Malware Devil

Loading...

Wednesday, March 31, 2021

Zettaset Unveils Encryption Management Console

Zettaset encryption

Zettaset today added a management console to its portfolio that promises to simplify managing encryption on an end-to-end basis via integrations with third-party key managers that comply with the key management interoperability protocol (KMIP). KMIP defines a set of message formats for the manipulation of cryptographic keys on a key management server that was first..

The post Zettaset Unveils Encryption Management Console appeared first on Security Boulevard.

Read More

The post Zettaset Unveils Encryption Management Console appeared first on Malware Devil.



https://malwaredevil.com/2021/03/31/zettaset-unveils-encryption-management-console/?utm_source=rss&utm_medium=rss&utm_campaign=zettaset-unveils-encryption-management-console
at No comments:
Labels:

Tyler’s “Deathpool”, Astadia, Gigamon, & GRIMM – ESW #222

This week in the Enterprise News: Funding announcements from Clearsense, Morphisec, Feedzai, Jumio, Ketch, Living Security, Productiv and Socure. ServiceNow acquires Intellibot, Accenture acquires Cygni, Astadia acquires Anubex, AutoRABIT acquires CodeScan, Kroll Acquires Redscan. GRIMM launches a Private Vulnerability Disclosure program, AttackIQ automates the validation of AI and ML, CircleCI offers CI/CD for ARM in the cloud, Elastic Observability updates, Gigamon and FireEye collaborate on integration of Gigamon Hawk, McAfee unveils MVision cloud, Red Hat OpenShift Service Available on AWS, Sysdig Adds Unified Threat Detection Across Containers and Cloud & more!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw222

The post Tyler’s “Deathpool”, Astadia, Gigamon, & GRIMM – ESW #222 appeared first on Malware Devil.



https://malwaredevil.com/2021/03/31/tylers-deathpool-astadia-gigamon-grimm-esw-222-2/?utm_source=rss&utm_medium=rss&utm_campaign=tylers-deathpool-astadia-gigamon-grimm-esw-222-2
at No comments:
Labels:

Tyler’s “Deathpool”, Astadia, Gigamon, & GRIMM – ESW #222

This week in the Enterprise News: Funding announcements from Clearsense, Morphisec, Feedzai, Jumio, Ketch, Living Security, Productiv and Socure. ServiceNow acquires Intellibot, Accenture acquires Cygni, Astadia acquires Anubex, AutoRABIT acquires CodeScan, Kroll Acquires Redscan. GRIMM launches a Private Vulnerability Disclosure program, AttackIQ automates the validation of AI and ML, CircleCI offers CI/CD for ARM in the cloud, Elastic Observability updates, Gigamon and FireEye collaborate on integration of Gigamon Hawk, McAfee unveils MVision cloud, Red Hat OpenShift Service Available on AWS, Sysdig Adds Unified Threat Detection Across Containers and Cloud & more!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw222

The post Tyler’s “Deathpool”, Astadia, Gigamon, & GRIMM – ESW #222 appeared first on Malware Devil.



https://malwaredevil.com/2021/03/31/tylers-deathpool-astadia-gigamon-grimm-esw-222/?utm_source=rss&utm_medium=rss&utm_campaign=tylers-deathpool-astadia-gigamon-grimm-esw-222
at No comments:
Labels:

What’s So Great About XDR?

XDR is a significant advance in threat detection and response technology, but few enterprises understand why. Omdia identifies four catalysts driving the emergence of XDR.

Extended Detection and Response, or XDR, is one of the most promising emerging technologies to arrive on the enterprise cybersecurity landscape in many years.

First coined in 2018 by Omdia Principal Analyst Rik Turner, XDR is defined by Omdia as a single, standalone solution that offers integrated threat detection and response capabilities across (at a minimum) endpoints, networks, and cloud environments.

XDR offers significant potential for several reasons. However, because XDR is still emerging, few organizations understand exactly how it achieves what SIEM, SOAR, and other previous technologies have been largely unable to offer.

Here, Omdia will highlight why XDR has become one of fastest-growing market segments in enterprise cybersecurity. Specifically, XDR addresses four key enterprise threat detection and response requirements that vendors have struggled to address.

Unified Telemetry Analysis
No threat detection solution exists in a vacuum. In other words, consistent and accurate detection of a wide range of threats requires the combination of relevant data from multiple threat telemetry sources.

However, most enterprises manage a cybersecurity product architecture with dozens of unique solutions from many different vendors; few if any of them are designed to work well with each other.

XDR solutions are intended to address this challenge by providing unified analysis of previously siloed threat detection telemetry data. Regardless of whether threat data originates on the endpoint, network, cloud, or elsewhere, the telemetry is unified, standardized, and analyzed simultaneously as a whole.

The key difference is that unlike existing solutions that conduct analysis separately and then attempt to reconcile the findings to detect threats, the simultaneous, unified analysis of multisource telemetry offered by XDR accelerates the process of accurately identifying attacks, particularly multistage attacks like NotPetya that often go undetected.

Faster, More Accurate Threat Detection
In addition to unified telemetry analysis, several other XDR features are equally critical in helping enterprises realize faster, more accurate threat detection.

An XDR solution is constantly reviewing incoming telemetry, using a variety of detection engines, as well as machine learning algorithms and behavioral analytics. Unlike static policy-based alerting systems, XDR continuously determines whether an event is malicious, anomalous, or suspicious based on a variety of evolving indicators, including whether the activity has any precedent in the organization.

Related Content:

Fundamentals of XDR versus SIEM and SOAR: Understanding the evolution of SecOps architectures

SecOps 2021 Trends To Watch

Fundamentals of Cybersecurity Operations Lifecycle Strategy

XDR can automatically initiate an event enrichment process upon discovery of suspicious or anomalous activity. The system saves time by accumulating additional data points that a human analyst would typically gather manually to determine whether the event is a true positive.

After enrichment, XDR solutions proactively correlate or review artifacts related to the event, as a whole and simultaneously, to make a conviction with the greatest possible accuracy. Because XDR typically standardizes the telemetry it takes in, that common format allows its analysis engines to find common data points that are indicative of a threat event quickly and accurately.

Finally, when a threat is confirmed, XDR solutions present the findings to analysts by way of informative, compelling visual representations of the sequence of events that encompass a threat event. Specific data points are often visualized as events on a continuum or with radar or spider graphs. This helps SOC analysts understand, explore, and act on threats more quickly and decisively.

React, Respond, and Resolve Faster and Better
Threat response is a highly manual exercise, often requiring hours of work, numerous tools, and inconsistent processes. CISOs and SOC analysts alike understand that this is an inefficient, expensive, tedious, and often ineffective approach.

While SOAR solutions have sought to codify, orchestrate, and ultimately automate some of this work, SOAR is often too expensive and complicated for many organizations.

XDR solutions provide SOAR-like functionality, but with better ease of use. Policy-based actions are pre-built based on industry best practices for various types of threats; enrichment, correlation, and presentation takes place prior to alerting, enabling fewer manual steps prior to response; and remediation actions are executed by the XDR system, allowing for closed-loop remediation, confirmation, and reporting.

Functionality Regardless of Maturity Level
Until XDR, enterprise-grade threat detection and response capabilities have largely required the deployment of a SIEM/SOAR-based SOC technology stack, which is expensive, complex, and requires trained experts to configure and manage.

Omdia’s research indicates that XDR, compared with SIEM and SOAR, is often less expensive, somewhat less complex to deploy and manage, requires less expertise, and will increasingly become viable for organizations with lower levels of cybersecurity maturity.

Considering that essentially any organization can be targeted by a complex cyberattack at any time, this democratization of threat detection and response has been a long time coming.

XDR: Looking Ahead
To be sure, XDR is nascent, and vendors will be busy for years to come refining their solutions.

For starters, most XDR solutions today have unrefined features and workflow, widely varying depth of features (some don’t even offer true threat response), and limited extended capabilities related to integration, ticketing, and compliance management. There are also few documented case studies proving the success of XDR in real-world deployment scenarios.

Still, Omdia is bullish on XDR, and expects the technology to mature rapidly. Enterprises are eager for an easier, more affordable approach to threat detection and response, and vendors recognize the opportunity to finally deliver solutions to address those needs.

