Malware Devil

Tuesday, June 1, 2021

ESB-2021.1859 – [SUSE] curl: Access confidential data – Remote/unauthenticated

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1859
Security update for curl
1 June 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: curl
Publisher: SUSE
Operating System: SUSE
Impact/Access: Access Confidential Data — Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2021-22898 CVE-2021-22876

Reference: ESB-2021.1841
ESB-2021.1827

Original Bulletin:
https://www.suse.com/support/update/announcement/2021/suse-su-20211809-1

– ————————–BEGIN INCLUDED TEXT——————–

SUSE Security Update: Security update for curl

______________________________________________________________________________

Announcement ID: SUSE-SU-2021:1809-1
Rating: moderate
References: #1177976 #1183933 #1186114
Cross-References: CVE-2021-22876 CVE-2021-22898
Affected Products:
SUSE Manager Server 4.0
SUSE Manager Retail Branch Server 4.0
SUSE Manager Proxy 4.0
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Enterprise Storage 6
SUSE CaaS Platform 4.0
______________________________________________________________________________

An update that solves two vulnerabilities, contains one feature and has one
errata is now available.

Description:

This update for curl fixes the following issues:

o CVE-2021-22876: Fixed an issue where the automatic referer was leaking
credentials (bsc#1183933).
o CVE-2021-22898: Fixed curl TELNET stack contents disclosure (bsc#1186114).
o Fix for SFTP uploads when it results in empty uploaded files (bsc#1177976).
o Allow partial chain verification (jsc#SLE-17956).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:

o SUSE Manager Server 4.0:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1809=1
o SUSE Manager Retail Branch Server 4.0:
zypper in -t patch
SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1809=1
o SUSE Manager Proxy 4.0:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1809=1
o SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1809=1
o SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1809=1
o SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1809=1
o SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1809=1
o SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2021-1809=1
o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1809=1
o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1809=1
o SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1809=1
o SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1809=1
o SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2021-1809=1
o SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform ‘skuba’ tool. I will
inform you if it detects new updates and let you then trigger updating of
the complete cluster in a controlled way.

Package List:

o SUSE Manager Server 4.0 (ppc64le s390x x86_64):
curl-7.60.0-3.42.1
curl-debuginfo-7.60.0-3.42.1
curl-debugsource-7.60.0-3.42.1
libcurl-devel-7.60.0-3.42.1
libcurl4-7.60.0-3.42.1
libcurl4-debuginfo-7.60.0-3.42.1
o SUSE Manager Server 4.0 (x86_64):
libcurl4-32bit-7.60.0-3.42.1
libcurl4-32bit-debuginfo-7.60.0-3.42.1
o SUSE Manager Retail Branch Server 4.0 (x86_64):
curl-7.60.0-3.42.1
curl-debuginfo-7.60.0-3.42.1
curl-debugsource-7.60.0-3.42.1
libcurl-devel-7.60.0-3.42.1
libcurl4-32bit-7.60.0-3.42.1
libcurl4-32bit-debuginfo-7.60.0-3.42.1
libcurl4-7.60.0-3.42.1
libcurl4-debuginfo-7.60.0-3.42.1
o SUSE Manager Proxy 4.0 (x86_64):
curl-7.60.0-3.42.1
curl-debuginfo-7.60.0-3.42.1
curl-debugsource-7.60.0-3.42.1
libcurl-devel-7.60.0-3.42.1
libcurl4-32bit-7.60.0-3.42.1
libcurl4-32bit-debuginfo-7.60.0-3.42.1
libcurl4-7.60.0-3.42.1
libcurl4-debuginfo-7.60.0-3.42.1
o SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
curl-7.60.0-3.42.1
curl-debuginfo-7.60.0-3.42.1
curl-debugsource-7.60.0-3.42.1
libcurl-devel-7.60.0-3.42.1
libcurl4-7.60.0-3.42.1
libcurl4-debuginfo-7.60.0-3.42.1
o SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64):
libcurl4-32bit-7.60.0-3.42.1
libcurl4-32bit-debuginfo-7.60.0-3.42.1
o SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
curl-7.60.0-3.42.1
curl-debuginfo-7.60.0-3.42.1
curl-debugsource-7.60.0-3.42.1
libcurl-devel-7.60.0-3.42.1
libcurl4-7.60.0-3.42.1
libcurl4-debuginfo-7.60.0-3.42.1
o SUSE Linux Enterprise Server for SAP 15 (x86_64):
libcurl4-32bit-7.60.0-3.42.1
libcurl4-32bit-debuginfo-7.60.0-3.42.1
o SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
curl-7.60.0-3.42.1
curl-debuginfo-7.60.0-3.42.1
curl-debugsource-7.60.0-3.42.1
libcurl-devel-7.60.0-3.42.1
libcurl4-7.60.0-3.42.1
libcurl4-debuginfo-7.60.0-3.42.1
o SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64):
libcurl4-32bit-7.60.0-3.42.1
libcurl4-32bit-debuginfo-7.60.0-3.42.1
o SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
curl-7.60.0-3.42.1
curl-debuginfo-7.60.0-3.42.1
curl-debugsource-7.60.0-3.42.1
libcurl-devel-7.60.0-3.42.1
libcurl4-32bit-7.60.0-3.42.1
libcurl4-32bit-debuginfo-7.60.0-3.42.1
libcurl4-7.60.0-3.42.1
libcurl4-debuginfo-7.60.0-3.42.1
o SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
curl-7.60.0-3.42.1
curl-debuginfo-7.60.0-3.42.1
curl-debugsource-7.60.0-3.42.1
libcurl-devel-7.60.0-3.42.1
libcurl4-7.60.0-3.42.1
libcurl4-debuginfo-7.60.0-3.42.1
o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64
x86_64):
curl-7.60.0-3.42.1
curl-debuginfo-7.60.0-3.42.1
curl-debugsource-7.60.0-3.42.1
libcurl-devel-7.60.0-3.42.1
libcurl4-7.60.0-3.42.1
libcurl4-debuginfo-7.60.0-3.42.1
o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64):
libcurl4-32bit-7.60.0-3.42.1
libcurl4-32bit-debuginfo-7.60.0-3.42.1
o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64
x86_64):
curl-7.60.0-3.42.1
curl-debuginfo-7.60.0-3.42.1
curl-debugsource-7.60.0-3.42.1
libcurl-devel-7.60.0-3.42.1
libcurl4-7.60.0-3.42.1
libcurl4-debuginfo-7.60.0-3.42.1
o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64):
libcurl4-32bit-7.60.0-3.42.1
libcurl4-32bit-debuginfo-7.60.0-3.42.1
o SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
curl-7.60.0-3.42.1
curl-debuginfo-7.60.0-3.42.1
curl-debugsource-7.60.0-3.42.1
libcurl-devel-7.60.0-3.42.1
libcurl4-7.60.0-3.42.1
libcurl4-debuginfo-7.60.0-3.42.1
o SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64):
libcurl4-32bit-7.60.0-3.42.1
libcurl4-32bit-debuginfo-7.60.0-3.42.1
o SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
curl-7.60.0-3.42.1
curl-debuginfo-7.60.0-3.42.1
curl-debugsource-7.60.0-3.42.1
libcurl-devel-7.60.0-3.42.1
libcurl4-7.60.0-3.42.1
libcurl4-debuginfo-7.60.0-3.42.1
o SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64):
libcurl4-32bit-7.60.0-3.42.1
libcurl4-32bit-debuginfo-7.60.0-3.42.1
o SUSE Enterprise Storage 6 (aarch64 x86_64):
curl-7.60.0-3.42.1
curl-debuginfo-7.60.0-3.42.1
curl-debugsource-7.60.0-3.42.1
libcurl-devel-7.60.0-3.42.1
libcurl4-7.60.0-3.42.1
libcurl4-debuginfo-7.60.0-3.42.1
o SUSE Enterprise Storage 6 (x86_64):
libcurl4-32bit-7.60.0-3.42.1
libcurl4-32bit-debuginfo-7.60.0-3.42.1
o SUSE CaaS Platform 4.0 (x86_64):
curl-7.60.0-3.42.1
curl-debuginfo-7.60.0-3.42.1
curl-debugsource-7.60.0-3.42.1
libcurl-devel-7.60.0-3.42.1
libcurl4-32bit-7.60.0-3.42.1
libcurl4-32bit-debuginfo-7.60.0-3.42.1
libcurl4-7.60.0-3.42.1
libcurl4-debuginfo-7.60.0-3.42.1

References:

o https://www.suse.com/security/cve/CVE-2021-22876.html
o https://www.suse.com/security/cve/CVE-2021-22898.html
o https://bugzilla.suse.com/1177976
o https://bugzilla.suse.com/1183933
o https://bugzilla.suse.com/1186114

