Malware Devil

Wednesday, June 9, 2021

ESB-2021.2047 – [Appliance] AVEVA InTouch: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.2047
Advisory (icsa-21-159-03) AVEVA InTouch
9 June 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: AVEVA InTouch
Publisher: ICS-CERT
Operating System: Network Appliance
Impact/Access: Access Privileged Data — Existing Account
Reduced Security — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-32942

Original Bulletin:
https://us-cert.cisa.gov/ics/advisories/icsa-21-159-03

– ————————–BEGIN INCLUDED TEXT——————–

ICS Advisory (ICSA-21-159-03)

AVEVA InTouch

Original release date: June 08, 2021

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided
“as is” for informational purposes only. The Department of Homeland Security
(DHS) does not provide any warranties of any kind regarding any information
contained within. DHS does not endorse any commercial product or service,
referenced in this product or otherwise. Further dissemination of this product
is governed by the Traffic Light Protocol (TLP) marking in the header. For more
information about TLP, see https://us-cert.cisa.gov/tlp/ .

1. EXECUTIVE SUMMARY

o CVSS v3 6.6
o ATTENTION: Low attack complexity
o Vendor: AVEVA Software, LLC
o Equipment: InTouch 2020 R2 and all prior versions
o Vulnerability: Clear Text Storage of Sensitive Information in Memory

2. RISK EVALUATION

Successful exploitation of this vulnerability could expose cleartext
credentials from InTouch Runtime.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

AVEVA reports the vulnerability affects the following InTouch products:

o InTouch 2020 R2 and all prior versions

3.2 VULNERABILITY OVERVIEW

3.2.1 CLEARTEXT STORAGE OF SENSITIVE INFORMATION IN MEMORY CWE-316

The vulnerability could expose cleartext credentials from InTouch Runtime
(WindowViewer) if an authorized, privileged user creates a diagnostic memory
dump of the process and saves it to a non-protected location.

CVE-2021-32942 has been assigned to this vulnerability. A CVSS v3 base score of
6.6 has been calculated; the CVSS vector string is ( AV:L/AC:L/PR:L/UI:R/S:U/
C:H/I:H/A:N ).

3.3 BACKGROUND

o CRITICAL INFRASTRUCTURE SECTORS: Chemical, Critical Manufacturing, Energy,
Food and Agriculture, and Water and Wastewater
o COUNTRIES/AREAS DEPLOYED: Worldwide
o COMPANY HEADQUARTERS LOCATION: United Kingdom

3.4 RESEARCHER

Ilya Karpov, Evgeniy Druzhinin, and Konstantin Kondratev of Rostelecom-Solar
reported this vulnerability to AVEVA.

4. MITIGATIONS

AVEVA recommends organizations evaluate the impact of this vulnerability based
on their operational environment, architecture, and product implementation.

Users of InTouch 2020 R2 and all prior versions are affected and should first
upgrade to one of the versions listed below, then apply the corresponding
security update:

o InTouch 2020 R2: Update to InTouch 2020 R2 P01
o InTouch 2020: Update to Security Update 1216934
o InTouch 2017 U3 SP1 P01: Update to Security Update 1216933

Please see security bulletin AVEVA-2021-001 for more information.

CISA recommends users take defensive measures to minimize the risk of
exploitation of this vulnerability. Specifically, users should:

o Ensure the least-privilege user principle is followed
o Minimize network exposure for all control system devices and/or systems,
and ensure that they are not accessible from the Internet .
o Locate control system networks and remote devices behind firewalls, and
isolate them from the business network.
o When remote access is required, use secure methods, such as Virtual Private
Networks (VPNs), recognizing VPNs may have vulnerabilities and should be
updated to the most current version available. Also recognize VPN is only
as secure as its connected devices.

CISA reminds organizations to perform proper impact analysis and risk
assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices
on the ICS webpage on us-cert.cisa.gov . Several recommended practices are
available for reading and download, including Improving Industrial Control
Systems Cybersecurity with Defense-in-Depth Strategies .

Additional mitigation guidance and recommended practices are publicly available
on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper,
ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation
Strategies .

Organizations observing any suspected malicious activity should follow their
established internal procedures and report their findings to CISA for tracking
and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves
from social engineering attacks:

o Do not click web links or open unsolicited attachments in email messages.
o Refer to Recognizing and Avoiding Email Scams for more information on
avoiding email scams.
o Refer to Avoiding Social Engineering and Phishing Attacks for more
information on social engineering attacks.

No known public exploits specifically target this vulnerability. This
vulnerability is not exploitable remotely

For any questions related to this report, please contact the CISA at:

Email: CISAservicedesk@cisa.dhs.gov
Toll Free: 1-888-282-0870

CISA continuously strives to improve its products and services. You can help by
choosing one of the links below to provide feedback about this product.

– ————————–END INCLUDED TEXT——————–

You have received this e-mail bulletin as a result of your organisation’s
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT’s members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation’s
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author’s website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
—–BEGIN PGP SIGNATURE—–
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYMBi0eNLKJtyKPYoAQiLPw/+M7STF1kBWAUM/Lj2YhbVDOq9ow9QDO7I
FSOfD8Tgkq2+C/amhwqGCpTXUWcx6gmRsP/DICmi55LdT51noLEoYWXY5PspbzRy
Txn8rl8ZjsbFIDdDUWGuSYpTtW4lRee5WefT53RKHsMxvHJFnBZQ/osU2Z23jsDr
CBVA0pxiHdo8WQZYkJOFoswCY4XOtorHonaPNQDOkqgBQfewkG2S7QLtEo4cxULr
NMPiLmZZO/Gi6odXDx+SqmLXDkaCUh2FTpmnlyKhuwm9uDW4/QO2OP8423h5dugZ
W8feW2rGoLUZRJ8a41A4C6v/fgHYL3bbPeKtr7T7F/XnmWS4XiADrnFPHjIlgjT9
c2rL7wnBoLegE+HmYvRx+pqLrhiR+XEl5N2AJ/g3JcFvGVJ6yVVDKNNnQL93vFMV
aKtYxwFOW9osAAaobLbNRUgKB4hkImM53N9IZmhSZl4yG5IENQBgf48fsYQMHg8p
jeQxr9VBfftJUxYIoi69Iw9dVm6aLtlIw8R8irNpKfiZWcfol5iYFvbFnwabJhAn
rADG1qDkh2EXqHFImatQyebjljp8TG8k8j+y0kLQUp/LmgAJBD3nukwk+xGH9QAo
2nqttkITvn+TjxmjQJSq/aLbQoO8TrrgEbonW2QclHTjGApkiJz4ipWhC3hisJvX
0yMD5rirH4E=
=Hd8u
—–END PGP SIGNATURE—–

The post ESB-2021.2047 – [Appliance] AVEVA InTouch: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/06/09/esb-2021-2047-appliance-aveva-intouch-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-2047-appliance-aveva-intouch-multiple-vulnerabilities

ESB-2021.2048 – [Appliance] Schneider Electric IGSS (Interactive Graphical SCADA System): Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.2048
Advisory (icsa-21-159-04) Schneider Electric IGSS
9 June 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: Schneider Electric IGSS (Interactive Graphical SCADA System)
Publisher: ICS-CERT
Operating System: Network Appliance
Impact/Access: Execute Arbitrary Code/Commands — Existing Account
Access Confidential Data — Existing Account
Reduced Security — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-22762 CVE-2021-22761 CVE-2021-22760
CVE-2021-22759 CVE-2021-22758 CVE-2021-22757
CVE-2021-22756 CVE-2021-22755 CVE-2021-22754
CVE-2021-22753 CVE-2021-22752 CVE-2021-22751
CVE-2021-22750

Original Bulletin:
https://us-cert.cisa.gov/ics/advisories/icsa-21-159-04

– ————————–BEGIN INCLUDED TEXT——————–

ICS Advisory (ICSA-21-159-04)

Schneider Electric IGSS

Original release date: June 08, 2021

Legal Notice

1. EXECUTIVE SUMMARY

o CVSS v3 7.8
o ATTENTION: Low attack complexity
o Vendor: Schneider Electric
o Equipment: IGSS (Interactive Graphical SCADA System)
o Vulnerabilities: Out-of-bounds Write, Out-of-bounds Read, Access of
Uninitialized Pointer, Use After Free, Release of Invalid Pointer or
Reference, Improper Limitation of a Pathname to a Restricted Directory

2. RISK EVALUATION

Successful exploitation of these vulnerabilities may result in remote code
execution, which could result in an attacker gaining access to the Windows
Operating System on the machine used to import CGF and WSP files.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of Interactive Graphical SCADA System (IGSS) are
affected:

o IGSS Definition (Def.exe) v15.0.0.21140 and prior

3.2 VULNERABILITY OVERVIEW

3.2.1 OUT-OF-BOUNDS WRITE CWE-787

Exploitation of this vulnerability could result in loss of data or remote code
execution due to missing length checks when a malicious CGF file is imported to
IGSS Definition.

