Malware Devil

Monday, May 3, 2021

BadAlloc Vulns, Gatekeeper Bypass, & More Spectre in Micro-Op Caches – ASW #149

This week in the AppSec News: Microsoft discloses “BadAlloc” bugs, macOS Gatekeeper logic falters, authentication issues in KDCs and ADs, Spectre gains another vector, followup on the UMN Linux kernel vulns study!

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw149

The post BadAlloc Vulns, Gatekeeper Bypass, & More Spectre in Micro-Op Caches – ASW #149 appeared first on Malware Devil.

https://malwaredevil.com/2021/05/03/badalloc-vulns-gatekeeper-bypass-more-spectre-in-micro-op-caches-asw-149/?utm_source=rss&utm_medium=rss&utm_campaign=badalloc-vulns-gatekeeper-bypass-more-spectre-in-micro-op-caches-asw-149

[Valve] critical – OOB reads in network message handlers leads to RCE (7500.00USD)

Google Chrome

Mozilla Firefox

Opera

Apple Safari

Microsoft Internet Explorer

Download latest

The post [Valve] critical – OOB reads in network message handlers leads to RCE (7500.00USD) appeared first on Malware Devil.

https://malwaredevil.com/2021/05/03/valve-critical-oob-reads-in-network-message-handlers-leads-to-rce-7500-00usd/?utm_source=rss&utm_medium=rss&utm_campaign=valve-critical-oob-reads-in-network-message-handlers-leads-to-rce-7500-00usd

Beyond good ol’ Run key, Part 134

This one is for historical reasons, primarily.

Old Adobe Photoshop/ImageReady used to have a feature called “Jump to” which is neatly described here.

The feature was implemented via a simple directory structure located here:

c:Program FilesAdobeAdobe Photoshop CS2Helpers

and its 2 subdirectories:

Jump To Graphics EditorJump To HTML Editor

Dropping your own LNK, EXE or any executable file inside these subdirectories would enable you to extend the menu, or… replace the existing LNK file. Basically implementing a lame persistent mechanism e.g. as shown on the below pic:

The post Beyond good ol’ Run key, Part 134 appeared first on Malware Devil.

https://malwaredevil.com/2021/05/03/beyond-good-ol-run-key-part-134/?utm_source=rss&utm_medium=rss&utm_campaign=beyond-good-ol-run-key-part-134

Simplifique la gestión de actualizaciones de terceros para Intune con Patch Connect Plus

Los administradores y técnicos de TI de todo el mundo que buscan llevar la gestión de parches de terceros a la nube o incluso ampliar sus funciones de gestión de endpoints pueden empezar a celebrar, ya que Patch Connect Plus…

The post Simplifique la gestión de actualizaciones de terceros para Intune con Patch Connect Plus appeared first on ManageEngine Blog.

The post Simplifique la gestión de actualizaciones de terceros para Intune con Patch Connect Plus appeared first on Security Boulevard.

The post Simplifique la gestión de actualizaciones de terceros para Intune con Patch Connect Plus appeared first on Malware Devil.

https://malwaredevil.com/2021/05/03/simplifique-la-gestion-de-actualizaciones-de-terceros-para-intune-con-patch-connect-plus/?utm_source=rss&utm_medium=rss&utm_campaign=simplifique-la-gestion-de-actualizaciones-de-terceros-para-intune-con-patch-connect-plus

From Sky-High to JumpCloud: Making Cloud the Most Secure Environment for Every Business

It’s time to start thinking about how we manage today’s heterogeneous workplace environment; this is where JumpCloud comes in, and why I joined the team.

The post From Sky-High to JumpCloud: Making Cloud the Most Secure Environment for Every Business appeared first on JumpCloud.

The post From Sky-High to JumpCloud: Making Cloud the Most Secure Environment for Every Business appeared first on Security Boulevard.

The post From Sky-High to JumpCloud: Making Cloud the Most Secure Environment for Every Business appeared first on Malware Devil.

https://malwaredevil.com/2021/05/03/from-sky-high-to-jumpcloud-making-cloud-the-most-secure-environment-for-every-business/?utm_source=rss&utm_medium=rss&utm_campaign=from-sky-high-to-jumpcloud-making-cloud-the-most-secure-environment-for-every-business

EMS_2021_Anti-Phishing

The post EMS_2021_Anti-Phishing appeared first on Malware Devil.

https://malwaredevil.com/2021/05/03/ems_2021_anti-phishing/?utm_source=rss&utm_medium=rss&utm_campaign=ems_2021_anti-phishing

EMS_2021_Anti-Theft

The post EMS_2021_Anti-Theft appeared first on Malware Devil.

https://malwaredevil.com/2021/05/03/ems_2021_anti-theft/?utm_source=rss&utm_medium=rss&utm_campaign=ems_2021_anti-theft

EMS_2021_Antivirus

The post EMS_2021_Antivirus appeared first on Malware Devil.

https://malwaredevil.com/2021/05/03/ems_2021_antivirus/?utm_source=rss&utm_medium=rss&utm_campaign=ems_2021_antivirus

EMS_2021_App-Lock

The post EMS_2021_App-Lock appeared first on Malware Devil.

https://malwaredevil.com/2021/05/03/ems_2021_app-lock/?utm_source=rss&utm_medium=rss&utm_campaign=ems_2021_app-lock

EMS_2021_Call-Filter

The post EMS_2021_Call-Filter appeared first on Malware Devil.

https://malwaredevil.com/2021/05/03/ems_2021_call-filter/?utm_source=rss&utm_medium=rss&utm_campaign=ems_2021_call-filter

EMS_2021_Connected-Home

The post EMS_2021_Connected-Home appeared first on Malware Devil.

https://malwaredevil.com/2021/05/03/ems_2021_connected-home/?utm_source=rss&utm_medium=rss&utm_campaign=ems_2021_connected-home

EMS_2021_Payment-Protection

The post EMS_2021_Payment-Protection appeared first on Malware Devil.

https://malwaredevil.com/2021/05/03/ems_2021_payment-protection/?utm_source=rss&utm_medium=rss&utm_campaign=ems_2021_payment-protection

Social Media Security for Seniors | Avast

Social media is a wonderful way for seniors to reconnect with long-lost friends and stay in touch with family online. Today, 75% of adults ages 65 and older are using the internet, compared to just 14% of seniors in 2000.

The post Social Media Security for Seniors | Avast appeared first on Security Boulevard.

The post Social Media Security for Seniors | Avast appeared first on Malware Devil.

https://malwaredevil.com/2021/05/03/social-media-security-for-seniors-avast/?utm_source=rss&utm_medium=rss&utm_campaign=social-media-security-for-seniors-avast

Pulse Connect Secure Patch Availability – SA44784

Today, the Pulse Secure team released a security update to address the issue outlined in Security Advisory SA44784 (CVE-2021-22893) impacting Pulse Connect Secure appliance. We recommend that customers move quickly to apply the update to ensure they are protected.

The post Pulse Connect Secure Patch Availability – SA44784 appeared first on Pulse Secure Blog.

The post Pulse Connect Secure Patch Availability – SA44784 appeared first on Security Boulevard.

