Malware Devil

Monday, June 7, 2021

ESB-2021.1966 – [Debian] python-django: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1966
python-django security update
7 June 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: python-django
Publisher: Debian
Operating System: Debian GNU/Linux
Impact/Access: Access Confidential Data — Remote/Unauthenticated
Unauthorised Access — Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2021-33571 CVE-2021-33203

Reference: ESB-2021.1917

Original Bulletin:
https://lists.debian.org/debian-lts-announce/2021/06/msg00004.html

– ————————–BEGIN INCLUDED TEXT——————–

– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

– – ————————————————————————-
Debian LTS Advisory DLA-2676-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Chris Lamb
June 05, 2021 https://wiki.debian.org/LTS
– – ————————————————————————-

Package : python-django
Version : 1:1.10.7-2+deb9u14
CVE IDs : CVE-2021-33203 CVE-2021-33571
Debian Bug : #989394

Two issues were discovered in Django, the Python-based web
development framework:

* CVE-2021-33203: Potential directory traversal via admindocs

Staff members could use the admindocs TemplateDetailView view to
check the existence of arbitrary files. Additionally, if (and only
if) the default admindocs templates have been customized by the
developers to also expose the file contents, then not only the
existence but also the file contents would have been exposed.

As a mitigation, path sanitation is now applied and only files
within the template root directories can be loaded.

This issue has low severity, according to the Django security
policy.

Thanks to Rasmus Lerchedahl Petersen and Rasmus Wriedt Larsen from
the CodeQL Python team for the report.

* CVE-2021-33571: Possible indeterminate SSRF, RFI, and LFI attacks
since validators accepted leading zeros in IPv4 addresses

URLValidator, validate_ipv4_address(), and
validate_ipv46_address() didn’t prohibit leading zeros in octal
literals. If you used such values you could suffer from
indeterminate SSRF, RFI, and LFI attacks.

validate_ipv4_address() and validate_ipv46_address() validators
were not affected on Python 3.9.5+.

This issue has medium severity, according to the Django security
policy.

For Debian 9 “Stretch”, this problem has been fixed in version
1:1.10.7-2+deb9u14.

We recommend that you upgrade your python-django packages.

For the detailed security status of python-django please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/python-django

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

– —–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmC7SrkACgkQHpU+J9Qx
HlhfOxAAmBjCvWfUXv60dy2++hoDImfYP2jr5fhx965OAaHZj1B64pxwN8Le8gZR
ivEc/GpPsexkiLxyGKGzswcb/qJeRTHeu0hurpuXN2ICg2ZE8p1II3WzGaURip5I
JbOkOJ4tZdL6/KauNRAuRJpjA56yfdAl1kgavTB9KWD+f1FtuMLT88S/xPtnVBRc
nNUYv5oqkcDwfY+KfyegemEYYsyqhUbd0+g5yhjiJyCz+nI2woumfJTsS1E4Xvof
hvyOx2p4GVK2FKP4+gA/9DgGlZzZfe+7xKu+aw7iINEFidakl6kvAri7r2ew0KS2
drBn7qj5mEIbr+QbjdOWemwFy2nJpQvSmYGS86srSil2znObrJnBtNrhae3vyEqI
3QyQDlFanyNHPuf+7y8MntDBnXm1S09sEL0CGe8dn5IPpqTXfqRpfRDN1In3eKkj
BZ5P1rgVBKXlHDj2vF5SJdo6VXcMFMF1Sm8hfkbZ+JBbeXA7e8pv+0Chndd85VL1
UgNpy7DZtIQyEUTfqZbBf2yAjoxs/rUZ5eZZTg+nSLwimqhP+Vff4f6wagS+zCC6
hRbdlhAbVrRlVZa0Yqa7BY4UnIthq/5cjC1AR0KIwxHTOoR3p5g1UHFsv8+Nyx6v
FG8mbsMwqWaZX0J8hZ8JsXH5ZjhCw122G8mauEKi9BZSNFVeDXw=
=3FDW
– —–END PGP SIGNATURE—–

– ————————–END INCLUDED TEXT——————–

You have received this e-mail bulletin as a result of your organisation’s
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT’s members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation’s
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author’s website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
—–BEGIN PGP SIGNATURE—–
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYL2abuNLKJtyKPYoAQgnlg/8DoHC0PN6fL57eFY3ngW7BdvkNQlbZmV8
ptzu7iNxr8wxElyOW5Q7wkkvitIqXyJ78cL8E1Bj1Na6DNSkr6xFhYV7QZS49Lgo
bULi3EtlaigwU1XY26WXidoBKHnVsMOOi+BYnpnL+RW7RhappY8qemXO7rSq82E/
keKxkZFcsQMDBrqATZ4mVOT3RY2n4uV7y7cGNLGad1GL6pOMB+rVKr5CrPOOV/2L
MXZsoy4g/T0xXmUSj75713JxcyB+tejyL9MKH/jtEUyw5EGKJQ7Zu85wnDikW/c3
3FOvqAbEIu8gacSmWp+XL5V471/ZRqLwwK6j8rEYGtOA/Jgj+U2g+h6y2ufDcxE4
SEKdiX6j6ZaJ2JKLhjUwQUgC4uVs1UL45vM8teHNJ4zFxJrZkykkaJLQnkLVRBd/
5cClWpz8yjF6ncFS3UWRZiJV77G9bDa3Rce88lr4m17z8qLwJkRBSIu7nTULJjMf
sEi/M8bQVpEFpImmHzu5GPjYeLLHbkgpYCenBukq2S1wZVVjyKo6xzsXLnjL1SES
kgtc3wkBajDPwLKrTrcSSJ5/FxZ67F8+hsjBTilFhXj3k4lendXRk89qJ3gs+VjN
V1lD+XfqWmfTyHW12OOMb4Z8gXVo/XrMILF26tRFYsGA6PpJJUrN2rLvrrJvgqeF
jQOxZcEKhfA=
=YQpN
—–END PGP SIGNATURE—–

The post ESB-2021.1966 – [Debian] python-django: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/06/07/esb-2021-1966-debian-python-django-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1966-debian-python-django-multiple-vulnerabilities

ESB-2021.1967 – [Debian] ruby-nokogiri: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1967
ruby-nokogiri security update
7 June 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: ruby-nokogiri
Publisher: Debian
Operating System: Debian GNU/Linux
Impact/Access: Access Confidential Data — Existing Account
Reduced Security — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2020-26247

Reference: ESB-2021.0345
ESB-2021.0285

Original Bulletin:
https://lists.debian.org/debian-lts-announce/2021/06/msg00007.html

– ————————–BEGIN INCLUDED TEXT——————–

– ————————————————————————-
Debian LTS Advisory DLA-2678-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Markus Koschany
June 06, 2021 https://wiki.debian.org/LTS
– ————————————————————————-

Package : ruby-nokogiri
Version : 1.6.8.1-1+deb9u1
CVE ID : CVE-2020-26247
Debian Bug : 978967

An XXE vulnerability was found in Nokogiri, a Rubygem providing HTML, XML, SAX,
and Reader parsers with XPath and CSS selector support.

XML Schemas parsed by Nokogiri::XML::Schema were trusted by default, allowing
external resources to be accessed over the network, potentially enabling XXE or
SSRF attacks. The new default behavior is to treat all input as untrusted.
The upstream advisory provides further information how to mitigate the problem
or restore the old behavior again.

https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m

For Debian 9 stretch, this problem has been fixed in version
1.6.8.1-1+deb9u1.

We recommend that you upgrade your ruby-nokogiri packages.

For the detailed security status of ruby-nokogiri please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ruby-nokogiri

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

– —–BEGIN PGP SIGNATURE—–

iQKTBAABCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmC9G2tfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeRilRAAtbkOrvtzNZYPsMDC8QMgDt7SZc6nkgych1dVFCXmniKX3P3/TUpDtc8x
ofzdElUbyxRxxAbto3ttvc+L+K9vrBx6YLIM/qd0+HJyxF/XjD/jlEDnJ/GOo5a6
QAhpWcyVIr7utRFa69K+9EoeIXvLLWjlzmUKUk2EkFVocb7NJ/oHFH2/kBHVmlqm
L7odXl/3E8stmdsO+XixdxrX0gjBvaco4EARTN1Fwa9dq28RtuV7kK1WOEq57f49
wOG/N7cPAR/QURDNhrJKDAMh1PVLSk/j3pI+0hXJ9LXzQTu+SjFb7fDyCTQ3YPjS
LzDqGQebvnhTDivHKkEwuwzX6gYPOfBFvhGy+Z1ZnIszcqAO7zwXnofWDH6zxAf6
Tp+lNt9y37Ib7zDo0jZhkeVwCHEM+9PqxbPdno/sHfvyQntZEt5MszlPd5/MHQZv
txgI8GL2KuYLV8URn8rE9Imd0RPjU5jMm6f60sBiiCcC8NPd8rhbS4246AYYf+P9
TJzPuLX25ARDYjdX9XB5B6pz9RFdZRdieHp5m0Z4GBxsMvTW/ca4yN4Qpsa39r5z
fV+hw2+1E1ds3S6fA0SX9palSMiM8LP9PeUA9OMpV9JY6+uzy/MSSvlkJN5D8tSu
x2hcFG/aHAnOjkTUMmMD+5rejwtqp12r0HXqU+KUfrsGpjyYk6A=
=TZhT
– —–END PGP SIGNATURE—–