Editor’s note: This column is based on research excerpted from Omdia’s recently published report, “Fundamentals of XDR versus SIEM and SOAR: Understanding the evolution of SecOps architectures,” which is available to Omdia subscribers. Click here to learn more about Omdia. Click here to follow OmdiaCyber on Twitter.

Eric Parizo supports Omdia’s Cybersecurity Accelerator, its research practice supporting vendor, service provider, and enterprise clients in the area of enterprise cybersecurity. Eric covers global cybersecurity trends and top-tier vendors in North America. He has been … View Full Bio

Recommended Reading:

Comment |

Email This |

Print |

RSS

More Insights

Webcasts

More Webcasts

White Papers

More White Papers

Reports

More Reports

The post What’s So Great About XDR? appeared first on Malware Devil.



https://malwaredevil.com/2021/03/31/whats-so-great-about-xdr-2/?utm_source=rss&utm_medium=rss&utm_campaign=whats-so-great-about-xdr-2
at No comments:
Labels:

83% of Businesses Hit With a Firmware Attack in Past Two Years

A new Microsoft-commissioned report finds less than 30% of organizations allocate security budget toward preventing firmware attacks.

Firmware attacks targeting enterprises are up over the past two years. However, most victims are too preoccupied with patches and upgrades to invest resources into preventing them.

The numbers come from Microsoft’s new “Security Signals” report, conducted by Hypothesis Group, which polled 1,000 decision-makers involved with security and threat protection at enterprise companies. Of these, 83% had been hit with a firmware attack in the past two years.

Firmware has become a hot target for cybercrime in recent years as software security has improved. The TrickBot malware last year added a module to inspect devices for firmware vulnerabilities that could enable attackers to read, write, or erase the UEFI/BIOS firmware. Last October, a rare firmware rootkit was detected targeting diplomats and nongovernmental organizations. Russian advanced persistent threat group Sednit deployed the first firmware-level rootkit seen in the wild back in September 2018.

The trend is poised to increase, says David Weston, partner director of Enterprise and operating system security at Microsoft. “We see the trend growing linearly. … Every year we’re seeing more and more CVEs determined in firmware,” he says. In the last 18 months alone, Microsoft has seen at least three different nation-state actors exploiting firmware vulnerabilities, he adds.

“That’s a huge uptick from the previous 18 months, where I don’t think we saw more than one,” says Weston, noting this is “a substantial increase.”

There are a few reasons why firmware attacks appeal to criminals. For starters, this is where sensitive data, including credentials and encryption keys, are stored in memory. They also afford the intruder longer dwell time because many detection products, as well as general logging, can’t see firmware. Attackers also benefit from the ability to remain on a machine after it’s wiped.

“Firmware vulnerabilities will allow you, in most cases, to reacquire a machine that’s been fully wiped,” Weston explains. “Even if you format the machine, if the code is injected in the firmware, you can stay through multiple wipes of the machine, so it’s harder to get you out.”

Privilege is another factor, as firmware attacks enable adversaries to go straight to the part of a machine with the most sensitive access. An attacker is invisible and at the heart of defenses.

Defending against these types of attacks is a challenge. Firmware is hard to update; often, organizations have to go to multiple different manufacturers’ websites and download updates and then find a way to push them out. This is especially challenging outside the realm of PCs, where companies have made some headway, into the world of connected products.

“When you start to talk about IoT and embedded devices, firmware looks even worse because there is no standardized update mechanisms [and] you’re dealing with multiple different hardware and software ecosystems, so that problem is just compounded,” Weston explains.

Microsoft last year released a line of “Secured-Core” Windows 10 PCs as part of a partnership with Intel, Qualcomm, and AMD, to help businesses better defend against attacks that attempt to interfere with the boot process. Last June, it added a UEFI scanner to Microsoft Defender Advanced Threat Protection to assess the security posture inside of a firmware file system.

However, even though Microsoft working to expose firmware visibility, “I don’t think we yet have the total picture,” he says, and it’s a challenge to observe attacks taking place below the operating system. What’s more, not all businesses can shift to new hardware in the near term, and many security teams are juggling too many other issues to prioritize firmware.

“The study showed that current investment is going to security updates, vulnerability scanning, and advanced threat protection solutions,” Microsoft’s security team writes in a blog post on the report.

While 83% of respondents had experienced a firmware-level attack, and 73% agree they are disruptive, only 29% of respondents have allocated security budget to defending against them.

The majority (82%) of respondents say they don’t have the resources to allocate toward high-impact security work because they’re spending too much time on manual tasks such as software and patching, hardware upgrades, and mitigating internal and external vulnerabilities. Most (62%) want to spend more time on security strategy and preparing for advanced threats.

“They spend a lot of time remediating very low-grade security issues, things like adware, key generators, or basic ransomware, and a lot of that is linked to the inability to strategically block common attack vectors,” Weston says. These low-grade issues continue to be an obstacle because security teams are “on that treadmill” of not being able to block the attack vector. The respondents report only 39% of their security teams’ time is spent on preventative measures.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial … View Full Bio

Recommended Reading:

Comment |

Email This |

Print |

RSS

More Insights

Webcasts

More Webcasts

White Papers

More White Papers

Reports

More Reports

The post 83% of Businesses Hit With a Firmware Attack in Past Two Years appeared first on Malware Devil.



https://malwaredevil.com/2021/03/31/83-of-businesses-hit-with-a-firmware-attack-in-past-two-years-2/?utm_source=rss&utm_medium=rss&utm_campaign=83-of-businesses-hit-with-a-firmware-attack-in-past-two-years-2
at No comments:
Labels:

What’s So Great About XDR?

XDR is a significant advance in threat detection and response technology, but few enterprises understand why. Omdia identifies four catalysts driving the emergence of XDR.

The post What’s So Great About XDR? appeared first on Malware Devil.



https://malwaredevil.com/2021/03/31/whats-so-great-about-xdr/?utm_source=rss&utm_medium=rss&utm_campaign=whats-so-great-about-xdr
at No comments:
Labels:

83% of Businesses Hit With a Firmware Attack in Past Two Years

A new Microsoft-commissioned report finds less than 30% of organizations allocate security budget toward preventing firmware attacks.

The post 83% of Businesses Hit With a Firmware Attack in Past Two Years appeared first on Malware Devil.



https://malwaredevil.com/2021/03/31/83-of-businesses-hit-with-a-firmware-attack-in-past-two-years/?utm_source=rss&utm_medium=rss&utm_campaign=83-of-businesses-hit-with-a-firmware-attack-in-past-two-years
at No comments:
Labels:

Apple, Google Both Track Mobile Telemetry Data, Despite Users Opting Out

Google’s Pixel and Apple’s iPhone both in privacy hot seat for siphoning mobile device data without consent.
Read More

The post Apple, Google Both Track Mobile Telemetry Data, Despite Users Opting Out appeared first on Malware Devil.



https://malwaredevil.com/2021/03/31/apple-google-both-track-mobile-telemetry-data-despite-users-opting-out/?utm_source=rss&utm_medium=rss&utm_campaign=apple-google-both-track-mobile-telemetry-data-despite-users-opting-out
at No comments:
Labels:

Why User Adoption in Enterprise Security is Low – Juliet Okafor – ESW #222

Security technology roll-outs often fail because of the following:

1) Weak Security Culture – users don’t see value or understand the importance of taking action.
2) Security teams often fail to consider user experience in purchase, configuration, set-up and training of security technology, like endpoint security
3) End User communication about new technology is not communicated to the right users, at the right time, during the right stage of the project.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw222

The post Why User Adoption in Enterprise Security is Low – Juliet Okafor – ESW #222 appeared first on Malware Devil.



https://malwaredevil.com/2021/03/31/why-user-adoption-in-enterprise-security-is-low-juliet-okafor-esw-222/?utm_source=rss&utm_medium=rss&utm_campaign=why-user-adoption-in-enterprise-security-is-low-juliet-okafor-esw-222
at No comments:
Labels:

Whistleblower Accuses Ubiquiti of Downplaying Major Data Breach

Whistleblower Accuses Ubiquiti of Downplaying Major Data Breach

A security professional who assisted Ubiquiti in its response to a data breach accused the Internet-of-Things (IoT) device vendor of having downplayed the incident’s severity.