The post Pulse Connect Secure Patch Availability – SA44784 appeared first on Malware Devil.

https://malwaredevil.com/2021/05/03/pulse-connect-secure-patch-availability-sa44784/?utm_source=rss&utm_medium=rss&utm_campaign=pulse-connect-secure-patch-availability-sa44784

Two-Step Verification

Two-step verification (also called two-factor authentication or 2FA) is one of the best steps you can take to secure any account. Two-step verification is when you require both a password and code sent to or generated by your mobile device. At a minimum enable two-step verification for your most important accounts such as email, financial and retirement accounts.
Read More

The post Two-Step Verification appeared first on Malware Devil.

https://malwaredevil.com/2021/05/03/two-step-verification/?utm_source=rss&utm_medium=rss&utm_campaign=two-step-verification

ESB-2021.1490 – [SUSE] cifs-utils: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1490
Security update for cifs-utils
3 May 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: cifs-utils
Publisher: SUSE
Operating System: SUSE
Impact/Access: Execute Arbitrary Code/Commands — Existing Account
Increased Privileges — Existing Account
Access Confidential Data — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-20208 CVE-2020-14342

Reference: ESB-2021.1238

Original Bulletin:
https://www.suse.com/support/update/announcement/2021/suse-su-20211455-1

– ————————–BEGIN INCLUDED TEXT——————–

SUSE Security Update: Security update for cifs-utils

______________________________________________________________________________

Announcement ID: SUSE-SU-2021:1455-1
Rating: important
References: #1152930 #1174477 #1183239 #1184815
Cross-References: CVE-2020-14342 CVE-2021-20208
Affected Products:
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-ESPOS
______________________________________________________________________________

An update that solves two vulnerabilities and has two fixes is now available.

Description:

This update for cifs-utils fixes the following security issues:

o CVE-2021-20208: Fixed a potential kerberos auth leak escaping from
container. (bsc#1183239)
o CVE-2020-14342: Fixed a shell command injection vulnerability in
mount.cifs. (bsc#1174477)

This update for cifs-utils fixes the following issues:

o Solve invalid directory mounting. When attempting to change the current
working directory into non-existing directories, mount.cifs crashes. (bsc#
1152930)

o Fixed a bug where it was no longer possible to mount CIFS filesystem after
the last maintenance update. (bsc#1184815)

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:

o SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1455=1
o SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2021-1455=1
o SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1455=1
o SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1455=1

Package List:

o SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
cifs-utils-6.9-3.14.1
cifs-utils-debuginfo-6.9-3.14.1
cifs-utils-debugsource-6.9-3.14.1
cifs-utils-devel-6.9-3.14.1
o SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
cifs-utils-6.9-3.14.1
cifs-utils-debuginfo-6.9-3.14.1
cifs-utils-debugsource-6.9-3.14.1
cifs-utils-devel-6.9-3.14.1
o SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
cifs-utils-6.9-3.14.1
cifs-utils-debuginfo-6.9-3.14.1
cifs-utils-debugsource-6.9-3.14.1
cifs-utils-devel-6.9-3.14.1
o SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
cifs-utils-6.9-3.14.1
cifs-utils-debuginfo-6.9-3.14.1
cifs-utils-debugsource-6.9-3.14.1
cifs-utils-devel-6.9-3.14.1

References:

o https://www.suse.com/security/cve/CVE-2020-14342.html
o https://www.suse.com/security/cve/CVE-2021-20208.html
o https://bugzilla.suse.com/1152930
o https://bugzilla.suse.com/1174477
o https://bugzilla.suse.com/1183239
o https://bugzilla.suse.com/1184815

– ————————–END INCLUDED TEXT——————–

You have received this e-mail bulletin as a result of your organisation’s
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT’s members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation’s
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author’s website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
—–BEGIN PGP SIGNATURE—–
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYI9SIeNLKJtyKPYoAQj3Bg//cU3e0RrjwwXLf+HwVt2plYu8sjBg6Myl
9+ALHZ2lgUJhP4A29AIi5lzgImfaX7oFB9pXfJAipU/HBl+UQLZy9Ob4d+xyP113
BTPV/1lKEGrjxzETW91SqBS2woxYv5OYQU7MpOofE8ijDagJ6+uCD28M/3Qu1MHY
T41k0elvZrExSX67Y53C8c9ttknLM3vsjzjhM4PXVHXyps5Qr26EXyYUIOIsp2Mt
XvyWIfyO/MQFm/yqAvLS9w4Vv4zxsAa9AL88mHLeDHZlYg250CD8jVRBWqgIz4iQ
+TwZA1vAIlr4XlTiWsFoSGIb53mGwtxlwqeyAdcO8dP2hnxnOHOWz2kti6hTQQ28
C331Fsggq8WKuiTMwvIVbgAp4c7mHDiSITQf2q4tGPQlXJA3ROwRj6kzvODBypGy
vH/Zvghp99MlKF+lNZtYfh8snLC39m/fr14WNtBA5xtjqWcL9hCvV4GH/w3xgjwa
grhhrC0wCt8ht8VlUt3hpzJgIrWOZjzpH+etvNGg9tCH77aBhw4JqmRZgKu4NV0N
lDCMt9W9NarE4JztjzWSbbANtRK6VWGc4IbpUS+JYJPawsafDiwIzUQAP5PM4dqZ
QGFynH7ZC2Z5b6hI5QT+4asE7d9i5EB462OyWrvqaJlJ+/O2dbjgtrHZc1/lPePx
Dojjnj5tySc=
=IYOE
—–END PGP SIGNATURE—–

The post ESB-2021.1490 – [SUSE] cifs-utils: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/05/03/esb-2021-1490-suse-cifs-utils-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1490-suse-cifs-utils-multiple-vulnerabilities

ESB-2021.1491 – [SUSE] containerd, docker and runc: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1491
Security update for containerd, docke and runc
3 May 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: containerd
docker
runc
Publisher: SUSE
Operating System: SUSE
Impact/Access: Execute Arbitrary Code/Commands — Remote/Unauthenticated
Root Compromise — Existing Account
Denial of Service — Remote/Unauthenticated
Access Confidential Data — Remote/Unauthenticated
Unauthorised Access — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-21334 CVE-2021-21285 CVE-2021-21284
CVE-2019-19921 CVE-2019-16884 CVE-2019-5736
CVE-2018-16875 CVE-2018-16874 CVE-2018-16873

Reference: ESB-2021.0891
ESB-2021.0734
ESB-2020.2186
ESB-2020.1505
ESB-2020.1231

Original Bulletin:
https://www.suse.com/support/update/announcement/2021/suse-su-20211458-1

– ————————–BEGIN INCLUDED TEXT——————–

SUSE Security Update: Security update for containerd, docker, runc

______________________________________________________________________________

Announcement ID: SUSE-SU-2021:1458-1
Rating: important
References: #1028638 #1034053 #1048046 #1051429 #1053532 #1095817
#1118897 #1118898 #1118899 #1121967 #1131314 #1131553
#1149954 #1152308 #1160452 #1168481 #1175081 #1175821
#1181594 #1181641 #1181677 #1181730 #1181732 #1181749
#1182451 #1182476 #1182947 #1183024 #1183397 #1183855
#1184768 #1184962
Cross-References: CVE-2018-16873 CVE-2018-16874 CVE-2018-16875 CVE-2019-16884
CVE-2019-19921 CVE-2019-5736 CVE-2021-21284 CVE-2021-21285
CVE-2021-21334
Affected Products:
SUSE Linux Enterprise Module for Containers 12
______________________________________________________________________________

An update that solves 9 vulnerabilities and has 23 fixes is now available.