CVE-2021-22750 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been assigned; the CVSS vector string is ( AV:L/AC:L/PR:N/UI:R/S:U/C:H/
I:H/A:H ).

3.2.2 OUT-OF-BOUNDS WRITE CWE-787

Exploitation of this vulnerability could result in disclosure of information or
execution of arbitrary code due to lack of input validation when a malicious
CGF (Configuration Group File) is imported to IGSS Definition.

CVE-2021-22751 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been assigned; the CVSS vector string is ( AV:L/AC:L/PR:N/UI:R/S:U/C:H/
I:H/A:H ).

3.2.3 OUT-OF-BOUNDS WRITE CWE-787

Exploitation of this vulnerability could result in loss of data or remote code
execution due to missing size checks when a malicious WSP (Workspace) file is
being parsed by IGSS Definition.

CVE-2021-22752 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been assigned; the CVSS vector string is AV:L/AC:L/PR:N/UI:R/S:U/C:H/
I:H/A:H ).

3.2.4 OUT-OF-BOUNDS READ CWE-125

Exploitation of this vulnerability could result in loss of data or remote code
execution due to missing length checks when a malicious WSP file is being
parsed by IGSS Definition.

CVE-2021-22753 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been assigned; the CVSS vector string is ( AV:L/AC:L/PR:N/UI:R/S:U/C:H/
I:H/A:H ).

3.2.5 OUT-OF-BOUNDS WRITE CWE-787

Exploitation of this vulnerability could result in loss of data or remote code
execution due to lack of proper validation of user-supplied data when a
malicious CGF file is imported to IGSS Definition.

CVE-2021-22754 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been assigned; the CVSS vector string is ( AV:L/AC:L/PR:N/UI:R/S:U/C:H/
I:H/A:H ).

3.2.6 OUT-OF-BOUNDS WRITE CWE-787

Exploitation of this vulnerability could result in disclosure of information or
remote code execution due to lack of sanity checks on user-supplied data when a
malicious CGF file is imported to IGSS Definition.

CVE-2021-22755 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been assigned; the CVSS vector string is ( AV:L/AC:L/PR:N/UI:R/S:U/C:H/
I:H/A:H ).

3.2.7 OUT-OF-BOUNDS READ CWE-125

Exploitation of this vulnerability could result in disclosure of information or
remote code execution due to lack of user-supplied data validation when a
malicious CGF file is imported to IGSS Definition.

CVE-2021-22756 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been assigned; the CVSS vector string is ( AV:L/AC:L/PR:N/UI:R/S:U/C:H/
I:H/A:H ).

3.2.8 OUT-OF-BOUNDS READ CWE-125

Exploitation of this vulnerability could result in disclosure of information or
remote code execution due to lack of validation on user-supplied input data
when a malicious CGF file is imported to IGSS Definition.

CVE-2021-22757 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been assigned; the CVSS vector string is ( AV:L/AC:L/PR:N/UI:R/S:U/C:H/
I:H/A:H ).

3.2.9 ACCESS OF UNINITIALIZED POINTER CWE-824

Exploitation of this vulnerability could result in loss of data or remote code
execution due to lack of validation of user-supplied input data when a
malicious CGF file is imported to IGSS Definition.

CVE-2021-22758 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been assigned; the CVSS vector string is ( AV:L/AC:L/PR:N/UI:R/S:U/C:H/
I:H/A:H ).

3.2.10 USE AFTER FREE CWE-416

Exploitation of this vulnerability could result in loss of data or remote code
execution due to use of unchecked input data when a malicious CGF file is
imported to IGSS Definition.

CVE-2021-22759 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been assigned; the CVSS vector string is ( AV:L/AC:L/PR:N/UI:R/S:U/C:H/
I:H/A:H ).

3.2.11 RELEASE OF INVALID POINTER OR REFERENCE CWE-763

Exploitation of this vulnerability could result in loss of data or remote code
execution due to missing checks of user-supplied input data when a malicious
CGF file is imported to IGSS Definition.

CVE-2021-22760 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been assigned; the CVSS vector string is ( AV:L/AC:L/PR:N/UI:R/S:U/C:H/
I:H/A:H ).

3.2.12 IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER
CWE-119

Exploitation of this vulnerability could result in disclosure of information or
remote code execution due to missing length check on user supplied data when a
malicious CGF file is imported to IGSS Definition.

CVE-2021-22761 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been assigned; the CVSS vector string is ( AV:L/AC:L/PR:N/UI:R/S:U/C:H/
I:H/A:H ).

3.2.13 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY CWE-22

Exploitation of this vulnerability could result in remote code execution when a
malicious CGF or WSP file is being parsed by IGSS Definition.

CVE-2021-22762 has been assigned to this vulnerability. A CVSS v3 base score of
7.8 has been assigned; the CVSS vector string is ( AV:L/AC:L/PR:N/UI:R/S:U/C:H/
I:H/A:H ).

3.3 BACKGROUND

o CRITICAL INFRASTRUCTURE SECTORS: Commercial Facilities, Critical
Manufacturing, Energy
o COUNTRIES/AREAS DEPLOYED: Worldwide
o COMPANY HEADQUARTERS LOCATION: France

3.4 RESEARCHER

Kimiya, working with Trend Micro’s Zero Day Initiative, and Michael Heinzl
separately reported these vulnerabilities to CISA.

4. MITIGATIONS

Schneider Electric recommends users update to Version 15.0.0.21141 of the IGSS
Definition module: Def.exe includes fixes for these vulnerabilities and is
available for download through IGSS Master > Update IGSS Software, or at the
link above.

If users choose not to apply the remediation provided above, they should
immediately apply the following mitigations to reduce the risk of exploitation:

o Avoid importing CGF and WSP files from untrusted sources.

Please see Schneider Electric’s publication SEVD-2021-159-01 for more
information.

CISA recommends users take defensive measures to minimize the risk of
exploitation of these vulnerabilities. Specifically, users should:

o Minimize network exposure for all control system devices and/or systems,
and ensure that they are not accessible from the Internet .
o Locate control system networks and remote devices behind firewalls, and
isolate them from the business network.
o When remote access is required, use secure methods, such as Virtual Private
Networks (VPNs), recognizing VPNs may have vulnerabilities and should be
updated to the most current version available. Also recognize VPN is only
as secure as its connected devices.

CISA reminds organizations to perform proper impact analysis and risk
assessment prior to deploying defensive measures.

Organizations observing any suspected malicious activity should follow their
established internal procedures and report their findings to CISA for tracking
and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves
from social engineering attacks:

No known public exploits specifically target these vulnerabilities. These
vulnerabilities are not exploitable remotely.

For any questions related to this report, please contact the CISA at:

Email: CISAservicedesk@cisa.dhs.gov
Toll Free: 1-888-282-0870

CISA continuously strives to improve its products and services. You can help by
choosing one of the links below to provide feedback about this product.

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYMBi3eNLKJtyKPYoAQj5HQ//QhSq5ueALIQpKCr8XWc7oRHOfx4wAUXc
WYQcIUhHyIFiu7dTMOuUSeAvyb5O5uOgyT5TLAf4pynyqauefO1Q+IrUx9uWK0Zq
PRTuCLNg06fCPL21biaISWlB19r2Qz+b3Cr48ua9x1gkrwp/GD5BOtUD8VdmeCCB
R8p6rM1ECo+E0/8nfhpNC0NuJRHZkbuCH2ZCg2HypUimEGwwMGH215bImRQdiYtH
SpSa1JOHf1Ts3Q+DluzL+l/qhm21ugU6UPVx/s9bwFJfCvBR38V9RP/nth5cmAKy
sp2fdjp0GiGIZAqJA2T7U7Yh9HLL7SaIshQK/JC/LxBbxP66ppn3/dXzC2NuVS0y
tv2fHode5kC7Gg27sth1hpePgu7m0tKbfhCOUwOcUaNS01Tr8O1dmtB+32IOjUTn
vZZlDTS68TsNBmMXP+uDi5p3ILTcIsqAZCJ7ppQbqK4PntfQqBgQ8kj15DHTl83D
rwyiYfMS1Qi2ND8DzBw87FkXuH8RMIvBlQhUsafA3zJBonviyoFHmm4LEmS2KRCw
830VMOpDQ1ohJxkROCeldvTAgQQhuIXvtlthHyVfjYftCKro8lkVcxtEn2iTBczH
GIbIzetQVc8VpEpusRYt72LbdrXhcRKTiYtWicLBcq3EuDc5F3KsQvBxcdTq9++x
N0kAOXpQ67E=
=LoZ2
—–END PGP SIGNATURE—–

The post ESB-2021.2048 – [Appliance] Schneider Electric IGSS (Interactive Graphical SCADA System): Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/06/09/esb-2021-2048-appliance-schneider-electric-igss-interactive-graphical-scada-system-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-2048-appliance-schneider-electric-igss-interactive-graphical-scada-system-multiple-vulnerabilities

Security Alert: Microsoft Releases June 2021 Security Updates

JPCERT-AT-2021-0027
JPCERT/CC
2021-06-09

I. Overview

Microsoft has released June 2021 Security Updates to address the vulnerabilities in their products. Remote attackers leveraging these vulnerabilities may be able to execute arbitrary code. It is recommended to check the information provided by Microsoft and apply the updates.

