Malware Devil

Tuesday, June 1, 2021

ESB-2021.1857 – [RedHat] runc: Increased privileges – Existing account

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1857
runc security update
1 June 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: runc
Publisher: Red Hat
Operating System: Red Hat
Impact/Access: Increased Privileges — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-30465

Reference: ESB-2021.1823

Original Bulletin:
https://access.redhat.com/errata/RHSA-2021:2145

– ————————–BEGIN INCLUDED TEXT——————–

– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: runc security update
Advisory ID: RHSA-2021:2145-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://access.redhat.com/errata/RHSA-2021:2145
Issue date: 2021-05-31
CVE Names: CVE-2021-30465
=====================================================================

1. Summary:

An update for runc is now available for Red Hat Enterprise Linux 7 Extras.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux 7 Extras – ppc64le, s390x, x86_64

3. Description:

The runC tool is a lightweight, portable implementation of the Open
Container Format (OCF) that provides container runtime.

Security Fix(es):

* runc: vulnerable to symlink exchange attack (CVE-2021-30465)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1954736 – CVE-2021-30465 runc: vulnerable to symlink exchange attack

6. Package List:

Red Hat Enterprise Linux 7 Extras:

Source:
runc-1.0.0-69.rc10.el7_9.src.rpm

ppc64le:
runc-1.0.0-69.rc10.el7_9.ppc64le.rpm
runc-debuginfo-1.0.0-69.rc10.el7_9.ppc64le.rpm

s390x:
runc-1.0.0-69.rc10.el7_9.s390x.rpm
runc-debuginfo-1.0.0-69.rc10.el7_9.s390x.rpm

x86_64:
runc-1.0.0-69.rc10.el7_9.x86_64.rpm
runc-debuginfo-1.0.0-69.rc10.el7_9.x86_64.rpm

Red Hat Enterprise Linux 7 Extras:

Source:
runc-1.0.0-69.rc10.el7_9.src.rpm

x86_64:
runc-1.0.0-69.rc10.el7_9.x86_64.rpm
runc-debuginfo-1.0.0-69.rc10.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-30465
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/RHSB-2021-004

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

iQIVAwUBYLSWotzjgjWX9erEAQjOTBAAp/rIma//RTxEV1kW9fqh4V+qShGxMHPE
5V5UMNjCwI/kGoj57q39DmE3vgsfovfWwefpQ6ogj/wBWWap4p+etF+4LaaaJuUC
FAV7AT1Xiyg1sNCA9uQ7KXEpjx92Bsye6KaThkG+RN0aMGPD2Vs90zGwCfSGGp9K
6Gb+GjSqiYBtYnIl/sUnZnUMKTPQJQPdJDYtyQTb+hulVW0Kw411vecJcM1i5nHm
s5C6yqO4tXGh1D3f2xIjIpaCNERopeRrLDkhfAMhun+wfO40XlerTrbVCLgw9Igv
5D8Ebz+RVpSPGQwNCyWbsOZOLWjdTtiaitDnM4g57uglPXvL1ICQ0zy3y8jHhQWR
IW3Ws/iQ8NmSU7lQCx9QO3DYb6eCdZvR3Wp/GPiGDTfO3kaKRWAfTwJKTc4EiYwu
pU73Vhfy90MVYH1ZmWiSQRNs7kAQgELdoYdG2zhT8kcOQzlZJ+5BpLkRxAt2LhC2
AbRoXVPg37xXLSGzDoNDWpowxGz5JWDNBwvgUd9HlL/lqqhIbmi7Fwq1T7R68FjC
zwUyyiOCDZtXDWACjgzAOV8wsmO7UkPmRbjlTIMxQYsZd9qrf+qjilCoqNCLGE++
VI7/oOW+aciDxSgX69ZYxiA6BXN+xC54QXgoNDp0Y6zrbXmisSMcgxYD27hrXMed
dUJUk44amfk=
=C56E
– —–END PGP SIGNATURE—–

– ————————–END INCLUDED TEXT——————–

You have received this e-mail bulletin as a result of your organisation’s
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT’s members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation’s
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author’s website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
—–BEGIN PGP SIGNATURE—–
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYLXEl+NLKJtyKPYoAQihpg//ZBnli86zDdaXj2wb2O47YwUffNYHvXF4
gd6B765T7yw0/rYQKQqYJ3TWbL9crYe0rTl6Au+yvhI4yuRfD1WTRUiAKPj/OD5M
RpnMATTZuO3uqSJi+GJdYnwKHpXtKf9878DGeewPmTILNxmX2ZRECz9XQyvNS2hC
bnBTv0eS6EBvRb67lTPOdXioyl01EOQ5KNbDLwfo95QN3EyuXT0N5LjTdPIXBq9v
erDtfC1ndyfNSfhP6TcyV/GNbmo9RMezfv+HTbu4CVLxB43/e5dK0uQPEi6XariB
0JbNM9G+7eg2NYwzuWC2GuQVadDPw9pKKf02opMN0jZ0G7ZzCc8OBeKrdMiYVIPq
ac7ALlWGA8uba4QOuJi/c+gLqiGUOZ5CNbQL8iv0kVDLUXwdSYuPaeyT6/c5i84E
hX4NWK6AvWTOpyy+sb8MB5qK34QwVtWeVq3/jmfdKkaKA0mWL4a0oiDDWy45yvAG
KgQZx3JRsDLW01EKZC8XrOz+HNoWEWZ5SEvRb9+WvJBllQoHkh0T7QDtwVspJky5
wnf8+wLT1n+gxFdT4AymP4nw4aOLW407yLnU56JWq47Cz87nYvghtAVioxlwjzBl
jX6ofBkwo6Y0g/xWgv/FbhA6rCx3o1gkOBeM4PM/dL64La6X9vU5HVP7aucvxmuL
Y+mvFi/nz3c=
=bOAs
—–END PGP SIGNATURE—–

The post ESB-2021.1857 – [RedHat] runc: Increased privileges – Existing account appeared first on Malware Devil.

https://malwaredevil.com/2021/06/01/esb-2021-1857-redhat-runc-increased-privileges-existing-account/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1857-redhat-runc-increased-privileges-existing-account

ESB-2021.1858 – [SUSE] python-httplib2: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1858
Security update for python-httplib2
1 June 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: python-httplib2
Publisher: SUSE
Operating System: SUSE
Impact/Access: Denial of Service — Remote/Unauthenticated
Provide Misleading Information — Remote/Unauthenticated
Reduced Security — Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2021-21240 CVE-2020-11078

Reference: ESB-2021.1832
ESB-2021.1825

Original Bulletin:
https://www.suse.com/support/update/announcement/2021/suse-su-20211808-1
https://www.suse.com/support/update/announcement/2021/suse-su-20211807-1
https://www.suse.com/support/update/announcement/2021/suse-su-20211806-1

Comment: This bulletin contains three (3) SUSE security advisories.

– ————————–BEGIN INCLUDED TEXT——————–

SUSE Security Update: Security update for python-httplib2

______________________________________________________________________________

Announcement ID: SUSE-SU-2021:1806-1
Rating: moderate
References: #1171998 #1182053
Cross-References: CVE-2020-11078 CVE-2021-21240
Affected Products:
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP2
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for python-httplib2 fixes the following issues:

o Update to version 0.19.0 (bsc#1182053).
o CVE-2021-21240: Fixed regular expression denial of service via malicious
header (bsc#1182053).
o CVE-2020-11078: Fixed unescaped part of uri where an attacker could change
request headers and body (bsc#1182053).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:

o SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-1806=
1
o SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-1806=
1
o SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1806=1
o SUSE Linux Enterprise Module for Basesystem 15-SP2:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1806=1

Package List:

o SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch):
python2-httplib2-0.19.0-3.3.1
o SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (noarch):
python2-httplib2-0.19.0-3.3.1
o SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):
python3-httplib2-0.19.0-3.3.1
o SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch):
python3-httplib2-0.19.0-3.3.1

References:

o https://www.suse.com/security/cve/CVE-2020-11078.html
o https://www.suse.com/security/cve/CVE-2021-21240.html
o https://bugzilla.suse.com/1171998
o https://bugzilla.suse.com/1182053

______________________________________________________________________________

Announcement ID: SUSE-SU-2021:1807-1
Rating: moderate
References: #1171998 #1182053
Cross-References: CVE-2020-11078 CVE-2021-21240
Affected Products:
SUSE OpenStack Cloud 7
SUSE Linux Enterprise Module for Public Cloud 12
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for python-httplib2 contains the following fixes:
Security fixes included in this update:

o CVE-2021-21240: Fixed a regular expression denial of service via malicious
header (bsc#1182053).
o CVE-2020-11078: Fixed an issue where an attacker could change request
headers and body (bsc#1171998).