– ————————–END INCLUDED TEXT——————–

You have received this e-mail bulletin as a result of your organisation’s
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT’s members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation’s
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author’s website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
—–BEGIN PGP SIGNATURE—–
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYLXGEuNLKJtyKPYoAQgsSRAAiUp2devbZ+gfRx5yLt6j3YHPInA6fBVK
laakxjag9MTB2QgUWsjHPIQhJ2ni4JJcd7jyXfODraLL8MWaOPvuvyxrDK+xdF01
2tz6dCcQTnaOeHgvEIy5sqDLpeClGmeCh/ehPRBFCvfn/4a5sJtrbYadc2Pnzw9L
P+a5o39yAG0wb4s09gQgoa+MyupwvwkDmHj0ku1j8WP+9e90lM2rZcNp3n5hTZfx
B5bLr8j0nOxXKgwnuO/veCl3M62tAopR8of3jtuyrSDv36aFVZlsrimuJ1LcyPZp
H6Mf3rrjLCztvoSGA9C4LJWyCjyPrfrgVS5Q7gxyVrKljkBs2u38YaZnp9WR4nhN
2EiLAtGVdGnIjeaZFzex3XJJ2ko2NIFcUwKgmV/LjAvPWJEzW0XAJ8MdwU+sQL+i
4mGaSE43Nc4EjR2IrN5xGzvTi8pYKZTLHacAqgkYpeg995nLpJnKP3LuRZxD7uOD
CBOKd3tvyO6ozghrYcXN+RRy7xcbKlj44Sb5ETrIBXwKr/Ew0A28jIXf0g8XADCA
HJAqNBnR8P9cwhKFYZsVFf5bB+xDKixF8cLsit8d1DK9UU3L42PqVZarj5hGXr2x
aERraHc5fA3D/EoyhA58w0MuQy0ijNy/56ptTT4ISfePcGQYgGmTXcTs8vquBXwj
ZYyF+VcT3nU=
=uTbF
—–END PGP SIGNATURE—–

The post ESB-2021.1859 – [SUSE] curl: Access confidential data – Remote/unauthenticated appeared first on Malware Devil.

https://malwaredevil.com/2021/06/01/esb-2021-1859-suse-curl-access-confidential-data-remote-unauthenticated/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1859-suse-curl-access-confidential-data-remote-unauthenticated

ESB-2021.1860 – [SUSE] djvulibre: Denial of service – Remote with user interaction

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1860
Security update for djvulibre
1 June 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: djvulibre
Publisher: SUSE
Operating System: SUSE
Impact/Access: Denial of Service — Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2021-3500

Reference: ESB-2021.1822
ESB-2021.1681

Original Bulletin:
https://www.suse.com/support/update/announcement/2021/suse-su-202114738-1

– ————————–BEGIN INCLUDED TEXT——————–

SUSE Security Update: Security update for djvulibre

______________________________________________________________________________

Announcement ID: SUSE-SU-2021:14738-1
Rating: important
References: #1186253
Cross-References: CVE-2021-3500
Affected Products:
SUSE Linux Enterprise Server 11-SP4-LTSS
SUSE Linux Enterprise Point of Sale 11-SP3
SUSE Linux Enterprise Debuginfo 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP3
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for djvulibre fixes the following issues:

o CVE-2021-3500: Stack overflow in function DJVU:DjVuDocument:get_djvu_file()
via crafted djvu file (bsc#1186253)

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:

o SUSE Linux Enterprise Server 11-SP4-LTSS:
zypper in -t patch slessp4-djvulibre-14738=1
o SUSE Linux Enterprise Point of Sale 11-SP3:
zypper in -t patch sleposp3-djvulibre-14738=1
o SUSE Linux Enterprise Debuginfo 11-SP4:
zypper in -t patch dbgsp4-djvulibre-14738=1
o SUSE Linux Enterprise Debuginfo 11-SP3:
zypper in -t patch dbgsp3-djvulibre-14738=1

Package List:

o SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64):
libdjvulibre21-3.5.21-3.12.1
o SUSE Linux Enterprise Point of Sale 11-SP3 (i586):
libdjvulibre21-3.5.21-3.12.1
o SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64):
djvulibre-debuginfo-3.5.21-3.12.1
djvulibre-debugsource-3.5.21-3.12.1
o SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64):
djvulibre-debuginfo-3.5.21-3.12.1
djvulibre-debugsource-3.5.21-3.12.1

References:

o https://www.suse.com/security/cve/CVE-2021-3500.html
o https://bugzilla.suse.com/1186253

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYLXHoeNLKJtyKPYoAQiH6A//RnowlHmQiwDts/JYroNqotpN1AGBwokq
h9TieA10lnldPr4VklxPBMyuHe0xTK4rfO8SQYpmg0cfOqZ1/fcVmB1vqlhbl/kl
RDGSNjCpLI7NEDSlhGXOXV+AIt0MxM3WnAIwCrXhsWgPh0h7cVMloi9CHy/LcW+5
BhTfNY868RhcnrnDIBAoJyLNM0Y50O/w6QaLYvh/f6MemwS3Oph7gUDXnDvUtND0
pfyJTxsZu0Zc1vFvjykSTd1XLFBv/ePTtDjHYjpnUuNJjUaTCI+Yn87qM/qGFOeC
niOeA1BaJ9To9L42W48fTnvuHKGzcmGoSzm2eebgtctZ0GzFyCJcq/jW+EuN1Cmv
uSlZq68X3iBzgId0EoGvO8VKdpJ4G4gge79qtoAXK7Gxl2Zmxn4eK9He9HF9aVrO
9aVEkMQzk62ibXGgB8Ze+Lj2R9wJSySl7V9uljDhSx2xWmtW2SAyOIcM+fODJurH
6Q8XdOLFJL3jz3oDh950aar9rwSgq7rP420Q9WV4UPCFJWDXAZ3klodBjTHXebrF
RjzSChf4L52Sv24JMk8tL/QqcfPC+SVq8GPT1Lf4MrEjiMYFFnaN2mVjCsjJe0o4
2LUQbLMzSQdlUGVf7UvqUmudkkf6NlteRXMi+nwm/mYKqJbmG6XBoEsiL536Zn0J
ceqk69EOLbM=
=sI7b
—–END PGP SIGNATURE—–

The post ESB-2021.1860 – [SUSE] djvulibre: Denial of service – Remote with user interaction appeared first on Malware Devil.

https://malwaredevil.com/2021/06/01/esb-2021-1860-suse-djvulibre-denial-of-service-remote-with-user-interaction/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1860-suse-djvulibre-denial-of-service-remote-with-user-interaction

ESB-2021.1861 – [SUSE] nginx: Multiple Vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1861
Security update for nginx
1 June 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: nginx
Publisher: SUSE
Operating System: SUSE
Impact/Access: Execute Arbitrary Code/Commands — Remote/Unauthenticated
Denial of Service — Remote/Unauthenticated
Access Confidential Data — Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2021-23017

Reference: ESB-2021.1851
ESB-2021.1840

Original Bulletin:
https://www.suse.com/support/update/announcement/2021/suse-su-20211814-1
https://www.suse.com/support/update/announcement/2021/suse-su-20211815-1

Comment: This bulletin contains two (2) SUSE security advisories.

– ————————–BEGIN INCLUDED TEXT——————–

SUSE Security Update: Security update for nginx
______________________________________________________________________________

Announcement ID: SUSE-SU-2021:1814-1
Rating: important
References: #1186126
Cross-References: CVE-2021-23017
Affected Products:
SUSE Linux Enterprise Module for Server Applications 15-SP2
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for nginx fixes the following issues:

o CVE-2021-23017: nginx DNS resolver off-by-one heap write (bsc#1186126)

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:

o SUSE Linux Enterprise Module for Server Applications 15-SP2:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-1814=1

Package List:

o SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64
ppc64le s390x x86_64):
nginx-1.16.1-3.3.1
nginx-debuginfo-1.16.1-3.3.1
nginx-debugsource-1.16.1-3.3.1
o SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch):
nginx-source-1.16.1-3.3.1

References:

o https://www.suse.com/security/cve/CVE-2021-23017.html
o https://bugzilla.suse.com/1186126

– ——————————————————————————–
– ——————————————————————————–

______________________________________________________________________________

Announcement ID: SUSE-SU-2021:1815-1
Rating: important
References: #1186126
Cross-References: CVE-2021-23017
Affected Products:
SUSE Linux Enterprise Module for Server Applications 15-SP3
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for nginx fixes the following issues:

o CVE-2021-23017: nginx DNS resolver off-by-one heap write (bsc#1186126)

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:

o SUSE Linux Enterprise Module for Server Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-1815=1

Package List:

o SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64
ppc64le s390x x86_64):
nginx-1.19.8-3.3.1
nginx-debuginfo-1.19.8-3.3.1
nginx-debugsource-1.19.8-3.3.1
o SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch):
nginx-source-1.19.8-3.3.1

References:

o https://www.suse.com/security/cve/CVE-2021-23017.html
o https://bugzilla.suse.com/1186126