Microsoft Corporation
June 2021 Security Updates
https://msrc.microsoft.com/update-guide/en-us/releaseNote/2021-June

Microsoft Corporation
Release Notes
https://msrc.microsoft.com/update-guide/releaseNote

According to Microsoft, the following six vulnerabilities have been confirmed to be exploited in the wild. Please consider applying the security update programs as soon as possible.

CVE-2021-31955
Windows Kernel Information Disclosure Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31955

CVE-2021-31956
Windows NTFS Elevation of Privilege Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31956

CVE-2021-33739
Microsoft DWM Core Library Elevation of Privilege Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-33739

CVE-2021-33742
Windows MSHTML Platform Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-33742

CVE-2021-31199
Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31199

CVE-2021-31201
Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31201

Microsoft Enhanced Cryptographic Provider Elevation of Privilege vulnerabilities (CVE-2021-31199, CVE-2021-31201) are related to Adobe Acrobat and Reader vulnerability (CVE-2021-28550), released in Adobe Security Bulletin APSB21-29 in May 2021.

II. Solution

Please apply the security update programs through Microsoft Update,Windows Update, etc. as soon as possible.

Microsoft Update Catalog
https://www.catalog.update.microsoft.com/

Windows Update: FAQ
https://support.microsoft.com/en-us/help/12373/windows-update-faq

III. References

Microsoft Corporation
Microsoft Security Updates for June 2021 (Monthly) (Japanese)
https://msrc-blog.microsoft.com/2021/06/08/202106-security-updates/

If you have any information regarding this alert, please contact JPCERT/CC.

JPCERT Coordination Center (Early Warning Group)
MAIL: ew-info@jpcert.or.jp
https://www.jpcert.or.jp/english/

The post Security Alert: Microsoft Releases June 2021 Security Updates appeared first on Malware Devil.

https://malwaredevil.com/2021/06/09/security-alert-microsoft-releases-june-2021-security-updates/?utm_source=rss&utm_medium=rss&utm_campaign=security-alert-microsoft-releases-june-2021-security-updates

Security Alert: Alert Regarding Vulnerabilities in Adobe Acrobat and Reader (APSB21-37)

JPCERT-AT-2021-0026
JPCERT/CC
2021-06-09

I. Overview

Vulnerabilities exist in Adobe Acrobat, a PDF file creation and conversion software, and Adobe Acrobat Reader, a PDF file viewing software. As a result, an attacker may execute arbitrary code by convincing a user to open contents leveraging the vulnerabilities.For more information, please refer to the Adobe’s website.

Adobe Incorporated
Security update available for Adobe Acrobat and Reader | APSB21-37
https://helpx.adobe.com/security/products/acrobat/apsb21-37.html

II. Affected Products

Affected products and versions are as follows:

– Adobe Acrobat DC Continuous (2021.001.20155) and earlier (Windows, macOS)
– Adobe Acrobat Reader DC Continuous (2021.001.20155) and earlier (Windows, macOS)
– Adobe Acrobat 2020 Classic 2020 (2020.001.30025) and earlier (Windows, macOS)
– Adobe Acrobat Reader 2020 Classic 2020 (2020.001.30025) and earlier (Windows, macOS)
– Adobe Acrobat 2017 Classic 2017 (2017.011.30196) and earlier (Windows, macOS)
– Adobe Acrobat Reader 2017 Classic 2017 (2017.011.30196) and earlier (Windows, macOS)

III. Solution

Please update Adobe products to the latest versions listed below.

– Adobe Acrobat DC Continuous (2021.005.20148) (Windows, macOS)
– Adobe Acrobat Reader DC Continuous (2021.005.20148) (Windows, macOS)
– Adobe Acrobat 2020 Classic 2020 (2020.004.30005) (Windows, macOS)
– Adobe Acrobat Reader 2020 Classic 2020 (2020.004.30005) (Windows, macOS)
– Adobe Acrobat 2017 Classic 2017 (2017.011.30197) (Windows, macOS)
– Adobe Acrobat Reader 2017 Classic 2017 (2017.011.30197) (Windows, macOS)

Acrobat will be updated by starting the product, selecting the menu”Help”, and then clicking “Check for Updates”. If an update from the menu is not available, please download the latest Adobe Acrobat and Reader from the following URLs. For more information,please refer to the Adobe’s website.

Adobe Incorporated
Download Adobe Acrobat Reader DC (Japanese)
https://get2.adobe.com/jp/reader/

Adobe Incorporated
Download Acrobat 2020
https://helpx.adobe.com/download-install/kb/acrobat-2020-downloads.html

Adobe Incorporated
Download Acrobat 2017
https://helpx.adobe.com/download-install/kb/acrobat-2017-downloads.html

IV. References

Adobe Incorporated
Security update available for Adobe Acrobat and Reader | APSB21-37
https://helpx.adobe.com/security/products/acrobat/apsb21-37.html

Adobe Incorporated
Latest Product Security Updates
https://helpx.adobe.com/security.html

If you have any information regarding this alert, please contact JPCERT/CC.

JPCERT Coordination Center (Early Warning Group)
MAIL: ew-info@jpcert.or.jp
https://www.jpcert.or.jp/english/

The post Security Alert: Alert Regarding Vulnerabilities in Adobe Acrobat and Reader (APSB21-37) appeared first on Malware Devil.

https://malwaredevil.com/2021/06/09/security-alert-alert-regarding-vulnerabilities-in-adobe-acrobat-and-reader-apsb21-37/?utm_source=rss&utm_medium=rss&utm_campaign=security-alert-alert-regarding-vulnerabilities-in-adobe-acrobat-and-reader-apsb21-37

ISC Stormcast For Wednesday, June 9th, 2021 https://isc.sans.edu/podcastdetail.html?id=7534, (Wed, Jun 9th)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Read More

The post ISC Stormcast For Wednesday, June 9th, 2021 https://isc.sans.edu/podcastdetail.html?id=7534, (Wed, Jun 9th) appeared first on Malware Devil.

https://malwaredevil.com/2021/06/09/isc-stormcast-for-wednesday-june-9th-2021-https-isc-sans-edu-podcastdetail-htmlid7534-wed-jun-9th/?utm_source=rss&utm_medium=rss&utm_campaign=isc-stormcast-for-wednesday-june-9th-2021-https-isc-sans-edu-podcastdetail-htmlid7534-wed-jun-9th

ESB-2021.2022 – [Win][UNIX/Linux] Intel VTune Profiler: Increased privileges – Existing account

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.2022
Intel VTune Profiler Advisory
9 June 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: Intel VTune Profiler
Publisher: Intel
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Increased Privileges — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-0077

Original Bulletin:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00518.html

– ————————–BEGIN INCLUDED TEXT——————–

Intel ID: INTEL-SA-00518
Advisory Category: Software
Impact of vulnerability : Escalation of Privilege
Severity rating : MEDIUM
Original release: 06/08/2021
Last revised: 06/08/2021

Summary:

A potential security vulnerability in the Intel VTune Profiler may allow
escalation of privilege. Intel is releasing software updates to mitigate this
potential vulnerability.

Vulnerability Details:

CVEID: CVE-2021-0077

Description: Insecure inherited permissions in the installer for the Intel(R)
VTune(TM) Profiler before version 2021.1.1 may allow an authenticated user to
potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Affected Products:

Intel VTune Profiler before version 2021.1.1.

Recommendations:

Intel recommends updating the Intel VTune Profiler to version 2021.1.1 or
later.

Intel VTune Profiler updates are available for download at this location:

https://software.intel.com/content/www/us/en/develop/tools/oneapi/components/
vtune-profiler.html

Standalone Intel VTune Profiler installers (without the oneAPI Base Toolkit)
updates are available for download at this location:

https://software.intel.com/content/www/us/en/develop/articles/
oneapi-standalone-components.html#vtune

Acknowledgements:

Intel would like to thank @j00sean for reporting this issue.

Intel, and nearly the entire technology industry, follows a disclosure practice
called Coordinated Disclosure, under which a cybersecurity vulnerability is
generally publicly disclosed only after mitigations are available.