The post Whistleblower Accuses Ubiquiti of Downplaying Major Data Breach appeared first on Security Boulevard.

Read More

The post Whistleblower Accuses Ubiquiti of Downplaying Major Data Breach appeared first on Malware Devil.



https://malwaredevil.com/2021/03/31/whistleblower-accuses-ubiquiti-of-downplaying-major-data-breach/?utm_source=rss&utm_medium=rss&utm_campaign=whistleblower-accuses-ubiquiti-of-downplaying-major-data-breach
at No comments:
Labels:

Designing your company’s end-user computing setup? read this first

In the first part of this article, I tried to portray the ideal characteristics of a trusted computing environment for users in the post-COVID world: future end-user computing should strongly isolate corporate assets, allow enterprises to adopt modern apps, with a blazing-fast user experience, on any device, anywhere, all in a scalable cost-effective way. Most enterprises … Continued

The post Designing your company’s end-user computing setup? read this first appeared first on Hysolate.

The post Designing your company’s end-user computing setup? read this first appeared first on Security Boulevard.

Read More

The post Designing your company’s end-user computing setup? read this first appeared first on Malware Devil.



https://malwaredevil.com/2021/03/31/designing-your-companys-end-user-computing-setup-read-this-first/?utm_source=rss&utm_medium=rss&utm_campaign=designing-your-companys-end-user-computing-setup-read-this-first
at No comments:
Labels:

ESB-2021.1090 – [RedHat] OpenShift Container Platform: Denial of service – Remote/unauthenticated 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.1090
            OpenShift Container Platform 4.6.23 security update
                               31 March 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           OpenShift Container Platform
Publisher:         Red Hat
Operating System:  Red Hat
Impact/Access:     Denial of Service -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-16845 CVE-2020-15586 

Reference:         ESB-2021.0885
                   ESB-2021.0864
                   ESB-2021.0432

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2021:0956

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Low: OpenShift Container Platform 4.6.23 security update
Advisory ID:       RHSA-2021:0956-01
Product:           Red Hat OpenShift Enterprise
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:0956
Issue date:        2021-03-30
CVE Names:         CVE-2020-15586 CVE-2020-16845 
=====================================================================

1. Summary:

Red Hat OpenShift Container Platform release 4.6.23 is now available with
updates to packages and images that fix several bugs and add enhancements.

Red Hat Product Security has rated this update as having a security impact
of Low. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenShift Container Platform 4.6 - noarch, ppc64le, s390x, x86_64

3. Description:

ed Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container
Platform 4.6.23. See the following advisory for the container images for
this release:

https://access.redhat.com/errata/RHBA-2021:0952

All OpenShift Container Platform 4.6 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift Console
or the CLI oc command. Instructions for upgrading a cluster are available
at
https://docs.openshift.com/container-platform/4.6/updating/updating-cluster
- - -between-minor.html#understanding-upgrade-channels_updating-cluster-between
- - -minor.

Security Fix(es):

* golang: data race in certain net/http servers including ReverseProxy can
lead to DoS (CVE-2020-15586)

* golang: ReadUvarint and ReadVarint can read an unlimited number of bytes
from invalid inputs (CVE-2020-16845)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For OpenShift Container Platform 4.6 see the following documentation, which
will be updated shortly for this release, for important instructions on how
to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel
ease-notes.html

Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.6/updating/updating-cluster
- - -cli.html.

5. Bugs fixed (https://bugzilla.redhat.com/):

1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS
1867099 - CVE-2020-16845 golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs
1941433 - Placeholder bug for OCP 4.6.0 rpm release

6. Package List:

Red Hat OpenShift Container Platform 4.6:

Source:
openshift-4.6.0-202103210832.p0.git.94284.834ccc7.el7.src.rpm
openshift-ansible-4.6.0-202103192141.p0.git.0.d1b612b.el7.src.rpm
openshift-clients-4.6.0-202103200039.p0.git.3841.3e951a5.el7.src.rpm

noarch:
openshift-ansible-4.6.0-202103192141.p0.git.0.d1b612b.el7.noarch.rpm
openshift-ansible-test-4.6.0-202103192141.p0.git.0.d1b612b.el7.noarch.rpm

x86_64:
openshift-clients-4.6.0-202103200039.p0.git.3841.3e951a5.el7.x86_64.rpm
openshift-clients-redistributable-4.6.0-202103200039.p0.git.3841.3e951a5.el7.x86_64.rpm
openshift-hyperkube-4.6.0-202103210832.p0.git.94284.834ccc7.el7.x86_64.rpm

Red Hat OpenShift Container Platform 4.6:

Source:
openshift-4.6.0-202103210832.p0.git.94284.834ccc7.el8.src.rpm
openshift-clients-4.6.0-202103200039.p0.git.3841.3e951a5.el8.src.rpm
openshift-eventrouter-0.2-6.git7c289cc.el8.src.rpm
openshift-kuryr-4.6.0-202103192141.p0.git.2234.cba9525.el8.src.rpm

noarch:
openshift-kuryr-cni-4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch.rpm
openshift-kuryr-common-4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch.rpm
openshift-kuryr-controller-4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch.rpm
python3-kuryr-kubernetes-4.6.0-202103192141.p0.git.2234.cba9525.el8.noarch.rpm

ppc64le:
openshift-clients-4.6.0-202103200039.p0.git.3841.3e951a5.el8.ppc64le.rpm
openshift-eventrouter-0.2-6.git7c289cc.el8.ppc64le.rpm
openshift-eventrouter-debuginfo-0.2-6.git7c289cc.el8.ppc64le.rpm
openshift-eventrouter-debugsource-0.2-6.git7c289cc.el8.ppc64le.rpm
openshift-hyperkube-4.6.0-202103210832.p0.git.94284.834ccc7.el8.ppc64le.rpm

s390x:
openshift-clients-4.6.0-202103200039.p0.git.3841.3e951a5.el8.s390x.rpm
openshift-eventrouter-0.2-6.git7c289cc.el8.s390x.rpm
openshift-eventrouter-debuginfo-0.2-6.git7c289cc.el8.s390x.rpm
openshift-eventrouter-debugsource-0.2-6.git7c289cc.el8.s390x.rpm
openshift-hyperkube-4.6.0-202103210832.p0.git.94284.834ccc7.el8.s390x.rpm

