue, refer to the
following table.

Note: F5 evaluates only software versions that have not yet reached the End of
Technical Support (EoTS) phase of their lifecycle. For more information, refer
to the Security hotfixes section of K4602: Overview of the F5 security
vulnerability response policy.

+——————+—————–+—————————————-+
|Type of fix |Fixes introduced |Related articles |
| |in | |
+——————+—————–+—————————————-+
| |15.1.3 |K2200: Most recent versions of F5 |
|Release |14.1.4 |software |
| |13.1.4 | |
+——————+—————–+—————————————-+
|Point release/ |16.0.1.1 |K9502: BIG-IP hotfix and point release |
|hotfix | |matrix |
+——————+—————–+—————————————-+

Recommended Actions

Workaround

To work around this issue, you can disable the CSI or CAPTCHA challenge in your
security policy that is currently protecting your PRG application flow URI from
brute force attack. Then, you can enable the DoS Protection or Bot Defense
feature instead.

You also must add the URI of your PRG application flow to two
database variables: dosl7.prg_iframe_urls and dosl7.cs_qualified_urls. Doing so
allows the Bot Defense feature to send out the CSI challenge to support your
PRG URI.

To add your PRG URI to the database variables, perform the following procedure:

Impact of workaround: Performing the following procedure should not have a
negative impact on your system.

1. Log in to TMOS Shell (tmsh).
2. Enter the following command syntax to add a PRG URI to a database variable:

modify /sys db value

Note: The dosl7.prg_iframe_urls database variable does not currently
support sending out the CAPTCHA challenge for PRG URIs. Additionally, it is
not available in BIG-IP 11.6.x and earlier versions.

For example, you use the DoS Protection or Bot Defense feature to protect
your PRG URI, and the URI is /user_login.php. You enter the following
commands:

modify /sys db dosl7.cs_qualified_urls value /user_login.php
modify /sys db dosl7.prg_iframe_urls value /user_login.php

Note: The database variable accepts a comma-separated list of URIs. When
you add more URIs to the database variable, you must include the existing
URIs and the new URIs in the following format: ,.

3. Enter the following command to verify the PRG URI you entered for
database variable:

list /sys db

For example, you enter the following command to list the URIs you added to
dosl7.prg_iframe_urls:

list /sys db dosl7.prg_iframe_urls

4. For BIG-IP 14.1.x and later, if the affected virtual server is not
associated with a Bot Defense profile, you must configure one using the
following settings.

If the affected virtual server is associated with an existing Bot Defense
profile, you must ensure that it you configured it using the following
settings:

Go to Security > Bot Defense > Bot Defense Profiles > .
Select Browsers, and then in Browser Verification, select Verify
Before Access.
Select General Settings, and then in Enforcement Mode, select
Blocking.

If you do not want to set Enforcement Mode to Blocking, do the
following:

Select Browsers, and then in Verification and Device-ID Challenges
in Transparent Mode, select Enabled.

Note: Other configurations of the Bot Defense Profile are also possible, as
long as you set Browser Verification to Verify Before Access for the
challenged page.

Acknowledgements

This issue was discovered internally by F5.

Supplemental Information

o K51812227: Understanding security advisory versioning
o K41942608: Overview of AskF5 security advisory articles
o K4602: Overview of the F5 security vulnerability response policy
o K4918: Overview of the F5 critical issue hotfix policy
o K8986: F5 software lifecycle policy
o K9502: BIG-IP hotfix and point release matrix
o K13123: Managing BIG-IP product hotfixes (11.x – 16.x)
o K167: Downloading software and firmware from F5
o K9970: Subscribing to email notifications regarding F5 products
o K9957: Creating a custom RSS feed to view new and updated documents

