Malware Devil

Friday, April 30, 2021

Task Force delivers strategic plan to address global ransomware problem

The Ransomware Task Force (RTF), a think tank composed of more than 60 volunteer experts who represent organizations encompassing industries and governments, has recently pushed out a comprehensive and strategic plan for tackling the increasing threat and evolution of ransomware.

The report, entitled “Combating Ransomware – A Comprehensive Framework for Action: Key Recommendations from the Ransomware Task Force”, which you can read here [PDF] advocates for “a unified, aggressive, comprehensive, public-private anti-ransomware campaign.”

The purpose of creating the document seems to be threefold: first, to educate the targeted reader—in this case, policy makers and industry leaders—about the dangers of ransomware; second, to call for unification amongst organizations to collectively beat the ransomware enterprise; and third, to guide organizations and governments on action items (48 in total) they can pursue to disrupt the ransomware-as-a-service (RaaS) model and extensively lessen the impact of current and future attacks.

“This is great news and sorely needed,” says Jerome Segura, Director of Threat Intelligence at Malwarebytes, in an email. “One key aspect is, of course, international cooperation (or the lack thereof) which has proven to be a key reason why many criminals from Eastern Europe can continue their business without real fear of prosecution.”

Ransomware: a threat to national security

Ransomware attacks had been popping up left and right, even before the COVID-19 pandemic threw a wrench into cybersecurity efforts of many already challenged companies and industries. Ransom demands inflated steeply through the pandemic, and the money raised appears to be being reflected in increasing innovation and sophistication.

The report quantifies the impact of a ransomware attacks with some startling statistics. According to the RTF the average ransom payment in 2020 was $312,493, an increase of 171% over the previous year. Perhaps even more costly and damaging, it puts the average time it takes to fully recover from a ransomware attack at just over nine months.

Ransomware statistics collated by the task force (Source: The RTF Report 2020)

Note that these are average numbers, which means that there are cases when organizations have dealt with much longer downtimes and paid far higher ransoms (demands go into the tens of millions) to get their businesses back up and running as quickly as possible.

Gone are the days when threat actors behind ransomware campaigns targeted organizations they thought had the means to readily cough up money to meet their demands. These past few years, ransomware gangs have become more opportunistic, perhaps comforted by the wide availability of ransom insurance. They have deliberately targeted networks and breached systems of vital infrastructure, such as hospitals, schools, local governments, and nuclear plants, knowing full well that they may be putting lives at risk.

Organizations who refuse to pay the ransom have then to deal with the data leaking that will inevitably follow; the delays caused by identifying and fixing the problems that allowed the ransomware gang into its systems; and the cost to undergo crisis management efforts and generally getting back on track as quickly as possible, while also increasing their overall cybersecurity posture. On the other hand, organizations who do pay the ransom get to spend millions of dollars, too, on top of the ransom payment and still aren’t guaranteed to get their data back, or a speedy recovery.

Ransom payments may then used to fund criminal enterprises that, for example, engage in human trafficking, terrorism, and “the proliferation of mass destruction”. But perhaps the most damaging of all is that ransomware attacks can sow doubt in the minds of the public towards public institutions.

To add salt to the wound, ransomware threat actors do this from within countries that are turning a blind eye to, or even encouraging, these cybercrime campaigns. They are safe havens where gangs know they won’t be charged, prosecuted or extradited for their actions. It is not difficult then to see why the RTF urged its audience to “raise the priority of ransomware within the intelligence community, and designate it as a national security threat” while advocating the use of “criminal prosecution and other tactics”.

Core actions organizations and governments must take

Although there are multiple steps recommended in the report, the RTF prescribes that these steps should be viewed and considered part of a bigger whole as they were each designed to complement and build on each other.

According to the report:

“The strategic framework is organized around four primary goals: to deter ransomware attacks through a nationally and internationally coordinated, comprehensive strategy; to disrupt the business model and reduce criminal profits; to help organizations prepare for ransomware attacks; and to respond to ransomware attacks more effectively.”

To see the necessary impact against the ransomware enterprise, the task force stresses the importance of adopting these steps as soon as possible, with continuous coordination among the involved parties at a national and international level. (The RTF has proposed that the US government take charge in international coordination efforts with its partners.)

Among its priority recommendations, the RTF proposes that greater prioritization be given to an intelligence-driven anti-ransomware efforts; mandatory reporting of ransomware attacks and the creation of Cyber Response and Recovery funds; the development of a framework to help organizations prepare for, and respond to, ransomware attacks; and greater regulation of the cryptocurrency sector.

Among the action items to be done, these are the five most urgent, according to the Ransomware Task Force. The rest are supporting actions that strengthen or lead to the fulfillment of these five. (Source: The RTF Report 2020)

About the RTF and other anti-ransomware efforts

The Institute of Security and Technology (IST) is the host organization that launched the Ransomware Task Force four months ago in December 2020. Before this, significant efforts have been made by organizations within or associated with the cybersecurity industry in combating ransomware.

In January this year, the Cybersecurity and Infrastructure Security Agency (CISA) launched the Reduce the Risk of Ransomware Campaign where it focused on educating the public and private sectors on anti-ransomware best practices and what tools and resources to use to mitigate attacks. CISA’s one-stop page for everything one needs to know about ransomware can be found on this CISA ransomware page.

In July 2016, Europol’s European Cybercrime Centre joined forces with other law enforcement bodies and IT security companies to launch No More Ransom (NMR). Similar to the above mentioned efforts, NMR also aims to help victims recover their data without shelling out money. They do this by collating decryption tools for ransomware families, created by cybersecurity volunteers. You can learn more about No More Ransom by visiting its official website.

The post Task Force delivers strategic plan to address global ransomware problem appeared first on Malwarebytes Labs.

The post Task Force delivers strategic plan to address global ransomware problem appeared first on Malware Devil.

https://malwaredevil.com/2021/04/30/task-force-delivers-strategic-plan-to-address-global-ransomware-problem/?utm_source=rss&utm_medium=rss&utm_campaign=task-force-delivers-strategic-plan-to-address-global-ransomware-problem

PortDoor Espionage Malware Takes Aim at Russian Defense Sector

The stealthy backdoor is likely being used by Chinese APTs, researchers said.
Read More

The post PortDoor Espionage Malware Takes Aim at Russian Defense Sector appeared first on Malware Devil.

https://malwaredevil.com/2021/04/30/portdoor-espionage-malware-takes-aim-at-russian-defense-sector/?utm_source=rss&utm_medium=rss&utm_campaign=portdoor-espionage-malware-takes-aim-at-russian-defense-sector

The Night Witches of WWII

In the famous Pulitzer-prize winning book “The Guns of August“, the author applies some colorful language to illustrate WWI and Imperial Germany. Tuchman for example frames their march like predator ants: (page 251) The German march through Belgium, like the march of predator ants who periodically emerge from the South American jungle to carve a … Continue reading The Night Witches of WWII →

The post The Night Witches of WWII appeared first on Security Boulevard.

The post The Night Witches of WWII appeared first on Malware Devil.

https://malwaredevil.com/2021/04/30/the-night-witches-of-wwii/?utm_source=rss&utm_medium=rss&utm_campaign=the-night-witches-of-wwii

MITRE Adds MacOS, More Data Types to ATT&CK Framework

Version 9 of the popular threat matrix will improve support for a variety of platforms, including cloud infrastructure.

Nonprofit research organization MITRE has released the latest version of its ATT&CK framework, adding support for threat information affecting Apple’s MacOS and containers, while also allowing more data sources and relationships.

The release is one of two updates to the popular framework due out this year, with another planned for October. The two most major changes are better support for both the MacOS and containers and the adoption of more flexible ways of specifying the necessary data to describe each threat technique. The release includes 16 new groups, 67 new pieces of software, and updates to 36 other groups and 51 software entries, according to MITRE.

The goal is to make the framework more functional, based on specific feedback from its community of users, says Adam Pennington, ATT&CK lead at MITRE.

“People look at ATT&CK as a way to map out and plan their defenses,” he says. “We are seeing it used as a way for people to either start from a specific area — such as an adversary that they are worried about or some subset of an attack, and take a look at what their stance is in relation to each of those behaviors — or perhaps as a way to plan out behavioral analytics.”

In a blog published Thursday, the research organization stated that the update is designed to better connect offensive techniques with potential defensive actions. The intent is to tag every technique in the ATT&CK framework with “defensive-focused fields [and] properties as a way to help defenders detect and respond to attacks.

The company had described the improvements in its road map for 2021, published in March. The organization stated there would be no major structural adjustments; instead, MITRE plans to make improvements across the framework.

“Our chief focus will be on enhancing and enriching content across the ATT&CK platforms and technical domains,” MITRE stated in its road map. “We’ll be making incremental updates to core concepts, such as Software and Groups, and working towards a more structured contributions process, while maintaining a biannual release tempo, scheduled for April and October.”

A major initiative in the latest version is to allow better data to be collected on specific threat descriptions included in the ATT&CK framework. The idea is to tell defenders specifically what data they need to collect to best detect attackers and determine which techniques they are using. MITRE reviewed all the different data sources and components and remapped them where necessary.

“The material that people see today is not going to undergo another drastic change. We are just going to be adding more context behind it,” Pennington says. “It’s about getting a better idea of — with their various collection mechanisms, SIEMs, sensors, whatever — what do they need to be looking for to understand an adversary’s behavior.”

The ATT&CK framework now also includes more MacOS-specific threats and mappings, he says. Techniques and data specific to Linux-based systems will arrive with the next update in October.

“We spend a lot of time on Windows, as do adversaries,” Pennington says. “For Linux, we hear a lot going on with containers, but we don’t see a ton of detail in what is going on. The same with Mac. We hear from people there is a lot of activity going on, and we are beginning to incorporate that into ATT&CK.”

MITRE has also brought together the threats, techniques, and data sources for cloud platforms into consolidated groups, such as the infrastructure-as-a-service (IaaS) platform as part of the broader Cloud Service Providers category. In addition, software-as-a-service (SaaS) offerings Office 365 and Google Workspace are not included, so defenders can map adversary behaviors.

The company continues to make modifications based on feedback. In October, the company will release more support for mobile threats and defenses, as well as update the approach to threats that affect industrial control systems.

In the future, ATT&CK will also incorporate container technologies. MITRE has already released ATT&CK for Containers matrix and will be incorporating feedback for future releases, the organization says.

Editor’s note: This article was updated to correct an error regarding when Linux will be explicitly supported in the ATT&CK framework. Linux support is planned for October.