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYL2al+NLKJtyKPYoAQg3ag/8DBghx/S66qSxha7ESIkxjViRCQpW7Ne8
FjyWmKAFd/1MdtgRRieylCRpjnafn7r8gudkA02XJ/JwjrA+yakX8W2xfbh8eILu
b2DIJRfe77oRnldHju4lVs71wU2xRl/pDV4uBwnXehOOGReW/UK4VRf015bajSct
NMgHUMuI+lW2aFyF4SrKXR5sGtsXkrjTZpo/IY9EzcaRosxiSuIY5DPycf7cajDl
903dD3/+PK61MFygvSequM9VhRvxQFRYIgfyoHvzLZ9qFXHefrBcqmtVcwT0NoWx
2peQgAFTjIW9pA2hZGJiM1e7eKuj8IaplU+Nwc9ek6BaSyuSIt8Dx6oo1IBl7g47
kJY+00iERNFPSHFBi22tV1Ok6XoULsGDSmxcUybJlcr0fZPj/KS4mrrjZM+W/zKg
4oHwbME4HVNKvUYJTfH0PbOqc6Pp481ZjhbREsraWAhrEzRttb6hIWOp5U6J/zZV
gORRWaTOX48/NSY8QRh2QgBnONUd9EyR0Xc8qz7pFccR/DWKESOEAe0PUEl0g8zX
b70SMDrehaYxZfyvXERIOdMbA4a29SZEwExLhlRHd9ZYX4JjF0Av0tn/Y7rOBLhO
XpRA8Y7GhZcgc+9f6Ti4KSh5Gsm7zWYXtNDJW43+Hl9Obxz+3wMbhWblsTmYVTsQ
nxhw7i7wmDM=
=SY1I
—–END PGP SIGNATURE—–

The post ESB-2021.1967 – [Debian] ruby-nokogiri: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/06/07/esb-2021-1967-debian-ruby-nokogiri-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1967-debian-ruby-nokogiri-multiple-vulnerabilities

ESB-2021.1968 – [Debian] thunderbird: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1968
thunderbird security update
7 June 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: thunderbird
Publisher: Debian
Operating System: Debian GNU/Linux
Impact/Access: Execute Arbitrary Code/Commands — Remote with User Interaction
Denial of Service — Remote with User Interaction
Access Confidential Data — Existing Account
Reduced Security — Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2021-29967 CVE-2021-29957 CVE-2021-29956

Reference: ESB-2021.1955
ESB-2021.1949

Original Bulletin:
http://www.debian.org/security/2021/dsa-4927

– ————————–BEGIN INCLUDED TEXT——————–

– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

– – ————————————————————————-
Debian Security Advisory DSA-4927-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
June 05, 2021 https://www.debian.org/security/faq
– – ————————————————————————-

Package : thunderbird
CVE ID : CVE-2021-29956 CVE-2021-29957 CVE-2021-29967

Multiple security issues were discovered in Thunderbird, which could
result in the execution of arbitrary code. In adddition two security
issues were addressed in the OpenPGP support.

For the stable distribution (buster), these problems have been fixed in
version 1:78.11.0-1~deb10u1.

We recommend that you upgrade your thunderbird packages.

For the detailed security status of thunderbird please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/thunderbird

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

– —–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmC6rD0ACgkQEMKTtsN8
Tjavzg//S2Uxk9jji7X4W1v2Tf36KiBcLJpN8PyxiXBCbeerihWdZLHpJlcgStw4
+wFKGT4KFL1dz0aH9728x3nUxOOVIWb2jplTrEHqjQkb90nwnnBdlzpwHEjDje3c
a7rZKv0Xxa//+BeRVJQzSmqs3XZKXnoKKGS/j5HZ+hR6XWRTlyjXfk3XHReFUs38
SA5IVYYyONPng/43eOyUCjrlEuxnC1/jJAhpMz32b5tdZ5bxObh6vwRcF1M2a0Ph
I/D1t88i0idXnI6/LXuVbL0HBwF07vinPG4yydFZJEOUAUHzFwjzbTFqR1AYDV+5
XH1yu5mmc3DZgAJ7l4Nr9A7IvoYF/OAn4nxivNUnM6TQSnUVPHRFSelFZiKo53pE
3nIuWgxbyiXDSOR991IoYVGqn5wACuWOc6QU3x5Bpvj4s5TsiIMaOfLcwSiKIhBb
VowKQmEKE7DDTe7FDsOFwY7j5k6f/+uKfjijzQUQk1O9xmmdM+C+joN55Ew5Fegv
DX/6Nh4YXSK+q66QMEtsyjuHShakteI2PoBmU3MAwUMrksOvqKiINdjo9EeeR8gV
Phh9ydjQ0hhlv2OxBFwiyGA7bnyaiyx1TQis5aJ+c2kxnTA8bv86BuLc54a2e6XF
epbP9MGf25+fxjgAj+2ymnylTmfSeJEHWbSK/q1KFcv5HwClsps=
=erHX
– —–END PGP SIGNATURE—–

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYL2at+NLKJtyKPYoAQhmFBAAmj3w1ei8qTDvCQFkRBpHZgsp7sbye+i+
Di4IjY7mSuSHJ/j352ZUoZEWO83iYi8AQjL4bMVSqK4NE/unRN96Aw7ihUCC0yXK
kCQlFVPYgzZaTylnYw/WO9pC72xIlX9SQxSrvscgzq1m+BToF4OrQF92QvRg8ZXJ
QP6c0PfMyZYrDNml2plpZYWSVQrczerLQquMN3tKUC67JCZbUThUIduLdn/R279z
Y1IrTWqd2j0DOsq+j6Oo4x7B+ZsQ0j+3a+AUg7g6IKSntkiJBIL20FWVqwdn3Ft4
mvszI+lLpC3AU8s0EibFVtzU8jEVV8R/Q7T6g5EnVJNibfceNORXU5HkUUEUTkrA
n6/9ucgujOf1TkvfUp8DU3LpqpRsCVAcd5IS80cWhOyzHoU27mQ468ZOjtW/MNz9
TzB0Dhc56sygIyxjLv3JzcDJg4xiU7U72/OCPHBf3hWYY17bvnO4vLTxTYBw14x6
YzMS+jduiKX07qsEds+3miJDZ6ct1yTWh3dATKKdt7bSqa1QmOyqmbl2Zw1gnGbr
cTqPWjaMfFunQugYw6Zrquvo5Vc8xo/LaX37tkU4geqapGN7QksJzEpNFIlx+BG4
tonBLNrXuhqilTpeip7qZllVrdoXz4qHMMxCvqFMl9yIYlPPGtfoi5mdUAfHI4vm
yIL93vbBxUk=
=5EMN
—–END PGP SIGNATURE—–

The post ESB-2021.1968 – [Debian] thunderbird: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/06/07/esb-2021-1968-debian-thunderbird-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1968-debian-thunderbird-multiple-vulnerabilities

ESB-2021.1969 – [Win][Linux][IBM i][HP-UX][Solaris][AIX] WebSphere Application Server: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1969
Security Bulletin: WebSphere Application Server ND is vulnerable to
Directory Traversal vulnerability (CVE-2021-20517)
7 June 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: WebSphere Application Server
Publisher: IBM
Operating System: AIX
HP-UX
IBM i
Linux variants
Solaris
Windows
z/OS
Impact/Access: Delete Arbitrary Files — Remote/Unauthenticated
Access Confidential Data — Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2021-20517

Original Bulletin:
https://www.ibm.com/support/pages/node/6456955

– ————————–BEGIN INCLUDED TEXT——————–

WebSphere Application Server ND is vulnerable to Directory Traversal
vulnerability (CVE-2021-20517)

Document Information

Document number : 6456955
Modified date : 27 May 2021
Product : WebSphere Application Server
Software version : 8.5, 9.0
Operating system(s): AIX
HP-UX
IBM i
Linux
Solaris
Windows
z/OS
Edition : Advanced, Enterprise,Network Deployment

Summary

WebSphere Application Server ND is vulnerable to a directory traversal
vulnerability. This has been addressed.

Vulnerability Details

CVEID: CVE-2021-20517
DESCRIPTION: IBM WebSphere Application Server Network Deployment could allow a
remote authenticated attacker to traverse directories. An attacker could send a
specially-crafted URL request containing “dot dot” sequences (/../) to read and
delete arbitrary files on the system.
CVSS Base score: 6.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
198435 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L)

Affected Products and Versions

+——————————-+———-+
|Affected Product(s) |Version(s)|
+——————————-+———-+
|WebSphere Application Server ND|9.0 |
+——————————-+———-+
|WebSphere Application Server ND|8.5 |
+——————————-+———-+

Remediation/Fixes

The recommended solution is to apply the interim fix, Fix Pack or PTF
containing the APAR for each named product as soon as practical. For WebSphere
Application Server ND traditional and WebSphere Application Server ND
Hypervisor Edition:

For V9.0.0.0 through 9.0.5.7:
. Upgrade to minimal fix pack levels as required by interim fix and then apply
Interim Fix PH35098
– –OR–
. Apply Fix Pack 9.0.5.8 or later (targeted availability 2Q2021).

For V8.5.0.0 through 8.5.5.19:
. Upgrade to minimal fix pack levels as required by interim fix and then apply
Interim Fix PH35098
– –OR–
. Apply Fix Pack 8.5.5.20 or later (targeted availability 3Q2021).

Additional interim fixes may be available and linked off the interim fix
download page.

Workarounds and Mitigations

None

Acknowledgement

This vulnerability was reported to IBM by Alessio Dalla Piazza.