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYIoNzONLKJtyKPYoAQix9w//a881y4BAxuhii8OpvkAIxAAVKwHUlrii
kDSQYaaotZz3402zC9V4iHf92USTg6DF4HVjgNMDn18vIHRegUmIYlP9UL6Fk4j6
hp0ojzAll+vpR3WXCz0bzBGO7CnMFiuuI/LAeu/jbZ5LLzBriKK++qMUw/Jbs97c
Yhw+yugplU91A4++5zyi2FcPHp9ulXUy8w798GZmIHlghic5iUUQtAdDA4XPTYtk
PA6pArsoDkWPgTPGE9ed+bE9gexANgZz59axif6V2+ti9cjiDMkny9GDnTkkxegK
L2TSI7qMQErwGH694dKstco5+zZ6MgEUnwvnLAKyAMCUT6I5tQAnrSLzbIiA/awe
H7x3hB1GcdZFB9xbfZkIAbe7nNv3qxIvLnbuHxZlhkdQunn1nb9X09rvOfQqXlAQ
rmWNM5WD1BPTdHWNMtA9QIB6IC6wLGT7AAu81J92vKrczSv3qPrYQQaRo8mR3Ldd
S8oEOmh366GFIYZr9kbe7ptlprtnZ+TsVY7JoMvG+ALZbcVhfHqADRGptjPiP5EZ
GM6Bjj6cSCRsm0JdCJGtoA962Yu9nKC9OTUTpSaI9cs4FuWTNrKX6JSzHWDgON07
XLedYianYFLDJEzxps1uCmdEtOzlHcNOTow3YCui0Jrbt/aM2OGPMaH0G8GBf06+
xlp1+V22S0A=
=N9fk
—–END PGP SIGNATURE—–

The post ESB-2021.1452 – [Appliance] BIG-IP (Advanced WAF, ASM): Reduced security – Existing account appeared first on Malware Devil.

https://malwaredevil.com/2021/04/29/esb-2021-1452-appliance-big-ip-advanced-waf-asm-reduced-security-existing-account/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1452-appliance-big-ip-advanced-waf-asm-reduced-security-existing-account

ESB-2021.1453 – [Appliance] BIG-IP (Advanced WAF, ASM): Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1453
BIG-IP Advanced WAF and ASM REST API vulnerability CVE-2021-23014
29 April 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: BIG-IP (Advanced WAF, ASM)
Publisher: F5 Networks
Operating System: Network Appliance
Impact/Access: Create Arbitrary Files — Existing Account
Overwrite Arbitrary Files — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-23014

Original Bulletin:
https://support.f5.com/csp/article/K23203045

– ————————–BEGIN INCLUDED TEXT——————–

K23203045: BIG-IP Advanced WAF and ASM REST API vulnerability CVE-2021-23014

Original Publication Date: 29 Apr, 2021

Security Advisory Description

BIG-IP Advanced WAF and ASM are missing authorization checks for file uploads
to a specific directory within the REST API, which might allow authenticated
users with guest privileges to upload files. (CVE-2021-23014)

Impact

If an attacker has network access to the BIG-IP Advanced WAF and ASM devices
and has authenticated with guest privileges, the attacker could upload files to
the BIG-IP Advanced WAF and ASM devices via the REST API. This may allow the
attacker to upload and overwrite a limited set of files on BIG-IP Advanced WAF
and ASM systems.

Security Advisory Status

F5 Product Development has assigned ID 954429 (BIG-IP) to this vulnerability.

To determine if your product and version have been evaluated for this
vulnerability, refer to the Applies to (see versions) box. To determine if your
release is known to be vulnerable, the components or features that are affected
by the vulnerability, and for information about releases, point releases, or
hotfixes that address the vulnerability, refer to the following table. For more
information about security advisory versioning, refer to K51812227:
Understanding security advisory versioning.

Note: After a fix is introduced for a given minor branch, that fix applies to
all subsequent maintenance and point releases for that branch, and no
additional fixes for that branch will be listed in the table. For example, when
a fix is introduced in 14.1.2.3, the fix also applies to 14.1.2.4, and all
later 14.1.x releases (14.1.3.x., 14.1.4.x). For more information, refer to
K51812227: Understanding security advisory versioning. Additionally, software
versions preceding those listed in the following table have reached the End of
Technical Support (EoTS) phase of their lifecycle and are no longer evaluated
for security issues. For more information, refer to the Security hotfixes
section of K4602: Overview of the F5 security vulnerability response policy.