x86_64:
openshift-clients-4.6.0-202103200039.p0.git.3841.3e951a5.el8.x86_64.rpm
openshift-clients-redistributable-4.6.0-202103200039.p0.git.3841.3e951a5.el8.x86_64.rpm
openshift-eventrouter-0.2-6.git7c289cc.el8.x86_64.rpm
openshift-eventrouter-debuginfo-0.2-6.git7c289cc.el8.x86_64.rpm
openshift-eventrouter-debugsource-0.2-6.git7c289cc.el8.x86_64.rpm
openshift-hyperkube-4.6.0-202103210832.p0.git.94284.834ccc7.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-15586
https://access.redhat.com/security/cve/CVE-2020-16845
https://access.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYGNWUtzjgjWX9erEAQhvDg/+JsnRombfptlZwOQZQskIMoLjb0DwNqih
2ZAwdzPV160A7IADH4kEGB2YQkUoWq039ARIoQrqPqLDShQt1KtIUWqlXVKUkcIL
PdNMAUYTV4hPTF/7C3KWxWQeSG/8YcnDiBBP+MaGlfX752TUEgqdCzawa+YpGtS8
+uR8rfKzkU9za5g+IJucDHU/qLyzd8RSRY3SQLYjsMZrH0Bkr2jK59LasuiBhpiW
lG4niquqEWlfkoSfz/GxGgcf8Vv3l6E296x0yYp3ARDU3m7kpSRW4DLQ3KlZS6uA
+feSBrlS5a9V+WIGu8zamBljjLC74LifmgwbpV4LJqAV3M825pVZs3i5Ud9y3hta
bHNcyOolc1+tJ5nIix4TUbjGo9jfW13ac9zRuaCVDXlaeziXuGia1fJCplppJ02e
0pmYESsN6YGuTYXCJwfyciznh8vihbnmPQUgTU0WvIxg7QMKOjrkjM7XeW/66i5z
RO9R4y74QKHaW3RkoaoPAqTUTvr7jrPEFEz0/I/qH+Ihrzc56GER86p59v603TYN
VlbCHAKKRD0g51t6YkCZvSTOIoiibc6PJ+gOKupipdQ/jU5SRFAgAdHy+tMRGK1Q
F86Lp+8icE0wVwc0PvmE1f0uj1boqwgqWl2JbiNCjcjIgqFXp0m359tpquNlCUXH
8gGb5waAju8=
=uPik
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYGOv8+NLKJtyKPYoAQgpnxAAjN5LPKc44zgAE6xeoJhQFqZ+unZAjI1j
rVsSdh/8FAbb/FFzQb9CQSiiBdBV2y/yREFzAstkFmYCVnMeNOXFd54qP5G0lArg
/j1KV1uY0gNTYf3TOTyLcsN2q4B2aS/WwQkBKyYredgOyLpPm2cVj1kDTgz5o9HH
aDiDr06BNsBUe4zHYsuh/nJ+KbR20pAHPkY4RIwl6okSIhZlo+VrUchhGEQq/1os
wy4NDchiGv0U+Pj/tmC8oEm/huc2PavWxLqOABMeBvMw2aGp7QRvgwICtDhoedEH
bdEx2Tk1SC/1wTCq9haCiOa6JEbX7RH1XRcOnCyy0fOxkhUIc6lI6XVhrYLVU1Nd
rgipcsaC+BoaQ8v2qd1yhr6B+/ADuJqhJ0F6htnuFPDk5WViqNVRW03tEjjMJzaR
+dXN2PacrUOrpAGJtk/Lj1lfdyfz1U5y1Pv85poJj1bGtEBfOpEqhLwF0E/YgvZE
fzrT8FT+t4oRrFX8iPHWqxhuFepJRKLYyE8d5alHk/k8LM6HoIvTdZFpN8K6r2/Q
z+SCE7C9l3Cuf5XIHOjtnkYsSqiob2IxNuXnmHssA7FNSr8k79EeXSPdq21uEstK
igLn/L/QDKftiTPNKgOHZ+spkezAanCqPEx+/6BexqxW0/3ieP1mDl9Ylbq/HHra
plWs5ee+ZWg=
=5MLM
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.1090 – [RedHat] OpenShift Container Platform: Denial of service – Remote/unauthenticated appeared first on Malware Devil.



https://malwaredevil.com/2021/03/31/esb-2021-1090-redhat-openshift-container-platform-denial-of-service-remote-unauthenticated/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1090-redhat-openshift-container-platform-denial-of-service-remote-unauthenticated
at No comments:
Labels:

ESB-2021.1106 – [Win][UNIX/Linux] Jenkins Plugins: Multiple vulnerabilities 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.1106
                     Jenkins plugins security advisory
                               31 March 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Jenkins Plugins
Publisher:         Jenkins
Operating System:  UNIX variants (UNIX, Linux, OSX)
                   Windows
Impact/Access:     Access Privileged Data     -- Existing Account            
                   Cross-site Request Forgery -- Remote with User Interaction
                   Cross-site Scripting       -- Existing Account            
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-21638 CVE-2021-21637 CVE-2021-21636
                   CVE-2021-21635 CVE-2021-21634 CVE-2021-21633
                   CVE-2021-21632 CVE-2021-21631 CVE-2021-21630
                   CVE-2021-21629 CVE-2021-21628 

Original Bulletin: 
   https://www.jenkins.io/security/advisory/2021-03-30/

- --------------------------BEGIN INCLUDED TEXT--------------------

Jenkins Security Advisory 2021-03-30  

This advisory announces vulnerabilities in the following Jenkins deliverables:

  o Build With Parameters Plugin
  o Cloud Statistics Plugin
  o Extra Columns Plugin
  o Jabber (XMPP) notifier and control Plugin
  o OWASP Dependency-Track Plugin
  o REST List Parameter Plugin
  o Team Foundation Server Plugin

Descriptions  

Stored XSS vulnerability in Build With Parameters Plugin  

SECURITY-2231 / CVE-2021-21628

Build With Parameters Plugin 1.5 and earlier does not escape parameter names
and descriptions.

This results in a stored cross-site scripting (XSS) vulnerability exploitable
by attackers with Job/Configure permission.

Build With Parameters Plugin 1.5.1 escapes parameter names and descriptions.

CSRF vulnerability in Build With Parameters Plugin  

SECURITY-2257 / CVE-2021-21629

Build With Parameters Plugin 1.5 and earlier does not require POST requests for
its form submission endpoint, resulting in a cross-site request forgery (CSRF)
vulnerability.

This vulnerability allows attackers to build a project with attacker-specified
parameters.

Build With Parameters Plugin 1.5.1 requires POST requests for the affected HTTP
endpoint.

Stored XSS vulnerability in Extra Columns Plugin  

SECURITY-2222 / CVE-2021-21630

Extra Columns Plugin 1.22 and earlier does not escape parameter values in the
build parameters column.

This results in a stored cross-site scripting (XSS) vulnerability exploitable
by attackers with Job/Configure permission. Additionally, a view containing
such a job needs to be configured with the build parameters column, or the
attacker also needs View/Configure permission.

Extra Columns Plugin 1.23 escapes parameter values in the build parameters
column.

Missing permission check in Cloud Statistics Plugin  

SECURITY-2246 / CVE-2021-21631

Cloud Statistics Plugin 0.26 and earlier does not perform a permission check in
an HTTP endpoint.

This allows attackers with Overall/Read permission and knowledge of random
activity IDs to view related provisioning exception error messages.

Cloud Statistics Plugin 0.27 requires Overall/Administer permission to access
provisioning exception error messages.

CSRF vulnerability and missing permission checks in OWASP Dependency-Track
Plugin allow capturing credentials  

SECURITY-2250 / CVE-2021-21632 (permission check), CVE-2021-21633 (CSRF)

OWASP Dependency-Track Plugin 3.1.0 and earlier does not perform permission
checks in several HTTP endpoints.

This allows attackers with Overall/Read permission to connect to an
attacker-specified URL using attacker-specified credentials IDs obtained
through another method, capturing "Secret text" credentials stored in Jenkins.
If no credentials ID is specified, the globally configured credential is used,
if set up, and can likewise be captured.

Additionally, these HTTP endpoints do not require POST requests, resulting in a
cross-site request forgery (CSRF) vulnerability.

OWASP Dependency-Track Plugin 3.1.1 requires POST requests and appropriate
permissions for the affected HTTP endpoints.

Passwords stored in plain text by Jabber (XMPP) notifier and control Plugin  

SECURITY-2162 / CVE-2021-21634

Jabber (XMPP) notifier and control Plugin 1.41 and earlier stores passwords
unencrypted in its global configuration file
hudson.plugins.jabber.im.transport.JabberPublisher.xml on the Jenkins
controller as part of its configuration.

These passwords can be viewed by users with access to the Jenkins controller
file system.

Jabber (XMPP) notifier and control Plugin 1.42 stores passwords encrypted once
its configuration is saved again.

Stored XSS vulnerability in REST List Parameter Plugin  

SECURITY-2261 / CVE-2021-21635

REST List Parameter Plugin 1.3.0 and earlier does not escape a parameter name
reference in embedded JavaScript.

This results in a stored cross-site scripting (XSS) vulnerability exploitable
by attackers with Job/Configure permission.

REST List Parameter Plugin 1.3.1 no longer identifies a parameter using
user-specified content.

Missing permission check in Team Foundation Server Plugin allows enumerating
credentials IDs  

SECURITY-2283 (1) / CVE-2021-21636

Team Foundation Server Plugin 5.157.1 and earlier does not perform a permission
check in an HTTP endpoint.

This allows attackers with Overall/Read permission to enumerate credentials IDs
of credentials stored in Jenkins. Those can be used as part of an attack to
capture the credentials using another vulnerability.

As of publication of this advisory, there is no fix.

CSRF vulnerability and missing permission check in Team Foundation Server
Plugin allow capturing credentials  

SECURITY-2283 (2) / CVE-2021-21637 (permission check), CVE-2021-21638 (CSRF)

Team Foundation Server Plugin 5.157.1 and earlier does not perform a permission
check in an HTTP endpoint.

This allows attackers with Overall/Read permission to connect to an
attacker-specified URL using attacker-specified credentials IDs obtained
through another method, capturing credentials stored in Jenkins.