Non-security fixes included in this update:

o Update in SLE to 0.19.0 (bsc#1182053, CVE-2021-21240)

o update to 0.19.0: * auth: parse headers using pyparsing instead of regexp *
auth: WSSE token needs to be string not bytes

o update to 0.18.1: (bsc#1171998, CVE-2020-11078) * explicit build-backend
workaround for pip build isolation bug * IMPORTANT security vulnerability
CWE-93 CRLF injection Force %xx quote of space, CR, LF characters in uri. *
Ship test suite in source dist

o update to 0.17.3: * bugfixes

o Update to 0.17.1 * python3: no_proxy was not checked with https * feature:
Http().redirect_codes set, works after follow(_all)_redirects check This
allows one line workaround for old gcloud library that uses 308 response
without redirect semantics. * IMPORTANT cache invalidation change, fix 307
keep method, add 308 Redirects * proxy: username/password as str compatible
with pysocks * python2: regression in connect() error handling * add
support for password protected certificate files * feature: Http.close() to
clean persistent connections and sensitive data

o Update to 0.14.0: * Python3: PROXY_TYPE_SOCKS5 with str user/pass raised
TypeError

o version update to 0.13.1 0.13.1 * Python3: Use no_proxy https://github.com/
httplib2/httplib2/pull/140 0.13.0 * Allow setting TLS max/min versions
https://github.com/httplib2/httplib2/pull/138 0.12.3 * No changes to
library. Distribute py3 wheels. 0.12.1 * Catch socket timeouts and clear
dead connection https://github.com/httplib2/httplib2/issues/18 https://
github.com/httplib2/httplib2/pull/111 * Officially support Python 3.7
(package metadata) https://github.com/httplib2/httplib2/issues/123 0.12.0 *
Drop support for Python 3.3 * ca_certs from environment HTTPLIB2_CA_CERTS
or certifi https://github.com/httplib2/httplib2/pull/117 * PROXY_TYPE_HTTP
with non-empty user/pass raised TypeError: bytes required https://
github.com/httplib2/httplib2/pull/115 * Revert http:443->https workaround
https://github.com/httplib2/httplib2/issues/112 * eliminate connection pool
read race https://github.com/httplib2/httplib2/pull/110 * cache: stronger
safename https://github.com/httplib2/httplib2/pull/101 0.11.3 * No changes,
just reupload of 0.11.2 after fixing automatic release conditions in
Travis. 0.11.2 * proxy: py3 NameError basestring https://github.com/
httplib2/httplib2/pull/100 0.11.1 * Fix HTTP(S)ConnectionWithTimeout
AttributeError proxy_info https://github.com/httplib2/httplib2/pull/97
0.11.0 * Add DigiCert Global Root G2 serial
033af1e6a711a9a0bb2864b11d09fae5 https://github.com/httplib2/httplib2/pull/
91 * python3 proxy support https://github.com/httplib2/httplib2/pull/90 *
If no_proxy environment value ends with comma then proxy is not used https:
//github.com/httplib2/httplib2/issues/11 * fix UnicodeDecodeError using
socks5 proxy https://github.com/httplib2/httplib2/pull/64 * Respect
NO_PROXY env var in proxy_info_from_url https://github.com/httplib2/
httplib2/pull/58 * NO_PROXY=bar was matching foobar (suffix without dot
delimiter) New behavior matches curl/wget:
– no_proxy=foo.bar will only skip proxy for exact hostname match – no_proxy
=.wild.card will skip proxy for any.subdomains.wild.card

https://github.com/httplib2/httplib2/issues/94 * Bugfix for Content-Encoding:
deflate https://stackoverflow.com/a/22311297
deleted patches httplib2 started to use certifi and this is already bent to use
system certificate bundle.

o handle the case when validation is disabled correctly. The ‘check_hostname’
context attribute has to be set first, othewise a “ValueError: Cannot set
verify_mode to CERT_NONE when check_hostname is enabled.” exception is
raised.

o handle the case with ssl_version being None correctly

o Use ssl.create_default_context in the python2 case so that the system wide
certificates are loaded as trusted again.

o Source url must be https.

o Spec file cleanups

o Update to 0.10.3 * Fix certificate validation on Pythonhttps workaround
https://github.com/httplib2/httplib2/issues/112 * eliminate connection pool
read race https://github.com/httplib2/httplib2/pull/110 * cache: stronger
safename https://github.com/httplib2/httplib2/pull/101 0.11.3 * No changes,
just reupload of 0.11.2 after fixing automatic release conditions in
Travis. 0.11.2 * proxy: py3 NameError basestring https://github.com/
httplib2/httplib2/pull/100 0.11.1 * Fix HTTP(S)ConnectionWithTimeout
AttributeError proxy_info https://github.com/httplib2/httplib2/pull/97
0.11.0 * Add DigiCert Global Root G2 serial
033af1e6a711a9a0bb2864b11d09fae5 https://github.com/httplib2/httplib2/pull/
91 * python3 proxy support https://github.com/httplib2/httplib2/pull/90 *
If no_proxy environment value ends with comma then proxy is not used https:
//github.com/httplib2/httplib2/issues/11 * fix UnicodeDecodeError using
socks5 proxy https://github.com/httplib2/httplib2/pull/64 * Respect
NO_PROXY env var in proxy_info_from_url https://github.com/httplib2/
httplib2/pull/58 * NO_PROXY=bar was matching foobar (suffix without dot
delimiter) New behavior matches curl/wget:
– no_proxy=foo.bar will only skip proxy for exact hostname match – no_proxy
=.wild.card will skip proxy for any.subdomains.wild.card

https://github.com/httplib2/httplib2/issues/94 * Bugfix for Content-Encoding:
deflate https://stackoverflow.com/a/22311297
deleted patches – httplib2 started to use certifi and this is already bent to
use system certificate bundle

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:

o SUSE OpenStack Cloud Crowbar 8:
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-1808=1
o SUSE OpenStack Cloud 8:
zypper in -t patch SUSE-OpenStack-Cloud-8-2021-1808=1
o HPE Helion Openstack 8:
zypper in -t patch HPE-Helion-OpenStack-8-2021-1808=1

Package List:

o SUSE OpenStack Cloud Crowbar 8 (noarch):
python-httplib2-0.19.0-7.3.1
o SUSE OpenStack Cloud 8 (noarch):
python-httplib2-0.19.0-7.3.1
o HPE Helion Openstack 8 (noarch):
python-httplib2-0.19.0-7.3.1

References:

o https://www.suse.com/security/cve/CVE-2020-11078.html
o https://www.suse.com/security/cve/CVE-2021-21240.html
o https://bugzilla.suse.com/1171998
o https://bugzilla.suse.com/1182053

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYLXFVeNLKJtyKPYoAQg6ig//Q7kGirjuiKywvLtB7rhNTgw67H96Xl0t
YNqVpfMMPKg5104Q78rJqNRS4vWuKSZhaAz5aNDiqk+ELFwwYvm6hktCwbBWDYyF
PoO5FUSXuNivvb6tpyv4BsjSZUwmkrCP7iozythSA01vLJIbeIpUJ5NJpzjOuEVh
jZHzmqRKbkVSP/3y21qZMJHObyXBCBb6ErS+DqNEq0NvVWBMlFFnk4Y9bqLukUFL
f2lxuY0XqpngE/DUZfKhMS85czMidthNH0IUZhg5/izvHcjzKnqDiHAAr7jPy52S
mGLe8pDR/YrMy4KUbGXgq02ju5wSIQtGHTlavi+8wShNWLNq/Lc5bldBtelR+Mij
kzxpz63IkKovJcF6/nP2wiwbBxa8OmFLakH8NAwSpHccvhJAatm+7bhblMeVNFjh
4+oC/YrZpwb/MdN66QCHd0OAD6LP9bY2eZ1mOUQ7MyhBRYVWP8a+U5tN3ejZ1unG
+6qM8Gjh1fhhJIYDlGaSFyccJ0TGEyGvj+FxuOFjU7HF2uAK5bvhjVyiPpNkuf8d
1Ftt7l6bNWpznoGF70M2bOcnTuP9x54yKpbT5OnnM2gDYPwnGT6ibghJfLBFUZdE
f4USBfaGd6BsLU9kT9cSpVO3F209tp9VgMXM3dSQ/tGpJlRslDVBsBSWP4VJTL2f
GUyBkwrA2qg=
=i4/p
—–END PGP SIGNATURE—–

The post ESB-2021.1858 – [SUSE] python-httplib2: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/06/01/esb-2021-1858-suse-python-httplib2-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1858-suse-python-httplib2-multiple-vulnerabilities

ESB-2021.1859 – [SUSE] curl: Access confidential data – Remote/unauthenticated

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1859
Security update for curl
1 June 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: curl
Publisher: SUSE
Operating System: SUSE
Impact/Access: Access Confidential Data — Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2021-22898 CVE-2021-22876

Reference: ESB-2021.1841
ESB-2021.1827

Original Bulletin:
https://www.suse.com/support/update/announcement/2021/suse-su-20211809-1

– ————————–BEGIN INCLUDED TEXT——————–

SUSE Security Update: Security update for curl

______________________________________________________________________________

Announcement ID: SUSE-SU-2021:1809-1
Rating: moderate
References: #1177976 #1183933 #1186114
Cross-References: CVE-2021-22876 CVE-2021-22898
Affected Products:
SUSE Manager Server 4.0
SUSE Manager Retail Branch Server 4.0
SUSE Manager Proxy 4.0
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Enterprise Storage 6
SUSE CaaS Platform 4.0
______________________________________________________________________________

An update that solves two vulnerabilities, contains one feature and has one
errata is now available.