+————+——+————–+———-+———-+——+————-+
| | |Versions known|Fixes | |CVSSv3|Vulnerable |
|Product |Branch|to be |introduced|Severity |score^|component or |
| | |vulnerable^1 |in | |2 |feature |
+————+——+————–+———-+———-+——+————-+
| |16.x |16.0.0 – |16.0.1.1 | | | |
| | |16.0.1 | | | | |
| +——+————–+———-+ | | |
| |15.x |15.1.0 – |15.1.3 | | | |
| | |15.1.2 | | | | |
| +——+————–+———-+ | | |
| |14.x |14.1.0 – |14.1.4 | | | |
|BIG-IP | |14.1.3 | | | | |
|(Advanced +——+————–+———-+Medium |4.3 |REST API |
|WAF, ASM) |13.x |None |Not | | | |
| | | |applicable| | | |
| +——+————–+———-+ | | |
| |12.x |None |Not | | | |
| | | |applicable| | | |
| +——+————–+———-+ | | |
| |11.x |None |Not | | | |
| | | |applicable| | | |
+————+——+————–+———-+———-+——+————-+
| |16.x |None |Not | | | |
| | | |applicable| | | |
| +——+————–+———-+ | | |
| |15.x |None |Not | | | |
| | | |applicable| | | |
| +——+————–+———-+ | | |
| |14.x |None |Not | | | |
|BIG-IP (all | | |applicable|Not | | |
|other +——+————–+———-+vulnerable|None |None |
|modules) |13.x |None |Not | | | |
| | | |applicable| | | |
| +——+————–+———-+ | | |
| |12.x |None |Not | | | |
| | | |applicable| | | |
| +——+————–+———-+ | | |
| |11.x |None |Not | | | |
| | | |applicable| | | |
+————+——+————–+———-+———-+——+————-+
| |7.x |None |Not | | | |
|BIG-IQ | | |applicable|Not | | |
|Centralized +——+————–+———-+vulnerable|None |None |
|Management |6.x |None |Not | | | |
| | | |applicable| | | |
+————+——+————–+———-+———-+——+————-+
|Traffix SDC |5.x |None |Not |Not |None |None |
| | | |applicable|vulnerable| | |
+————+——+————–+———-+———-+——+————-+

^1F5 evaluates only software versions that have not yet reached the End of
Technical Support (EoTS) phase of their lifecycle.

^2The CVSSv3 score link takes you to a resource outside of AskF5, and it is
possible that the document may be removed without our knowledge.

Recommended Actions

If you are running a version listed in the Versions known to be vulnerable
column, you can eliminate this vulnerability by installing a version listed in
the Fixes introduced in column. If the Fixes introduced in column does not list
a version for your branch, then no update candidate currently exists for that
branch and F5 recommends upgrading to a version with the fix (refer to the
table).

If the Fixes introduced in column lists a version prior to the one you are
running, in the same branch, then your version should have the fix.

Mitigation

To mitigate this vulnerability for affected F5 products, you should permit
management access only to F5 products over a secure network to trusted users.
For more information about securing access to BIG-IP Advanced WAF and ASM
systems, refer to K13309: Restricting access to the Configuration utility by
source IP address (11.x – 16.x) and K13092: Overview of securing access to the
BIG-IP system.

Acknowledgements

This issue was discovered internally by F5.

Supplemental Information

o K41942608: Overview of security advisory articles
o K4602: Overview of the F5 security vulnerability response policy
o K4918: Overview of the F5 critical issue hotfix policy
o K8986: F5 software lifecycle policy
o K9502: BIG-IP hotfix and point release matrix
o K13123: Managing BIG-IP product hotfixes (11.x – 16.x)
o K167: Downloading software and firmware from F5
o K9970: Subscribing to email notifications regarding F5 products
o K9957: Creating a custom RSS feed to view new and updated documents

