AusCERT - Security Bulletins

Subscribe to AusCERT - Security Bulletins hírcsatorna
Latest published security bulletins. See https://www.auscert.org.au/rss/ for feed information.
Frissítve: 1 óra 35 másodperc
2021. április 16.

ESB-2021.1302 - [Win][UNIX/Linux] WordPress: Access confidential data - Unknown/unspecified

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1302 WordPress 5.7.1 Security and Maintenance Release 16 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: WordPress Publisher: WordPress Operating System: Windows UNIX variants (UNIX, Linux, OSX) Impact/Access: Access Confidential Data -- Unknown/Unspecified Reduced Security -- Unknown/Unspecified Resolution: Patch/Upgrade Original Bulletin: https://wordpress.org/news/2021/04/wordpress-5-7-1-security-and-maintenance-release/ - --------------------------BEGIN INCLUDED TEXT-------------------- WordPress 5.7.1 Security and Maintenance Release Posted April 15, 2021 by Peter Wilson . Filed under Releases , Security . WordPress 5.7.1 is now available! This security and maintenance release features 26 bug fixes in addition to two security fixes. Because this is a security release , it is recommended that you update your sites immediately. All versions since WordPress 4.7 have also been updated. WordPress 5.7.1 is a short-cycle security and maintenance release. The next major release will be version 5.8. You can download WordPress 5.7.1 by downloading from WordPress.org, or visit your Dashboard -> Updates and click Update Now. If you have sites that support automatic background updates, they've already started the update process. Security Updates Two security issues affect WordPress versions between 4.7 and 5.7. If you haven't yet updated to 5.7, all WordPress versions since 4.7 have also been updated to fix the following security issues: o Thank you SonarSource for reporting an XXE vulnerability within the media library affecting PHP 8. o Thanks Mikael Korpela for reporting a data exposure vulnerability within the REST API. Thank you to all of the reporters for privately disclosing the vulnerabilities . This gave the security team time to fix the vulnerabilities before WordPress sites could be attacked. Props to Adam Zielinski , Pascal Birchler , Peter Wilson , Juliette Reinders Folmer , Alex Concha , Ehtisham Siddiqui , Timothy Jacobs and the WordPress security team for their work on these issues. For more information, browse the full list of changes on Trac, or check out the version 5.7.1 HelpHub documentation page . Thanks and props! The 5.7.1 release was led by @peterwilsoncc and @audrasjb . In addition to the security researchers and release squad members mentioned above, thank you to everyone who helped make WordPress 5.7.1 happen: 99w , Adam Silverstein , Andrew Ozz , annalamprou , anotherdave , Ari Stathopoulos , Ayesh Karunaratne , bobbingwide , Brecht , Daniel Richards , David Baumwald , dkoo , Dominik Schilling , dragongate , eatsleepcode , Ella van Durpe , Erik , Fabian Pimminger , Felix Arntz , Florian TIAR , gab81 , Gal Baras , Geoffrey , George Mamadashvili , Glen Davies , Greg Ziolkowski , grzim , Ipstenu (Mika Epstein) , Jake Spurlock , Jayman Pandya , Jb Audras , Joen A. , Johan Jonk Stenstrom , Johannes Kinast , John Blackbourn , John James Jacoby , Jonathan Desrosiers , Josee Wouters , Joy , k3nsai , Kelly Choyce-Dwan , Kerry Liu , Marius L. J. , Mel Choyce-Dwan , Mikhail Kobzarev , mmuyskens , Mukesh Panchal , nicegamer7 , Otshelnik-Fm , Paal Joachim Romdahl , palmiak , Pascal Birchler , Peter Wilson , pwallner , Rachel Baker , Riad Benguella , Rinat Khaziev , Robert Anderson , Roger Theriault , Sergey Biryukov , Sergey Yakimov , SirStuey , stefanjoebstl , Stephen Bernhardt , Sumit Singh , Sybre Waaijer , Synchro , Terri Ann , tigertech , Timothy Jacobs , tmatsuur , TobiasBg , Tonya Mork , Toru Miki , Ulrich , and Vlad T . - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYHkoG+NLKJtyKPYoAQgWug//XDcyKlxWoMQpW1VS7GBXb3qrC3h1ZpND wgq4/qJW6slY78xwvFfn3MU4kJJcWTGbNDV8DsWOXVIKY4gXW9Q5XH80le9Q0ox0 NoQa8DUlpG3TUVq9nVQ82aYMj7D40jSaIbSBiFwYqRO9wDpR0TvAyApAR6nu/DKC jr198TVkyqPDAlJ004yZEb9YejkwhfxmtgnslYMmm7tA+/OBc3NAp/vkwNgHfg1j 1A0dcnUqn3EUfiKWSEzvUl18PCtt1FQ4Dy1gEzULg1jQr0Fy4kqdOFv3xfooDWni m8Ss7LndaP3RTpmSKSNORCUkaPrdIyHOSHstBpA0rquWe1TwqQ0OGkHVqTD5YYfJ 21hDRKt3qz5Ldzn00lbMnAdAXDEnoWset9vfiSJOQih0LJuOmAofVkHDgmleVCUl TzWNRzR1URjFs0R7Xko6Zw4GMXZzNOgElDw/yraHW8HnZznh9mSBcNmJCx8g2nIq kRmAtDtOn+CSHPNYkZsySXnIhjv8t2vdX8AWWrDlsEZtZqmF1vmhjSw7WM936JZ9 pLOwgKnmlTsy3Yfcis0iYoASnj/dtZQbTZ7R5JFOH5TotxXpz5xRAZ9iIDfG1Uyk Eb+tUJ2lizwWLTaxKTmrE4lWg7whTyoW6ZOS4T1VIczJkHx6xMgkUYzoF7Tw3TvM Rk0I8iVR2hQ= =4li2 -----END PGP SIGNATURE-----
2021. április 16.

ESB-2021.1301 - [Appliance] F5 Products: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1301 Multiple NSS vulnerabilities CVE-2020-6829, CVE-2020-12400, CVE-2020-12401, and CVE-2020-12402 16 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: F5OS Traffix SDC Publisher: F5 Networks Operating System: Network Appliance Impact/Access: Access Confidential Data -- Remote with User Interaction Denial of Service -- Remote with User Interaction Resolution: None CVE Names: CVE-2020-12403 CVE-2020-12402 CVE-2020-12401 CVE-2020-12400 CVE-2020-6829 Reference: ESB-2021.0986 ESB-2020.3355 Original Bulletin: https://support.f5.com/csp/article/K61267093 https://support.f5.com/csp/article/K13290208 Comment: This bulletin contains two (2) F5 Networks security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- K61267093: Multiple NSS vulnerabilities CVE-2020-6829, CVE-2020-12400, CVE-2020-12401, and CVE-2020-12402 Original Publication Date: 16 Apr, 2021 Security Advisory Description o CVE-2020-6829 When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This vulnerability affects Firefox < 80 and Firefox for Android < 80. o CVE-2020-12400 When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox < 80 and Firefox for Android < 80. o CVE-2020-12401 During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox < 80 and Firefox for Android < 80. o CVE-2020-12402 During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes. *Note:* An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected, but products built on top of it might. This vulnerability affects Firefox < 78. Impact CVE-2020-6829, CVE-2020-12400, and CVE-2020-12401 Given a small number of ECDSA signatures, this information can be used to steal the private key. The highest threat from this vulnerability is to data confidentiality. CVE-2020-12402 An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. The highest threat to this flaw is to confidentiality. Security Advisory Status F5 Product Development has assigned ID 1004309 (F5OS) and ID SDC-1054 (Traffix) to this vulnerability. To determine if your product and version have been evaluated for this vulnerability, refer to the Applies to (see versions) box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases, point releases, or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to K51812227: Understanding security advisory versioning. Note: After a fix is introduced for a given minor branch, that fix applies to all subsequent maintenance and point releases for that branch, and no additional fixes for that branch will be listed in the table. For example, when a fix is introduced in 14.1.2.3, the fix also applies to 14.1.2.4, and all later 14.1.x releases (14.1.3.x., 14.1.4.x). For more information, refer to K51812227: Understanding security advisory versioning. Additionally, software versions preceding those listed in the following table have reached the End of Technical Support (EoTS) phase of their lifecycle and are no longer evaluated for security issues. For more information, refer to the Security hotfixes section of K4602: Overview of the F5 security vulnerability response policy. +------------+------+--------------+----------+----------+------+-------------+ | | |Versions known|Fixes | |CVSSv3|Vulnerable | |Product |Branch|to be |introduced|Severity |score^|component or | | | |vulnerable^1 |in | |2 |feature | +------------+------+--------------+----------+----------+------+-------------+ | |16.x |None |Not | | | | | | | |applicable| | | | | +------+--------------+----------+ | | | | |15.x |None |Not | | | | | | | |applicable| | | | | +------+--------------+----------+ | | | | |14.x |None |Not | | | | |BIG-IP (all | | |applicable|Not | | | |modules) +------+--------------+----------+vulnerable|None |None | | |13.x |None |Not | | | | | | | |applicable| | | | | +------+--------------+----------+ | | | | |12.x |None |Not | | | | | | | |applicable| | | | | +------+--------------+----------+ | | | | |11.x |None |Not | | | | | | | |applicable| | | | +------------+------+--------------+----------+----------+------+-------------+ | |8.x |None |Not | | | | | | | |applicable| | | | |BIG-IQ +------+--------------+----------+ | | | |Centralized |7.x |None |Not |Not |None |None | |Management | | |applicable|vulnerable| | | | +------+--------------+----------+ | | | | |6.x |None |Not | | | | | | | |applicable| | | | +------------+------+--------------+----------+----------+------+-------------+ |F5OS |1.x |1.1.0 |None |Medium |4.4 |NSS | +------------+------+--------------+----------+----------+------+-------------+ |Traffix SDC |5.x |5.1.0 |None |Medium |4.4 |NSS | +------------+------+--------------+----------+----------+------+-------------+ ^1F5 evaluates only software versions that have not yet reached the End of Technical Support (EoTS) phase of their lifecycle. ^2The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge. Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by installing a version listed in the Fixes introduced in column. If the Fixes introduced in column does not list a version for your branch, then no update candidate currently exists for that branch and F5 recommends upgrading to a version with the fix (refer to the table). If the Fixes introduced in column lists a version prior to the one you are running, in the same branch, then your version should have the fix. Mitigation None Supplemental Information o K41942608: Overview of security advisory articles o K4602: Overview of the F5 security vulnerability response policy o K4918: Overview of the F5 critical issue hotfix policy o K8986: F5 software lifecycle policy o K9502: BIG-IP hotfix and point release matrix o K13123: Managing BIG-IP product hotfixes (11.x - 16.x) o K167: Downloading software and firmware from F5 o K9970: Subscribing to email notifications regarding F5 products o K9957: Creating a custom RSS feed to view new and updated documents - -------------------------------------------------------------------------------- K13290208: NSS vulnerability CVE-2020-12403 Original Publication Date: 16 Apr, 2021 Security Advisory Description A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest threat from this vulnerability is to confidentiality and system availability. (CVE-2020-12403) Impact The highest threat from this vulnerability is to confidentiality and system availability. Security Advisory Status F5 Product Development has assigned ID 1004309 (F5OS) and ID SDC-1054 (Traffix) to this vulnerability. To determine if your product and version have been evaluated for this vulnerability, refer to the Applies to (see versions) box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases, point releases, or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to K51812227: Understanding security advisory versioning. Note: After a fix is introduced for a given minor branch, that fix applies to all subsequent maintenance and point releases for that branch, and no additional fixes for that branch will be listed in the table. For example, when a fix is introduced in 14.1.2.3, the fix also applies to 14.1.2.4, and all later 14.1.x releases (14.1.3.x., 14.1.4.x). For more information, refer to K51812227: Understanding security advisory versioning. Additionally, software versions preceding those listed in the following table have reached the End of Technical Support (EoTS) phase of their lifecycle and are no longer evaluated for security issues. For more information, refer to the Security hotfixes section of K4602: Overview of the F5 security vulnerability response policy. +------------+------+--------------+----------+----------+------+-------------+ | | |Versions known|Fixes | |CVSSv3|Vulnerable | |Product |Branch|to be |introduced|Severity |score^|component or | | | |vulnerable^1 |in | |2 |feature | +------------+------+--------------+----------+----------+------+-------------+ | |16.x |None |Not | | | | | | | |applicable| | | | | +------+--------------+----------+ | | | | |15.x |None |Not | | | | | | | |applicable| | | | | +------+--------------+----------+ | | | | |14.x |None |Not | | | | |BIG-IP (all | | |applicable|Not | | | |modules) +------+--------------+----------+vulnerable|None |None | | |13.x |None |Not | | | | | | | |applicable| | | | | +------+--------------+----------+ | | | | |12.x |None |Not | | | | | | | |applicable| | | | | +------+--------------+----------+ | | | | |11.x |None |Not | | | | | | | |applicable| | | | +------------+------+--------------+----------+----------+------+-------------+ | |8.x |None |Not | | | | | | | |applicable| | | | |BIG-IQ +------+--------------+----------+ | | | |Centralized |7.x |None |Not |Not |None |None | |Management | | |applicable|vulnerable| | | | +------+--------------+----------+ | | | | |6.x |None |Not | | | | | | | |applicable| | | | +------------+------+--------------+----------+----------+------+-------------+ |F5OS |1.x |1.1.0 |None |High |6.8 |NSS | +------------+------+--------------+----------+----------+------+-------------+ |Traffix SDC |5.x |5.1.0 |None |High |6.8 |NSS | +------------+------+--------------+----------+----------+------+-------------+ ^1F5 evaluates only software versions that have not yet reached the End of Technical Support (EoTS) phase of their lifecycle. ^2The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge. Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by installing a version listed in the Fixes introduced in column. If the Fixes introduced in column does not list a version for your branch, then no update candidate currently exists for that branch and F5 recommends upgrading to a version with the fix (refer to the table). If the Fixes introduced in column lists a version prior to the one you are running, in the same branch, then your version should have the fix. Mitigation None Supplemental Information o K41942608: Overview of security advisory articles o K4602: Overview of the F5 security vulnerability response policy o K4918: Overview of the F5 critical issue hotfix policy o K8986: F5 software lifecycle policy o K9502: BIG-IP hotfix and point release matrix o K13123: Managing BIG-IP product hotfixes (11.x - 16.x) o K167: Downloading software and firmware from F5 o K9970: Subscribing to email notifications regarding F5 products o K9957: Creating a custom RSS feed to view new and updated documents - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYHkoBONLKJtyKPYoAQifcA//UBmWpNexkV9/+BekJr4fqsRmO8alE8T8 B8B2BSYQUHEXSxIvkfRtcPYTBBJIu4aG8zPxdWPvAk8HOWYr5IRGZzLKorXZSqu4 8Y04DGfpt1wEyX6Yp0dd8SbR/q9/mcObv4qsBu/2/qDHpBbDgTKlVOZpH3mNgGzr bKNWSxnvv0TO3bHzLx2jEYhUye9Ptysyn2TWVi3Sn9vergYFUYH22Z69TttH+no5 6dWpuXDZP1YKGRsSiOOuOoNFQgLoI73OSpJUAxpW481Xp/o+pJeyym6ogA0HkKNy 3NuB5G3Aj3lm3v2YSTaB2PotvScv3w5Dh9hzZPTixpB6pLfuX+cmvEGzBbRz6CFB CcEMuIj+CtAyYDUBRLT6okA5Rb7sKrVZrPPZv3jMNy0P2ozvvdoW7/gNyAZxXERm wrxD3HaCLd9O2VUqOKtfMLY39/BfznjQfjdsgnO3mqIO7RG9wVKNLP1oteEaBzLK skxrGk2OkKvlo/VWfMfRnqUxpATo9eK1/ABeCse4O+yB7lEQd6zuPnLXY9tu0r4W uq63mz7oN09zEglPwcQ2agxuaZRhdl6mocamMQ4HjRwhyKtnP4c4hjbK7T+0i5h/ JSn+Y0K2xd6/0PR2uymrDoK/r7eg0ky7h+ojtEiiY83QEVHGsjgPUghkNr1XpDas YFXs1urN2+o= =NDm/ -----END PGP SIGNATURE-----
2021. április 16.