Description:

This update for curl fixes the following issues:

o CVE-2021-22876: Fixed an issue where the automatic referer was leaking
credentials (bsc#1183933).
o CVE-2021-22898: Fixed curl TELNET stack contents disclosure (bsc#1186114).
o Fix for SFTP uploads when it results in empty uploaded files (bsc#1177976).
o Allow partial chain verification (jsc#SLE-17956).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:

o SUSE Manager Server 4.0:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1809=1
o SUSE Manager Retail Branch Server 4.0:
zypper in -t patch
SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1809=1
o SUSE Manager Proxy 4.0:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1809=1
o SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1809=1
o SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1809=1
o SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1809=1
o SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1809=1
o SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2021-1809=1
o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1809=1
o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1809=1
o SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1809=1
o SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1809=1
o SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2021-1809=1
o SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform ‘skuba’ tool. I will
inform you if it detects new updates and let you then trigger updating of
the complete cluster in a controlled way.

Package List:

o SUSE Manager Server 4.0 (ppc64le s390x x86_64):
curl-7.60.0-3.42.1
curl-debuginfo-7.60.0-3.42.1
curl-debugsource-7.60.0-3.42.1
libcurl-devel-7.60.0-3.42.1
libcurl4-7.60.0-3.42.1
libcurl4-debuginfo-7.60.0-3.42.1
o SUSE Manager Server 4.0 (x86_64):
libcurl4-32bit-7.60.0-3.42.1
libcurl4-32bit-debuginfo-7.60.0-3.42.1
o SUSE Manager Retail Branch Server 4.0 (x86_64):
curl-7.60.0-3.42.1
curl-debuginfo-7.60.0-3.42.1
curl-debugsource-7.60.0-3.42.1
libcurl-devel-7.60.0-3.42.1
libcurl4-32bit-7.60.0-3.42.1
libcurl4-32bit-debuginfo-7.60.0-3.42.1
libcurl4-7.60.0-3.42.1
libcurl4-debuginfo-7.60.0-3.42.1
o SUSE Manager Proxy 4.0 (x86_64):
curl-7.60.0-3.42.1
curl-debuginfo-7.60.0-3.42.1
curl-debugsource-7.60.0-3.42.1
libcurl-devel-7.60.0-3.42.1
libcurl4-32bit-7.60.0-3.42.1
libcurl4-32bit-debuginfo-7.60.0-3.42.1
libcurl4-7.60.0-3.42.1
libcurl4-debuginfo-7.60.0-3.42.1
o SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
curl-7.60.0-3.42.1
curl-debuginfo-7.60.0-3.42.1
curl-debugsource-7.60.0-3.42.1
libcurl-devel-7.60.0-3.42.1
libcurl4-7.60.0-3.42.1
libcurl4-debuginfo-7.60.0-3.42.1
o SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64):
libcurl4-32bit-7.60.0-3.42.1
libcurl4-32bit-debuginfo-7.60.0-3.42.1
o SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
curl-7.60.0-3.42.1
curl-debuginfo-7.60.0-3.42.1
curl-debugsource-7.60.0-3.42.1
libcurl-devel-7.60.0-3.42.1
libcurl4-7.60.0-3.42.1
libcurl4-debuginfo-7.60.0-3.42.1
o SUSE Linux Enterprise Server for SAP 15 (x86_64):
libcurl4-32bit-7.60.0-3.42.1
libcurl4-32bit-debuginfo-7.60.0-3.42.1
o SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
curl-7.60.0-3.42.1
curl-debuginfo-7.60.0-3.42.1
curl-debugsource-7.60.0-3.42.1
libcurl-devel-7.60.0-3.42.1
libcurl4-7.60.0-3.42.1
libcurl4-debuginfo-7.60.0-3.42.1
o SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64):
libcurl4-32bit-7.60.0-3.42.1
libcurl4-32bit-debuginfo-7.60.0-3.42.1
o SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
curl-7.60.0-3.42.1
curl-debuginfo-7.60.0-3.42.1
curl-debugsource-7.60.0-3.42.1
libcurl-devel-7.60.0-3.42.1
libcurl4-32bit-7.60.0-3.42.1
libcurl4-32bit-debuginfo-7.60.0-3.42.1
libcurl4-7.60.0-3.42.1
libcurl4-debuginfo-7.60.0-3.42.1
o SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
curl-7.60.0-3.42.1
curl-debuginfo-7.60.0-3.42.1
curl-debugsource-7.60.0-3.42.1
libcurl-devel-7.60.0-3.42.1
libcurl4-7.60.0-3.42.1
libcurl4-debuginfo-7.60.0-3.42.1
o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64
x86_64):
curl-7.60.0-3.42.1
curl-debuginfo-7.60.0-3.42.1
curl-debugsource-7.60.0-3.42.1
libcurl-devel-7.60.0-3.42.1
libcurl4-7.60.0-3.42.1
libcurl4-debuginfo-7.60.0-3.42.1
o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64):
libcurl4-32bit-7.60.0-3.42.1
libcurl4-32bit-debuginfo-7.60.0-3.42.1
o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64
x86_64):
curl-7.60.0-3.42.1
curl-debuginfo-7.60.0-3.42.1
curl-debugsource-7.60.0-3.42.1
libcurl-devel-7.60.0-3.42.1
libcurl4-7.60.0-3.42.1
libcurl4-debuginfo-7.60.0-3.42.1
o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64):
libcurl4-32bit-7.60.0-3.42.1
libcurl4-32bit-debuginfo-7.60.0-3.42.1
o SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
curl-7.60.0-3.42.1
curl-debuginfo-7.60.0-3.42.1
curl-debugsource-7.60.0-3.42.1
libcurl-devel-7.60.0-3.42.1
libcurl4-7.60.0-3.42.1
libcurl4-debuginfo-7.60.0-3.42.1
o SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64):
libcurl4-32bit-7.60.0-3.42.1
libcurl4-32bit-debuginfo-7.60.0-3.42.1
o SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
curl-7.60.0-3.42.1
curl-debuginfo-7.60.0-3.42.1
curl-debugsource-7.60.0-3.42.1
libcurl-devel-7.60.0-3.42.1
libcurl4-7.60.0-3.42.1
libcurl4-debuginfo-7.60.0-3.42.1
o SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64):
libcurl4-32bit-7.60.0-3.42.1
libcurl4-32bit-debuginfo-7.60.0-3.42.1
o SUSE Enterprise Storage 6 (aarch64 x86_64):
curl-7.60.0-3.42.1
curl-debuginfo-7.60.0-3.42.1
curl-debugsource-7.60.0-3.42.1
libcurl-devel-7.60.0-3.42.1
libcurl4-7.60.0-3.42.1
libcurl4-debuginfo-7.60.0-3.42.1
o SUSE Enterprise Storage 6 (x86_64):
libcurl4-32bit-7.60.0-3.42.1
libcurl4-32bit-debuginfo-7.60.0-3.42.1
o SUSE CaaS Platform 4.0 (x86_64):
curl-7.60.0-3.42.1
curl-debuginfo-7.60.0-3.42.1
curl-debugsource-7.60.0-3.42.1
libcurl-devel-7.60.0-3.42.1
libcurl4-32bit-7.60.0-3.42.1
libcurl4-32bit-debuginfo-7.60.0-3.42.1
libcurl4-7.60.0-3.42.1
libcurl4-debuginfo-7.60.0-3.42.1

References:

o https://www.suse.com/security/cve/CVE-2021-22876.html
o https://www.suse.com/security/cve/CVE-2021-22898.html
o https://bugzilla.suse.com/1177976
o https://bugzilla.suse.com/1183933
o https://bugzilla.suse.com/1186114

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYLXGEuNLKJtyKPYoAQgsSRAAiUp2devbZ+gfRx5yLt6j3YHPInA6fBVK
laakxjag9MTB2QgUWsjHPIQhJ2ni4JJcd7jyXfODraLL8MWaOPvuvyxrDK+xdF01
2tz6dCcQTnaOeHgvEIy5sqDLpeClGmeCh/ehPRBFCvfn/4a5sJtrbYadc2Pnzw9L
P+a5o39yAG0wb4s09gQgoa+MyupwvwkDmHj0ku1j8WP+9e90lM2rZcNp3n5hTZfx
B5bLr8j0nOxXKgwnuO/veCl3M62tAopR8of3jtuyrSDv36aFVZlsrimuJ1LcyPZp
H6Mf3rrjLCztvoSGA9C4LJWyCjyPrfrgVS5Q7gxyVrKljkBs2u38YaZnp9WR4nhN
2EiLAtGVdGnIjeaZFzex3XJJ2ko2NIFcUwKgmV/LjAvPWJEzW0XAJ8MdwU+sQL+i
4mGaSE43Nc4EjR2IrN5xGzvTi8pYKZTLHacAqgkYpeg995nLpJnKP3LuRZxD7uOD
CBOKd3tvyO6ozghrYcXN+RRy7xcbKlj44Sb5ETrIBXwKr/Ew0A28jIXf0g8XADCA
HJAqNBnR8P9cwhKFYZsVFf5bB+xDKixF8cLsit8d1DK9UU3L42PqVZarj5hGXr2x
aERraHc5fA3D/EoyhA58w0MuQy0ijNy/56ptTT4ISfePcGQYgGmTXcTs8vquBXwj
ZYyF+VcT3nU=
=uTbF
—–END PGP SIGNATURE—–