Change History

27 May 2021: Initial Publication

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYL2guuNLKJtyKPYoAQhckA/5Afyv1wq7QzW9xjDEy5NYj8jC5nvwnP8j
3t3e8YbBEeiKUorvpa0I0C6bQX05CYix32mkrnsw8AC7o0CW0v9BxHO0UeJLq3oh
SDWp+QpZvMVAr5b68lGIDNgJyJbArSqUzXHLaV/2WrQd+s4sV1Zk+pHYbu+kCrPA
Ck9vWxXwXiIDRW1gu3e57RNS5l+bPORAxvsn+sin8z4wACkQ4oDYFcdxpo+55Qip
DCwdKdToORvw0yYObQTf4uLdjrdOCj02d9D0lTBN0Oov3KTh9fA2a9quKwMPRJ4i
M5tZxOsjtZxahA5d2R7Paf47voBVaFrG0Y4QJt8fC3G2r87lfrtPvqvFPJg0Q4Q6
pKbGf5+VxRLg7iREK0Bb/uWoZevOy1VCHlEqEh8G5Qurl+mIZ1DaielI1EfPFo0F
F9KmE40PEYktesOivtwoxwibhlCtS1eFPDrPMr9GZaBH5GYqpmDypgEhEDTk9NMl
JrJP524D9WgWKcNUcDBUCsb+ivixPzVVIP1cU5sFBzmWZZO8O+e1OnJfRQmvpnvx
OJV1ZLAyb1TuaRA1ZY5QCPNGXL4H+ytkNkHA3iZBGXVdXThKW0MfsDcue3B/htDd
mECapBgornjiL29VlS0qm5x04WCvvJFYRiAD+We0l6Avvlzx0dh/W9I6J5zUe+OK
xktwTohY77A=
=lu5Q
—–END PGP SIGNATURE—–

The post ESB-2021.1969 – [Win][Linux][IBM i][HP-UX][Solaris][AIX] WebSphere Application Server: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/06/07/esb-2021-1969-winlinuxibm-ihp-uxsolarisaix-websphere-application-server-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1969-winlinuxibm-ihp-uxsolarisaix-websphere-application-server-multiple-vulnerabilities

ESB-2021.1970 – [Appliance] Advantech iView: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1970
Advisory (icsa-21-154-01) Advantech iView
7 June 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: Advantech iView
Publisher: ICS-CERT
Operating System: Network Appliance
Impact/Access: Execute Arbitrary Code/Commands — Remote/Unauthenticated
Access Confidential Data — Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2021-32932 CVE-2021-32930

Original Bulletin:
https://us-cert.cisa.gov/ics/advisories/icsa-21-154-01

– ————————–BEGIN INCLUDED TEXT——————–

ICS Advisory (ICSA-21-154-01)

Advantech iView

Original release date: June 03, 2021

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided
“as is” for informational purposes only. The Department of Homeland Security
(DHS) does not provide any warranties of any kind regarding any information
contained within. DHS does not endorse any commercial product or service,
referenced in this product or otherwise. Further dissemination of this product
is governed by the Traffic Light Protocol (TLP) marking in the header. For more
information about TLP, see https://us-cert.cisa.gov/tlp/ .

1. EXECUTIVE SUMMARY

o CVSS v3 9.1
o ATTENTION: Exploitable remotely/low attack complexity
o Vendor: Advantech
o Equipment: iView
o Vulnerabilities: Missing Authentication for Critical Function, SQL
Injection

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an attacker to
disclose information and perform remote code execution.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of Advantech’s iView product are affected:

o iView versions prior to v5.7.03.6182

3.2 VULNERABILITY OVERVIEW

3.2.1 MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306

The affected product’s configuration is vulnerable due to missing
authentication, which may allow an attacker to change configurations and
execute arbitrary code.

CVE-2021-32930 has been assigned to this vulnerability. A CVSS v3 base score of
7.5 has been calculated; the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/
C:N/I:N/A:H ).

3.2.2 IMPROPER NUETRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND (‘SQL
INJECTION’) CWE-89

The affected product is vulnerable to a SQL injection, which may allow an
unauthorized attacker to disclose information.

CVE-2021-32932 has been assigned to this vulnerability. A CVSS v3 base score of
9.1 has been calculated; the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/
C:H/I:N/A:H ).

3.3 BACKGROUND

o CRITICAL INFRASTRUCTURE SECTORS: Multiple
o COUNTRIES/AREAS DEPLOYED: East Asia, Europe, United States
o COMPANY HEADQUARTERS LOCATION: Taiwan

3.4 RESEARCHER

Selim Enes Karaduman @enesdex, working with Trend Micro’s Zero Day Initiative,
reported these vulnerabilities to CISA.

4. MITIGATIONS

Advantech recommends updating firmware to Version 5.7.03.6182 to address these
vulnerabilities.

CISA recommends users take defensive measures to minimize the risk of
exploitation of this vulnerability. Specifically, users should:

o Minimize network exposure for all control system devices and/or systems,
and ensure that they are not accessible from the Internet .
o Locate control system networks and remote devices behind firewalls, and
isolate them from the business network.
o When remote access is required, use secure methods, such as Virtual Private
Networks (VPNs), recognizing VPNs may have vulnerabilities and should be
updated to the most current version available. Also recognize VPN is only
as secure as its connected devices.

CISA reminds organizations to perform proper impact analysis and risk
assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices
on the ICS webpage on us-cert.cisa.gov . Several recommended practices are
available for reading and download, including Improving Industrial Control
Systems Cybersecurity with Defense-in-Depth Strategies .

Additional mitigation guidance and recommended practices are publicly available
on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper,
ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation
Strategies .

Organizations observing any suspected malicious activity should follow their
established internal procedures and report their findings to CISA for tracking
and correlation against other incidents.

No known public exploits specifically target these vulnerabilities.

For any questions related to this report, please contact the CISA at:

Email: CISAservicedesk@cisa.dhs.gov
Toll Free: 1-888-282-0870

CISA continuously strives to improve its products and services. You can help by
choosing one of the links below to provide feedback about this product.

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYL2g4ONLKJtyKPYoAQhApRAAnSsWdjxL+8t8tAej3FmB7S2b/aLBB3y5
mie7gZsm/LIZ2/4Fc9nz1r3u8eujh8SeOsuOfQM+jiPcubyOhjxKOiasSf3KUAH7
0lhzhcUBWTTW+y5wgrFGM+LSPwwEGOPpg3vF5LiUaSWl2Uba71gExdKzwUQ0JhCn
MHJCscbca2ymnpgGRzuoZbW0aSv1MVcgJNuG9hPQndQneTvfiDkjuyReOkURLh93
4WzG51CjwHTR/XKvPvVg+z0h45th89uZo/l0Kt0J6NPW0T8TNWgddjXsROKBVEpW
J9+GXuD0Iw7lN6W4jyB/7zalFugxwNMfHCFnrjQERuh6HZZ0QR5l4VaB+jqMtZHB
gsXGOLqpMWs9Z9S/ILpIDWtLX1O+ceJnTeyK8pu6vk9VtOJHWXFgeMLh2Tp2AWoa
o+BcqeeWx9rUaQLFUUB1ZoP+2W97TXMW3ukc+UgHtb9hOViA4ywt0+i0xNly3Jat
0Im0u9Q3ZejrrkxPJu8VeLBrPf1GoZQl4h4dhr8Ttlq0ZjmUG/9tYKF3xLIHm2gV
7h5wDCfCfEz58qlj38Xp7uRSnE9MOtNc6WZgsqSgsy2ImzZXNkHtsszskB2bloVq
IJ+0ZdMXhVTxaGHk85hP1WyMLjOHV2knPwr2Bm8J4vh9lui/tLLQgpoN7XUSojtp
44406+cMmIk=
=D13E
—–END PGP SIGNATURE—–

The post ESB-2021.1970 – [Appliance] Advantech iView: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/06/07/esb-2021-1970-appliance-advantech-iview-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1970-appliance-advantech-iview-multiple-vulnerabilities

ESB-2021.1955 – [SUSE] MozillaThunderbird: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1955
Security update for MozillaThunderbird
7 June 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: MozillaThunderbird
Publisher: SUSE
Operating System: SUSE
Impact/Access: Access Privileged Data — Remote with User Interaction
Denial of Service — Existing Account
Provide Misleading Information — Remote with User Interaction
Reduced Security — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-29957 CVE-2021-29956 CVE-2021-29951
CVE-2021-29950

Reference: ESB-2021.1674
ESB-2021.1568
ESB-2021.1507

Original Bulletin:
https://www.suse.com/support/update/announcement/2021/suse-su-20211854-1

– ————————–BEGIN INCLUDED TEXT——————–

SUSE Security Update: Security update for MozillaThunderbird

______________________________________________________________________________

Announcement ID: SUSE-SU-2021:1854-1
Rating: moderate
References: #1185086 #1185633 #1186198 #1186199
Cross-References: CVE-2021-29950 CVE-2021-29951 CVE-2021-29956 CVE-2021-29957
Affected Products:
SUSE Linux Enterprise Workstation Extension 15-SP3
SUSE Linux Enterprise Workstation Extension 15-SP2
______________________________________________________________________________

An update that fixes four vulnerabilities is now available.