ESB-2021.1300 - [Ubuntu] Linux kernel and Linux kernel (OEM): Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1300 USN-4915-1: Linux kernel (OEM) vulnerabilities 16 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Linux kernel Linux kernel (OEM) Publisher: Ubuntu Operating System: Ubuntu Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Increased Privileges -- Existing Account Denial of Service -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2021-29154 CVE-2021-3493 CVE-2021-3492 Reference: ESB-2021.1251 Original Bulletin: https://ubuntu.com/security/notices/USN-4915-1 https://ubuntu.com/security/notices/USN-4916-1 https://ubuntu.com/security/notices/USN-4917-1 Comment: This bulletin contains three (3) Ubuntu security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- USN-4915-1: Linux kernel (OEM) vulnerabilities 15 April 2021 Several security issues were fixed in the Linux kernel. Releases o Ubuntu 20.04 LTS Packages o linux-oem-5.6 - Linux kernel for OEM systems Details It was discovered that the overlayfs implementation in the Linux kernel did not properly validate the application of file system capabilities with respect to user namespaces. A local attacker could use this to gain elevated privileges. ( CVE-2021-3493 ) Vincent Dehors discovered that the shiftfs file system in the Ubuntu Linux kernel did not properly handle faults in copy_from_user() when passing through ioctls to an underlying file system. A local attacker could use this to cause a denial of service (memory exhaustion) or execute arbitrary code. ( CVE-2021-3492 ) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 o linux-image-oem-20.04 - 5.6.0.1054.50 o linux-image-5.6.0-1054-oem - 5.6.0-1054.58 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References o CVE-2021-3493 o CVE-2021-3492 Related notices o USN-4916-1 : linux-image-gcp-lts-18.04, linux-image-powerpc64-smp, linux-image-azure, linux-image-4.4.0-209-lowlatency, linux-image-4.4.0-209-powerpc64-emb, linux-dell300x, linux-image-oem, linux-image-lowlatency, linux-image-4.15.0-1090-kvm, linux-image-4.15.0-142-generic-lpae, linux-image-gcp, linux-image-4.4.0-209-powerpc64-smp, linux-image-oracle, linux-image-aws-lts-18.04, linux-image-aws-hwe, linux-image-powerpc64-emb, linux-azure, linux-image-4.15.0-1113-azure, linux-image-4.4.0-1091-aws, linux-image-4.4.0-1127-aws, linux-image-generic-lpae-lts-xenial, linux-image-4.4.0-1155-snapdragon, linux-image-aws, linux-image-4.15.0-142-lowlatency, linux-image-oracle-lts-18.04, linux-image-generic, linux-image-4.4.0-209-generic-lpae, linux-image-4.15.0-142-generic, linux-image-generic-lpae-hwe-16.04, linux-image-4.4.0-209-powerpc-e500mc, linux-image-snapdragon, linux-image-4.4.0-1092-kvm, linux-lts-xenial, linux-image-virtual-hwe-16.04, linux-oracle, linux-raspi2, linux-image-4.15.0-1098-gcp, linux-image-4.4.0-209-generic, linux, linux-image-powerpc-e500mc-lts-xenial, linux-image-powerpc-smp, linux-azure-4.15, linux-snapdragon, linux-image-lowlatency-lts-xenial, linux-image-powerpc-smp-lts-xenial, linux-image-powerpc64-smp-lts-xenial, linux-image-powerpc-e500mc, linux-image-generic-lts-xenial, linux-image-dell300x, linux-image-4.4.0-209-powerpc-smp, linux-image-generic-lpae, linux-image-4.15.0-1084-raspi2, linux-hwe, linux-aws-hwe, linux-image-gke, linux-gcp, linux-image-4.15.0-1017-dell300x, linux-gcp-4.15, linux-image-4.15.0-1101-snapdragon, linux-image-generic-hwe-16.04, linux-kvm, linux-image-kvm, linux-image-virtual-lts-xenial, linux-image-4.15.0-1099-aws, linux-image-4.15.0-1070-oracle, linux-image-4.4.0-1151-raspi2, linux-image-raspi2, linux-aws, linux-image-powerpc64-emb-lts-xenial, linux-image-azure-lts-18.04, linux-image-lowlatency-hwe-16.04, linux-image-virtual o USN-4917-1 : linux-image-azure, linux-image-5.8.0-1029-azure, linux-image-oem, linux-image-5.10.0-1022-oem, linux-image-generic-lpae-hwe-18.04, linux-azure, linux-image-5.8.0-1021-raspi, linux-image-oem-20.04, linux-image-5.4.0-1042-gke, linux-image-generic, linux-image-5.4.0-72-generic, linux-image-5.8.0-1028-gcp, linux-image-generic-64k-hwe-20.04, linux, linux-image-lowlatency-hwe-20.04, linux-image-5.3.0-1042-gke, linux-image-gkeop-5.4, linux-image-generic-lpae, linux-image-generic-lpae-hwe-20.04, linux-aws, linux-raspi2-5.3, linux-image-5.8.0-1024-kvm, linux-gkeop-5.4, linux-image-virtual, linux-image-generic-hwe-18.04, linux-image-lowlatency, linux-image-gcp, linux-image-gke-5.3, linux-image-5.4.0-72-generic-lpae, linux-image-gke-5.4, linux-azure-5.4, linux-image-5.8.0-1026-oracle, linux-gke-5.3, linux-image-generic-hwe-20.04, linux-hwe, linux-gcp, linux-image-kvm, linux-image-5.4.0-1045-aws, linux-image-5.4.0-1038-kvm, linux-raspi-5.4, linux-image-5.8.0-50-lowlatency, linux-image-lowlatency-hwe-18.04, linux-image-oracle, linux-aws-5.4, linux-image-generic-64k, linux-image-virtual-hwe-18.04, linux-image-5.4.0-1014-gkeop, linux-oracle-5.4, linux-image-snapdragon-hwe-18.04, linux-image-5.4.0-1034-raspi, linux-image-5.4.0-1046-azure, linux-image-raspi2-hwe-18.04, linux-oracle, linux-image-5.8.0-1021-raspi-nolpae, linux-hwe-5.4, linux-gkeop, linux-oem-5.10, linux-image-gkeop, linux-image-5.8.0-1030-aws, linux-image-raspi-hwe-18.04, linux-kvm, linux-hwe-5.8, linux-image-5.3.0-73-generic, linux-image-oem-osp1, linux-image-virtual-hwe-20.04, linux-image-gkeop-5.3, linux-gcp-5.4, linux-image-5.3.0-73-lowlatency, linux-image-oem-20.04b, linux-raspi, linux-image-5.8.0-50-generic-lpae, linux-image-aws, linux-image-5.4.0-72-lowlatency, linux-image-raspi-nolpae, linux-image-5.4.0-1042-gcp, linux-image-5.8.0-50-generic, linux-image-5.4.0-1043-oracle, linux-image-raspi, linux-gke-5.4, linux-image-gke, linux-image-raspi2, linux-image-5.8.0-50-generic-64k, linux-image-5.3.0-1039-raspi2 - -------------------------------------------------------------------------------- USN-4916-1: Linux kernel vulnerabilities 15 April 2021 Several security issues were fixed in the Linux kernel. Releases o Ubuntu 18.04 LTS o Ubuntu 16.04 LTS o Ubuntu 14.04 ESM Packages o linux - Linux kernel o linux-aws - Linux kernel for Amazon Web Services (AWS) systems o linux-aws-hwe - Linux kernel for Amazon Web Services (AWS-HWE) systems o linux-azure - Linux kernel for Microsoft Azure Cloud systems o linux-azure-4.15 - Linux kernel for Microsoft Azure Cloud systems o linux-dell300x - Linux kernel for Dell 300x platforms o linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems o linux-gcp-4.15 - Linux kernel for Google Cloud Platform (GCP) systems o linux-hwe - Linux hardware enablement (HWE) kernel o linux-kvm - Linux kernel for cloud environments o linux-lts-xenial - Linux hardware enablement kernel from Xenial for Trusty o linux-oracle - Linux kernel for Oracle Cloud systems o linux-raspi2 - Linux kernel for Raspberry Pi (V8) systems o linux-snapdragon - Linux kernel for Qualcomm Snapdragon processors Details It was discovered that the overlayfs implementation in the Linux kernel did not properly validate the application of file system capabilities with respect to user namespaces. A local attacker could use this to gain elevated privileges. ( CVE-2021-3493 ) Piotr Krysiuk discovered that the BPF JIT compiler for x86 in the Linux kernel did not properly validate computation of branch displacements in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. ( CVE-2021-29154 ) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 o linux-image-virtual - 4.15.0.142.129 o linux-image-powerpc-e500mc - 4.15.0.142.129 o linux-image-4.15.0-1113-azure - 4.15.0-1113.126 o linux-image-4.15.0-1098-gcp - 4.15.0-1098.111 o linux-image-gcp-lts-18.04 - 4.15.0.1098.116 o linux-image-4.15.0-1017-dell300x - 4.15.0-1017.21 o linux-image-4.15.0-142-generic - 4.15.0-142.146 o linux-image-4.15.0-1070-oracle - 4.15.0-1070.78 o linux-image-oracle-lts-18.04 - 4.15.0.1070.80 o linux-image-4.15.0-1084-raspi2 - 4.15.0-1084.89 o linux-image-4.15.0-142-generic-lpae - 4.15.0-142.146 o linux-image-raspi2 - 4.15.0.1084.81 o linux-image-4.15.0-142-lowlatency - 4.15.0-142.146 o linux-image-snapdragon - 4.15.0.1101.104 o linux-image-powerpc64-emb - 4.15.0.142.129 o linux-image-dell300x - 4.15.0.1017.19 o linux-image-aws-lts-18.04 - 4.15.0.1099.102 o linux-image-generic - 4.15.0.142.129 o linux-image-4.15.0-1099-aws - 4.15.0-1099.106 o linux-image-4.15.0-1101-snapdragon - 4.15.0-1101.110 o linux-image-kvm - 4.15.0.1090.86 o linux-image-4.15.0-1090-kvm - 4.15.0-1090.92 o linux-image-azure-lts-18.04 - 4.15.0.1113.86 o linux-image-powerpc-smp - 4.15.0.142.129 o linux-image-generic-lpae - 4.15.0.142.129 o linux-image-powerpc64-smp - 4.15.0.142.129 o linux-image-lowlatency - 4.15.0.142.129 Ubuntu 16.04 o linux-image-virtual - 4.4.0.209.215 o linux-image-lowlatency-hwe-16.04 - 4.15.0.142.137 o linux-image-4.4.0-1155-snapdragon - 4.4.0-1155.165 o linux-image-4.15.0-1113-azure - 4.15.0-1113.126~16.04.1 o linux-image-4.4.0-209-powerpc-e500mc - 4.4.0-209.241 o linux-image-4.15.0-1098-gcp - 4.15.0-1098.111~16.04.1 o linux-image-4.4.0-209-generic-lpae - 4.4.0-209.241 o linux-image-4.4.0-209-lowlatency - 4.4.0-209.241 o linux-image-oracle - 4.15.0.1070.58 o linux-image-azure - 4.15.0.1113.104 o linux-image-generic-lpae-hwe-16.04 - 4.15.0.142.137 o linux-image-4.15.0-142-generic - 4.15.0-142.146~16.04.1 o linux-image-4.4.0-209-powerpc-smp - 4.4.0-209.241 o linux-image-4.15.0-1070-oracle - 4.15.0-1070.78~16.04.1 o linux-image-powerpc-e500mc - 4.4.0.209.215 o linux-image-4.4.0-1127-aws - 4.4.0-1127.141 o linux-image-4.15.0-142-generic-lpae - 4.15.0-142.146~16.04.1 o linux-image-4.15.0-142-lowlatency - 4.15.0-142.146~16.04.1 o linux-image-snapdragon - 4.4.0.1155.147 o linux-image-4.4.0-209-generic - 4.4.0-209.241 o linux-image-powerpc64-emb - 4.4.0.209.215 o linux-image-powerpc64-smp - 4.4.0.209.215 o linux-image-gke - 4.15.0.1098.99 o linux-image-virtual-hwe-16.04 - 4.15.0.142.137 o linux-image-generic - 4.4.0.209.215 o linux-image-oem - 4.15.0.142.137 o linux-image-4.15.0-1099-aws - 4.15.0-1099.106~16.04.1 o linux-image-4.4.0-1092-kvm - 4.4.0-1092.101 o linux-image-aws - 4.4.0.1127.132 o linux-image-kvm - 4.4.0.1092.90 o linux-image-4.4.0-209-powerpc64-emb - 4.4.0-209.241 o linux-image-raspi2 - 4.4.0.1151.151 o linux-image-powerpc-smp - 4.4.0.209.215 o linux-image-4.4.0-209-powerpc64-smp - 4.4.0-209.241 o linux-image-generic-lpae - 4.4.0.209.215 o linux-image-gcp - 4.15.0.1098.99 o linux-image-generic-hwe-16.04 - 4.15.0.142.137 o linux-image-4.4.0-1151-raspi2 - 4.4.0-1151.162 o linux-image-lowlatency - 4.4.0.209.215 o linux-image-aws-hwe - 4.15.0.1099.92 Ubuntu 14.04 o linux-image-4.4.0-209-powerpc-smp - 4.4.0-209.241~14.04.1 o linux-image-lowlatency-lts-xenial - 4.4.0.209.182 o linux-image-4.4.0-209-powerpc64-smp - 4.4.0-209.241~14.04.1 o linux-image-4.4.0-1091-aws - 4.4.0-1091.95 o linux-image-4.4.0-209-powerpc64-emb - 4.4.0-209.241~14.04.1 o linux-image-4.15.0-1113-azure - 4.15.0-1113.126~14.04.1 o linux-image-4.4.0-209-powerpc-e500mc - 4.4.0-209.241~14.04.1 o linux-image-powerpc-e500mc-lts-xenial - 4.4.0.209.182 o linux-image-generic-lpae-lts-xenial - 4.4.0.209.182 o linux-image-powerpc64-smp-lts-xenial - 4.4.0.209.182 o linux-image-4.4.0-209-generic-lpae - 4.4.0-209.241~14.04.1 o linux-image-powerpc-smp-lts-xenial - 4.4.0.209.182 o linux-image-powerpc64-emb-lts-xenial - 4.4.0.209.182 o linux-image-4.4.0-209-lowlatency - 4.4.0-209.241~14.04.1 o linux-image-generic-lts-xenial - 4.4.0.209.182 o linux-image-aws - 4.4.0.1091.88 o linux-image-4.4.0-209-generic - 4.4.0-209.241~14.04.1 o linux-image-azure - 4.15.0.1113.86 o linux-image-virtual-lts-xenial - 4.4.0.209.182 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References o CVE-2021-3493 o CVE-2021-29154 Related notices o USN-4912-1 : linux-oem-5.6, linux-image-oem-20.04, linux-image-5.6.0-1053-oem o USN-4917-1 : linux-oracle, linux-image-aws, linux-image-5.3.0-73-lowlatency, linux-image-5.8.0-1030-aws, linux-image-5.4.0-72-generic-lpae, linux-image-generic-lpae, linux-image-generic, linux-hwe-5.8, linux-gkeop, linux-oracle-5.4, linux-hwe, linux-image-snapdragon-hwe-18.04, linux-image-raspi2, linux-image-oem-osp1, linux-image-generic-64k, linux-image-oracle, linux-image-raspi-hwe-18.04, linux-image-gkeop-5.4, linux-image-gkeop-5.3, linux-image-5.4.0-1046-azure, linux-oem-5.10, linux-image-gke-5.3, linux-image-lowlatency, linux-image-gke, linux-image-5.4.0-1043-oracle, linux-image-5.8.0-1028-gcp, linux-image-generic-lpae-hwe-20.04, linux-azure-5.4, linux-image-generic-lpae-hwe-18.04, linux-image-oem, linux-image-oem-20.04b, linux-image-generic-hwe-20.04, linux-kvm, linux-image-5.8.0-1026-oracle, linux-hwe-5.4, linux-image-5.4.0-72-lowlatency, linux-image-5.4.0-72-generic, linux-image-5.8.0-1021-raspi-nolpae, linux-gkeop-5.4, linux-image-5.8.0-50-lowlatency, linux-image-virtual-hwe-20.04, linux-image-5.8.0-1029-azure, linux-image-virtual, linux-gke-5.4, linux-image-5.4.0-1038-kvm, linux-image-lowlatency-hwe-18.04, linux-raspi2-5.3, linux-raspi-5.4, linux-image-raspi-nolpae, linux-image-5.8.0-50-generic, linux-image-kvm, linux-gke-5.3, linux-image-5.3.0-73-generic, linux-aws, linux, linux-image-lowlatency-hwe-20.04, linux-image-5.8.0-50-generic-lpae, linux-image-5.8.0-1024-kvm, linux-image-generic-64k-hwe-20.04, linux-image-5.8.0-1021-raspi, linux-image-azure, linux-image-raspi, linux-gcp-5.4, linux-image-generic-hwe-18.04, linux-aws-5.4, linux-azure, linux-image-5.10.0-1022-oem, linux-image-5.4.0-1042-gke, linux-image-gkeop, linux-image-raspi2-hwe-18.04, linux-image-gke-5.4, linux-image-oem-20.04, linux-image-5.8.0-50-generic-64k, linux-raspi, linux-gcp, linux-image-virtual-hwe-18.04, linux-image-gcp, linux-image-5.3.0-1039-raspi2, linux-image-5.4.0-1042-gcp, linux-image-5.4.0-1014-gkeop, linux-image-5.3.0-1042-gke, linux-image-5.4.0-1045-aws, linux-image-5.4.0-1034-raspi o USN-4915-1 : linux-oem-5.6, linux-image-5.6.0-1054-oem, linux-image-oem-20.04 - -------------------------------------------------------------------------------- USN-4917-1: Linux kernel vulnerabilities 15 April 2021 Several security issues were fixed in the Linux kernel. Releases o Ubuntu 20.10 o Ubuntu 20.04 LTS o Ubuntu 18.04 LTS Packages o linux - Linux kernel o linux-aws - Linux kernel for Amazon Web Services (AWS) systems o linux-aws-5.4 - Linux kernel for Amazon Web Services (AWS) systems o linux-azure - Linux kernel for Microsoft Azure Cloud systems o linux-azure-5.4 - Linux kernel for Microsoft Azure cloud systems o linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems o linux-gcp-5.4 - Linux kernel for Google Cloud Platform (GCP) systems o linux-gke-5.3 - Linux kernel for Google Container Engine (GKE) systems o linux-gke-5.4 - Linux kernel for Google Container Engine (GKE) systems o linux-gkeop - Linux kernel for Google Container Engine (GKE) systems o linux-gkeop-5.4 - Linux kernel for Google Container Engine (GKE) systems o linux-hwe - Linux hardware enablement (HWE) kernel o linux-hwe-5.4 - Linux hardware enablement (HWE) kernel o linux-hwe-5.8 - Linux hardware enablement (HWE) kernel o linux-kvm - Linux kernel for cloud environments o linux-oem-5.10 - Linux kernel for OEM systems o linux-oracle - Linux kernel for Oracle Cloud systems o linux-oracle-5.4 - Linux kernel for Oracle Cloud systems o linux-raspi - Linux kernel for Raspberry Pi (V8) systems o linux-raspi-5.4 - Linux kernel for Raspberry Pi (V8) systems o linux-raspi2-5.3 - Linux kernel for Raspberry Pi (V8) systems Details It was discovered that the overlayfs implementation in the Linux kernel did not properly validate the application of file system capabilities with respect to user namespaces. A local attacker could use this to gain elevated privileges. ( CVE-2021-3493 ) Vincent Dehors discovered that the shiftfs file system in the Ubuntu Linux kernel did not properly handle faults in copy_from_user() when passing through ioctls to an underlying file system. A local attacker could use this to cause a denial of service (memory exhaustion) or execute arbitrary code. ( CVE-2021-3492 ) Piotr Krysiuk discovered that the BPF JIT compiler for x86 in the Linux kernel did not properly validate computation of branch displacements in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. ( CVE-2021-29154 ) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 20.10 o linux-image-5.8.0-1024-kvm - 5.8.0-1024.26 o linux-image-gke - 5.8.0.1028.28 o linux-image-oracle - 5.8.0.1026.25 o linux-image-5.8.0-1021-raspi-nolpae - 5.8.0-1021.24 o linux-image-raspi-nolpae - 5.8.0.1021.24 o linux-image-5.8.0-1021-raspi - 5.8.0-1021.24 o linux-image-oem-20.04 - 5.8.0.50.55 o linux-image-azure - 5.8.0.1029.29 o linux-image-virtual - 5.8.0.50.55 o linux-image-raspi - 5.8.0.1021.24 o linux-image-5.8.0-1030-aws - 5.8.0-1030.32 o linux-image-5.8.0-1029-azure - 5.8.0-1029.31 o linux-image-generic-64k - 5.8.0.50.55 o linux-image-5.8.0-50-generic-64k - 5.8.0-50.56 o linux-image-generic - 5.8.0.50.55 o linux-image-5.8.0-50-generic - 5.8.0-50.56 o linux-image-5.8.0-50-generic-lpae - 5.8.0-50.56 o linux-image-aws - 5.8.0.1030.32 o linux-image-kvm - 5.8.0.1024.26 o linux-image-5.8.0-50-lowlatency - 5.8.0-50.56 o linux-image-5.8.0-1028-gcp - 5.8.0-1028.29 o linux-image-generic-lpae - 5.8.0.50.55 o linux-image-gcp - 5.8.0.1028.28 o linux-image-5.8.0-1026-oracle - 5.8.0-1026.27 o linux-image-lowlatency - 5.8.0.50.55 Ubuntu 20.04 o linux-image-gkeop-5.4 - 5.4.0.1014.17 o linux-image-virtual-hwe-20.04 - 5.8.0.50.56~20.04.34 o linux-image-oem-20.04b - 5.10.0.1022.23 o linux-image-5.4.0-72-generic - 5.4.0-72.80 o linux-image-gkeop - 5.4.0.1014.17 o linux-image-oem-osp1 - 5.4.0.72.75 o linux-image-generic-hwe-20.04 - 5.8.0.50.56~20.04.34 o linux-image-5.4.0-72-generic-lpae - 5.4.0-72.80 o linux-image-oracle - 5.4.0.1043.40 o linux-image-5.4.0-72-lowlatency - 5.4.0-72.80 o linux-image-azure - 5.4.0.1046.44 o linux-image-generic-lpae-hwe-20.04 - 5.8.0.50.56~20.04.34 o linux-image-5.4.0-1046-azure - 5.4.0-1046.48 o linux-image-virtual - 5.4.0.72.75 o linux-image-5.4.0-1034-raspi - 5.4.0-1034.37 o linux-image-raspi - 5.4.0.1034.69 o linux-image-5.4.0-1043-oracle - 5.4.0-1043.46 o linux-image-5.8.0-50-generic-64k - 5.8.0-50.56~20.04.1 o linux-image-generic - 5.4.0.72.75 o linux-image-generic-64k-hwe-20.04 - 5.8.0.50.56~20.04.34 o linux-image-5.8.0-50-generic - 5.8.0-50.56~20.04.1 o linux-image-oem - 5.4.0.72.75 o linux-image-5.4.0-1014-gkeop - 5.4.0-1014.15 o linux-image-5.4.0-1045-aws - 5.4.0-1045.47 o linux-image-5.8.0-50-generic-lpae - 5.8.0-50.56~20.04.1 o linux-image-aws - 5.4.0.1045.46 o linux-image-kvm - 5.4.0.1038.36 o linux-image-5.8.0-50-lowlatency - 5.8.0-50.56~20.04.1 o linux-image-raspi2 - 5.4.0.1034.69 o linux-image-5.4.0-1042-gcp - 5.4.0-1042.45 o linux-image-generic-lpae - 5.4.0.72.75 o linux-image-gcp - 5.4.0.1042.51 o linux-image-5.4.0-1038-kvm - 5.4.0-1038.39 o linux-image-lowlatency-hwe-20.04 - 5.8.0.50.56~20.04.34 o linux-image-5.10.0-1022-oem - 5.10.0-1022.23 o linux-image-lowlatency - 5.4.0.72.75 Ubuntu 18.04 o linux-image-gkeop-5.4 - 5.4.0.1014.15~18.04.15 o linux-image-gkeop-5.3 - 5.3.0.73.130 o linux-image-5.4.0-72-generic - 5.4.0-72.80~18.04.1 o linux-image-oem-osp1 - 5.4.0.72.80~18.04.65 o linux-image-5.4.0-72-generic-lpae - 5.4.0-72.80~18.04.1 o linux-image-oracle - 5.4.0.1043.46~18.04.25 o linux-image-generic-hwe-18.04 - 5.4.0.72.80~18.04.65 o linux-image-azure - 5.4.0.1046.25 o linux-image-snapdragon-hwe-18.04 - 5.4.0.72.80~18.04.65 o linux-image-5.3.0-1039-raspi2 - 5.3.0-1039.41 o linux-image-5.4.0-72-lowlatency - 5.4.0-72.80~18.04.1 o linux-image-generic-lpae-hwe-18.04 - 5.4.0.72.80~18.04.65 o linux-image-5.4.0-1046-azure - 5.4.0-1046.48~18.04.1 o linux-image-5.4.0-1042-gke - 5.4.0-1042.44~18.04.1 o linux-image-5.3.0-73-generic - 5.3.0-73.69 o linux-image-5.4.0-1034-raspi - 5.4.0-1034.37~18.04.1 o linux-image-virtual-hwe-18.04 - 5.4.0.72.80~18.04.65 o linux-image-5.4.0-1043-oracle - 5.4.0-1043.46~18.04.1 o linux-image-5.3.0-73-lowlatency - 5.3.0-73.69 o linux-image-lowlatency-hwe-18.04 - 5.4.0.72.80~18.04.65 o linux-image-gke-5.3 - 5.3.0.1042.25 o linux-image-gke-5.4 - 5.4.0.1042.44~18.04.8 o linux-image-oem - 5.4.0.72.80~18.04.65 o linux-image-5.4.0-1014-gkeop - 5.4.0-1014.15~18.04.1 o linux-image-5.4.0-1045-aws - 5.4.0-1045.47~18.04.1 o linux-image-aws - 5.4.0.1045.27 o linux-image-5.3.0-1042-gke - 5.3.0-1042.45 o linux-image-5.4.0-1042-gcp - 5.4.0-1042.45~18.04.1 o linux-image-raspi-hwe-18.04 - 5.4.0.1034.36 o linux-image-gcp - 5.4.0.1042.29 o linux-image-raspi2-hwe-18.04 - 5.3.0.1039.28 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References o CVE-2021-3492 o CVE-2021-3493 o CVE-2021-29154 Related notices o USN-4912-1 : linux-oem-5.6, linux-image-oem-20.04, linux-image-5.6.0-1053-oem o USN-4916-1 : linux-snapdragon, linux-gcp-4.15, linux-dell300x, linux-aws-hwe, linux-image-4.15.0-142-generic, linux-image-lowlatency-lts-xenial, linux-image-4.4.0-209-generic-lpae, linux-image-virtual-hwe-16.04, linux-image-4.15.0-1101-snapdragon, linux-image-virtual-lts-xenial, linux-image-lowlatency, linux-image-generic, linux-image-aws-lts-18.04, linux-image-4.15.0-1098-gcp, linux-hwe, linux-aws, linux-image-oem, linux-image-azure, linux-raspi2, linux-image-4.15.0-142-generic-lpae, linux-azure, linux-azure-4.15, linux-image-generic-lpae-lts-xenial, linux-gcp, linux-image-4.15.0-1017-dell300x, linux-image-powerpc64-smp-lts-xenial, linux-image-4.15.0-1084-raspi2, linux-image-generic-lts-xenial, linux-image-azure-lts-18.04, linux-image-gke, linux-image-powerpc64-smp, linux-image-generic-lpae-hwe-16.04, linux-image-powerpc64-emb, linux-image-4.4.0-1155-snapdragon, linux-image-oracle, linux-image-virtual, linux-image-4.15.0-1090-kvm, linux-image-gcp-lts-18.04, linux-image-4.4.0-1127-aws, linux-image-powerpc-e500mc, linux-image-powerpc-e500mc-lts-xenial, linux-image-aws-hwe, linux-image-dell300x, linux-image-4.15.0-1099-aws, linux-image-4.15.0-1113-azure, linux, linux-image-generic-lpae, linux-image-4.4.0-1151-raspi2, linux-image-powerpc64-emb-lts-xenial, linux-kvm, linux-image-gcp, linux-image-kvm, linux-image-4.4.0-209-powerpc-e500mc, linux-image-4.4.0-209-powerpc-smp, linux-lts-xenial, linux-image-4.4.0-209-generic, linux-image-4.15.0-142-lowlatency, linux-image-aws, linux-image-4.4.0-209-lowlatency, linux-image-powerpc-smp, linux-image-raspi2, linux-image-4.4.0-209-powerpc64-smp, linux-image-generic-hwe-16.04, linux-image-4.4.0-1091-aws, linux-oracle, linux-image-4.4.0-1092-kvm, linux-image-4.4.0-209-powerpc64-emb, linux-image-lowlatency-hwe-16.04, linux-image-oracle-lts-18.04, linux-image-4.15.0-1070-oracle, linux-image-snapdragon, linux-image-powerpc-smp-lts-xenial o USN-4915-1 : linux-oem-5.6, linux-image-5.6.0-1054-oem, linux-image-oem-20.04 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYHkCy+NLKJtyKPYoAQi16RAAr2ozRn8ORPTVbeh3Uz4lGeFpcbOertCQ OF6ktzKPrHGeJznfdJg1Tdi2MJoXdL5xsCYi89SXs9W73J6DyIBEeGRk4xztdytu O+pZ4i9VbXZm9eeQF0gDTl2iLTPIjThL/pUuRQb22w3/Ds6NnWsMSyf6zsrNA7im A79SXapwfW3BW8aeDOiknejAtqhf7kdF5YGD2IAoZ7Ohz2Cs7V3rn2EFXCmHr7jq IOA9cAzI6DJLMnDEKWnAN7rS+ww41HdzqMhV0eeen0t77zTFbSuLNNkOHgJclodp h9MZR1BVB9+cZvsLGTSSMojyKBg61NUTCXGeciEtsOOSKqpIcMV90/dsmoZiVY5f 30JoYtR1CBaoDMHJtmkNl5yqMiWVWphaOLZ9r8YSlGBRHLw4yepqKO8ZDYvK8vs9 BM0w2RuZFFn0hrGZHp0ykmEwMgQZcpDp09oupMk73yDeFIz8uZ44iIW8IkxxrFtl r8ioOQR1GFBtWz3KNVcsDoso0jX+QOWslx3BpgQFJNaiFsE7u3bn5EdDzCimAdkx xK0No1qIylbstxOFX01AR5lGArjeVsBQYXMPtwdFrYPQHkV7qYVNju9p3APdlCa/ kMFS/5BJo7ObNwDeIziS9j97S3IbOUWmyrt3s9BKpqDDI6h3q3LR4SbAlV49kk81 SfSsvG6mMtU= =TpLM -----END PGP SIGNATURE-----
2021. április 16.