The post ESB-2021.1859 – [SUSE] curl: Access confidential data – Remote/unauthenticated appeared first on Malware Devil.

https://malwaredevil.com/2021/06/01/esb-2021-1859-suse-curl-access-confidential-data-remote-unauthenticated/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1859-suse-curl-access-confidential-data-remote-unauthenticated

ESB-2021.1860 – [SUSE] djvulibre: Denial of service – Remote with user interaction

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1860
Security update for djvulibre
1 June 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: djvulibre
Publisher: SUSE
Operating System: SUSE
Impact/Access: Denial of Service — Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2021-3500

Reference: ESB-2021.1822
ESB-2021.1681

Original Bulletin:
https://www.suse.com/support/update/announcement/2021/suse-su-202114738-1

– ————————–BEGIN INCLUDED TEXT——————–

SUSE Security Update: Security update for djvulibre

______________________________________________________________________________

Announcement ID: SUSE-SU-2021:14738-1
Rating: important
References: #1186253
Cross-References: CVE-2021-3500
Affected Products:
SUSE Linux Enterprise Server 11-SP4-LTSS
SUSE Linux Enterprise Point of Sale 11-SP3
SUSE Linux Enterprise Debuginfo 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP3
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for djvulibre fixes the following issues:

o CVE-2021-3500: Stack overflow in function DJVU:DjVuDocument:get_djvu_file()
via crafted djvu file (bsc#1186253)

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:

o SUSE Linux Enterprise Server 11-SP4-LTSS:
zypper in -t patch slessp4-djvulibre-14738=1
o SUSE Linux Enterprise Point of Sale 11-SP3:
zypper in -t patch sleposp3-djvulibre-14738=1
o SUSE Linux Enterprise Debuginfo 11-SP4:
zypper in -t patch dbgsp4-djvulibre-14738=1
o SUSE Linux Enterprise Debuginfo 11-SP3:
zypper in -t patch dbgsp3-djvulibre-14738=1

Package List:

o SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64):
libdjvulibre21-3.5.21-3.12.1
o SUSE Linux Enterprise Point of Sale 11-SP3 (i586):
libdjvulibre21-3.5.21-3.12.1
o SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64):
djvulibre-debuginfo-3.5.21-3.12.1
djvulibre-debugsource-3.5.21-3.12.1
o SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64):
djvulibre-debuginfo-3.5.21-3.12.1
djvulibre-debugsource-3.5.21-3.12.1

References:

o https://www.suse.com/security/cve/CVE-2021-3500.html
o https://bugzilla.suse.com/1186253

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYLXHoeNLKJtyKPYoAQiH6A//RnowlHmQiwDts/JYroNqotpN1AGBwokq
h9TieA10lnldPr4VklxPBMyuHe0xTK4rfO8SQYpmg0cfOqZ1/fcVmB1vqlhbl/kl
RDGSNjCpLI7NEDSlhGXOXV+AIt0MxM3WnAIwCrXhsWgPh0h7cVMloi9CHy/LcW+5
BhTfNY868RhcnrnDIBAoJyLNM0Y50O/w6QaLYvh/f6MemwS3Oph7gUDXnDvUtND0
pfyJTxsZu0Zc1vFvjykSTd1XLFBv/ePTtDjHYjpnUuNJjUaTCI+Yn87qM/qGFOeC
niOeA1BaJ9To9L42W48fTnvuHKGzcmGoSzm2eebgtctZ0GzFyCJcq/jW+EuN1Cmv
uSlZq68X3iBzgId0EoGvO8VKdpJ4G4gge79qtoAXK7Gxl2Zmxn4eK9He9HF9aVrO
9aVEkMQzk62ibXGgB8Ze+Lj2R9wJSySl7V9uljDhSx2xWmtW2SAyOIcM+fODJurH
6Q8XdOLFJL3jz3oDh950aar9rwSgq7rP420Q9WV4UPCFJWDXAZ3klodBjTHXebrF
RjzSChf4L52Sv24JMk8tL/QqcfPC+SVq8GPT1Lf4MrEjiMYFFnaN2mVjCsjJe0o4
2LUQbLMzSQdlUGVf7UvqUmudkkf6NlteRXMi+nwm/mYKqJbmG6XBoEsiL536Zn0J
ceqk69EOLbM=
=sI7b
—–END PGP SIGNATURE—–

The post ESB-2021.1860 – [SUSE] djvulibre: Denial of service – Remote with user interaction appeared first on Malware Devil.

https://malwaredevil.com/2021/06/01/esb-2021-1860-suse-djvulibre-denial-of-service-remote-with-user-interaction/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1860-suse-djvulibre-denial-of-service-remote-with-user-interaction

ESB-2021.1861 – [SUSE] nginx: Multiple Vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1861
Security update for nginx
1 June 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: nginx
Publisher: SUSE
Operating System: SUSE
Impact/Access: Execute Arbitrary Code/Commands — Remote/Unauthenticated
Denial of Service — Remote/Unauthenticated
Access Confidential Data — Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2021-23017

Reference: ESB-2021.1851
ESB-2021.1840

Original Bulletin:
https://www.suse.com/support/update/announcement/2021/suse-su-20211814-1
https://www.suse.com/support/update/announcement/2021/suse-su-20211815-1

Comment: This bulletin contains two (2) SUSE security advisories.

– ————————–BEGIN INCLUDED TEXT——————–

SUSE Security Update: Security update for nginx
______________________________________________________________________________

Announcement ID: SUSE-SU-2021:1814-1
Rating: important
References: #1186126
Cross-References: CVE-2021-23017
Affected Products:
SUSE Linux Enterprise Module for Server Applications 15-SP2
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for nginx fixes the following issues:

o CVE-2021-23017: nginx DNS resolver off-by-one heap write (bsc#1186126)

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:

o SUSE Linux Enterprise Module for Server Applications 15-SP2:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-1814=1

Package List:

o SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64
ppc64le s390x x86_64):
nginx-1.16.1-3.3.1
nginx-debuginfo-1.16.1-3.3.1
nginx-debugsource-1.16.1-3.3.1
o SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch):
nginx-source-1.16.1-3.3.1

References:

o https://www.suse.com/security/cve/CVE-2021-23017.html
o https://bugzilla.suse.com/1186126

– ——————————————————————————–
– ——————————————————————————–

______________________________________________________________________________

Announcement ID: SUSE-SU-2021:1815-1
Rating: important
References: #1186126
Cross-References: CVE-2021-23017
Affected Products:
SUSE Linux Enterprise Module for Server Applications 15-SP3
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for nginx fixes the following issues:

o CVE-2021-23017: nginx DNS resolver off-by-one heap write (bsc#1186126)

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:

o SUSE Linux Enterprise Module for Server Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-1815=1

Package List:

o SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64
ppc64le s390x x86_64):
nginx-1.19.8-3.3.1
nginx-debuginfo-1.19.8-3.3.1
nginx-debugsource-1.19.8-3.3.1
o SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch):
nginx-source-1.19.8-3.3.1

References:

o https://www.suse.com/security/cve/CVE-2021-23017.html
o https://bugzilla.suse.com/1186126

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYLXIUONLKJtyKPYoAQg1bw//bBJf5B2mZrmvbeADEcwln4/XNExeUpKM
k90yW3S5i1r7Yrho4xvSggwj1zkpUkGjkwItSpryNkedwdpe3LkLUDCmBH7Y00gU
OUhUUz2nHNQlPlEd2uIXQIOqiulobhIpv0L19PM5ehItIxW5lQm6ZU0aHb2qjzQP
06shNU4dm1bqldHirMjlyaRlsgBvF6c0dHKvTOeCapSay8pf3a9tmD1KrEnwemnP
MOOWwz+tdk9pbBTSbCM50Wdxr3uabYz/B+EaIkF3sXhO//baWq9fs+CjZ3eiTPsK
vhJUUmCwOKt9eV28+N9H/sVAuLFqAeYnkCp+U5uMWsWXYezbp4N1FF24lmv6Ng03
vaOO/UKGwTt0/p0aVzsw0JRCIc6Wnng0hDGzhHiYF91QpNdctswPg/rAIS3/cOz8
edWXehtt5EUMLdbR3VR2MvR1F4/8zJUyXanteuWfq3BCHnzxf6iuIjyCq7Y2WfH+
GNRPycN7LgHtNIBKoemUFvK4Z86ln60oSEOUqOpANmPbEGweh8w7V9a4ZwPNIEea
pMIjHnlvzDscHn71xPykZje1WCPW2gZgjwsIv7mf+4MjP/4Mau35ouaMco2acZrK
3POJDBsM8UzZNYPFKCSox+4q1hOJMis4awgNoFi8riKRFZ9Jn9kvBJt4kfDj6LSA
v53T77U6R+M=
=60Eq
—–END PGP SIGNATURE—–

The post ESB-2021.1861 – [SUSE] nginx: Multiple Vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/06/01/esb-2021-1861-suse-nginx-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1861-suse-nginx-multiple-vulnerabilities

ESB-2021.1862 – [SUSE] slurm: Execute arbitrary code/commands – Existing account

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1862
Security update for slurm
1 June 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: slurm
Publisher: SUSE
Operating System: SUSE
Impact/Access: Execute Arbitrary Code/Commands — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-31215

Reference: ESB-2021.1842

Original Bulletin:
https://www.suse.com/support/update/announcement/2021/suse-su-20211810-1
https://www.suse.com/support/update/announcement/2021/suse-su-20211811-1

Comment: This bulletin contains two (2) SUSE security advisories.