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYIoN2eNLKJtyKPYoAQilsA//dqkEK/rhyggLtVPdVgr4LA7hs+L8neAd
FuJ7B4xrttET0LQFzFdUOUQyqcXNHy0h4PHLDY4p4P7o643OIQ4VmDX0g9Ksa1Lb
vFYl8pX+QWND2BBVs7ZzX3xKRxV4Kyo7HE3f8FRR+xvPGwdW8DldsWEH0+a74hvp
CKoEwBrccEhuaM9r5M0HDbWVY4Zluz6fnM+myrL2NE333N36Y8xQ4XIAjhmGRNnJ
MtjpGZBaFNh3EUHx/vfBKVSvH6zLNhB47sDSJGM+jfvSJgXX9lPT4I+o61GQ9V1R
HSU9gOWLl1m0jx4ZXclwuOwR5OeYK7O4pdt7+uKU3NcYshogE+ayhbfsrcuO6VuZ
3v0mIgsPxt9zbilkX0Ry9nFjZsfFffdNDzIQwKCGwmsqgLGlC1mNbYXW6WI9cnMC
tqeO0VsG79SH+X41RO+KZERqFUSYknMoMth2zrai9wj/d7C98NmJ44yiRwMMC5hu
YYXyh7tY2lITjihtiRjUEJSZF/T9TorXTvjhWpYKOQNF9jJmUGdzlK6nf7ZxGdNC
iD/QPIaAV4vEP+Ss5AxbWpI8h2s2jbTW88VjGv01U5xXLU7il8YhW63aWoky4it2
BrYcCkLbvtx3LipBVGukrwZ/gj35YBVDnhdjjw6CSCuhxdsbnS7Iw+bHJqiaqA66
0hTVqu3MVGQ=
=1fzi
—–END PGP SIGNATURE—–

The post ESB-2021.1453 – [Appliance] BIG-IP (Advanced WAF, ASM): Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/04/29/esb-2021-1453-appliance-big-ip-advanced-waf-asm-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1453-appliance-big-ip-advanced-waf-asm-multiple-vulnerabilities

ESB-2021.1454 – [Appliance] BIG-IP products: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1454
Resource Administrator or Administrator role authenticated
local command execution vulnerability CVE-2021-23012
29 April 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: BIG-IP products
Publisher: F5 Networks
Operating System: Network Appliance
Impact/Access: Execute Arbitrary Code/Commands — Existing Account
Increased Privileges — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-23012

Original Bulletin:
https://support.f5.com/csp/article/K04234247

– ————————–BEGIN INCLUDED TEXT——————–

K04234247: Resource Administrator or Administrator role authenticated local
command execution vulnerability CVE-2021-23012

Original Publication Date: 29 Apr, 2021

Security Advisory Description

Lack of input validation for items used in system support functionality may
allow users granted either “Resource Administrator” or “Administrator” roles to
execute arbitrary bash commands on BIG-IP. (CVE-2021-23012)

Impact

In a standard BIG-IP deployment, a minor privilege escalation may be created
when executed as the Resource Administrator. In an Appliance Mode deployment
scenario this may allow for the aforementioned roles to execute shell commands
to escape the Appliance Mode sandbox.

Security Advisory Status

F5 Product Development has assigned ID 877109 (BIG-IP) to this vulnerability.

+————+——+————-+———-+———–+——+————-+
| | |Versions |Fixes | |CVSSv3|Vulnerable |
|Product |Branch|known to be |introduced|Severity |score^|component or |
| | |vulnerable^1 |in | |2 |feature |
+————+——+————-+———-+———–+——+————-+
| |16.x |16.0.0 – |16.0.1.1 | | | |
| | |16.0.1 | | | | |
| +——+————-+———-+ | | |
| |15.x |15.0.0 – |15.1.3 | | | |
| | |15.1.2 | | | | |
| +——+————-+———-+Medium | | |
| |14.x |14.1.0 – |14.1.4 | |6.0 | |
|BIG-IP (all | |14.1.3 | |– | |System |
|modules) +——+————-+———-+ |– |support |
| |13.x |13.1.0 – |13.1.4 |High – | |functions |
| | |13.1.3 | |Appliance |7.9^3 | |
| +——+————-+———-+Mode Only^3| | |
| |12.x |None |Not | | | |
| | | |applicable| | | |
| +——+————-+———-+ | | |
| |11.x |None |Not | | | |
| | | |applicable| | | |
+————+——+————-+———-+———–+——+————-+
| |7.x |None |Not | | | |
| | | |applicable| | | |
|BIG-IQ +——+————-+———-+ | | |
|Centralized |6.x |None |Not |Not |None |None |
|Management | | |applicable|vulnerable | | |
| +——+————-+———-+ | | |
| |5.x |None |Not | | | |
| | | |applicable| | | |
+————+——+————-+———-+———–+——+————-+
|Traffix SDC |5.x |None |Not |Not |None |None |
| | | |applicable|vulnerable | | |
+————+——+————-+———-+———–+——+————-+

^1F5 evaluates only software versions that have not yet reached the End of
Technical Support (EToS) phase of their lifecycle.