Description:

This update for containerd, docker, runc fixes the following issues:

o Docker was updated to 20.10.6-ce * Switch version to use -ce suffix rather
than _ce to avoid confusing other tools (bsc#1182476). * CVE-2021-21284:
Fixed a potential privilege escalation when the root user in the remapped
namespace has access to the host filesystem (bsc#1181732) * CVE-2021-21285:
Fixed an issue where pulling a malformed Docker image manifest crashes the
dockerd daemon (bsc#1181730).

o runc was updated to v1.0.0~rc93 (bsc#1182451 and bsc#1184962). * Use the
upstream runc package (bsc#1181641, bsc#1181677, bsc#1175821). * Fixed /dev
/null is not available (bsc#1168481). * Fixed an issue where podman hangs
when spawned by salt-minion process (bsc#1149954). * CVE-2019-19921: Fixed
a race condition with shared mounts (bsc#1160452). * CVE-2019-16884: Fixed
an LSM bypass via malicious Docker image that mount over a /proc directory
(bsc#1152308). * CVE-2019-5736: Fixed potential write attacks to the host
runc binary (bsc#1121967). * Fixed an issue where after a kernel-update
docker doesn’t run (bsc#1131314 bsc#1131553) * Ensure that we always
include the version information in runc (bsc#1053532).

o Switch to Go 1.13 for build. * CVE-2018-16873: Fixed a potential remote
code execution (bsc#1118897). * CVE-2018-16874: Fixed a directory traversal
in “go get” via curly braces in import paths (bsc#1118898). *
CVE-2018-16875: Fixed a CPU denial of service (bsc#1118899). * Fixed an
issue with building containers (bsc#1095817).

o containerd was updated to v1.4.4 * CVE-2021-21334: Fixed a potential
information leak through environment variables (bsc#1183397). * Handle a
requirement from docker (bsc#1181594). * Install the containerd-shim*
binaries and stop creating (bsc#1183024). * update version to the one
required by docker (bsc#1034053)

o Use -buildmode=pie for tests and binary build (bsc#1048046, bsc#1051429)
o Cleanup seccomp builds similar (bsc#1028638).
o Update to handle the docker-runc removal, and drop the -kubic flavour (bsc#
1181677, bsc#1181749)

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:

o SUSE Linux Enterprise Module for Containers 12:
zypper in -t patch SUSE-SLE-Module-Containers-12-2021-1458=1

Package List:

o SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64):
containerd-1.4.4-16.38.1
docker-20.10.6_ce-98.66.1
docker-debuginfo-20.10.6_ce-98.66.1
runc-1.0.0~rc93-16.8.1
runc-debuginfo-1.0.0~rc93-16.8.1

References:

o https://www.suse.com/security/cve/CVE-2018-16873.html
o https://www.suse.com/security/cve/CVE-2018-16874.html
o https://www.suse.com/security/cve/CVE-2018-16875.html
o https://www.suse.com/security/cve/CVE-2019-16884.html
o https://www.suse.com/security/cve/CVE-2019-19921.html
o https://www.suse.com/security/cve/CVE-2019-5736.html
o https://www.suse.com/security/cve/CVE-2021-21284.html
o https://www.suse.com/security/cve/CVE-2021-21285.html
o https://www.suse.com/security/cve/CVE-2021-21334.html
o https://bugzilla.suse.com/1028638
o https://bugzilla.suse.com/1034053
o https://bugzilla.suse.com/1048046
o https://bugzilla.suse.com/1051429
o https://bugzilla.suse.com/1053532
o https://bugzilla.suse.com/1095817
o https://bugzilla.suse.com/1118897
o https://bugzilla.suse.com/1118898
o https://bugzilla.suse.com/1118899
o https://bugzilla.suse.com/1121967
o https://bugzilla.suse.com/1131314
o https://bugzilla.suse.com/1131553
o https://bugzilla.suse.com/1149954
o https://bugzilla.suse.com/1152308
o https://bugzilla.suse.com/1160452
o https://bugzilla.suse.com/1168481
o https://bugzilla.suse.com/1175081
o https://bugzilla.suse.com/1175821
o https://bugzilla.suse.com/1181594
o https://bugzilla.suse.com/1181641
o https://bugzilla.suse.com/1181677
o https://bugzilla.suse.com/1181730
o https://bugzilla.suse.com/1181732
o https://bugzilla.suse.com/1181749
o https://bugzilla.suse.com/1182451
o https://bugzilla.suse.com/1182476
o https://bugzilla.suse.com/1182947
o https://bugzilla.suse.com/1183024
o https://bugzilla.suse.com/1183397
o https://bugzilla.suse.com/1183855
o https://bugzilla.suse.com/1184768
o https://bugzilla.suse.com/1184962

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYI9SQ+NLKJtyKPYoAQgLbA//V7PZYFhgC+VYUGnx4x1nt0QeKrz7pfOh
OtCP9MgEodakL/ShdwCbamYJ5dgEKDYmQO9h73xTYfErOtDIG10ssi/IE1msNARm
Jn3Z6EyRT5QPArJUgc00hb6RDxvU3HPpwo+XI5IfS8dhIyNPFrnDt4bVc/ZGyH9M
DRWJiPb+K99diV3u9BkoeMl7vbINWORF+k+mAyxYhqamWUxUj6swe7v8KOKCkxlK
RcA4cXPcE4jREvsVfhW/KdBWoQu7PPfRc9pTkvN6Ph5jVRjYaRtCn8IQHUB30oY5
gLc/duwJTek5V0/nqDCVkyZl7L7h7luoFnzPXPrFzbBZ8Z6tYXSA9u3aXlA0QgWp
Ul9PAdS2RLdtKcufKsGJBier6y5rdcCdvZAm3KwXNL3+pvztEl+zwvIp/Su3IUiP
+QWsxq5wp1l2u7hNE1rA6rcdD/B3nzA5dqQH//H0o/d8UNS0NK212RzWhvqYHl/T
LD2ZSIHIDtYe9ju6B1SEq6Bg3N6sUZSjTu0AmDDV3v6iJp2ToiLksoc0SirvS+HA
dC3P//r0UYKB1dRvfGrvEFauZRnnRtwxvXRNx30bTHXwcA7Fl7/yn69Rn9Y/QzjK
+26nTz0+TDUsCbnKwtSbMbnWsbdbhRK5Hsf9jIOWTTEZFamzPMQkgYPqu2L6eajT
GyBmJpPWrek=
=HG/k
—–END PGP SIGNATURE—–

The post ESB-2021.1491 – [SUSE] containerd, docker and runc: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/05/03/esb-2021-1491-suse-containerd-docker-and-runc-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1491-suse-containerd-docker-and-runc-multiple-vulnerabilities

ESB-2021.1492 – [Win][UNIX/Linux][SUSE] cups: Root compromise – Existing account

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1492
Security update for cups
3 May 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: cups
Publisher: SUSE
Operating System: SUSE
UNIX variants (UNIX, Linux, OSX)
Windows
Impact/Access: Root Compromise — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-25317

Original Bulletin:
https://www.suse.com/support/update/announcement/2021/suse-su-20211454-1
https://www.suse.com/support/update/announcement/2021/suse-su-202114712-1
https://www.suse.com/support/update/announcement/2021/suse-su-20211453-1

Comment: This advisory references vulnerabilities in products which run on
platforms other than SUSE. It is recommended that administrators
running cups check for an updated version of the software for their
operating system.

This bulletin contains three (3) SUSE security advisories.