– ————————–BEGIN INCLUDED TEXT——————–

SUSE Security Update: Security update for slurm
______________________________________________________________________________

Announcement ID: SUSE-SU-2021:1810-1
Rating: important
References: #1186024
Cross-References: CVE-2021-31215
Affected Products:
SUSE Linux Enterprise Module for HPC 15-SP2
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for slurm fixes the following issues:

o CVE-2021-31215: Fixed a environment mishandling that allowed remote code
execution as SlurmUser (bsc#1186024).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:

o SUSE Linux Enterprise Module for HPC 15-SP2:
zypper in -t patch SUSE-SLE-Module-HPC-15-SP2-2021-1810=1

Package List:

o SUSE Linux Enterprise Module for HPC 15-SP2 (aarch64 x86_64):
libnss_slurm2-20.02.7-3.6.1
libnss_slurm2-debuginfo-20.02.7-3.6.1
libpmi0-20.02.7-3.6.1
libpmi0-debuginfo-20.02.7-3.6.1
libslurm35-20.02.7-3.6.1
libslurm35-debuginfo-20.02.7-3.6.1
perl-slurm-20.02.7-3.6.1
perl-slurm-debuginfo-20.02.7-3.6.1
slurm-20.02.7-3.6.1
slurm-auth-none-20.02.7-3.6.1
slurm-auth-none-debuginfo-20.02.7-3.6.1
slurm-config-20.02.7-3.6.1
slurm-config-man-20.02.7-3.6.1
slurm-debuginfo-20.02.7-3.6.1
slurm-debugsource-20.02.7-3.6.1
slurm-devel-20.02.7-3.6.1
slurm-doc-20.02.7-3.6.1
slurm-lua-20.02.7-3.6.1
slurm-lua-debuginfo-20.02.7-3.6.1
slurm-munge-20.02.7-3.6.1
slurm-munge-debuginfo-20.02.7-3.6.1
slurm-node-20.02.7-3.6.1
slurm-node-debuginfo-20.02.7-3.6.1
slurm-pam_slurm-20.02.7-3.6.1
slurm-pam_slurm-debuginfo-20.02.7-3.6.1
slurm-plugins-20.02.7-3.6.1
slurm-plugins-debuginfo-20.02.7-3.6.1
slurm-slurmdbd-20.02.7-3.6.1
slurm-slurmdbd-debuginfo-20.02.7-3.6.1
slurm-sql-20.02.7-3.6.1
slurm-sql-debuginfo-20.02.7-3.6.1
slurm-sview-20.02.7-3.6.1
slurm-sview-debuginfo-20.02.7-3.6.1
slurm-torque-20.02.7-3.6.1
slurm-torque-debuginfo-20.02.7-3.6.1
slurm-webdoc-20.02.7-3.6.1

References:

o https://www.suse.com/security/cve/CVE-2021-31215.html
o https://bugzilla.suse.com/1186024

– ——————————————————————————–
– ——————————————————————————–

______________________________________________________________________________

Announcement ID: SUSE-SU-2021:1811-1
Rating: important
References: #1186024
Cross-References: CVE-2021-31215
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for slurm fixes the following issues:

o CVE-2021-31215: remote code execution as SlurmUser because of a
PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling
(bsc#1186024)

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:

o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1811=1
o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1811=1

Package List:

o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64
x86_64):
libpmi0-18.08.9-3.19.1
libpmi0-debuginfo-18.08.9-3.19.1
libslurm33-18.08.9-3.19.1
libslurm33-debuginfo-18.08.9-3.19.1
perl-slurm-18.08.9-3.19.1
perl-slurm-debuginfo-18.08.9-3.19.1
slurm-18.08.9-3.19.1
slurm-auth-none-18.08.9-3.19.1
slurm-auth-none-debuginfo-18.08.9-3.19.1
slurm-config-18.08.9-3.19.1
slurm-config-man-18.08.9-3.19.1
slurm-debuginfo-18.08.9-3.19.1
slurm-debugsource-18.08.9-3.19.1
slurm-devel-18.08.9-3.19.1
slurm-doc-18.08.9-3.19.1
slurm-lua-18.08.9-3.19.1
slurm-lua-debuginfo-18.08.9-3.19.1
slurm-munge-18.08.9-3.19.1
slurm-munge-debuginfo-18.08.9-3.19.1
slurm-node-18.08.9-3.19.1
slurm-node-debuginfo-18.08.9-3.19.1
slurm-pam_slurm-18.08.9-3.19.1
slurm-pam_slurm-debuginfo-18.08.9-3.19.1
slurm-plugins-18.08.9-3.19.1
slurm-plugins-debuginfo-18.08.9-3.19.1
slurm-slurmdbd-18.08.9-3.19.1
slurm-slurmdbd-debuginfo-18.08.9-3.19.1
slurm-sql-18.08.9-3.19.1
slurm-sql-debuginfo-18.08.9-3.19.1
slurm-sview-18.08.9-3.19.1
slurm-sview-debuginfo-18.08.9-3.19.1
slurm-torque-18.08.9-3.19.1
slurm-torque-debuginfo-18.08.9-3.19.1
o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64
x86_64):
libpmi0-18.08.9-3.19.1
libpmi0-debuginfo-18.08.9-3.19.1
libslurm33-18.08.9-3.19.1
libslurm33-debuginfo-18.08.9-3.19.1
perl-slurm-18.08.9-3.19.1
perl-slurm-debuginfo-18.08.9-3.19.1
slurm-18.08.9-3.19.1
slurm-auth-none-18.08.9-3.19.1
slurm-auth-none-debuginfo-18.08.9-3.19.1
slurm-config-18.08.9-3.19.1
slurm-config-man-18.08.9-3.19.1
slurm-debuginfo-18.08.9-3.19.1
slurm-debugsource-18.08.9-3.19.1
slurm-devel-18.08.9-3.19.1
slurm-doc-18.08.9-3.19.1
slurm-lua-18.08.9-3.19.1
slurm-lua-debuginfo-18.08.9-3.19.1
slurm-munge-18.08.9-3.19.1
slurm-munge-debuginfo-18.08.9-3.19.1
slurm-node-18.08.9-3.19.1
slurm-node-debuginfo-18.08.9-3.19.1
slurm-pam_slurm-18.08.9-3.19.1
slurm-pam_slurm-debuginfo-18.08.9-3.19.1
slurm-plugins-18.08.9-3.19.1
slurm-plugins-debuginfo-18.08.9-3.19.1
slurm-slurmdbd-18.08.9-3.19.1
slurm-slurmdbd-debuginfo-18.08.9-3.19.1
slurm-sql-18.08.9-3.19.1
slurm-sql-debuginfo-18.08.9-3.19.1
slurm-sview-18.08.9-3.19.1
slurm-sview-debuginfo-18.08.9-3.19.1
slurm-torque-18.08.9-3.19.1
slurm-torque-debuginfo-18.08.9-3.19.1

References:

o https://www.suse.com/security/cve/CVE-2021-31215.html
o https://bugzilla.suse.com/1186024

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYLXI4eNLKJtyKPYoAQi9QhAAsUnN5tbW4IJVO0dN46vPPeHoEUQmMnw8
ez2y4t1VEgmqhIFjP0N1ohOr8ohiBQwx/t19H2YvYeRKSKGEEmXhuc6IqqbFLHXO
mGtdkrcWNEimSY80P/KvIrhIWZwnwLRWHVusNKFg6/ayp91ig9IIzA6pp4IJpmZs
f0BL2aHYHu3TKxWqQiGy6Wnf+0i2f/I1l7w7dk5YvP8fyTq+cwCGY3ZHVzZpVvUK
5hq58aymc4Z1q1TJIqxo06ENEI413vq0XGwPjKhniZW52a0MwMb4yFSEryY1uzIX
+dZ0Ut+cswZ0yExjEBh1oT6xggW6PkJO9aS+k6OnTr65rkyCPC6iZLlr/CKGrcoK
Ml4LOosdfDIJ33tcUSSsO0PRf8DyYQPvkJllYprUz5H5TLuJOmEAFwB1l0X7oX6W
Inp5GKLFoWbEBk2yPxFqQaRB8Tee0bUlZuI3p/LiTqy+OTV45UIFnab74tlnGcll
vW/O/AiKZF25QEDGPBIRJCbhbfJOAbpxp+0ak2qsGeWmWhOgqZQwXpSVAov76GLo
5klnsMuG6htf5Mtt5KCMrMmSVQPi9mYHXIvTM5fIsgrQJNFBDvY1IhiLPs/dDSTd
4wOni9neAb59/ASO4J6Oy6ZqdZMwisj/BwtIXfBmnIpR81D/G6YK1EIhp8eyj6Oo
2NlbwMASUaw=
=ATYm
—–END PGP SIGNATURE—–

The post ESB-2021.1862 – [SUSE] slurm: Execute arbitrary code/commands – Existing account appeared first on Malware Devil.

https://malwaredevil.com/2021/06/01/esb-2021-1862-suse-slurm-execute-arbitrary-code-commands-existing-account/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1862-suse-slurm-execute-arbitrary-code-commands-existing-account

ESB-2021.1855 – [RedHat] docker: Increased privileges – Existing account

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1855
docker security update
1 June 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: docker
Publisher: Red Hat
Operating System: Red Hat
Impact/Access: Increased Privileges — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-30465

Reference: ESB-2021.1823
ESB-2021.1792
ESB-2021.1767

Original Bulletin:
https://access.redhat.com/errata/RHSA-2021:2144

– ————————–BEGIN INCLUDED TEXT——————–

– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: docker security update
Advisory ID: RHSA-2021:2144-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://access.redhat.com/errata/RHSA-2021:2144
Issue date: 2021-05-31
CVE Names: CVE-2021-30465
=====================================================================

1. Summary:

An update for docker is now available for Red Hat Enterprise Linux 7
Extras.