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYLXIUONLKJtyKPYoAQg1bw//bBJf5B2mZrmvbeADEcwln4/XNExeUpKM
k90yW3S5i1r7Yrho4xvSggwj1zkpUkGjkwItSpryNkedwdpe3LkLUDCmBH7Y00gU
OUhUUz2nHNQlPlEd2uIXQIOqiulobhIpv0L19PM5ehItIxW5lQm6ZU0aHb2qjzQP
06shNU4dm1bqldHirMjlyaRlsgBvF6c0dHKvTOeCapSay8pf3a9tmD1KrEnwemnP
MOOWwz+tdk9pbBTSbCM50Wdxr3uabYz/B+EaIkF3sXhO//baWq9fs+CjZ3eiTPsK
vhJUUmCwOKt9eV28+N9H/sVAuLFqAeYnkCp+U5uMWsWXYezbp4N1FF24lmv6Ng03
vaOO/UKGwTt0/p0aVzsw0JRCIc6Wnng0hDGzhHiYF91QpNdctswPg/rAIS3/cOz8
edWXehtt5EUMLdbR3VR2MvR1F4/8zJUyXanteuWfq3BCHnzxf6iuIjyCq7Y2WfH+
GNRPycN7LgHtNIBKoemUFvK4Z86ln60oSEOUqOpANmPbEGweh8w7V9a4ZwPNIEea
pMIjHnlvzDscHn71xPykZje1WCPW2gZgjwsIv7mf+4MjP/4Mau35ouaMco2acZrK
3POJDBsM8UzZNYPFKCSox+4q1hOJMis4awgNoFi8riKRFZ9Jn9kvBJt4kfDj6LSA
v53T77U6R+M=
=60Eq
—–END PGP SIGNATURE—–

The post ESB-2021.1861 – [SUSE] nginx: Multiple Vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/06/01/esb-2021-1861-suse-nginx-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1861-suse-nginx-multiple-vulnerabilities

ESB-2021.1862 – [SUSE] slurm: Execute arbitrary code/commands – Existing account

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1862
Security update for slurm
1 June 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: slurm
Publisher: SUSE
Operating System: SUSE
Impact/Access: Execute Arbitrary Code/Commands — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-31215

Reference: ESB-2021.1842

Original Bulletin:
https://www.suse.com/support/update/announcement/2021/suse-su-20211810-1
https://www.suse.com/support/update/announcement/2021/suse-su-20211811-1

Comment: This bulletin contains two (2) SUSE security advisories.

– ————————–BEGIN INCLUDED TEXT——————–

SUSE Security Update: Security update for slurm
______________________________________________________________________________

Announcement ID: SUSE-SU-2021:1810-1
Rating: important
References: #1186024
Cross-References: CVE-2021-31215
Affected Products:
SUSE Linux Enterprise Module for HPC 15-SP2
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for slurm fixes the following issues:

o CVE-2021-31215: Fixed a environment mishandling that allowed remote code
execution as SlurmUser (bsc#1186024).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:

o SUSE Linux Enterprise Module for HPC 15-SP2:
zypper in -t patch SUSE-SLE-Module-HPC-15-SP2-2021-1810=1

Package List:

o SUSE Linux Enterprise Module for HPC 15-SP2 (aarch64 x86_64):
libnss_slurm2-20.02.7-3.6.1
libnss_slurm2-debuginfo-20.02.7-3.6.1
libpmi0-20.02.7-3.6.1
libpmi0-debuginfo-20.02.7-3.6.1
libslurm35-20.02.7-3.6.1
libslurm35-debuginfo-20.02.7-3.6.1
perl-slurm-20.02.7-3.6.1
perl-slurm-debuginfo-20.02.7-3.6.1
slurm-20.02.7-3.6.1
slurm-auth-none-20.02.7-3.6.1
slurm-auth-none-debuginfo-20.02.7-3.6.1
slurm-config-20.02.7-3.6.1
slurm-config-man-20.02.7-3.6.1
slurm-debuginfo-20.02.7-3.6.1
slurm-debugsource-20.02.7-3.6.1
slurm-devel-20.02.7-3.6.1
slurm-doc-20.02.7-3.6.1
slurm-lua-20.02.7-3.6.1
slurm-lua-debuginfo-20.02.7-3.6.1
slurm-munge-20.02.7-3.6.1
slurm-munge-debuginfo-20.02.7-3.6.1
slurm-node-20.02.7-3.6.1
slurm-node-debuginfo-20.02.7-3.6.1
slurm-pam_slurm-20.02.7-3.6.1
slurm-pam_slurm-debuginfo-20.02.7-3.6.1
slurm-plugins-20.02.7-3.6.1
slurm-plugins-debuginfo-20.02.7-3.6.1
slurm-slurmdbd-20.02.7-3.6.1
slurm-slurmdbd-debuginfo-20.02.7-3.6.1
slurm-sql-20.02.7-3.6.1
slurm-sql-debuginfo-20.02.7-3.6.1
slurm-sview-20.02.7-3.6.1
slurm-sview-debuginfo-20.02.7-3.6.1
slurm-torque-20.02.7-3.6.1
slurm-torque-debuginfo-20.02.7-3.6.1
slurm-webdoc-20.02.7-3.6.1

References:

o https://www.suse.com/security/cve/CVE-2021-31215.html
o https://bugzilla.suse.com/1186024

– ——————————————————————————–
– ——————————————————————————–

______________________________________________________________________________

Announcement ID: SUSE-SU-2021:1811-1
Rating: important
References: #1186024
Cross-References: CVE-2021-31215
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for slurm fixes the following issues:

o CVE-2021-31215: remote code execution as SlurmUser because of a
PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling
(bsc#1186024)

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:

o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1811=1
o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1811=1

Package List:

o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64
x86_64):
libpmi0-18.08.9-3.19.1
libpmi0-debuginfo-18.08.9-3.19.1
libslurm33-18.08.9-3.19.1
libslurm33-debuginfo-18.08.9-3.19.1
perl-slurm-18.08.9-3.19.1
perl-slurm-debuginfo-18.08.9-3.19.1
slurm-18.08.9-3.19.1
slurm-auth-none-18.08.9-3.19.1
slurm-auth-none-debuginfo-18.08.9-3.19.1
slurm-config-18.08.9-3.19.1
slurm-config-man-18.08.9-3.19.1
slurm-debuginfo-18.08.9-3.19.1
slurm-debugsource-18.08.9-3.19.1
slurm-devel-18.08.9-3.19.1
slurm-doc-18.08.9-3.19.1
slurm-lua-18.08.9-3.19.1
slurm-lua-debuginfo-18.08.9-3.19.1
slurm-munge-18.08.9-3.19.1
slurm-munge-debuginfo-18.08.9-3.19.1
slurm-node-18.08.9-3.19.1
slurm-node-debuginfo-18.08.9-3.19.1
slurm-pam_slurm-18.08.9-3.19.1
slurm-pam_slurm-debuginfo-18.08.9-3.19.1
slurm-plugins-18.08.9-3.19.1
slurm-plugins-debuginfo-18.08.9-3.19.1
slurm-slurmdbd-18.08.9-3.19.1
slurm-slurmdbd-debuginfo-18.08.9-3.19.1
slurm-sql-18.08.9-3.19.1
slurm-sql-debuginfo-18.08.9-3.19.1
slurm-sview-18.08.9-3.19.1
slurm-sview-debuginfo-18.08.9-3.19.1
slurm-torque-18.08.9-3.19.1
slurm-torque-debuginfo-18.08.9-3.19.1
o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64
x86_64):
libpmi0-18.08.9-3.19.1
libpmi0-debuginfo-18.08.9-3.19.1
libslurm33-18.08.9-3.19.1
libslurm33-debuginfo-18.08.9-3.19.1
perl-slurm-18.08.9-3.19.1
perl-slurm-debuginfo-18.08.9-3.19.1
slurm-18.08.9-3.19.1
slurm-auth-none-18.08.9-3.19.1
slurm-auth-none-debuginfo-18.08.9-3.19.1
slurm-config-18.08.9-3.19.1
slurm-config-man-18.08.9-3.19.1
slurm-debuginfo-18.08.9-3.19.1
slurm-debugsource-18.08.9-3.19.1
slurm-devel-18.08.9-3.19.1
slurm-doc-18.08.9-3.19.1
slurm-lua-18.08.9-3.19.1
slurm-lua-debuginfo-18.08.9-3.19.1
slurm-munge-18.08.9-3.19.1
slurm-munge-debuginfo-18.08.9-3.19.1
slurm-node-18.08.9-3.19.1
slurm-node-debuginfo-18.08.9-3.19.1
slurm-pam_slurm-18.08.9-3.19.1
slurm-pam_slurm-debuginfo-18.08.9-3.19.1
slurm-plugins-18.08.9-3.19.1
slurm-plugins-debuginfo-18.08.9-3.19.1
slurm-slurmdbd-18.08.9-3.19.1
slurm-slurmdbd-debuginfo-18.08.9-3.19.1
slurm-sql-18.08.9-3.19.1
slurm-sql-debuginfo-18.08.9-3.19.1
slurm-sview-18.08.9-3.19.1
slurm-sview-debuginfo-18.08.9-3.19.1
slurm-torque-18.08.9-3.19.1
slurm-torque-debuginfo-18.08.9-3.19.1

References:

o https://www.suse.com/security/cve/CVE-2021-31215.html
o https://bugzilla.suse.com/1186024