Description:

This update for MozillaThunderbird fixes the following issues:

o Mozilla Thunderbird 78.10.2
o CVE-2021-29957: Fixed partial protection of inline OpenPGP message not
indicated (bsc#1186198).
o CVE-2021-29956: Fixed Thunderbird stored OpenPGP secret keys without master
password protection (bsc#1186199).
o CVE-2021-29951: Fixed Thunderbird Maintenance Service could have been
started or stopped by domain users (bsc#1185633).
o CVE-2021-29950: Fixed logic issue potentially leaves key material unlocked
(bsc#1185086).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:

o SUSE Linux Enterprise Workstation Extension 15-SP3:
zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2021-1854=1
o SUSE Linux Enterprise Workstation Extension 15-SP2:
zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2021-1854=1

Package List:

o SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64):
MozillaThunderbird-78.10.2-8.27.1
MozillaThunderbird-debuginfo-78.10.2-8.27.1
MozillaThunderbird-debugsource-78.10.2-8.27.1
MozillaThunderbird-translations-common-78.10.2-8.27.1
MozillaThunderbird-translations-other-78.10.2-8.27.1
o SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64):
MozillaThunderbird-78.10.2-8.27.1
MozillaThunderbird-debuginfo-78.10.2-8.27.1
MozillaThunderbird-debugsource-78.10.2-8.27.1
MozillaThunderbird-translations-common-78.10.2-8.27.1
MozillaThunderbird-translations-other-78.10.2-8.27.1

References:

o https://www.suse.com/security/cve/CVE-2021-29950.html
o https://www.suse.com/security/cve/CVE-2021-29951.html
o https://www.suse.com/security/cve/CVE-2021-29956.html
o https://www.suse.com/security/cve/CVE-2021-29957.html
o https://bugzilla.suse.com/1185086
o https://bugzilla.suse.com/1185633
o https://bugzilla.suse.com/1186198
o https://bugzilla.suse.com/1186199

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYL1zAuNLKJtyKPYoAQg+Bg/8COq1ygVcEMHIbORtRZ7vqFDa5OOg3C1Y
pJZ/slFkWAh38khAvbCzxJt2TnQ58mUlb9VQ+VZDTOqyA3yjVtl9uUaJvZ7uIZ4y
kiocWCdyr5nIfi8uwfcmAaf5I304IUeyK1T8scsdqscc4oELnzw3l+r0akJsSUgp
f4pDf67EjPFDs88UQdqKjhzacYP8wblomv0OMka2CoNtFVh9gDj/EYliv4PIfV+0
vQK+bKROTv8TAcRvnSdBOchL4VcvysmuCa6LED0yePFxLXhQxeqt+nDbhk6PMZoW
WbrAKqCWgWBK+duhXonB9bjgCXAgRlJo8uoqxaVLpUsMruztmKDnB9SiHAGe9+ZA
aoNpNIKGh1MzQiItllKFuzGOr9qp3kueC2SM+kUtZVl6+Sc/apFtK/0Aah4JHukh
QTBmojwYd3sNKDCOnVMiAEcgFp8zooUqiaR9Ti5cyBvP09IZQuJXaj9ePt8GHfam
YCP1CXjpR1FrGelZjSbLu2REJ43Uz2Nn6l44MYvjfrtawo2SXriI3tyXR6jqZAUY
toLt1B6ojZRuus7kBpB0fC8Z2t+4f4bH27Uc+EDSzPsW71iTzMAVaQoX0gR3tF0F
f5UfcPEbeACvEjJHix7VywIdd1pM2x9YsaK9DP97K5ZXXM0QA5aXRVimzkbrekRp
qQqNzTHI7n8=
=770w
—–END PGP SIGNATURE—–

The post ESB-2021.1955 – [SUSE] MozillaThunderbird: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/06/07/esb-2021-1955-suse-mozillathunderbird-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1955-suse-mozillathunderbird-multiple-vulnerabilities

ESB-2021.1956 – [SUSE] avahi: Denial of service – Existing account

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1956
Security update for avahi
7 June 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: avahi
Publisher: SUSE
Operating System: SUSE
Impact/Access: Denial of Service — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-3468

Reference: ESB-2021.1941.2

Original Bulletin:
https://www.suse.com/support/update/announcement/2021/suse-su-20211493-2

– ————————–BEGIN INCLUDED TEXT——————–

SUSE Security Update: Security update for avahi

______________________________________________________________________________

Announcement ID: SUSE-SU-2021:1493-2
Rating: moderate
References: #1184521
Cross-References: CVE-2021-3468
Affected Products:
SUSE Manager Server 4.0
SUSE Manager Retail Branch Server 4.0
SUSE Manager Proxy 4.0
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Enterprise Storage 6
SUSE CaaS Platform 4.0
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for avahi fixes the following issues:

o CVE-2021-3468: avoid infinite loop by handling HUP event in client_work
(bsc#1184521).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:

o SUSE Manager Server 4.0:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1493=1
o SUSE Manager Retail Branch Server 4.0:
zypper in -t patch
SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1493=1
o SUSE Manager Proxy 4.0:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1493=1
o SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1493=1
o SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1493=1
o SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1493=1
o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1493=1
o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1493=1
o SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2021-1493=1
o SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform ‘skuba’ tool. I will
inform you if it detects new updates and let you then trigger updating of
the complete cluster in a controlled way.

Package List:

o SUSE Manager Server 4.0 (ppc64le s390x x86_64):
avahi-0.7-3.9.1
avahi-autoipd-0.7-3.9.1
avahi-autoipd-debuginfo-0.7-3.9.1
avahi-compat-howl-devel-0.7-3.9.1
avahi-compat-mDNSResponder-devel-0.7-3.9.1
avahi-debuginfo-0.7-3.9.1
avahi-debugsource-0.7-3.9.1
avahi-glib2-debugsource-0.7-3.9.1
avahi-utils-0.7-3.9.1
avahi-utils-debuginfo-0.7-3.9.1
avahi-utils-gtk-0.7-3.9.1
avahi-utils-gtk-debuginfo-0.7-3.9.1
libavahi-client3-0.7-3.9.1
libavahi-client3-debuginfo-0.7-3.9.1
libavahi-common3-0.7-3.9.1
libavahi-common3-debuginfo-0.7-3.9.1
libavahi-core7-0.7-3.9.1
libavahi-core7-debuginfo-0.7-3.9.1
libavahi-devel-0.7-3.9.1
libavahi-glib-devel-0.7-3.9.1
libavahi-glib1-0.7-3.9.1
libavahi-glib1-debuginfo-0.7-3.9.1
libavahi-gobject-devel-0.7-3.9.1
libavahi-gobject0-0.7-3.9.1
libavahi-gobject0-debuginfo-0.7-3.9.1
libavahi-ui-gtk3-0-0.7-3.9.1
libavahi-ui-gtk3-0-debuginfo-0.7-3.9.1
libavahi-ui0-0.7-3.9.1
libavahi-ui0-debuginfo-0.7-3.9.1
libdns_sd-0.7-3.9.1
libdns_sd-debuginfo-0.7-3.9.1
libhowl0-0.7-3.9.1
libhowl0-debuginfo-0.7-3.9.1
typelib-1_0-Avahi-0_6-0.7-3.9.1
o SUSE Manager Server 4.0 (x86_64):
avahi-32bit-debuginfo-0.7-3.9.1
libavahi-client3-32bit-0.7-3.9.1
libavahi-client3-32bit-debuginfo-0.7-3.9.1
libavahi-common3-32bit-0.7-3.9.1
libavahi-common3-32bit-debuginfo-0.7-3.9.1
o SUSE Manager Server 4.0 (noarch):
avahi-lang-0.7-3.9.1
o SUSE Manager Retail Branch Server 4.0 (x86_64):
avahi-0.7-3.9.1
avahi-32bit-debuginfo-0.7-3.9.1
avahi-autoipd-0.7-3.9.1
avahi-autoipd-debuginfo-0.7-3.9.1
avahi-compat-howl-devel-0.7-3.9.1
avahi-compat-mDNSResponder-devel-0.7-3.9.1
avahi-debuginfo-0.7-3.9.1
avahi-debugsource-0.7-3.9.1
avahi-glib2-debugsource-0.7-3.9.1
avahi-utils-0.7-3.9.1
avahi-utils-debuginfo-0.7-3.9.1
avahi-utils-gtk-0.7-3.9.1
avahi-utils-gtk-debuginfo-0.7-3.9.1
libavahi-client3-0.7-3.9.1
libavahi-client3-32bit-0.7-3.9.1
libavahi-client3-32bit-debuginfo-0.7-3.9.1
libavahi-client3-debuginfo-0.7-3.9.1
libavahi-common3-0.7-3.9.1
libavahi-common3-32bit-0.7-3.9.1
libavahi-common3-32bit-debuginfo-0.7-3.9.1
libavahi-common3-debuginfo-0.7-3.9.1
libavahi-core7-0.7-3.9.1
libavahi-core7-debuginfo-0.7-3.9.1
libavahi-devel-0.7-3.9.1
libavahi-glib-devel-0.7-3.9.1
libavahi-glib1-0.7-3.9.1
libavahi-glib1-debuginfo-0.7-3.9.1
libavahi-gobject-devel-0.7-3.9.1
libavahi-gobject0-0.7-3.9.1
libavahi-gobject0-debuginfo-0.7-3.9.1
libavahi-ui-gtk3-0-0.7-3.9.1
libavahi-ui-gtk3-0-debuginfo-0.7-3.9.1
libavahi-ui0-0.7-3.9.1
libavahi-ui0-debuginfo-0.7-3.9.1
libdns_sd-0.7-3.9.1
libdns_sd-debuginfo-0.7-3.9.1
libhowl0-0.7-3.9.1
libhowl0-debuginfo-0.7-3.9.1
typelib-1_0-Avahi-0_6-0.7-3.9.1
o SUSE Manager Retail Branch Server 4.0 (noarch):
avahi-lang-0.7-3.9.1
o SUSE Manager Proxy 4.0 (x86_64):
avahi-0.7-3.9.1
avahi-32bit-debuginfo-0.7-3.9.1
avahi-autoipd-0.7-3.9.1
avahi-autoipd-debuginfo-0.7-3.9.1
avahi-compat-howl-devel-0.7-3.9.1
avahi-compat-mDNSResponder-devel-0.7-3.9.1
avahi-debuginfo-0.7-3.9.1
avahi-debugsource-0.7-3.9.1
avahi-glib2-debugsource-0.7-3.9.1
avahi-utils-0.7-3.9.1
avahi-utils-debuginfo-0.7-3.9.1
avahi-utils-gtk-0.7-3.9.1
avahi-utils-gtk-debuginfo-0.7-3.9.1
libavahi-client3-0.7-3.9.1
libavahi-client3-32bit-0.7-3.9.1
libavahi-client3-32bit-debuginfo-0.7-3.9.1
libavahi-client3-debuginfo-0.7-3.9.1
libavahi-common3-0.7-3.9.1
libavahi-common3-32bit-0.7-3.9.1
libavahi-common3-32bit-debuginfo-0.7-3.9.1
libavahi-common3-debuginfo-0.7-3.9.1
libavahi-core7-0.7-3.9.1
libavahi-core7-debuginfo-0.7-3.9.1
libavahi-devel-0.7-3.9.1
libavahi-glib-devel-0.7-3.9.1
libavahi-glib1-0.7-3.9.1
libavahi-glib1-debuginfo-0.7-3.9.1
libavahi-gobject-devel-0.7-3.9.1
libavahi-gobject0-0.7-3.9.1
libavahi-gobject0-debuginfo-0.7-3.9.1
libavahi-ui-gtk3-0-0.7-3.9.1
libavahi-ui-gtk3-0-debuginfo-0.7-3.9.1
libavahi-ui0-0.7-3.9.1
libavahi-ui0-debuginfo-0.7-3.9.1
libdns_sd-0.7-3.9.1
libdns_sd-debuginfo-0.7-3.9.1
libhowl0-0.7-3.9.1
libhowl0-debuginfo-0.7-3.9.1
typelib-1_0-Avahi-0_6-0.7-3.9.1
o SUSE Manager Proxy 4.0 (noarch):
avahi-lang-0.7-3.9.1
o SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
avahi-0.7-3.9.1
avahi-autoipd-0.7-3.9.1
avahi-autoipd-debuginfo-0.7-3.9.1
avahi-compat-howl-devel-0.7-3.9.1
avahi-compat-mDNSResponder-devel-0.7-3.9.1
avahi-debuginfo-0.7-3.9.1
avahi-debugsource-0.7-3.9.1
avahi-glib2-debugsource-0.7-3.9.1
avahi-utils-0.7-3.9.1
avahi-utils-debuginfo-0.7-3.9.1
avahi-utils-gtk-0.7-3.9.1
avahi-utils-gtk-debuginfo-0.7-3.9.1
libavahi-client3-0.7-3.9.1
libavahi-client3-debuginfo-0.7-3.9.1
libavahi-common3-0.7-3.9.1
libavahi-common3-debuginfo-0.7-3.9.1
libavahi-core7-0.7-3.9.1
libavahi-core7-debuginfo-0.7-3.9.1
libavahi-devel-0.7-3.9.1
libavahi-glib-devel-0.7-3.9.1
libavahi-glib1-0.7-3.9.1
libavahi-glib1-debuginfo-0.7-3.9.1
libavahi-gobject-devel-0.7-3.9.1
libavahi-gobject0-0.7-3.9.1
libavahi-gobject0-debuginfo-0.7-3.9.1
libavahi-ui-gtk3-0-0.7-3.9.1
libavahi-ui-gtk3-0-debuginfo-0.7-3.9.1
libavahi-ui0-0.7-3.9.1
libavahi-ui0-debuginfo-0.7-3.9.1
libdns_sd-0.7-3.9.1
libdns_sd-debuginfo-0.7-3.9.1
libhowl0-0.7-3.9.1
libhowl0-debuginfo-0.7-3.9.1
typelib-1_0-Avahi-0_6-0.7-3.9.1
o SUSE Linux Enterprise Server for SAP 15-SP1 (noarch):
avahi-lang-0.7-3.9.1
o SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64):
avahi-32bit-debuginfo-0.7-3.9.1
libavahi-client3-32bit-0.7-3.9.1
libavahi-client3-32bit-debuginfo-0.7-3.9.1
libavahi-common3-32bit-0.7-3.9.1
libavahi-common3-32bit-debuginfo-0.7-3.9.1
o SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
avahi-0.7-3.9.1
avahi-autoipd-0.7-3.9.1
avahi-autoipd-debuginfo-0.7-3.9.1
avahi-compat-howl-devel-0.7-3.9.1
avahi-compat-mDNSResponder-devel-0.7-3.9.1
avahi-debuginfo-0.7-3.9.1
avahi-debugsource-0.7-3.9.1
avahi-glib2-debugsource-0.7-3.9.1
avahi-utils-0.7-3.9.1
avahi-utils-debuginfo-0.7-3.9.1
avahi-utils-gtk-0.7-3.9.1
avahi-utils-gtk-debuginfo-0.7-3.9.1
libavahi-client3-0.7-3.9.1
libavahi-client3-debuginfo-0.7-3.9.1
libavahi-common3-0.7-3.9.1
libavahi-common3-debuginfo-0.7-3.9.1
libavahi-core7-0.7-3.9.1
libavahi-core7-debuginfo-0.7-3.9.1
libavahi-devel-0.7-3.9.1
libavahi-glib-devel-0.7-3.9.1
libavahi-glib1-0.7-3.9.1
libavahi-glib1-debuginfo-0.7-3.9.1
libavahi-gobject-devel-0.7-3.9.1
libavahi-gobject0-0.7-3.9.1
libavahi-gobject0-debuginfo-0.7-3.9.1
libavahi-ui-gtk3-0-0.7-3.9.1
libavahi-ui-gtk3-0-debuginfo-0.7-3.9.1
libavahi-ui0-0.7-3.9.1
libavahi-ui0-debuginfo-0.7-3.9.1
libdns_sd-0.7-3.9.1
libdns_sd-debuginfo-0.7-3.9.1
libhowl0-0.7-3.9.1
libhowl0-debuginfo-0.7-3.9.1
typelib-1_0-Avahi-0_6-0.7-3.9.1
o SUSE Linux Enterprise Server 15-SP1-LTSS (noarch):
avahi-lang-0.7-3.9.1
o SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64):
avahi-32bit-debuginfo-0.7-3.9.1
libavahi-client3-32bit-0.7-3.9.1
libavahi-client3-32bit-debuginfo-0.7-3.9.1
libavahi-common3-32bit-0.7-3.9.1
libavahi-common3-32bit-debuginfo-0.7-3.9.1
o SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
avahi-0.7-3.9.1
avahi-32bit-debuginfo-0.7-3.9.1
avahi-autoipd-0.7-3.9.1
avahi-autoipd-debuginfo-0.7-3.9.1
avahi-compat-howl-devel-0.7-3.9.1
avahi-compat-mDNSResponder-devel-0.7-3.9.1
avahi-debuginfo-0.7-3.9.1
avahi-debugsource-0.7-3.9.1
avahi-glib2-debugsource-0.7-3.9.1
avahi-utils-0.7-3.9.1
avahi-utils-debuginfo-0.7-3.9.1
avahi-utils-gtk-0.7-3.9.1
avahi-utils-gtk-debuginfo-0.7-3.9.1
libavahi-client3-0.7-3.9.1
libavahi-client3-32bit-0.7-3.9.1
libavahi-client3-32bit-debuginfo-0.7-3.9.1
libavahi-client3-debuginfo-0.7-3.9.1
libavahi-common3-0.7-3.9.1
libavahi-common3-32bit-0.7-3.9.1
libavahi-common3-32bit-debuginfo-0.7-3.9.1
libavahi-common3-debuginfo-0.7-3.9.1
libavahi-core7-0.7-3.9.1
libavahi-core7-debuginfo-0.7-3.9.1
libavahi-devel-0.7-3.9.1
libavahi-glib-devel-0.7-3.9.1
libavahi-glib1-0.7-3.9.1
libavahi-glib1-debuginfo-0.7-3.9.1
libavahi-gobject-devel-0.7-3.9.1
libavahi-gobject0-0.7-3.9.1
libavahi-gobject0-debuginfo-0.7-3.9.1
libavahi-ui-gtk3-0-0.7-3.9.1
libavahi-ui-gtk3-0-debuginfo-0.7-3.9.1
libavahi-ui0-0.7-3.9.1
libavahi-ui0-debuginfo-0.7-3.9.1
libdns_sd-0.7-3.9.1
libdns_sd-debuginfo-0.7-3.9.1
libhowl0-0.7-3.9.1
libhowl0-debuginfo-0.7-3.9.1
typelib-1_0-Avahi-0_6-0.7-3.9.1
o SUSE Linux Enterprise Server 15-SP1-BCL (noarch):
avahi-lang-0.7-3.9.1
o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64
x86_64):
avahi-0.7-3.9.1
avahi-autoipd-0.7-3.9.1
avahi-autoipd-debuginfo-0.7-3.9.1
avahi-compat-howl-devel-0.7-3.9.1
avahi-compat-mDNSResponder-devel-0.7-3.9.1
avahi-debuginfo-0.7-3.9.1
avahi-debugsource-0.7-3.9.1
avahi-glib2-debugsource-0.7-3.9.1
avahi-utils-0.7-3.9.1
avahi-utils-debuginfo-0.7-3.9.1
avahi-utils-gtk-0.7-3.9.1
avahi-utils-gtk-debuginfo-0.7-3.9.1
libavahi-client3-0.7-3.9.1
libavahi-client3-debuginfo-0.7-3.9.1
libavahi-common3-0.7-3.9.1
libavahi-common3-debuginfo-0.7-3.9.1
libavahi-core7-0.7-3.9.1
libavahi-core7-debuginfo-0.7-3.9.1
libavahi-devel-0.7-3.9.1
libavahi-glib-devel-0.7-3.9.1
libavahi-glib1-0.7-3.9.1
libavahi-glib1-debuginfo-0.7-3.9.1
libavahi-gobject-devel-0.7-3.9.1
libavahi-gobject0-0.7-3.9.1
libavahi-gobject0-debuginfo-0.7-3.9.1
libavahi-ui-gtk3-0-0.7-3.9.1
libavahi-ui-gtk3-0-debuginfo-0.7-3.9.1
libavahi-ui0-0.7-3.9.1
libavahi-ui0-debuginfo-0.7-3.9.1
libdns_sd-0.7-3.9.1
libdns_sd-debuginfo-0.7-3.9.1
libhowl0-0.7-3.9.1
libhowl0-debuginfo-0.7-3.9.1
typelib-1_0-Avahi-0_6-0.7-3.9.1
o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch):
avahi-lang-0.7-3.9.1
o SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64):
avahi-32bit-debuginfo-0.7-3.9.1
libavahi-client3-32bit-0.7-3.9.1
libavahi-client3-32bit-debuginfo-0.7-3.9.1
libavahi-common3-32bit-0.7-3.9.1
libavahi-common3-32bit-debuginfo-0.7-3.9.1
o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64
x86_64):
avahi-0.7-3.9.1
avahi-autoipd-0.7-3.9.1
avahi-autoipd-debuginfo-0.7-3.9.1
avahi-compat-howl-devel-0.7-3.9.1
avahi-compat-mDNSResponder-devel-0.7-3.9.1
avahi-debuginfo-0.7-3.9.1
avahi-debugsource-0.7-3.9.1
avahi-glib2-debugsource-0.7-3.9.1
avahi-utils-0.7-3.9.1
avahi-utils-debuginfo-0.7-3.9.1
avahi-utils-gtk-0.7-3.9.1
avahi-utils-gtk-debuginfo-0.7-3.9.1
libavahi-client3-0.7-3.9.1
libavahi-client3-debuginfo-0.7-3.9.1
libavahi-common3-0.7-3.9.1
libavahi-common3-debuginfo-0.7-3.9.1
libavahi-core7-0.7-3.9.1
libavahi-core7-debuginfo-0.7-3.9.1
libavahi-devel-0.7-3.9.1
libavahi-glib-devel-0.7-3.9.1
libavahi-glib1-0.7-3.9.1
libavahi-glib1-debuginfo-0.7-3.9.1
libavahi-gobject-devel-0.7-3.9.1
libavahi-gobject0-0.7-3.9.1
libavahi-gobject0-debuginfo-0.7-3.9.1
libavahi-ui-gtk3-0-0.7-3.9.1
libavahi-ui-gtk3-0-debuginfo-0.7-3.9.1
libavahi-ui0-0.7-3.9.1
libavahi-ui0-debuginfo-0.7-3.9.1
libdns_sd-0.7-3.9.1
libdns_sd-debuginfo-0.7-3.9.1
libhowl0-0.7-3.9.1
libhowl0-debuginfo-0.7-3.9.1
typelib-1_0-Avahi-0_6-0.7-3.9.1
o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch):
avahi-lang-0.7-3.9.1
o SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64):
avahi-32bit-debuginfo-0.7-3.9.1
libavahi-client3-32bit-0.7-3.9.1
libavahi-client3-32bit-debuginfo-0.7-3.9.1
libavahi-common3-32bit-0.7-3.9.1
libavahi-common3-32bit-debuginfo-0.7-3.9.1
o SUSE Enterprise Storage 6 (aarch64 x86_64):
avahi-0.7-3.9.1
avahi-autoipd-0.7-3.9.1
avahi-autoipd-debuginfo-0.7-3.9.1
avahi-compat-howl-devel-0.7-3.9.1
avahi-compat-mDNSResponder-devel-0.7-3.9.1
avahi-debuginfo-0.7-3.9.1
avahi-debugsource-0.7-3.9.1
avahi-glib2-debugsource-0.7-3.9.1
avahi-utils-0.7-3.9.1
avahi-utils-debuginfo-0.7-3.9.1
avahi-utils-gtk-0.7-3.9.1
avahi-utils-gtk-debuginfo-0.7-3.9.1
libavahi-client3-0.7-3.9.1
libavahi-client3-debuginfo-0.7-3.9.1
libavahi-common3-0.7-3.9.1
libavahi-common3-debuginfo-0.7-3.9.1
libavahi-core7-0.7-3.9.1
libavahi-core7-debuginfo-0.7-3.9.1
libavahi-devel-0.7-3.9.1
libavahi-glib-devel-0.7-3.9.1
libavahi-glib1-0.7-3.9.1
libavahi-glib1-debuginfo-0.7-3.9.1
libavahi-gobject-devel-0.7-3.9.1
libavahi-gobject0-0.7-3.9.1
libavahi-gobject0-debuginfo-0.7-3.9.1
libavahi-ui-gtk3-0-0.7-3.9.1
libavahi-ui-gtk3-0-debuginfo-0.7-3.9.1
libavahi-ui0-0.7-3.9.1
libavahi-ui0-debuginfo-0.7-3.9.1
libdns_sd-0.7-3.9.1
libdns_sd-debuginfo-0.7-3.9.1
libhowl0-0.7-3.9.1
libhowl0-debuginfo-0.7-3.9.1
typelib-1_0-Avahi-0_6-0.7-3.9.1
o SUSE Enterprise Storage 6 (x86_64):
avahi-32bit-debuginfo-0.7-3.9.1
libavahi-client3-32bit-0.7-3.9.1
libavahi-client3-32bit-debuginfo-0.7-3.9.1
libavahi-common3-32bit-0.7-3.9.1
libavahi-common3-32bit-debuginfo-0.7-3.9.1
o SUSE Enterprise Storage 6 (noarch):
avahi-lang-0.7-3.9.1
o SUSE CaaS Platform 4.0 (x86_64):
avahi-0.7-3.9.1
avahi-32bit-debuginfo-0.7-3.9.1
avahi-autoipd-0.7-3.9.1
avahi-autoipd-debuginfo-0.7-3.9.1
avahi-compat-howl-devel-0.7-3.9.1
avahi-compat-mDNSResponder-devel-0.7-3.9.1
avahi-debuginfo-0.7-3.9.1
avahi-debugsource-0.7-3.9.1
avahi-glib2-debugsource-0.7-3.9.1
avahi-utils-0.7-3.9.1
avahi-utils-debuginfo-0.7-3.9.1
avahi-utils-gtk-0.7-3.9.1
avahi-utils-gtk-debuginfo-0.7-3.9.1
libavahi-client3-0.7-3.9.1
libavahi-client3-32bit-0.7-3.9.1
libavahi-client3-32bit-debuginfo-0.7-3.9.1
libavahi-client3-debuginfo-0.7-3.9.1
libavahi-common3-0.7-3.9.1
libavahi-common3-32bit-0.7-3.9.1
libavahi-common3-32bit-debuginfo-0.7-3.9.1
libavahi-common3-debuginfo-0.7-3.9.1
libavahi-core7-0.7-3.9.1
libavahi-core7-debuginfo-0.7-3.9.1
libavahi-devel-0.7-3.9.1
libavahi-glib-devel-0.7-3.9.1
libavahi-glib1-0.7-3.9.1
libavahi-glib1-debuginfo-0.7-3.9.1
libavahi-gobject-devel-0.7-3.9.1
libavahi-gobject0-0.7-3.9.1
libavahi-gobject0-debuginfo-0.7-3.9.1
libavahi-ui-gtk3-0-0.7-3.9.1
libavahi-ui-gtk3-0-debuginfo-0.7-3.9.1
libavahi-ui0-0.7-3.9.1
libavahi-ui0-debuginfo-0.7-3.9.1
libdns_sd-0.7-3.9.1
libdns_sd-debuginfo-0.7-3.9.1
libhowl0-0.7-3.9.1
libhowl0-debuginfo-0.7-3.9.1
typelib-1_0-Avahi-0_6-0.7-3.9.1
o SUSE CaaS Platform 4.0 (noarch):
avahi-lang-0.7-3.9.1