2. Relevant releases/architectures:

Red Hat Enterprise Linux 7 Extras – ppc64le, s390x, x86_64

3. Description:

Docker is an open-source engine that automates the deployment of any
application as a lightweight, portable, self-sufficient container that runs
virtually anywhere.

Security Fix(es):

* runc: vulnerable to symlink exchange attack (CVE-2021-30465)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1954736 – CVE-2021-30465 runc: vulnerable to symlink exchange attack

6. Package List:

Red Hat Enterprise Linux 7 Extras:

Source:
docker-1.13.1-206.git7d71120.el7_9.src.rpm

ppc64le:
docker-1.13.1-206.git7d71120.el7_9.ppc64le.rpm
docker-client-1.13.1-206.git7d71120.el7_9.ppc64le.rpm
docker-common-1.13.1-206.git7d71120.el7_9.ppc64le.rpm
docker-debuginfo-1.13.1-206.git7d71120.el7_9.ppc64le.rpm
docker-logrotate-1.13.1-206.git7d71120.el7_9.ppc64le.rpm
docker-lvm-plugin-1.13.1-206.git7d71120.el7_9.ppc64le.rpm
docker-novolume-plugin-1.13.1-206.git7d71120.el7_9.ppc64le.rpm
docker-rhel-push-plugin-1.13.1-206.git7d71120.el7_9.ppc64le.rpm
docker-v1.10-migrator-1.13.1-206.git7d71120.el7_9.ppc64le.rpm

s390x:
docker-1.13.1-206.git7d71120.el7_9.s390x.rpm
docker-client-1.13.1-206.git7d71120.el7_9.s390x.rpm
docker-common-1.13.1-206.git7d71120.el7_9.s390x.rpm
docker-debuginfo-1.13.1-206.git7d71120.el7_9.s390x.rpm
docker-logrotate-1.13.1-206.git7d71120.el7_9.s390x.rpm
docker-lvm-plugin-1.13.1-206.git7d71120.el7_9.s390x.rpm
docker-novolume-plugin-1.13.1-206.git7d71120.el7_9.s390x.rpm
docker-rhel-push-plugin-1.13.1-206.git7d71120.el7_9.s390x.rpm
docker-v1.10-migrator-1.13.1-206.git7d71120.el7_9.s390x.rpm

x86_64:
docker-1.13.1-206.git7d71120.el7_9.x86_64.rpm
docker-client-1.13.1-206.git7d71120.el7_9.x86_64.rpm
docker-common-1.13.1-206.git7d71120.el7_9.x86_64.rpm
docker-debuginfo-1.13.1-206.git7d71120.el7_9.x86_64.rpm
docker-logrotate-1.13.1-206.git7d71120.el7_9.x86_64.rpm
docker-lvm-plugin-1.13.1-206.git7d71120.el7_9.x86_64.rpm
docker-novolume-plugin-1.13.1-206.git7d71120.el7_9.x86_64.rpm
docker-rhel-push-plugin-1.13.1-206.git7d71120.el7_9.x86_64.rpm
docker-v1.10-migrator-1.13.1-206.git7d71120.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-30465
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/RHSB-2021-004

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

iQIVAwUBYLSVOtzjgjWX9erEAQibrw/+Lbpvy+auIcDDpIGoj3+rHnczaFB+qlwb
9/CAT1ULChoAmoeUVQqTBLIOm6pfbC8YMGKRLg5CVfzJDN96e8jO9mpa9GHRL9L2
knLDAGniZhQX1dYBg6xqlSRNDNLnq5j9gDwuQD4q4MvU4n6wR0Y4eeDefDDeRnYM
ECa+qgKSDrb6JCDXQTUYvbb4Bd4UBjDtfyazs4d08OP7Mk/+UYtE2MJQ0k+mE8CL
f2vZrQC4sI2kY1vuKDHXlk1EbXzPxRiGhT4GPhQpuRerBYhmbJ9dQHztTAWEBXks
cvYl+2ORiCgLxXHcGw3BUf0Hz6Ds4aDqaIuBrcrBYbJS2b7ZeqJ+3cUuXBgc/tKK
R3moxza1QnxMenvlwOH9dkEAFOcYyMcCOK00ut1++uaaJm4kpZCihbzgl5aaXz8R
ufb8vjTkUjRgND3JHn3/ybcjnaTUk4/PPE4pWo1WnuHlt7L2ktkbog25jqN3r0Au
NgCEUmt9YVhPwUq8X+JUFF+5YTBUDDBA5rYUwcIJxVpT5aoOqGtWddhl+tCuUaNP
87S5pGo4tOE2ilh2W01DwlGW+21Z0bA9jf2nV3btspAWZ87KyzEH992rvrjC2kqg
KsEJCXcb4G83mEy3SAxxYMtJkWdBUMlY3Uk9dN0eELZQoqkzbBUVU1ACvi3SFCDO
NX4VgOkMqC8=
=dzaU
– —–END PGP SIGNATURE—–

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYLW6u+NLKJtyKPYoAQgT5w/7B1M1QwNN0JbkUT2xm4nuJ9pvWF3/uRuZ
JQSEaJRWUk4P1aViZ+jbC8jygpsbTLCaKp+KkGlul7aMcwxcHN6IHt1kQQbGyjh7
uFD3+YtvBVsAUunS0n2Cwf4NPkDUM6SCOHFjFTtcBymQgzdng8pxUn1cru6Bo9Bo
R8kB7CZcGqmuqkAoGejoKGQOtKnybL630nHh2jUeKCGaDoe/mFBMvGSWEL9qLbHB
tOAAIA81kicrY/nj7qpHaKwKdb3kwWS2PTGxj6i0tc1uhhYyiM2a1N3vRXYP5lQF
R1ms6CTK2UfOSJYKC0K5n/GL3jKhYjbqUevMcmVDTZ2RVJZzqFDRXMekiJ6ri9Ml
RKCNAMpuXI+Qea3N8nRDjsGoMWeDvuaT2vWICQDZtSZ3SWfZQz2N3Ry1f3/bqT/4
lo3KzsOQnGZY0ewbFFUNcyVuTSa0a3unE1WGSJ27g+uLU78folgvx1avW2QZTkBi
z+DnBiz7/cYjyGXWh0Ij5WpzozDxH30uCvpUjjNTGioQjFv9/psyLkMy8Q6TslvA
KxVPSYuGUwF60T8gjXGO2SZXmS9Kphmnw7OFV0Npl21bux0lw3HTiNohg3cNU6Jk
HTWwrb9CLLm1hmvj1s2++LZlo0pk0tslRj7xG/zBMB7hVNGRMFvQPBIHD2DExknq
eXy3kWvzZG4=
=wDv+
—–END PGP SIGNATURE—–

The post ESB-2021.1855 – [RedHat] docker: Increased privileges – Existing account appeared first on Malware Devil.

https://malwaredevil.com/2021/06/01/esb-2021-1855-redhat-docker-increased-privileges-existing-account/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1855-redhat-docker-increased-privileges-existing-account

ESB-2021.1856 – [RedHat] glib2: Execute arbitrary code/commands – Remote/unauthenticated

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1856
glib2 security update
1 June 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: glib2
Publisher: Red Hat
Operating System: Red Hat
Impact/Access: Execute Arbitrary Code/Commands — Remote/Unauthenticated
Denial of Service — Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2021-27219

Reference: ESB-2021.0994

Original Bulletin:
https://access.redhat.com/errata/RHSA-2021:2147

– ————————–BEGIN INCLUDED TEXT——————–

– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: glib2 security update
Advisory ID: RHSA-2021:2147-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:2147
Issue date: 2021-05-31
CVE Names: CVE-2021-27219
=====================================================================

1. Summary:

An update for glib2 is now available for Red Hat Enterprise Linux 7.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) – x86_64
Red Hat Enterprise Linux Client Optional (v. 7) – noarch, x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) – x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) – noarch, x86_64
Red Hat Enterprise Linux Server (v. 7) – ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) – noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) – x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) – noarch, x86_64

3. Description:

GLib provides the core application building blocks for libraries and
applications written in C. It provides the core object system used in
GNOME, the main loop implementation, and a large set of utility functions
for strings and common data structures.