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYLXI4eNLKJtyKPYoAQi9QhAAsUnN5tbW4IJVO0dN46vPPeHoEUQmMnw8
ez2y4t1VEgmqhIFjP0N1ohOr8ohiBQwx/t19H2YvYeRKSKGEEmXhuc6IqqbFLHXO
mGtdkrcWNEimSY80P/KvIrhIWZwnwLRWHVusNKFg6/ayp91ig9IIzA6pp4IJpmZs
f0BL2aHYHu3TKxWqQiGy6Wnf+0i2f/I1l7w7dk5YvP8fyTq+cwCGY3ZHVzZpVvUK
5hq58aymc4Z1q1TJIqxo06ENEI413vq0XGwPjKhniZW52a0MwMb4yFSEryY1uzIX
+dZ0Ut+cswZ0yExjEBh1oT6xggW6PkJO9aS+k6OnTr65rkyCPC6iZLlr/CKGrcoK
Ml4LOosdfDIJ33tcUSSsO0PRf8DyYQPvkJllYprUz5H5TLuJOmEAFwB1l0X7oX6W
Inp5GKLFoWbEBk2yPxFqQaRB8Tee0bUlZuI3p/LiTqy+OTV45UIFnab74tlnGcll
vW/O/AiKZF25QEDGPBIRJCbhbfJOAbpxp+0ak2qsGeWmWhOgqZQwXpSVAov76GLo
5klnsMuG6htf5Mtt5KCMrMmSVQPi9mYHXIvTM5fIsgrQJNFBDvY1IhiLPs/dDSTd
4wOni9neAb59/ASO4J6Oy6ZqdZMwisj/BwtIXfBmnIpR81D/G6YK1EIhp8eyj6Oo
2NlbwMASUaw=
=ATYm
—–END PGP SIGNATURE—–

The post ESB-2021.1862 – [SUSE] slurm: Execute arbitrary code/commands – Existing account appeared first on Malware Devil.

https://malwaredevil.com/2021/06/01/esb-2021-1862-suse-slurm-execute-arbitrary-code-commands-existing-account/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1862-suse-slurm-execute-arbitrary-code-commands-existing-account

ESB-2021.1855 – [RedHat] docker: Increased privileges – Existing account

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1855
docker security update
1 June 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: docker
Publisher: Red Hat
Operating System: Red Hat
Impact/Access: Increased Privileges — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-30465

Reference: ESB-2021.1823
ESB-2021.1792
ESB-2021.1767

Original Bulletin:
https://access.redhat.com/errata/RHSA-2021:2144

– ————————–BEGIN INCLUDED TEXT——————–

– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: docker security update
Advisory ID: RHSA-2021:2144-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://access.redhat.com/errata/RHSA-2021:2144
Issue date: 2021-05-31
CVE Names: CVE-2021-30465
=====================================================================

1. Summary:

An update for docker is now available for Red Hat Enterprise Linux 7
Extras.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux 7 Extras – ppc64le, s390x, x86_64

3. Description:

Docker is an open-source engine that automates the deployment of any
application as a lightweight, portable, self-sufficient container that runs
virtually anywhere.

Security Fix(es):

* runc: vulnerable to symlink exchange attack (CVE-2021-30465)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1954736 – CVE-2021-30465 runc: vulnerable to symlink exchange attack

6. Package List:

Red Hat Enterprise Linux 7 Extras:

Source:
docker-1.13.1-206.git7d71120.el7_9.src.rpm

ppc64le:
docker-1.13.1-206.git7d71120.el7_9.ppc64le.rpm
docker-client-1.13.1-206.git7d71120.el7_9.ppc64le.rpm
docker-common-1.13.1-206.git7d71120.el7_9.ppc64le.rpm
docker-debuginfo-1.13.1-206.git7d71120.el7_9.ppc64le.rpm
docker-logrotate-1.13.1-206.git7d71120.el7_9.ppc64le.rpm
docker-lvm-plugin-1.13.1-206.git7d71120.el7_9.ppc64le.rpm
docker-novolume-plugin-1.13.1-206.git7d71120.el7_9.ppc64le.rpm
docker-rhel-push-plugin-1.13.1-206.git7d71120.el7_9.ppc64le.rpm
docker-v1.10-migrator-1.13.1-206.git7d71120.el7_9.ppc64le.rpm

s390x:
docker-1.13.1-206.git7d71120.el7_9.s390x.rpm
docker-client-1.13.1-206.git7d71120.el7_9.s390x.rpm
docker-common-1.13.1-206.git7d71120.el7_9.s390x.rpm
docker-debuginfo-1.13.1-206.git7d71120.el7_9.s390x.rpm
docker-logrotate-1.13.1-206.git7d71120.el7_9.s390x.rpm
docker-lvm-plugin-1.13.1-206.git7d71120.el7_9.s390x.rpm
docker-novolume-plugin-1.13.1-206.git7d71120.el7_9.s390x.rpm
docker-rhel-push-plugin-1.13.1-206.git7d71120.el7_9.s390x.rpm
docker-v1.10-migrator-1.13.1-206.git7d71120.el7_9.s390x.rpm

x86_64:
docker-1.13.1-206.git7d71120.el7_9.x86_64.rpm
docker-client-1.13.1-206.git7d71120.el7_9.x86_64.rpm
docker-common-1.13.1-206.git7d71120.el7_9.x86_64.rpm
docker-debuginfo-1.13.1-206.git7d71120.el7_9.x86_64.rpm
docker-logrotate-1.13.1-206.git7d71120.el7_9.x86_64.rpm
docker-lvm-plugin-1.13.1-206.git7d71120.el7_9.x86_64.rpm
docker-novolume-plugin-1.13.1-206.git7d71120.el7_9.x86_64.rpm
docker-rhel-push-plugin-1.13.1-206.git7d71120.el7_9.x86_64.rpm
docker-v1.10-migrator-1.13.1-206.git7d71120.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-30465
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/RHSB-2021-004

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

iQIVAwUBYLSVOtzjgjWX9erEAQibrw/+Lbpvy+auIcDDpIGoj3+rHnczaFB+qlwb
9/CAT1ULChoAmoeUVQqTBLIOm6pfbC8YMGKRLg5CVfzJDN96e8jO9mpa9GHRL9L2
knLDAGniZhQX1dYBg6xqlSRNDNLnq5j9gDwuQD4q4MvU4n6wR0Y4eeDefDDeRnYM
ECa+qgKSDrb6JCDXQTUYvbb4Bd4UBjDtfyazs4d08OP7Mk/+UYtE2MJQ0k+mE8CL
f2vZrQC4sI2kY1vuKDHXlk1EbXzPxRiGhT4GPhQpuRerBYhmbJ9dQHztTAWEBXks
cvYl+2ORiCgLxXHcGw3BUf0Hz6Ds4aDqaIuBrcrBYbJS2b7ZeqJ+3cUuXBgc/tKK
R3moxza1QnxMenvlwOH9dkEAFOcYyMcCOK00ut1++uaaJm4kpZCihbzgl5aaXz8R
ufb8vjTkUjRgND3JHn3/ybcjnaTUk4/PPE4pWo1WnuHlt7L2ktkbog25jqN3r0Au
NgCEUmt9YVhPwUq8X+JUFF+5YTBUDDBA5rYUwcIJxVpT5aoOqGtWddhl+tCuUaNP
87S5pGo4tOE2ilh2W01DwlGW+21Z0bA9jf2nV3btspAWZ87KyzEH992rvrjC2kqg
KsEJCXcb4G83mEy3SAxxYMtJkWdBUMlY3Uk9dN0eELZQoqkzbBUVU1ACvi3SFCDO
NX4VgOkMqC8=
=dzaU
– —–END PGP SIGNATURE—–

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYLW6u+NLKJtyKPYoAQgT5w/7B1M1QwNN0JbkUT2xm4nuJ9pvWF3/uRuZ
JQSEaJRWUk4P1aViZ+jbC8jygpsbTLCaKp+KkGlul7aMcwxcHN6IHt1kQQbGyjh7
uFD3+YtvBVsAUunS0n2Cwf4NPkDUM6SCOHFjFTtcBymQgzdng8pxUn1cru6Bo9Bo
R8kB7CZcGqmuqkAoGejoKGQOtKnybL630nHh2jUeKCGaDoe/mFBMvGSWEL9qLbHB
tOAAIA81kicrY/nj7qpHaKwKdb3kwWS2PTGxj6i0tc1uhhYyiM2a1N3vRXYP5lQF
R1ms6CTK2UfOSJYKC0K5n/GL3jKhYjbqUevMcmVDTZ2RVJZzqFDRXMekiJ6ri9Ml
RKCNAMpuXI+Qea3N8nRDjsGoMWeDvuaT2vWICQDZtSZ3SWfZQz2N3Ry1f3/bqT/4
lo3KzsOQnGZY0ewbFFUNcyVuTSa0a3unE1WGSJ27g+uLU78folgvx1avW2QZTkBi
z+DnBiz7/cYjyGXWh0Ij5WpzozDxH30uCvpUjjNTGioQjFv9/psyLkMy8Q6TslvA
KxVPSYuGUwF60T8gjXGO2SZXmS9Kphmnw7OFV0Npl21bux0lw3HTiNohg3cNU6Jk
HTWwrb9CLLm1hmvj1s2++LZlo0pk0tslRj7xG/zBMB7hVNGRMFvQPBIHD2DExknq
eXy3kWvzZG4=
=wDv+
—–END PGP SIGNATURE—–