^2The CVSSv3 score link takes you to a resource outside of AskF5, and it is
possible that the document may be removed without our knowledge.

^3The limited number of customers using Appliance Mode will have Scope:
Changed, which raises the CVSSv3 score to 7.9. For information on Appliance
mode, refer to: K12815: Overview of Appliance mode.

Recommended Actions

If the Fixes introduced in column lists a version prior to the one you are
running, in the same branch, then your version should have the fix.

Mitigation

F5 suggests that you audit users assigned the Resource Administrator and
Administrator roles in any installations and limit the number of users assigned
that role. As the vulnerability is exposed only to users assigned the Resource
Administrator and Administrator roles, consider reducing privileges.

For more information, refer to K13092: Overview of securing access to the
BIG-IP system.

Acknowledgements

This issue was discovered internally by F5.

Supplemental Information

o K41942608: Overview of security advisory articles
o K4602: Overview of the F5 security vulnerability response policy
o K4918: Overview of the F5 critical issue hotfix policy
o K8986: F5 software lifecycle policy
o K9502: BIG-IP hotfix and point release matrix
o K13123: Managing BIG-IP product hotfixes (11.x – 16.x)
o K48955220: Installing an OPSWAT Endpoint Security update on BIG-IP APM
systems (11.4.x and later)
o K167: Downloading software and firmware from F5
o K9970: Subscribing to email notifications regarding F5 products
o K9957: Creating a custom RSS feed to view new and updated documents
o K12815: Overview of Appliance mode

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYIoN4uNLKJtyKPYoAQiCZg/+PxnmFpggE6dRxGCVPq1Eua9iGTwPwaP/
fhvuLlkEuf7cluwJEkIpIyz60lGX+3R0r1pPngkzv4NmHk8hJuoDbrgapgQXiwbr
mbsUAsbBduS6ck5uXsnN3vUlk9bTACGzy2ardsNaIKWSegs2ALqZBWMuPrV+ZBYo
8KOo7OREfVF3Meaeuon/HAgdKrfiBdPpdBV7y/ftriLaio73a4qrB2Nfe2p0t7/G
9xWZfTyESOy3PRf+JoQsLO5XUcFeYD3kpqnR2b4F/3ogTfPv75V+3rn7uLzeQ6/2
BOrZ2kkdZ+Qh7ZGSv8t5fv6pL4p3xZHCX0MO+Jc9z9UeUdo2ec76yI2hfb2ylvlV
5sXXBW+0WgAu0QbjssL76RL8Wtn93cgihwIF6oOAtxC/z+GfpNBcoKsp0ofDnknc
TY8r/F+rEV+9Qt5ZWYoOpqEEvlK6VcIUqRxQFW+clE6ZWcfmi2c1nHJV+95LahWn
lEkOvQNj1Ahaju1SQnfkTmNDEAIRXQuGHzVvPoz2OPrUClblbpVU1mgbmXp4MASh
H3jbrs2gKsfNiU4H/vSiHzLDcMGhqvr7eivI75ELKehIoWNDXTP5pkxaP8b0SCHx
Bk41ibM8xyWdYq3KQDclRr8QavmvgiT3a4WqW7SN2vmmQpK07m0U9FkVNpzjsn24
WPI5E1czhfk=
=QFSI
—–END PGP SIGNATURE—–

The post ESB-2021.1454 – [Appliance] BIG-IP products: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/04/29/esb-2021-1454-appliance-big-ip-products-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1454-appliance-big-ip-products-multiple-vulnerabilities

ESB-2021.1455 – [Ubuntu] GStreamer Plugins Good: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1455
USN-4928-1: GStreamer Good Plugins vulnerabilities
29 April 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: GStreamer Plugins Good
Publisher: Ubuntu
Operating System: Ubuntu
Impact/Access: Execute Arbitrary Code/Commands — Existing Account
Denial of Service — Existing Account
Access Confidential Data — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-3498 CVE-2021-3497