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT’s Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline … View Full Bio

Recommended Reading:

Comment |

Email This |

Print |

RSS

More Insights

Webcasts
More Webcasts

White Papers

Annual Cybercrime Report

The Five Major Security Pitfalls of WFH and How to Solve Them

More White Papers

Reports

Improving Security by Moving Beyond VPN

Accelerate Threat Resolutions with DNS

More Reports

The post MITRE Adds MacOS, More Data Types to ATT&CK Framework appeared first on Malware Devil.

https://malwaredevil.com/2021/04/30/mitre-adds-macos-more-data-types-to-attck-framework/?utm_source=rss&utm_medium=rss&utm_campaign=mitre-adds-macos-more-data-types-to-attck-framework

CISA Emergency Directive 21-03: VPN Vulnerabilities Actively Exploited

On April 20, 2021, the Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) released an alert on the exploitation of Pulse Connect Secure Vulnerabilities with Alert AA21-110A: Exploitation of Pulse Connect Secure Vulnerabilities, as well as Emergency Directive (ED) 21-03, after a FireEye blog shed light on security incidents involving compromises of Pulse Secure VPN appliances. The directive outlines the specific actions all US federal agencies should take to mitigate the vulnerability and maintain compliance.

The post CISA Emergency Directive 21-03: VPN Vulnerabilities Actively Exploited appeared first on Security Boulevard.

The post CISA Emergency Directive 21-03: VPN Vulnerabilities Actively Exploited appeared first on Malware Devil.

https://malwaredevil.com/2021/04/30/cisa-emergency-directive-21-03-vpn-vulnerabilities-actively-exploited/?utm_source=rss&utm_medium=rss&utm_campaign=cisa-emergency-directive-21-03-vpn-vulnerabilities-actively-exploited

WeSteal: A Cryptocurrency-Stealing Tool That Does Just That

The developer of the WeSteal cryptocurrency stealer can’t be bothered with fancy talk: they say flat-out that it’s “the leading way to make money in 2021”.
Read More

The post WeSteal: A Cryptocurrency-Stealing Tool That Does Just That appeared first on Malware Devil.

https://malwaredevil.com/2021/04/30/westeal-a-cryptocurrency-stealing-tool-that-does-just-that/?utm_source=rss&utm_medium=rss&utm_campaign=westeal-a-cryptocurrency-stealing-tool-that-does-just-that

ESB-2021.1478 – [Win][UNIX/Linux][SUSE] samba: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1478
Security update for samba
30 April 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: samba
Publisher: SUSE
Operating System: SUSE
UNIX variants (UNIX, Linux, OSX)
Windows
Impact/Access: Unauthorised Access — Existing Account
Reduced Security — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-20254

Original Bulletin:
https://www.suse.com/support/update/announcement/2021/suse-su-20211442-1
https://www.suse.com/support/update/announcement/2021/suse-su-20211438-1
https://www.suse.com/support/update/announcement/2021/suse-su-202114709-1
https://www.suse.com/support/update/announcement/2021/suse-su-20211439-1

Comment: This bulletin contains four (4) SUSE security advisories.

This advisory references vulnerabilities in products which run on
platforms other than SUSE. It is recommended that administrators
running samba check for an updated version of the software for their
operating system.

– ————————–BEGIN INCLUDED TEXT——————–

SUSE Security Update: Security update for samba

______________________________________________________________________________

Announcement ID: SUSE-SU-2021:1442-1
Rating: important
References: #1184677
Cross-References: CVE-2021-20254
Affected Products:
SUSE Linux Enterprise Server 12-SP2-LTSS-SAP
SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON
SUSE Linux Enterprise Server 12-SP2-BCL
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for samba fixes the following issues:

o CVE-2021-20254: Fixed a buffer overrun in sids_to_unixids() (bsc#1184677).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:

o SUSE Linux Enterprise Server 12-SP2-LTSS-SAP:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-SAP-2021-1442=1
o SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-ERICSSON-2021-1442=1
o SUSE Linux Enterprise Server 12-SP2-BCL:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-1442=1

Package List:

o SUSE Linux Enterprise Server 12-SP2-LTSS-SAP (x86_64):
libdcerpc-atsvc0-4.2.4-28.39.1
libdcerpc-atsvc0-debuginfo-4.2.4-28.39.1
o SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON (x86_64):
libdcerpc-atsvc0-4.2.4-28.39.1
libdcerpc-atsvc0-debuginfo-4.2.4-28.39.1
o SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):
libdcerpc-atsvc0-4.2.4-28.39.1
libdcerpc-atsvc0-debuginfo-4.2.4-28.39.1

References:

o https://www.suse.com/security/cve/CVE-2021-20254.html
o https://bugzilla.suse.com/1184677

– ——————————————————————————–

SUSE Security Update: Security update for samba

______________________________________________________________________________

Announcement ID: SUSE-SU-2021:1438-1
Rating: important
References: #1178469 #1179156 #1184677
Cross-References: CVE-2021-20254
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP5
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise High Availability 12-SP5
______________________________________________________________________________

An update that solves one vulnerability and has two fixes is now available.

Description:

This update for samba fixes the following issues:

o CVE-2021-20254: Fixed a buffer overrun in sids_to_unixids() (bsc#1184677).
o Avoid free’ing our own pointer in memcache when memcache_trim attempts to
reduce cache size (bsc#1179156).
o Adjust smbcacls ‘–propagate-inheritance’ feature to align with upstream
(bsc#1178469).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:

o SUSE Linux Enterprise Software Development Kit 12-SP5:
zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1438=1
o SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1438=1
o SUSE Linux Enterprise High Availability 12-SP5:
zypper in -t patch SUSE-SLE-HA-12-SP5-2021-1438=1

Package List:

o SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le
s390x x86_64):
libndr-devel-4.10.18+git.269.dd608524c88-3.27.1
libndr-krb5pac-devel-4.10.18+git.269.dd608524c88-3.27.1
libndr-nbt-devel-4.10.18+git.269.dd608524c88-3.27.1
libndr-standard-devel-4.10.18+git.269.dd608524c88-3.27.1
libsamba-util-devel-4.10.18+git.269.dd608524c88-3.27.1
libsmbclient-devel-4.10.18+git.269.dd608524c88-3.27.1
libwbclient-devel-4.10.18+git.269.dd608524c88-3.27.1
samba-core-devel-4.10.18+git.269.dd608524c88-3.27.1
samba-debuginfo-4.10.18+git.269.dd608524c88-3.27.1
samba-debugsource-4.10.18+git.269.dd608524c88-3.27.1
o SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
libdcerpc-binding0-4.10.18+git.269.dd608524c88-3.27.1
libdcerpc-binding0-debuginfo-4.10.18+git.269.dd608524c88-3.27.1
libdcerpc0-4.10.18+git.269.dd608524c88-3.27.1
libdcerpc0-debuginfo-4.10.18+git.269.dd608524c88-3.27.1
libndr-krb5pac0-4.10.18+git.269.dd608524c88-3.27.1
libndr-krb5pac0-debuginfo-4.10.18+git.269.dd608524c88-3.27.1
libndr-nbt0-4.10.18+git.269.dd608524c88-3.27.1
libndr-nbt0-debuginfo-4.10.18+git.269.dd608524c88-3.27.1
libndr-standard0-4.10.18+git.269.dd608524c88-3.27.1
libndr-standard0-debuginfo-4.10.18+git.269.dd608524c88-3.27.1
libndr0-4.10.18+git.269.dd608524c88-3.27.1
libndr0-debuginfo-4.10.18+git.269.dd608524c88-3.27.1
libnetapi0-4.10.18+git.269.dd608524c88-3.27.1
libnetapi0-debuginfo-4.10.18+git.269.dd608524c88-3.27.1
libsamba-credentials0-4.10.18+git.269.dd608524c88-3.27.1
libsamba-credentials0-debuginfo-4.10.18+git.269.dd608524c88-3.27.1
libsamba-errors0-4.10.18+git.269.dd608524c88-3.27.1
libsamba-errors0-debuginfo-4.10.18+git.269.dd608524c88-3.27.1
libsamba-hostconfig0-4.10.18+git.269.dd608524c88-3.27.1
libsamba-hostconfig0-debuginfo-4.10.18+git.269.dd608524c88-3.27.1
libsamba-passdb0-4.10.18+git.269.dd608524c88-3.27.1
libsamba-passdb0-debuginfo-4.10.18+git.269.dd608524c88-3.27.1
libsamba-util0-4.10.18+git.269.dd608524c88-3.27.1
libsamba-util0-debuginfo-4.10.18+git.269.dd608524c88-3.27.1
libsamdb0-4.10.18+git.269.dd608524c88-3.27.1
libsamdb0-debuginfo-4.10.18+git.269.dd608524c88-3.27.1
libsmbclient0-4.10.18+git.269.dd608524c88-3.27.1
libsmbclient0-debuginfo-4.10.18+git.269.dd608524c88-3.27.1
libsmbconf0-4.10.18+git.269.dd608524c88-3.27.1
libsmbconf0-debuginfo-4.10.18+git.269.dd608524c88-3.27.1
libsmbldap2-4.10.18+git.269.dd608524c88-3.27.1
libsmbldap2-debuginfo-4.10.18+git.269.dd608524c88-3.27.1
libtevent-util0-4.10.18+git.269.dd608524c88-3.27.1
libtevent-util0-debuginfo-4.10.18+git.269.dd608524c88-3.27.1
libwbclient0-4.10.18+git.269.dd608524c88-3.27.1
libwbclient0-debuginfo-4.10.18+git.269.dd608524c88-3.27.1
samba-4.10.18+git.269.dd608524c88-3.27.1
samba-client-4.10.18+git.269.dd608524c88-3.27.1
samba-client-debuginfo-4.10.18+git.269.dd608524c88-3.27.1
samba-debuginfo-4.10.18+git.269.dd608524c88-3.27.1
samba-debugsource-4.10.18+git.269.dd608524c88-3.27.1
samba-libs-4.10.18+git.269.dd608524c88-3.27.1
samba-libs-debuginfo-4.10.18+git.269.dd608524c88-3.27.1
samba-libs-python3-4.10.18+git.269.dd608524c88-3.27.1
samba-libs-python3-debuginfo-4.10.18+git.269.dd608524c88-3.27.1
samba-winbind-4.10.18+git.269.dd608524c88-3.27.1
samba-winbind-debuginfo-4.10.18+git.269.dd608524c88-3.27.1
o SUSE Linux Enterprise Server 12-SP5 (s390x x86_64):
libdcerpc-binding0-32bit-4.10.18+git.269.dd608524c88-3.27.1
libdcerpc-binding0-debuginfo-32bit-4.10.18+git.269.dd608524c88-3.27.1
libdcerpc0-32bit-4.10.18+git.269.dd608524c88-3.27.1
libdcerpc0-debuginfo-32bit-4.10.18+git.269.dd608524c88-3.27.1
libndr-krb5pac0-32bit-4.10.18+git.269.dd608524c88-3.27.1
libndr-krb5pac0-debuginfo-32bit-4.10.18+git.269.dd608524c88-3.27.1
libndr-nbt0-32bit-4.10.18+git.269.dd608524c88-3.27.1
libndr-nbt0-debuginfo-32bit-4.10.18+git.269.dd608524c88-3.27.1
libndr-standard0-32bit-4.10.18+git.269.dd608524c88-3.27.1
libndr-standard0-debuginfo-32bit-4.10.18+git.269.dd608524c88-3.27.1
libndr0-32bit-4.10.18+git.269.dd608524c88-3.27.1
libndr0-debuginfo-32bit-4.10.18+git.269.dd608524c88-3.27.1
libnetapi0-32bit-4.10.18+git.269.dd608524c88-3.27.1
libnetapi0-debuginfo-32bit-4.10.18+git.269.dd608524c88-3.27.1
libsamba-credentials0-32bit-4.10.18+git.269.dd608524c88-3.27.1
libsamba-credentials0-debuginfo-32bit-4.10.18+git.269.dd608524c88-3.27.1
libsamba-errors0-32bit-4.10.18+git.269.dd608524c88-3.27.1
libsamba-errors0-debuginfo-32bit-4.10.18+git.269.dd608524c88-3.27.1
libsamba-hostconfig0-32bit-4.10.18+git.269.dd608524c88-3.27.1
libsamba-hostconfig0-debuginfo-32bit-4.10.18+git.269.dd608524c88-3.27.1
libsamba-passdb0-32bit-4.10.18+git.269.dd608524c88-3.27.1
libsamba-passdb0-debuginfo-32bit-4.10.18+git.269.dd608524c88-3.27.1
libsamba-util0-32bit-4.10.18+git.269.dd608524c88-3.27.1
libsamba-util0-debuginfo-32bit-4.10.18+git.269.dd608524c88-3.27.1
libsamdb0-32bit-4.10.18+git.269.dd608524c88-3.27.1
libsamdb0-debuginfo-32bit-4.10.18+git.269.dd608524c88-3.27.1
libsmbclient0-32bit-4.10.18+git.269.dd608524c88-3.27.1
libsmbclient0-debuginfo-32bit-4.10.18+git.269.dd608524c88-3.27.1
libsmbconf0-32bit-4.10.18+git.269.dd608524c88-3.27.1
libsmbconf0-debuginfo-32bit-4.10.18+git.269.dd608524c88-3.27.1
libsmbldap2-32bit-4.10.18+git.269.dd608524c88-3.27.1
libsmbldap2-debuginfo-32bit-4.10.18+git.269.dd608524c88-3.27.1
libtevent-util0-32bit-4.10.18+git.269.dd608524c88-3.27.1
libtevent-util0-debuginfo-32bit-4.10.18+git.269.dd608524c88-3.27.1
libwbclient0-32bit-4.10.18+git.269.dd608524c88-3.27.1
libwbclient0-debuginfo-32bit-4.10.18+git.269.dd608524c88-3.27.1
samba-client-32bit-4.10.18+git.269.dd608524c88-3.27.1
samba-client-debuginfo-32bit-4.10.18+git.269.dd608524c88-3.27.1
samba-libs-32bit-4.10.18+git.269.dd608524c88-3.27.1
samba-libs-debuginfo-32bit-4.10.18+git.269.dd608524c88-3.27.1
samba-libs-python3-32bit-4.10.18+git.269.dd608524c88-3.27.1
samba-libs-python3-debuginfo-32bit-4.10.18+git.269.dd608524c88-3.27.1
samba-winbind-32bit-4.10.18+git.269.dd608524c88-3.27.1
samba-winbind-debuginfo-32bit-4.10.18+git.269.dd608524c88-3.27.1
o SUSE Linux Enterprise Server 12-SP5 (noarch):
samba-doc-4.10.18+git.269.dd608524c88-3.27.1
o SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64):
ctdb-4.10.18+git.269.dd608524c88-3.27.1
ctdb-debuginfo-4.10.18+git.269.dd608524c88-3.27.1
samba-debuginfo-4.10.18+git.269.dd608524c88-3.27.1
samba-debugsource-4.10.18+git.269.dd608524c88-3.27.1