Security Fix(es):

* glib: integer overflow in g_bytes_new function on 64-bit platforms due to
an implicit cast from 64 bits to 32 bits (CVE-2021-27219)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1929858 – CVE-2021-27219 glib: integer overflow in g_bytes_new function on 64-bit platforms due to an implicit cast from 64 bits to 32 bits

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
glib2-2.56.1-9.el7_9.src.rpm

x86_64:
glib2-2.56.1-9.el7_9.i686.rpm
glib2-2.56.1-9.el7_9.x86_64.rpm
glib2-debuginfo-2.56.1-9.el7_9.i686.rpm
glib2-debuginfo-2.56.1-9.el7_9.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

noarch:
glib2-doc-2.56.1-9.el7_9.noarch.rpm

x86_64:
glib2-debuginfo-2.56.1-9.el7_9.i686.rpm
glib2-debuginfo-2.56.1-9.el7_9.x86_64.rpm
glib2-devel-2.56.1-9.el7_9.i686.rpm
glib2-devel-2.56.1-9.el7_9.x86_64.rpm
glib2-fam-2.56.1-9.el7_9.x86_64.rpm
glib2-static-2.56.1-9.el7_9.i686.rpm
glib2-static-2.56.1-9.el7_9.x86_64.rpm
glib2-tests-2.56.1-9.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
glib2-2.56.1-9.el7_9.src.rpm

x86_64:
glib2-2.56.1-9.el7_9.i686.rpm
glib2-2.56.1-9.el7_9.x86_64.rpm
glib2-debuginfo-2.56.1-9.el7_9.i686.rpm
glib2-debuginfo-2.56.1-9.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

noarch:
glib2-doc-2.56.1-9.el7_9.noarch.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
glib2-2.56.1-9.el7_9.src.rpm

ppc64:
glib2-2.56.1-9.el7_9.ppc.rpm
glib2-2.56.1-9.el7_9.ppc64.rpm
glib2-debuginfo-2.56.1-9.el7_9.ppc.rpm
glib2-debuginfo-2.56.1-9.el7_9.ppc64.rpm
glib2-devel-2.56.1-9.el7_9.ppc.rpm
glib2-devel-2.56.1-9.el7_9.ppc64.rpm

ppc64le:
glib2-2.56.1-9.el7_9.ppc64le.rpm
glib2-debuginfo-2.56.1-9.el7_9.ppc64le.rpm
glib2-devel-2.56.1-9.el7_9.ppc64le.rpm

s390x:
glib2-2.56.1-9.el7_9.s390.rpm
glib2-2.56.1-9.el7_9.s390x.rpm
glib2-debuginfo-2.56.1-9.el7_9.s390.rpm
glib2-debuginfo-2.56.1-9.el7_9.s390x.rpm
glib2-devel-2.56.1-9.el7_9.s390.rpm
glib2-devel-2.56.1-9.el7_9.s390x.rpm

x86_64:
glib2-2.56.1-9.el7_9.i686.rpm
glib2-2.56.1-9.el7_9.x86_64.rpm
glib2-debuginfo-2.56.1-9.el7_9.i686.rpm
glib2-debuginfo-2.56.1-9.el7_9.x86_64.rpm
glib2-devel-2.56.1-9.el7_9.i686.rpm
glib2-devel-2.56.1-9.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

noarch:
glib2-doc-2.56.1-9.el7_9.noarch.rpm

ppc64:
glib2-debuginfo-2.56.1-9.el7_9.ppc.rpm
glib2-debuginfo-2.56.1-9.el7_9.ppc64.rpm
glib2-fam-2.56.1-9.el7_9.ppc64.rpm
glib2-static-2.56.1-9.el7_9.ppc.rpm
glib2-static-2.56.1-9.el7_9.ppc64.rpm
glib2-tests-2.56.1-9.el7_9.ppc64.rpm

ppc64le:
glib2-debuginfo-2.56.1-9.el7_9.ppc64le.rpm
glib2-fam-2.56.1-9.el7_9.ppc64le.rpm
glib2-static-2.56.1-9.el7_9.ppc64le.rpm
glib2-tests-2.56.1-9.el7_9.ppc64le.rpm

s390x:
glib2-debuginfo-2.56.1-9.el7_9.s390.rpm
glib2-debuginfo-2.56.1-9.el7_9.s390x.rpm
glib2-fam-2.56.1-9.el7_9.s390x.rpm
glib2-static-2.56.1-9.el7_9.s390.rpm
glib2-static-2.56.1-9.el7_9.s390x.rpm
glib2-tests-2.56.1-9.el7_9.s390x.rpm

x86_64:
glib2-debuginfo-2.56.1-9.el7_9.i686.rpm
glib2-debuginfo-2.56.1-9.el7_9.x86_64.rpm
glib2-fam-2.56.1-9.el7_9.x86_64.rpm
glib2-static-2.56.1-9.el7_9.i686.rpm
glib2-static-2.56.1-9.el7_9.x86_64.rpm
glib2-tests-2.56.1-9.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
glib2-2.56.1-9.el7_9.src.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

noarch:
glib2-doc-2.56.1-9.el7_9.noarch.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-27219
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

iQIVAwUBYLS3ctzjgjWX9erEAQi/oBAAk7Y1nA3n84Zz7y/KwwhHGlbTLc0NXn4c
nRQUpxJuScuvefAmM+Z73qxqxdM+hBQfDoodATPeTgYT7mYFnN3n+dTrv7Sg1kks
aU9Q6d7HdRnk4mhOK3blYI8Ln5LYkcRcqmpyZ8sN14Cqffc+o5VEIwT6hht9/iZL
UJQDhdbWT/EDXcZ7iV+1ahicKczm/XEZVkC8zAa9rcQlJ3JJ36gmMuCvmYbS4TOb
8UKNb2hpjkk9laGC5BWG8dnpzrdQnUXmd39n7rltLiIxoQeq3UWo44UCV7XZFcVT
eoEt5o3no3+mlIcYto6u5lgfq83D/bI6OuRVRm3BaAp5lBNqPU6dzv2sxtWbKizR
vIlmBmoWvYXbNxwkGZeQ5ZU3TTumCUOqIvT5KFIdurWPeknb9zD4Xt8JIuWNXwbV
1mv5jnAz8+v8LX2hQpUh2QPEpTi6GKDWhTE2w+Ulh4s0SCTICc8pjdyNx+PljDDx
HyWwPu7veac0fewc+VHZzsTqrKFnH46+A6LIv2bySioa0oomxxWZrSg5BBx+tQXn
ND/TjXaFnmrHVyDP7zD0PPBR13PlN8o++LK6oIADSrruc/1FPC7veEqFjMyHwemG
nJyp479dwq4M7kpBgd9VfFTVjluCxYsA7FDwP+6q3k+ZJR6S0Dm5pXail/S1gPpw
qTmrr3x9NbI=
=Nn9w
– —–END PGP SIGNATURE—–

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYLW7FeNLKJtyKPYoAQhX1g//aVA3929NNc5Wze6t6C7CdjJrvS2nLSOK
F411t+1vVTGjgRCyIiOUyEXaLGsCfjLr6NyfeCMe3CLgIAfUo81z+oaAcpknH4fe
16Sq9PKFG51HQHZwewNhduuqFZkEQhsoYYosa32qoJTGlUjSpKuCziN67Nsrlvsx
VOxjnQzNWP9ytegfEdU+6L6P0uDNczUzNjchqVl5C+TEfzmN5Ld7zEJiHKv7ErwR
sIQcGRIN8wmi/968UOJW9QVJ/r0BqAud3ArHvpjeQFfRWTEEPxCSe2f1UtAY7isr
HMozljILcaBvZ5bkp6avp/zIM1W1R8w7BHx6OQjCqlzLTNxnnKmPbxwX4OM2g1aV
T+AGJk05na7gNk1/gm/XUYK0hDVc98218hkuigrxVhJ04tFKAMpbZOOv9ys6GM0W
pYREjWqIkCNLc5LSs0vZUkxryrq/77+Cn8OBt+j12X/Oaw4DOo9eJjfZiL21/Uye
VuINcWYSnnmw2HJUg2tPmQ+q8NUCBPmYYD8hwGYuaSHKejJ9CO6QDNgYf+PdJ5vz
v03oASEwGoa6cU2Ev9R2XrX8UvPhShTBIDCzzdvoKXwoUQ1B4PzLnR+xDOiji1QR
3rrdQ246exttagTYW/bH8TBVL6dAHnuEz0JT/N4E0+/NYGekP/Bi3/GxArgx9QQH
6d39CRT/G3o=
=M0ub
—–END PGP SIGNATURE—–

The post ESB-2021.1856 – [RedHat] glib2: Execute arbitrary code/commands – Remote/unauthenticated appeared first on Malware Devil.

https://malwaredevil.com/2021/06/01/esb-2021-1856-redhat-glib2-execute-arbitrary-code-commands-remote-unauthenticated/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1856-redhat-glib2-execute-arbitrary-code-commands-remote-unauthenticated

ESB-2021.1854 – [Debian] openjdk-11-jre-dcevm: Multiple Vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1854
openjdk-11-jre-dcevm update
1 June 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: openjdk-11-jre-dcevm
Publisher: Debian
Operating System: Debian GNU/Linux
Impact/Access: Modify Arbitrary Files — Remote with User Interaction
Create Arbitrary Files — Remote with User Interaction
Delete Arbitrary Files — Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2021-2163

Reference: ASB-2021.0076
ESB-2021.1792
ESB-2021.1595

Original Bulletin:
http://www.debian.org/security/2021/dsa-4899

– ————————–BEGIN INCLUDED TEXT——————–

– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

– – ————————————————————————-
Debian Security Advisory DSA-4899-2 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
May 31, 2021 https://www.debian.org/security/faq
– – ————————————————————————-

Package : openjdk-11-jre-dcevm
Debian Bug : 942876

The Dynamic Code Evolution Virtual Machine (DCE VM), an alternative VM
for OpenJDK 11 with enhanced class redefinition, has been updated for
compatibility with OpenJDK 11.0.11.