Revision History

Revision Date Description
1.0 06/08/2021 Initial Release

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYMBORONLKJtyKPYoAQipFA/8CFqO/eqbFtPW96Ppse+8k8sj8yXW9rhe
iCbZiiYY4KAVt2xbc8WKeI2ICHejXzniMXXyJxSbxEUFqEZJ0gy3LYOM3jx58PIP
RIH58L3ZYxK/0pAdZaBgFlfpSerqiWHniAXg3g77/q6JTeK8WoDwjksafceGn/ik
e2piHLWCnOd8MW4PkyUMBjy+JUufacnlFDoILIiRiUYq8pQJlgXaJEK/GyG3MKDC
IsddCNnaO914yJqsKc4Sb2Gs1t0YRcamDJtpaNJB5vo/82h0GCkAfIDDzcpIfZsF
Oo6QoCHoTlzMQhntk21fKYQrgGKWG+8eoT3lVI7LeOAGiCmciNoc/gQRjYRw1EoD
0mK6RUfdKW4o7Qo2WKGe5S/ZOlWtkZJInhOOwtGLflisva0FBq7BrLWsSBXiZOpq
wIx6b5V0K6uaGsFKOm0QC5bnmOo5V2bh2U9QrXTx8tBhW24HDt9+dqoV5qJQ3GeT
L3SZ+otWsqooTRicA0UxrZBNfBqUPBqYbyd0S6it58LCzIjbL+qw4tEbT+ApIAyJ
vUbQm9S1ZCX+6a+ql2BTTplLRdUeF4ktT4pB5+8CYmP6JSQjTLCLOl0lm9/TpZX5
yWlzVSKHskoO+s14bNd9PJWdFrMhdjkDEiVg96EsY6fDZbPaYoBfcTxOmqvddVV7
M1cZjidiivY=
=J26B
—–END PGP SIGNATURE—–

The post ESB-2021.2022 – [Win][UNIX/Linux] Intel VTune Profiler: Increased privileges – Existing account appeared first on Malware Devil.

https://malwaredevil.com/2021/06/09/esb-2021-2022-winunix-linux-intel-vtune-profiler-increased-privileges-existing-account/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-2022-winunix-linux-intel-vtune-profiler-increased-privileges-existing-account

ESB-2021.2023 – [Win][Linux] Intel Bluetooth products: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.2023
Intel Wireless Bluetooth and Killer Bluetooth Advisory
9 June 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: Intel Wireless Bluetooth
Intel Killer Bluetooth
Publisher: Intel
Operating System: Linux variants
Windows
Impact/Access: Access Confidential Data — Remote/Unauthenticated
Reduced Security — Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2020-26558 CVE-2020-26555

Reference: ESB-2021.1976

Original Bulletin:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00520.html

– ————————–BEGIN INCLUDED TEXT——————–

Intel ID: INTEL-SA-00520
Advisory Category: Firmware
Impact of vulnerability : Information Disclosure
Severity rating : MEDIUM
Original release: 06/08/2021
Last revised: 06/08/2021

Summary:

Potential security vulnerabilities in Intel Wireless Bluetooth products and
Killer Bluetooth products may allow information disclosure. Intel is releasing
firmware updates to mitigate these potential vulnerabilities.

Vulnerability Details:

CVEID: CVE-2020-26555 (Non-Intel issued)

Intel Description (official wording not yet available): Improper access control
in some Intel(R) Wireless Bluetooth(R) products in multiple operating systems
and Killer(TM) Bluetooth(R) products in Windows 10 may allow an unauthenticated
user to potentially enable information disclosure via adjacent access.

CVSS Base Score: 5.4 Medium

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CVEID: CVE-2020-26558 (Non-Intel issued)

Intel Description (official wording not yet available): Improper authentication
in some Intel(R) Wireless Bluetooth(R) products in multiple operating systems
and Killer(TM) Bluetooth(R) products in Windows 10 may allow an unauthenticated
user to potentially enable information disclosure via adjacent access.

CVSS Base Score: 4.6 Medium

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Affected Products:

Intel Wireless Bluetooth products:

Intel Wi-Fi 6 AX210

Intel Wi-Fi 6 AX201

Intel Wi-Fi 6 AX200

Intel Wireless-AC 9560

Intel Wireless-AC 9462

Intel Wireless-AC 9461

Intel Wireless-AC 9260

Intel Dual Band Wireless-AC 8265

Intel Dual Band Wireless-AC 8260

Intel Dual Band Wireless-AC 3168

Intel Wireless 7265 (Rev D) Family

Intel Dual Band Wireless-AC 3165

Killer ^ Bluetooth products:

Killer Wi-Fi 6E AX1675

Killer Wi-Fi 6 AX1650

Killer Wireless-AC 1550

Recommendation:

Windows* OS:

Intel recommends updating affected Intel Wireless Bluetooth and Killer
Bluetooth products to version 22.50 or later.

For Windows* 10, updates are available for download at this location:

https://www.intel.com/content/www/us/en/support.html

Customers can also download the latest available firmware from the Intel
Customer Support site here .

Updates for Killer drivers with Windows 10 are available for download at this
location: https://www.intel.com/content/www/us/en/secure/design/confidential/
products-and-solutions/wireless-and-modems/wireless-software/
killer-performance-suite.html

Linux OS:

Intel Wireless Bluetooth firmware to mitigate these vulnerabilities will be up
streamed to Linux before May 23rd, 2021.

Consult the regular Open Source channels to obtain this update.

Chrome OS:

Intel Wireless Bluetooth firmware to mitigate these vulnerabilities will be up
streamed to Chromium.

For any Google Chrome OS solution and schedule, please contact Google directly.

Acknowledgements:

These issues were found externally.

Revision History

Revision Date Description
1.0 06/08/2021 Initial Release

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYMBOWeNLKJtyKPYoAQiczBAAmNDe2hlEejHX71KD9sK1LE8bY3zhukhI
gGaJzz8f9S2GsvJPjTw8u1Q1rB6X5ytuaQZHYHM2XcTABCu7wwigh8D9ppY1sMJU
laLlim7hIipPM33ACcmX9Jz9MbOLvALpzHo1ZGiIZsYtvodwGJy37pY9CybTHz2d
xy5Y+hMylwBcDpq9i7tZqN1yMXKZsuSQtzYywR71ZcU92bQc51Zf6pYE0dPHD1el
U/R3K9Ry89YuZUpU0GS2jEmN+RUseOAVR6mPzi8YHiI+VllwfHxWXAEHRwoXMNOi
QS7e/gZR+DzeY/wiYCAn0N7D4/H8Zcc+GU4R7A/KO8TXI8w68xUZ522z9/fGLiyd
0qpPGcMKakZtZ7rO6j4PBHzdOQ6ZzBssme3SBDSRXa/VpLbEbMymT07UGZ5xBNQU
TuqpR9ZKPaXzcH9Lec/a5IecLXnWJUPuwSWZuvHj72fO4sNWE7YBh4eEnBEGb32/
fAULBSpYix41PxipJ0iKSoJK9CQkIKjti8TeStFgbA8uDKWJAPVY3NBiHxpcT9Jx
2ArWmp0fSbpl10wmSlvNGIHCd7QmZW3yCdZVHK29w75fOtWwv/85cC682ElF8ZTb
NJd1wl25DVBmTrtZReMKQlTe7Gth/JRuN1RNjeWQ1Cd7BlRdsJomkwhqjLEbTthh
FzQK/s3LeWE=
=8dfu
—–END PGP SIGNATURE—–

The post ESB-2021.2023 – [Win][Linux] Intel Bluetooth products: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/06/09/esb-2021-2023-winlinux-intel-bluetooth-products-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-2023-winlinux-intel-bluetooth-products-multiple-vulnerabilities

ESB-2021.2024 – [UNIX/Linux][SUSE] 389-ds: Denial of service – Existing account

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.2024
Security update for 389-ds
9 June 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: 389-ds
Publisher: SUSE
Operating System: SUSE
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Denial of Service — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-3514

Original Bulletin:
https://www.suse.com/support/update/announcement/2021/suse-su-20211878-1

Comment: This advisory references vulnerabilities in products which run on
platforms other than SUSE. It is recommended that administrators
running 389-ds check for an updated version of the software for
their operating system.