References:

o https://www.suse.com/security/cve/CVE-2021-20254.html
o https://bugzilla.suse.com/1178469
o https://bugzilla.suse.com/1179156
o https://bugzilla.suse.com/1184677

– ——————————————————————————–

SUSE Security Update: Security update for samba

______________________________________________________________________________

Announcement ID: SUSE-SU-2021:14709-1
Rating: important
References: #1178469 #1184677
Cross-References: CVE-2021-20254
Affected Products:
SUSE Linux Enterprise Server 11-SP4-LTSS
SUSE Linux Enterprise Point of Sale 11-SP3
SUSE Linux Enterprise Debuginfo 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP3
______________________________________________________________________________

An update that solves one vulnerability and has one errata is now available.

Description:

This update for samba fixes the following issues:

o CVE-2021-20254: Fixed a buffer overrun in sids_to_unixids() (bsc#1184677).
o Adjust smbcacls ‘–propagate-inheritance’ feature to align with upstream
(bsc#1178469).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:

o SUSE Linux Enterprise Server 11-SP4-LTSS:
zypper in -t patch slessp4-samba-14709=1
o SUSE Linux Enterprise Point of Sale 11-SP3:
zypper in -t patch sleposp3-samba-14709=1
o SUSE Linux Enterprise Debuginfo 11-SP4:
zypper in -t patch dbgsp4-samba-14709=1
o SUSE Linux Enterprise Debuginfo 11-SP3:
zypper in -t patch dbgsp3-samba-14709=1

Package List:

o SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64):
ldapsmb-1.34b-94.34.1
libldb1-3.6.3-94.34.1
libsmbclient0-3.6.3-94.34.1
libtalloc2-3.6.3-94.34.1
libtdb1-3.6.3-94.34.1
libtevent0-3.6.3-94.34.1
libwbclient0-3.6.3-94.34.1
samba-3.6.3-94.34.1
samba-client-3.6.3-94.34.1
samba-krb-printing-3.6.3-94.34.1
samba-winbind-3.6.3-94.34.1
o SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64):
libsmbclient0-32bit-3.6.3-94.34.1
libtalloc2-32bit-3.6.3-94.34.1
libtdb1-32bit-3.6.3-94.34.1
libtevent0-32bit-3.6.3-94.34.1
libwbclient0-32bit-3.6.3-94.34.1
samba-32bit-3.6.3-94.34.1
samba-client-32bit-3.6.3-94.34.1
samba-winbind-32bit-3.6.3-94.34.1
o SUSE Linux Enterprise Server 11-SP4-LTSS (noarch):
samba-doc-3.6.3-94.34.1
o SUSE Linux Enterprise Point of Sale 11-SP3 (noarch):
samba-doc-3.6.3-94.34.1
o SUSE Linux Enterprise Point of Sale 11-SP3 (i586):
ldapsmb-1.34b-94.34.1
libldb1-3.6.3-94.34.1
libsmbclient0-3.6.3-94.34.1
libtalloc2-3.6.3-94.34.1
libtdb1-3.6.3-94.34.1
libtevent0-3.6.3-94.34.1
libwbclient0-3.6.3-94.34.1
samba-3.6.3-94.34.1
samba-client-3.6.3-94.34.1
samba-krb-printing-3.6.3-94.34.1
samba-winbind-3.6.3-94.34.1
o SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64):
samba-debuginfo-3.6.3-94.34.1
samba-debugsource-3.6.3-94.34.1
o SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64):
samba-debuginfo-32bit-3.6.3-94.34.1
o SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64):
samba-debuginfo-3.6.3-94.34.1
samba-debugsource-3.6.3-94.34.1
o SUSE Linux Enterprise Debuginfo 11-SP3 (s390x):
samba-debuginfo-32bit-3.6.3-94.34.1

References:

o https://www.suse.com/security/cve/CVE-2021-20254.html
o https://bugzilla.suse.com/1178469
o https://bugzilla.suse.com/1184677

– ——————————————————————————–

SUSE Security Update: Security update for samba

______________________________________________________________________________

Announcement ID: SUSE-SU-2021:1439-1
Rating: important
References: #1178469 #1184677
Cross-References: CVE-2021-20254
Affected Products:
SUSE Linux Enterprise Server 12-SP2-LTSS-SAP
SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON
SUSE Linux Enterprise Server 12-SP2-BCL
______________________________________________________________________________

An update that solves one vulnerability and has one errata is now available.

Description:

This update for samba fixes the following issues:

o CVE-2021-20254: Fixed a buffer overrun in sids_to_unixids() (bsc#1184677).
o Adjust smbcacls ‘–propagate-inheritance’ feature to align with upstream
(bsc#1178469).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:

o SUSE Linux Enterprise Server 12-SP2-LTSS-SAP:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-SAP-2021-1439=1
o SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-ERICSSON-2021-1439=1
o SUSE Linux Enterprise Server 12-SP2-BCL:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-1439=1

Package List:

o SUSE Linux Enterprise Server 12-SP2-LTSS-SAP (noarch):
samba-doc-4.4.2-38.42.1
o SUSE Linux Enterprise Server 12-SP2-LTSS-SAP (x86_64):
ctdb-4.4.2-38.42.1
ctdb-debuginfo-4.4.2-38.42.1
libdcerpc-binding0-32bit-4.4.2-38.42.1
libdcerpc-binding0-4.4.2-38.42.1
libdcerpc-binding0-debuginfo-32bit-4.4.2-38.42.1
libdcerpc-binding0-debuginfo-4.4.2-38.42.1
libdcerpc0-32bit-4.4.2-38.42.1
libdcerpc0-4.4.2-38.42.1
libdcerpc0-debuginfo-32bit-4.4.2-38.42.1
libdcerpc0-debuginfo-4.4.2-38.42.1
libndr-krb5pac0-32bit-4.4.2-38.42.1
libndr-krb5pac0-4.4.2-38.42.1
libndr-krb5pac0-debuginfo-32bit-4.4.2-38.42.1
libndr-krb5pac0-debuginfo-4.4.2-38.42.1
libndr-nbt0-32bit-4.4.2-38.42.1
libndr-nbt0-4.4.2-38.42.1
libndr-nbt0-debuginfo-32bit-4.4.2-38.42.1
libndr-nbt0-debuginfo-4.4.2-38.42.1
libndr-standard0-32bit-4.4.2-38.42.1
libndr-standard0-4.4.2-38.42.1
libndr-standard0-debuginfo-32bit-4.4.2-38.42.1
libndr-standard0-debuginfo-4.4.2-38.42.1
libndr0-32bit-4.4.2-38.42.1
libndr0-4.4.2-38.42.1
libndr0-debuginfo-32bit-4.4.2-38.42.1
libndr0-debuginfo-4.4.2-38.42.1
libnetapi0-32bit-4.4.2-38.42.1
libnetapi0-4.4.2-38.42.1
libnetapi0-debuginfo-32bit-4.4.2-38.42.1
libnetapi0-debuginfo-4.4.2-38.42.1
libsamba-credentials0-32bit-4.4.2-38.42.1
libsamba-credentials0-4.4.2-38.42.1
libsamba-credentials0-debuginfo-32bit-4.4.2-38.42.1
libsamba-credentials0-debuginfo-4.4.2-38.42.1
libsamba-errors0-32bit-4.4.2-38.42.1
libsamba-errors0-4.4.2-38.42.1
libsamba-errors0-debuginfo-32bit-4.4.2-38.42.1
libsamba-errors0-debuginfo-4.4.2-38.42.1
libsamba-hostconfig0-32bit-4.4.2-38.42.1
libsamba-hostconfig0-4.4.2-38.42.1
libsamba-hostconfig0-debuginfo-32bit-4.4.2-38.42.1
libsamba-hostconfig0-debuginfo-4.4.2-38.42.1
libsamba-passdb0-32bit-4.4.2-38.42.1
libsamba-passdb0-4.4.2-38.42.1
libsamba-passdb0-debuginfo-32bit-4.4.2-38.42.1
libsamba-passdb0-debuginfo-4.4.2-38.42.1
libsamba-util0-32bit-4.4.2-38.42.1
libsamba-util0-4.4.2-38.42.1
libsamba-util0-debuginfo-32bit-4.4.2-38.42.1
libsamba-util0-debuginfo-4.4.2-38.42.1
libsamdb0-32bit-4.4.2-38.42.1
libsamdb0-4.4.2-38.42.1
libsamdb0-debuginfo-32bit-4.4.2-38.42.1
libsamdb0-debuginfo-4.4.2-38.42.1
libsmbclient0-32bit-4.4.2-38.42.1
libsmbclient0-4.4.2-38.42.1
libsmbclient0-debuginfo-32bit-4.4.2-38.42.1
libsmbclient0-debuginfo-4.4.2-38.42.1
libsmbconf0-32bit-4.4.2-38.42.1
libsmbconf0-4.4.2-38.42.1
libsmbconf0-debuginfo-32bit-4.4.2-38.42.1
libsmbconf0-debuginfo-4.4.2-38.42.1
libsmbldap0-32bit-4.4.2-38.42.1
libsmbldap0-4.4.2-38.42.1
libsmbldap0-debuginfo-32bit-4.4.2-38.42.1
libsmbldap0-debuginfo-4.4.2-38.42.1
libtevent-util0-32bit-4.4.2-38.42.1
libtevent-util0-4.4.2-38.42.1
libtevent-util0-debuginfo-32bit-4.4.2-38.42.1
libtevent-util0-debuginfo-4.4.2-38.42.1
libwbclient0-32bit-4.4.2-38.42.1
libwbclient0-4.4.2-38.42.1
libwbclient0-debuginfo-32bit-4.4.2-38.42.1
libwbclient0-debuginfo-4.4.2-38.42.1
samba-4.4.2-38.42.1
samba-client-32bit-4.4.2-38.42.1
samba-client-4.4.2-38.42.1
samba-client-debuginfo-32bit-4.4.2-38.42.1
samba-client-debuginfo-4.4.2-38.42.1
samba-debuginfo-4.4.2-38.42.1
samba-debugsource-4.4.2-38.42.1
samba-libs-32bit-4.4.2-38.42.1
samba-libs-4.4.2-38.42.1
samba-libs-debuginfo-32bit-4.4.2-38.42.1
samba-libs-debuginfo-4.4.2-38.42.1
samba-winbind-32bit-4.4.2-38.42.1
samba-winbind-4.4.2-38.42.1
samba-winbind-debuginfo-32bit-4.4.2-38.42.1
samba-winbind-debuginfo-4.4.2-38.42.1
o SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON (noarch):
samba-doc-4.4.2-38.42.1
o SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON (x86_64):
ctdb-4.4.2-38.42.1
ctdb-debuginfo-4.4.2-38.42.1
libdcerpc-binding0-32bit-4.4.2-38.42.1
libdcerpc-binding0-4.4.2-38.42.1
libdcerpc-binding0-debuginfo-32bit-4.4.2-38.42.1
libdcerpc-binding0-debuginfo-4.4.2-38.42.1
libdcerpc0-32bit-4.4.2-38.42.1
libdcerpc0-4.4.2-38.42.1
libdcerpc0-debuginfo-32bit-4.4.2-38.42.1
libdcerpc0-debuginfo-4.4.2-38.42.1
libndr-krb5pac0-32bit-4.4.2-38.42.1
libndr-krb5pac0-4.4.2-38.42.1
libndr-krb5pac0-debuginfo-32bit-4.4.2-38.42.1
libndr-krb5pac0-debuginfo-4.4.2-38.42.1
libndr-nbt0-32bit-4.4.2-38.42.1
libndr-nbt0-4.4.2-38.42.1
libndr-nbt0-debuginfo-32bit-4.4.2-38.42.1
libndr-nbt0-debuginfo-4.4.2-38.42.1
libndr-standard0-32bit-4.4.2-38.42.1
libndr-standard0-4.4.2-38.42.1
libndr-standard0-debuginfo-32bit-4.4.2-38.42.1
libndr-standard0-debuginfo-4.4.2-38.42.1
libndr0-32bit-4.4.2-38.42.1
libndr0-4.4.2-38.42.1
libndr0-debuginfo-32bit-4.4.2-38.42.1
libndr0-debuginfo-4.4.2-38.42.1
libnetapi0-32bit-4.4.2-38.42.1
libnetapi0-4.4.2-38.42.1
libnetapi0-debuginfo-32bit-4.4.2-38.42.1
libnetapi0-debuginfo-4.4.2-38.42.1
libsamba-credentials0-32bit-4.4.2-38.42.1
libsamba-credentials0-4.4.2-38.42.1
libsamba-credentials0-debuginfo-32bit-4.4.2-38.42.1
libsamba-credentials0-debuginfo-4.4.2-38.42.1
libsamba-errors0-32bit-4.4.2-38.42.1
libsamba-errors0-4.4.2-38.42.1
libsamba-errors0-debuginfo-32bit-4.4.2-38.42.1
libsamba-errors0-debuginfo-4.4.2-38.42.1
libsamba-hostconfig0-32bit-4.4.2-38.42.1
libsamba-hostconfig0-4.4.2-38.42.1
libsamba-hostconfig0-debuginfo-32bit-4.4.2-38.42.1
libsamba-hostconfig0-debuginfo-4.4.2-38.42.1
libsamba-passdb0-32bit-4.4.2-38.42.1
libsamba-passdb0-4.4.2-38.42.1
libsamba-passdb0-debuginfo-32bit-4.4.2-38.42.1
libsamba-passdb0-debuginfo-4.4.2-38.42.1
libsamba-util0-32bit-4.4.2-38.42.1
libsamba-util0-4.4.2-38.42.1
libsamba-util0-debuginfo-32bit-4.4.2-38.42.1
libsamba-util0-debuginfo-4.4.2-38.42.1
libsamdb0-32bit-4.4.2-38.42.1
libsamdb0-4.4.2-38.42.1
libsamdb0-debuginfo-32bit-4.4.2-38.42.1
libsamdb0-debuginfo-4.4.2-38.42.1
libsmbclient0-32bit-4.4.2-38.42.1
libsmbclient0-4.4.2-38.42.1
libsmbclient0-debuginfo-32bit-4.4.2-38.42.1
libsmbclient0-debuginfo-4.4.2-38.42.1
libsmbconf0-32bit-4.4.2-38.42.1
libsmbconf0-4.4.2-38.42.1
libsmbconf0-debuginfo-32bit-4.4.2-38.42.1
libsmbconf0-debuginfo-4.4.2-38.42.1
libsmbldap0-32bit-4.4.2-38.42.1
libsmbldap0-4.4.2-38.42.1
libsmbldap0-debuginfo-32bit-4.4.2-38.42.1
libsmbldap0-debuginfo-4.4.2-38.42.1
libtevent-util0-32bit-4.4.2-38.42.1
libtevent-util0-4.4.2-38.42.1
libtevent-util0-debuginfo-32bit-4.4.2-38.42.1
libtevent-util0-debuginfo-4.4.2-38.42.1
libwbclient0-32bit-4.4.2-38.42.1
libwbclient0-4.4.2-38.42.1
libwbclient0-debuginfo-32bit-4.4.2-38.42.1
libwbclient0-debuginfo-4.4.2-38.42.1
samba-4.4.2-38.42.1
samba-client-32bit-4.4.2-38.42.1
samba-client-4.4.2-38.42.1
samba-client-debuginfo-32bit-4.4.2-38.42.1
samba-client-debuginfo-4.4.2-38.42.1
samba-debuginfo-4.4.2-38.42.1
samba-debugsource-4.4.2-38.42.1
samba-libs-32bit-4.4.2-38.42.1
samba-libs-4.4.2-38.42.1
samba-libs-debuginfo-32bit-4.4.2-38.42.1
samba-libs-debuginfo-4.4.2-38.42.1
samba-winbind-32bit-4.4.2-38.42.1
samba-winbind-4.4.2-38.42.1
samba-winbind-debuginfo-32bit-4.4.2-38.42.1
samba-winbind-debuginfo-4.4.2-38.42.1
o SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):
libdcerpc-binding0-32bit-4.4.2-38.42.1
libdcerpc-binding0-4.4.2-38.42.1
libdcerpc-binding0-debuginfo-32bit-4.4.2-38.42.1
libdcerpc-binding0-debuginfo-4.4.2-38.42.1
libdcerpc0-32bit-4.4.2-38.42.1
libdcerpc0-4.4.2-38.42.1
libdcerpc0-debuginfo-32bit-4.4.2-38.42.1
libdcerpc0-debuginfo-4.4.2-38.42.1
libndr-krb5pac0-32bit-4.4.2-38.42.1
libndr-krb5pac0-4.4.2-38.42.1
libndr-krb5pac0-debuginfo-32bit-4.4.2-38.42.1
libndr-krb5pac0-debuginfo-4.4.2-38.42.1
libndr-nbt0-32bit-4.4.2-38.42.1
libndr-nbt0-4.4.2-38.42.1
libndr-nbt0-debuginfo-32bit-4.4.2-38.42.1
libndr-nbt0-debuginfo-4.4.2-38.42.1
libndr-standard0-32bit-4.4.2-38.42.1
libndr-standard0-4.4.2-38.42.1
libndr-standard0-debuginfo-32bit-4.4.2-38.42.1
libndr-standard0-debuginfo-4.4.2-38.42.1
libndr0-32bit-4.4.2-38.42.1
libndr0-4.4.2-38.42.1
libndr0-debuginfo-32bit-4.4.2-38.42.1
libndr0-debuginfo-4.4.2-38.42.1
libnetapi0-32bit-4.4.2-38.42.1
libnetapi0-4.4.2-38.42.1
libnetapi0-debuginfo-32bit-4.4.2-38.42.1
libnetapi0-debuginfo-4.4.2-38.42.1
libsamba-credentials0-32bit-4.4.2-38.42.1
libsamba-credentials0-4.4.2-38.42.1
libsamba-credentials0-debuginfo-32bit-4.4.2-38.42.1
libsamba-credentials0-debuginfo-4.4.2-38.42.1
libsamba-errors0-32bit-4.4.2-38.42.1
libsamba-errors0-4.4.2-38.42.1
libsamba-errors0-debuginfo-32bit-4.4.2-38.42.1
libsamba-errors0-debuginfo-4.4.2-38.42.1
libsamba-hostconfig0-32bit-4.4.2-38.42.1
libsamba-hostconfig0-4.4.2-38.42.1
libsamba-hostconfig0-debuginfo-32bit-4.4.2-38.42.1
libsamba-hostconfig0-debuginfo-4.4.2-38.42.1
libsamba-passdb0-32bit-4.4.2-38.42.1
libsamba-passdb0-4.4.2-38.42.1
libsamba-passdb0-debuginfo-32bit-4.4.2-38.42.1
libsamba-passdb0-debuginfo-4.4.2-38.42.1
libsamba-util0-32bit-4.4.2-38.42.1
libsamba-util0-4.4.2-38.42.1
libsamba-util0-debuginfo-32bit-4.4.2-38.42.1
libsamba-util0-debuginfo-4.4.2-38.42.1
libsamdb0-32bit-4.4.2-38.42.1
libsamdb0-4.4.2-38.42.1
libsamdb0-debuginfo-32bit-4.4.2-38.42.1
libsamdb0-debuginfo-4.4.2-38.42.1
libsmbclient0-32bit-4.4.2-38.42.1
libsmbclient0-4.4.2-38.42.1
libsmbclient0-debuginfo-32bit-4.4.2-38.42.1
libsmbclient0-debuginfo-4.4.2-38.42.1
libsmbconf0-32bit-4.4.2-38.42.1
libsmbconf0-4.4.2-38.42.1
libsmbconf0-debuginfo-32bit-4.4.2-38.42.1
libsmbconf0-debuginfo-4.4.2-38.42.1
libsmbldap0-32bit-4.4.2-38.42.1
libsmbldap0-4.4.2-38.42.1
libsmbldap0-debuginfo-32bit-4.4.2-38.42.1
libsmbldap0-debuginfo-4.4.2-38.42.1
libtevent-util0-32bit-4.4.2-38.42.1
libtevent-util0-4.4.2-38.42.1
libtevent-util0-debuginfo-32bit-4.4.2-38.42.1
libtevent-util0-debuginfo-4.4.2-38.42.1
libwbclient0-32bit-4.4.2-38.42.1
libwbclient0-4.4.2-38.42.1
libwbclient0-debuginfo-32bit-4.4.2-38.42.1
libwbclient0-debuginfo-4.4.2-38.42.1
samba-4.4.2-38.42.1
samba-client-32bit-4.4.2-38.42.1
samba-client-4.4.2-38.42.1
samba-client-debuginfo-32bit-4.4.2-38.42.1
samba-client-debuginfo-4.4.2-38.42.1
samba-debuginfo-4.4.2-38.42.1
samba-debugsource-4.4.2-38.42.1
samba-libs-32bit-4.4.2-38.42.1
samba-libs-4.4.2-38.42.1
samba-libs-debuginfo-32bit-4.4.2-38.42.1
samba-libs-debuginfo-4.4.2-38.42.1
samba-winbind-32bit-4.4.2-38.42.1
samba-winbind-4.4.2-38.42.1
samba-winbind-debuginfo-32bit-4.4.2-38.42.1
samba-winbind-debuginfo-4.4.2-38.42.1
o SUSE Linux Enterprise Server 12-SP2-BCL (noarch):
samba-doc-4.4.2-38.42.1