– ————————–BEGIN INCLUDED TEXT——————–

SUSE Security Update: Security update for cups

______________________________________________________________________________

Announcement ID: SUSE-SU-2021:1454-1
Rating: important
References: #1184161
Cross-References: CVE-2021-25317
Affected Products:
SUSE Manager Server 4.0
SUSE Manager Retail Branch Server 4.0
SUSE Manager Proxy 4.0
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Module for Development Tools 15-SP3
SUSE Linux Enterprise Module for Development Tools 15-SP2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP2
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Enterprise Storage 6
SUSE CaaS Platform 4.0
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for cups fixes the following issues:

o CVE-2021-25317: ownership of /var/log/cups could allow privilege escalation
from lp user to root via symlink attacks (bsc#1184161)

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:

o SUSE Manager Server 4.0:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1454=1
o SUSE Manager Retail Branch Server 4.0:
zypper in -t patch
SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1454=1
o SUSE Manager Proxy 4.0:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1454=1
o SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1454=1
o SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1454=1
o SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1454=1
o SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1454=1
o SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2021-1454=1
o SUSE Linux Enterprise Module for Development Tools 15-SP3:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-1454=1
o SUSE Linux Enterprise Module for Development Tools 15-SP2:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-1454=1
o SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1454=1
o SUSE Linux Enterprise Module for Basesystem 15-SP2:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1454=1
o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1454=1
o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1454=1
o SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1454=1
o SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1454=1
o SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2021-1454=1
o SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform ‘skuba’ tool. I will
inform you if it detects new updates and let you then trigger updating of
the complete cluster in a controlled way.

Package List:

o SUSE Manager Server 4.0 (ppc64le s390x x86_64):
cups-2.2.7-3.26.1
cups-client-2.2.7-3.26.1
cups-client-debuginfo-2.2.7-3.26.1
cups-config-2.2.7-3.26.1
cups-ddk-2.2.7-3.26.1
cups-ddk-debuginfo-2.2.7-3.26.1
cups-debuginfo-2.2.7-3.26.1
cups-debugsource-2.2.7-3.26.1
cups-devel-2.2.7-3.26.1
libcups2-2.2.7-3.26.1
libcups2-debuginfo-2.2.7-3.26.1
libcupscgi1-2.2.7-3.26.1
libcupscgi1-debuginfo-2.2.7-3.26.1
libcupsimage2-2.2.7-3.26.1
libcupsimage2-debuginfo-2.2.7-3.26.1
libcupsmime1-2.2.7-3.26.1
libcupsmime1-debuginfo-2.2.7-3.26.1
libcupsppdc1-2.2.7-3.26.1
libcupsppdc1-debuginfo-2.2.7-3.26.1
o SUSE Manager Server 4.0 (x86_64):
libcups2-32bit-2.2.7-3.26.1
libcups2-32bit-debuginfo-2.2.7-3.26.1
o SUSE Manager Retail Branch Server 4.0 (x86_64):
cups-2.2.7-3.26.1
cups-client-2.2.7-3.26.1
cups-client-debuginfo-2.2.7-3.26.1
cups-config-2.2.7-3.26.1
cups-ddk-2.2.7-3.26.1
cups-ddk-debuginfo-2.2.7-3.26.1
cups-debuginfo-2.2.7-3.26.1
cups-debugsource-2.2.7-3.26.1
cups-devel-2.2.7-3.26.1
libcups2-2.2.7-3.26.1
libcups2-32bit-2.2.7-3.26.1
libcups2-32bit-debuginfo-2.2.7-3.26.1
libcups2-debuginfo-2.2.7-3.26.1
libcupscgi1-2.2.7-3.26.1
libcupscgi1-debuginfo-2.2.7-3.26.1
libcupsimage2-2.2.7-3.26.1
libcupsimage2-debuginfo-2.2.7-3.26.1
libcupsmime1-2.2.7-3.26.1
libcupsmime1-debuginfo-2.2.7-3.26.1
libcupsppdc1-2.2.7-3.26.1
libcupsppdc1-debuginfo-2.2.7-3.26.1
o SUSE Manager Proxy 4.0 (x86_64):
cups-2.2.7-3.26.1
cups-client-2.2.7-3.26.1
cups-client-debuginfo-2.2.7-3.26.1
cups-config-2.2.7-3.26.1
cups-ddk-2.2.7-3.26.1
cups-ddk-debuginfo-2.2.7-3.26.1
cups-debuginfo-2.2.7-3.26.1
cups-debugsource-2.2.7-3.26.1
cups-devel-2.2.7-3.26.1
libcups2-2.2.7-3.26.1
libcups2-32bit-2.2.7-3.26.1
libcups2-32bit-debuginfo-2.2.7-3.26.1
libcups2-debuginfo-2.2.7-3.26.1
libcupscgi1-2.2.7-3.26.1
libcupscgi1-debuginfo-2.2.7-3.26.1
libcupsimage2-2.2.7-3.26.1
libcupsimage2-debuginfo-2.2.7-3.26.1
libcupsmime1-2.2.7-3.26.1
libcupsmime1-debuginfo-2.2.7-3.26.1
libcupsppdc1-2.2.7-3.26.1
libcupsppdc1-debuginfo-2.2.7-3.26.1
o SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
cups-2.2.7-3.26.1
cups-client-2.2.7-3.26.1
cups-client-debuginfo-2.2.7-3.26.1
cups-config-2.2.7-3.26.1
cups-ddk-2.2.7-3.26.1
cups-ddk-debuginfo-2.2.7-3.26.1
cups-debuginfo-2.2.7-3.26.1
cups-debugsource-2.2.7-3.26.1
cups-devel-2.2.7-3.26.1
libcups2-2.2.7-3.26.1
libcups2-debuginfo-2.2.7-3.26.1
libcupscgi1-2.2.7-3.26.1
libcupscgi1-debuginfo-2.2.7-3.26.1
libcupsimage2-2.2.7-3.26.1
libcupsimage2-debuginfo-2.2.7-3.26.1
libcupsmime1-2.2.7-3.26.1
libcupsmime1-debuginfo-2.2.7-3.26.1
libcupsppdc1-2.2.7-3.26.1
libcupsppdc1-debuginfo-2.2.7-3.26.1
o SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64):
libcups2-32bit-2.2.7-3.26.1
libcups2-32bit-debuginfo-2.2.7-3.26.1
o SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
cups-2.2.7-3.26.1
cups-client-2.2.7-3.26.1
cups-client-debuginfo-2.2.7-3.26.1
cups-config-2.2.7-3.26.1
cups-ddk-2.2.7-3.26.1
cups-ddk-debuginfo-2.2.7-3.26.1
cups-debuginfo-2.2.7-3.26.1
cups-debugsource-2.2.7-3.26.1
cups-devel-2.2.7-3.26.1
libcups2-2.2.7-3.26.1
libcups2-debuginfo-2.2.7-3.26.1
libcupscgi1-2.2.7-3.26.1
libcupscgi1-debuginfo-2.2.7-3.26.1
libcupsimage2-2.2.7-3.26.1
libcupsimage2-debuginfo-2.2.7-3.26.1
libcupsmime1-2.2.7-3.26.1
libcupsmime1-debuginfo-2.2.7-3.26.1
libcupsppdc1-2.2.7-3.26.1
libcupsppdc1-debuginfo-2.2.7-3.26.1
o SUSE Linux Enterprise Server for SAP 15 (x86_64):
libcups2-32bit-2.2.7-3.26.1
libcups2-32bit-debuginfo-2.2.7-3.26.1
o SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
cups-2.2.7-3.26.1
cups-client-2.2.7-3.26.1
cups-client-debuginfo-2.2.7-3.26.1
cups-config-2.2.7-3.26.1
cups-ddk-2.2.7-3.26.1
cups-ddk-debuginfo-2.2.7-3.26.1
cups-debuginfo-2.2.7-3.26.1
cups-debugsource-2.2.7-3.26.1
cups-devel-2.2.7-3.26.1
libcups2-2.2.7-3.26.1
libcups2-debuginfo-2.2.7-3.26.1
libcupscgi1-2.2.7-3.26.1
libcupscgi1-debuginfo-2.2.7-3.26.1
libcupsimage2-2.2.7-3.26.1
libcupsimage2-debuginfo-2.2.7-3.26.1
libcupsmime1-2.2.7-3.26.1
libcupsmime1-debuginfo-2.2.7-3.26.1
libcupsppdc1-2.2.7-3.26.1
libcupsppdc1-debuginfo-2.2.7-3.26.1
o SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64):
libcups2-32bit-2.2.7-3.26.1
libcups2-32bit-debuginfo-2.2.7-3.26.1
o SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
cups-2.2.7-3.26.1
cups-client-2.2.7-3.26.1
cups-client-debuginfo-2.2.7-3.26.1
cups-config-2.2.7-3.26.1
cups-ddk-2.2.7-3.26.1
cups-ddk-debuginfo-2.2.7-3.26.1
cups-debuginfo-2.2.7-3.26.1
cups-debugsource-2.2.7-3.26.1
cups-devel-2.2.7-3.26.1
libcups2-2.2.7-3.26.1
libcups2-32bit-2.2.7-3.26.1
libcups2-32bit-debuginfo-2.2.7-3.26.1
libcups2-debuginfo-2.2.7-3.26.1
libcupscgi1-2.2.7-3.26.1
libcupscgi1-debuginfo-2.2.7-3.26.1
libcupsimage2-2.2.7-3.26.1
libcupsimage2-debuginfo-2.2.7-3.26.1
libcupsmime1-2.2.7-3.26.1
libcupsmime1-debuginfo-2.2.7-3.26.1
libcupsppdc1-2.2.7-3.26.1
libcupsppdc1-debuginfo-2.2.7-3.26.1
o SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
cups-2.2.7-3.26.1
cups-client-2.2.7-3.26.1
cups-client-debuginfo-2.2.7-3.26.1
cups-config-2.2.7-3.26.1
cups-ddk-2.2.7-3.26.1
cups-ddk-debuginfo-2.2.7-3.26.1
cups-debuginfo-2.2.7-3.26.1
cups-debugsource-2.2.7-3.26.1
cups-devel-2.2.7-3.26.1
libcups2-2.2.7-3.26.1
libcups2-debuginfo-2.2.7-3.26.1
libcupscgi1-2.2.7-3.26.1
libcupscgi1-debuginfo-2.2.7-3.26.1
libcupsimage2-2.2.7-3.26.1
libcupsimage2-debuginfo-2.2.7-3.26.1
libcupsmime1-2.2.7-3.26.1
libcupsmime1-debuginfo-2.2.7-3.26.1
libcupsppdc1-2.2.7-3.26.1
libcupsppdc1-debuginfo-2.2.7-3.26.1
o SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le
s390x x86_64):
cups-ddk-2.2.7-3.26.1
cups-ddk-debuginfo-2.2.7-3.26.1
cups-debuginfo-2.2.7-3.26.1
cups-debugsource-2.2.7-3.26.1
o SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le
s390x x86_64):
cups-ddk-2.2.7-3.26.1
cups-ddk-debuginfo-2.2.7-3.26.1
cups-debuginfo-2.2.7-3.26.1
cups-debugsource-2.2.7-3.26.1
o SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x
x86_64):
cups-2.2.7-3.26.1
cups-client-2.2.7-3.26.1
cups-client-debuginfo-2.2.7-3.26.1
cups-config-2.2.7-3.26.1
cups-debuginfo-2.2.7-3.26.1
cups-debugsource-2.2.7-3.26.1
cups-devel-2.2.7-3.26.1
libcups2-2.2.7-3.26.1
libcups2-debuginfo-2.2.7-3.26.1
libcupscgi1-2.2.7-3.26.1
libcupscgi1-debuginfo-2.2.7-3.26.1
libcupsimage2-2.2.7-3.26.1
libcupsimage2-debuginfo-2.2.7-3.26.1
libcupsmime1-2.2.7-3.26.1
libcupsmime1-debuginfo-2.2.7-3.26.1
libcupsppdc1-2.2.7-3.26.1
libcupsppdc1-debuginfo-2.2.7-3.26.1
o SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64):
libcups2-32bit-2.2.7-3.26.1
libcups2-32bit-debuginfo-2.2.7-3.26.1
o SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x
x86_64):
cups-2.2.7-3.26.1
cups-client-2.2.7-3.26.1
cups-client-debuginfo-2.2.7-3.26.1
cups-config-2.2.7-3.26.1
cups-debuginfo-2.2.7-3.26.1
cups-debugsource-2.2.7-3.26.1
cups-devel-2.2.7-3.26.1
libcups2-2.2.7-3.26.1
libcups2-debuginfo-2.2.7-3.26.1
libcupscgi1-2.2.7-3.26.1
libcupscgi1-debuginfo-2.2.7-3.26.1
libcupsimage2-2.2.7-3.26.1
libcupsimage2-debuginfo-2.2.7-3.26.1
libcupsmime1-2.2.7-3.26.1
libcupsmime1-debuginfo-2.2.7-3.26.1
libcupsppdc1-2.2.7-3.26.1
libcupsppdc1-debuginfo-2.2.7-3.26.1
o SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64):
libcups2-32bit-2.2.7-3.26.1
libcups2-32bit-debuginfo-2.2.7-3.26.1
o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64
x86_64):
cups-2.2.7-3.26.1
cups-client-2.2.7-3.26.1
cups-client-debuginfo-2.2.7-3.26.1
cups-config-2.2.7-3.26.1
cups-ddk-2.2.7-3.26.1
cups-ddk-debuginfo-2.2.7-3.26.1
cups-debuginfo-2.2.7-3.26.1
cups-debugsource-2.2.7-3.26.1
cups-devel-2.2.7-3.26.1
libcups2-2.2.7-3.26.1
libcups2-debuginfo-2.2.7-3.26.1
libcupscgi1-2.2.7-3.26.1
libcupscgi1-debuginfo-2.2.7-3.26.1
libcupsimage2-2.2.7-3.26.1
libcupsimage2-debuginfo-2.2.7-3.26.1
libcupsmime1-2.2.7-3.26.1
libcupsmime1-debuginfo-2.2.7-3.26.1
libcupsppdc1-2.2.7-3.26.1
libcupsppdc1-debuginfo-2.2.7-3.26.1
o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64):
libcups2-32bit-2.2.7-3.26.1
libcups2-32bit-debuginfo-2.2.7-3.26.1
o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64
x86_64):
cups-2.2.7-3.26.1
cups-client-2.2.7-3.26.1
cups-client-debuginfo-2.2.7-3.26.1
cups-config-2.2.7-3.26.1
cups-ddk-2.2.7-3.26.1
cups-ddk-debuginfo-2.2.7-3.26.1
cups-debuginfo-2.2.7-3.26.1
cups-debugsource-2.2.7-3.26.1
cups-devel-2.2.7-3.26.1
libcups2-2.2.7-3.26.1
libcups2-debuginfo-2.2.7-3.26.1
libcupscgi1-2.2.7-3.26.1
libcupscgi1-debuginfo-2.2.7-3.26.1
libcupsimage2-2.2.7-3.26.1
libcupsimage2-debuginfo-2.2.7-3.26.1
libcupsmime1-2.2.7-3.26.1
libcupsmime1-debuginfo-2.2.7-3.26.1
libcupsppdc1-2.2.7-3.26.1
libcupsppdc1-debuginfo-2.2.7-3.26.1
o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64):
libcups2-32bit-2.2.7-3.26.1
libcups2-32bit-debuginfo-2.2.7-3.26.1
o SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
cups-2.2.7-3.26.1
cups-client-2.2.7-3.26.1
cups-client-debuginfo-2.2.7-3.26.1
cups-config-2.2.7-3.26.1
cups-ddk-2.2.7-3.26.1
cups-ddk-debuginfo-2.2.7-3.26.1
cups-debuginfo-2.2.7-3.26.1
cups-debugsource-2.2.7-3.26.1
cups-devel-2.2.7-3.26.1
libcups2-2.2.7-3.26.1
libcups2-debuginfo-2.2.7-3.26.1
libcupscgi1-2.2.7-3.26.1
libcupscgi1-debuginfo-2.2.7-3.26.1
libcupsimage2-2.2.7-3.26.1
libcupsimage2-debuginfo-2.2.7-3.26.1
libcupsmime1-2.2.7-3.26.1
libcupsmime1-debuginfo-2.2.7-3.26.1
libcupsppdc1-2.2.7-3.26.1
libcupsppdc1-debuginfo-2.2.7-3.26.1
o SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64):
libcups2-32bit-2.2.7-3.26.1
libcups2-32bit-debuginfo-2.2.7-3.26.1
o SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
cups-2.2.7-3.26.1
cups-client-2.2.7-3.26.1
cups-client-debuginfo-2.2.7-3.26.1
cups-config-2.2.7-3.26.1
cups-ddk-2.2.7-3.26.1
cups-ddk-debuginfo-2.2.7-3.26.1
cups-debuginfo-2.2.7-3.26.1
cups-debugsource-2.2.7-3.26.1
cups-devel-2.2.7-3.26.1
libcups2-2.2.7-3.26.1
libcups2-debuginfo-2.2.7-3.26.1
libcupscgi1-2.2.7-3.26.1
libcupscgi1-debuginfo-2.2.7-3.26.1
libcupsimage2-2.2.7-3.26.1
libcupsimage2-debuginfo-2.2.7-3.26.1
libcupsmime1-2.2.7-3.26.1
libcupsmime1-debuginfo-2.2.7-3.26.1
libcupsppdc1-2.2.7-3.26.1
libcupsppdc1-debuginfo-2.2.7-3.26.1
o SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64):
libcups2-32bit-2.2.7-3.26.1
libcups2-32bit-debuginfo-2.2.7-3.26.1
o SUSE Enterprise Storage 6 (aarch64 x86_64):
cups-2.2.7-3.26.1
cups-client-2.2.7-3.26.1
cups-client-debuginfo-2.2.7-3.26.1
cups-config-2.2.7-3.26.1
cups-ddk-2.2.7-3.26.1
cups-ddk-debuginfo-2.2.7-3.26.1
cups-debuginfo-2.2.7-3.26.1
cups-debugsource-2.2.7-3.26.1
cups-devel-2.2.7-3.26.1
libcups2-2.2.7-3.26.1
libcups2-debuginfo-2.2.7-3.26.1
libcupscgi1-2.2.7-3.26.1
libcupscgi1-debuginfo-2.2.7-3.26.1
libcupsimage2-2.2.7-3.26.1
libcupsimage2-debuginfo-2.2.7-3.26.1
libcupsmime1-2.2.7-3.26.1
libcupsmime1-debuginfo-2.2.7-3.26.1
libcupsppdc1-2.2.7-3.26.1
libcupsppdc1-debuginfo-2.2.7-3.26.1
o SUSE Enterprise Storage 6 (x86_64):
libcups2-32bit-2.2.7-3.26.1
libcups2-32bit-debuginfo-2.2.7-3.26.1
o SUSE CaaS Platform 4.0 (x86_64):
cups-2.2.7-3.26.1
cups-client-2.2.7-3.26.1
cups-client-debuginfo-2.2.7-3.26.1
cups-config-2.2.7-3.26.1
cups-ddk-2.2.7-3.26.1
cups-ddk-debuginfo-2.2.7-3.26.1
cups-debuginfo-2.2.7-3.26.1
cups-debugsource-2.2.7-3.26.1
cups-devel-2.2.7-3.26.1
libcups2-2.2.7-3.26.1
libcups2-32bit-2.2.7-3.26.1
libcups2-32bit-debuginfo-2.2.7-3.26.1
libcups2-debuginfo-2.2.7-3.26.1
libcupscgi1-2.2.7-3.26.1
libcupscgi1-debuginfo-2.2.7-3.26.1
libcupsimage2-2.2.7-3.26.1
libcupsimage2-debuginfo-2.2.7-3.26.1
libcupsmime1-2.2.7-3.26.1
libcupsmime1-debuginfo-2.2.7-3.26.1
libcupsppdc1-2.2.7-3.26.1
libcupsppdc1-debuginfo-2.2.7-3.26.1