Reference: ESB-2021.1407
ESB-2021.1401

Original Bulletin:
https://ubuntu.com/security/notices/USN-4928-1

– ————————–BEGIN INCLUDED TEXT——————–

USN-4928-1: GStreamer Good Plugins vulnerabilities
28 April 2021

Several security issues were fixed in GStreamer Plugins Good.
Releases

o Ubuntu 20.10
o Ubuntu 20.04 LTS
o Ubuntu 18.04 LTS
o Ubuntu 16.04 LTS

Packages

o gst-plugins-good1.0 – GStreamer plugins

Details

It was discovered that GStreamer Good Plugins incorrectly handled certain
files.
An attacker could possibly use this issue to cause access sensitive information
or cause a crash. ( CVE-2021-3497 )

It was discovered that GStreamer Good Plugins incorrectly handled certain
files.
An attacker could possibly use this issue to execute arbitrary code or cause
a crash. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and
Ubuntu
20.10. ( CVE-2021-3498 )

Update instructions

The problem can be corrected by updating your system to the following package
versions:

Ubuntu 20.10

o gstreamer1.0-plugins-good – 1.18.0-1ubuntu1.1

Ubuntu 20.04

o gstreamer1.0-plugins-good – 1.16.2-1ubuntu2.1

Ubuntu 18.04

o gstreamer1.0-plugins-good – 1.14.5-0ubuntu1~18.04.2

Ubuntu 16.04

o gstreamer1.0-plugins-good – 1.8.3-1ubuntu0.5

In general, a standard system update will make all the necessary changes.

References

o CVE-2021-3498
o CVE-2021-3497

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYIoQFONLKJtyKPYoAQhZnxAAgJIR/ayCR9kdsznA26OP5F2Ib/OdCNGf
vzKsYBN6C1Hcn6lIFKvsnpLBk64uDPCfPVtGXwg9lSYDXJpM8RkRL83FaucLNgNa
66twxxaLTQ0IhF/n/8XTeGzBN/bXct73s4bvSLYyZFED0BRr5J1H+7qllj9DKlgc
kKpySvVtNhXBzYNqX/fpxehS8xWFNs3QBGmT5rrhSokZX+SbFJUk+Gnvs8+xfyOY
dJ75K9eHNd3VFQ1PbdTCP7zcwQojxoyZoUz6Yx7f95EzOC4j9uJDWNpmIync+pKA
Cm3AJn8+hfTThWsnywyKXLJl5UBKfFtNO8a0CC6Xz2DXtqR62NnO1YGnyOgsDYwZ
nPesOD9tsAZdBy8PZfsMeM+jr45QiZ88v6bhdpUD/ARda4Z64iTbAf+BvKfGt5Ia
bBCyPUp936t2FRksPNG4LCaqFDJmJK2vmnG/cXkiEcQMtrqzsR7yGANxsbWjb0px
iIkfOO/G0WiN99eixrRdRIHNyNU3H6SPW8Zx9piynKcgMq+s3r/P/sdVy1BZAUD+
xRqNlL8ZTbvxtI2KiapIroDa03ZJCAh9vCHRurkvG1irjYWJgInBRIfM9GmFsGq1
ZzWCjBN/4RWIp2DI/UqxvOYwix631GDd0iTR71yz4jS7KurgYJMqltaZ7beOUiuf
fWM4x8VDsgI=
=LXuX
—–END PGP SIGNATURE—–

The post ESB-2021.1455 – [Ubuntu] GStreamer Plugins Good: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/04/29/esb-2021-1455-ubuntu-gstreamer-plugins-good-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1455-ubuntu-gstreamer-plugins-good-multiple-vulnerabilities

Malware Devil

Malware Devil

Thursday, April 29, 2021

ESB-2021.1464 – [SUSE] libnettle: Multiple vulnerabilities

ESB-2021.1465 – ALERT [UNIX/Linux][SUSE] librsvg: Multiple vulnerabilities

ESB-2021.1466 – [SUSE] Linux kernel: Multiple vulnerabilities

ESB-2021.1452 – [Appliance] BIG-IP (Advanced WAF, ASM): Reduced security – Existing account

ESB-2021.1453 – [Appliance] BIG-IP (Advanced WAF, ASM): Multiple vulnerabilities

ESB-2021.1454 – [Appliance] BIG-IP products: Multiple vulnerabilities

ESB-2021.1455 – [Ubuntu] GStreamer Plugins Good: Multiple vulnerabilities

Barbary Pirates and Russian Cybercrime

Blog Archive

About Me