References:

o https://www.suse.com/security/cve/CVE-2021-3468.html
o https://bugzilla.suse.com/1184521

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYL1zVuNLKJtyKPYoAQi68Q//cs95zRiA9Eq/TtHPXL2ukp6GjoJJkFpB
1ENAhMREXUh/wSzN+Am0e5Z6tzeyumRkWgks/rOm5AURU6lTGjvNXkFp4piODFJn
DTf/2D3lQhLBiPE08Sp/sPgkuWo0FMD5JCq+D3QSRChG1U2SoK02V0sSjxnO/HoU
SUKPlELXb4+g7PG4sXnKGzapGJSsDRE0RmJRr7dteOp05j4tqOwD3xfMC1GFB6wa
YZsZ+F7Lp/7+KGkrarRUZ51Z5O2lQ+gqn/cjux7ye9kNYitP5SOeDUiT0wZxTT9u
ijRJZMo6uKLFwQ6Nflrsuq0zekZg8yQvuRl3IMrjtmzX2LRxP+xo6hZmtKFv12wu
6LDzmOwCgmUEyNQHPMniy1iQv9gU7oqGQm/IHZfeXBcmRl5lME0MHsFlJAYOUtXo
R+jiLNazIRtnX1/AZCsyes2CUL5F7PoJU7nDZ1iUu1AAVaEGDRX78gJTwl/IWT4z
5gA+7fMi+Op+Rimm2JmpMYMWWXniwYYlym+tTrMS5tjSrhrh0e2kHJh6xMlS7yyk
OIrewaaP8UCU6ovpx8TNQkeubEp2nBt8yNnzrNh+OWnVO9jbCpgo93Ltu8plh5ia
TCyKjHfXMTVRvNZt8ECcmp2PMOlxA1KTKVxsL6R4dLgJTLLBq4kIGFXdbuNNWWQ7
eosgKj2vDok=
=lqJQ
—–END PGP SIGNATURE—–

The post ESB-2021.1956 – [SUSE] avahi: Denial of service – Existing account appeared first on Malware Devil.

https://malwaredevil.com/2021/06/07/esb-2021-1956-suse-avahi-denial-of-service-existing-account/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1956-suse-avahi-denial-of-service-existing-account

ESB-2021.1957 – [SUSE] csync2: Reduced security – Remote/unauthenticated

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1957
Security update for csync2
7 June 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: csync2
Publisher: SUSE
Operating System: SUSE
Impact/Access: Reduced Security — Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2019-15523 CVE-2019-15522

Reference: ESB-2021.0030

Original Bulletin:
https://www.suse.com/support/update/announcement/2021/suse-su-20211858-1

– ————————–BEGIN INCLUDED TEXT——————–

SUSE Security Update: Security update for csync2

______________________________________________________________________________

Announcement ID: SUSE-SU-2021:1858-1
Rating: moderate
References: #1147137 #1147139
Cross-References: CVE-2019-15522 CVE-2019-15523
Affected Products:
SUSE Linux Enterprise High Availability 15-SP2
SUSE Linux Enterprise High Availability 15-SP1
SUSE Linux Enterprise High Availability 15
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for csync2 fixes the following issues:

o CVE-2019-15522: Fixed an issue where daemon fails to enforce TLS (bsc#
1147137)
o CVE-2019-15523: Fixed an incorrect TLS handshake error handling (bsc#
1147139)

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:

o SUSE Linux Enterprise High Availability 15-SP2:
zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-1858=1
o SUSE Linux Enterprise High Availability 15-SP1:
zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2021-1858=1
o SUSE Linux Enterprise High Availability 15:
zypper in -t patch SUSE-SLE-Product-HA-15-2021-1858=1

Package List:

o SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x
x86_64):
csync2-2.0+git.1461714863.10636a4-4.6.1
csync2-debuginfo-2.0+git.1461714863.10636a4-4.6.1
csync2-debugsource-2.0+git.1461714863.10636a4-4.6.1
o SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x
x86_64):
csync2-2.0+git.1461714863.10636a4-4.6.1
csync2-debuginfo-2.0+git.1461714863.10636a4-4.6.1
csync2-debugsource-2.0+git.1461714863.10636a4-4.6.1
o SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64):
csync2-2.0+git.1461714863.10636a4-4.6.1
csync2-debuginfo-2.0+git.1461714863.10636a4-4.6.1
csync2-debugsource-2.0+git.1461714863.10636a4-4.6.1

References:

o https://www.suse.com/security/cve/CVE-2019-15522.html
o https://www.suse.com/security/cve/CVE-2019-15523.html
o https://bugzilla.suse.com/1147137
o https://bugzilla.suse.com/1147139

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYL1zhONLKJtyKPYoAQgcdw//QFRDQSktKL3/fjbv+0T936rv2V2RGCzr
zka87kNyZbDz3GxvpMUSOWNiWYGdMk/Xbvtzp7M7Jbuj3/+SLVv21kBcGgPsLEBG
W5XsQL8QUcxQefELm8nnt74pvCIgPVfDcmYirGA15h8e83Rf1tsiHJC4IGGWGJlq
l+tQNwvt2Xy8MBFGjAS4o98ke6Z1wJ31Ic2VJwDX/k3u2fGjBbqLGD3sDcQh5uaU
RCPZYNnX1XfZQWW1JEx2HDi0wTqwhxur6IiwCg1t3bapjICEmXWWs+5XAF9a0t+g
5nt+eRpIBR50PBrjjHF/STIL1ONSMZQXLmPUGPRI7yOBU4XbqSmakX9KJSZ2uAaF
ZVAUmThPgxrVgcCBBQDklmcIVJnJSSymQkJYi+xh1ye99x7V8TDhWvRVXLdGSm+/
q8feyFzdCkDfMouWHxEKiszUpkzBp82yr5jdBA/WK5eyf+NNS/+gN5fLwr9XNr4K
B5nwtHafdmsc9dliMMJ/hSbADCcb8+JBh+ws3r75VXVUVsIGRTTtRZMZm5h+2FR7
kSZGIfdURnEretr+EnIsw/tUrfcYz/0hpI365KuTg9pxrfutp3dRQwd417N8kygV
M0xFZVeU9ky0B2OzK4aIBg5CacfoDk+dv9iD0jwX9cBKteefEZw+HVEBqaNvv+B2
orys4yAS/LA=
=1m3m
—–END PGP SIGNATURE—–

The post ESB-2021.1957 – [SUSE] csync2: Reduced security – Remote/unauthenticated appeared first on Malware Devil.

https://malwaredevil.com/2021/06/07/esb-2021-1957-suse-csync2-reduced-security-remote-unauthenticated/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1957-suse-csync2-reduced-security-remote-unauthenticated

Network Security News Summary for Monday June 7th, 2021

Port 37; QNAP Patch; GitHub Patches Policy; WebEx Patch; VMWare Exploit Active

Strange Goings on With Port 37
https://isc.sans.edu/forums/diary/Strange+goings+on+with+port+37/27496/

QNAP Video Station RCE Vulnerability
https://www.qnap.com/de-de/security-advisory/qsa-21-21

Updated GitHub Policy
https://github.blog/2021-06-04-updates-to-our-policies-regarding-exploits-malware-and-vulnerability-research/

Cisco WebEx Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-player-kOf8zVT

VMWare vCenter Server Vulnerability Actively Exploited
https://thehackernews.com/2021/06/alert-critical-rce-bug-in-vmware.html

keywords: vmware; vcenter; exploit; cisco; webex; github; qnap; rce; video station; port 37; ethereum

The post Network Security News Summary for Monday June 7th, 2021 appeared first on Malware Devil.

https://malwaredevil.com/2021/06/07/network-security-news-summary-for-monday-june-7th-2021/?utm_source=rss&utm_medium=rss&utm_campaign=network-security-news-summary-for-monday-june-7th-2021

Sunday, June 6, 2021

Packet Captures in the Age of TLS

Ten to fifteen years ago, a company having FPC (full packet capture) was an indicator of the seriousness of the company’s information security efforts. Having trained analysts that could use those packets to analyze alerts from NSM devices was an even better indicator.

Today, the network landscape has changed to the point of having little similarity to a decade ago. The workforce was already starting to go mobile before COVID, and the pandemic forced a large swath of workers home. Mobile devices used for work became common and the services in the cloud, prevalent.

We started seeing diminished value in some of our traditional tools. Endpoint Detection and Response suites gave us better fidelity about what was happening on our endpoints, regardless of whether the device was sitting on the corporate network, at home, or at an airport or coffee shop. AntiVirus became less useful. Yet, it still had value as a layer of defense and was good for detecting common, prevalent threats. The fact that its effectiveness was diminished didn’t mean the tool was no longer useful.

Packet captures are similar, in that though their effectiveness has been diminished by the use of SSL encrypted traffic, especially ECDH, it still has its place in layered defense. There is still much HTTP traffic on the Internet, plain text protocols are still in use even though safer alternatives have been prevalent for years, and they’re a lot of cases where an attacker will use whatever means to do call-outs back to the attacking machine that uses unencrypted traffic. But there’s another reason full packet capture is useful.

Consider the scenario where a host machine just made a connection to a known malicious website. The connection was made over TLS 1.2. You have packets from the connection, but the data is encrypted. An examination of the packets shows the TCP 3 way handshake, and five additional packets. In the first packet, there is some clear text obviously part of a certificate from the destination host, followed by three very small packets between the two hosts and finally a reset packet.

We can tell from the packet capture what happened, even though the data was encrypted. The client established a session with the site, the TLS handshake took place, and the session was ended. The rest was probably spoofed by a network security monitoring device if the traffic was not simply dropped by a firewall/IPS. What we can know is that there was no data exchanged between the two hosts.

If we have a full packet capture system set up, we can validate no data was exfiltrated, and no malware was downloaded, in seconds. Still very much valuable. And if there is no FPC solution, still worth the cost and effort to implement. (See Akime, formerly Moloch).

The post Packet Captures in the Age of TLS appeared first on Security Boulevard.