References:

o https://www.suse.com/security/cve/CVE-2021-25317.html
o https://bugzilla.suse.com/1184161

– ——————————————————————————–

SUSE Security Update: Security update for cups

______________________________________________________________________________

Announcement ID: SUSE-SU-2021:14712-1
Rating: important
References: #1184161
Cross-References: CVE-2021-25317
Affected Products:
SUSE Linux Enterprise Server 11-SP4-LTSS
SUSE Linux Enterprise Point of Sale 11-SP3
SUSE Linux Enterprise Debuginfo 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP3
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for cups fixes the following issues:

o CVE-2021-25317: ownership of /var/log/cups could allow privilege escalation
from lp user to root via symlink attacks (bsc#1184161)

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:

o SUSE Linux Enterprise Server 11-SP4-LTSS:
zypper in -t patch slessp4-cups-14712=1
o SUSE Linux Enterprise Point of Sale 11-SP3:
zypper in -t patch sleposp3-cups-14712=1
o SUSE Linux Enterprise Debuginfo 11-SP4:
zypper in -t patch dbgsp4-cups-14712=1
o SUSE Linux Enterprise Debuginfo 11-SP3:
zypper in -t patch dbgsp3-cups-14712=1

Package List:

o SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64):
cups-1.3.9-8.46.56.18.1
cups-client-1.3.9-8.46.56.18.1
cups-libs-1.3.9-8.46.56.18.1
o SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64):
cups-libs-32bit-1.3.9-8.46.56.18.1
o SUSE Linux Enterprise Point of Sale 11-SP3 (i586):
cups-1.3.9-8.46.56.18.1
cups-client-1.3.9-8.46.56.18.1
cups-libs-1.3.9-8.46.56.18.1
o SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64):
cups-debuginfo-1.3.9-8.46.56.18.1
cups-debugsource-1.3.9-8.46.56.18.1
o SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64):
cups-debuginfo-1.3.9-8.46.56.18.1
cups-debugsource-1.3.9-8.46.56.18.1

References:

o https://www.suse.com/security/cve/CVE-2021-25317.html
o https://bugzilla.suse.com/1184161