ESB-2021.1299 - [SUSE] Linux kernel: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1299 Security update for the Linux Kernel 16 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Linux kernel Publisher: SUSE Operating System: SUSE Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Increased Privileges -- Existing Account Overwrite Arbitrary Files -- Existing Account Create Arbitrary Files -- Existing Account Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Existing Account Reduced Security -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2021-30002 CVE-2021-29647 CVE-2021-29265 CVE-2021-29264 CVE-2021-29154 CVE-2021-28972 CVE-2021-28971 CVE-2021-28964 CVE-2021-28950 CVE-2021-28688 CVE-2021-28660 CVE-2021-28375 CVE-2021-28038 CVE-2021-27365 CVE-2021-27364 CVE-2021-27363 CVE-2021-26932 CVE-2021-26931 CVE-2021-26930 CVE-2021-20219 CVE-2021-3483 CVE-2021-3444 CVE-2021-3428 CVE-2020-36312 CVE-2020-36311 CVE-2020-36310 CVE-2020-35519 CVE-2020-29374 CVE-2020-29368 CVE-2020-27815 CVE-2020-27171 CVE-2020-27170 CVE-2020-25673 CVE-2020-25672 CVE-2020-25671 CVE-2020-25670 CVE-2020-0433 CVE-2019-19769 CVE-2019-18814 Reference: ESB-2021.1251 ESB-2021.1231 ESB-2021.1228 ESB-2021.1212 ESB-2021.1184 Original Bulletin: https://www.suse.com/support/update/announcement/2021/suse-su-20211211-1 https://www.suse.com/support/update/announcement/2021/suse-su-20211210-1 Comment: This bulletin contains two (2) SUSE security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1211-1 Rating: important References: #1047233 #1065729 #1113295 #1152472 #1152489 #1153274 #1154353 #1155518 #1156256 #1156395 #1159280 #1160634 #1167773 #1168777 #1169514 #1169709 #1171295 #1173485 #1177326 #1178163 #1178181 #1178330 #1179454 #1180197 #1180980 #1181383 #1181507 #1181674 #1181862 #1182011 #1182077 #1182485 #1182552 #1182574 #1182591 #1182595 #1182712 #1182713 #1182715 #1182716 #1182717 #1182770 #1182989 #1183015 #1183018 #1183022 #1183023 #1183048 #1183252 #1183277 #1183278 #1183279 #1183280 #1183281 #1183282 #1183283 #1183284 #1183285 #1183286 #1183287 #1183288 #1183366 #1183369 #1183386 #1183405 #1183412 #1183416 #1183427 #1183428 #1183445 #1183447 #1183501 #1183509 #1183530 #1183534 #1183540 #1183593 #1183596 #1183598 #1183637 #1183646 #1183662 #1183686 #1183692 #1183696 #1183750 #1183757 #1183775 #1183843 #1183859 #1183871 #1184074 #1184120 #1184167 #1184168 #1184170 #1184176 #1184192 #1184193 #1184194 #1184196 #1184198 #1184211 #1184217 #1184218 #1184219 #1184220 #1184224 #1184388 #1184391 #1184393 #1184509 #1184511 #1184512 #1184514 #1184583 #1184647 Cross-References: CVE-2019-18814 CVE-2019-19769 CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2020-27170 CVE-2020-27171 CVE-2020-27815 CVE-2020-35519 CVE-2020-36310 CVE-2020-36311 CVE-2020-36312 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 CVE-2021-28038 CVE-2021-28375 CVE-2021-28660 CVE-2021-28688 CVE-2021-28950 CVE-2021-28964 CVE-2021-28971 CVE-2021-28972 CVE-2021-29154 CVE-2021-29264 CVE-2021-29265 CVE-2021-29647 CVE-2021-30002 CVE-2021-3428 CVE-2021-3444 CVE-2021-3483 Affected Products: SUSE Linux Enterprise Module for Realtime 15-SP2 ______________________________________________________________________________ An update that solves 32 vulnerabilities and has 85 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 kernel RT was updated to receive various security and bugfixes. The following security bugs were fixed: o CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184170). o CVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent (bsc# 1173485). o CVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bsc#1184192 ). o CVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have allowed attackers to cause a denial of service due to race conditions during an update of the local and shared status (bsc#1184167). o CVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet driver which could have allowed attackers to cause a system crash due to a calculation of negative fragment size (bsc#1184168). o CVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly (bsc#1184198). o CVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could have caused a system crash because the PEBS status in a PEBS record was mishandled (bsc#1184196 ). o CVE-2021-28964: Fixed a race condition in get_old_root which could have allowed attackers to cause a denial of service (bsc#1184193). o CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646). o CVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc# 1183593 ). o CVE-2021-28375: Fixed an issue in fastrpc_internal_invoke which did not prevent user applications from sending kernel RPC messages (bsc#1183596). o CVE-2021-28038: Fixed an issue with the netback driver which was lacking necessary treatment of errors such as failed memory allocations (bsc# 1183022). o CVE-2021-27365: Fixed an issue where an unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bsc#1182715). o CVE-2021-27364: Fixed an issue where an attacker could craft Netlink messages (bsc#1182717). o CVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1182716). o CVE-2020-35519: Fixed an out-of-bounds memory access was found in x25_bind (bsc#1183696). o CVE-2020-27815: Fixed an issue in JFS filesystem where could have allowed an attacker to execute code (bsc#1179454). o CVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183775). o CVE-2020-27170: Fixed potential side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc# 1183686). o CVE-2019-19769: Fixed a use-after-free in the perf_trace_lock_acquire function (bsc#1159280 ). o CVE-2019-18814: Fixed a use-after-free when aa_label_parse() fails in aa_audit_rule_init() (bsc#1156256). o CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673: Fixed multiple bugs in NFC subsytem (bsc#1178181). o CVE-2020-36311: Fixed a denial of service (soft lockup) by triggering destruction of a large SEV VM (bsc#1184511). o CVE-2021-29154: Fixed incorrect computation of branch displacements, allowing arbitrary code execution (bsc#1184391). o CVE-2021-30002: Fixed a memory leak for large arguments in video_usercopy (bsc#1184120). o CVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393). o CVE-2020-36310: Fixed infinite loop for certain nested page faults (bsc# 1184512). o CVE-2020-36312: Fixed a memory leak upon a kmalloc failure (bsc#1184509 ). o CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h due to a retry loop continually was finding the same bad inode (bsc#1184194). The following non-security bugs were fixed: o 0007-block-add-docs-for-gendisk-request_queue-refcount-he.patch: (bsc# 1171295, git fixes (block drivers)). o 0008-block-revert-back-to-synchronous-request_queue-remov.patch: (bsc# 1171295, git fixes (block drivers)). o 0009-blktrace-fix-debugfs-use-after-free.patch: (bsc#1171295, git fixes (block drivers)). o ACPI: bus: Constify is_acpi_node() and friends (part 2) (git-fixes). o ACPICA: Always create namespace nodes using acpi_ns_create_node() (git-fixes). o ACPICA: Enable sleep button on ACPI legacy wake (bsc#1181383). o ACPICA: Fix race in generic_serial_bus (I2C) and GPIO op_region parameter handling (git-fixes). o ACPI: scan: Rearrange memory allocation in acpi_device_add() (git-fixes). o ACPI: video: Add DMI quirk for GIGABYTE GB-BXBT-2807 (git-fixes). o ACPI: video: Add missing callback back for Sony VPCEH3U1E (git-fixes). o ALSA: aloop: Fix initialization of controls (git-fixes). o ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits (git-fixes). o ALSA: hda: Avoid spurious unsol event handling during S3/S4 (git-fixes). o ALSA: hda: Drop the BATCH workaround for AMD controllers (git-fixes). o ALSA: hda: generic: Fix the micmute led init state (git-fixes). o ALSA: hda/hdmi: Cancel pending works before suspend (git-fixes). o ALSA: hda/realtek: Add quirk for Clevo NH55RZQ (git-fixes). o ALSA: hda/realtek: Add quirk for Intel NUC 10 (git-fixes). o ALSA: hda/realtek: Apply dual codec quirks for MSI Godlike X570 board (git-fixes). o ALSA: hda/realtek: Apply headset-mic quirks for Xiaomi Redmibook Air (git-fixes). o ALSA: hda/realtek: apply pin quirk for XiaomiNotebook Pro (git-fixes). o ALSA: hda/realtek: Enable headset mic of Acer SWIFT with ALC256 (git-fixes). o ALSA: hda/realtek: fix a determine_headset_type issue for a Dell AIO (git-fixes). o ALSA: hda/realtek: Fix speaker amp setup on Acer Aspire E1 (git-fixes). o ALSA: usb: Add Plantronics C320-M USB ctrl msg delay quirk (bsc#1182552). o ALSA: usb-audio: Allow modifying parameters with succeeding hw_params calls (bsc#1182552). o ALSA: usb-audio: Apply sample rate quirk to Logitech Connect (git-fixes). o ALSA: usb-audio: Apply the control quirk to Plantronics headsets (bsc# 1182552). o ALSA: usb-audio: Disable USB autosuspend properly in setup_disable_autosuspend() (bsc#1182552). o ALSA: usb-audio: Do not abort even if the clock rate differs (bsc#1182552). o ALSA: usb-audio: Drop bogus dB range in too low level (bsc#1182552). o ALSA: usb-audio: Fix "cannot get freq eq" errors on Dell AE515 sound bar (bsc#1182552). o ALSA: usb-audio: fix NULL ptr dereference in usb_audio_probe (bsc#1182552). o ALSA: usb-audio: Fix "RANGE setting not yet supported" errors (git-fixes). o ALSA: usb-audio: fix use after free in usb_audio_disconnect (bsc#1182552). o ALSA: usb-audio: Skip the clock selector inquiry for single connections (git-fixes). o ALSA: usb: Use DIV_ROUND_UP() instead of open-coding it (git-fixes). o amd/amdgpu: Disable VCN DPG mode for Picasso (git-fixes). o apparmor: check/put label on apparmor_sk_clone_security() (git-fixes). o appletalk: Fix skb allocation size in loopback case (git-fixes). o arm64: make STACKPROTECTOR_PER_TASK configurable (bsc#1181862). o ASoC: ak4458: Add MODULE_DEVICE_TABLE (git-fixes). o ASoC: ak5558: Add MODULE_DEVICE_TABLE (git-fixes). o ASoC: cs42l42: Always wait at least 3ms after reset (git-fixes). o ASoC: cs42l42: Do not enable/disable regulator at Bias Level (git-fixes). o ASoC: cs42l42: Fix Bitclock polarity inversion (git-fixes). o ASoC: cs42l42: Fix channel width support (git-fixes). o ASoC: cs42l42: Fix mixer volume control (git-fixes). o ASoC: cygnus: fix for_each_child.cocci warnings (git-fixes). o ASoC: es8316: Simplify adc_pga_gain_tlv table (git-fixes). o ASoC: fsl_esai: Fix TDM slot setup for I2S mode (git-fixes). o ASoC: fsl_ssi: Fix TDM slot setup for I2S mode (git-fixes). o ASoC: Intel: Add DMI quirk table to soc_intel_is_byt_cr() (git-fixes). o ASoC: intel: atom: Remove 44100 sample-rate from the media and deep-buffer DAI descriptions (git-fixes). o ASoC: intel: atom: Stop advertising non working S24LE support (git-fixes). o ASoC: Intel: bytcr_rt5640: Add quirk for ARCHOS Cesium 140 (git-fixes). o ASoC: Intel: bytcr_rt5640: Add quirk for the Acer One S1002 tablet (git-fixes). o ASoC: Intel: bytcr_rt5640: Add quirk for the Estar Beauty HD MID 7316R tablet (git-fixes). o ASoC: Intel: bytcr_rt5640: Add quirk for the Voyo Winpad A15 tablet (git-fixes). o ASoC: Intel: bytcr_rt5640: Fix HP Pavilion x2 10-p0XX OVCD current threshold (git-fixes). o ASoC: Intel: bytcr_rt5651: Add quirk for the Jumper EZpad 7 tablet (git-fixes). o ASoC: max98373: Added 30ms turn on/off time delay (git-fixes). o ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes). o ASoC: rt5651: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes). o ASoC: rt5670: Add emulated 'DAC1 Playback Switch' control (git-fixes). o ASoC: rt5670: Remove ADC vol-ctrl mute bits poking from Sto1 ADC mixer settings (git-fixes). o ASoC: rt5670: Remove 'HP Playback Switch' control (git-fixes). o ASoC: rt5670: Remove 'OUT Channel Switch' control (git-fixes). o ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value on probe (git-fixes). o ASoC: simple-card-utils: Do not handle device clock (git-fixes). o ASoC: sunxi: sun4i-codec: fill ASoC card owner (git-fixes). o ASoC: wm8960: Fix wrong bclk and lrclk with pll enabled for some chips (git-fixes). o ath10k: fix wmi mgmt tx queue full due to race condition (git-fixes). o ath10k: hold RCU lock when calling ieee80211_find_sta_by_ifaddr() (git-fixes). o ath9k: fix transmitting to stations in dynamic SMPS mode (git-fixes). o atl1c: fix error return code in atl1c_probe() (git-fixes). o atl1e: fix error return code in atl1e_probe() (git-fixes). o batman-adv: initialize "struct batadv_tvlv_tt_vlan_data"->reserved field (git-fixes). o binfmt_misc: fix possible deadlock in bm_register_write (git-fixes). o binfmt_misc: fix possible deadlock in bm_register_write (git-fixes). o blktrace-annotate-required-lock-on-do_blk_trace_setu.patch: (bsc#1171295). o blktrace-Avoid-sparse-warnings-when-assigning-q-blk_.patch: (bsc#1171295). o blktrace-break-out-of-blktrace-setup-on-concurrent-c.patch: (bsc#1171295). o block-clarify-context-for-refcount-increment-helpers.patch: (bsc#1171295). o block: rsxx: fix error return code of rsxx_pci_probe() (git-fixes). o Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data (git-fixes). o Bluetooth: hci_h5: Set HCI_QUIRK_SIMULTANEOUS_DISCOVERY for btrtl (git-fixes). o bnxt_en: reliably allocate IRQ table on reset to avoid crash (jsc#SLE-8371 bsc#1153274). o bpf: Add sanity check for upper ptr_limit (bsc#1183686 bsc#1183775). o bpf: Avoid warning when re-casting __bpf_call_base into __bpf_call_base_args (bsc#1155518). o bpf: Declare __bpf_free_used_maps() unconditionally (bsc#1155518). o bpf: Do not do bpf_cgroup_storage_set() for kuprobe/tp programs (bsc# 1155518). o bpf: Fix 32 bit src register truncation on div/mod (bsc#1184170). o bpf_lru_list: Read double-checked variable once without lock (bsc#1155518). o bpf: Remove MTU check in __bpf_skb_max_len (bsc#1155518). o bpf: Simplify alu_limit masking for pointer arithmetic (bsc#1183686 bsc# 1183775). o bpf,x64: Pad NOPs to make images converge more easily (bsc#1178163). o brcmfmac: Add DMI nvram filename quirk for Predia Basic tablet (git-fixes). o brcmfmac: Add DMI nvram filename quirk for Voyo winpad A15 tablet (git-fixes). o brcmfmac: clear EAP/association status bits on linkdown events (git-fixes). o btrfs: abort the transaction if we fail to inc ref in btrfs_copy_root (bsc# 1184217). o btrfs: always pin deleted leaves when there are active tree mod log users (bsc#1184224). o btrfs: fix exhaustion of the system chunk array due to concurrent allocations (bsc#1183386). o btrfs: fix extent buffer leak on failure to copy root (bsc#1184218). o btrfs: fix race when cloning extent buffer during rewind of an old root (bsc#1184193). o btrfs: fix stale data exposure after cloning a hole with NO_HOLES enabled (bsc#1184220). o btrfs: fix subvolume/snapshot deletion not triggered on mount (bsc# 1184219). o bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD (git-fixes). o bus: ti-sysc: Fix warning on unbind if reset is not deasserted (git-fixes). o can: c_can: move runtime PM enable/disable to c_can_platform (git-fixes). o can: c_can_pci: c_can_pci_remove(): fix use-after-free (git-fixes). o can: flexcan: assert FRZ bit in flexcan_chip_freeze() (git-fixes). o can: flexcan: enable RX FIFO after FRZ/HALT valid (git-fixes). o can: flexcan: flexcan_chip_freeze(): fix chip freeze for missing bitrate (git-fixes). o can: flexcan: invoke flexcan_chip_freeze() to enter freeze mode (git-fixes). o can: m_can: m_can_do_rx_poll(): fix extraneous msg loss warning (git-fixes). o can: peak_usb: add forgotten supported devices (git-fixes). o can: peak_usb: Revert "can: peak_usb: add forgotten supported devices" (git-fixes). o can: skb: can_skb_set_owner(): fix ref counting if socket was closed before setting skb ownership (git-fixes). o cdc-acm: fix BREAK rx code path adding necessary calls (git-fixes). o certs: Fix blacklist flag type confusion (git-fixes). o cifs: change noisy error message to FYI (bsc#1181507). o cifs: check pointer before freeing (bsc#1183534). o cifs_debug: use %pd instead of messing with ->d_name (bsc#1181507). o cifs: do not send close in compound create+close requests (bsc#1181507). o cifs: New optype for session operations (bsc#1181507). o cifs: print MIDs in decimal notation (bsc#1181507). o cifs: return proper error code in statfs(2) (bsc#1181507). o cifs: Tracepoints and logs for tracing credit changes (bsc#1181507). o clk: fix invalid usage of list cursor in register (git-fixes). o clk: fix invalid usage of list cursor in unregister (git-fixes). o clk: socfpga: fix iomem pointer cast on 64-bit (git-fixes). o completion: Drop init_completion define (git-fixes). o configfs: fix a use-after-free in __configfs_open_file (git-fixes). o config: net: freescale: change xgmac-mdio to built-in References: bsc# 1183015,bsc#1182595 o crypto: aesni - prevent misaligned buffers on the stack (git-fixes). o crypto: arm64/sha - add missing module aliases (git-fixes). o crypto: bcm - Rename struct device_private to bcm_device_private (git-fixes). o crypto: Kconfig - CRYPTO_MANAGER_EXTRA_TESTS requires the manager (git-fixes). o crypto: tcrypt - avoid signed overflow in byte count (git-fixes). o Delete patches.suse/sched-Reenable-interrupts-in-do_sched_yield.patch (bsc# 1183530) o drivers/misc/vmw_vmci: restrict too big queue size in qp_host_alloc_queue (git-fixes). o drivers: video: fbcon: fix NULL dereference in fbcon_cursor() (git-fixes). o drm/amd/display: Guard against NULL pointer deref when get_i2c_info fails (git-fixes). o drm/amdgpu: Add check to prevent IH overflow (git-fixes). o drm/amdgpu: check alignment on CPU page for bo map (git-fixes). o drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings() (git-fixes). o drm/amdgpu: fix parameter error of RREG32_PCIE() in amdgpu_regs_pcie (git-fixes). o drm/amdkfd: Put ACPI table after using it (bsc#1152489) Backporting notes: * context changes o drm/amd/powerplay: fix spelling mistake "smu_state_memroy_block" -> (bsc# 1152489) Backporting notes: * rename amd/pm to amd/powerplay * context changes o drm/compat: Clear bounce structures (git-fixes). o drm/hisilicon: Fix use-after-free (git-fixes). o drm/i915: Fix invalid access to ACPI _DSM objects (bsc#1184074). o drm/i915: Reject 446-480MHz HDMI clock on GLK (git-fixes). o drm/mediatek: Fix aal size config (bsc#1152489) o drm: meson_drv add shutdown function (git-fixes). o drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL register (git-fixes). o drm/msm/adreno: a5xx_power: Do not apply A540 lm_setup to other GPUs (git-fixes). o drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY) (git-fixes). o drm/msm: Fix races managing the OOB state for timestamp vs (bsc#1152489) o drm/msm: fix shutdown hook in case GPU components failed to bind (git-fixes). o drm/msm: Fix use-after-free in msm_gem with carveout (bsc#1152489) o drm/msm: Fix WARN_ON() splat in _free_object() (bsc#1152489) o drm/msm/gem: Add obj->lock wrappers (bsc#1152489) o drm/msm: Ratelimit invalid-fence message (git-fixes). o drm/msm: Set drvdata to NULL when msm_drm_init() fails (git-fixes). o drm/nouveau: bail out of nouveau_channel_new if channel init fails (bsc# 1152489) o drm/nouveau/kms: handle mDP connectors (git-fixes). o drm/panfrost: Do not corrupt the queue mutex on open/close (bsc#1152472) o drm/panfrost: Fix job timeout handling (bsc#1152472) o drm/panfrost: Remove unused variables in panfrost_job_close() (bsc#1152472) o drm/radeon: fix AGP dependency (git-fixes). o drm: rcar-du: Fix crash when using LVDS1 clock for CRTC (bsc#1152489) o drm/sched: Cancel and flush all outstanding jobs before finish (git-fixes). o drm/sun4i: tcon: fix inverted DCLK polarity (bsc#1152489) o drm/tegra: sor: Grab runtime PM reference across reset (git-fixes). o drm/vc4: hdmi: Restore cec physical address on reconnect (bsc#1152472) o efi: use 32-bit alignment for efi_guid_t literals (git-fixes). o enetc: Fix reporting of h/w packet counters (git-fixes). o epoll: check for events when removing a timed out thread from the wait queue (git-fixes). o ethernet: alx: fix order of calls on resume (git-fixes). o exec: Move would_dump into flush_old_exec (git-fixes). o exfat: add missing MODULE_ALIAS_FS() (bsc#1182989). o exfat: add the dummy mount options to be backward compatible with staging/ exfat (bsc#1182989). o extcon: Add stubs for extcon_register_notifier_all() functions (git-fixes). o extcon: Fix error handling in extcon_dev_register (git-fixes). o fbdev: aty: SPARC64 requires FB_ATY_CT (git-fixes). o firmware/efi: Fix a use after bug in efi_mem_reserve_persistent (git-fixes). o flow_dissector: fix byteorder of dissected ICMP ID (bsc#1154353). o fsl/fman: check dereferencing null pointer (git-fixes). o fsl/fman: fix dereference null return value (git-fixes). o fsl/fman: fix eth hash table allocation (git-fixes). o fsl/fman: fix unreachable code (git-fixes). o fsl/fman: use 32-bit unsigned integer (git-fixes). o fuse: fix bad inode (bsc#1184211). o fuse: fix live lock in fuse_iget() (bsc#1184211). o fuse: verify write return (git-fixes). o gcc-plugins: drop support for GCC <= 4.7 (bcs#1181862). o gcc-plugins: make it possible to disable CONFIG_GCC_PLUGINS again (bcs# 1181862). o gcc-plugins: simplify GCC plugin-dev capability test (bsc#1181862). o gianfar: Account for Tx PTP timestamp in the skb headroom (git-fixes). o gianfar: Fix TX timestamping with a stacked DSA driver (git-fixes). o gianfar: Handle error code at MAC address change (git-fixes). o gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP (git-fixes). o Goodix Fingerprint device is not a modem (git-fixes). o gpiolib: acpi: Add missing IRQF_ONESHOT (git-fixes). o gpio: pca953x: Set IRQ type when handle Intel Galileo Gen 2 (git-fixes). o gpio: zynq: fix reference leak in zynq_gpio functions (git-fixes). o HID: i2c-hid: Add I2C_HID_QUIRK_NO_IRQ_AFTER_RESET for ITE8568 EC on Voyo Winpad A15 (git-fixes). o HID: mf: add support for 0079:1846 Mayflash/Dragonrise USB Gamecube Adapter (git-fixes). o HSI: Fix PM usage counter unbalance in ssi_hw_init (git-fixes). o hwmon: (ina3221) Fix PM usage counter unbalance in ina3221_write_enable (git-fixes). o i2c: rcar: faster irq code to minimize HW race condition (git-fixes). o i2c: rcar: optimize cacheline to minimize HW race condition (git-fixes). o i40e: Fix parameters in aq_get_phy_register() (jsc#SLE-8025). o i40e: Fix sparse error: 'vsi->netdev' could be null (jsc#SLE-8025). o iavf: Fix incorrect adapter get in iavf_resume (git-fixes). o iavf: use generic power management (git-fixes). o ibmvnic: add comments for spinlock_t definitions (bsc#1183871 ltc#192139). o ibmvnic: always store valid MAC address (bsc#1182011 ltc#191844). o ibmvnic: avoid multiple line dereference (bsc#1183871 ltc#192139). o ibmvnic: fix block comments (bsc#1183871 ltc#192139). o ibmvnic: fix braces (bsc#1183871 ltc#192139). o ibmvnic: fix miscellaneous checks (bsc#1183871 ltc#192139). o ibmvnic: Fix possibly uninitialized old_num_tx_queues variable warning (jsc #SLE-17268). o ibmvnic: merge do_change_param_reset into do_reset (bsc#1183871 ltc# 192139). o ibmvnic: prefer strscpy over strlcpy (bsc#1183871 ltc#192139). o ibmvnic: prefer 'unsigned long' over 'unsigned long int' (bsc#1183871 ltc# 192139). o ibmvnic: remove excessive irqsave (bsc#1182485 ltc#191591). o ibmvnic: remove unnecessary rmb() inside ibmvnic_poll (bsc#1183871 ltc# 192139). o ibmvnic: remove unused spinlock_t stats_lock definition (bsc#1183871 ltc# 192139). o ibmvnic: rework to ensure SCRQ entry reads are properly ordered (bsc# 1183871 ltc#192139). o ibmvnic: simplify reset_long_term_buff function (bsc#1183023 ltc#191791). o ibmvnic: substitute mb() with dma_wmb() for send_*crq* functions (bsc# 1183023 ltc#191791). o ice: fix memory leak if register_netdev_fails (git-fixes). o ice: fix memory leak in ice_vsi_setup (git-fixes). o ice: Fix state bits on LLDP mode switch (jsc#SLE-7926). o ice: remove DCBNL_DEVRESET bit from PF state (jsc#SLE-7926). o ice: renegotiate link after FW DCB on (jsc#SLE-8464). o ice: report correct max number of TCs (jsc#SLE-7926). o ice: update the number of available RSS queues (jsc#SLE-7926). o igc: Fix igc_ptp_rx_pktstamp() (bsc#1160634). o iio: adc: ad7949: fix wrong ADC result due to incorrect bit mask (git-fixes). o iio:adc:qcom-spmi-vadc: add default scale to LR_MUX2_BAT_ID channel (git-fixes). o iio: adis16400: Fix an error code in adis16400_initial_setup() (git-fixes). o iio: gyro: mpu3050: Fix error handling in mpu3050_trigger_handler (git-fixes). o iio: hid-sensor-humidity: Fix alignment issue of timestamp channel (git-fixes). o iio: hid-sensor-prox: Fix scale not correct issue (git-fixes). o iio: hid-sensor-temperature: Fix issues of timestamp channel (git-fixes). o include/linux/sched/mm.h: use rcu_dereference in in_vfork() (git-fixes). o Input: applespi - do not wait for responses to commands indefinitely (git-fixes). o Input: elantech - fix protocol errors for some trackpoints in SMBus mode (git-fixes). o Input: i8042 - add ASUS Zenbook Flip to noselftest list (git-fixes). o Input: raydium_ts_i2c - do not send zero length (git-fixes). o Input: xpad - add support for PowerA Enhanced Wired Controller for Xbox Series X|S (git-fixes). o iommu/amd: Fix sleeping in atomic in increase_address_space() (bsc# 1183277). o iommu/intel: Fix memleak in intel_irq_remapping_alloc (bsc#1183278). o iommu/qcom: add missing put_device() call in qcom_iommu_of_xlate() (bsc# 1183637). o iommu/vt-d: Add get_domain_info() helper (bsc#1183279). o iommu/vt-d: Avoid panic if iommu init fails in tboot system (bsc#1183280). o iommu/vt-d: Correctly check addr alignment in qi_flush_dev_iotlb_pasid() (bsc#1183281). o iommu/vt-d: Do not use flush-queue when caching-mode is on (bsc#1183282). o iommu/vt-d: Fix general protection fault in aux_detach_device() (bsc# 1183283). o iommu/vt-d: Fix ineffective devTLB invalidation for subdevices (bsc# 1183284). o iommu/vt-d: Fix unaligned addresses for intel_flush_svm_range_dev() (bsc# 1183285). o iommu/vt-d: Move intel_iommu info from struct intel_svm to struct intel_svm_dev (bsc#1183286). o ionic: linearize tso skb with too many frags (bsc#1167773). o kABI: powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes). o kbuild: add dummy toolchains to enable all cc-option etc. in Kconfig (bcs# 1181862). o kbuild: change *FLAGS_.o to take the path relative to $(obj) (bcs#1181862). o kbuild: dummy-tools, fix inverted tests for gcc (bcs#1181862). o kbuild: dummy-tools, support MPROFILE_KERNEL checks for ppc (bsc#1181862). o kbuild: Fail if gold linker is detected (bcs#1181862). o kbuild: improve cc-option to clean up all temporary files (bsc#1178330). o kbuild: include scripts/Makefile.* only when relevant CONFIG is enabled (bcs#1181862). o kbuild: simplify GCC_PLUGINS enablement in dummy-tools/gcc (bcs#1181862). o kbuild: stop filtering out $(GCC_PLUGINS_CFLAGS) from cc-option base (bcs# 1181862). o kbuild: use -S instead of -E for precise cc-option test in Kconfig (bsc# 1178330). o kconfig: introduce m32-flag and m64-flag (bcs#1181862). o KVM: nVMX: Properly handle userspace interrupt window request (bsc# 1183427). o KVM: SVM: Clear the CR4 register on reset (bsc#1183252). o KVM: x86: Add helpers to perform CPUID-based guest vendor check (bsc# 1183445). o KVM: x86: Add RIP to the kvm_entry, i.e. VM-Enter, tracepoint Needed as a dependency of 0b40723a827 ("kvm: tracing: Fix unmatched kvm_entry and kvm_exit events", bsc#1182770). o KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if tsx=off (bsc# 1183287). o KVM: x86: do not reset microcode version on INIT or RESET (bsc#1183412). o KVM x86: Extend AMD specific guest behavior to Hygon virtual CPUs (bsc# 1183447). o KVM: x86: list MSR_IA32_UCODE_REV as an emulated MSR (bsc#1183369). o KVM: x86: Return -E2BIG when KVM_GET_SUPPORTED_CPUID hits max entries (bsc# 1183428). o KVM: x86: Set so called 'reserved CR3 bits in LM mask' at vCPU reset (bsc# 1183288). o libbpf: Clear map_info before each bpf_obj_get_info_by_fd (bsc#1155518). o libbpf: Fix BTF dump of pointer-to-array-of-struct (bsc#1155518). o libbpf: Fix INSTALL flag order (bsc#1155518). o libbpf: Use SOCK_CLOEXEC when opening the netlink socket (bsc#1155518). o lib/syscall: fix syscall registers retrieval on 32-bit platforms (git-fixes). o locking/mutex: Fix non debug version of mutex_lock_io_nested() (git-fixes). o loop-be-paranoid-on-exit-and-prevent-new-additions-r.patch: (bsc#1171295). o mac80211: choose first enabled channel for monitor (git-fixes). o mac80211: fix double free in ibss_leave (git-fixes). o mac80211: fix rate mask reset (git-fixes). o mac80211: fix TXQ AC confusion (git-fixes). o mdio: fix mdio-thunder.c dependency & build error (git-fixes). o media: cros-ec-cec: do not bail on device_init_wakeup failure (git-fixes). o media: cx23885: add more quirks for reset DMA on some AMD IOMMU (git-fixes). o media: mceusb: Fix potential out-of-bounds shift (git-fixes). o media: mceusb: sanity check for prescaler value (git-fixes). o media: rc: compile rc-cec.c into rc-core (git-fixes). o media: usbtv: Fix deadlock on suspend (git-fixes). o media: uvcvideo: Allow entities with no pads (git-fixes). o media: v4l2-ctrls.c: fix shift-out-of-bounds in std_validate (git-fixes). o media: v4l: vsp1: Fix bru null pointer access (git-fixes). o media: v4l: vsp1: Fix uif null pointer access (git-fixes). o media: vicodec: add missing v4l2_ctrl_request_hdl_put() (git-fixes). o misc: eeprom_93xx46: Add quirk to support Microchip 93LC46B eeprom (git-fixes). o misc: fastrpc: restrict user apps from sending kernel RPC messages (git-fixes). o misc/pvpanic: Export module FDT device table (git-fixes). o misc: rtsx: init of rts522a add OCP power off when no card is present (git-fixes). o mISDN: fix crash in fritzpci (git-fixes). o mmc: core: Fix partition switch time for eMMC (git-fixes). o mmc: cqhci: Fix random crash when remove mmc module/card (git-fixes). o mmc: mxs-mmc: Fix a resource leak in an error handling path in 'mxs_mmc_probe()' (git-fixes). o mmc: sdhci-esdhc-imx: fix kernel panic when remove module (git-fixes). o mmc: sdhci-of-dwcmshc: set SDHCI_QUIRK2_PRESET_VALUE_BROKEN (git-fixes). o mm: hugetlbfs: fix cannot migrate the fallocated HugeTLB page (git-fixes). o mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa (bsc#1168777). o mount: fix mounting of detached mounts onto targets that reside on shared mounts (git-fixes). o mt76: dma: do not report truncated frames to mac80211 (git-fixes). o mwifiex: pcie: skip cancel_work_sync() on reset failure path (git-fixes). o net: arc_emac: Fix memleak in arc_mdio_probe (git-fixes). o net: atheros: switch from 'pci_' to 'dma_' API (git-fixes). o net: b44: fix error return code in b44_init_one() (git-fixes). o net: bonding: fix error return code of bond_neigh_init() (bsc#1154353). o net: cdc-phonet: fix data-interface release on probe failure (git-fixes). o net: core: introduce __netdev_notify_peers (bsc#1183871 ltc#192139). o netdevsim: init u64 stats for 32bit hardware (git-fixes). o net: dsa: rtl8366: Fix VLAN semantics (git-fixes). o net: dsa: rtl8366: Fix VLAN set-up (git-fixes). o net: dsa: rtl8366rb: Support all 4096 VLANs (git-fixes). o net: enic: Cure the enic api locking trainwreck (git-fixes). o net: ethernet: aquantia: Fix wrong return value (git-fixes). o net: ethernet: cavium: octeon_mgmt: use phy_start and phy_stop (git-fixes). o net: ethernet: ibm: ibmvnic: Fix some kernel-doc misdemeanours (bsc#1183871 ltc#192139). o net: ethernet: ti: cpsw: fix clean up of vlan mc entries for host port (git-fixes). o net: ethernet: ti: cpsw: fix error return code in cpsw_probe() (git-fixes). o net: fec: Fix phy_device lookup for phy_reset_after_clk_enable() (git-fixes). o net: fec: Fix PHY init after phy_reset_after_clk_enable() (git-fixes). o net: fec: Fix reference count leak in fec series ops (git-fixes). o net: gemini: Fix another missing clk_disable_unprepare() in probe (git-fixes). o net: gemini: Fix missing free_netdev() in error path of gemini_ethernet_port_probe() (git-fixes). o net: gianfar: Add of_node_put() before goto statement (git-fixes). o net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device (git-fixes). o net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup (git-fixes). o net: hns3: Remove the left over redundant check & assignment (bsc#1154353). o net: korina: cast KSEG0 address to pointer in kfree (git-fixes). o net: korina: fix kfree of rx/tx descriptor array (git-fixes). o net: lantiq: Wait for the GPHY firmware to be ready (git-fixes). o net/mlx5: Disable devlink reload for lag devices (jsc#SLE-8464). o net/mlx5: Disable devlink reload for multi port slave device (jsc# SLE-8464). o net/mlx5: Disallow RoCE on lag device (jsc#SLE-8464). o net/mlx5: Disallow RoCE on multi port slave device (jsc#SLE-8464). o net/mlx5e: E-switch, Fix rate calculation division (jsc#SLE-8464). o net/mlx5e: E-switch, Fix rate calculation for overflow (jsc#SLE-8464). o net/mlx5: Fix PPLM register mapping (jsc#SLE-8464). o net: mvneta: fix double free of txq->buf (git-fixes). o net: mvneta: make tx buffer array agnostic (git-fixes). o net: pasemi: fix error return code in pasemi_mac_open() (git-fixes). o net: phy: broadcom: Only advertise EEE for supported modes (git-fixes). o net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init (git-fixes). o net: qualcomm: rmnet: Fix incorrect receive packet handling during cleanup (git-fixes). o net: sched: disable TCQ_F_NOLOCK for pfifo_fast (bsc#1183405) o netsec: restore phy power state after controller reset (bsc#1183757). o net: spider_net: Fix the size used in a 'dma_free_coherent()' call (git-fixes). o net: stmmac: Fix incorrect location to set real_num_rx|tx_queues (git-fixes). o net: stmmac: removed enabling eee in EEE set callback (git-fixes). o net: stmmac: use netif_tx_start|stop_all_queues() function (git-fixes). o net: stmmac: Use rtnl_lock/unlock on netif_set_real_num_rx_queues() call (git-fixes). o net: usb: ax88179_178a: fix missing stop entry in driver_info (git-fixes). o net: usb: qmi_wwan: allow qmimux add/del with master up (git-fixes). o net: usb: qmi_wwan: support ZTE P685M modem (git-fixes). o net: wan/lmc: unregister device when no matching device is found (git-fixes). o nfp: flower: fix pre_tun mask id allocation (bsc#1154353). o nvme: allocate the keep alive request using BLK_MQ_REQ_NOWAIT (bsc# 1182077). o nvme-fabrics: fix kato initialization (bsc#1182591). o nvme-fabrics: only reserve a single tag (bsc#1182077). o nvme-fc: fix racing controller reset and create association (bsc#1183048). o nvme-hwmon: Return error code when registration fails (bsc#1177326). o nvme: merge nvme_keep_alive into nvme_keep_alive_work (bsc#1182077). o nvme: return an error if nvme_set_queue_count() fails (bsc#1180197). o nvmet-rdma: Fix list_del corruption on queue establishment failure (bsc# 1183501). o objtool: Fix ".cold" section suffix check for newer versions of GCC (bsc# 1169514). o objtool: Fix error handling for STD/CLD warnings (bsc#1169514). o objtool: Fix retpoline detection in asm code (bsc#1169514). o ovl: fix dentry leak in ovl_get_redirect (bsc#1184176). o ovl: fix out of date comment and unreachable code (bsc#1184176). o ovl: fix regression with re-formatted lower squashfs (bsc#1184176). o ovl: fix unneeded call to ovl_change_flags() (bsc#1184176). o ovl: fix value of i_ino for lower hardlink corner case (bsc#1184176). o ovl: initialize error in ovl_copy_xattr (bsc#1184176). o ovl: relax WARN_ON() when decoding lower directory file handle (bsc# 1184176). o PCI: Add a REBAR size quirk for Sapphire RX 5600 XT Pulse (git-fixes). o PCI: Add function 1 DMA alias quirk for Marvell 9215 SATA controller (git-fixes). o PCI: Align checking of syscall user config accessors (git-fixes). o PCI: Decline to resize resources if boot config must be preserved (git-fixes). o PCI: Fix pci_register_io_range() memory leak (git-fixes). o PCI: mediatek: Add missing of_node_put() to fix reference leak (git-fixes). o PCI: qcom: Use PHY_REFCLK_USE_PAD only for ipq8064 (git-fixes). o PCI: xgene-msi: Fix race in installing chained irq handler (git-fixes). o pinctrl: rockchip: fix restore error in resume (git-fixes). o Platform: OLPC: Fix probe error handling (git-fixes). o platform/x86: acer-wmi: Add ACER_CAP_KBD_DOCK quirk for the Aspire Switch 10E SW3-016 (git-fixes). o platform/x86: acer-wmi: Add ACER_CAP_SET_FUNCTION_MODE capability flag (git-fixes). o platform/x86: acer-wmi: Add new force_caps module parameter (git-fixes). o platform/x86: acer-wmi: Add support for SW_TABLET_MODE on Switch devices (git-fixes). o platform/x86: acer-wmi: Cleanup accelerometer device handling (git-fixes). o platform/x86: acer-wmi: Cleanup ACER_CAP_FOO defines (git-fixes). o platform/x86: intel-hid: Support Lenovo ThinkPad X1 Tablet Gen 2 (git-fixes). o platform/x86: intel-vbtn: Stop reporting SW_DOCK events (git-fixes). o platform/x86: thinkpad_acpi: Allow the FnLock LED to change state (git-fixes). o PM: EM: postpone creating the debugfs dir till fs_initcall (git-fixes). o PM: runtime: Add pm_runtime_resume_and_get to deal with usage counter (bsc# 1183366). o PM: runtime: Fix ordering in pm_runtime_get_suppliers() (git-fixes). o PM: runtime: Fix race getting/putting suppliers at probe (git-fixes). o post.sh: Return an error when module update fails (bsc#1047233 bsc# 1184388). o powerpc/64s: Fix instruction encoding for lis in ppc_function_entry() (bsc# 1065729). o powerpc/book3s64/radix: Remove WARN_ON in destroy_context() (bsc#1183692 ltc#191963). o powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes). o powerpc/pseries/mobility: handle premature return from H_JOIN (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922). o powerpc/pseries/mobility: use struct for shared state (bsc#1181674 ltc# 189159 git-fixes bsc#1183662 ltc#191922). o powerpc/pseries/ras: Remove unused variable 'status' (bsc#1065729). o powerpc/sstep: Check instruction validity against ISA version before emulation (bsc#1156395). o powerpc/sstep: Fix darn emulation (bsc#1156395). o powerpc/sstep: Fix incorrect return from analyze_instr() (bsc#1156395). o powerpc/sstep: Fix load-store and update emulation (bsc#1156395). o printk: fix deadlock when kernel panic (bsc#1183018). o proc: fix lookup in /proc/net subdirectories after setns(2) (git-fixes). o pwm: rockchip: rockchip_pwm_probe(): Remove superfluous clk_unprepare() (git-fixes). o qlcnic: fix error return code in qlcnic_83xx_restart_hw() (git-fixes). o qxl: Fix uninitialised struct field head.surface_id (git-fixes). o random: fix the RNDRESEEDCRNG ioctl (git-fixes). o RAS/CEC: Correct ce_add_elem()'s returned values (bsc#1152489). o RDMA/hns: Disable RQ inline by default (jsc#SLE-8449). o RDMA/hns: Fix type of sq_signal_bits (jsc#SLE-8449). o RDMA/srp: Fix support for unpopulated and unbalanced NUMA nodes (bsc# 1169709) o regulator: bd9571mwv: Fix AVS and DVFS voltage range (git-fixes). o Revert "net: bonding: fix error return code of bond_neigh_init()" (bsc# 1154353). o rpadlpar: fix potential drc_name corruption in store functions (bsc#1183416 ltc#191079). o rpm/check-for-config-changes: add -mrecord-mcount ignore Added by 3b15cdc15956 (tracing: move function tracer options to Kconfig) upstream. o rpm/check-for-config-changes: Also ignore AS_VERSION added in 5.12. o rpm/check-for-config-changes: comment on the list To explain what it actually is. o rpm/check-for-config-changes: declare sed args as an array So that we can reuse it in both seds. This also introduces IGNORED_CONFIGS_RE array which can be easily extended. o rpm/check-for-config-changes: define ignores more strictly * search for whole words, so make wildcards explicit * use ' for quoting * prepend CONFIG_ dynamically, so it need not be in the list o rpm/check-for-config-changes: sort the ignores They are growing so to make them searchable by humans. o rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc# 1184514) The devel package requires the kernel binary package itself for building modules externally. o rsi: Fix TX EAPOL packet handling against iwlwifi AP (git-fixes). o rsi: Move card interrupt handling to RX thread (git-fixes). o rsxx: Return -EFAULT if copy_to_user() fails (git-fixes). o s390/cio: return -EFAULT if copy_to_user() fails (git-fixes). o s390/cio: return -EFAULT if copy_to_user() fails (git-fixes). o s390/crypto: return -EFAULT if copy_to_user() fails (git-fixes). o s390/dasd: fix hanging IO request during DASD driver unbind (git-fixes). o s390/qeth: fix memory leak after failed TX Buffer allocation (git-fixes). o s390/qeth: fix notification for pending buffers during teardown (git-fixes). o s390/qeth: improve completion of pending TX buffers (git-fixes). o s390/qeth: schedule TX NAPI on QAOB completion (git-fixes). o s390/vtime: fix increased steal time accounting (bsc#1183859). o samples, bpf: Add missing munmap in xdpsock (bsc#1155518). o scsi: ibmvfc: Fix invalid state machine BUG_ON() (bsc#1184647 ltc#191231). o scsi: lpfc: Change wording of invalid pci reset log message (bsc#1182574). o scsi: lpfc: Correct function header comments related to ndlp reference counting (bsc#1182574). o scsi: lpfc: Fix ADISC handling that never frees nodes (bsc#1182574). o scsi: lpfc: Fix crash caused by switch reboot (bsc#1182574). o scsi: lpfc: Fix dropped FLOGI during pt2pt discovery recovery (bsc# 1182574). o scsi: lpfc: Fix FLOGI failure due to accessing a freed node (bsc#1182574). o scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe (bsc#1182574). o scsi: lpfc: Fix lpfc_els_retry() possible null pointer dereference (bsc# 1182574). o scsi: lpfc: Fix nodeinfo debugfs output (bsc#1182574). o scsi: lpfc: Fix null pointer dereference in lpfc_prep_els_iocb() (bsc# 1182574). o scsi: lpfc: Fix PLOGI ACC to be transmit after REG_LOGIN (bsc#1182574). o scsi: lpfc: Fix pt2pt connection does not recover after LOGO (bsc#1182574). o scsi: lpfc: Fix pt2pt state transition causing rmmod hang (bsc#1182574). o scsi: lpfc: Fix reftag generation sizing errors (bsc#1182574). o scsi: lpfc: Fix stale node accesses on stale RRQ request (bsc#1182574). o scsi: lpfc: Fix status returned in lpfc_els_retry() error exit path (bsc# 1182574). o scsi: lpfc: Fix unnecessary null check in lpfc_release_scsi_buf (bsc# 1182574). o scsi: lpfc: Fix use after free in lpfc_els_free_iocb (bsc#1182574). o scsi: lpfc: Fix vport indices in lpfc_find_vport_by_vpid() (bsc#1182574). o scsi: lpfc: Reduce LOG_TRACE_EVENT logging for vports (bsc#1182574). o scsi: lpfc: Update copyrights for 12.8.0.7 and 12.8.0.8 changes (bsc# 1182574). o scsi: lpfc: Update lpfc version to 12.8.0.8 (bsc#1182574). o scsi: target: pscsi: Avoid OOM in pscsi_map_sg() (bsc#1183843). o scsi: target: pscsi: Clean up after failure in pscsi_map_sg() (bsc# 1183843). o selftests/bpf: Mask bpf_csum_diff() return value to 16 bits in test_verifier (bsc#1155518). o selftests/bpf: No need to drop the packet when there is no geneve opt (bsc# 1155518). o selftests/bpf: Set gopt opt_class to 0 if get tunnel opt failed (bsc# 1155518). o selinux: fix error initialization in inode_doinit_with_dentry() (git-fixes). o selinux: Fix error return code in sel_ib_pkey_sid_slow() (git-fixes). o selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling (git-fixes). o smb3: add dynamic trace point to trace when credits obtained (bsc#1181507). o smb3: fix crediting for compounding when only one request in flight (bsc# 1181507). o smb3: Fix out-of-bounds bug in SMB2_negotiate() (bsc#1183540). o soc/fsl: qbman: fix conflicting alignment attributes (git-fixes). o software node: Fix node registration (git-fixes). o spi: stm32: make spurious and overrun interrupts visible (git-fixes). o squashfs: fix inode lookup sanity checks (bsc#1183750). o squashfs: fix xattr id and id lookup sanity checks (bsc#1183750). o stop_machine: mark helpers __always_inline (git-fixes). o thermal/core: Add NULL pointer check before using cooling device stats (git-fixes). o udlfb: Fix memory leak in dlfb_usb_probe (git-fixes). o Update bug reference for USB-audio fixes (bsc#1182552 bsc#1183598) o USB: cdc-acm: downgrade message to debug (git-fixes). o USB: cdc-acm: fix double free on probe failure (git-fixes). o USB: cdc-acm: fix use-after-free after probe failure (git-fixes). o USB: cdc-acm: untangle a circular dependency between callback and softint (git-fixes). o USB: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960 board (git-fixes). o USB: dwc2: Prevent core suspend when port connection flag is 0 (git-fixes). o USB: dwc3: gadget: Fix dep->interval for fullspeed interrupt (git-fixes). o USB: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1 (git-fixes). o USB: dwc3: qcom: Add missing DWC3 OF node refcount decrement (git-fixes). o USB: dwc3: qcom: Honor wakeup enabled/disabled state (git-fixes). o USB: gadget: configfs: Fix KASAN use-after-free (git-fixes). o USB: gadget: f_uac1: stop playback on function disable (git-fixes). o USB: gadget: f_uac2: always increase endpoint max_packet_size by one audio slot (git-fixes). o USB: gadget: udc: amd5536udc_pci fix null-ptr-dereference (git-fixes). o USB: gadget: u_ether: Fix a configfs return code (git-fixes). o USBip: Fix incorrect double assignment to udc->ud.tcp_rx (git-fixes). o USBip: fix stub_dev to check for stream socket (git-fixes). o USBip: fix stub_dev usbip_sockfd_store() races leading to gpf (git-fixes). o USBip: fix vhci_hcd attach_store() races leading to gpf (git-fixes). o USBip: fix vhci_hcd to check for stream socket (git-fixes). o USBip: fix vudc to check for stream socket (git-fixes). o USBip: fix vudc usbip_sockfd_store races leading to gpf (git-fixes). o USBip: tools: fix build error for multiple definition (git-fixes). o USBip: vhci_hcd fix shift out-of-bounds in vhci_hub_control() (git-fixes). o USB: musb: Fix suspend with devices connected for a64 (git-fixes). o USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem (git-fixes). o USB: renesas_usbhs: Clear PIPECFG for re-enabling pipe with other EPNUM (git-fixes). o USB: replace hardcode maximum usb string length by definition (git-fixes). o USB: serial: ch341: add new Product ID (git-fixes). o USB: serial: cp210x: add ID for Acuity Brands nLight Air Adapter (git-fixes). o USB: serial: cp210x: add some more GE USB IDs (git-fixes). o USB: serial: ftdi_sio: fix FTX sub-integer prescaler (git-fixes). o USB: serial: io_edgeport: fix memory leak in edge_startup (git-fixes). o USB-storage: Add quirk to defeat Kindle's automatic unload (git-fixes). o USB: typec: tcpm: Invoke power_supply_changed for tcpm-source-psy- (git-fixes). o USB: usblp: fix a hang in poll() if disconnected (git-fixes). o USB: xhci: do not perform Soft Retry for some xHCI hosts (git-fixes). o USB: xhci: Fix ASMedia ASM1042A and ASM3242 DMA addressing (git-fixes). o USB: xhci-mtk: fix broken streams issue on 0.96 xHCI (git-fixes). o