– ————————–BEGIN INCLUDED TEXT——————–

SUSE Security Update: Security update for 389-ds

______________________________________________________________________________

Announcement ID: SUSE-SU-2021:1878-1
Rating: moderate
References: #1185356
Cross-References: CVE-2021-3514
Affected Products:
SUSE Linux Enterprise Module for Server Applications 15-SP2
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for 389-ds fixes the following issues:

o CVE-2021-3514: Fixed a sync_repl NULL pointer dereference in
sync_create_state_control() (bsc#1185356)

389-ds was updated to version 1.4.3.23~git0.f53d0132b:
Bump version to 1.4.3.23:

o Issue 4725 – [RFE] DS – Update the password policy to support a Temporary
Password Rules (#4727)
o Issue 4759 – Fix coverity issue (#4760)
o Issue 4656 – Fix cherry pick error around replication enabling
o Issue 4701 – RFE – Exclude attributes from retro changelog (#4723) (#4746)
o Issue 4742 – UI – should always use LDAPI path when calling CLI
o Issue 4667 – incorrect accounting of readers in vattr rwlock (#4732)
o Issue 4711 – SIGSEV with sync_repl (#4738)
o Issue 4649 – fix testcase importing ContentSyncPlugin
o Issue 2736 – Warnings from automatic shebang munging macro
o Issue 2736 – https://github.com/389ds/389-ds-base/issues/2736
o Issue 4706 – negative wtime in access log for CMP operations

Bump version to 1.4.3.22:

o Issue 4671 – UI – Fix browser crashes
o lib389 – Add ContentSyncPlugin class
o Issue 4656 – lib389 – fix cherry pick error
o Issue 4229 – Fix Rust linking
o Issue 4658 – monitor – connection start date is incorrect
o Issue 2621 – lib389 – backport ds_supports_new_changelog()
o Issue 4656 – Make replication CLI backwards compatible with role name
change
o Issue 4656 – Remove problematic language from UI/CLI/lib389
o Issue 4459 – lib389 – Default paths should use dse.ldif if the server is
down
o Issue 4663 – CLI – unable to add objectclass/attribute without x-origin

Bump version to 1.4.3.21:

o Issue 4169 – UI – updates on the tuning page are not reflected in the UI
o Issue 4588 – BUG – unable to compile without xcrypt (#4589)
o Issue 4513 – Fix replication CI test failures (#4557)
o Issue 4646 – CLI/UI – revise DNA plugin management
o Issue 4644 – Large updates can reset the CLcache to the beginning of the
changelog (#4647)
o Issue 4649 – crash in sync_repl when a MODRDN create a cenotaph (#4652)
o Issue 4615 – log message when psearch first exceeds max threads per conn

Bump version to 1.4.3.20:

o Issue 4324 – Some architectures the cache line size file does not exist
o Issue 4593 – RFE – Print help when nsSSLPersonalitySSL is not found (#4614)

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:

o SUSE Linux Enterprise Module for Server Applications 15-SP2:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-1878=1

Package List:

o SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64
ppc64le s390x x86_64):
389-ds-1.4.3.23~git0.f53d0132b-3.15.1
389-ds-debuginfo-1.4.3.23~git0.f53d0132b-3.15.1
389-ds-debugsource-1.4.3.23~git0.f53d0132b-3.15.1
389-ds-devel-1.4.3.23~git0.f53d0132b-3.15.1
lib389-1.4.3.23~git0.f53d0132b-3.15.1
libsvrcore0-1.4.3.23~git0.f53d0132b-3.15.1
libsvrcore0-debuginfo-1.4.3.23~git0.f53d0132b-3.15.1

References:

o https://www.suse.com/security/cve/CVE-2021-3514.html
o https://bugzilla.suse.com/1185356

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYMBOeeNLKJtyKPYoAQjhgA/+M+MfJ3MGhaltuKT3qlWZR75HyDksTVCD
+HeLUWT6fuh7mK2Fy6F1rXrOoySX+8dToYEJMvc2eD3Y8ZGfnvbdNbiuPLKlUCkR
9kIoNcTXc4pQWvmyLjCJy2lRnhmzns8/ciUG4f8i02Du7dIhx+pi5owElYk9Ln2M
shABO3LBwiCGQp5PgHMgDS5+l2TKvEffJnJUoA976YF9ipTKfbPQidfzlDVqeef6
hULRB9B+sS6NmSGrlMIvNtV4k5emGC0pUurc8aZoXUwII8REdVXqxIm5FgT/B6eX
rjgOIhGiF4UdGO6U5AzXif2lwcvQ5eSM9JFn/ESnKhb+MOpVojAZuVff0GndHg4p
vln9UwpVMd2UKnCVrspItKj8/W2Dze7nM7i2kgQSuXxq/PvyIMMM8qkeEDQ7kYYM
Iuc6Fiuum0Iqzac5cKljKA1etslrEnfaARFZEOyJSi0/51mGDar0DqTBmj6rU+3o
cehZxFFrqHtNyy80qBSwoUTgEg/jzTO1RZp7Ib9OYwTECXKxxdIk3VfKyNoe3ft0
ql28I64Lc7vqRJyBbaYGKU+9ZvgUIyt3dXZ/yTHnUZymSPaZiHFdb89dkVNeeFnQ
vnXBH7h2Lv/sukm8aX1CmEedPdQFIuFaO/ZkafnZMOMK1j+Y7rus3kGbV+aBm8Km
YLj2E38Ax+E=
=/062
—–END PGP SIGNATURE—–

The post ESB-2021.2024 – [UNIX/Linux][SUSE] 389-ds: Denial of service – Existing account appeared first on Malware Devil.

https://malwaredevil.com/2021/06/09/esb-2021-2024-unix-linuxsuse-389-ds-denial-of-service-existing-account/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-2024-unix-linuxsuse-389-ds-denial-of-service-existing-account

ESB-2021.2025 – [SUSE] shim: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.2025
Security update for shim
9 June 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: shim
Publisher: SUSE
Operating System: SUSE
Impact/Access: Denial of Service — Unknown/Unspecified
Reduced Security — Unknown/Unspecified
Resolution: Patch/Upgrade

Original Bulletin:
https://www.suse.com/support/update/announcement/2021/suse-su-20211880-1

– ————————–BEGIN INCLUDED TEXT——————–

SUSE Security Update: Security update for shim

______________________________________________________________________________

Announcement ID: SUSE-SU-2021:1880-1
Rating: important
References: #1182057 #1185464
Affected Products:
SUSE Linux Enterprise Server 12-SP5
______________________________________________________________________________

An update that contains security fixes can now be installed.

Description:

This update for shim fixes the following issues:

o Update to the unified shim binary for SBAT support (bsc#1182057)
o shim-install: Always assume “removable” for Azure to avoid the endless
reset loop (bsc#1185464).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:

o SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1880=1

Package List:

o SUSE Linux Enterprise Server 12-SP5 (x86_64):
shim-15.4-25.16.1

References:

o https://bugzilla.suse.com/1182057
o https://bugzilla.suse.com/1185464

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYMBOoeNLKJtyKPYoAQjbOQ//Qs74EdLon7IZidOSa+BB1obt4KJRDwwb
gwJsK4KtBDcPWxMw0jeWlGmjMKs3kRZiCYSKWujzMlX3WqyT7+H8aZYb7Auhz85q
zhRl4jM40GaykcqCOZavR5dQv/mfMaCPBwZFwmfGGpkr1MNcGP4ow+gc0lkhXMY/
uzFAEuSzpckP4lmtTQdxW0hXcGFs78vzgxZ66qcn03DWPax73kkK7hgxj7tHJH9h
X6VCFgDIYnW+DN3OVJHl1A1QZ9tRcC9ZitIVCWjkjHH6R0s8OPU0N7Rn8wyFsnEn
z0qA8zwH8DUhHMdfGvK/u+Ax4stWeHtQjH0ZVTqNWj6CkifMYckSIigJfy9gkk03
lUFSmwnvdWSoiasWMfGoJaHSXBLd7I5ooZUCTKrEGOCwx83s9G+yDn7AoRH2ZsZe
cT7c6zH+xddWBwkspD0FPoqi+jm1ahQhuHjthP4u4K0EJb66sqk4n4wZg0t+NSDH
beCJPzorz0LIdREwHbowbc05mIb14xSKEN0zRld0HZKGCbyOM8LSceBUMzVCro62
ryR7sy7SO/WaAl7aEyFsgirjHFmCYoqhED13z2zzqz+zozGjDcvfw/5i/Y6fSrRv
k1nFIXIqXKaxRH6U2DgmOjZS6Fq/VeUT3aRvDXTpqcwQ480UwHWXwIpI1KhJF20W
Gmr1WzKUv7E=
=p0TI
—–END PGP SIGNATURE—–

The post ESB-2021.2025 – [SUSE] shim: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/06/09/esb-2021-2025-suse-shim-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-2025-suse-shim-multiple-vulnerabilities

ESB-2021.2026 – [RedHat] kpatch-patch: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.2026
kpatch-patch security update
9 June 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: kpatch-patch
Publisher: Red Hat
Operating System: Red Hat
Impact/Access: Increased Privileges — Existing Account
Denial of Service — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-3347

Reference: ESB-2021.1847
ESB-2021.1799

Original Bulletin:
https://access.redhat.com/errata/RHSA-2021:2285

– ————————–BEGIN INCLUDED TEXT——————–

– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: kpatch-patch security update
Advisory ID: RHSA-2021:2285-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:2285
Issue date: 2021-06-08
CVE Names: CVE-2021-3347
=====================================================================

1. Summary:

An update is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server (v. 7) – ppc64le, x86_64

3. Description:

This is a kernel live patch module which is automatically loaded by the RPM
post-install script to modify the code of a running kernel.