References:

o https://www.suse.com/security/cve/CVE-2021-20254.html
o https://bugzilla.suse.com/1178469
o https://bugzilla.suse.com/1184677

– ————————–END INCLUDED TEXT——————–

You have received this e-mail bulletin as a result of your organisation’s
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT’s members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation’s
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author’s website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
—–BEGIN PGP SIGNATURE—–
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYItVIuNLKJtyKPYoAQioow/+O5Q8HjQM7101NeGX2HRZhSp/cH1mLZib
pWFGu/58orX5UmBYsUIk6ZRSBM+M7y3b+AOH9v3GKs2mnJVvVHU5BP3T01nY4sSq
lQ0C3splkWDAoyTUC/j19HSxr/AHbaJS7g++v7d4nnFs48yvfhPB9y9yKwREV7sA
7RCCCYwq6T0682dBS8SXP3Z/umCpdQgZpAWkOVS5WexyXs+k5OxlIcpZhMvXG54L
xogCwT5E3LZlwZt9FDnPWcme2zPxKAQ7ezCQR+qfRpyrnP6Lqj7Yvw0DCmKIjtVV
h9E4f16YH/a8f9Ql6N5qRDNEGsSsnaKS9bhyGdnIDqtpdBbzT7d1qFRtTdGOmBwp
pphcp5YQepO4STaM3NoBG1XUTVMfaaOUd+J09FVeu1glUXN0/6HfkyqPY3jk9Vkn
nXa+u0lQw4/yRrBwpiuFoFffEHCfhRMW7Dmv+nHb7RP1FHY+73LHHO4P3uELsABw
qmpvj6ZV+1C2vJAGf2yID7giQ3JStB8/SBN4VGZe3yxz6Rdps1YWsdUXoEoCPShc
kBrCvmpPT48kXWu7nSuk5Rf9FzDTTaC9ksWofL7z4ynhD6xQk/GlvUmEntZ4Fw2Z
AIRBRkfZZ1y5+Eo8g79zKLPIxu0bNyYuG+Anpybz9B1HQpkq2TzFikpczOnhxOAW
s43N5KqzhwE=
=xQuW
—–END PGP SIGNATURE—–

The post ESB-2021.1478 – [Win][UNIX/Linux][SUSE] samba: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/04/30/esb-2021-1478-winunix-linuxsuse-samba-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1478-winunix-linuxsuse-samba-multiple-vulnerabilities

ESB-2021.1479 – [RedHat] bind: Denial of service – Remote/unauthenticated

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1479
bind security update
30 April 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: bind
Publisher: Red Hat
Operating System: Red Hat
Impact/Access: Denial of Service — Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2021-25215

Reference: ESB-2021.1442

Original Bulletin:
https://access.redhat.com/errata/RHSA-2021:1468
https://access.redhat.com/errata/RHSA-2021:1469

Comment: This bulletin contains two (2) Red Hat security advisories.

– ————————–BEGIN INCLUDED TEXT——————–

– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: bind security update
Advisory ID: RHSA-2021:1468-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:1468
Issue date: 2021-04-29
CVE Names: CVE-2021-25215
=====================================================================

1. Summary:

An update for bind is now available for Red Hat Enterprise Linux 6 Extended
Lifecycle Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server (v. 6 ELS) – i386, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6 ELS) – i386, s390x, x86_64

3. Description:

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain
Name System (DNS) protocols. BIND includes a DNS server (named); a resolver
library (routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating correctly.

Security Fix(es):

* bind: An assertion check can fail while answering queries for DNAME
records that require the DNAME to be processed to resolve itself
(CVE-2021-25215)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, the BIND daemon (named) will be restarted
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1953857 – CVE-2021-25215 bind: An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself

6. Package List:

Red Hat Enterprise Linux Server (v. 6 ELS):

Source:
bind-9.8.2-0.68.rc1.el6_10.11.src.rpm

i386:
bind-9.8.2-0.68.rc1.el6_10.11.i686.rpm
bind-chroot-9.8.2-0.68.rc1.el6_10.11.i686.rpm
bind-debuginfo-9.8.2-0.68.rc1.el6_10.11.i686.rpm
bind-libs-9.8.2-0.68.rc1.el6_10.11.i686.rpm
bind-utils-9.8.2-0.68.rc1.el6_10.11.i686.rpm

s390x:
bind-9.8.2-0.68.rc1.el6_10.11.s390x.rpm
bind-chroot-9.8.2-0.68.rc1.el6_10.11.s390x.rpm
bind-debuginfo-9.8.2-0.68.rc1.el6_10.11.s390.rpm
bind-debuginfo-9.8.2-0.68.rc1.el6_10.11.s390x.rpm
bind-libs-9.8.2-0.68.rc1.el6_10.11.s390.rpm
bind-libs-9.8.2-0.68.rc1.el6_10.11.s390x.rpm
bind-utils-9.8.2-0.68.rc1.el6_10.11.s390x.rpm

x86_64:
bind-9.8.2-0.68.rc1.el6_10.11.x86_64.rpm
bind-chroot-9.8.2-0.68.rc1.el6_10.11.x86_64.rpm
bind-debuginfo-9.8.2-0.68.rc1.el6_10.11.i686.rpm
bind-debuginfo-9.8.2-0.68.rc1.el6_10.11.x86_64.rpm
bind-libs-9.8.2-0.68.rc1.el6_10.11.i686.rpm
bind-libs-9.8.2-0.68.rc1.el6_10.11.x86_64.rpm
bind-utils-9.8.2-0.68.rc1.el6_10.11.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6 ELS):

i386:
bind-debuginfo-9.8.2-0.68.rc1.el6_10.11.i686.rpm
bind-devel-9.8.2-0.68.rc1.el6_10.11.i686.rpm
bind-sdb-9.8.2-0.68.rc1.el6_10.11.i686.rpm

s390x:
bind-debuginfo-9.8.2-0.68.rc1.el6_10.11.s390.rpm
bind-debuginfo-9.8.2-0.68.rc1.el6_10.11.s390x.rpm
bind-devel-9.8.2-0.68.rc1.el6_10.11.s390.rpm
bind-devel-9.8.2-0.68.rc1.el6_10.11.s390x.rpm
bind-sdb-9.8.2-0.68.rc1.el6_10.11.s390x.rpm

x86_64:
bind-debuginfo-9.8.2-0.68.rc1.el6_10.11.i686.rpm
bind-debuginfo-9.8.2-0.68.rc1.el6_10.11.x86_64.rpm
bind-devel-9.8.2-0.68.rc1.el6_10.11.i686.rpm
bind-devel-9.8.2-0.68.rc1.el6_10.11.x86_64.rpm
bind-sdb-9.8.2-0.68.rc1.el6_10.11.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-25215
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

iQIVAwUBYIqbJ9zjgjWX9erEAQjwPg//SzKTahpLsqjnYf0oNawBZ5PLs39kfn+k
SL5o2YzI9klcTQJ9WSz9Ty/vXKw1gHiI31YdSgLDxHayrp4eQIZn+c3vSiQf2mxh
cE2qwJZCxfTRv38eOc1zKNWj9e73GJLx9ZQSaPUBB7cRHjIOs0acdkLOHGjZkvOI
bjVza/JEw+eLRkJRhk8rxiWn4kjBF5Jyr+ciClySvGcLfGIc95H0rB+pSJhLxoGs
6BknesCQofbfL8jKyUChwbZ0a4CLUYh2EA3u5+KYa+qnwry/Wcy3E5yrWwMFMvV/
BQAJ4YWtQSaK7sRMkEPMMChNO010QdAmqVW7XkA7q1UMo51tsk6yCdxWnA1gbhWc
UL2KbjnLv0tfPN/Bi9c4K1gEoiVQaUBKsbkqxKhjd2CQBUN8LhanGsF5n/aJFqzm
XGw7nvn/lxiLC0KCIOD2b1ZKUszsR/ELMEWvCOB/VSjAsoVxIK2fsX8oRaTg1Cd+
jB+YlFQAUD64PpnK+RRRZ9GRTihAFvFPO1CHbiw+91nOWr+7HS7AR1BCPGPBmss3
SaerPj40tVSuL/fAH/vVSCviO94yXLZz7w22wGdiSvp8ze7G7yltJVhsUnrz/Wb8
IJc8nKLqhTEXjzvi7hMda2C4ZGzY8vQPGlw0Ns04HNc3zkOk3AXhALmp0D3TdvrF
lm/YyuGfPFY=
=2CXa
– —–END PGP SIGNATURE—–