use __netdev_notify_peers in ibmvnic (bsc#1183871 ltc#192139). o video: fbdev: acornfb: remove free_unused_pages() (bsc#1152489) o video: hyperv_fb: Fix a double free in hvfb_probe (git-fixes). o VMCI: Use set_page_dirty_lock() when unregistering guest memory (git-fixes). o vt/consolemap: do font sum unsigned (git-fixes). o watchdog: mei_wdt: request stop on unregister (git-fixes). o wireguard: device: do not generate ICMP for non-IP packets (git-fixes). o wireguard: kconfig: use arm chacha even with no neon (git-fixes). o wireguard: selftests: test multiple parallel streams (git-fixes). o wlcore: Fix command execute failure 19 for wl12xx (git-fixes). o x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task (bsc#1152489). o x86: Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall() (bsc# 1152489). o x86/ioapic: Ignore IRQ2 again (bsc#1152489). o x86/mem_encrypt: Correct physical address calculation in __set_clr_pte_enc () (bsc#1152489). o xen/events: avoid handling the same event on two cpus at the same time (git-fixes). o xen/events: do not unmask an event channel when an eoi is pending (git-fixes). o xen/events: fix setting irq affinity (bsc#1184583). o xen/events: reset affinity of 2-level event when tearing it down (git-fixes). o xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1183022 XSA-367). o xen-netback: respect gnttab_map_refs()'s return value (bsc#1183022 XSA-367). o xfs: group quota should return EDQUOT when prj quota enabled (bsc#1180980). o xhci: Fix repeated xhci wake after suspend due to uncleared internal wake state (git-fixes). o xhci: Improve detection of device initiated wake signal (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o SUSE Linux Enterprise Module for Realtime 15-SP2: zypper in -t patch SUSE-SLE-Module-RT-15-SP2-2021-1211=1 Package List: o SUSE Linux Enterprise Module for Realtime 15-SP2 (x86_64): cluster-md-kmp-rt-5.3.18-33.1 cluster-md-kmp-rt-debuginfo-5.3.18-33.1 dlm-kmp-rt-5.3.18-33.1 dlm-kmp-rt-debuginfo-5.3.18-33.1 gfs2-kmp-rt-5.3.18-33.1 gfs2-kmp-rt-debuginfo-5.3.18-33.1 kernel-rt-5.3.18-33.1 kernel-rt-debuginfo-5.3.18-33.1 kernel-rt-debugsource-5.3.18-33.1 kernel-rt-devel-5.3.18-33.1 kernel-rt-devel-debuginfo-5.3.18-33.1 kernel-rt_debug-debuginfo-5.3.18-33.1 kernel-rt_debug-debugsource-5.3.18-33.1 kernel-rt_debug-devel-5.3.18-33.1 kernel-rt_debug-devel-debuginfo-5.3.18-33.1 kernel-syms-rt-5.3.18-33.1 ocfs2-kmp-rt-5.3.18-33.1 ocfs2-kmp-rt-debuginfo-5.3.18-33.1 o SUSE Linux Enterprise Module for Realtime 15-SP2 (noarch): kernel-devel-rt-5.3.18-33.1 kernel-source-rt-5.3.18-33.1 References: o https://www.suse.com/security/cve/CVE-2019-18814.html o https://www.suse.com/security/cve/CVE-2019-19769.html o https://www.suse.com/security/cve/CVE-2020-25670.html o https://www.suse.com/security/cve/CVE-2020-25671.html o https://www.suse.com/security/cve/CVE-2020-25672.html o https://www.suse.com/security/cve/CVE-2020-25673.html o https://www.suse.com/security/cve/CVE-2020-27170.html o https://www.suse.com/security/cve/CVE-2020-27171.html o https://www.suse.com/security/cve/CVE-2020-27815.html o https://www.suse.com/security/cve/CVE-2020-35519.html o https://www.suse.com/security/cve/CVE-2020-36310.html o https://www.suse.com/security/cve/CVE-2020-36311.html o https://www.suse.com/security/cve/CVE-2020-36312.html o https://www.suse.com/security/cve/CVE-2021-27363.html o https://www.suse.com/security/cve/CVE-2021-27364.html o https://www.suse.com/security/cve/CVE-2021-27365.html o https://www.suse.com/security/cve/CVE-2021-28038.html o https://www.suse.com/security/cve/CVE-2021-28375.html o https://www.suse.com/security/cve/CVE-2021-28660.html o https://www.suse.com/security/cve/CVE-2021-28688.html o https://www.suse.com/security/cve/CVE-2021-28950.html o https://www.suse.com/security/cve/CVE-2021-28964.html o https://www.suse.com/security/cve/CVE-2021-28971.html o https://www.suse.com/security/cve/CVE-2021-28972.html o https://www.suse.com/security/cve/CVE-2021-29154.html o https://www.suse.com/security/cve/CVE-2021-29264.html o https://www.suse.com/security/cve/CVE-2021-29265.html o https://www.suse.com/security/cve/CVE-2021-29647.html o https://www.suse.com/security/cve/CVE-2021-30002.html o https://www.suse.com/security/cve/CVE-2021-3428.html o https://www.suse.com/security/cve/CVE-2021-3444.html o https://www.suse.com/security/cve/CVE-2021-3483.html o https://bugzilla.suse.com/1047233 o https://bugzilla.suse.com/1065729 o https://bugzilla.suse.com/1113295 o https://bugzilla.suse.com/1152472 o https://bugzilla.suse.com/1152489 o https://bugzilla.suse.com/1153274 o https://bugzilla.suse.com/1154353 o https://bugzilla.suse.com/1155518 o https://bugzilla.suse.com/1156256 o https://bugzilla.suse.com/1156395 o https://bugzilla.suse.com/1159280 o https://bugzilla.suse.com/1160634 o https://bugzilla.suse.com/1167773 o https://bugzilla.suse.com/1168777 o https://bugzilla.suse.com/1169514 o https://bugzilla.suse.com/1169709 o https://bugzilla.suse.com/1171295 o https://bugzilla.suse.com/1173485 o https://bugzilla.suse.com/1177326 o https://bugzilla.suse.com/1178163 o https://bugzilla.suse.com/1178181 o https://bugzilla.suse.com/1178330 o https://bugzilla.suse.com/1179454 o https://bugzilla.suse.com/1180197 o https://bugzilla.suse.com/1180980 o https://bugzilla.suse.com/1181383 o https://bugzilla.suse.com/1181507 o https://bugzilla.suse.com/1181674 o https://bugzilla.suse.com/1181862 o https://bugzilla.suse.com/1182011 o https://bugzilla.suse.com/1182077 o https://bugzilla.suse.com/1182485 o https://bugzilla.suse.com/1182552 o https://bugzilla.suse.com/1182574 o https://bugzilla.suse.com/1182591 o https://bugzilla.suse.com/1182595 o https://bugzilla.suse.com/1182712 o https://bugzilla.suse.com/1182713 o https://bugzilla.suse.com/1182715 o https://bugzilla.suse.com/1182716 o https://bugzilla.suse.com/1182717 o https://bugzilla.suse.com/1182770 o https://bugzilla.suse.com/1182989 o https://bugzilla.suse.com/1183015 o https://bugzilla.suse.com/1183018 o https://bugzilla.suse.com/1183022 o https://bugzilla.suse.com/1183023 o https://bugzilla.suse.com/1183048 o https://bugzilla.suse.com/1183252 o https://bugzilla.suse.com/1183277 o https://bugzilla.suse.com/1183278 o https://bugzilla.suse.com/1183279 o https://bugzilla.suse.com/1183280 o https://bugzilla.suse.com/1183281 o https://bugzilla.suse.com/1183282 o https://bugzilla.suse.com/1183283 o https://bugzilla.suse.com/1183284 o https://bugzilla.suse.com/1183285 o https://bugzilla.suse.com/1183286 o https://bugzilla.suse.com/1183287 o https://bugzilla.suse.com/1183288 o https://bugzilla.suse.com/1183366 o https://bugzilla.suse.com/1183369 o https://bugzilla.suse.com/1183386 o https://bugzilla.suse.com/1183405 o https://bugzilla.suse.com/1183412 o https://bugzilla.suse.com/1183416 o https://bugzilla.suse.com/1183427 o https://bugzilla.suse.com/1183428 o https://bugzilla.suse.com/1183445 o https://bugzilla.suse.com/1183447 o https://bugzilla.suse.com/1183501 o https://bugzilla.suse.com/1183509 o https://bugzilla.suse.com/1183530 o https://bugzilla.suse.com/1183534 o https://bugzilla.suse.com/1183540 o https://bugzilla.suse.com/1183593 o https://bugzilla.suse.com/1183596 o https://bugzilla.suse.com/1183598 o https://bugzilla.suse.com/1183637 o https://bugzilla.suse.com/1183646 o https://bugzilla.suse.com/1183662 o https://bugzilla.suse.com/1183686 o https://bugzilla.suse.com/1183692 o https://bugzilla.suse.com/1183696 o https://bugzilla.suse.com/1183750 o https://bugzilla.suse.com/1183757 o https://bugzilla.suse.com/1183775 o https://bugzilla.suse.com/1183843 o https://bugzilla.suse.com/1183859 o https://bugzilla.suse.com/1183871 o https://bugzilla.suse.com/1184074 o https://bugzilla.suse.com/1184120 o https://bugzilla.suse.com/1184167 o https://bugzilla.suse.com/1184168 o https://bugzilla.suse.com/1184170 o https://bugzilla.suse.com/1184176 o https://bugzilla.suse.com/1184192 o https://bugzilla.suse.com/1184193 o https://bugzilla.suse.com/1184194 o https://bugzilla.suse.com/1184196 o https://bugzilla.suse.com/1184198 o https://bugzilla.suse.com/1184211 o https://bugzilla.suse.com/1184217 o https://bugzilla.suse.com/1184218 o https://bugzilla.suse.com/1184219 o https://bugzilla.suse.com/1184220 o https://bugzilla.suse.com/1184224 o https://bugzilla.suse.com/1184388 o https://bugzilla.suse.com/1184391 o https://bugzilla.suse.com/1184393 o https://bugzilla.suse.com/1184509 o https://bugzilla.suse.com/1184511 o https://bugzilla.suse.com/1184512 o https://bugzilla.suse.com/1184514 o https://bugzilla.suse.com/1184583 o https://bugzilla.suse.com/1184647 - -------------------------------------------------------------------------------- SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1210-1 Rating: important References: #1065600 #1065729 #1103990 #1103991 #1103992 #1104270 #1104353 #1109837 #1111981 #1112374 #1113295 #1113994 #1118657 #1118661 #1119113 #1126390 #1129770 #1132477 #1142635 #1152446 #1154048 #1169709 #1172455 #1173485 #1175165 #1176720 #1176855 #1178163 #1178181 #1179243 #1179428 #1179454 #1179660 #1179755 #1180846 #1181507 #1181515 #1181544 #1181655 #1181674 #1181747 #1181753 #1181843 #1182011 #1182175 #1182485 #1182574 #1182715 #1182716 #1182717 #1183018 #1183022 #1183023 #1183378 #1183379 #1183380 #1183381 #1183382 #1183405 #1183416 #1183509 #1183593 #1183646 #1183662 #1183686 #1183692 #1183696 #1183755 #1183775 #1183861 #1183871 #1184114 #1184120 #1184167 #1184168 #1184170 #1184192 #1184193 #1184196 #1184198 #1184391 #1184393 #1184397 #1184494 #1184511 #1184583 Cross-References: CVE-2020-0433 CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2020-27170 CVE-2020-27171 CVE-2020-27815 CVE-2020-29368 CVE-2020-29374 CVE-2020-35519 CVE-2020-36311 CVE-2021-20219 CVE-2021-26930 CVE-2021-26931 CVE-2021-26932 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 CVE-2021-28038 CVE-2021-28660 CVE-2021-28688 CVE-2021-28964 CVE-2021-28971 CVE-2021-28972 CVE-2021-29154 CVE-2021-29264 CVE-2021-29265 CVE-2021-29647 CVE-2021-30002 CVE-2021-3428 CVE-2021-3444 CVE-2021-3483 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise High Availability 12-SP5 ______________________________________________________________________________ An update that solves 33 vulnerabilities and has 53 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: o CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184170). o CVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent (bsc# 1173485). o CVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bsc#1184192 ). o CVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have allowed attackers to cause a denial of service due to race conditions during an update of the local and shared status (bsc#1184167). o CVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet driver which could have allowed attackers to cause a system crash due to a calculation of negative fragment size (bsc#1184168). o CVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly (bsc#1184198). o CVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could have caused a system crash because the PEBS status in a PEBS record was mishandled (bsc#1184196 ). o CVE-2021-28964: Fixed a race condition in get_old_root which could have allowed attackers to cause a denial of service (bsc#1184193). o CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646). o CVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc# 1183593 ). o CVE-2021-28038: Fixed an issue with the netback driver which was lacking necessary treatment of errors such as failed memory allocations (bsc# 1183022). o CVE-2021-27365: Fixed an issue where an unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bsc#1182715). o CVE-2021-27364: Fixed an issue where an attacker could craft Netlink messages (bsc#1182717). o CVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1182716). o CVE-2021-26932: Fixed improper error handling issues in Linux grant mapping (XSA-361 bsc#1181747). o CVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1181753). o CVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1181843). o CVE-2020-35519: Fixed an out-of-bounds memory access was found in x25_bind (bsc#1183696). o CVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write implementation which could have granted unintended write access (bsc# 1179660, bsc#1179428). o CVE-2020-27815: Fixed an issue in JFS filesystem where could have allowed an attacker to execute code (bsc#1179454). o CVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183775). o CVE-2020-27170: Fixed potential side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc# 1183686). o CVE-2020-0433: Fixed a use after free due to improper locking which could have led to local escalation of privilege (bsc#1176720). o CVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393). o CVE-2021-30002: Fixed a memory leak for large arguments in video_usercopy (bsc#1184120). o CVE-2021-29154: Fixed incorrect computation of branch displacements, allowing arbitrary code execution (bsc#1184391). o CVE-2021-20219: Fixed a denial of service in n_tty_receive_char_special (bsc#1184397). o CVE-2020-36311: Fixed a denial of service (soft lockup) by triggering destruction of a large SEV VM (bsc#1184511). o CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673: Fixed multiple bugs in NFC subsytem (bsc#1178181). The following non-security bugs were fixed: o ACPI: scan: Rearrange memory allocation in acpi_device_add() (git-fixes). o ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits (git-fixes). o ALSA: hda: Drop the BATCH workaround for AMD controllers (git-fixes). o ALSA: hda/realtek: modify EAPD in the ALC886 (git-fixes). o amba: Fix resource leak for drivers without .remove (git-fixes). o bfq: Fix kABI for update internal depth state when queue depth changes (bsc #1172455). o bfq: update internal depth state when queue depth changes (bsc#1172455). o block: rsxx: fix error return code of rsxx_pci_probe() (git-fixes). o Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data (git-fixes). o Bluetooth: hci_uart: Cancel init work before unregistering (git-fixes). o Bluetooth: hci_uart: Fix a race for write_work scheduling (git-fixes). o bpf: Add sanity check for upper ptr_limit (bsc#1183686 bsc#1183775). o bpf: Fix 32 bit src register truncation on div/mod (bsc#1184170). o bpf: fix subprog verifier bypass by div/mod by 0 exception (bsc#1184170). o bpf: fix x64 JIT code generation for jmp to 1st insn (bsc#1178163). o bpf_lru_list: Read double-checked variable once without lock (git-fixes). o bpf: Simplify alu_limit masking for pointer arithmetic (bsc#1183686 bsc# 1183775). o bpf,x64: Pad NOPs to make images converge more easily (bsc#1178163). o bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD (git-fixes). o can: c_can: move runtime PM enable/disable to c_can_platform (git-fixes). o can: c_can_pci: c_can_pci_remove(): fix use-after-free (git-fixes). o can: m_can: m_can_do_rx_poll(): fix extraneous msg loss warning (git-fixes). o can: peak_usb: add forgotten supported devices (git-fixes). o can: peak_usb: Revert "can: peak_usb: add forgotten supported devices" (git-fixes). o can: skb: can_skb_set_owner(): fix ref counting if socket was closed before setting skb ownership (git-fixes). o cifs: change noisy error message to FYI (bsc#1181507). o cifs: check all path components in resolved dfs target (bsc#1179755). o cifs_debug: use %pd instead of messing with ->d_name (bsc#1181507). o cifs: do not send close in compound create+close requests (bsc#1181507). o cifs: fix nodfs mount option (bsc#1179755). o cifs: introduce helper for finding referral server (bsc#1179755). o cifs: New optype for session operations (bsc#1181507). o cifs: print MIDs in decimal notation (bsc#1181507). o cifs: return proper error code in statfs(2) (bsc#1181507). o cifs: Tracepoints and logs for tracing credit changes (bsc#1181507). o cxgb4/chtls/cxgbit: Keeping the max ofld immediate data size same in cxgb4 and ulds (bsc#1104270). o dmaengine: hsu: disable spurious interrupt (git-fixes). o drm/amdgpu: Fix macro name _AMDGPU_TRACE_H_ in preprocessor if (bsc# 1129770) o drm/atomic: Create __drm_atomic_helper_crtc_reset() for subclassing (bsc# 1142635) o drm: bridge: dw-hdmi: Avoid resetting force in the detect function (bsc# 1129770) o drm/compat: Clear bounce structures (bsc#1129770) o drm/etnaviv: replace MMU flush marker with flush sequence (bsc#1154048) o drm/gma500: Fix error return code in psb_driver_load() (bsc#1129770) o drm/mediatek: Add missing put_device() call in mtk_drm_kms_init() (bsc# 1152446) o drm/mediatek: Fix aal size config (bsc#1129770) o drm: meson_drv add shutdown function (git-fixes). o drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL register (git-fixes). o drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY) (bsc#1129770) o drm/msm: fix shutdown hook in case GPU components failed to bind (git-fixes). o drm: mxsfb: check framebuffer pitch (bsc#1129770) o drm/omap: fix max fclk divider for omap36xx (bsc#1152446) o drm: panel: Fix bpc for OrtusTech COM43H4M85ULC panel (bsc#1129770) o drm: panel: Fix bus format for OrtusTech COM43H4M85ULC panel (bsc#1129770) o drm/radeon: fix AGP dependency (git-fixes). o drm: rcar-du: Put reference to VSP device (bsc#1129770) o drm/vc4: crtc: Rework a bit the CRTC state code (bsc#1129770) o drm/vc4: hdmi: Avoid sleeping in atomic context (bsc#1129770) o ethernet: alx: fix order of calls on resume (git-fixes). o fbdev: aty: SPARC64 requires FB_ATY_CT (bsc#1129770) o firmware/efi: Fix a use after bug in efi_mem_reserve_persistent (git-fixes). o fix setting irq affinity (bsc#1184583) o futex: Prevent robust futex exit race (git-fixes). o gma500: clean up error handling in init (bsc#1129770) o gpiolib: acpi: Add missing IRQF_ONESHOT (git-fixes). o HID: make arrays usage and value to be the same (git-fixes). o i2c: brcmstb: Fix brcmstd_send_i2c_cmd condition (git-fixes). o i40e: Add zero-initialization of AQ command structures (bsc#1109837 bsc# 1111981). o i40e: Fix add TC filter for IPv6 (bsc#1109837 bsc#1111981 ). o i40e: Fix endianness conversions (bsc#1109837 bsc#1111981 ). o IB/mlx5: Return appropriate error code instead of ENOMEM (bsc#1103991). o ibmvnic: add comments for spinlock_t definitions (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139). o ibmvnic: add memory barrier to protect long term buffer (bsc#1184114 ltc# 192237 bsc#1182485 ltc#191591). o ibmvnic: always store valid MAC address (bsc#1182011 ltc#191844). o ibmvnic: avoid multiple line dereference (bsc#1184114 ltc#192237 bsc# 1183871 ltc#192139). o ibmvnic: compare adapter->init_done_rc with more readable ibmvnic_rc_codes (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). o ibmvnic: Correctly re-enable interrupts in NAPI polling routine (bsc# 1184114 ltc#192237 bsc#1179243 ltc#189290). o ibmvnic: create send_control_ip_offload (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). o ibmvnic: create send_query_ip_offload (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). o ibmvnic: Do not replenish RX buffers after every polling loop (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). o ibmvnic: Ensure that CRQ entry read are correctly ordered (bsc#1184114 ltc# 192237 bsc#1182485 ltc#191591). o ibmvnic: Ensure that device queue memory is cache-line aligned (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). o ibmvnic: Ensure that SCRQ entry reads are correctly ordered (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). o ibmvnic: fix block comments (bsc#1184114 ltc#192237 bsc#1183871 ltc# 192139). o ibmvnic: fix braces (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139). o ibmvnic: fix miscellaneous checks (bsc#1184114 ltc#192237 bsc#1183871 ltc# 192139). o ibmvnic: fix NULL pointer dereference in ibmvic_reset_crq (bsc#1184114 ltc# 192237 bsc#1179243 ltc#189290). o ibmvnic: Fix possibly uninitialized old_num_tx_queues variable warning (bsc #1184114 ltc#192237). o ibmvnic: Fix TX completion error handling (bsc#1184114 ltc#192237 bsc# 1179243 ltc#189290). o ibmvnic: Fix use-after-free of VNIC login response buffer (bsc#1184114 ltc# 192237 bsc#1179243 ltc#189290). o ibmvnic: handle inconsistent login with reset (bsc#1184114 ltc#192237 bsc# 1179243 ltc#189290). o ibmvnic: Harden device Command Response Queue handshake (bsc#1184114 ltc# 192237 bsc#1179243 ltc#189290). o ibmvnic: improve ibmvnic_init and ibmvnic_reset_init (bsc#1184114 ltc# 192237 bsc#1179243 ltc#189290). o ibmvnic: merge do_change_param_reset into do_reset (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139). o ibmvnic: merge ibmvnic_reset_init and ibmvnic_init (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). o ibmvnic: no reset timeout for 5 seconds after reset (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). o ibmvnic: prefer strscpy over strlcpy (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139). o ibmvnic: prefer 'unsigned long' over 'unsigned long int' (bsc#1184114 ltc# 192237 bsc#1183871 ltc#192139). o ibmvnic: reduce wait for completion time (bsc#1184114 ltc#192237 bsc# 1179243 ltc#189290). o ibmvnic: remove excessive irqsave (bsc#1065729). o ibmvnic: remove never executed if statement (bsc#1184114 ltc#192237 bsc# 1179243 ltc#189290). o ibmvnic: remove unnecessary rmb() inside ibmvnic_poll (bsc#1184114 ltc# 192237 bsc#1183871 ltc#192139). o ibmvnic: remove unused spinlock_t stats_lock definition (bsc#1184114 ltc# 192237 bsc#1183871 ltc#192139). o ibmvnic: rename ibmvnic_send_req_caps to send_request_cap (bsc#1184114 ltc# 192237 bsc#1179243 ltc#189290). o ibmvnic: rename send_cap_queries to send_query_cap (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). o ibmvnic: rename send_map_query to send_query_map (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). o ibmvnic: rework to ensure SCRQ entry reads are properly ordered (bsc# 1184114 ltc#192237 bsc#1183871 ltc#192139). o ibmvnic: send_login should check for crq errors (bsc#1184114 ltc#192237 bsc #1179243 ltc#189290). o ibmvnic: simplify reset_long_term_buff function (bsc#1184114 ltc#192237 bsc #1183023 ltc#191791). o ibmvnic: skip send_request_unmap for timeout reset (bsc#1184114 ltc#192237 bsc#1182485 ltc#191591). o ibmvnic: skip tx timeout reset while in resetting (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). o ibmvnic: stop free_all_rwi on failed reset (bsc#1184114 ltc#192237 bsc# 1179243 ltc#189290). o ibmvnic: store RX and TX subCRQ handle array in ibmvnic_adapter struct (bsc #1184114 ltc#192237 bsc#1179243 ltc#189290). o ibmvnic: substitute mb() with dma_wmb() for send_*crq* functions (bsc# 1184114 ltc#192237 bsc#1183023 ltc#191791). o ibmvnic: track pending login (bsc#1184114 ltc#192237 bsc#1179243 ltc# 189290). o ibmvnic: Use netdev_alloc_skb instead of alloc_skb to replenish RX buffers (bsc#1184114 ltc#192237 bsc#1179243 ltc#189290). o ibmvnic: Use 'skb_frag_address()' instead of hand coding it (bsc#1184114 ltc#192237). o ice: Account for port VLAN in VF max packet size calculation (bsc#1118661). o igc: check return value of ret_val in igc_config_fc_after_link_up (bsc# 1118657). o igc: Report speed and duplex as unknown when device is runtime suspended (jsc#SLE-4799). o igc: set the default return value to -IGC_ERR_NVM in igc_write_nvm_srwr (bsc#1118657). o iio:adc:qcom-spmi-vadc: add default scale to LR_MUX2_BAT_ID channel (git-fixes). o iio: gyro: mpu3050: Fix error handling in mpu3050_trigger_handler (git-fixes). o iio: hid-sensor-humidity: Fix alignment issue of timestamp channel (git-fixes). o iio: hid-sensor-prox: Fix scale not correct issue (git-fixes). o iio: hid-sensor-temperature: Fix issues of timestamp channel (git-fixes). o Input: i8042 - add ASUS Zenbook Flip to noselftest list (git-fixes). o Input: i8042 - unbreak Pegatron C15B (git-fixes). o Input: raydium_ts_i2c - do not send zero length (git-fixes). o Input: xpad - add support for PowerA Enhanced Wired Controller for Xbox Series X|S (git-fixes). o Input: xpad - sync supported devices with fork on GitHub (git-fixes). o iommu/amd: Fix sleeping in atomic in increase_address_space() (bsc# 1183378). o iommu/intel: Fix memleak in intel_irq_remapping_alloc (bsc#1183379). o iommu/vt-d: Avoid panic if iommu init fails in tboot system (bsc#1183380). o iommu/vt-d: Do not use flush-queue when caching-mode is on (bsc#1183381). o ixgbe: fail to create xfrm offload of IPsec tunnel mode SA (bsc#1113994). o kABI: Fix kABI after modifying struct __call_single_data (bsc#1180846). o kabi/severities: Add rtas_online_cpus_mask, rtas_offline_cpus_mask o kernel/smp: add boot parameter for controlling CSD lock debugging (bsc# 1180846). o kernel/smp: add more data to CSD lock debugging (bsc#1180846). o kernel/smp: prepare more CSD lock debugging (bsc#1180846). o kernel/smp: Provide CSD lock timeout diagnostics (bsc#1180846). o KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if tsx=off (bsc# 1183382). o lib/crc32test: remove extra local_irq_disable/enable (git-fixes). o locking/mutex: Fix non debug version of mutex_lock_io_nested() (git-fixes). o mac80211: fix double free in ibss_leave (git-fixes). o mac80211: fix rate mask reset (git-fixes). o media: usbtv: Fix deadlock on suspend (git-fixes). o media: uvcvideo: Allow entities with no pads (git-fixes). o misc: eeprom_93xx46: Add quirk to support Microchip 93LC46B eeprom (git-fixes). o mmc: core: Fix partition switch time for eMMC (git-fixes). o mmc: core: Use DEFINE_DEBUGFS_ATTRIBUTE instead of DEFINE_SIMPLE_ATTRIBUTE. o mmc: cqhci: Fix random crash when remove mmc module/card (git-fixes). o mmc: sdhci-esdhc-imx: fix kernel panic when remove module (git-fixes). o mmc: sdhci-of-arasan: Add missed checks for devm_clk_register() (git-fixes). o mwifiex: pcie: skip cancel_work_sync() on reset failure path (git-fixes). o net: bridge: use switchdev for port flags set through sysfs too (bsc# 1112374). o net: cdc-phonet: fix data-interface release on probe failure (git-fixes). o net: core: introduce __netdev_notify_peers (bsc#1184114 ltc#192237 bsc# 1183871 ltc#192139). o net: ethernet: ibm: ibmvnic: Fix some kernel-doc misdemeanours (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139). o net: hns3: add a check for index in hclge_get_rss_key() (bsc#1126390). o net: hns3: add a check for queue_id in hclge_reset_vf_queue() (bsc# 1104353). o net: hns3: fix bug when calculating the TCAM table info (bsc#1104353). o net: hns3: fix query vlan mask value error for flow director (bsc#1104353). o net/mlx5e: Update max_opened_tc also when channels are closed (bsc# 1103990). o net: phy: micrel: set soft_reset callback to genphy_soft_reset for KSZ8081 (bsc#1119113). o net: re-solve some conflicts after net -> net-next merge (bsc#1184114 ltc# 192237 bsc#1176855 ltc#187293). o net: sched: disable TCQ_F_NOLOCK for pfifo_fast (bsc#1183405) o net: usb: ax88179_178a: fix missing stop entry in driver_info (git-fixes). o net: usb: qmi_wwan: allow qmimux add/del with master up (git-fixes). o PCI: Add function 1 DMA alias quirk for Marvell 9215 SATA controller (git-fixes). o PCI: Align checking of syscall user config accessors (git-fixes). o phy: rockchip-emmc: emmc_phy_init() always return 0 (git-fixes). o platform/x86: i2c-multi-instantiate: Do not create platform device for INT3515 ACPI nodes (git-fixes). o powerpc/64s: Fix instruction encoding for lis in ppc_function_entry() (bsc# 1065729). o powerpc/book3s64/radix: Remove WARN_ON in destroy_context() (bsc#1183692 ltc#191963). o powerpc: Convert to using %pOFn instead of device_node.name (bsc#1181674 ltc#189159). o powerpc: Fix some spelling mistakes (bsc#1181674 ltc#189159). o powerpc/hvcall: add token and codes for H_VASI_SIGNAL (bsc#1181674 ltc# 189159). o powerpc: kABI: add back suspend_disable_cpu in machdep_calls (bsc#1181674 ltc#189159). o powerpc/machdep: remove suspend_disable_cpu() (bsc#1181674 ltc#189159). o powerpc/mm/pkeys: Make pkey access check work on execute_only_key (bsc# 1181544 ltc#191080 git-fixes). o powerpc/numa: Fix build when CONFIG_NUMA=n (bsc#1132477 ltc#175530). o powerpc/numa: make vphn_enabled, prrn_enabled flags const (bsc#1181674 ltc# 189159). o powerpc/numa: remove ability to enable topology updates (bsc#1181674 ltc# 189159). o powerpc/numa: remove arch_update_cpu_topology (bsc#1181674 ltc#189159). o powerpc/numa: Remove late request for home node associativity (bsc#1181674 ltc#189159). o powerpc/numa: remove prrn_is_enabled() (bsc#1181674 ltc#189159). o powerpc/numa: remove start/stop_topology_update() (bsc#1181674 ltc#189159). o powerpc/numa: remove timed_topology_update() (bsc#1181674 ltc#189159). o powerpc/numa: remove unreachable topology timer code (bsc#1181674 ltc# 189159). o powerpc/numa: remove unreachable topology update code (bsc#1181674 ltc# 189159). o powerpc/numa: remove unreachable topology workqueue code (bsc#1181674 ltc# 189159). o powerpc/numa: remove vphn_enabled and prrn_enabled internal flags (bsc# 1181674 ltc#189159). o powerpc/numa: stub out numa_update_cpu_topology() (bsc#1181674 ltc#189159). o powerpc/numa: Suppress "VPHN is not supported" messages (bsc#1181674 ltc# 189159). o powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes). o powerpc/pseries: Add empty update_numa_cpu_lookup_table() for NUMA=n (bsc# 1181674 ltc#189159). o powerpc/pseries: Do not enforce MSI affinity with kdump (bsc#1181655 ltc# 190855). o powerpc/pseries: Generalize hcall_vphn() (bsc#1181674 ltc#189159). o powerpc/pseries/hibernation: drop pseries_suspend_begin() from suspend ops (bsc#1181674 ltc#189159). o powerpc/pseries/hibernation: pass stream id via function arguments (bsc# 1181674 ltc#189159). o powerpc/pseries/hibernation: perform post-suspend fixups later (bsc#1181674 ltc#189159). o powerpc/pseries/hibernation: remove prepare_late() callback (bsc#1181674 ltc#189159). o powerpc/pseries/hibernation: remove pseries_suspend_cpu() (bsc#1181674 ltc# 189159). o powerpc/pseries/hibernation: switch to rtas_ibm_suspend_me() (bsc#1181674 ltc#189159). o powerpc/pseries/mobility: add missing break to default case (bsc#1181674 ltc#189159). o powerpc/pseries/mobility: Add pr_debug() for device tree changes (bsc# 1181674 ltc#189159). o powerpc/pseries/mobility: do not error on absence of ibm, update-nodes (bsc #1181674 ltc#189159). o powerpc/pseries/mobility: error message improvements (bsc#1181674 ltc# 189159). o powerpc/pseries/mobility: extract VASI session polling logic (bsc#1181674 ltc#189159). o powerpc/pseries/mobility: handle premature return from H_JOIN (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922). o powerpc/pseries/mobility: refactor node lookup during DT update (bsc# 1181674 ltc#189159). o powerpc/pseries/mobility: retry partition suspend after error (bsc#1181674 ltc#189159). o powerpc/pseries/mobility: Set pr_fmt() (bsc#1181674 ltc#189159). o powerpc/pseries/mobility: signal suspend cancellation to platform (bsc# 1181674 ltc#189159). o powerpc/pseries/mobility: use rtas_activate_firmware() on resume (bsc# 1181674 ltc#189159). o powerpc/pseries/mobility: use stop_machine for join/suspend (bsc#1181674 ltc#189159). o powerpc/pseries/mobility: use struct for shared state (bsc#1181674 ltc# 189159 git-fixes bsc#1183662 ltc#191922). o powerpc/pseries/ras: Remove unused variable 'status' (bsc#1065729). o powerpc/pseries: remove dlpar_cpu_readd() (bsc#1181674 ltc#189159). o powerpc/pseries: remove memory "re-add" implementation (bsc#1181674 ltc# 189159). o powerpc/pseries: remove obsolete memory hotplug DT notifier code (bsc# 1181674 ltc#189159). o powerpc/pseries: remove prrn special case from DT update path (bsc#1181674 ltc#189159). o powerpc/rtas: add rtas_activate_firmware() (bsc#1181674 ltc#189159). o powerpc/rtas: add rtas_ibm_suspend_me() (bsc#1181674 ltc#189159). o powerpc/rtas: complete ibm,suspend-me status codes (bsc#1181674 ltc# 189159). o powerpc/rtas: dispatch partition migration requests to pseries (bsc#1181674 ltc#189159). o powerpc/rtasd: simplify handle_rtas_event(), emit message on events (bsc# 1181674 ltc#189159). o powerpc/rtas: prevent suspend-related sys_rtas use on LE (bsc#1181674 ltc# 189159). o powerpc/rtas: remove rtas_ibm_suspend_me_unsafe() (bsc#1181674 ltc#189159). o powerpc/rtas: remove rtas_suspend_cpu() (bsc#1181674 ltc#189159). o powerpc/rtas: remove unused rtas_suspend_last_cpu() (bsc#1181674 ltc# 189159). o powerpc/rtas: remove unused rtas_suspend_me_data (bsc#1181674 ltc#189159). o powerpc/rtas: rtas_ibm_suspend_me -> rtas_ibm_suspend_me_unsafe (bsc# 1181674 ltc#189159). o powerpc/rtas: Unexport rtas_online_cpus_mask, rtas_offline_cpus_mask (bsc# 1181674 ltc#189159). o powerpc/vio: Use device_type to detect family (bsc#1181674 ltc#189159). o printk: fix deadlock when kernel panic (bsc#1183018). o pseries/drmem: do not cache node id in drmem_lmb struct (bsc#1132477 ltc# 175530). o pseries/hotplug-memory: hot-add: skip redundant LMB lookup (bsc#1132477 ltc #175530). o pwm: rockchip: rockchip_pwm_probe(): Remove superfluous clk_unprepare() (git-fixes). o qxl: Fix uninitialised struct field head.surface_id (git-fixes). o random: fix the RNDRESEEDCRNG ioctl (git-fixes). o rcu: Allow only one expedited GP to run concurrently with (git-fixes) o rcu: Fix missed wakeup of exp_wq waiters (git-fixes) o RDMA/mlx5: Use the correct obj_id upon DEVX TIR creation (bsc#1103991). o RDMA/rxe: Remove useless code in rxe_recv.c (bsc#1103992 ). o RDMA/srp: Fix support for unpopulated and unbalanced NUMA nodes (bsc# 1169709) o RDMA/uverbs: Fix kernel-doc warning of _uverbs_alloc (bsc#1103992). o Revert "ibmvnic: remove never executed if statement" (bsc#1184114 ltc# 192237 bsc#1179243 ltc#189290). o rpadlpar: fix potential drc_name corruption in store functions (bsc#1183416 ltc#191079). o rsxx: Return -EFAULT if copy_to_user() fails (git-fixes). o s390/cio: return -EFAULT if copy_to_user() fails (git-fixes). o s390/cio: return -EFAULT if copy_to_user() fails (git-fixes). o s390/crypto: return -EFAULT if copy_to_user() fails (git-fixes). o s390/dasd: fix hanging offline processing due to canceled worker (bsc# 1175165). o s390/dasd: fix hanging offline processing due to canceled worker (bsc# 1175165). o s390/pci: Fix s390_mmio_read/write with MIO (LTC#192079 bsc#1183755). o s390/vtime: fix increased steal time accounting (bsc#1183861). o sched/fair: Fix wrong cpu selecting from isolated domain (git-fixes) o sched/vtime: Fix guest/system mis-accounting on task switch (git-fixes) o scsi: lpfc: Change wording of invalid pci reset log message (bsc#1182574). o scsi: lpfc: Correct function header comments related to ndlp reference counting (bsc#1182574). o scsi: lpfc: Fix ADISC handling that never frees nodes (bsc#1182574). o scsi: lpfc: Fix ancient double free (bsc#1182574). o scsi: lpfc: Fix crash caused by switch reboot (bsc#1182574). o scsi: lpfc: Fix dropped FLOGI during pt2pt discovery recovery (bsc# 1182574). o scsi: lpfc: Fix EEH encountering oops with NVMe traffic (bsc#1182574). o scsi: lpfc: Fix FLOGI failure due to accessing a freed node (bsc#1182574). o scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe (bsc#1182574). o scsi: lpfc: Fix kerneldoc inconsistency in lpfc_sli4_dump_page_a0() (bsc# 1182574). o scsi: lpfc: Fix lpfc_els_retry() possible null pointer dereference (bsc# 1182574). o scsi: lpfc: Fix nodeinfo debugfs output (bsc#1182574). o scsi: lpfc: Fix null pointer dereference in lpfc_prep_els_iocb() (bsc# 1182574). o scsi: lpfc: Fix 'physical' typos (bsc#1182574). o scsi: lpfc: Fix PLOGI ACC to be transmit after REG_LOGIN (bsc#1182574). o scsi: lpfc: Fix pt2pt connection does not recover after LOGO (bsc#1182574). o scsi: lpfc: Fix pt2pt state transition causing rmmod hang (bsc#1182574). o scsi: lpfc: Fix reftag generation sizing errors (bsc#1182574). o scsi: lpfc: Fix stale node accesses on stale RRQ request (bsc#1182574). o scsi: lpfc: Fix status returned in lpfc_els_retry() error exit path (bsc# 1182574). o scsi: lpfc: Fix unnecessary null check in lpfc_release_scsi_buf (bsc# 1182574). o scsi: lpfc: Fix use after free in lpfc_els_free_iocb (bsc#1182574). o scsi: lpfc: Fix vport indices in lpfc_find_vport_by_vpid() (bsc#1182574). o scsi: lpfc: Reduce LOG_TRACE_EVENT logging for vports (bsc#1182574). o scsi: lpfc: Update copyrights for 12.8.0.7 and 12.8.0.8 changes (bsc# 1182574). o scsi: lpfc: Update lpfc version to 12.8.0.8 (bsc#1182574). o selinux: never allow relabeling on context mounts (git-fixes). o smb3: add dynamic trace point to trace when credits obtained (bsc#1181507). o smb3: fix crediting for compounding when only one request in flight (bsc# 1181507). o smp: Add source and destination CPUs to __call_single_data (bsc#1180846). o Update config files: activate CONFIG_CSD_LOCK_WAIT_DEBUG for x86 (bsc# 1180846). o Update config files: disable CONFIG_CSD_LOCK_WAIT_DEBUG (bsc#1180846). o usb: gadget: f_uac2: always increase endpoint max_packet_size by one audio slot (git-fixes). o usbip: fix stub_dev to check for stream socket (git-fixes). o usbip: fix stub_dev usbip_sockfd_store() races leading to gpf (git-fixes). o usbip: Fix unsafe unaligned pointer usage (git-fixes). o usbip: fix vhci_hcd attach_store() races leading to gpf (git-fixes). o usbip: fix vhci_hcd to check for stream socket (git-fixes). o usbip: tools: fix build error for multiple definition (git-fixes). o usb: quirks: add quirk to start video capture on ELMO L-12F document camera reliable (git-fixes). o usb: replace hardcode maximum usb string length by definition (git-fixes). o usb: serial: io_edgeport: fix memory leak in edge_startup (git-fixes). o usb: serial: option: add Quectel EM160R-GL (git-fixes). o usb-storage: Add quirk to defeat Kindle's automatic unload (git-fixes). o use __netdev_notify_peers in ibmvnic (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139). o video: fbdev: acornfb: remove free_unused_pages() (bsc#1129770) o video: fbdev: atmel_lcdfb: fix return error code in (bsc#1129770) Backporting notes: * context changes * fallout from trailing whitespaces o vsprintf: Do not have bprintf dereference pointers (bsc#1184494). o vsprintf: Do not preprocess non-dereferenced pointers for bprintf (%px and %pK) (bsc#1184494). o vsprintf: Fix off-by-one bug in bstr_printf() processing dereferenced pointers (bsc#1184494). o wlcore: Fix command execute failure 19 for wl12xx (git-fixes). o x86/ioapic: Ignore IRQ2 again (12sp5). o x86/mem_encrypt: Correct physical address calculation in __set_clr_pte_enc () (12sp5). o xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1183022 XSA-367). o xen/netback: avoid race in xenvif_rx_ring_slots_available() (bsc#1065600). o xen/netback: fix spurious event detection for common event case (bsc# 1182175). o xen-netback: respect gnttab_map_refs()'s return value (bsc#1183022 XSA-367). o xfs: Fix assert failure in xfs_setattr_size() (git-fixes). o xsk: Remove dangling function declaration from header file (bsc#1109837). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2021-1210=1 o SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1210=1 o SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1210=1 o SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2021-1210=1 o SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2021-1210=1 Package List: o SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): kernel-default-debuginfo-4.12.14-122.66.2 kernel-default-debugsource-4.12.14-122.66.2 kernel-default-extra-4.12.14-122.66.2 kernel-default-extra-debuginfo-4.12.14-122.66.2 o SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-122.66.2 kernel-obs-build-debugsource-4.12.14-122.66.2 o SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): kernel-docs-4.12.14-122.66.2 o SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-122.66.2 kernel-default-base-4.12.14-122.66.2 kernel-default-base-debuginfo-4.12.14-122.66.2 kernel-default-debuginfo-4.12.14-122.66.2 kernel-default-debugsource-4.12.14-122.66.2 kernel-default-devel-4.12.14-122.66.2 kernel-syms-4.12.14-122.66.2 o SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-devel-4.12.14-122.66.2 kernel-macros-4.12.14-122.66.2 kernel-source-4.12.14-122.66.2 o SUSE Linux Enterprise Server 12-SP5 (x86_64): kernel-default-devel-debuginfo-4.12.14-122.66.2 o SUSE Linux Enterprise Server 12-SP5 (s390x): kernel-default-man-4.12.14-122.66.2 o SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-122.66.2 kernel-default-debugsource-4.12.14-122.66.2 kernel-default-kgraft-4.12.14-122.66.2 kernel-default-kgraft-devel-4.12.14-122.66.2 kgraft-patch-4_12_14-122_66-default-1-8.3.2 o SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-122.66.2 cluster-md-kmp-default-debuginfo-4.12.14-122.66.2 dlm-kmp-default-4.12.14-122.66.2 dlm-kmp-default-debuginfo-4.12.14-122.66.2 gfs2-kmp-default-4.12.14-122.66.2 gfs2-kmp-default-debuginfo-4.12.14-122.66.2 kernel-default-debuginfo-4.12.14-122.66.2 kernel-default-debugsource-4.12.14-122.66.2 ocfs2-kmp-default-4.12.14-122.66.2 ocfs2-kmp-default-debuginfo-4.12.14-122.66.2 References: o https://www.suse.com/security/cve/CVE-2020-0433.html o https://www.suse.com/security/cve/CVE-2020-25670.html o https://www.suse.com/security/cve/CVE-2020-25671.html o https://www.suse.com/security/cve/CVE-2020-25672.html o https://www.suse.com/security/cve/CVE-2020-25673.html o https://www.suse.com/security/cve/CVE-2020-27170.html o https://www.suse.com/security/cve/CVE-2020-27171.html o https://www.suse.com/security/cve/CVE-2020-27815.html o https://www.suse.com/security/cve/CVE-2020-29368.html o https://www.suse.com/security/cve/CVE-2020-29374.html o https://www.suse.com/security/cve/CVE-2020-35519.html o https://www.suse.com/security/cve/CVE-2020-36311.html o https://www.suse.com/security/cve/CVE-2021-20219.html o https://www.suse.com/security/cve/CVE-2021-26930.html o https://www.suse.com/security/cve/CVE-2021-26931.html o https://www.suse.com/security/cve/CVE-2021-26932.html o https://www.suse.com/security/cve/CVE-2021-27363.html o https://www.suse.com/security/cve/CVE-2021-27364.html o https://www.suse.com/security/cve/CVE-2021-27365.html o https://www.suse.com/security/cve/CVE-2021-28038.html o https://www.suse.com/security/cve/CVE-2021-28660.html o https://www.suse.com/security/cve/CVE-2021-28688.html o https://www.suse.com/security/cve/CVE-2021-28964.html o https://www.suse.com/security/cve/CVE-2021-28971.html o https://www.suse.com/security/cve/CVE-2021-28972.html o https://www.suse.com/security/cve/CVE-2021-29154.html o https://www.suse.com/security/cve/CVE-2021-29264.html o https://www.suse.com/security/cve/CVE-2021-29265.html o https://www.suse.com/security/cve/CVE-2021-29647.html o https://www.suse.com/security/cve/CVE-2021-30002.html o https://www.suse.com/security/cve/CVE-2021-3428.html o https://www.suse.com/security/cve/CVE-2021-3444.html o https://www.suse.com/security/cve/CVE-2021-3483.html o https://bugzilla.suse.com/1065600 o https://bugzilla.suse.com/1065729 o https://bugzilla.suse.com/1103990 o https://bugzilla.suse.com/1103991 o https://bugzilla.suse.com/1103992 o https://bugzilla.suse.com/1104270 o https://bugzilla.suse.com/1104353 o https://bugzilla.suse.com/1109837 o https://bugzilla.suse.com/1111981 o https://bugzilla.suse.com/1112374 o https://bugzilla.suse.com/1113295 o https://bugzilla.suse.com/1113994 o https://bugzilla.suse.com/1118657 o https://bugzilla.suse.com/1118661 o https://bugzilla.suse.com/1119113 o https://bugzilla.suse.com/1126390 o https://bugzilla.suse.com/1129770 o https://bugzilla.suse.com/1132477 o https://bugzilla.suse.com/1142635 o https://bugzilla.suse.com/1152446 o https://bugzilla.suse.com/1154048 o https://bugzilla.suse.com/1169709 o https://bugzilla.suse.com/1172455 o https://bugzilla.suse.com/1173485 o https://bugzilla.suse.com/1175165 o https://bugzilla.suse.com/1176720 o https://bugzilla.suse.com/1176855 o https://bugzilla.suse.com/1178163 o https://bugzilla.suse.com/1178181 o https://bugzilla.suse.com/1179243 o https://bugzilla.suse.com/1179428 o https://bugzilla.suse.com/1179454 o https://bugzilla.suse.com/1179660 o https://bugzilla.suse.com/1179755 o https://bugzilla.suse.com/1180846 o https://bugzilla.suse.com/1181507 o https://bugzilla.suse.com/1181515 o https://bugzilla.suse.com/1181544 o https://bugzilla.suse.com/1181655 o https://bugzilla.suse.com/1181674 o https://bugzilla.suse.com/1181747 o https://bugzilla.suse.com/1181753 o https://bugzilla.suse.com/1181843 o https://bugzilla.suse.com/1182011 o https://bugzilla.suse.com/1182175 o https://bugzilla.suse.com/1182485 o https://bugzilla.suse.com/1182574 o https://bugzilla.suse.com/1182715 o https://bugzilla.suse.com/1182716 o https://bugzilla.suse.com/1182717 o https://bugzilla.suse.com/1183018 o https://bugzilla.suse.com/1183022 o https://bugzilla.suse.com/1183023 o https://bugzilla.suse.com/1183378 o https://bugzilla.suse.com/1183379 o https://bugzilla.suse.com/1183380 o https://bugzilla.suse.com/1183381 o https://bugzilla.suse.com/1183382 o https://bugzilla.suse.com/1183405 o https://bugzilla.suse.com/1183416 o https://bugzilla.suse.com/1183509 o https://bugzilla.suse.com/1183593 o https://bugzilla.suse.com/1183646 o https://bugzilla.suse.com/1183662 o https://bugzilla.suse.com/1183686 o https://bugzilla.suse.com/1183692 o https://bugzilla.suse.com/1183696 o https://bugzilla.suse.com/1183755 o https://bugzilla.suse.com/1183775 o https://bugzilla.suse.com/1183861 o https://bugzilla.suse.com/1183871 o https://bugzilla.suse.com/1184114 o https://bugzilla.suse.com/1184120 o https://bugzilla.suse.com/1184167 o https://bugzilla.suse.com/1184168 o https://bugzilla.suse.com/1184170 o https://bugzilla.suse.com/1184192 o https://bugzilla.suse.com/1184193 o https://bugzilla.suse.com/1184196 o https://bugzilla.suse.com/1184198 o https://bugzilla.suse.com/1184391 o https://bugzilla.suse.com/1184393 o https://bugzilla.suse.com/1184397 o https://bugzilla.suse.com/1184494 o https://bugzilla.suse.com/1184511 o https://bugzilla.suse.com/1184583 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYHkCYuNLKJtyKPYoAQjAmxAAlo1s8TKrSK+05UOY4k1c/IxEfBAIMXv0 qa+iy4HmCKOcMw5cNFldtWHyjl/iVenae6trPBUmxMc1Ew0D2spIHEt025Ouv8i1 SKjaNukZRzua0g8/OTYazVuvAL1VWtf/xF8DVWXzQGPaZHQGaFBQtgUzP2Uu8stP HAOveWygM/K6qb1ezpZOYUCK8M6QQO7ajKamwGNeTMM5Tjqov1DLeg98IW67ieEl fVYiwJ0NvUnBFDkmm4ks+e70Xy368ri3U8aUKcKGPwgXOjbvRW0LlcpkyiIHPKJX MrKXnaYxFX/JKEzVE+BRXjBKhkhSAWaLX+RksJ8zgTEerg7UUohpi2CXTVaQDn2x zNONVzbvIjZvYUrCATLcb6JTiJKd3+vtH8fFPu0QT0fIr1gpMg4sClTMjh5ev5SU 7cKtpy0d2F1fYFKUEhyUKlVCqdlEy50hgOxtYSueatzzs15eSi25/wSvePFYPsgt 03lyidBjUFQpmooRsFHI8ZZQTINHNwWYU8XQWwFmaqEStNGy4YB3uuH128mQwFX6 eCRqnoUCOyoYWWaXk4/59ENf7U7gaRzrMRczXa/EB8SrW4PztrqLMaRRNbWMDx6t va/hePzk8DUrun61P/b2/g0MCa3z/ems7/vwtpayH9pfwwztYh0t73FUh+UeIyYg TcEgUISYiI8= =Lr2+ -----END PGP SIGNATURE-----
2021. április 16.