The post ESB-2021.1855 – [RedHat] docker: Increased privileges – Existing account appeared first on Malware Devil.

https://malwaredevil.com/2021/06/01/esb-2021-1855-redhat-docker-increased-privileges-existing-account/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1855-redhat-docker-increased-privileges-existing-account

ESB-2021.1856 – [RedHat] glib2: Execute arbitrary code/commands – Remote/unauthenticated

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1856
glib2 security update
1 June 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: glib2
Publisher: Red Hat
Operating System: Red Hat
Impact/Access: Execute Arbitrary Code/Commands — Remote/Unauthenticated
Denial of Service — Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2021-27219

Reference: ESB-2021.0994

Original Bulletin:
https://access.redhat.com/errata/RHSA-2021:2147

– ————————–BEGIN INCLUDED TEXT——————–

– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: glib2 security update
Advisory ID: RHSA-2021:2147-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:2147
Issue date: 2021-05-31
CVE Names: CVE-2021-27219
=====================================================================

1. Summary:

An update for glib2 is now available for Red Hat Enterprise Linux 7.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) – x86_64
Red Hat Enterprise Linux Client Optional (v. 7) – noarch, x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) – x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) – noarch, x86_64
Red Hat Enterprise Linux Server (v. 7) – ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) – noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) – x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) – noarch, x86_64

3. Description:

GLib provides the core application building blocks for libraries and
applications written in C. It provides the core object system used in
GNOME, the main loop implementation, and a large set of utility functions
for strings and common data structures.

Security Fix(es):

* glib: integer overflow in g_bytes_new function on 64-bit platforms due to
an implicit cast from 64 bits to 32 bits (CVE-2021-27219)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1929858 – CVE-2021-27219 glib: integer overflow in g_bytes_new function on 64-bit platforms due to an implicit cast from 64 bits to 32 bits

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
glib2-2.56.1-9.el7_9.src.rpm

x86_64:
glib2-2.56.1-9.el7_9.i686.rpm
glib2-2.56.1-9.el7_9.x86_64.rpm
glib2-debuginfo-2.56.1-9.el7_9.i686.rpm
glib2-debuginfo-2.56.1-9.el7_9.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

noarch:
glib2-doc-2.56.1-9.el7_9.noarch.rpm

x86_64:
glib2-debuginfo-2.56.1-9.el7_9.i686.rpm
glib2-debuginfo-2.56.1-9.el7_9.x86_64.rpm
glib2-devel-2.56.1-9.el7_9.i686.rpm
glib2-devel-2.56.1-9.el7_9.x86_64.rpm
glib2-fam-2.56.1-9.el7_9.x86_64.rpm
glib2-static-2.56.1-9.el7_9.i686.rpm
glib2-static-2.56.1-9.el7_9.x86_64.rpm
glib2-tests-2.56.1-9.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
glib2-2.56.1-9.el7_9.src.rpm

x86_64:
glib2-2.56.1-9.el7_9.i686.rpm
glib2-2.56.1-9.el7_9.x86_64.rpm
glib2-debuginfo-2.56.1-9.el7_9.i686.rpm
glib2-debuginfo-2.56.1-9.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

noarch:
glib2-doc-2.56.1-9.el7_9.noarch.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
glib2-2.56.1-9.el7_9.src.rpm

ppc64:
glib2-2.56.1-9.el7_9.ppc.rpm
glib2-2.56.1-9.el7_9.ppc64.rpm
glib2-debuginfo-2.56.1-9.el7_9.ppc.rpm
glib2-debuginfo-2.56.1-9.el7_9.ppc64.rpm
glib2-devel-2.56.1-9.el7_9.ppc.rpm
glib2-devel-2.56.1-9.el7_9.ppc64.rpm

ppc64le:
glib2-2.56.1-9.el7_9.ppc64le.rpm
glib2-debuginfo-2.56.1-9.el7_9.ppc64le.rpm
glib2-devel-2.56.1-9.el7_9.ppc64le.rpm

s390x:
glib2-2.56.1-9.el7_9.s390.rpm
glib2-2.56.1-9.el7_9.s390x.rpm
glib2-debuginfo-2.56.1-9.el7_9.s390.rpm
glib2-debuginfo-2.56.1-9.el7_9.s390x.rpm
glib2-devel-2.56.1-9.el7_9.s390.rpm
glib2-devel-2.56.1-9.el7_9.s390x.rpm

x86_64:
glib2-2.56.1-9.el7_9.i686.rpm
glib2-2.56.1-9.el7_9.x86_64.rpm
glib2-debuginfo-2.56.1-9.el7_9.i686.rpm
glib2-debuginfo-2.56.1-9.el7_9.x86_64.rpm
glib2-devel-2.56.1-9.el7_9.i686.rpm
glib2-devel-2.56.1-9.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

noarch:
glib2-doc-2.56.1-9.el7_9.noarch.rpm

ppc64:
glib2-debuginfo-2.56.1-9.el7_9.ppc.rpm
glib2-debuginfo-2.56.1-9.el7_9.ppc64.rpm
glib2-fam-2.56.1-9.el7_9.ppc64.rpm
glib2-static-2.56.1-9.el7_9.ppc.rpm
glib2-static-2.56.1-9.el7_9.ppc64.rpm
glib2-tests-2.56.1-9.el7_9.ppc64.rpm

ppc64le:
glib2-debuginfo-2.56.1-9.el7_9.ppc64le.rpm
glib2-fam-2.56.1-9.el7_9.ppc64le.rpm
glib2-static-2.56.1-9.el7_9.ppc64le.rpm
glib2-tests-2.56.1-9.el7_9.ppc64le.rpm

s390x:
glib2-debuginfo-2.56.1-9.el7_9.s390.rpm
glib2-debuginfo-2.56.1-9.el7_9.s390x.rpm
glib2-fam-2.56.1-9.el7_9.s390x.rpm
glib2-static-2.56.1-9.el7_9.s390.rpm
glib2-static-2.56.1-9.el7_9.s390x.rpm
glib2-tests-2.56.1-9.el7_9.s390x.rpm

x86_64:
glib2-debuginfo-2.56.1-9.el7_9.i686.rpm
glib2-debuginfo-2.56.1-9.el7_9.x86_64.rpm
glib2-fam-2.56.1-9.el7_9.x86_64.rpm
glib2-static-2.56.1-9.el7_9.i686.rpm
glib2-static-2.56.1-9.el7_9.x86_64.rpm
glib2-tests-2.56.1-9.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
glib2-2.56.1-9.el7_9.src.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

noarch:
glib2-doc-2.56.1-9.el7_9.noarch.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-27219
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

iQIVAwUBYLS3ctzjgjWX9erEAQi/oBAAk7Y1nA3n84Zz7y/KwwhHGlbTLc0NXn4c
nRQUpxJuScuvefAmM+Z73qxqxdM+hBQfDoodATPeTgYT7mYFnN3n+dTrv7Sg1kks
aU9Q6d7HdRnk4mhOK3blYI8Ln5LYkcRcqmpyZ8sN14Cqffc+o5VEIwT6hht9/iZL
UJQDhdbWT/EDXcZ7iV+1ahicKczm/XEZVkC8zAa9rcQlJ3JJ36gmMuCvmYbS4TOb
8UKNb2hpjkk9laGC5BWG8dnpzrdQnUXmd39n7rltLiIxoQeq3UWo44UCV7XZFcVT
eoEt5o3no3+mlIcYto6u5lgfq83D/bI6OuRVRm3BaAp5lBNqPU6dzv2sxtWbKizR
vIlmBmoWvYXbNxwkGZeQ5ZU3TTumCUOqIvT5KFIdurWPeknb9zD4Xt8JIuWNXwbV
1mv5jnAz8+v8LX2hQpUh2QPEpTi6GKDWhTE2w+Ulh4s0SCTICc8pjdyNx+PljDDx
HyWwPu7veac0fewc+VHZzsTqrKFnH46+A6LIv2bySioa0oomxxWZrSg5BBx+tQXn
ND/TjXaFnmrHVyDP7zD0PPBR13PlN8o++LK6oIADSrruc/1FPC7veEqFjMyHwemG
nJyp479dwq4M7kpBgd9VfFTVjluCxYsA7FDwP+6q3k+ZJR6S0Dm5pXail/S1gPpw
qTmrr3x9NbI=
=Nn9w
– —–END PGP SIGNATURE—–