– ——————————————————————————

– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: bind security update
Advisory ID: RHSA-2021:1469-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:1469
Issue date: 2021-04-29
CVE Names: CVE-2021-25215
=====================================================================

1. Summary:

An update for bind is now available for Red Hat Enterprise Linux 7.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) – noarch, x86_64
Red Hat Enterprise Linux Client Optional (v. 7) – x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) – noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) – x86_64
Red Hat Enterprise Linux Server (v. 7) – noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) – ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) – noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) – x86_64

3. Description:

Security Fix(es):

* bind: An assertion check can fail while answering queries for DNAME
records that require the DNAME to be processed to resolve itself
(CVE-2021-25215)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, the BIND daemon (named) will be restarted
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1953857 – CVE-2021-25215 bind: An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
bind-9.11.4-26.P2.el7_9.5.src.rpm

noarch:
bind-license-9.11.4-26.P2.el7_9.5.noarch.rpm

x86_64:
bind-debuginfo-9.11.4-26.P2.el7_9.5.i686.rpm
bind-debuginfo-9.11.4-26.P2.el7_9.5.x86_64.rpm
bind-export-libs-9.11.4-26.P2.el7_9.5.i686.rpm
bind-export-libs-9.11.4-26.P2.el7_9.5.x86_64.rpm
bind-libs-9.11.4-26.P2.el7_9.5.i686.rpm
bind-libs-9.11.4-26.P2.el7_9.5.x86_64.rpm
bind-libs-lite-9.11.4-26.P2.el7_9.5.i686.rpm
bind-libs-lite-9.11.4-26.P2.el7_9.5.x86_64.rpm
bind-utils-9.11.4-26.P2.el7_9.5.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:
bind-9.11.4-26.P2.el7_9.5.x86_64.rpm
bind-chroot-9.11.4-26.P2.el7_9.5.x86_64.rpm
bind-debuginfo-9.11.4-26.P2.el7_9.5.i686.rpm
bind-debuginfo-9.11.4-26.P2.el7_9.5.x86_64.rpm
bind-devel-9.11.4-26.P2.el7_9.5.i686.rpm
bind-devel-9.11.4-26.P2.el7_9.5.x86_64.rpm
bind-export-devel-9.11.4-26.P2.el7_9.5.i686.rpm
bind-export-devel-9.11.4-26.P2.el7_9.5.x86_64.rpm
bind-lite-devel-9.11.4-26.P2.el7_9.5.i686.rpm
bind-lite-devel-9.11.4-26.P2.el7_9.5.x86_64.rpm
bind-pkcs11-9.11.4-26.P2.el7_9.5.x86_64.rpm
bind-pkcs11-devel-9.11.4-26.P2.el7_9.5.i686.rpm
bind-pkcs11-devel-9.11.4-26.P2.el7_9.5.x86_64.rpm
bind-pkcs11-libs-9.11.4-26.P2.el7_9.5.i686.rpm
bind-pkcs11-libs-9.11.4-26.P2.el7_9.5.x86_64.rpm
bind-pkcs11-utils-9.11.4-26.P2.el7_9.5.x86_64.rpm
bind-sdb-9.11.4-26.P2.el7_9.5.x86_64.rpm
bind-sdb-chroot-9.11.4-26.P2.el7_9.5.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
bind-9.11.4-26.P2.el7_9.5.src.rpm

noarch:
bind-license-9.11.4-26.P2.el7_9.5.noarch.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

Red Hat Enterprise Linux Server (v. 7):

Source:
bind-9.11.4-26.P2.el7_9.5.src.rpm

noarch:
bind-license-9.11.4-26.P2.el7_9.5.noarch.rpm

ppc64:
bind-9.11.4-26.P2.el7_9.5.ppc64.rpm
bind-chroot-9.11.4-26.P2.el7_9.5.ppc64.rpm
bind-debuginfo-9.11.4-26.P2.el7_9.5.ppc.rpm
bind-debuginfo-9.11.4-26.P2.el7_9.5.ppc64.rpm
bind-export-libs-9.11.4-26.P2.el7_9.5.ppc.rpm
bind-export-libs-9.11.4-26.P2.el7_9.5.ppc64.rpm
bind-libs-9.11.4-26.P2.el7_9.5.ppc.rpm
bind-libs-9.11.4-26.P2.el7_9.5.ppc64.rpm
bind-libs-lite-9.11.4-26.P2.el7_9.5.ppc.rpm
bind-libs-lite-9.11.4-26.P2.el7_9.5.ppc64.rpm
bind-pkcs11-9.11.4-26.P2.el7_9.5.ppc64.rpm
bind-pkcs11-libs-9.11.4-26.P2.el7_9.5.ppc.rpm
bind-pkcs11-libs-9.11.4-26.P2.el7_9.5.ppc64.rpm
bind-pkcs11-utils-9.11.4-26.P2.el7_9.5.ppc64.rpm
bind-utils-9.11.4-26.P2.el7_9.5.ppc64.rpm

ppc64le:
bind-9.11.4-26.P2.el7_9.5.ppc64le.rpm
bind-chroot-9.11.4-26.P2.el7_9.5.ppc64le.rpm
bind-debuginfo-9.11.4-26.P2.el7_9.5.ppc64le.rpm
bind-export-libs-9.11.4-26.P2.el7_9.5.ppc64le.rpm
bind-libs-9.11.4-26.P2.el7_9.5.ppc64le.rpm
bind-libs-lite-9.11.4-26.P2.el7_9.5.ppc64le.rpm
bind-pkcs11-9.11.4-26.P2.el7_9.5.ppc64le.rpm
bind-pkcs11-libs-9.11.4-26.P2.el7_9.5.ppc64le.rpm
bind-pkcs11-utils-9.11.4-26.P2.el7_9.5.ppc64le.rpm
bind-utils-9.11.4-26.P2.el7_9.5.ppc64le.rpm

s390x:
bind-9.11.4-26.P2.el7_9.5.s390x.rpm
bind-chroot-9.11.4-26.P2.el7_9.5.s390x.rpm
bind-debuginfo-9.11.4-26.P2.el7_9.5.s390.rpm
bind-debuginfo-9.11.4-26.P2.el7_9.5.s390x.rpm
bind-export-libs-9.11.4-26.P2.el7_9.5.s390.rpm
bind-export-libs-9.11.4-26.P2.el7_9.5.s390x.rpm
bind-libs-9.11.4-26.P2.el7_9.5.s390.rpm
bind-libs-9.11.4-26.P2.el7_9.5.s390x.rpm
bind-libs-lite-9.11.4-26.P2.el7_9.5.s390.rpm
bind-libs-lite-9.11.4-26.P2.el7_9.5.s390x.rpm
bind-pkcs11-9.11.4-26.P2.el7_9.5.s390x.rpm
bind-pkcs11-libs-9.11.4-26.P2.el7_9.5.s390.rpm
bind-pkcs11-libs-9.11.4-26.P2.el7_9.5.s390x.rpm
bind-pkcs11-utils-9.11.4-26.P2.el7_9.5.s390x.rpm
bind-utils-9.11.4-26.P2.el7_9.5.s390x.rpm

x86_64:
bind-9.11.4-26.P2.el7_9.5.x86_64.rpm
bind-chroot-9.11.4-26.P2.el7_9.5.x86_64.rpm
bind-debuginfo-9.11.4-26.P2.el7_9.5.i686.rpm
bind-debuginfo-9.11.4-26.P2.el7_9.5.x86_64.rpm
bind-export-libs-9.11.4-26.P2.el7_9.5.i686.rpm
bind-export-libs-9.11.4-26.P2.el7_9.5.x86_64.rpm
bind-libs-9.11.4-26.P2.el7_9.5.i686.rpm
bind-libs-9.11.4-26.P2.el7_9.5.x86_64.rpm
bind-libs-lite-9.11.4-26.P2.el7_9.5.i686.rpm
bind-libs-lite-9.11.4-26.P2.el7_9.5.x86_64.rpm
bind-pkcs11-9.11.4-26.P2.el7_9.5.x86_64.rpm
bind-pkcs11-libs-9.11.4-26.P2.el7_9.5.i686.rpm
bind-pkcs11-libs-9.11.4-26.P2.el7_9.5.x86_64.rpm
bind-pkcs11-utils-9.11.4-26.P2.el7_9.5.x86_64.rpm
bind-utils-9.11.4-26.P2.el7_9.5.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64:
bind-debuginfo-9.11.4-26.P2.el7_9.5.ppc.rpm
bind-debuginfo-9.11.4-26.P2.el7_9.5.ppc64.rpm
bind-devel-9.11.4-26.P2.el7_9.5.ppc.rpm
bind-devel-9.11.4-26.P2.el7_9.5.ppc64.rpm
bind-export-devel-9.11.4-26.P2.el7_9.5.ppc.rpm
bind-export-devel-9.11.4-26.P2.el7_9.5.ppc64.rpm
bind-lite-devel-9.11.4-26.P2.el7_9.5.ppc.rpm
bind-lite-devel-9.11.4-26.P2.el7_9.5.ppc64.rpm
bind-pkcs11-devel-9.11.4-26.P2.el7_9.5.ppc.rpm
bind-pkcs11-devel-9.11.4-26.P2.el7_9.5.ppc64.rpm
bind-sdb-9.11.4-26.P2.el7_9.5.ppc64.rpm
bind-sdb-chroot-9.11.4-26.P2.el7_9.5.ppc64.rpm

ppc64le:
bind-debuginfo-9.11.4-26.P2.el7_9.5.ppc64le.rpm
bind-devel-9.11.4-26.P2.el7_9.5.ppc64le.rpm
bind-export-devel-9.11.4-26.P2.el7_9.5.ppc64le.rpm
bind-lite-devel-9.11.4-26.P2.el7_9.5.ppc64le.rpm
bind-pkcs11-devel-9.11.4-26.P2.el7_9.5.ppc64le.rpm
bind-sdb-9.11.4-26.P2.el7_9.5.ppc64le.rpm
bind-sdb-chroot-9.11.4-26.P2.el7_9.5.ppc64le.rpm