ESB-2021.1298 - [SUSE] grafana and system-user-grafana: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1298 Security update for grafana and system-user-grafana 16 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: grafana system-user-grafana Publisher: SUSE Operating System: SUSE Impact/Access: Denial of Service -- Remote/Unauthenticated Cross-site Scripting -- Remote with User Interaction Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2020-24303 CVE-2020-13379 CVE-2020-12245 CVE-2020-12052 CVE-2019-19499 CVE-2019-15043 CVE-2018-18623 CVE-2018-12099 Reference: ESB-2020.4542 ESB-2020.3903 ESB-2020.3700 ESB-2020.1727.2 Original Bulletin: https://www.suse.com/support/update/announcement/2021/suse-su-20211233-1 - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for grafana and system-user-grafana ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1233-1 Rating: moderate References: #1148383 #1170557 #1170657 #1172409 #1172450 #1175951 #1178243 Cross-References: CVE-2018-18623 CVE-2019-15043 CVE-2019-19499 CVE-2020-12052 CVE-2020-12245 CVE-2020-13379 CVE-2020-24303 Affected Products: SUSE Manager Tools 15 SUSE Enterprise Storage 6 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for grafana and system-user-grafana fixes the following issues: o Updated grafana to upstream version 7.3.1 * CVE-2019-15043: In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana * CVE-2020-12245: Grafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip (bsc#1170557) * CVE-2020-13379: The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on. Furthermore, passing invalid URL objects could be used for DOS'ing Grafana via SegFault (bsc#1172409) * CVE-2019-15043: In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana (bsc#1148383) * CVE-2020-12052: Grafana version below 6.7.3 is vulnerable for annotation popup XSS (bsc# 1170657) * CVE-2020-24303: Grafana before 7.1.0-beta 1 allows XSS via a query alias for the ElasticSearch datasource. (bsc#1178243) * CVE-2018-18623: Grafana 5.3.1 has XSS via the "Dashboard > Text Panel" screen (bsc#1172450) * CVE-2019-19499: Grafana versions below or equal to 6.4.3 has an Arbitrary File Read vulnerability, which could be exploited by an authenticated attacker that has privileges to modify the data source configurations (bsc#1175951) * Please refer to this package's changelog to get a full list of all changes (including bug fixes etc.) o Initial shipment of system-user-grafana to SES 6 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o SUSE Manager Tools 15: zypper in -t patch SUSE-SLE-Manager-Tools-15-2021-1233=1 o SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-1233=1 Package List: o SUSE Manager Tools 15 (noarch): system-user-grafana-1.0.0-3.9.1 o SUSE Enterprise Storage 6 (aarch64 x86_64): grafana-7.3.1-3.6.1 o SUSE Enterprise Storage 6 (noarch): system-user-grafana-1.0.0-3.9.1 References: o https://www.suse.com/security/cve/CVE-2018-18623.html o https://www.suse.com/security/cve/CVE-2019-15043.html o https://www.suse.com/security/cve/CVE-2019-19499.html o https://www.suse.com/security/cve/CVE-2020-12052.html o https://www.suse.com/security/cve/CVE-2020-12245.html o https://www.suse.com/security/cve/CVE-2020-13379.html o https://www.suse.com/security/cve/CVE-2020-24303.html o https://bugzilla.suse.com/1148383 o https://bugzilla.suse.com/1170557 o https://bugzilla.suse.com/1170657 o https://bugzilla.suse.com/1172409 o https://bugzilla.suse.com/1172450 o https://bugzilla.suse.com/1175951 o https://bugzilla.suse.com/1178243 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYHjh7ONLKJtyKPYoAQiXWw//XCpuFOAN/IFEDKaALlVuz3azIdk8NsnW 1sV/mZC1Fus+JGKCQLkb1zcytm+RGvd0MDz/yRTKqWLRnkeQZiIwfVUJlO50nNOX bpBBAskujUEm6gB6Ea8Zw8IZS5VJeeHuXNK2gimnXrTO2nUu5aQPuz5U9rifYjUL DtDBw5AUxyLzBaxobAyGvGp7njo++kzYV8aXmoERmGQFksC3MCngI3fj2KVNbqMU 7UJLj1KoRE03f4yD8lkdY7rpH4uI4n1A406sbeW2+O8bhm14/fkPSmEHZrxTyXuA nWDU/edK0f1txH40a6ONx9P5wUnzXiWW7vZWzZlOtOYHNp57vH69sLwDgfC57oOk /iP6qe7lJycuybdTXROi3kxsyECYXZAUAV1ZpS56GtlDPKQgWscScP2y29hgIgtV K0Qqb43V5Jy/Z37bQpajg9jU4ED8SOKcjSQ2eQXkvLmbXHWzK8Fz6J6caJWidEJg 1n4aVLLxTQXYbsevfcAFfwAbFQ7k18+jfb9vNuct1ZIPRyja6gjQcVfmHqFiuUzH XBMoJY3s5ZZKTkDNC76o69UW41mbuptLBIhbL3sljPZB8HbYWtOKVxalYzfgPAPx 7vanIfOIJ92IhfkJwrenNRLTAQPXuFADnK7Rc61N0/0PlYNo1DGVBvNnfQR3SG8P ViNEUGylUSk= =6jAp -----END PGP SIGNATURE-----
2021. április 16.