Additionally, this HTTP endpoint does not require POST requests, resulting in a
cross-site request forgery (CSRF) vulnerability.

As of publication of this advisory, there is no fix.

Severity  

  o SECURITY-2162: Low
  o SECURITY-2222: High
  o SECURITY-2231: High
  o SECURITY-2246: Low
  o SECURITY-2250: Medium
  o SECURITY-2257: Low
  o SECURITY-2261: High
  o SECURITY-2283 (1): Medium
  o SECURITY-2283 (2): High

Affected Versions  

  o Build With Parameters Plugin up to and including 1.5
  o Cloud Statistics Plugin up to and including 0.26
  o Extra Columns Plugin up to and including 1.22
  o Jabber (XMPP) notifier and control Plugin up to and including 1.41
  o OWASP Dependency-Track Plugin up to and including 3.1.0
  o REST List Parameter Plugin up to and including 1.3.0
  o Team Foundation Server Plugin up to and including 5.157.1

Fix  

  o Build With Parameters Plugin should be updated to version 1.5.1
  o Cloud Statistics Plugin should be updated to version 0.27
  o Extra Columns Plugin should be updated to version 1.23
  o Jabber (XMPP) notifier and control Plugin should be updated to version 1.42
  o OWASP Dependency-Track Plugin should be updated to version 3.1.1
  o REST List Parameter Plugin should be updated to version 1.3.1

These versions include fixes to the vulnerabilities described above. All prior
versions are considered to be affected by these vulnerabilities unless
otherwise indicated.

As of publication of this advisory, no fixes are available for the following
plugins:

  o Team Foundation Server Plugin

Credit  

The Jenkins project would like to thank the reporters for discovering and
reporting these vulnerabilities:

  o Daniel Beck, CloudBees, Inc. for SECURITY-2162, SECURITY-2246,
    SECURITY-2283 (1), SECURITY-2283 (2)
  o Justin Philip for SECURITY-2250
  o Kevin Guerroudj for SECURITY-2231, SECURITY-2257, SECURITY-2261
  o Marc Heyries for SECURITY-2222

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYGP12+NLKJtyKPYoAQhXdA//UqWfWomHsuBjWrhXFlMYLLD5z9g3jau/
VCSwPU5Oze92BDMq4imhmIjBwNbkhgHEBRzoCK0qC3kGOuMDRh2v4PcJ35n9cjcm
I+eexbKXytcP3VqHKU2NtvVpPImt2TZrqvEySG54Mdjd9bTpRtbd4yrfQMkxXjen
hzgdrzoT7M8W4fATD4xFjfOoFi4r94L3NfS7IfkLs6egVvC2ljmt372Kenb8vwqx
R4M/BwsL3NfqIj6ZRs9oyScj/v3BcChQze//Rn8qstUu65HYFQ+q2HmhgeHMkopc
Y2KqwCzcQcD580FAp+sPEO3nG3ojnwFUDd6ABbPVVMvz0TaZMBNP9uCjNxikBLm/
Q8b2hhB+e/dYYWqNA8L2b4LtNqucOw1iDGdLtzaS+s9T5gK0LgWlhbXt1VsTohx9
nAF+MY7oJ4HujvGqXC3TpNy+4KpZ+6Ey2TBlvgzNmllFR+45w1tlUc4HJujAQPd3
DnEqcXMjwmq2aScaS8fkSmCZEsPnhABRJl392ziwfCp7EyqoYLO1KfJsWOl8eh7I
Cj1B1kGUvoWHuiWJzVXIYQOH0M/Lv7suWABXq+V3IKz09CbOzyCgB8rEV1J4icgP
itKDXw1wlJ0Jio2IOKZUziDDB6OV3Ao/PiO+vz44Y4vrGwMODoch6dMOQh9Cgz+/
aEIhZB6yfeY=
=NZ1J
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.1106 – [Win][UNIX/Linux] Jenkins Plugins: Multiple vulnerabilities appeared first on Malware Devil.



https://malwaredevil.com/2021/03/31/esb-2021-1106-winunix-linux-jenkins-plugins-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1106-winunix-linux-jenkins-plugins-multiple-vulnerabilities
at No comments:
Labels:

ESB-2021.1107 – [Win][UNIX/Linux] Google Chrome: Multiple Vulnerabilities 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.1107
                    Google Chrome Stable Channel Update
                               31 March 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Google Chrome
Publisher:         Google
Operating System:  UNIX variants (UNIX, Linux, OSX)
                   Windows
Impact/Access:     Denial of Service        -- Remote with User Interaction
                   Access Confidential Data -- Remote with User Interaction
                   Reduced Security         -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-21199 CVE-2021-21198 CVE-2021-21197
                   CVE-2021-21196 CVE-2021-21195 CVE-2021-21194

Original Bulletin: 
   https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html

- --------------------------BEGIN INCLUDED TEXT--------------------

Stable Channel Update for Desktop

Tuesday, March 30, 2021

The Stable channel has been updated to 89.0.4389.114 for Windows, Mac and Linux
which will roll out over the coming days/weeks.

A full list of changes in this build is available in the log. Interested in
switching release channels?  Find out how here. If you find a new issue, please
let us know by filing a bug. The community help forum is also a great place to
reach out for help or learn about common issues.

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority
of users are updated with a fix. We will also retain restrictions if the bug
exists in a third party library that other projects similarly depend on, but
haven't yet fixed.

This update includes 8 security fixes. Below, we highlight fixes that were
contributed by external researchers. Please see the Chrome Security Page for
more information.

[$20000][1181228] High CVE-2021-21194: Use after free in screen capture. 
Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-02-23

[$15000][1182647] High CVE-2021-21195: Use after free in V8. Reported by Bohan
Liu (@P4nda20371774) and Moon Liang of Tencent Security Xuanwu Lab on
2021-02-26

[$10000][1175992] High CVE-2021-21196: Heap buffer overflow in TabStrip. 
Reported by Khalil Zhani on 2021-02-08

[$TBD][1173903] High CVE-2021-21197: Heap buffer overflow in TabStrip. Reported
by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on
2021-02-03

[$TBD][1184399] High CVE-2021-21198: Out of bounds read in IPC. Reported by
Mark Brand of Google Project Zero on 2021-03-03

[$7500][1179635] High CVE-2021-21199: Use Use after free in Aura. Reported by 
Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group and
Evangelos Foutras

We would also like to thank all security researchers that worked with us during
the development cycle to prevent security bugs from ever reaching the stable
channel.As usual, our ongoing internal security work was responsible for a wide
range of fixes:

  o [1193827] Various fixes from internal audits, fuzzing and other initiatives

Many of our security bugs are detected using AddressSanitizer, MemorySanitizer,
UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.

Prudhvikumar Bommana
Google Chrome

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYGQOxuNLKJtyKPYoAQiK8Q/+M3bOrkB1RXhCvFgI8BMvyZCMwaaTGAxB
WF7tOq3r3tiho3Ut3qIRuxVRFuJ0n3Id+zhY1D4ebjL1WxOj7d9sdfA+kcaIDU6Q
MXxbDwI3jOL5cwuUQtup4LEdqVd439QEPfybogT1xSbKgfOMchn/jt31ULDDJbru
Z6XKHZ0GiNwC0Ixiomot8Pj8vKu+t2On6mvy2Z1SlyUpLDC7bZYA90qRxPqL+4AV
97S1pmiwG8b7GHRDJklMi/adytZQs7ai8uBxChuvH90nuGwuWwOpgxW7G5TlQEN1
nm+fS0GRbo1DddrxOF2+Y3o2yCMW9Qj04F8kUoDuqMo91P+rgQw0N+VRkUmc5M8b
f155x+a5+P0Cn/gLNnLqrHeXpyLo1/H3PPN6/MXuLTQszzBFAnWF06Y7HZm0qCi/
SPubjw9V0ZnYDV6ZiAUfBkI+jsDXhrzOOw+HsHe5n023vejqgVx3gnwYJz9oUhfz
iFGKkvbUZ7uIbQUKDpzievNfH0PFfSrzu+cjqB3TYrvNFQIJhTeRb3dd3MqTsfbE
d1YhqJdjybxkdcwgKf76y6LGhCoca0O3bFHEKc+tKWOJdYmsenVwp456wLOChob5
Ayu/3gebWYkCAymo+PW+BBfcRID8ETHzjVgT7gZxN8Vk2it6f4xX50Tj+fsS9FC6
fh3/dag6rUo=
=7mDH
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.1107 – [Win][UNIX/Linux] Google Chrome: Multiple Vulnerabilities appeared first on Malware Devil.