– ——————————————————————————–

SUSE Security Update: Security update for cups

______________________________________________________________________________

Announcement ID: SUSE-SU-2021:1453-1
Rating: important
References: #1184161
Cross-References: CVE-2021-25317
Affected Products:
SUSE OpenStack Cloud Crowbar 9
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud 8
SUSE Linux Enterprise Software Development Kit 12-SP5
SUSE Linux Enterprise Server for SAP 12-SP4
SUSE Linux Enterprise Server for SAP 12-SP3
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server 12-SP4-LTSS
SUSE Linux Enterprise Server 12-SP3-LTSS
SUSE Linux Enterprise Server 12-SP3-BCL
SUSE Linux Enterprise Server 12-SP2-LTSS-SAP
SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON
SUSE Linux Enterprise Server 12-SP2-BCL
HPE Helion Openstack 8
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for cups fixes the following issues:

o CVE-2021-25317: ownership of /var/log/cups could allow privilege escalation
from lp user to root via symlink attacks (bsc#1184161)

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:

o SUSE OpenStack Cloud Crowbar 9:
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-1453=1
o SUSE OpenStack Cloud Crowbar 8:
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-1453=1
o SUSE OpenStack Cloud 9:
zypper in -t patch SUSE-OpenStack-Cloud-9-2021-1453=1
o SUSE OpenStack Cloud 8:
zypper in -t patch SUSE-OpenStack-Cloud-8-2021-1453=1
o SUSE Linux Enterprise Software Development Kit 12-SP5:
zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1453=1
o SUSE Linux Enterprise Server for SAP 12-SP4:
zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-1453=1
o SUSE Linux Enterprise Server for SAP 12-SP3:
zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-1453=1
o SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1453=1
o SUSE Linux Enterprise Server 12-SP4-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-1453=1
o SUSE Linux Enterprise Server 12-SP3-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-1453=1
o SUSE Linux Enterprise Server 12-SP3-BCL:
zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-1453=1
o SUSE Linux Enterprise Server 12-SP2-LTSS-SAP:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-SAP-2021-1453=1
o SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-ERICSSON-2021-1453=1
o SUSE Linux Enterprise Server 12-SP2-BCL:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-1453=1
o HPE Helion Openstack 8:
zypper in -t patch HPE-Helion-OpenStack-8-2021-1453=1

Package List:

o SUSE OpenStack Cloud Crowbar 9 (x86_64):
cups-1.7.5-20.36.1
cups-client-1.7.5-20.36.1
cups-client-debuginfo-1.7.5-20.36.1
cups-debuginfo-1.7.5-20.36.1
cups-debugsource-1.7.5-20.36.1
cups-libs-1.7.5-20.36.1
cups-libs-32bit-1.7.5-20.36.1
cups-libs-debuginfo-1.7.5-20.36.1
cups-libs-debuginfo-32bit-1.7.5-20.36.1
o SUSE OpenStack Cloud Crowbar 8 (x86_64):
cups-1.7.5-20.36.1
cups-client-1.7.5-20.36.1
cups-client-debuginfo-1.7.5-20.36.1
cups-debuginfo-1.7.5-20.36.1
cups-debugsource-1.7.5-20.36.1
cups-libs-1.7.5-20.36.1
cups-libs-32bit-1.7.5-20.36.1
cups-libs-debuginfo-1.7.5-20.36.1
cups-libs-debuginfo-32bit-1.7.5-20.36.1
o SUSE OpenStack Cloud 9 (x86_64):
cups-1.7.5-20.36.1
cups-client-1.7.5-20.36.1
cups-client-debuginfo-1.7.5-20.36.1
cups-debuginfo-1.7.5-20.36.1
cups-debugsource-1.7.5-20.36.1
cups-libs-1.7.5-20.36.1
cups-libs-32bit-1.7.5-20.36.1
cups-libs-debuginfo-1.7.5-20.36.1
cups-libs-debuginfo-32bit-1.7.5-20.36.1
o SUSE OpenStack Cloud 8 (x86_64):
cups-1.7.5-20.36.1
cups-client-1.7.5-20.36.1
cups-client-debuginfo-1.7.5-20.36.1
cups-debuginfo-1.7.5-20.36.1
cups-debugsource-1.7.5-20.36.1
cups-libs-1.7.5-20.36.1
cups-libs-32bit-1.7.5-20.36.1
cups-libs-debuginfo-1.7.5-20.36.1
cups-libs-debuginfo-32bit-1.7.5-20.36.1
o SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le
s390x x86_64):
cups-ddk-1.7.5-20.36.1
cups-ddk-debuginfo-1.7.5-20.36.1
cups-debuginfo-1.7.5-20.36.1
cups-debugsource-1.7.5-20.36.1
cups-devel-1.7.5-20.36.1
o SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):
cups-1.7.5-20.36.1
cups-client-1.7.5-20.36.1
cups-client-debuginfo-1.7.5-20.36.1
cups-debuginfo-1.7.5-20.36.1
cups-debugsource-1.7.5-20.36.1
cups-libs-1.7.5-20.36.1
cups-libs-debuginfo-1.7.5-20.36.1
o SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64):
cups-libs-32bit-1.7.5-20.36.1
cups-libs-debuginfo-32bit-1.7.5-20.36.1
o SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64):
cups-1.7.5-20.36.1
cups-client-1.7.5-20.36.1
cups-client-debuginfo-1.7.5-20.36.1
cups-debuginfo-1.7.5-20.36.1
cups-debugsource-1.7.5-20.36.1
cups-libs-1.7.5-20.36.1
cups-libs-debuginfo-1.7.5-20.36.1
o SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64):
cups-libs-32bit-1.7.5-20.36.1
cups-libs-debuginfo-32bit-1.7.5-20.36.1
o SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
cups-1.7.5-20.36.1
cups-client-1.7.5-20.36.1
cups-client-debuginfo-1.7.5-20.36.1
cups-debuginfo-1.7.5-20.36.1
cups-debugsource-1.7.5-20.36.1
cups-libs-1.7.5-20.36.1
cups-libs-debuginfo-1.7.5-20.36.1
o SUSE Linux Enterprise Server 12-SP5 (s390x x86_64):
cups-libs-32bit-1.7.5-20.36.1
cups-libs-debuginfo-32bit-1.7.5-20.36.1
o SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):
cups-1.7.5-20.36.1
cups-client-1.7.5-20.36.1
cups-client-debuginfo-1.7.5-20.36.1
cups-debuginfo-1.7.5-20.36.1
cups-debugsource-1.7.5-20.36.1
cups-libs-1.7.5-20.36.1
cups-libs-debuginfo-1.7.5-20.36.1
o SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64):
cups-libs-32bit-1.7.5-20.36.1
cups-libs-debuginfo-32bit-1.7.5-20.36.1
o SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64):
cups-1.7.5-20.36.1
cups-client-1.7.5-20.36.1
cups-client-debuginfo-1.7.5-20.36.1
cups-debuginfo-1.7.5-20.36.1
cups-debugsource-1.7.5-20.36.1
cups-libs-1.7.5-20.36.1
cups-libs-debuginfo-1.7.5-20.36.1
o SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64):
cups-libs-32bit-1.7.5-20.36.1
cups-libs-debuginfo-32bit-1.7.5-20.36.1
o SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):
cups-1.7.5-20.36.1
cups-client-1.7.5-20.36.1
cups-client-debuginfo-1.7.5-20.36.1
cups-debuginfo-1.7.5-20.36.1
cups-debugsource-1.7.5-20.36.1
cups-libs-1.7.5-20.36.1
cups-libs-32bit-1.7.5-20.36.1
cups-libs-debuginfo-1.7.5-20.36.1
cups-libs-debuginfo-32bit-1.7.5-20.36.1
o SUSE Linux Enterprise Server 12-SP2-LTSS-SAP (x86_64):
cups-1.7.5-20.36.1
cups-client-1.7.5-20.36.1
cups-client-debuginfo-1.7.5-20.36.1
cups-debuginfo-1.7.5-20.36.1
cups-debugsource-1.7.5-20.36.1
cups-libs-1.7.5-20.36.1
cups-libs-32bit-1.7.5-20.36.1
cups-libs-debuginfo-1.7.5-20.36.1
cups-libs-debuginfo-32bit-1.7.5-20.36.1
o SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON (x86_64):
cups-1.7.5-20.36.1
cups-client-1.7.5-20.36.1
cups-client-debuginfo-1.7.5-20.36.1
cups-debuginfo-1.7.5-20.36.1
cups-debugsource-1.7.5-20.36.1
cups-libs-1.7.5-20.36.1
cups-libs-32bit-1.7.5-20.36.1
cups-libs-debuginfo-1.7.5-20.36.1
cups-libs-debuginfo-32bit-1.7.5-20.36.1
o SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):
cups-1.7.5-20.36.1
cups-client-1.7.5-20.36.1
cups-client-debuginfo-1.7.5-20.36.1
cups-debuginfo-1.7.5-20.36.1
cups-debugsource-1.7.5-20.36.1
cups-libs-1.7.5-20.36.1
cups-libs-32bit-1.7.5-20.36.1
cups-libs-debuginfo-1.7.5-20.36.1
cups-libs-debuginfo-32bit-1.7.5-20.36.1
o HPE Helion Openstack 8 (x86_64):
cups-1.7.5-20.36.1
cups-client-1.7.5-20.36.1
cups-client-debuginfo-1.7.5-20.36.1
cups-debuginfo-1.7.5-20.36.1
cups-debugsource-1.7.5-20.36.1
cups-libs-1.7.5-20.36.1
cups-libs-32bit-1.7.5-20.36.1
cups-libs-debuginfo-1.7.5-20.36.1
cups-libs-debuginfo-32bit-1.7.5-20.36.1