ESB-2021.1297 - [Appliance] Schneider Electric C-Bus Toolkit: Execute arbitrary code/commands - Existing account

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1297 Advisory (icsa-21-105-01) Schneider Electric C-Bus Toolkit 16 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Schneider Electric C-Bus Toolkit Publisher: ICS-CERT Operating System: Network Appliance Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2021-22720 CVE-2021-22719 CVE-2021-22718 CVE-2021-22717 CVE-2021-22716 Original Bulletin: https://us-cert.cisa.gov/ics/advisories/icsa-21-105-01 - --------------------------BEGIN INCLUDED TEXT-------------------- ICS Advisory (ICSA-21-105-01) Schneider Electric C-Bus Toolkit Original release date: April 15, 2021 Legal Notice All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/ . 1. EXECUTIVE SUMMARY o CVSS v3 8.8 o ATTENTION: Exploitable remotely/low attack complexity o Vendor: Schneider Electric o Equipment: C-Bus Toolkit o Vulnerabilities: Improper Privilege Management, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of C-Bus Toolkit are affected: o C-Bus Toolkit v1.15.7 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER PRIVILEGE MANAGEMENT CWE-269 The affected product is vulnerable to Improper Privilege Management, which could allow remote code execution when an unprivileged user modifies a file. CVE-2021-22716 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been assigned; the CVSS vector string is ( AV:L/AC:L/PR:L/UI:N/S:U/C:H/ I:H/A:H ). 3.2.2 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22 The affected product is vulnerable to Path Traversal, which could allow remote code execution when processing config files. CVE-2021-22717 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been assigned; the CVSS vector string is ( AV:N/AC:L/PR:L/UI:N/S:U/C:H/ I:H/A:H ). 3.2.3 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22 The affected product is vulnerable to Path Traversal, which could allow remote code execution when restoring project files. CVE-2021-22718 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been assigned; the CVSS vector string is ( AV:L/AC:L/PR:N/UI:R/S:U/C:H/ I:H/A:H ). 3.2.4 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22 The affected product is vulnerable to Path Traversal, which could allow remote code execution when a file is uploaded. CVE-2021-22719 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been assigned; the CVSS vector string is ( AV:N/AC:L/PR:L/UI:N/S:U/C:H/ I:H/A:H ). 3.2.5 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22 The affected product is vulnerable to Path Traversal, which could allow remote code execution when restoring a project. CVE-2021-22720 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been assigned; the CVSS vector string is ( AV:N/AC:L/PR:L/UI:N/S:U/C:H/ I:N/A:N ). 3.3 BACKGROUND o CRITICAL INFRASTRUCTURE SECTORS: Commercial Facilities o COUNTRIES/AREAS DEPLOYED: Worldwide o COMPANY HEADQUARTERS LOCATION: France 3.4 RESEARCHER rgod, working with Trend Micro Zero Day Initiative, and Simon Zuckerbraun of Trend Micro's Zero Day Initiative reported these vulnerabilities to CISA. 4. MITIGATIONS Schneider Electric recommends users update to the latest version available . A reboot will be needed after the update. If users choose not to apply the remediation provided above, they should immediately apply the following mitigations to reduce the risk of exploit: o Use an allow list for this application. o Turn on the workstation's firewall. o Use an antivirus program. o Secure the workstation from unauthorized personnel. Please see Schneider Electric's publication SEVD-2021-103-01 for more information. CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should: o Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet . o Locate control system networks and remote devices behind firewalls, and isolate them from the business network. o When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on us-cert.cisa.gov . Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies . Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies . Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents. No known public exploits specifically target these vulnerabilities. For any questions related to this report, please contact the CISA at: Email: CISAservicedesk@cisa.dhs.gov Toll Free: 1-888-282-0870 CISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYHjh2+NLKJtyKPYoAQiOsg//agU/bwDgT2vrZulZMoeuoTZWj4Uha1Bv bB1DYRdz5QQsjh2pttE1KhCFmXnzJWdt0ilYTBVCC5MGOeKQfVz7VFLRdCj/Lmax 5eXqFqI0Qga1eiDGE6C92oHXvbKCGJXgklhTboFribB3HzHaLDt0zcPOsr9ASaL6 nWts5NRknoAEhxB3p+Xi7rQp41kTPchvaszUH3GWyMPdQmdpLsWhAJiqb1L4wxW5 zEfE++T/M6xZLS4QBRjIuWQczdAF0WjOi6VZM1n2SWQ9Zay68POquPiJSfnWscJk St4K1oTMuyFnGPbFpQtmrX2p/A3dpXLh8SXBZkQYeA54KZEZjw6BfzRO0zbiBJE7 kba/SzbfY+DDJ9TVdkzQ48wHN/D+l0OJ6TCPbf87Ckt6xqAxCM+UHAWC3b8OAkGg axizqctNwa2QRDe4qB9kr+8Gc+WhA6D0XkKa6BNgoQDlQSHjMmJdRRqn9dzKpi7S sHbchND+imPxkbwFK53VzVfeNXhbXx0l6y6yzGcbB8lm51aKATSh4JrUCwJrr7rK WLNsV1HwfmYqMBM98nbBKO0/AyIt+LOZ2aYvduNgLwRtDd3djDl6wqZGcaGIfGPV L+elf6U7mUuD/UCYaEEoyKYBhPNw6xf35atHAGr0MX7jvtrwRk6xOEU4zYgCUoWi GZJ3PzJHnzc= =Ccw5 -----END PGP SIGNATURE-----
2021. április 16.