https://malwaredevil.com/2021/03/31/esb-2021-1107-winunix-linux-google-chrome-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1107-winunix-linux-google-chrome-multiple-vulnerabilities
at No comments:
Labels:

ESB-2021.1091 – [RedHat] nss-softokn: Multiple vulnerabilities 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.1091
                        nss-softokn security update
                               31 March 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           nss-softokn
Publisher:         Red Hat
Operating System:  Red Hat
Impact/Access:     Execute Arbitrary Code/Commands -- Existing Account      
                   Denial of Service               -- Remote/Unauthenticated
                   Access Confidential Data        -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-12403 CVE-2019-17006 CVE-2019-11756

Reference:         ESB-2021.0933
                   ESB-2020.3355
                   ESB-2020.2963

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2021:1026

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: nss-softokn security update
Advisory ID:       RHSA-2021:1026-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:1026
Issue date:        2021-03-30
CVE Names:         CVE-2019-11756 CVE-2019-17006 CVE-2020-12403 
=====================================================================

1. Summary:

An update for nss-softokn is now available for Red Hat Enterprise Linux 7.7
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.7) - x86_64
Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64, ppc64le, s390x, x86_64

3. Description:

The nss-softokn package provides the Network Security Services Softoken
Cryptographic Module.

Security Fix(es):

* nss: Use-after-free in sftk_FreeSession due to improper refcounting
(CVE-2019-11756)

* nss: Check length of inputs for cryptographic primitives (CVE-2019-17006)

* nss: CHACHA20-POLY1305 decryption with undersized tag leads to
out-of-bounds read (CVE-2020-12403)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1774835 - CVE-2019-11756 nss: Use-after-free in sftk_FreeSession due to improper refcounting
1775916 - CVE-2019-17006 nss: Check length of inputs for cryptographic primitives
1868931 - CVE-2020-12403 nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read

6. Package List:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.7):

Source:
nss-softokn-3.44.0-9.el7_7.src.rpm

x86_64:
nss-softokn-3.44.0-9.el7_7.i686.rpm
nss-softokn-3.44.0-9.el7_7.x86_64.rpm
nss-softokn-debuginfo-3.44.0-9.el7_7.i686.rpm
nss-softokn-debuginfo-3.44.0-9.el7_7.x86_64.rpm
nss-softokn-freebl-3.44.0-9.el7_7.i686.rpm
nss-softokn-freebl-3.44.0-9.el7_7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.7):

x86_64:
nss-softokn-debuginfo-3.44.0-9.el7_7.i686.rpm
nss-softokn-debuginfo-3.44.0-9.el7_7.x86_64.rpm
nss-softokn-devel-3.44.0-9.el7_7.i686.rpm
nss-softokn-devel-3.44.0-9.el7_7.x86_64.rpm
nss-softokn-freebl-devel-3.44.0-9.el7_7.i686.rpm
nss-softokn-freebl-devel-3.44.0-9.el7_7.x86_64.rpm

Red Hat Enterprise Linux Server EUS (v. 7.7):

Source:
nss-softokn-3.44.0-9.el7_7.src.rpm

ppc64:
nss-softokn-3.44.0-9.el7_7.ppc.rpm
nss-softokn-3.44.0-9.el7_7.ppc64.rpm
nss-softokn-debuginfo-3.44.0-9.el7_7.ppc.rpm
nss-softokn-debuginfo-3.44.0-9.el7_7.ppc64.rpm
nss-softokn-devel-3.44.0-9.el7_7.ppc.rpm
nss-softokn-devel-3.44.0-9.el7_7.ppc64.rpm
nss-softokn-freebl-3.44.0-9.el7_7.ppc.rpm
nss-softokn-freebl-3.44.0-9.el7_7.ppc64.rpm
nss-softokn-freebl-devel-3.44.0-9.el7_7.ppc.rpm
nss-softokn-freebl-devel-3.44.0-9.el7_7.ppc64.rpm

ppc64le:
nss-softokn-3.44.0-9.el7_7.ppc64le.rpm
nss-softokn-debuginfo-3.44.0-9.el7_7.ppc64le.rpm
nss-softokn-devel-3.44.0-9.el7_7.ppc64le.rpm
nss-softokn-freebl-3.44.0-9.el7_7.ppc64le.rpm
nss-softokn-freebl-devel-3.44.0-9.el7_7.ppc64le.rpm

s390x:
nss-softokn-3.44.0-9.el7_7.s390.rpm
nss-softokn-3.44.0-9.el7_7.s390x.rpm
nss-softokn-debuginfo-3.44.0-9.el7_7.s390.rpm
nss-softokn-debuginfo-3.44.0-9.el7_7.s390x.rpm
nss-softokn-devel-3.44.0-9.el7_7.s390.rpm
nss-softokn-devel-3.44.0-9.el7_7.s390x.rpm
nss-softokn-freebl-3.44.0-9.el7_7.s390.rpm
nss-softokn-freebl-3.44.0-9.el7_7.s390x.rpm
nss-softokn-freebl-devel-3.44.0-9.el7_7.s390.rpm
nss-softokn-freebl-devel-3.44.0-9.el7_7.s390x.rpm

x86_64:
nss-softokn-3.44.0-9.el7_7.i686.rpm
nss-softokn-3.44.0-9.el7_7.x86_64.rpm
nss-softokn-debuginfo-3.44.0-9.el7_7.i686.rpm
nss-softokn-debuginfo-3.44.0-9.el7_7.x86_64.rpm
nss-softokn-devel-3.44.0-9.el7_7.i686.rpm
nss-softokn-devel-3.44.0-9.el7_7.x86_64.rpm
nss-softokn-freebl-3.44.0-9.el7_7.i686.rpm
nss-softokn-freebl-3.44.0-9.el7_7.x86_64.rpm
nss-softokn-freebl-devel-3.44.0-9.el7_7.i686.rpm
nss-softokn-freebl-devel-3.44.0-9.el7_7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-11756
https://access.redhat.com/security/cve/CVE-2019-17006
https://access.redhat.com/security/cve/CVE-2020-12403
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYGLw6tzjgjWX9erEAQil5RAAk4SQyOwg4jjHXl8KvhhYyhjeC6KIYb5g
ojisBr4cVKjGo1fMVZTfpg8DE2OTHetZfiQ0BVSkEMXPxr+nuT+p+qxQIyiq2Idb
uDzO+ttBUdPiTYEFMNodbrit0x9nhpgH6eJ4hQ90hRRBah6DxftOKde36MuozKkg
GZ4+JHf8UoJo6LX7lwz4sMTWOtIdOo3fsknxiLAVC7IUFURm5wXNhhgobSQSpiou
WFlMeTfqBT7A9ZNzh2DEAv80ltUDp/z6qEqRCvk1VkVfR/JYzUGbWZWjmbL0Srs2
kscz1yRIJSeeT5IlUsvZDTQYZ2XBJotynMPlDc4y51FraFuBZu5gg5lLqhQXhpnz
10H9xVKrDbXkHPFEzinE6WzcowTdlTlicPaWLtWpvDQO0n0dWZyX64wP3Ym7/8kK
mdTaX5HS5YdHBWSy9FF4pVzJdM8TOkNKTqaMQikSAav3/UNAeL5l3SVgLXjSPgh9
Fe4GiPJG2PU6aPmYHzSZAPvoxCA6NXm+N4eNnZL7mMFQc33Y9QcbFJpNr8/5ROMm
LZvGerUbwlLnavZFkhrr2Rvj9pdgXLWGCNP8SH/AiErfy+3dFOWQlAqy5CNnepBW
Y/swsuMBspTe4aMqsefOnbCFrHbGYKgZPsLsLnzByBuqemtn5SrAgh1TWOAqfmHx
+Pi1slDSt2U=
=Y2VV
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYGO1RONLKJtyKPYoAQjs2Q//d/9bNivFRwl2y+ot9fXpSgyZMzD1Qliz
ozjqnJ0i685MyecApOxadIeOhBz9FoCvu8AplU2DUPS+6CL3c2foN38EhCCi/BbB
HnPWF5W2bB8XQyBiFUQvMEUebO0yVheuhFzzSDK566goTgluJhoj9xRi7x32XLpX
QUUAjebuhcg1Q4dACxj7El8QTQHADFa64oSLKXr4b3JKeFZ1hwvxeAObTow0xA6p
YVPqSRV003yOgvIRXn08e4pL+XWrXg9MT3dJg2PSk6anfeeV6NpHpWPKb7qp3jxj
3XBFngkMnQk20Sc2umciHCExAdxnbKkKFLcHT+28JSZP7MMnanFHuNvtGIQtkt82
kT4jK/2wdQVGWpk24ZhSLMpLUJZE2QIHefanvgf+lNumX3sqRrfcvuE6Hcuq5XQ9
AonqLvNxccjjZuLuq5b69EJPadO2ETi9HwewHuuYKbF43WAKdz8yirObxM5YvA4n
8cMBHboLBDGN4aJBJ9RxFSyy6WT/1LkzAyQZw7peepF3yrvR8FD1H5UZ3jnqiXn9
c4MLZQbepIyv3QBT1nZkPwfxOij3zmG9coBf7aJ/sIL9zSbLjXvb42/w26YNsBH2
nKCYpLA5KolaYXqO6d26xe/sz4ymR7lbJFMtBVLZGkxQbU7c3vKK01qrfL1eND/u
j3Cmu24wp9k=
=tA+R
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.1091 – [RedHat] nss-softokn: Multiple vulnerabilities appeared first on Malware Devil.