s390x:
bind-debuginfo-9.11.4-26.P2.el7_9.5.s390.rpm
bind-debuginfo-9.11.4-26.P2.el7_9.5.s390x.rpm
bind-devel-9.11.4-26.P2.el7_9.5.s390.rpm
bind-devel-9.11.4-26.P2.el7_9.5.s390x.rpm
bind-export-devel-9.11.4-26.P2.el7_9.5.s390.rpm
bind-export-devel-9.11.4-26.P2.el7_9.5.s390x.rpm
bind-lite-devel-9.11.4-26.P2.el7_9.5.s390.rpm
bind-lite-devel-9.11.4-26.P2.el7_9.5.s390x.rpm
bind-pkcs11-devel-9.11.4-26.P2.el7_9.5.s390.rpm
bind-pkcs11-devel-9.11.4-26.P2.el7_9.5.s390x.rpm
bind-sdb-9.11.4-26.P2.el7_9.5.s390x.rpm
bind-sdb-chroot-9.11.4-26.P2.el7_9.5.s390x.rpm

x86_64:
bind-debuginfo-9.11.4-26.P2.el7_9.5.i686.rpm
bind-debuginfo-9.11.4-26.P2.el7_9.5.x86_64.rpm
bind-devel-9.11.4-26.P2.el7_9.5.i686.rpm
bind-devel-9.11.4-26.P2.el7_9.5.x86_64.rpm
bind-export-devel-9.11.4-26.P2.el7_9.5.i686.rpm
bind-export-devel-9.11.4-26.P2.el7_9.5.x86_64.rpm
bind-lite-devel-9.11.4-26.P2.el7_9.5.i686.rpm
bind-lite-devel-9.11.4-26.P2.el7_9.5.x86_64.rpm
bind-pkcs11-devel-9.11.4-26.P2.el7_9.5.i686.rpm
bind-pkcs11-devel-9.11.4-26.P2.el7_9.5.x86_64.rpm
bind-sdb-9.11.4-26.P2.el7_9.5.x86_64.rpm
bind-sdb-chroot-9.11.4-26.P2.el7_9.5.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
bind-9.11.4-26.P2.el7_9.5.src.rpm

noarch:
bind-license-9.11.4-26.P2.el7_9.5.noarch.rpm

x86_64:
bind-9.11.4-26.P2.el7_9.5.x86_64.rpm
bind-chroot-9.11.4-26.P2.el7_9.5.x86_64.rpm
bind-debuginfo-9.11.4-26.P2.el7_9.5.i686.rpm
bind-debuginfo-9.11.4-26.P2.el7_9.5.x86_64.rpm
bind-export-libs-9.11.4-26.P2.el7_9.5.i686.rpm
bind-export-libs-9.11.4-26.P2.el7_9.5.x86_64.rpm
bind-libs-9.11.4-26.P2.el7_9.5.i686.rpm
bind-libs-9.11.4-26.P2.el7_9.5.x86_64.rpm
bind-libs-lite-9.11.4-26.P2.el7_9.5.i686.rpm
bind-libs-lite-9.11.4-26.P2.el7_9.5.x86_64.rpm
bind-pkcs11-9.11.4-26.P2.el7_9.5.x86_64.rpm
bind-pkcs11-libs-9.11.4-26.P2.el7_9.5.i686.rpm
bind-pkcs11-libs-9.11.4-26.P2.el7_9.5.x86_64.rpm
bind-pkcs11-utils-9.11.4-26.P2.el7_9.5.x86_64.rpm
bind-utils-9.11.4-26.P2.el7_9.5.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-25215
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

iQIVAwUBYIrDc9zjgjWX9erEAQhvUQ/+MeaN9XhKknpA1qm/s1jrhklXaylWxi19
pX9kMTpcRF/Mpo3DJCx++GJHp4Tf1fqboeC6dIr2M8du4VGDJsIRBpGkNCsF9fpN
PJUkNe/QpL8sFIfppqIJrh5Q4JhEK69TmH6xwT+x80ljoHD+CA4PZ1W4vJ+83ftY
XX7jhWkR6lpsor8IGOLJVQ8DqLLcy+5bN1As0J+tHzKihXebks6/w1gCLZEbqr1w
DksLhZV6jsW+/BpA++07fThvTCHOvdDR54zcysqDFaztb4nQleLOs87H1wEMUpRu
RWhodTiNwFN+97TKbt8BA+qvJxDfQU7tL3FJV0REl03P1gOhsUD5RaibLJWj45pH
PALy6zEYV8jlhHM5jyE/1vH0Oz4dSPjPEg1QoWoe/CF0OKH1d6TjFsPporw536Dj
fE8EkhtwsSjedlhKtKO9B569s2fHy0DEmNCH9cAD7G4Lp8w8k3JDJSnC6e0d7ew8
fH5J3Fzq+zm/TsZTNT4fk3ego4vzmrEjdzENjMi9okTMLOntcmtVisZEKdzP+Bqv
HR/48W0uCnwukcLwqdpxZx5NEn5q2Wn6JiwrzHolwSL+agFL4RZXq1kHmAwZdw5z
3bJeaAp6t13K8zO4HEeSwmoOPBOSnXO6u/EMc2s6FD+cBp4LbFV2lO0IwP7BVwhf
3UL7JeKVK2c=
=gxGI
– —–END PGP SIGNATURE—–

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYItV8eNLKJtyKPYoAQiQ4xAAo1vvtXATSQiDw4Y5BANZLKFzariqXBtg
yf8B8ft1UJO6dldaDI252gNm5gdcOV63WvHzxhcFVTZ00/o6R7c1KBE7WxW4x7Bt
o8HqYBsSsdXxc0x/AYgV0pyjSR4qy3u9qZORFyoP/dLIXotLvImLfGr2A83tbleD
rj6xDIzoLmuOxJBqxdyb33DwGD6P5yRlJYPEU3UDgCsDkX8a1L6lbzfDAUz4pvzN
r6bZKcip85UqIWsAJKem5LhNjx+oCv7Z0H8/YS8a/qRwrMMc90eAT5LLC46hawlu
kyrhSG7SLE1juAHAypLfzG2uNlwUDWb3OAf2y5i2gnAe0hwCli6DHwq+Dfmj6SNx
Qw8Mv5kO3S2njgZIZ6OWc4U5dQVjTxA2oc1JlipCkSiNIgSDJVEkEDGbMCwArpos
0+BoKd0fPyAfZuGzSwUvuGf/ei0MkD7cptO7wXg2ITusXiXcA9mTHDk0LXihD/l2
XId8po6CYwCttJ7Zo2gsLMaXIdQ1o+YcvR1WENaQLW1i3wpW2gqrieBGA7WpfzCy
DZlg5IR8j0J8OQesoxyxbgA3anHTk5xkbEulT2whUQkblN1PJAtxccil7Xjd+FXv
KFKjYKDqGatZb+SevgxccWasiJtN/xK1C6DZrsI1j3UlvqWkTTHAs4HAnwPEguWx
3tW6HWS/ayw=
=5A4H
—–END PGP SIGNATURE—–

The post ESB-2021.1479 – [RedHat] bind: Denial of service – Remote/unauthenticated appeared first on Malware Devil.

https://malwaredevil.com/2021/04/30/esb-2021-1479-redhat-bind-denial-of-service-remote-unauthenticated/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1479-redhat-bind-denial-of-service-remote-unauthenticated

ESB-2021.1480 – [Ubuntu] Bind: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1480
USN-4929-1: Bind vulnerabilities
30 April 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: Bind
Publisher: Ubuntu
Operating System: Ubuntu
Impact/Access: Execute Arbitrary Code/Commands — Remote/Unauthenticated
Denial of Service — Remote/Unauthenticated
Reduced Security — Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2021-25216 CVE-2021-25215 CVE-2021-25214

Reference: ESB-2021.1442
ESB-2021.1479

Original Bulletin:
https://ubuntu.com/security/notices/USN-4929-1

– ————————–BEGIN INCLUDED TEXT——————–

USN-4929-1: Bind vulnerabilities
29 April 2021

Several security issues were fixed in Bind.
Releases

o Ubuntu 21.04
o Ubuntu 20.10
o Ubuntu 20.04 LTS
o Ubuntu 18.04 LTS
o Ubuntu 16.04 LTS

Packages

o bind9 – Internet Domain Name Server

Details

Greg Kuechle discovered that Bind incorrectly handled certain incremental
zone updates. A remote attacker could possibly use this issue to cause Bind
to crash, resulting in a denial of service. ( CVE-2021-25214 )

Siva Kakarla discovered that Bind incorrectly handled certain DNAME
records. A remote attacker could possibly use this issue to cause Bind to
crash, resulting in a denial of service. ( CVE-2021-25215 )

It was discovered that Bind incorrectly handled GSSAPI security policy
negotiation. A remote attacker could use this issue to cause Bind to crash,
resulting in a denial of service, or possibly execute arbitrary code.
( CVE-2021-25216 )

Update instructions

The problem can be corrected by updating your system to the following package
versions:

Ubuntu 21.04

o bind9 – 1:9.16.8-1ubuntu3.1

Ubuntu 20.10

o bind9 – 1:9.16.6-3ubuntu1.2

Ubuntu 20.04

o bind9 – 1:9.16.1-0ubuntu2.8

Ubuntu 18.04

o bind9 – 1:9.11.3+dfsg-1ubuntu1.15

Ubuntu 16.04

o bind9 – 1:9.10.3.dfsg.P4-8ubuntu1.19

In general, a standard system update will make all the necessary changes.