ESB-2021.1296 - [Appliance] EIPStackGroup OpENer EtherNet/IP: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1296 Advisory (icsa-21-105-02) EIPStackGroup OpENer Ethernet/IP 16 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: EIPStackGroup OpENer EtherNet/IP Publisher: ICS-CERT Operating System: Network Appliance Impact/Access: Denial of Service -- Remote/Unauthenticated Read-only Data Access -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2021-27500 CVE-2021-27498 CVE-2021-27482 CVE-2021-27478 Original Bulletin: https://us-cert.cisa.gov/ics/advisories/icsa-21-105-02 - --------------------------BEGIN INCLUDED TEXT-------------------- ICS Advisory (ICSA-21-105-02) EIPStackGroup OpENer Ethernet/IP Original release date: April 15, 2021 Legal Notice All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/ . 1. EXECUTIVE SUMMARY o CVSS v3 8.2 o ATTENTION : Exploitable remotely/low attack complexity o Vendor : EIPStackGroup o Equipment : OpENer EtherNet/IP o Vulnerabilities : Incorrect Conversion Between Numeric Types, Out-of-bounds Read, Reachable Assertion 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause a denial-of-service condition and data exposure. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of OpENer EtherNet/IP, are affected: o https://github.com/EIPStackGroup/OpENer/ commits and versions prior to Feb 10, 2021 3.2 VULNERABILITY OVERVIEW 3.2.1 INCORRECT CONVERSION BETWEEN NUMERIC TYPES CWE-681 A specifically crafted packet sent by an attacker to the affected devices may cause a denial-of-service condition. CVE-2021-27478 has been assigned to this vulnerability. A CVSS v3 base score of 8.2 has been calculated; the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/ C:N/I:L/A:H ). 3.2.2 OUT-OF-BOUNDS READ CWE-125 A specifically crafted packet sent by an attacker may allow the attacker to read arbitrary data. CVE-2021-27482 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/ C:H/I:N/A:N ). 3.2.3 REACHABLE ASSERTION CWE-617 A specifically crafted packet sent by an attacker may result in a denial-of-service condition. CVE-2021-27500 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/ C:N/I:N/A:H ). 3.2.4 REACHABLE ASSERTION CWE-617 A specifically crafted packet sent by an attacker may result in a denial-of-service condition. CVE-2021-27498 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/ C:N/I:N/A:H ). 3.3 BACKGROUND o CRITICAL INFRASTRUCTURE SECTORS: Multiple o COUNTRIES/AREAS DEPLOYED: Worldwide o COMPANY HEADQUARTERS LOCATION: Austria 3.4 RESEARCHER Tal Keren and Sharon Brizinov of Claroty reported these vulnerabilities to CISA. 4. MITIGATIONS The maintainer of OpENer recommends those affected to apply the latest commits available. CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should: o Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet . o Locate control system networks and remote devices behind firewalls, and isolate them from the business network. o When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on us-cert.cisa.gov . Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies . Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies . Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents. No known public exploits specifically target these vulnerabilities. For any questions related to this report, please contact the CISA at: Email: CISAservicedesk@cisa.dhs.gov Toll Free: 1-888-282-0870 CISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYHjhyONLKJtyKPYoAQjUzBAAm6/QX9o/hFSU+kivEgywGrIfv3TQ9Ruu /RJzf3WHlgzOtO8P/Gt12WqrqrUNTR5x7HQDrbT+0OipdwmvrUG2FGTUvvI9WIjj NeTIa7PEMB6FVWefhnAZ4E+FTTbieg7/mu8Daynrcp1KF9BAOqJpL57apL8Q5HmG xOamyj5TeJt2CMIHBN5esf6bcvXa23oBj+OuJijbgxF+ACyGqnu5OKNSpypbw+bx fIu49unDHpZozV62XNrS+nahniBCVCmxxHDgsz1RfUE9ADoN/mHZ1Vell51c6VVt 9i2F5THthnePfVdrah106HWbYC0ZutlzTM5nIUzTSHRo/Q0osQgkL5RwMeIRg4Yd BCrfCmk1EC9o9W2KNRBkF3pfoqIWo7Te3Bv75sp2IdE7HVB6yPVqikBG1i3ixkFs sMVRCVDvdc2E4Xdmdh/6C7Er27Koo47nYXUnuZFaD/wezD0MKodnC4NNVYcUhCbp 9FsUhjatRAiz8Sq+8QSIGyBxRrYcrAMzjfjqYBxDWdoXu8DdDUxHpGcVZ5tpeNPA 9eJ9npXl6gy9qD6MyJcLzixYUL/Qbi/TlFF7u/pkGyXD0xagPJK24IOCP7FqBcvV q+5SFX6ggag8IMihPQmrm9jGq41iWT77mM3aZNwTML+Bp2OHFgIrxeAivBExcOb6 5a53yjU8+QM= =RiJ2 -----END PGP SIGNATURE-----
2021. április 16.