https://malwaredevil.com/2021/03/31/esb-2021-1091-redhat-nss-softokn-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1091-redhat-nss-softokn-multiple-vulnerabilities
at No comments:
Labels:

ESB-2021.1092 – [RedHat] curl: Multiple vulnerabilities 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.1092
                           curl security update
                               31 March 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           curl
Publisher:         Red Hat
Operating System:  Red Hat
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Denial of Service               -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-5482  

Reference:         ESB-2021.0931
                   ESB-2021.0840

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2021:1027

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: curl security update
Advisory ID:       RHSA-2021:1027-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:1027
Issue date:        2021-03-30
CVE Names:         CVE-2019-5482 
=====================================================================

1. Summary:

An update for curl is now available for Red Hat Enterprise Linux 7.7
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.7) - x86_64
Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64, ppc64le, s390x, x86_64

3. Description:

The curl packages provide the libcurl library and the curl utility for
downloading files from servers using various protocols, including HTTP,
FTP, and LDAP.

Security Fix(es):

* curl: heap buffer overflow in function tftp_receive_packet()
(CVE-2019-5482)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1749652 - CVE-2019-5482 curl: heap buffer overflow in function tftp_receive_packet()

6. Package List:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.7):

Source:
curl-7.29.0-54.el7_7.4.src.rpm

x86_64:
curl-7.29.0-54.el7_7.4.x86_64.rpm
curl-debuginfo-7.29.0-54.el7_7.4.i686.rpm
curl-debuginfo-7.29.0-54.el7_7.4.x86_64.rpm
libcurl-7.29.0-54.el7_7.4.i686.rpm
libcurl-7.29.0-54.el7_7.4.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.7):

x86_64:
curl-debuginfo-7.29.0-54.el7_7.4.i686.rpm
curl-debuginfo-7.29.0-54.el7_7.4.x86_64.rpm
libcurl-devel-7.29.0-54.el7_7.4.i686.rpm
libcurl-devel-7.29.0-54.el7_7.4.x86_64.rpm

Red Hat Enterprise Linux Server EUS (v. 7.7):

Source:
curl-7.29.0-54.el7_7.4.src.rpm

ppc64:
curl-7.29.0-54.el7_7.4.ppc64.rpm
curl-debuginfo-7.29.0-54.el7_7.4.ppc.rpm
curl-debuginfo-7.29.0-54.el7_7.4.ppc64.rpm
libcurl-7.29.0-54.el7_7.4.ppc.rpm
libcurl-7.29.0-54.el7_7.4.ppc64.rpm
libcurl-devel-7.29.0-54.el7_7.4.ppc.rpm
libcurl-devel-7.29.0-54.el7_7.4.ppc64.rpm

ppc64le:
curl-7.29.0-54.el7_7.4.ppc64le.rpm
curl-debuginfo-7.29.0-54.el7_7.4.ppc64le.rpm
libcurl-7.29.0-54.el7_7.4.ppc64le.rpm
libcurl-devel-7.29.0-54.el7_7.4.ppc64le.rpm

s390x:
curl-7.29.0-54.el7_7.4.s390x.rpm
curl-debuginfo-7.29.0-54.el7_7.4.s390.rpm
curl-debuginfo-7.29.0-54.el7_7.4.s390x.rpm
libcurl-7.29.0-54.el7_7.4.s390.rpm
libcurl-7.29.0-54.el7_7.4.s390x.rpm
libcurl-devel-7.29.0-54.el7_7.4.s390.rpm
libcurl-devel-7.29.0-54.el7_7.4.s390x.rpm

x86_64:
curl-7.29.0-54.el7_7.4.x86_64.rpm
curl-debuginfo-7.29.0-54.el7_7.4.i686.rpm
curl-debuginfo-7.29.0-54.el7_7.4.x86_64.rpm
libcurl-7.29.0-54.el7_7.4.i686.rpm
libcurl-7.29.0-54.el7_7.4.x86_64.rpm
libcurl-devel-7.29.0-54.el7_7.4.i686.rpm
libcurl-devel-7.29.0-54.el7_7.4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-5482
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYGLxBNzjgjWX9erEAQjNQA//U23G6MRHRY3Snqb7RYfI7+BbQRilyHEK
76Q3eD4Lu8XMJhBIZRzxztNVqPgwQAa4VONzPUTpHcrm0jj3APbJM0wY/rqrlgmD
iYBmm3fwSnpT4PK/YnDU8XvgEwK8hI1V13P6iI+LgmbY5dWVjm4gDsyfNMK/1zom
RxRlM0qrnURA7OlWKwQjPWHcgm+3dAl33neXa3e+Nla6p2oET+YXSa5ssax2L00v
8Pg6/+IGYr1Gl0ZVMpTg4odkHYthIW34+oKFDc3EzUTp5V47F+Tx+roVQgD/DbaF
oVYp5AW4DprmpD6QnNcKi97i7lcCBPDVwn3LoI7mDPVByG+/esn3d/+MSzWhEXfj
5i2WggPMaxUmQCtZe+fvwErhpEI38JQlMAhj1wtkTuRedyw1HRpgm9E/z+zyt7LC
LQlw5UVK5IHZ0MBEg8WdRRmH5P/xB88z9Y57bDYIPUGxO7TV/WazIe0bcgQI/Srg
3rD6iqYWpRefJnliH2whNQop/mw3dYI8qojp6J+hUmrftJOw2mANKAMUSbIQZYvj
LsyZtGvJY/4wcAZzqKLAZWAo7WaV58pDD31hZRXbXNSUtopBZtEWfhCR1gsj4CIe
nz8QMUTN8+scbzvZ3YiIDfZ61D2fD4yNpkT/2fYqXcuJgCmLuNU1U2mQFS8UPq3x
2pG9ZW9XKYw=
=O5l8
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYGO1VeNLKJtyKPYoAQgrxBAAoy4ofis9U5NN4qa4joBp2Z99GkcJLnYC
h7h9fW6KATYBM/7awjzVxH/azg9e//2BI36vq0apAIbaxEgc0+zqZQng504s/Z+f
DQndJ+CfF1gpK95EsbBZs/Ht5dNiNvSY/SF39LT4AQ1f2iCGVAsMMyj9O2fARXYM
5gX5zjYy3AdhSzk0kjJ2sZ8FWYH/+aG5Q0mdX6MxDYaxCj+O5om+zBp5FY1NYE5f
835xdJLnc7B8wBagr0HZs/IBnjPzLRUjzspRLKzi61RynLpSoaWMLHTw2deQl9It
lXPxYOoBFOyhY640HIIUlhw58uzVmomjPtQyEL5xwDn6xcPNIVb5qapnQPQKshUg
YxHyKZgSk1eB6OXW+VT9Vv373Jokdh5/V6Ui9WhDepVXc33phB/hvTnE9Py/4pGZ
nBD8H05rzcpfBcKoiuwtvNlPQFXNJRWsEnEA7OM2mocKeR42JDi+tHtKVXKQyxSH
rBrJkywZVXP3HZwgyvPskrEoa6B0ZU8ohVMVdUd/nPYiNHZIpc/qeHJ/e2xVK+BR
cEl1VUIPaOsHRfQQyL02Flfe2Sfk/UVHaWtGsoQ5BvbvbBh4MqkR6/GVIMUOCgbm
6ZHemhJok1Ro6jmI7htjC76a5MtRhRHt6zxd+8F9cPAG3t8YZMt9kLcDvWlie6Ao
QAk8C0APGBc=
=84lf
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.1092 – [RedHat] curl: Multiple vulnerabilities appeared first on Malware Devil.