The post Packet Captures in the Age of TLS appeared first on Malware Devil.

https://malwaredevil.com/2021/06/06/packet-captures-in-the-age-of-tls/?utm_source=rss&utm_medium=rss&utm_campaign=packet-captures-in-the-age-of-tls

Operation Overlord, June 6, 1944

“… these men came here – British and our Allies, and Americans – to storm these beaches for one purpose only, not to gain anything for ourselves, not to fulfill any ambitions that America had for conquest, but just to preserve freedom. . . . Many thousands of men have died for such ideals as these. . . but these young boys. . . were cut off in their prime. . . I devoutly hope that we will never again have to see such scenes as these. I think and hope, and pray, that humanity will have learned. . . we must find some way . . . to gain an eternal peace for this world.” – via Carlo D’Este – Eisenhower: A Soldier’s Life (ISBN: 0805056874)

The Allies That Landed On The Normandy Beaches That Day In Defense of Freedom: United Kingdom, United States, Canada, Australia, Norway, Belgium, Czechoslovakia, Poland, Denmark, Free France, Greece, Netherlands, New Zealand.

The post Operation Overlord, June 6, 1944 appeared first on Security Boulevard.

The post Operation Overlord, June 6, 1944 appeared first on Malware Devil.

https://malwaredevil.com/2021/06/06/operation-overlord-june-6-1944/?utm_source=rss&utm_medium=rss&utm_campaign=operation-overlord-june-6-1944

Saturday, June 5, 2021

A Swarm of Ransomware Attacks Highlights the Need for High-Quality Threat Detection at the Start of the Attack Chain

Ransomware is insidious. It’s a treacherous and crafty way to terrorize individuals, communities, and businesses. It’s also an industry with multiple players, each playing a part in a chain that results in a big payday. Ransomware-as-a-Service (RaaS) groups like DarkSide, REvil, and others use automation, personal information, and the low cost of computing to gather […]

The post A Swarm of Ransomware Attacks Highlights the Need for High-Quality Threat Detection at the Start of the Attack Chain first appeared on SlashNext.

The post A Swarm of Ransomware Attacks Highlights the Need for High-Quality Threat Detection at the Start of the Attack Chain appeared first on Security Boulevard.

The post A Swarm of Ransomware Attacks Highlights the Need for High-Quality Threat Detection at the Start of the Attack Chain appeared first on Malware Devil.

https://malwaredevil.com/2021/06/05/a-swarm-of-ransomware-attacks-highlights-the-need-for-high-quality-threat-detection-at-the-start-of-the-attack-chain/?utm_source=rss&utm_medium=rss&utm_campaign=a-swarm-of-ransomware-attacks-highlights-the-need-for-high-quality-threat-detection-at-the-start-of-the-attack-chain

Security BSides Dublin 2021 – Chintan Shah’s ‘Digging The Attack Surface Of Microsoft Rich Text Format Files – An OLE Perspective’

Our thanks to Security BSides Dublin for publishing their outstanding videos on the organization’s YouTube channel. Enjoy!

Permalink

The post Security BSides Dublin 2021 – Chintan Shah’s ‘Digging The Attack Surface Of Microsoft Rich Text Format Files – An OLE Perspective’ appeared first on Security Boulevard.

The post Security BSides Dublin 2021 – Chintan Shah’s ‘Digging The Attack Surface Of Microsoft Rich Text Format Files – An OLE Perspective’ appeared first on Malware Devil.

https://malwaredevil.com/2021/06/05/security-bsides-dublin-2021-chintan-shahs-digging-the-attack-surface-of-microsoft-rich-text-format-files-an-ole-perspective/?utm_source=rss&utm_medium=rss&utm_campaign=security-bsides-dublin-2021-chintan-shahs-digging-the-attack-surface-of-microsoft-rich-text-format-files-an-ole-perspective

GitHub Updates Policy to Remove Exploit Code When Used in Active Attacks

Code-hosting platform GitHub Friday officially announced a series of updates to the site’s policies that delve into how the company deals with malware and exploit code uploaded to its service.

“We explicitly permit dual-use security technologies and content related to research into vulnerabilities, malware, and exploits,” the Microsoft-owned company said. “We understand that many security research projects on GitHub are dual-use and broadly beneficial to the security community. We assume positive intention and use of these projects to promote and drive improvements across the ecosystem.”

Stating that it will not allow the use of GitHub in direct support of unlawful attacks or malware campaigns that cause technical harm, the company said it may take steps to disrupt ongoing attacks that leverage the platform as an exploit or a malware content delivery network (CDN).

To that end, users are refrained from uploading, posting, hosting, or transmitting any content that could be used to deliver malicious executables or abuse GitHub as an attack infrastructure, say, by organizing denial-of-service (DoS) attacks or managing command-and-control (C2) servers.

“Technical harms means overconsumption of resources, physical damage, downtime, denial of service, or data loss, with no implicit or explicit dual-use purpose prior to the abuse occurring,” GitHub said.

In scenarios where there is an active, widespread abuse of dual-use content, the company said it might restrict access to such content by putting it behind authentication barriers, and as a “last resort,” disable access or remove it altogether when other restriction measures are not feasible. GitHub also noted that it would contact relevant project owners about the controls put in place where possible.

The changes come into effect after the company, in late April, began soliciting feedback on its policy around security research, malware, and exploits on the platform with the goal of operating under a clearer set of terms that would remove the ambiguity surrounding “actively harmful content” and “at-rest code” in support of security research.

By not taking down exploits unless the repository or code in question is incorporated directly into an active campaign, the revision to GitHub’s policies is also a direct result of widespread criticism that followed in the aftermath of a proof-of-concept (PoC) exploit code that was removed from the platform in March 2021.

The code, uploaded by a security researcher, concerned a set of security flaws known as ProxyLogon that Microsoft disclosed were being abused by Chinese state-sponsored hacking groups to breach Exchange servers worldwide. GitHub at the time said it removed the PoC in accordance with its acceptable use policies, citing it included code “for a recently disclosed vulnerability that is being actively exploited.”

Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.

The post GitHub Updates Policy to Remove Exploit Code When Used in Active Attacks appeared first on Malware Devil.

https://malwaredevil.com/2021/06/05/github-updates-policy-to-remove-exploit-code-when-used-in-active-attacks-2/?utm_source=rss&utm_medium=rss&utm_campaign=github-updates-policy-to-remove-exploit-code-when-used-in-active-attacks-2

The Joy of Tech® ‘Google’s Hiding Privacy Settings!’

via the Comic Noggins of Nitrozac and Snaggy at The Joy of Tech®!

Permalink

The post The Joy of Tech® ‘Google’s Hiding Privacy Settings!’ appeared first on Security Boulevard.

The post The Joy of Tech® ‘Google’s Hiding Privacy Settings!’ appeared first on Malware Devil.

https://malwaredevil.com/2021/06/05/the-joy-of-tech-googles-hiding-privacy-settings/?utm_source=rss&utm_medium=rss&utm_campaign=the-joy-of-tech-googles-hiding-privacy-settings

Security BSides Dublin 2021 – Matthias Wilson’s ‘Using SOCMINT In Threat Intelligence’

Our thanks to Security BSides Dublin for publishing their outstanding videos on the organization’s YouTube channel. Enjoy!

Permalink

The post Security BSides Dublin 2021 – Matthias Wilson’s ‘Using SOCMINT In Threat Intelligence’ appeared first on Security Boulevard.

The post Security BSides Dublin 2021 – Matthias Wilson’s ‘Using SOCMINT In Threat Intelligence’ appeared first on Malware Devil.

https://malwaredevil.com/2021/06/05/security-bsides-dublin-2021-matthias-wilsons-using-socmint-in-threat-intelligence/?utm_source=rss&utm_medium=rss&utm_campaign=security-bsides-dublin-2021-matthias-wilsons-using-socmint-in-threat-intelligence

Malware Devil

Malware Devil

Monday, June 7, 2021

ESB-2021.1966 – [Debian] python-django: Multiple vulnerabilities

ESB-2021.1967 – [Debian] ruby-nokogiri: Multiple vulnerabilities

ESB-2021.1968 – [Debian] thunderbird: Multiple vulnerabilities

ESB-2021.1969 – [Win][Linux][IBM i][HP-UX][Solaris][AIX] WebSphere Application Server: Multiple vulnerabilities

ESB-2021.1970 – [Appliance] Advantech iView: Multiple vulnerabilities

ESB-2021.1955 – [SUSE] MozillaThunderbird: Multiple vulnerabilities

ESB-2021.1956 – [SUSE] avahi: Denial of service – Existing account

ESB-2021.1957 – [SUSE] csync2: Reduced security – Remote/unauthenticated

Network Security News Summary for Monday June 7th, 2021

Sunday, June 6, 2021

Packet Captures in the Age of TLS

Operation Overlord, June 6, 1944

Saturday, June 5, 2021

A Swarm of Ransomware Attacks Highlights the Need for High-Quality Threat Detection at the Start of the Attack Chain

Security BSides Dublin 2021 – Chintan Shah’s ‘Digging The Attack Surface Of Microsoft Rich Text Format Files – An OLE Perspective’

GitHub Updates Policy to Remove Exploit Code When Used in Active Attacks

The Joy of Tech® ‘Google’s Hiding Privacy Settings!’

Security BSides Dublin 2021 – Matthias Wilson’s ‘Using SOCMINT In Threat Intelligence’

Barbary Pirates and Russian Cybercrime

Blog Archive

About Me