Security Fix(es):

* kernel: Use after free via PI futex state (CVE-2021-3347)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1922249 – CVE-2021-3347 kernel: Use after free via PI futex state

6. Package List:

Red Hat Enterprise Linux Server (v. 7):

Source:
kpatch-patch-3_10_0-1160-1-6.el7.src.rpm
kpatch-patch-3_10_0-1160_11_1-1-5.el7.src.rpm
kpatch-patch-3_10_0-1160_15_2-1-5.el7.src.rpm
kpatch-patch-3_10_0-1160_21_1-1-3.el7.src.rpm
kpatch-patch-3_10_0-1160_24_1-1-1.el7.src.rpm
kpatch-patch-3_10_0-1160_25_1-1-1.el7.src.rpm
kpatch-patch-3_10_0-1160_2_1-1-6.el7.src.rpm
kpatch-patch-3_10_0-1160_2_2-1-6.el7.src.rpm
kpatch-patch-3_10_0-1160_6_1-1-6.el7.src.rpm

ppc64le:
kpatch-patch-3_10_0-1160-1-6.el7.ppc64le.rpm
kpatch-patch-3_10_0-1160-debuginfo-1-6.el7.ppc64le.rpm
kpatch-patch-3_10_0-1160_11_1-1-5.el7.ppc64le.rpm
kpatch-patch-3_10_0-1160_11_1-debuginfo-1-5.el7.ppc64le.rpm
kpatch-patch-3_10_0-1160_15_2-1-5.el7.ppc64le.rpm
kpatch-patch-3_10_0-1160_15_2-debuginfo-1-5.el7.ppc64le.rpm
kpatch-patch-3_10_0-1160_21_1-1-3.el7.ppc64le.rpm
kpatch-patch-3_10_0-1160_21_1-debuginfo-1-3.el7.ppc64le.rpm
kpatch-patch-3_10_0-1160_24_1-1-1.el7.ppc64le.rpm
kpatch-patch-3_10_0-1160_24_1-debuginfo-1-1.el7.ppc64le.rpm
kpatch-patch-3_10_0-1160_25_1-1-1.el7.ppc64le.rpm
kpatch-patch-3_10_0-1160_25_1-debuginfo-1-1.el7.ppc64le.rpm
kpatch-patch-3_10_0-1160_2_1-1-6.el7.ppc64le.rpm
kpatch-patch-3_10_0-1160_2_1-debuginfo-1-6.el7.ppc64le.rpm
kpatch-patch-3_10_0-1160_2_2-1-6.el7.ppc64le.rpm
kpatch-patch-3_10_0-1160_2_2-debuginfo-1-6.el7.ppc64le.rpm
kpatch-patch-3_10_0-1160_6_1-1-6.el7.ppc64le.rpm
kpatch-patch-3_10_0-1160_6_1-debuginfo-1-6.el7.ppc64le.rpm

x86_64:
kpatch-patch-3_10_0-1160-1-6.el7.x86_64.rpm
kpatch-patch-3_10_0-1160-debuginfo-1-6.el7.x86_64.rpm
kpatch-patch-3_10_0-1160_11_1-1-5.el7.x86_64.rpm
kpatch-patch-3_10_0-1160_11_1-debuginfo-1-5.el7.x86_64.rpm
kpatch-patch-3_10_0-1160_15_2-1-5.el7.x86_64.rpm
kpatch-patch-3_10_0-1160_15_2-debuginfo-1-5.el7.x86_64.rpm
kpatch-patch-3_10_0-1160_21_1-1-3.el7.x86_64.rpm
kpatch-patch-3_10_0-1160_21_1-debuginfo-1-3.el7.x86_64.rpm
kpatch-patch-3_10_0-1160_24_1-1-1.el7.x86_64.rpm
kpatch-patch-3_10_0-1160_24_1-debuginfo-1-1.el7.x86_64.rpm
kpatch-patch-3_10_0-1160_25_1-1-1.el7.x86_64.rpm
kpatch-patch-3_10_0-1160_25_1-debuginfo-1-1.el7.x86_64.rpm
kpatch-patch-3_10_0-1160_2_1-1-6.el7.x86_64.rpm
kpatch-patch-3_10_0-1160_2_1-debuginfo-1-6.el7.x86_64.rpm
kpatch-patch-3_10_0-1160_2_2-1-6.el7.x86_64.rpm
kpatch-patch-3_10_0-1160_2_2-debuginfo-1-6.el7.x86_64.rpm
kpatch-patch-3_10_0-1160_6_1-1-6.el7.x86_64.rpm
kpatch-patch-3_10_0-1160_6_1-debuginfo-1-6.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-3347
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

iQIVAwUBYL80r9zjgjWX9erEAQhq+Q/+JS5dgx8nZYyZxhm5Y2RkEeV97JNGLrpr
TB//QcHwvKYX9UpXZhLvgZu8eQF68z7GcJtXQaQ/jYbYfky7jsmQj6a5KyHfHk50
w0A9zNYDZfwv+Si0gg8OXWLAMszWIVAOo52zyGSDW//lFYZbZUvLAmNISQd2Q1Kp
yMUoZ4OR1HiEw2WfygFw1/hEh1wLJFCQTYs+9Flfsx8Cfu91tAVTFCdpfZW54ICm
6N3/zNSRkwRIRkCaaWsSQXXAlvEiuIko0NzOzYjO6sdwIKEnGnmMrKLkSEUj4A01
JrTFAkK6LD7ML0tQJskPkOpgDB1Hq3yH3D4TP9apeOk1OR4Gs8TIXUgcNzxQDFM3
rOwp8Wy0u8WffybWPQ4zYE1Z4P0hvL6t1ubdHrIdy4ApWIvjHgc4EmXrnq82ZD3w
n68VLBFGDrBaapw1e0txGS8vYdp357yDtpEzXlTB5Mn48WPA+NWYqKoj2dG7yVEl
fpRvtUI0DzdZ0JLIQMdsdxvA7ls8kbCDdILArFnjSrESlURl2bGmXjs4bLPHfmIB
Y2gbaZxmL8hHubbSRf/wteTKvEdVgZ67Ma2tHfgnDRA0Xz2e6F/FF9nHq/MwqXHj
nEdJ5ej4J3jutsiYk8yreyNL4YRS1P3JHZItZF/ec/qSD2nH2we7+cCss/BfwWv6
Ib0LNTWQkOc=
=LBYZ
– —–END PGP SIGNATURE—–

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYMBOxuNLKJtyKPYoAQhJkRAArpSixV7wqXSDturASjQ9yW+uPaZoVNw5
+XW3wsIGPP6dQorwx4tgGhYZn5ymuHC8h0VEHCcHJwPWUfW7AEMP3TRetBy+gh6u
nfuF/ip1WRt4IvmIBltDbD6oEx9Bh2+pk+UgE9LfIIjHs20F/NCc4PSYEC0CxuQP
+AGtX9xiCPF0QNiU8o31Dt0biBgCielS0PGaNxO0Xe3XC50wfX7u4lGKsjJQYN2k
HtMR0dI2S+vBgocLF1PUjJFHf9ZAZsmbNDXpri4QU8jvZyu4hT0mCOTrCnI0AoSm
OttLyDLs/zPae7PH51n9FlSSQEYe1373rCL7MdpHukzva3GqWYTPg1W30TZmzp/j
YsC7FnBvdvXDWHCN2Ud5JkYG8GjoWkL7TJMciPDQ0gZNVqG9UnAKLfGG1iwr/XYB
Jq9GZsvNhUKwMiMgAH6Lg1AXeL8w+ZVXh540YP1OIBt6fZL5GSitsAhArM8c2irS
3YuOwupEIJBvcSehd0ayeyrEzlLgMXZjyc61zaJp6+dR9+qFc0+5gy0KBE50B8Qh
pb6Su2upCCC3eyH8TiwIGCoqtxj7HVQ1YkmczJu1DtzugbrfGwMp91cvkC/mYs28
9rEoYBVwuanAchBO/5SSqCtGGf32CvNxHRGTyqk0rE0cxAUwcW2t2RpoElOYskz/
XO9ifHfYK2o=
=eG+U
—–END PGP SIGNATURE—–

The post ESB-2021.2026 – [RedHat] kpatch-patch: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/06/09/esb-2021-2026-redhat-kpatch-patch-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-2026-redhat-kpatch-patch-multiple-vulnerabilities

ESB-2021.2027 – [RedHat] nginx:1.16: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.2027
nginx:1.16 security update
9 June 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: nginx:1.16
Publisher: Red Hat
Operating System: Red Hat
Impact/Access: Execute Arbitrary Code/Commands — Remote/Unauthenticated
Denial of Service — Remote/Unauthenticated
Access Confidential Data — Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2021-23017

Reference: ESB-2021.1973
ESB-2021.1936

Original Bulletin:
https://access.redhat.com/errata/RHSA-2021:2290

– ————————–BEGIN INCLUDED TEXT——————–

– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: nginx:1.16 security update
Advisory ID: RHSA-2021:2290-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:2290
Issue date: 2021-06-08
CVE Names: CVE-2021-23017
=====================================================================

1. Summary:

An update for the nginx:1.16 module is now available for Red Hat Enterprise
Linux 8, Red Hat Enterprise Linux 8.1 Extended Update Support, and Red Hat
Enterprise Linux 8.2 Extended Update Support.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) – aarch64, noarch, ppc64le, s390x, x86_64
Red Hat Enterprise Linux AppStream EUS (v. 8.1) – aarch64, noarch, ppc64le, s390x, x86_64
Red Hat Enterprise Linux AppStream EUS (v. 8.2) – aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

nginx is a web and proxy server supporting HTTP and other protocols, with a
focus on high concurrency, performance, and low memory usage.