https://malwaredevil.com/2021/03/31/esb-2021-1092-redhat-curl-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1092-redhat-curl-multiple-vulnerabilities
at No comments:
Labels:

ESB-2021.1105 – [Linux][Virtual] Linux kernel: Denial of service – Existing account 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.1105
             Linux: blkback driver may leak persistent grants
                               31 March 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Linux kernel
Publisher:         Xen
Operating System:  Xen
                   Linux variants
Impact/Access:     Denial of Service -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-28688  

Reference:         ESB-2021.1089

Original Bulletin: 
   http://xenbits.xen.org/xsa/advisory-371.html

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

            Xen Security Advisory CVE-2021-28688 / XSA-371
                               version 3

           Linux: blkback driver may leak persistent grants

UPDATES IN VERSION 3
====================

Public release.

ISSUE DESCRIPTION
=================

The fix for XSA-365 includes initialization of pointers such that
subsequent cleanup code wouldn't use uninitialized or stale values.
This initialization went too far and may under certain conditions also
overwrite pointers which are in need of cleaning up.  The lack of
cleanup would result in leaking persistent grants.  The leak in turn
would prevent fully cleaning up after a respective guest has died,
leaving around zombie domains.

IMPACT
======

A malicious or buggy frontend driver may be able to cause resource leaks
from the corresponding backend driver.  This can result in a host-wide
Denial of Sevice (DoS).

VULNERABLE SYSTEMS
==================

All Linux versions having the fix for XSA-365 applied are vulnerable.
XSA-365 was classified to affect versions back to at least 3.11.

MITIGATION
==========

Reconfiguring guests to use alternative (e.g. qemu-based) backends may
avoid the vulnerability.

Avoiding the use of persistent grants will also avoid the vulnerability.
This can be achieved by passing the "feature_persistent=0" module option
to the xen-blkback driver.

CREDITS
=======

This issue was discovered by Nicolai Stange of SUSE.

RESOLUTION
==========

Applying the attached patch resolves this issue.

xsa371-linux.patch           Linux 5.12-rc, 5.11.1 onwards, 5.10.18 onwards
      Linux 5.10.0 - 5.10.17, 5.11.0
      Linux 4.4 - 5.9
           Linux 3.11 - 4.3

$ sha256sum xsa371*
1b2472253aa82385b3eff280fa4adf52742f06813fc093f5f86cd4a3021f736c  xsa371-linux.patch
$

DEPLOYMENT DURING EMBARGO
=========================

Deployment of the patches described above (or others which are
substantially similar) is permitted during the embargo, even on
public-facing systems with untrusted guest users and administrators.

HOWEVER, deployment of the mitigations described above is NOT permitted
during the embargo on public-facing systems with untrusted guest users
and administrators.  This is because such configuration changes may be
recognizable by the affected guests.

AND: Distribution of updated software is prohibited (except to other
members of the predisclosure list).

Predisclosure list members who wish to deploy significantly different
patches and/or mitigations, please contact the Xen Project Security
Team.

(Note: this during-embargo deployment notice is retained in
post-embargo publicly released Xen Project advisories, even though it
is then no longer applicable.  This is to enable the community to have
oversight of the Xen Project Security Team's decisionmaking.)

For more information about permissible uses of embargoed information,
consult the Xen Project community's agreed Security Policy:
  http://www.xenproject.org/security-policy.html
- -----BEGIN PGP SIGNATURE-----

iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAmBjBWYMHHBncEB4ZW4u
b3JnAAoJEIP+FMlX6CvZbkQIAKjv5DaESSOUA8DzOk4LmBZQHIMtTsN2wF2Q0/6g
3hJ3HoGzQwul00eUem+sbAqrEKJAEGLrcWpAGlcp8jW5i+44dyHE4o4vDmUOLx/x
eJGMKwhv2Xe7Us15Fh4ioOBtmO6/AH60Scbid3aZ6zlJiUEPwpotzD9Jm/nR+B/E
/KRsXZ+dTIZpeke9vVXbml/nrq/xwvpAZrEGeXBg1FDUHNsGWEeqPFq2ZfygVw22
x5loXeb8cqIETuA3EJQ1fx0Ioqnh3Q85TtNTCTpZrKcrTqJX+lZTlrEn4iAaMvp1
Bp/Mu9dkFrIJaid0iwdJKk2STsROh5ZCXCOyFOo5LFvFoKE=
=DlVS
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYGPvUeNLKJtyKPYoAQgvyhAAm2tNE+uNqU86JRlwD81ProQfZdYv6Z2d
w5pDuuJu7bfTZzRWIOcMEo0xo3t+fEnyfDr6yTDbRI9gJ62KLotWa09kl0YJ+7ya
VcuTcOrqJHNCX9c14Ih7SPqVMG7cJ8AbS6ytQmVbDERWjE6yr2w64TOaPgZGvT9+
oYtPy+qhdEC/IpgsOfvheLftLHpJjzyDeAWyawI/ofGfCuxUUUZRgMiAG1tBYB0h
UyvlWqw+QBt40ZGkyPhLzXgUAOd9gcdEHYJJaiTN8ZzdBO3Y8r51SNGaLz2VmSEl
WdTh+TuGDiUNWYfekwhoSEbR3E4i9+rO7Ng0eangdBiy5BX5Z9L8UnRp029WXiXS
YcYN8fueLaVR6zl1P1kQFkLmjvVG79QuXIoXgc/7+8YDYzw8k4+skt6bAq+WCktv
0pq2HAdvRLysTjSXUNw+KU7WN8DLiF0MFSlFQ6Lh7n7Cwcgq1LLLRdmI05EXKurA
x/xLhrbQbIF+kR8+Gw7n2D8SIpodiiRcV6xIs+Iy30zj22TnG2vjlSSoQyXnyayG
MkJIlt39t31RwGVu9/gP14XvtA6NO/PoWodDgNJv4/2yr/xYdQ9zsjuAhKkuvWGY
r/KaOXes8DigyEUipfZOiE+LCIWAE2VYDZYHLyzulKsamcnYG0euCmn9rvOuDn6N
rnW7TDFOWKI=
=Ckrg
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.1105 – [Linux][Virtual] Linux kernel: Denial of service – Existing account appeared first on Malware Devil.



https://malwaredevil.com/2021/03/31/esb-2021-1105-linuxvirtual-linux-kernel-denial-of-service-existing-account/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1105-linuxvirtual-linux-kernel-denial-of-service-existing-account
at No comments:
Labels:

How to Secure the Home Branch Office

home branch Zix

Amid the pandemic, most workforces have shifted to remote work and home offices; essentially, transforming their living rooms into corporate branch offices. From a convenience and health perspective, this has worked well, for the most part. However, the convenience of working from home has put a lot of responsibility on corporate IT folks to ensure..

The post How to Secure the Home Branch Office appeared first on Security Boulevard.

Read More

The post How to Secure the Home Branch Office appeared first on Malware Devil.



https://malwaredevil.com/2021/03/31/how-to-secure-the-home-branch-office/?utm_source=rss&utm_medium=rss&utm_campaign=how-to-secure-the-home-branch-office
at No comments:
Labels:
Subscribe to: Posts (Atom)

Barbary Pirates and Russian Cybercrime

In 1801, the United States had a small Navy. Thomas Jefferson deployed almost half that Navy—three frigates and a schooner—to the Barbary C...