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYLW7FeNLKJtyKPYoAQhX1g//aVA3929NNc5Wze6t6C7CdjJrvS2nLSOK
F411t+1vVTGjgRCyIiOUyEXaLGsCfjLr6NyfeCMe3CLgIAfUo81z+oaAcpknH4fe
16Sq9PKFG51HQHZwewNhduuqFZkEQhsoYYosa32qoJTGlUjSpKuCziN67Nsrlvsx
VOxjnQzNWP9ytegfEdU+6L6P0uDNczUzNjchqVl5C+TEfzmN5Ld7zEJiHKv7ErwR
sIQcGRIN8wmi/968UOJW9QVJ/r0BqAud3ArHvpjeQFfRWTEEPxCSe2f1UtAY7isr
HMozljILcaBvZ5bkp6avp/zIM1W1R8w7BHx6OQjCqlzLTNxnnKmPbxwX4OM2g1aV
T+AGJk05na7gNk1/gm/XUYK0hDVc98218hkuigrxVhJ04tFKAMpbZOOv9ys6GM0W
pYREjWqIkCNLc5LSs0vZUkxryrq/77+Cn8OBt+j12X/Oaw4DOo9eJjfZiL21/Uye
VuINcWYSnnmw2HJUg2tPmQ+q8NUCBPmYYD8hwGYuaSHKejJ9CO6QDNgYf+PdJ5vz
v03oASEwGoa6cU2Ev9R2XrX8UvPhShTBIDCzzdvoKXwoUQ1B4PzLnR+xDOiji1QR
3rrdQ246exttagTYW/bH8TBVL6dAHnuEz0JT/N4E0+/NYGekP/Bi3/GxArgx9QQH
6d39CRT/G3o=
=M0ub
—–END PGP SIGNATURE—–

The post ESB-2021.1856 – [RedHat] glib2: Execute arbitrary code/commands – Remote/unauthenticated appeared first on Malware Devil.

https://malwaredevil.com/2021/06/01/esb-2021-1856-redhat-glib2-execute-arbitrary-code-commands-remote-unauthenticated/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1856-redhat-glib2-execute-arbitrary-code-commands-remote-unauthenticated

ESB-2021.1854 – [Debian] openjdk-11-jre-dcevm: Multiple Vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1854
openjdk-11-jre-dcevm update
1 June 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: openjdk-11-jre-dcevm
Publisher: Debian
Operating System: Debian GNU/Linux
Impact/Access: Modify Arbitrary Files — Remote with User Interaction
Create Arbitrary Files — Remote with User Interaction
Delete Arbitrary Files — Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2021-2163

Reference: ASB-2021.0076
ESB-2021.1792
ESB-2021.1595

Original Bulletin:
http://www.debian.org/security/2021/dsa-4899

– ————————–BEGIN INCLUDED TEXT——————–

– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

– – ————————————————————————-
Debian Security Advisory DSA-4899-2 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
May 31, 2021 https://www.debian.org/security/faq
– – ————————————————————————-

Package : openjdk-11-jre-dcevm
Debian Bug : 942876

The Dynamic Code Evolution Virtual Machine (DCE VM), an alternative VM
for OpenJDK 11 with enhanced class redefinition, has been updated for
compatibility with OpenJDK 11.0.11.

For the stable distribution (buster), this problem has been fixed in
version openjdk-11-jre-dcevm_11.0.11+9-2~deb10u1.

We recommend that you upgrade your openjdk-11-jre-dcevm packages.

For the detailed security status of openjdk-11-jre-dcevm please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openjdk-11-jre-dcevm

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
– —–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmC0koUACgkQEMKTtsN8
TjaqzQ/9EgvDFKDJHLpO0dVrnMW11dC0VgIqT6T6rW8vDRR3hXrBcB6O+EVUMaSV
xJ8He+uuDpCSMLioc17ipF182B5dkGEps7uQN73sUXwbYaHs9uu9uuGdvtIXZJch
jDrSmpzX677jeTnNAG7zd1T2Zw4ExxWesW+cba3l46IJmTofiTAzGpEwKed15F0Y
WR8GKrPPfwWXgakS/q7ExjolssxQLRXMGx9K/Q2GGjq5vc1jEwPO1NszdKBxjx/p
k2FYZOGzl+IcWBJ3VJdnw6z180zi8+8RLW12AIagry10mJwl1husy6kuDqVbfZJP
U2kzDRAwqdXJmqaL7TKXBXF5hYnZEWdanjfLc9nr6gkA9FBBFeTdLi63R9kiXjJD
aKNoceEv/Xfb5YzvBVwcKBOG4c1v7uiTw6Q4ZKnydGyH+mOOKSkoA9Y4FSZVnFck
sH0W2oSJTmEtzM7DMkchVB44RprjBO9klmx1heCiaPIH6ydjJhEZVw1LT2FxmkE8
6PX7Fat2etcoWG0+fe9UCSNVLRZN/Shy65CLxjvY3FpYtDYrxoUStbsomkhl4PeS
VdeZ775FHseRMoas1KBKCx/+AtClqQM22vVfxwLu2W/l2LOYa37aVaDmSYrkIxDA
iqmEJQ4Jp3WAFI5/Xy/6K06UYk9fB97z5xOgoPTV/P0vKcEOiBM=
=dh1p
– —–END PGP SIGNATURE—–

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYLWgzONLKJtyKPYoAQhj5w/+OULSVzFLaBsYaamPljo6AsrtRFRs6AVM
bp2QASQpMTjIx6lgNvdihVBuEjhFKaN1oXb2HvzuYEmklpcjHorhQGKloiWeVULp
/LsRuT9IA+SoGG0tkxb9KU49EPKMpQUCF92N6u3pl1nB5xaCf64V9TrzLE16ym+z
T+E8QWYfX9oYz6JRUtF6CD+zEVttLZu3BZUIC/HnWfJR5fcAXLGLNyelp3f0vVVg
oMsEff1fLFo+KaGQkGQje+mPk8tqYLcKRQPglOlLoARRZ8zYJEBbSgNONPSOKSBa
aM90jxxYw3KMzAkB6+L9dKENS0eNxuwMeRQRdilMxGkTsbQNpkgnIXqbFn9l7DFl
FobI8bRrwt0jxgiMQmmIelHWHg467Y46XILDD3aBkzfHcZG6KZpPDEryJwIEe2gj
0GwaaxV4K1OIlLSCjrKwsolrnta+74EAIcYlnmK3+LdaMXB0KThlG2A79uAaD0aa
6JiMijp0Q9VF/qQjxW8JXNSpJ8vO3JJHRjvz0iwi0oystSwwHfF78zp9wmbBgfDc
j9oxi4ShTEIr08tdFeVUq9TqVjbnRuQufEP4b+rWgso3dkU1+KwS27AnDtDtO4Me
PlRIZsXT/SzMVFgNdjlI6o2MVSWgv3vOfrTSeXtKZRNgSNy8d+8Jhlh4puZK7Kk1
3miYortrCUc=
=zULg
—–END PGP SIGNATURE—–

The post ESB-2021.1854 – [Debian] openjdk-11-jre-dcevm: Multiple Vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/06/01/esb-2021-1854-debian-openjdk-11-jre-dcevm-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1854-debian-openjdk-11-jre-dcevm-multiple-vulnerabilities

Network Security News Summary for Tuesday June 1st, 2021

Malicious PS Hosted by Google; SonicWall Advisory; HPE Advisory; Siemens PLC memory protection bypass

Malicious PowerShell Hosted on script.google.com
https://isc.sans.edu/forums/diary/Malicious+PowerShell+Hosted+on+scriptgooglecom/27468/

Sonicwall Advisory
https://www.sonicwall.com/support/product-notification/security-advisory-on-prem-sonicwall-network-security-manager-nsm-command-injection-vulnerability/210525121534120/

Hewlett Packard Enterprise Systems Insight Manger (SIM) Advisory
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04068en_us

Memory Protection Bypass in Siemens PLCs
https://claroty.com/2021/05/28/blog-research-race-to-native-code-execution-in-plcs/

keywords: plc; siemens; hp; advisory; vulenrability; sonicwall; powershell

The post Network Security News Summary for Tuesday June 1st, 2021 appeared first on Malware Devil.

https://malwaredevil.com/2021/06/01/network-security-news-summary-for-tuesday-june-1st-2021/?utm_source=rss&utm_medium=rss&utm_campaign=network-security-news-summary-for-tuesday-june-1st-2021

Monday, May 31, 2021

QueryNet: An Efficient Attack Framework with Surrogates Carrying Multiple Identities

The post QueryNet: An Efficient Attack Framework with Surrogates Carrying Multiple Identities appeared first on Malware Devil.

https://malwaredevil.com/2021/05/31/querynet-an-efficient-attack-framework-with-surrogates-carrying-multiple-identities/?utm_source=rss&utm_medium=rss&utm_campaign=querynet-an-efficient-attack-framework-with-surrogates-carrying-multiple-identities

Securing IoT Devices by Exploiting Backscatter Propagation Signatures

The post Securing IoT Devices by Exploiting Backscatter Propagation Signatures appeared first on Malware Devil.

https://malwaredevil.com/2021/05/31/securing-iot-devices-by-exploiting-backscatter-propagation-signatures/?utm_source=rss&utm_medium=rss&utm_campaign=securing-iot-devices-by-exploiting-backscatter-propagation-signatures

Gradient-based Data Subversion Attack Against Binary Classifiers

The post Gradient-based Data Subversion Attack Against Binary Classifiers appeared first on Malware Devil.

https://malwaredevil.com/2021/05/31/gradient-based-data-subversion-attack-against-binary-classifiers/?utm_source=rss&utm_medium=rss&utm_campaign=gradient-based-data-subversion-attack-against-binary-classifiers

SHELBRS: Location Based Recommendation Services using Switchable Homomorphic Encryption

The post SHELBRS: Location Based Recommendation Services using Switchable Homomorphic Encryption appeared first on Malware Devil.

https://malwaredevil.com/2021/05/31/shelbrs-location-based-recommendation-services-using-switchable-homomorphic-encryption/?utm_source=rss&utm_medium=rss&utm_campaign=shelbrs-location-based-recommendation-services-using-switchable-homomorphic-encryption

A Measurement Study on the (In)security of End-of-Life (EoL) Embedded Devices

The post A Measurement Study on the (In)security of End-of-Life (EoL) Embedded Devices appeared first on Malware Devil.

https://malwaredevil.com/2021/05/31/a-measurement-study-on-the-insecurity-of-end-of-life-eol-embedded-devices/?utm_source=rss&utm_medium=rss&utm_campaign=a-measurement-study-on-the-insecurity-of-end-of-life-eol-embedded-devices

Quick and dirty Python: nmap, (Mon, May 31st)

Continuing on from the “Quick and dirty Python: masscan” diary, which implemented a simple port scanner in Python using masscan to detect web instances on TCP ports 80 or 443. Masscan is perfectly good as a blunt instrument to quickly find open TCP ports across large address spaces, but for fine details it is better to use a scanner like nmap that, while much slower, is able to probe the port to get a better idea of what is running.