References:

o https://www.suse.com/security/cve/CVE-2021-25317.html
o https://bugzilla.suse.com/1184161

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYI9SVeNLKJtyKPYoAQg+7hAAqsFDRY6eMEYbYHWcU8aGqr4271gDdrTr
Y+/H/Hzy/R07KRrhaJ7M8lqqXYAQGQjz2HlZLPtW09VxYPwWto5pALyuIUPNo4Tm
Te4PbzZxCd/7RblOvgbjRVMbOLBVYuBZAZLs3FfOZkbEdSRbmYphmWcyLbDRf8wj
TGvmmbDWCzp+r980CLYy9IUmdUXhf/fh8U99OtDIzR21IHjbjUo2NEoTkDOIAbln
vxVIvz0yKJbxlowcjCEiv/N7uvvmKEN4Q4D5DDD5QvinsIZO51aSrzRcCSB2iI5Y
4ctfvHWpXfgX/wF+KW9qG6AuGRrBdC35KL3mQ9cx5LNjERE7P3PjR3yU+FH8AI7p
R6jEZLgFBGFVdTqnlfTU+yGt321HlsLiavk4dkSeBfoQnfr5FmJdI0kgYr7YrEqC
jSn3c2XuCWAjAhgaS6ZZeX2s8RI3FZpR6Da0UROgTgrsL71igJxcniFRzdwPGGvW
XarZIqUIW4VDnqiha5WrjxEiNQDj2gNej7KH6Vc8uwcYzBI+Xs23VKjSodrn5rKR
g8JB/Zzf0becR4gdJLDgVylyuSwXKg1jaYfW2xitaJ5LjwD8Ykry20qU/PygnwmN
WVYWf6KHycRA/q9yMyqWV3MLsA3axLNueCbvDsjiIQfDOk1X1naPTH+9piAjvK8I
HN25cLfIfIU=
=hlUL
—–END PGP SIGNATURE—–

The post ESB-2021.1492 – [Win][UNIX/Linux][SUSE] cups: Root compromise – Existing account appeared first on Malware Devil.

https://malwaredevil.com/2021/05/03/esb-2021-1492-winunix-linuxsuse-cups-root-compromise-existing-account/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1492-winunix-linuxsuse-cups-root-compromise-existing-account

How to Solve the Cybersecurity Skills Gap

Understanding how to bridge the talent gap in the cybersecurity industry requires thinking beyond traditional approaches to recruiting. While there’s been progress, there is still room for organizations to evolve, which will require not only changing the way they think about hiring but the way hiring managers communicate with human resources. Yet many organizations continue..

The post How to Solve the Cybersecurity Skills Gap appeared first on Security Boulevard.

The post How to Solve the Cybersecurity Skills Gap appeared first on Malware Devil.

https://malwaredevil.com/2021/05/03/how-to-solve-the-cybersecurity-skills-gap/?utm_source=rss&utm_medium=rss&utm_campaign=how-to-solve-the-cybersecurity-skills-gap

Shlayer Strikes Again Through Zero-Day in MacOS 11.3

Apple this week revealed that its new macOS 11.3 update comes with a fix for a critical vulnerability – one that hackers actively exploited with Shlayer malware that can sidestep Apple defenses. The zero-day flaw, first discovered in March but likely in use by hackers since Jan. 9, allows unapproved software to run on Mac..

The post Shlayer Strikes Again Through Zero-Day in MacOS 11.3 appeared first on Security Boulevard.

The post Shlayer Strikes Again Through Zero-Day in MacOS 11.3 appeared first on Malware Devil.

https://malwaredevil.com/2021/05/03/shlayer-strikes-again-through-zero-day-in-macos-11-3/?utm_source=rss&utm_medium=rss&utm_campaign=shlayer-strikes-again-through-zero-day-in-macos-11-3

Malware Devil

Malware Devil

Monday, May 3, 2021

BadAlloc Vulns, Gatekeeper Bypass, & More Spectre in Micro-Op Caches – ASW #149

[Valve] critical – OOB reads in network message handlers leads to RCE (7500.00USD)

Beyond good ol’ Run key, Part 134

Simplifique la gestión de actualizaciones de terceros para Intune con Patch Connect Plus

From Sky-High to JumpCloud: Making Cloud the Most Secure Environment for Every Business

EMS_2021_Anti-Phishing

EMS_2021_Anti-Theft

EMS_2021_Antivirus

EMS_2021_App-Lock

EMS_2021_Call-Filter

EMS_2021_Connected-Home

EMS_2021_Payment-Protection

Social Media Security for Seniors | Avast

Pulse Connect Secure Patch Availability – SA44784

Two-Step Verification

ESB-2021.1490 – [SUSE] cifs-utils: Multiple vulnerabilities

ESB-2021.1491 – [SUSE] containerd, docker and runc: Multiple vulnerabilities

ESB-2021.1492 – [Win][UNIX/Linux][SUSE] cups: Root compromise – Existing account

How to Solve the Cybersecurity Skills Gap

Shlayer Strikes Again Through Zero-Day in MacOS 11.3

Barbary Pirates and Russian Cybercrime

Blog Archive

About Me