References

o CVE-2021-25215
o CVE-2021-25214
o CVE-2021-25216

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYItWBeNLKJtyKPYoAQhEbw/+JZagxA5swY/OW/5Nu3Vwkn6cKfNNdg/F
xQXe1atxED48+2hJMaJbqjR7NTN51lja+9astLukPuEhCq3UOdeTw8tYUck9Wuqr
ldjArB+jXkQ8+dR+OPbE3NzcSiL8AMY3ed201Y2azBK4oV3B6oZ3zb8rDtQlIzCZ
GYFrnph5jj3P46gz9e3VDrso4W1dwQFN70VelS2HiPlvyguS8RC/VvsYMRqndhY+
726QDUcGhLnZjXI2A6TANaTywN0gXiKi5icJRUXVudi6uuQ8U+xVS6Q1JKtONts8
w4YChAAGtVdPv05F6iSCIS42wJZTf3cLteBkcLvNcp/xm56XG6Ji4paJUl7yFU4U
iRMdf8Kpb4O1BZH5Qf70ZhLmKPmhOcmaH0WzysyQIQu6rWTD8vRxupRJkNZKLQUZ
F7CrfsFz5eCN7iQ1hMQWZLCysITNSj4TPP5UlKmhO4YPhUAAUI0FltQLGn1Cg7GZ
+VVZUkF6tKohZuKubAN3cwQYgtO16RMKT5vFyhZ2rHCkuo5Yr7InG60rPHMEMk3E
XI7ldLTLLzxniMNR0gRpTnS+5bBqy/JQD8LkbN+yNiF7IK3BVKITJBa6UgWoGVf1
eIB338p1pMt5wy68QDwNa8+CMBlk7yG3TkSdBofvcFKKACyv9l9okflB5lKZ1vle
jy4m4DchX2c=
=Jlou
—–END PGP SIGNATURE—–

The post ESB-2021.1480 – [Ubuntu] Bind: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/04/30/esb-2021-1480-ubuntu-bind-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1480-ubuntu-bind-multiple-vulnerabilities

ESB-2021.1481 – [Ubuntu] samba: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1481
USN-4930-1: Samba vulnerability
30 April 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: samba
Publisher: Ubuntu
Operating System: Ubuntu
Impact/Access: Unauthorised Access — Existing Account
Reduced Security — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-20254

Reference: ESB-2021.1478

Original Bulletin:
https://ubuntu.com/security/notices/USN-4930-1

– ————————–BEGIN INCLUDED TEXT——————–

USN-4930-1: Samba vulnerability
29 April 2021

Samba would allow unintended access to files over the network.
Releases

o Ubuntu 21.04
o Ubuntu 20.10
o Ubuntu 20.04 LTS
o Ubuntu 18.04 LTS
o Ubuntu 16.04 LTS

Packages

o samba – SMB/CIFS file, print, and login server for Unix

Details

Peter Eriksson discovered that Samba incorrectly handled certain negative
idmap cache entries. This issue could result in certain users gaining
unauthorized access to files, contrary to expected behaviour.

Update instructions

The problem can be corrected by updating your system to the following package
versions:

Ubuntu 21.04

o samba – 2:4.13.3+dfsg-1ubuntu2.1

Ubuntu 20.10

o samba – 2:4.12.5+dfsg-3ubuntu4.3

Ubuntu 20.04

o samba – 2:4.11.6+dfsg-0ubuntu1.8

Ubuntu 18.04

o samba – 2:4.7.6+dfsg~ubuntu-0ubuntu2.23

Ubuntu 16.04

o samba – 2:4.3.11+dfsg-0ubuntu0.16.04.34

In general, a standard system update will make all the necessary changes.

References

o CVE-2021-20254

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYItWJONLKJtyKPYoAQjPlhAAg6hop59n1XeqhXZmwh/PdJNOWHCAFS1m
ZljFNfUGBYDcUDTGazMlnOh56qjFlO0x1GJWjYFs9YXGMMVAcbLls9MAeOK19dNk
8NQYRg6xCr1V4bVVQ4ILse2VZLMQhk08Gfjxw5EWOB7rIMUu93jgIEvNIPlpwbIn
Hy6bxthWIKDzQC7yitt/ha6qu1OoQTw4Frqic/0OxkzLb4qT4wjVcTYBeKORIAwJ
4Pq8SPDtsNC5lLjKb1g3sHVEVYlo405Pft11AIkPiRqSDmARqqjmcJGRfVJ30mul
2paKrnbKD3ZTY4reZ2ozYNGknbRjQtqAzMXizfYZWL9Z1AC8YbKysGnTawpsaedY
uKWHooLZ/mGBsXzAmuyYyvkM6iP3KQgnihNvi+URH0U+O2LSr/nhCtStdjuk+ENZ
TLpVSAxsNdud9935z1bftKqmSSnSonxVMJPw11sAwGV0LY4WTLmLoJlSLlFOGrfy
qoLXUS4HCaJqbjXG5zt9aLH+egtnFk55g3w5MO+Mtrg/E35hopDyB9b4e+9B+HHZ
qJlSwE1LIuGzIdl6g6bLgRP103bOxylEaROmfcHT5bIwasTloFLPATxA2DL1sW4N
qP1LDUF11AOwuqclbwUrKD+zjSJtQscSMMlYy6veuanDcBhDlSDJPz+LY8mSe0ZD
V4CLBKiprwQ=
=5Tu+
—–END PGP SIGNATURE—–

The post ESB-2021.1481 – [Ubuntu] samba: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/04/30/esb-2021-1481-ubuntu-samba-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1481-ubuntu-samba-multiple-vulnerabilities

ESB-2021.1482 – [Debian] edk2: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1482
edk2 security update
30 April 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: edk2
Publisher: Debian
Operating System: Debian GNU/Linux
Impact/Access: Execute Arbitrary Code/Commands — Existing Account
Increased Privileges — Existing Account
Denial of Service — Remote/Unauthenticated
Access Confidential Data — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-28211 CVE-2021-28210 CVE-2019-14587
CVE-2019-14586 CVE-2019-14584 CVE-2019-14575
CVE-2019-14563 CVE-2019-14562 CVE-2019-14559
CVE-2019-14558 CVE-2019-0161

Reference: ESB-2021.1335
ESB-2020.3845
ESB-2020.1558

Original Bulletin:
https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html

– ————————–BEGIN INCLUDED TEXT——————–

– ————————————————————————-
Debian LTS Advisory DLA-2645-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Markus Koschany
April 29, 2021 https://wiki.debian.org/LTS
– ————————————————————————-

Package : edk2
Version : 0~20161202.7bbe0b3e-1+deb9u2
CVE ID : CVE-2019-0161 CVE-2019-14558 CVE-2019-14559 CVE-2019-14562
CVE-2019-14563 CVE-2019-14575 CVE-2019-14584 CVE-2019-1458
CVE-2019-14587 CVE-2021-28210 CVE-2021-28211
Debian Bug : 952926 968819 952934 977300

Several security vulnerabilities have been discovered in edk2, firmware for
virtual machines. Integer and stack overflows and uncontrolled resource
consumption may lead to a denial-of-service or in a worst case scenario,
allow an authenticated local user to potentially enable escalation of
privilege.

For Debian 9 stretch, these problems have been fixed in version
0~20161202.7bbe0b3e-1+deb9u2.

We recommend that you upgrade your edk2 packages.

For the detailed security status of edk2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/edk2

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

– —–BEGIN PGP SIGNATURE—–

iQKTBAABCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmCLEPVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeRcCBAAuoLCqLHNpZ6qrhaUwz19B8GgP0TvjGccXuwOTgSGjLt78z7K3GgcfcK/
HOHly7hEg1yxAds7hOLRsBDor58Sm4TKFGFIWdYyiLgnmexyNaZUq8UZOITAyvPu
klm4dnKBxKDYlI/RoU/a3iDBQ0AfFjS+ci7MZY0MZ25F0M2X7e+9RrcOaHmrUFHn
C5ybLcf5QEAqYD2LmroQZudHOwT5I328Rwh5YRa0qbfh32yOkku9VFMHq93Q3N7f
1Qy2EYvuAesSuBgJKuo0RIuBX3IPJd5yFvWR0JdyZeh6Unx/0SHwM2LwC9THRLfT
Zly7CrnR7aWFAnp2YDRu/uAwb0E9CzI1hcZcMEhHdUkDvButgbXRhYGjUTuDcnMQ
lCT0qCxGwr/AzccjEdWmOxa3/uC8Y5MTCRnHX8EYpWpttI2AxHReZVq5JHXOdbiB
7nwwUCCw73TzK7tPI48gIOmy3wQyh/IT+cBTACzarlwwdgZeep5LvEx6L1VYf1mB
xgFunkrupHmYqmAn11/jyy/fNgE5RE4Dwus5hiyA44W0Ji7U8I4v12oVhF8eJlba
2P0IZjixcxmVpnylgz9cTj+bCtiuGwlzIsg3rGX0y+Yjw8843OE/28Hm7zuArCnR
XerLxnuOAd0FeJh/Zu9vw810cHVGNr8JrpQjMhOr/GdKvHBP0fc=
=yKBL
– —–END PGP SIGNATURE—–

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYItWYONLKJtyKPYoAQj+oQ/7B4U8Zb9ddFHqKP9FJIJqr9lUnBKVsAdL
+AczDQLAzo5vvRTAoIShQi1TE6c0Gwmx/1e+6X2Xsq5mE4bYnBvYsrC4NTRwiT/m
PJzQy0HV1yhpnPy97moXvT4jSyGKRs5V2wvnBxC80jGIzFpyTJ864SiGFI5WxF7a
qyM3mRG97inHnGyM5zVQCrnFys5W6sL4+9lzu0dAOJhoR4Ou0POrPaORU7+Vi/cF
BcmYWsdWYaRl1M2vZnvNES/+xd4S3QP5ECKHhtbh54gBkuC/Vs4pUUez08sOJeTx
fTCChUcjzRvVtq/U+QemlzE4N2FG8Rjgf7t86XQOidMnEsA3oqDvppku02+iamMV
kSKT15X6ObCFuaqz02ndY/O9KEVGNfB8KzWRaDz8Qw9YDw4GOFCBOQNega4b9PWr
PJfFD9hAxPQdt3VHYeMLKAkmAhwmmA3EpAtl1LyXX1H0i35pTgNAftK3vbhcn9rZ
v9HrjCWBvYRIsZXYOX468OvwTa58CdTfM/2nsnnE4V0gzXZqqa29B36gGSkA5LQO
J7e/yBopM6Rsa+lmE1mY5hCR+rD01xiftCy3fRuxOULPhhogGD1te1T4R0n1Xhmw
71TQsre+gQ0N6esDi0GHjPNw0UYXx7Fo8xpGEC9BLIeXuI8nUpH6JHO/x3G8ONto
eGmbcG8vWVo=
=aAEL
—–END PGP SIGNATURE—–

The post ESB-2021.1482 – [Debian] edk2: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/04/30/esb-2021-1482-debian-edk2-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1482-debian-edk2-multiple-vulnerabilities

Malware Devil

Malware Devil

Friday, April 30, 2021

Task Force delivers strategic plan to address global ransomware problem

Ransomware: a threat to national security

Core actions organizations and governments must take

About the RTF and other anti-ransomware efforts

PortDoor Espionage Malware Takes Aim at Russian Defense Sector

The Night Witches of WWII

MITRE Adds MacOS, More Data Types to ATT&CK Framework

CISA Emergency Directive 21-03: VPN Vulnerabilities Actively Exploited

WeSteal: A Cryptocurrency-Stealing Tool That Does Just That

ESB-2021.1478 – [Win][UNIX/Linux][SUSE] samba: Multiple vulnerabilities

ESB-2021.1479 – [RedHat] bind: Denial of service – Remote/unauthenticated

ESB-2021.1480 – [Ubuntu] Bind: Multiple vulnerabilities

ESB-2021.1481 – [Ubuntu] samba: Multiple vulnerabilities

ESB-2021.1482 – [Debian] edk2: Multiple vulnerabilities

Barbary Pirates and Russian Cybercrime

Blog Archive

About Me