First lets backtrack. Since the previous diary, I converted the masscan code to a function and created another function to parse the masscan results to return the list of IPs on which masscan detected open ports. The current script scan_web.py script is:

#!/usr/local/bin/python3
import sys,getopt,argparse
import masscan
import pprint

def scan_masscan(ips):

try:
maso = masscan.PortScanner()
maso.scan(ips, ports=’80,443′)
except:
print(“Error:”, sys.exc_info()[0])
sys.exit(1)

return(maso)

def parse_masscan_host_list(massout):

#initialize
host_list = list()

# Build a list from the massscan output
for host in massout.all_hosts:
host_list.append(host)
return(host_list)

def main():
# read in the IP parameter
parser = argparse.ArgumentParser()
parser.add_argument(‘IP’, help=”IP address or range”)
args=parser.parse_args()
ip=args.IP

maso=scan_masscan(ip)

if int(maso.scanstats[‘uphosts’]) > 0:
host_list=parse_masscan_host_list(maso)
pprint.pprint(host_list)

else:
print(“No Masscan results”)
sys.exit(1)

if __name__ == “__main__”:
main()

Running the script results in a list of IPs where either 80 or 443 were detected open by masscan.

# ./scan_web.py 45.60.103.0,45.60.31.34,1.2.3.4
[2021-05-31 18:28:51,335] [DEBUG] [masscan.py 10 line] Scan parameters: “masscan -oX – 45.60.103.0,45.60.31.34,1.2.3.4 -p 80,443”
[‘45.60.103.0’, ‘45.60.31.34’]

Extending this script to pass the masscan output list to nmap is relatively easy as well. As somebody pointed out on a comment to the last diary, there are a lot of Python nmap modules and they all provide differing functionality. After messing with a few of them, as the comment stated, the libnmap module appears to be the most functional and easiest to use. libnmap does not implement nmap functionality, it needs nmap already installed on the device and interfaces with that version. I will not be going over nmap functionality in this diary. If you are not clear on the nmap command parameters you can find a quick tutorial in this older diary.

To implement the nmap scan will require two functions. One to run the scan, and one to parse the results.

The scanning function:

def scan_nmap(ip_list):
print(“Starting nmap for: {0}”.format(ip_list))
nm = NmapProcess(ip_list, options=”-Pn -n -A -sT -p80,443 -r –max-retries 2 –host-timeout 2h –open –reason”)
nrc = nm.run()
if nrc != 0:
print(“nmap scan failed: {0}”.format(nm.stderr))
exit(0)
try:
nparse = NmapParser.parse(nm.stdout)
except NmapParserExcetion as e:
print(“Exception raised while parsing scan: {0}”.format(e.msg))

return(nparse)

and the function to parse and output the scan result. This example is almost verbatim from the libnmap documentation.

def print_nmap(nmap_report):
print(“Starting Nmap {0} ( http://nmap.org ) at {1}”.format(
nmap_report.version,
nmap_report.started))

for host in nmap_report.hosts:
if len(host.hostnames):
tmp_host = host.hostnames.pop()
else:
tmp_host = host.address

print(“Nmap scan report for {0} ({1})”.format(
tmp_host,
host.address))
print(“Host is {0}.”.format(host.status))
print(” PORT STATE SERVICE”)

for serv in host.services:
pserv = “{0:>5s}/{1:3s} {2:12s} {3}”.format(
str(serv.port),
serv.protocol,
serv.state,
serv.service)
if len(serv.banner):
pserv += ” ({0})”.format(serv.banner)
print(pserv)
print(nmap_report.summary)

The output from the finished script is:

# ./scan_web.py 45.60.103.0,45.60.31.34,1.2.3.4
[2021-05-31 19:00:56,329] [DEBUG] [masscan.py 10 line] Scan parameters: “masscan -oX – 45.60.103.0,45.60.31.34,1.2.3.4 -p 80,443”
Starting nmap for: [‘45.60.103.0’, ‘45.60.31.34’]
Starting Nmap 7.91 ( http://nmap.org ) at 1622487670
Nmap scan report for 45.60.103.0 (45.60.103.0)
Host is up.
PORT STATE SERVICE
80/tcp open http
443/tcp open https
Nmap scan report for 45.60.31.34 (45.60.31.34)
Host is up.
PORT STATE SERVICE
80/tcp open http
443/tcp open https
Nmap done at Mon May 31 19:01:49 2021; 2 IP addresses (2 hosts up) scanned in 40.03 seconds

In about 80 lines of python code. I have implemented a simple script that can quickly scan a large address space using the very quick masscan and then send the output to nmap to do detailed scanning of a single port. This script is the basic framework I use for dozens of scripts to scan an entire ASN looking for devices that may be at risk for the current vulnerability of the week.

The final version of the scan_web.py script is:

#!/usr/local/bin/python3
import sys,getopt,argparse
import masscan
from libnmap.process import NmapProcess
from libnmap.parser import NmapParser, NmapParserException
import pprint

def scan_masscan(ips):

try:
maso = masscan.PortScanner()
maso.scan(ips, ports=’80,443′)
except:
print(“Error:”, sys.exc_info()[0])
sys.exit(1)

return(maso)

def parse_masscan_host_list(massout):

#initialize
host_list = list()

# Build a list from the massscan output
for host in massout.all_hosts:
host_list.append(host)
return(host_list)

def print_nmap(nmap_report):
print(“Starting Nmap {0} ( http://nmap.org ) at {1}”.format(
nmap_report.version,
nmap_report.started))

for host in nmap_report.hosts:
if len(host.hostnames):
tmp_host = host.hostnames.pop()
else:
tmp_host = host.address

print(“Nmap scan report for {0} ({1})”.format(
tmp_host,
host.address))
print(“Host is {0}.”.format(host.status))
print(” PORT STATE SERVICE”)

def main():
# read in the IP parameter
parser = argparse.ArgumentParser()
parser.add_argument(‘IP’, help=”IP address or range”)
args=parser.parse_args()
ip=args.IP

maso=scan_masscan(ip)

if int(maso.scanstats[‘uphosts’]) > 0:
host_list=parse_masscan_host_list(maso)
nreport = scan_nmap(host_list)
print_nmap(nreport)
else:
print(“No Masscan results”)
sys.exit(1)

if __name__ == “__main__”:
main()

Caveat1: Never scan an IP range you don’t have permission to scan. While port scanning is not illegal in most jurisdictions it is questionable ethically to scan things you don’t own or have permission to scan.

Caveat2: I am not a professional Python programmer. My scripting gets the job done that I need it to do. I know there are many smart people out there who can write way better code than I can.

— Rick Wanner MSISE – rwanner at isc dot sans dot edu – Twitter:namedeplume (Protected)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Read More

The post Quick and dirty Python: nmap, (Mon, May 31st) appeared first on Malware Devil.

https://malwaredevil.com/2021/05/31/quick-and-dirty-python-nmap-mon-may-31st/?utm_source=rss&utm_medium=rss&utm_campaign=quick-and-dirty-python-nmap-mon-may-31st

Your Amazon Devices to Automatically Share Your Wi-Fi With Neighbors

Starting June 8, Amazon will automatically enable a feature on its family of hardware devices, including Echo speakers, Ring Video Doorbells, Ring Floodlight Cams, and Ring Spotlight Cams, that will share a small part of your Internet bandwidth with nearby neighbors — unless you choose to opt-out.

To that effect, the company intends to register all compatible devices that are operational in the U.S. into an ambitious location-tracking system called Sidewalk as it prepares to roll out the shared mesh network in the country.

Originally announced in September 2019, Sidewalk is part of Amazon’s efforts to build a long-range wireless network that leverages a combination of Bluetooth and 900 MHz spectrum (FSK) to help Echo, Ring, Tile trackers, and other Sidewalk-enabled devices communicate over the internet without Wi-Fi.

Sidewalk is designed to extend the working range of low-bandwidth devices, and help devices stay connected even if they are outside the range of a user’s home Wi-Fi network. It achieves this by pooling together a small sliver of internet bandwidth from the participating devices to create what’s a shared network.