Security Fix(es):

* nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a
pointer to a root domain name (CVE-2021-23017)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1963121 – CVE-2021-23017 nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v. 8.1):

Source:
nginx-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.src.rpm

aarch64:
nginx-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.aarch64.rpm
nginx-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.aarch64.rpm
nginx-debugsource-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.aarch64.rpm
nginx-mod-http-image-filter-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.aarch64.rpm
nginx-mod-http-image-filter-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.aarch64.rpm
nginx-mod-http-perl-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.aarch64.rpm
nginx-mod-http-perl-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.aarch64.rpm
nginx-mod-http-xslt-filter-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.aarch64.rpm
nginx-mod-http-xslt-filter-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.aarch64.rpm
nginx-mod-mail-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.aarch64.rpm
nginx-mod-mail-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.aarch64.rpm
nginx-mod-stream-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.aarch64.rpm
nginx-mod-stream-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.aarch64.rpm

noarch:
nginx-all-modules-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.noarch.rpm
nginx-filesystem-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.noarch.rpm

ppc64le:
nginx-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.ppc64le.rpm
nginx-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.ppc64le.rpm
nginx-debugsource-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.ppc64le.rpm
nginx-mod-http-image-filter-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.ppc64le.rpm
nginx-mod-http-image-filter-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.ppc64le.rpm
nginx-mod-http-perl-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.ppc64le.rpm
nginx-mod-http-perl-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.ppc64le.rpm
nginx-mod-http-xslt-filter-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.ppc64le.rpm
nginx-mod-http-xslt-filter-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.ppc64le.rpm
nginx-mod-mail-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.ppc64le.rpm
nginx-mod-mail-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.ppc64le.rpm
nginx-mod-stream-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.ppc64le.rpm
nginx-mod-stream-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.ppc64le.rpm

s390x:
nginx-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.s390x.rpm
nginx-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.s390x.rpm
nginx-debugsource-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.s390x.rpm
nginx-mod-http-image-filter-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.s390x.rpm
nginx-mod-http-image-filter-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.s390x.rpm
nginx-mod-http-perl-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.s390x.rpm
nginx-mod-http-perl-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.s390x.rpm
nginx-mod-http-xslt-filter-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.s390x.rpm
nginx-mod-http-xslt-filter-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.s390x.rpm
nginx-mod-mail-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.s390x.rpm
nginx-mod-mail-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.s390x.rpm
nginx-mod-stream-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.s390x.rpm
nginx-mod-stream-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.s390x.rpm

x86_64:
nginx-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.x86_64.rpm
nginx-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.x86_64.rpm
nginx-debugsource-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.x86_64.rpm
nginx-mod-http-image-filter-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.x86_64.rpm
nginx-mod-http-image-filter-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.x86_64.rpm
nginx-mod-http-perl-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.x86_64.rpm
nginx-mod-http-perl-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.x86_64.rpm
nginx-mod-http-xslt-filter-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.x86_64.rpm
nginx-mod-http-xslt-filter-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.x86_64.rpm
nginx-mod-mail-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.x86_64.rpm
nginx-mod-mail-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.x86_64.rpm
nginx-mod-stream-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.x86_64.rpm
nginx-mod-stream-debuginfo-1.16.1-1.module+el8.1.0+11153+6c3a40a9.1.x86_64.rpm

Red Hat Enterprise Linux AppStream EUS (v. 8.2):

Source:
nginx-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.src.rpm

aarch64:
nginx-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.aarch64.rpm
nginx-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.aarch64.rpm
nginx-debugsource-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.aarch64.rpm
nginx-mod-http-image-filter-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.aarch64.rpm
nginx-mod-http-image-filter-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.aarch64.rpm
nginx-mod-http-perl-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.aarch64.rpm
nginx-mod-http-perl-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.aarch64.rpm
nginx-mod-http-xslt-filter-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.aarch64.rpm
nginx-mod-http-xslt-filter-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.aarch64.rpm
nginx-mod-mail-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.aarch64.rpm
nginx-mod-mail-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.aarch64.rpm
nginx-mod-stream-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.aarch64.rpm
nginx-mod-stream-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.aarch64.rpm

noarch:
nginx-all-modules-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.noarch.rpm
nginx-filesystem-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.noarch.rpm

ppc64le:
nginx-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.ppc64le.rpm
nginx-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.ppc64le.rpm
nginx-debugsource-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.ppc64le.rpm
nginx-mod-http-image-filter-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.ppc64le.rpm
nginx-mod-http-image-filter-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.ppc64le.rpm
nginx-mod-http-perl-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.ppc64le.rpm
nginx-mod-http-perl-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.ppc64le.rpm
nginx-mod-http-xslt-filter-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.ppc64le.rpm
nginx-mod-http-xslt-filter-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.ppc64le.rpm
nginx-mod-mail-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.ppc64le.rpm
nginx-mod-mail-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.ppc64le.rpm
nginx-mod-stream-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.ppc64le.rpm
nginx-mod-stream-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.ppc64le.rpm

s390x:
nginx-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.s390x.rpm
nginx-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.s390x.rpm
nginx-debugsource-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.s390x.rpm
nginx-mod-http-image-filter-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.s390x.rpm
nginx-mod-http-image-filter-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.s390x.rpm
nginx-mod-http-perl-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.s390x.rpm
nginx-mod-http-perl-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.s390x.rpm
nginx-mod-http-xslt-filter-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.s390x.rpm
nginx-mod-http-xslt-filter-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.s390x.rpm
nginx-mod-mail-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.s390x.rpm
nginx-mod-mail-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.s390x.rpm
nginx-mod-stream-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.s390x.rpm
nginx-mod-stream-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.s390x.rpm

x86_64:
nginx-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.x86_64.rpm
nginx-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.x86_64.rpm
nginx-debugsource-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.x86_64.rpm
nginx-mod-http-image-filter-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.x86_64.rpm
nginx-mod-http-image-filter-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.x86_64.rpm
nginx-mod-http-perl-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.x86_64.rpm
nginx-mod-http-perl-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.x86_64.rpm
nginx-mod-http-xslt-filter-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.x86_64.rpm
nginx-mod-http-xslt-filter-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.x86_64.rpm
nginx-mod-mail-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.x86_64.rpm
nginx-mod-mail-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.x86_64.rpm
nginx-mod-stream-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.x86_64.rpm
nginx-mod-stream-debuginfo-1.16.1-1.module+el8.2.0+11154+636e4c3b.1.x86_64.rpm

Red Hat Enterprise Linux AppStream (v. 8):