For the stable distribution (buster), this problem has been fixed in
version openjdk-11-jre-dcevm_11.0.11+9-2~deb10u1.

We recommend that you upgrade your openjdk-11-jre-dcevm packages.

For the detailed security status of openjdk-11-jre-dcevm please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openjdk-11-jre-dcevm

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
– —–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmC0koUACgkQEMKTtsN8
TjaqzQ/9EgvDFKDJHLpO0dVrnMW11dC0VgIqT6T6rW8vDRR3hXrBcB6O+EVUMaSV
xJ8He+uuDpCSMLioc17ipF182B5dkGEps7uQN73sUXwbYaHs9uu9uuGdvtIXZJch
jDrSmpzX677jeTnNAG7zd1T2Zw4ExxWesW+cba3l46IJmTofiTAzGpEwKed15F0Y
WR8GKrPPfwWXgakS/q7ExjolssxQLRXMGx9K/Q2GGjq5vc1jEwPO1NszdKBxjx/p
k2FYZOGzl+IcWBJ3VJdnw6z180zi8+8RLW12AIagry10mJwl1husy6kuDqVbfZJP
U2kzDRAwqdXJmqaL7TKXBXF5hYnZEWdanjfLc9nr6gkA9FBBFeTdLi63R9kiXjJD
aKNoceEv/Xfb5YzvBVwcKBOG4c1v7uiTw6Q4ZKnydGyH+mOOKSkoA9Y4FSZVnFck
sH0W2oSJTmEtzM7DMkchVB44RprjBO9klmx1heCiaPIH6ydjJhEZVw1LT2FxmkE8
6PX7Fat2etcoWG0+fe9UCSNVLRZN/Shy65CLxjvY3FpYtDYrxoUStbsomkhl4PeS
VdeZ775FHseRMoas1KBKCx/+AtClqQM22vVfxwLu2W/l2LOYa37aVaDmSYrkIxDA
iqmEJQ4Jp3WAFI5/Xy/6K06UYk9fB97z5xOgoPTV/P0vKcEOiBM=
=dh1p
– —–END PGP SIGNATURE—–

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYLWgzONLKJtyKPYoAQhj5w/+OULSVzFLaBsYaamPljo6AsrtRFRs6AVM
bp2QASQpMTjIx6lgNvdihVBuEjhFKaN1oXb2HvzuYEmklpcjHorhQGKloiWeVULp
/LsRuT9IA+SoGG0tkxb9KU49EPKMpQUCF92N6u3pl1nB5xaCf64V9TrzLE16ym+z
T+E8QWYfX9oYz6JRUtF6CD+zEVttLZu3BZUIC/HnWfJR5fcAXLGLNyelp3f0vVVg
oMsEff1fLFo+KaGQkGQje+mPk8tqYLcKRQPglOlLoARRZ8zYJEBbSgNONPSOKSBa
aM90jxxYw3KMzAkB6+L9dKENS0eNxuwMeRQRdilMxGkTsbQNpkgnIXqbFn9l7DFl
FobI8bRrwt0jxgiMQmmIelHWHg467Y46XILDD3aBkzfHcZG6KZpPDEryJwIEe2gj
0GwaaxV4K1OIlLSCjrKwsolrnta+74EAIcYlnmK3+LdaMXB0KThlG2A79uAaD0aa
6JiMijp0Q9VF/qQjxW8JXNSpJ8vO3JJHRjvz0iwi0oystSwwHfF78zp9wmbBgfDc
j9oxi4ShTEIr08tdFeVUq9TqVjbnRuQufEP4b+rWgso3dkU1+KwS27AnDtDtO4Me
PlRIZsXT/SzMVFgNdjlI6o2MVSWgv3vOfrTSeXtKZRNgSNy8d+8Jhlh4puZK7Kk1
3miYortrCUc=
=zULg
—–END PGP SIGNATURE—–

The post ESB-2021.1854 – [Debian] openjdk-11-jre-dcevm: Multiple Vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/06/01/esb-2021-1854-debian-openjdk-11-jre-dcevm-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1854-debian-openjdk-11-jre-dcevm-multiple-vulnerabilities

Network Security News Summary for Tuesday June 1st, 2021

Malicious PS Hosted by Google; SonicWall Advisory; HPE Advisory; Siemens PLC memory protection bypass

Malicious PowerShell Hosted on script.google.com
https://isc.sans.edu/forums/diary/Malicious+PowerShell+Hosted+on+scriptgooglecom/27468/

Sonicwall Advisory
https://www.sonicwall.com/support/product-notification/security-advisory-on-prem-sonicwall-network-security-manager-nsm-command-injection-vulnerability/210525121534120/

Hewlett Packard Enterprise Systems Insight Manger (SIM) Advisory
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04068en_us

Memory Protection Bypass in Siemens PLCs
https://claroty.com/2021/05/28/blog-research-race-to-native-code-execution-in-plcs/

keywords: plc; siemens; hp; advisory; vulenrability; sonicwall; powershell

The post Network Security News Summary for Tuesday June 1st, 2021 appeared first on Malware Devil.

https://malwaredevil.com/2021/06/01/network-security-news-summary-for-tuesday-june-1st-2021/?utm_source=rss&utm_medium=rss&utm_campaign=network-security-news-summary-for-tuesday-june-1st-2021

Monday, May 31, 2021

QueryNet: An Efficient Attack Framework with Surrogates Carrying Multiple Identities

The post QueryNet: An Efficient Attack Framework with Surrogates Carrying Multiple Identities appeared first on Malware Devil.

https://malwaredevil.com/2021/05/31/querynet-an-efficient-attack-framework-with-surrogates-carrying-multiple-identities/?utm_source=rss&utm_medium=rss&utm_campaign=querynet-an-efficient-attack-framework-with-surrogates-carrying-multiple-identities

Securing IoT Devices by Exploiting Backscatter Propagation Signatures

The post Securing IoT Devices by Exploiting Backscatter Propagation Signatures appeared first on Malware Devil.

https://malwaredevil.com/2021/05/31/securing-iot-devices-by-exploiting-backscatter-propagation-signatures/?utm_source=rss&utm_medium=rss&utm_campaign=securing-iot-devices-by-exploiting-backscatter-propagation-signatures

Gradient-based Data Subversion Attack Against Binary Classifiers

The post Gradient-based Data Subversion Attack Against Binary Classifiers appeared first on Malware Devil.

https://malwaredevil.com/2021/05/31/gradient-based-data-subversion-attack-against-binary-classifiers/?utm_source=rss&utm_medium=rss&utm_campaign=gradient-based-data-subversion-attack-against-binary-classifiers

SHELBRS: Location Based Recommendation Services using Switchable Homomorphic Encryption

The post SHELBRS: Location Based Recommendation Services using Switchable Homomorphic Encryption appeared first on Malware Devil.

https://malwaredevil.com/2021/05/31/shelbrs-location-based-recommendation-services-using-switchable-homomorphic-encryption/?utm_source=rss&utm_medium=rss&utm_campaign=shelbrs-location-based-recommendation-services-using-switchable-homomorphic-encryption

Malware Devil

Malware Devil

Tuesday, June 1, 2021

ESB-2021.1857 – [RedHat] runc: Increased privileges – Existing account

ESB-2021.1858 – [SUSE] python-httplib2: Multiple vulnerabilities

ESB-2021.1859 – [SUSE] curl: Access confidential data – Remote/unauthenticated

ESB-2021.1860 – [SUSE] djvulibre: Denial of service – Remote with user interaction

ESB-2021.1861 – [SUSE] nginx: Multiple Vulnerabilities

ESB-2021.1862 – [SUSE] slurm: Execute arbitrary code/commands – Existing account

ESB-2021.1855 – [RedHat] docker: Increased privileges – Existing account

ESB-2021.1856 – [RedHat] glib2: Execute arbitrary code/commands – Remote/unauthenticated

ESB-2021.1854 – [Debian] openjdk-11-jre-dcevm: Multiple Vulnerabilities

Network Security News Summary for Tuesday June 1st, 2021

Monday, May 31, 2021

QueryNet: An Efficient Attack Framework with Surrogates Carrying Multiple Identities

Securing IoT Devices by Exploiting Backscatter Propagation Signatures

Gradient-based Data Subversion Attack Against Binary Classifiers

SHELBRS: Location Based Recommendation Services using Switchable Homomorphic Encryption

Barbary Pirates and Russian Cybercrime

Blog Archive

About Me