The mechanism that undergirds Sidewalk is conceptually analogous to how Apple leverages its huge installed base of Apple devices to help locate lost devices using its Find My network. But Sidewalk also extends beyond location tracking for virtually any kind of short-range two-way communication. Besides utilizing Bluetooth Low Energy (BLE), Sidewalk also makes use of long-range wireless technology known as LoRa to help devices stay connected and continue to work over longer distances.

By flipping the switch on Sidewalk in the U.S. for all capable devices by default, the idea is to co-opt millions of smart home devices into the network and provide near-ubiquitous connectivity out of the range of a standard Wi-Fi network.

Sidewalk’s Privacy and Security Protections

Elaborating on the protections baked into Sidewalk, the retail and entertainment behemoth said that packets traversing through the network are secured by three layers of encryption, and that it has safeguards in place to prevent unauthorized devices from joining by using Sidewalk credentials created during device registration process to authenticate their identities.

“Sidewalk protects customer privacy by limiting the amount and type of metadata that Amazon needs to receive from Sidewalk endpoints to manage the network,” the company said in a white paper, while stressing that Sidewalk has been implemented with security protocols to prevent disclosure of private information and any commands that may be transmitted over the network.

Each transmission between an endpoint (say, leak sensors, door locks, or smart lights) and its respective application server is also identified by a unique transmission-ID (TX-ID) that changes every 15 minutes to prevent tracking devices and associating a device to a specific user.

That said, Sidewalk does need to know a third-party Sidewalk-enabled device’s serial number to route the message to its respective application server. “The routing information that Amazon does receive for operating the network components of Sidewalk is automatically cleared every 24 hours,” it added. Amazon also noted in the whitepaper that endpoints reported as lost or stolen will blocklisted.

While the security guarantees of the undertaking are without a doubt a step in the right direction, it’s been established repeatedly that wireless technologies like Bluetooth and Wi-Fi are prone to critical flaws that leave devices vulnerable to a variety of attacks, and a proprietary communication protocol like Sidewalk could be no exception. This is setting aside the possibility that the technology could be abused as surveillance tools to discreetly track a partner and encourage stalking.

How to Opt-Out and Turn Off Amazon Sidewalk?

A matter of more concern is that Sidewalk is opt-out rather than opt-in, meaning users will be automatically enrolled into Sidewalk unless they choose to explicitly turn it off.

In an FAQ on the Sidewalk page, Amazon says that should users opt to disable the feature, it’s tantamount to “missing out on Sidewalk’s connectivity and location related benefits,” adding “You also will no longer contribute your internet bandwidth to support community extended coverage benefits such as locating pets and valuables with Sidewalk-enabled devices.”

Owners of Echo and Ring devices can elect to opt-out of the device-to-device network either via Alex or Ring apps by following the below steps:

Alexa app: Open More > select Settings > Account Settings > Amazon Sidewalk, and toggle it on/off
Ring app: Tap “three-lined” menu > Control Center > Sidewalk, and tap the slider button

Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.

The post Your Amazon Devices to Automatically Share Your Wi-Fi With Neighbors appeared first on Malware Devil.

https://malwaredevil.com/2021/05/31/your-amazon-devices-to-automatically-share-your-wi-fi-with-neighbors-3/?utm_source=rss&utm_medium=rss&utm_campaign=your-amazon-devices-to-automatically-share-your-wi-fi-with-neighbors-3

United States Memorial Day 2021

Photograph Courtesy of the United States Marine Corps, Photographer: Caitlin Brink, CPL, USMC

The post United States Memorial Day 2021 appeared first on Security Boulevard.

The post United States Memorial Day 2021 appeared first on Malware Devil.

https://malwaredevil.com/2021/05/31/united-states-memorial-day-2021/?utm_source=rss&utm_medium=rss&utm_campaign=united-states-memorial-day-2021

SolarWinds Hackers Target Think Tanks With New ‘NativeZone’ Backdoor

Microsoft on Thursday disclosed that the threat actor behind the SolarWinds supply chain hack returned to the threat landscape to target government agencies, think tanks, consultants, and non-governmental organizations located across 24 countries, including the U.S.

Some of the entities that were singled out include the U.S. Atlantic Council, the Organization for Security and Co-operation in Europe (OSCE), the Ukrainian Anti-Corruption Action Center (ANTAC), the EU DisinfoLab, and the Government of Ireland’s Department of Foreign Affairs.

“This wave of attacks targeted approximately 3,000 email accounts at more than 150 different organizations,” Tom Burt, Microsoft’s Corporate Vice President for Customer Security and Trust, said. “At least a quarter of the targeted organizations were involved in international development, humanitarian, and human rights work.”

Microsoft attributed the ongoing intrusions to the Russian threat actor it tracks as Nobelium, and by the wider cybersecurity community under the monikers APT29, UNC2452 (FireEye), SolarStorm (Unit 42), StellarParticle (Crowdstrike), Dark Halo (Volexity), and Iron Ritual (Secureworks).

The latest wave in a series of intrusions is said to have begun on Jan. 28, 2021, before reaching a new level of escalation on May 25. The attacks leveraged a legitimate mass-mailing service called Constant Contact to conceal its malicious activity and masquerade as USAID, a U.S.-based development organization, for a wide-scale phishing campaign that distributed phishing emails to a variety of organizations and industry verticals.

“Nobelium launched this week’s attacks by gaining access to the Constant Contact account of USAID,” Burt said.

These seemingly authentic emails included a link that, when clicked, delivered a malicious optical disc image file (“ICA-declass.iso”) to inject a custom Cobalt Strike Beacon implant dubbed NativeZone (“Documents.dll”). The backdoor, as observed in previous incidents, comes equipped with capabilities to maintain persistent access, conduct lateral movement, exfiltrate data, and install additional malware.

In another variation of the targeted attacks detected before April, Nobelium experimented with profiling the target machine after the email recipient clicked the link. In the event the underlying operating system turned out to be iOS, the victim was redirected to a second remote server to dispatch an exploit for the then zero-day CVE-2021-1879. Apple addressed the flaw on March 26, acknowledging that “this issue may have been actively exploited.”

Cybersecurity firms Secureworks and Volexity, which corroborated the findings, said the campaign singled out non-governmental organizations, research institutions, government entities, and international agencies situated in the U.S., Ukraine, and the European Union.

“The very narrow and specific set of email identifiers and organizations observed by CTU researchers strongly indicate that the campaign is focused on U.S. and European diplomatic and policy missions that would be of interest to foreign intelligence services,” researchers from Secureworks Counter Threat Unit noted.

The latest attacks add to evidence of the threat actor’s recurring pattern of using unique infrastructure and tooling for each target, thereby giving the attackers a high level of stealth and enabling them to remain undetected for extended periods of time.

The ever-evolving nature of Nobelium’s tradecraft is also likely to be a direct response to the highly publicized SolarWinds incident, suggesting the attackers could further continue to experiment with their methods to meet their objectives.

“When coupled with the attack on SolarWinds, it’s clear that part of Nobelium’s playbook is to gain access to trusted technology providers and infect their customers,” Burt said. “By piggybacking on software updates and now mass email providers, Nobelium increases the chances of collateral damage in espionage operations and undermines trust in the technology ecosystem.”

Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.

The post SolarWinds Hackers Target Think Tanks With New ‘NativeZone’ Backdoor appeared first on Malware Devil.

https://malwaredevil.com/2021/05/31/solarwinds-hackers-target-think-tanks-with-new-nativezone-backdoor-2/?utm_source=rss&utm_medium=rss&utm_campaign=solarwinds-hackers-target-think-tanks-with-new-nativezone-backdoor-2

Malware Devil

Malware Devil

Tuesday, June 1, 2021

ESB-2021.1859 – [SUSE] curl: Access confidential data – Remote/unauthenticated

ESB-2021.1860 – [SUSE] djvulibre: Denial of service – Remote with user interaction

ESB-2021.1861 – [SUSE] nginx: Multiple Vulnerabilities

ESB-2021.1862 – [SUSE] slurm: Execute arbitrary code/commands – Existing account

ESB-2021.1855 – [RedHat] docker: Increased privileges – Existing account

ESB-2021.1856 – [RedHat] glib2: Execute arbitrary code/commands – Remote/unauthenticated

ESB-2021.1854 – [Debian] openjdk-11-jre-dcevm: Multiple Vulnerabilities

Network Security News Summary for Tuesday June 1st, 2021

Monday, May 31, 2021

QueryNet: An Efficient Attack Framework with Surrogates Carrying Multiple Identities

Securing IoT Devices by Exploiting Backscatter Propagation Signatures

Gradient-based Data Subversion Attack Against Binary Classifiers

SHELBRS: Location Based Recommendation Services using Switchable Homomorphic Encryption

A Measurement Study on the (In)security of End-of-Life (EoL) Embedded Devices

Quick and dirty Python: nmap, (Mon, May 31st)

Your Amazon Devices to Automatically Share Your Wi-Fi With Neighbors

Sidewalk’s Privacy and Security Protections

How to Opt-Out and Turn Off Amazon Sidewalk?

United States Memorial Day 2021

SolarWinds Hackers Target Think Tanks With New ‘NativeZone’ Backdoor

Barbary Pirates and Russian Cybercrime

Blog Archive

About Me