Source:
nginx-1.16.1-2.module+el8.4.0+11155+68135136.1.src.rpm

aarch64:
nginx-1.16.1-2.module+el8.4.0+11155+68135136.1.aarch64.rpm
nginx-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.aarch64.rpm
nginx-debugsource-1.16.1-2.module+el8.4.0+11155+68135136.1.aarch64.rpm
nginx-mod-http-image-filter-1.16.1-2.module+el8.4.0+11155+68135136.1.aarch64.rpm
nginx-mod-http-image-filter-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.aarch64.rpm
nginx-mod-http-perl-1.16.1-2.module+el8.4.0+11155+68135136.1.aarch64.rpm
nginx-mod-http-perl-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.aarch64.rpm
nginx-mod-http-xslt-filter-1.16.1-2.module+el8.4.0+11155+68135136.1.aarch64.rpm
nginx-mod-http-xslt-filter-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.aarch64.rpm
nginx-mod-mail-1.16.1-2.module+el8.4.0+11155+68135136.1.aarch64.rpm
nginx-mod-mail-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.aarch64.rpm
nginx-mod-stream-1.16.1-2.module+el8.4.0+11155+68135136.1.aarch64.rpm
nginx-mod-stream-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.aarch64.rpm

noarch:
nginx-all-modules-1.16.1-2.module+el8.4.0+11155+68135136.1.noarch.rpm
nginx-filesystem-1.16.1-2.module+el8.4.0+11155+68135136.1.noarch.rpm

ppc64le:
nginx-1.16.1-2.module+el8.4.0+11155+68135136.1.ppc64le.rpm
nginx-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.ppc64le.rpm
nginx-debugsource-1.16.1-2.module+el8.4.0+11155+68135136.1.ppc64le.rpm
nginx-mod-http-image-filter-1.16.1-2.module+el8.4.0+11155+68135136.1.ppc64le.rpm
nginx-mod-http-image-filter-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.ppc64le.rpm
nginx-mod-http-perl-1.16.1-2.module+el8.4.0+11155+68135136.1.ppc64le.rpm
nginx-mod-http-perl-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.ppc64le.rpm
nginx-mod-http-xslt-filter-1.16.1-2.module+el8.4.0+11155+68135136.1.ppc64le.rpm
nginx-mod-http-xslt-filter-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.ppc64le.rpm
nginx-mod-mail-1.16.1-2.module+el8.4.0+11155+68135136.1.ppc64le.rpm
nginx-mod-mail-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.ppc64le.rpm
nginx-mod-stream-1.16.1-2.module+el8.4.0+11155+68135136.1.ppc64le.rpm
nginx-mod-stream-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.ppc64le.rpm

s390x:
nginx-1.16.1-2.module+el8.4.0+11155+68135136.1.s390x.rpm
nginx-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.s390x.rpm
nginx-debugsource-1.16.1-2.module+el8.4.0+11155+68135136.1.s390x.rpm
nginx-mod-http-image-filter-1.16.1-2.module+el8.4.0+11155+68135136.1.s390x.rpm
nginx-mod-http-image-filter-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.s390x.rpm
nginx-mod-http-perl-1.16.1-2.module+el8.4.0+11155+68135136.1.s390x.rpm
nginx-mod-http-perl-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.s390x.rpm
nginx-mod-http-xslt-filter-1.16.1-2.module+el8.4.0+11155+68135136.1.s390x.rpm
nginx-mod-http-xslt-filter-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.s390x.rpm
nginx-mod-mail-1.16.1-2.module+el8.4.0+11155+68135136.1.s390x.rpm
nginx-mod-mail-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.s390x.rpm
nginx-mod-stream-1.16.1-2.module+el8.4.0+11155+68135136.1.s390x.rpm
nginx-mod-stream-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.s390x.rpm

x86_64:
nginx-1.16.1-2.module+el8.4.0+11155+68135136.1.x86_64.rpm
nginx-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.x86_64.rpm
nginx-debugsource-1.16.1-2.module+el8.4.0+11155+68135136.1.x86_64.rpm
nginx-mod-http-image-filter-1.16.1-2.module+el8.4.0+11155+68135136.1.x86_64.rpm
nginx-mod-http-image-filter-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.x86_64.rpm
nginx-mod-http-perl-1.16.1-2.module+el8.4.0+11155+68135136.1.x86_64.rpm
nginx-mod-http-perl-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.x86_64.rpm
nginx-mod-http-xslt-filter-1.16.1-2.module+el8.4.0+11155+68135136.1.x86_64.rpm
nginx-mod-http-xslt-filter-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.x86_64.rpm
nginx-mod-mail-1.16.1-2.module+el8.4.0+11155+68135136.1.x86_64.rpm
nginx-mod-mail-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.x86_64.rpm
nginx-mod-stream-1.16.1-2.module+el8.4.0+11155+68135136.1.x86_64.rpm
nginx-mod-stream-debuginfo-1.16.1-2.module+el8.4.0+11155+68135136.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-23017
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

iQIVAwUBYL9JUNzjgjWX9erEAQjSfA/9H4Lh2lGSkUcGMgFMdswHlGjLWsVw88oj
E8RnhgJTjDvtRGf+9f6+l2idvZ8Yu9vqDeLMGIPA1DeL4qY1cf9ONQWAUgQTXfc3
UbzeEL6xJJO8+3UWWj/QS8bamTAQ0AlcC8t6lY54bjsKpwJQbzqlKlCLDbtFHERj
K8ya6dpSU2MBHaIZ0TAoM0I/rpfVrT4pzwJkmRuum5vGE/BDw2uykGCyV2MhcGfo
SwhQBlsahaGGALWm6qX1sODtLgyM7o5ew006x0rmUnK36PoLyaR2J0dELDs+s/vd
VgSzejuChb+OTauUvQ1r52DDojfzVxFwVkNjJ2N8nJnPOrHwLnYEfyFSVEcaO9MC
wCFgEX1NSQ1k4O0kh/yADz19xPuhDN6uMUzDwg7X2rJJsWoaUEQlDWivM8J6D21R
XFyOiA9AcIw3sU8TkBEhuNIaYnWlO4s9pF8ArEI7+Z6Npo5XHnYRktS3dK1Aa1A4
Eh4ziunoXJJqCX+1EveVIOSNCDPq/9CyU8iOCMZOQi67Id6Hhi1aRJ1UNw1oiR4k
1X/I+oWRrl3BSEKVBPWNCN0qCV97bwjl6wW9+PXhIDMe5dSNIF5zZ7o7smbCl3ix
OBRavPU6umfqzWre430GMfMsj1VFx8Sj6gU7WPTeGWBgPW4tCUzj5d+C8CW0llH9
+wyUMMhwDBE=
=GAHo
– —–END PGP SIGNATURE—–

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYMBO3ONLKJtyKPYoAQgH+A/9FwFPYNPuoGqQodWvm6SrhKouu07EWTQK
bAxSd5x2bEg3FYlqssA8vFjmVjcc+nKXhDmlFaARaQvr6wZiDrnowF7IK/6Kw036
b8CzJB9ciwdfHg5n505GVsEZpwemXzvq5ygFN2dzZhBoLC7AtcWbOiyOd1f3BpYa
aY/+ewYXBEgy+WNAXzK8/u4VE7eNpORtpf+HbMcB50wy8cHJ3fIGbthVtngdMMKo
vUkmBretfIs9UvxG5UX+Rh6zetKB0vWjsBx7chyH7veaELfa5gaARW1FPzvUi5RK
lxkaq/WiizJbMyrDmaJ80q+D1nnnrY6VJmcsIR7qxJThXRbCnP602EGeu96/7K6F
q8AGVqOIsMVfcVKodR7pLeRuHkpsvbaYPeCbYjcYvbhb3hCO0wXfv13sYRPpb3Ut
ETIBAGhejD7Fo+YVjzbM+xVkMVpyUTvJ/D3P9tIo43xLVj86LWZIOc9rqbjomgwI
frnf9ecBFZKb2336P6Xeq70opdONiOM+HWzGf/V452ufuD/pVJjdrJ/b4Yo31gDA
Zhr3/tbU7zY5E9Y7KrMnU8tvJZGRlZW5Ru9XBZXwDzdYXtyiFPl8OuHVxRZOwyzd
FasvWXLch7DdxWkj1P2OXZWcYt0xPvg67/nde/errNRP75W3xtAuIex8YuBpU+Y4
mZRXtnwuKUg=
=3c1y
—–END PGP SIGNATURE—–

The post ESB-2021.2027 – [RedHat] nginx:1.16: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/06/09/esb-2021-2027-redhat-nginx1-16-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-2027-redhat-nginx1-16-multiple-vulnerabilities

Malware Devil

Malware Devil

Wednesday, June 9, 2021

ESB-2021.2047 – [Appliance] AVEVA InTouch: Multiple vulnerabilities

ESB-2021.2048 – [Appliance] Schneider Electric IGSS (Interactive Graphical SCADA System): Multiple vulnerabilities

Security Alert: Microsoft Releases June 2021 Security Updates

I. Overview

II. Solution

III. References

Security Alert: Alert Regarding Vulnerabilities in Adobe Acrobat and Reader (APSB21-37)

I. Overview

II. Affected Products

III. Solution

IV. References

ISC Stormcast For Wednesday, June 9th, 2021 https://isc.sans.edu/podcastdetail.html?id=7534, (Wed, Jun 9th)

ESB-2021.2022 – [Win][UNIX/Linux] Intel VTune Profiler: Increased privileges – Existing account

ESB-2021.2023 – [Win][Linux] Intel Bluetooth products: Multiple vulnerabilities

ESB-2021.2024 – [UNIX/Linux][SUSE] 389-ds: Denial of service – Existing account

ESB-2021.2025 – [SUSE] shim: Multiple vulnerabilities

ESB-2021.2026 – [RedHat] kpatch-patch: Multiple vulnerabilities

ESB-2021.2027 – [RedHat] nginx:1.16: Multiple vulnerabilities

Barbary Pirates and Russian Cybercrime

Blog Archive

About Me