ESB-2021.1295 - [Debian] xorg-server: Increased privileges - Existing account

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1295 xorg-server security update 16 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: xorg-server Publisher: Debian Operating System: Debian GNU/Linux Impact/Access: Increased Privileges -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2021-3472 Reference: ESB-2021.1283 ESB-2021.1227 Original Bulletin: http://www.debian.org/lts/security/2021/dla-2627 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2627-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Chris Lamb April 15, 2021 https://wiki.debian.org/LTS - - ------------------------------------------------------------------------- Package : xorg-server Version : 2:1.19.2-1+deb9u8 CVE ID : CVE-2021-3472 Jan-Niklas Sohn discovered that there was an input validation failure in the X.Org display server. Insufficient checks on the lengths of the XInput extension's ChangeFeedbackControl request could have lead to out of bounds memory accesses in the X server. These issues can lead to privilege escalation for authorised clients, particularly on systems where the X server is running as a privileged user. For Debian 9 "Stretch", this problem has been fixed in version 2:1.19.2-1+deb9u8. We recommend that you upgrade your xorg-server packages. For the detailed security status of xorg-server please refer to its security tracker page at: https://security-tracker.debian.org/tracker/xorg-server Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmB4E6AACgkQHpU+J9Qx Hlj6qw//ZBpTkP0Af19OglE2NR3AujsTErxp4lI8sc5LwOlXtnfcVFEpl4kpLBpR suMrlmkryaedBBl0Zeq8qnoimuMPdhiTing+77I1YW7hNfhwZJdDjLsoVFG5qXe6 D9/fD683vgL4IiKdHxLNfqcaaL8QYm2KmyKLbHsTvQ+12b7pq9TwenbIHGloGV7K nsTZrXkx37loi5cdYHQLw09qKYXcTaQx+GZ7XH0UgiJi4XJCjY7gr6/4+qnqVYW/ OnpmGYh9SycH1cFHkPfmWDGrBd3omKStkx7keBXXBQVgyyUpIDp9A3J62lM3vX9U czexLKJTCx77CviBFcJYigi41ST/XT/HCVy2pkvxv7d6KXA+fCKPL7jogBy43Zfy 3d2SL9mH7MxAfP5TVOsmShPrLqY9FGm0MteXjSKX7inoAxJmJx9F2w7JtzfNNDpG 2a0mJABw4ZRRiEL5OlEonAwqExyR+LO6cFA+xWKmZwsy4lMEeOBo3RAzX+U21iLB wDATwPL0Q97XM3b3iOJShCXr2nWYrNhd2mWFFEewXVEZWvSVqyI9uVtr9FW6/0YJ LD9jXp1BBbt7/bMZv+KSLVMavKLOu4Vm6bwClKX5NYS1ZRXWVX71XkuId5ntpoco raxAtjWgda1KidFGStU2ABoFoil4tyWhg7CuB+KCoyfVhIiM4Wg= =eyBB - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYHjhteNLKJtyKPYoAQj97g/+M+ZGKGMnX4gqeORmKa5FWvtwnmwCXT5t OtRl14H/vzDwk+Oyk1zCBlI8aPiduIdaw+IPk88u1C7Glr+4u/aeOdke/nFYYK4+ CZg2EYfPrVDzOtWW6uKDJ5EJTlwYSmDHIgF00UK3nsfqrfHHXjSmjHGaNbqtehou g0v859VLn0dGq5iRJTk/n+lmYRvsp95zif2aAmkNX8tXcLX/Mwj3dA8Ls9nnsDKd mupy3mnxleCsEFNBPAjYMIPJU9VE5ugVTYTEW7ut2ENcsJ0J3UpshqT9lBN0I4um 4MRxtNaHjMJ2lofA/2VBASSGZl1mtgrWQbicYV//g5jy8qUGJvCcVYC86fyC9nQ8 IaM8lsvR1YRTpSlwAGwg5gnX22pwgLHoc3Xt8s2A877ZD9YRn5Zbej/ADJVNmIrx CgPwMEs3cog6GDJN6Jlf8/U46wtd1HIlT7DNl/v4JfmI2pGm5UiX7aRm5rMh+49M Rh0deT+3EiN8LFAwDn/1y5L8RSXXi4x2B0lHKqw04cx135HhUbIL2usrEEeryOgl jduJewnXN/7OLSWsrR8cA0O7NfkIxQv0d42hEQ7wYrjqRBgb3X6cbdJ6Cbi34mPW AE9cZlefxjqPqJRfxiVJr9uL/xZo8w/lKe63igNAtZElbloiZZbtoefJ08QZewa0 RlTeI9lJ7+s= =OeKL -----END PGP SIGNATURE-----
2021. április 16.

ESB-2021.1294 - [RedHat] libldb: Denial of service - Existing account

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1294 libldb security update 16 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: libldb Publisher: Red Hat Operating System: Red Hat Impact/Access: Denial of Service -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2021-20277 Reference: ESB-2021.1282 ESB-2021.1137 Original Bulletin: https://access.redhat.com/errata/RHSA-2021:1213 https://access.redhat.com/errata/RHSA-2021:1214 Comment: This bulletin contains two (2) Red Hat security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: libldb security update Advisory ID: RHSA-2021:1213-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1213 Issue date: 2021-04-15 CVE Names: CVE-2021-20277 ===================================================================== 1. Summary: An update for libldb is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64 3. Description: The libldb packages provide an extensible library that implements an LDAP-like API to access remote LDAP servers, or use local TDB databases. Security Fix(es): * samba: Out of bounds read in AD DC LDAP server (CVE-2021-20277) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1941402 - CVE-2021-20277 samba: Out of bounds read in AD DC LDAP server 6. Package List: Red Hat Enterprise Linux BaseOS EUS (v. 8.2): Source: libldb-2.0.7-4.el8_2.src.rpm aarch64: ldb-tools-2.0.7-4.el8_2.aarch64.rpm ldb-tools-debuginfo-2.0.7-4.el8_2.aarch64.rpm libldb-2.0.7-4.el8_2.aarch64.rpm libldb-debuginfo-2.0.7-4.el8_2.aarch64.rpm libldb-debugsource-2.0.7-4.el8_2.aarch64.rpm libldb-devel-2.0.7-4.el8_2.aarch64.rpm python3-ldb-2.0.7-4.el8_2.aarch64.rpm python3-ldb-debuginfo-2.0.7-4.el8_2.aarch64.rpm ppc64le: ldb-tools-2.0.7-4.el8_2.ppc64le.rpm ldb-tools-debuginfo-2.0.7-4.el8_2.ppc64le.rpm libldb-2.0.7-4.el8_2.ppc64le.rpm libldb-debuginfo-2.0.7-4.el8_2.ppc64le.rpm libldb-debugsource-2.0.7-4.el8_2.ppc64le.rpm libldb-devel-2.0.7-4.el8_2.ppc64le.rpm python3-ldb-2.0.7-4.el8_2.ppc64le.rpm python3-ldb-debuginfo-2.0.7-4.el8_2.ppc64le.rpm s390x: ldb-tools-2.0.7-4.el8_2.s390x.rpm ldb-tools-debuginfo-2.0.7-4.el8_2.s390x.rpm libldb-2.0.7-4.el8_2.s390x.rpm libldb-debuginfo-2.0.7-4.el8_2.s390x.rpm libldb-debugsource-2.0.7-4.el8_2.s390x.rpm libldb-devel-2.0.7-4.el8_2.s390x.rpm python3-ldb-2.0.7-4.el8_2.s390x.rpm python3-ldb-debuginfo-2.0.7-4.el8_2.s390x.rpm x86_64: ldb-tools-2.0.7-4.el8_2.x86_64.rpm ldb-tools-debuginfo-2.0.7-4.el8_2.i686.rpm ldb-tools-debuginfo-2.0.7-4.el8_2.x86_64.rpm libldb-2.0.7-4.el8_2.i686.rpm libldb-2.0.7-4.el8_2.x86_64.rpm libldb-debuginfo-2.0.7-4.el8_2.i686.rpm libldb-debuginfo-2.0.7-4.el8_2.x86_64.rpm libldb-debugsource-2.0.7-4.el8_2.i686.rpm libldb-debugsource-2.0.7-4.el8_2.x86_64.rpm libldb-devel-2.0.7-4.el8_2.i686.rpm libldb-devel-2.0.7-4.el8_2.x86_64.rpm python3-ldb-2.0.7-4.el8_2.i686.rpm python3-ldb-2.0.7-4.el8_2.x86_64.rpm python3-ldb-debuginfo-2.0.7-4.el8_2.i686.rpm python3-ldb-debuginfo-2.0.7-4.el8_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-20277 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYHgsstzjgjWX9erEAQh1qRAAokzog4m8FTlh3ZZXTR3FAbL19TvjBn2p cJa/OfZQYVY4yx4xMlWvzXH/IMqX7cufCbCu6r28SFHHgO5yJWUy3AeKysMrOYUB bxwyeW9VVBeSG1XVmzv78aN53LpI792ynab5qWrzMJMjMPPUDqYkPLgs4EXuf/Dq UqvqNFrcDpxuDrnkyShg/W97YcYdT/nc5A/INX+AnsmMt1CBZME4N4RIFwaVF/Qd sbsfeCcrY/WqYrzhNG0/ERdeIYcQIXED0OsXiag9OGEXhnbEoqZ8ygqWJyB74wci OkzXuwQvnmrMm7oIggq3oY1oREt0Eiv4X/flkYhdytaC74c4R7THJvDnrH3dDnPk trC8A52yPLK+MHLJfEguaO04Omhmz4ZxR5JotAxcc2SClFFp8AnGxux6YHRAaSc9 p/vs5p1LOKpEU9ACGPlI+Q9SA2vlsATTuFTgPno17i2JTOcmU4ok3B1e/opZ5niR BoCDJD04R7yLC7Cvkv56coB3f0le5EUQcanRXKHuXO5KgauIDb3jel1onu1vwiik p6sV8qmRDTibpGGTRtTpg0EzXMcDTcsunzgYFobtuma8TMPABYXWfIHoUZDud9KT 9fLh5iQPigglUwblEFM9fJgAyItzQ6KHPFXpa5ZrCNTfUVT4mh13s63bRWKKOeaG d7q0/dCpMWU= =TQJ4 - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: libldb security update Advisory ID: RHSA-2021:1214-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1214 Issue date: 2021-04-15 CVE Names: CVE-2021-20277 ===================================================================== 1. Summary: An update for libldb is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS EUS (v. 8.1) - aarch64, ppc64le, s390x, x86_64 3. Description: The libldb packages provide an extensible library that implements an LDAP-like API to access remote LDAP servers, or use local TDB databases. Security Fix(es): * samba: Out of bounds read in AD DC LDAP server (CVE-2021-20277) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1941402 - CVE-2021-20277 samba: Out of bounds read in AD DC LDAP server 6. Package List: Red Hat Enterprise Linux BaseOS EUS (v. 8.1): Source: libldb-1.5.4-3.el8_1.src.rpm aarch64: ldb-tools-1.5.4-3.el8_1.aarch64.rpm ldb-tools-debuginfo-1.5.4-3.el8_1.aarch64.rpm libldb-1.5.4-3.el8_1.aarch64.rpm libldb-debuginfo-1.5.4-3.el8_1.aarch64.rpm libldb-debugsource-1.5.4-3.el8_1.aarch64.rpm libldb-devel-1.5.4-3.el8_1.aarch64.rpm python3-ldb-1.5.4-3.el8_1.aarch64.rpm python3-ldb-debuginfo-1.5.4-3.el8_1.aarch64.rpm ppc64le: ldb-tools-1.5.4-3.el8_1.ppc64le.rpm ldb-tools-debuginfo-1.5.4-3.el8_1.ppc64le.rpm libldb-1.5.4-3.el8_1.ppc64le.rpm libldb-debuginfo-1.5.4-3.el8_1.ppc64le.rpm libldb-debugsource-1.5.4-3.el8_1.ppc64le.rpm libldb-devel-1.5.4-3.el8_1.ppc64le.rpm python3-ldb-1.5.4-3.el8_1.ppc64le.rpm python3-ldb-debuginfo-1.5.4-3.el8_1.ppc64le.rpm s390x: ldb-tools-1.5.4-3.el8_1.s390x.rpm ldb-tools-debuginfo-1.5.4-3.el8_1.s390x.rpm libldb-1.5.4-3.el8_1.s390x.rpm libldb-debuginfo-1.5.4-3.el8_1.s390x.rpm libldb-debugsource-1.5.4-3.el8_1.s390x.rpm libldb-devel-1.5.4-3.el8_1.s390x.rpm python3-ldb-1.5.4-3.el8_1.s390x.rpm python3-ldb-debuginfo-1.5.4-3.el8_1.s390x.rpm x86_64: ldb-tools-1.5.4-3.el8_1.x86_64.rpm ldb-tools-debuginfo-1.5.4-3.el8_1.i686.rpm ldb-tools-debuginfo-1.5.4-3.el8_1.x86_64.rpm libldb-1.5.4-3.el8_1.i686.rpm libldb-1.5.4-3.el8_1.x86_64.rpm libldb-debuginfo-1.5.4-3.el8_1.i686.rpm libldb-debuginfo-1.5.4-3.el8_1.x86_64.rpm libldb-debugsource-1.5.4-3.el8_1.i686.rpm libldb-debugsource-1.5.4-3.el8_1.x86_64.rpm libldb-devel-1.5.4-3.el8_1.i686.rpm libldb-devel-1.5.4-3.el8_1.x86_64.rpm python3-ldb-1.5.4-3.el8_1.i686.rpm python3-ldb-1.5.4-3.el8_1.x86_64.rpm python3-ldb-debuginfo-1.5.4-3.el8_1.i686.rpm python3-ldb-debuginfo-1.5.4-3.el8_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-20277 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYHgd7tzjgjWX9erEAQiBsQ/9E47myd3bomQ/JbZQ98wQfQ68LDU4gI+A ZB2kIhv5BK3Wh5JNwCYKYGa8rYDovl5Umo3UICmjDtQhukEyUZ9UKFjdskrYNxS8 47l1LGhVW7Rkl6fDpsFCI/G5NLcZ0OrpTheRBcGFYkYNIbYXPXoFz1GDR6XaTEna AhglvdWEQdtUox68BbpPib23e5IRPUGcM6G00QbA4RmAswK4BKqasbOdgFAmNrVT 3Ox87/OunlMN+k89vTpHvZ7Su57+LJ5zXiVQcljUCJNcQpv8hcTxLsVTdzICCguN C0chbqm/eVAMZyRxZVuXPSbYUI9Qag4m066FhV303E7urq/m6oTgyH+ECUOaaHdX NTA0VW38VtGZeEc2p/RNXEWccN4i/b09oLtVhU+PCtBlc44Ddh3DVAa/vNJ/twf4 WT6bLapFkpmMnP58Asxx9VkoK/CndXDrGjjx/W21AMSxpTIFkYL+Udpy1gw5tQer Fa/t5dYVanbO0FDzJwhVoRjAB9xB44ugaLxapt9wqv16SDSBcgXJMmcV1e2yD8Gy 1A1hsa2ukhVmuwwao4TcTHp3MGDZULEuVGvsC4KsaCrZgX7PBZvSEi+KbD+Ctsvv Cjo4DKJVKyYumo0Trr+KkwI3lRC5c+lO/Y86OKQ+2RLdLfBVVJL9FFwNVDr1gQXG +gdfHynpH8w= =luq2 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYHjhoONLKJtyKPYoAQgjPQ//XjpiePlce0X2J1eHJ+c0QA2miAclQEWc FvMHouziYY6HbDaV3FePWgL3blcYaJPZA8SPj5NtyGy88azujmDad8ORM3LS61hK JbWF98cLrjj03RZsFfT+2+KSFKZtT+SygKP+THw9GGc/zJHdKIFhPzRfQVDSHraO KXJgZ5VrqG+KlUgm58xD8nksrnJKhayKTqJbAEBSS9nOd0XWv8GtvMHmjn5YAxKL jQOldjgRQEQrgMUrubq8LuNF+mHQp1iDh7dqMXuADzPY+yGzynhkMD7Kt7UFzXeq cu0h8a5QMM7qlNlEitFwh4rgPlhDEgabFisfAxdBySiI5YaC8+EzAXMLntG9+tDs jpA4kT7WEPIomGxqVZYzAuZdWWpD5rwMfHd+nCk3pfEjVkZsAxxRAyxosnnb/8MI rwwFpmZ6URmUES/0Z0TKaIdcjgkCdtm7zUW2SrBmX5la/uSUUJgdX0WfYqqzNycT yLdUhz+oc8IOoleaw+eYdhoO8+uTFCD8yX2rHq+xm4Hzn5U/2r9A26YR7vFpURVU UzVk84cjHPZ0RbB02Enz7N0gEyrQ8uug6tLCdQOgoFAr7hrJj5mGFcLjFNETdXot WPQiCUImLoC74KjLN961JWlxibsQ5cYHGhW4Nzp2sGH7was/PoAV6cjJ7g8Is6om TLUVolrn6Xk= =MEr8 -----END PGP SIGNATURE-----
2021. április 16.

ESB-2021.1293 - [Appliance] McAfee Web Gateway Products: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1293 Status and updates for OpenSSL vulnerabilities (CVE-2021-3450 and 2021-3449) 16 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: McAfee Web Gateway (MWG) McAfee Web Gateway Cloud Service (MWGCS) Publisher: McAfee Operating System: Network Appliance Impact/Access: Denial of Service -- Remote/Unauthenticated Provide Misleading Information -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2021-3450 CVE-2021-3449 Reference: ESB-2021.1278 ESB-2021.1191 ESB-2021.1180 ESB-2021.1120 Original Bulletin: https://kc.mcafee.com/corporate/index?page=content&id=SB10356 - --------------------------BEGIN INCLUDED TEXT-------------------- McAfee Security Bulletin - Status and updates for OpenSSL vulnerabilities (CVE-2021-3450 and 2021-3449) Security Bulletins ID : SB10356 Last Modified : 4/14/2021 Summary First Published: April 14, 2021 +-----------------------------------------------------------------------------+ | CVE Information: | +--------------------------+--------------------------------------------------+ | Impact of | Low - see the Vulnerability Description section | | Vulnerabilities: | below | +---------------+----------+-------+-----------------------+------------------+ | | | CVSS | | | | CVE IDs | Severity | v3.1 | Affected Products | Impact of | | | Rating | Base | | Vulnerabilities | | | | Score | | | +---------------+----------+-------+-----------------------+------------------+ | | | | See the McAfee | CWE-295 - | | CVE-2021-3450 | High | 7.4 | Product Vulnerability | Improper | | | | | Status table below | Certificate | | | | | | Validation | +---------------+----------+-------+-----------------------+------------------+ | | | | See the McAfee | CWE-476 - NULL | | CVE-2021-3449 | Medium | 5.9 | Product Vulnerability | Pointer | | | | | Status table below | Dereference | +---------------+----------+-------+-----------------------+------------------+ | Highest CVSS v3.1 Base | High | | Score: | | +--------------------------+--------------------------------------------------+ | Recommendations: | Deploy the fixes as they are made available. | +--------------------------+--------------------------------------------------+ | Security Bulletin | None | | Replacement: | | +--------------------------+--------------------------------------------------+ | Affected Models: | See the McAfee Product Vulnerability Status | | | table below for platform details. | +--------------------------+--------------------------------------------------+ | Location of updated | http://www.mcafee.com/us/downloads/ | | software: | downloads.aspx | +--------------------------+--------------------------------------------------+ To receive email notification when this Security Bulletin is updated, click Subscribe on the right side of the page. You must be logged on to subscribe. Article contents: o Vulnerability Description o Remediation o Frequently Asked Questions (FAQs) o Resources o Disclaimer Vulnerability Description OpenSSL released a security advisory against version 1.1.1 with 1.1.1k containing the fix. Some McAfee products are using 1.0.2 (with an extended Support contract) and are not vulnerable. 1. CVE-2021-3150 The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a "purpose" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named "purpose" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j). https://nvd.nist.gov/vuln/detail/CVE-2021-3450 https://cve.mitre.org/cgi-bin/cvename.cginame=CVE-2021-3450 2. CVE-2021-3149 An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). https://nvd.nist.gov/vuln/detail/CVE-2021-3449 https://cve.mitre.org/cgi-bin/cvename.cginame=CVE-2021-3449 McAfee Product Vulnerability Status This Security Bulletin will be updated as additional information is available. +-----------------------------------------------------------------------------+ |Update Availability | +---------------------------------------+-------+-----------------------------+ |Product |Version|CVE-2021-3450 and | | | |CVE-2021-3449 | +---------------------------------------+-------+-----------------------------+ |Vulnerable and Updated | +---------------------------------------+-------+-----------------------------+ |McAfee Web Gateway (MWG) |All |10.1.1, 9.2.10, 8.2.19 | +---------------------------------------+-------+-----------------------------+ |McAfee Web Gateway Cloud Service |All |10.1.1, 9.2.10, 8.2.19 | |(MWGCS) | | | +---------------------------------------+-------+-----------------------------+ |Not Vulnerable | +---------------------------------------+-------+-----------------------------+ |Advanced Threat Defense (ATD) |All | | +---------------------------------------+-------+-----------------------------+ |Appliance Data Monitor (ADM) |All | | +---------------------------------------+-------+-----------------------------+ |Data Exchange Layer (DXL) Broker |All | | +---------------------------------------+-------+-----------------------------+ |Data Loss Prevention (DLP) |All | | |Prevent and Monitor | | | +---------------------------------------+-------+-----------------------------+ |McAfee Active Response (MAR) Server |All | | +---------------------------------------+-------+-----------------------------+ |Network Security Manager (NSM) Linux |All | | +---------------------------------------+-------+-----------------------------+ |Network Security Platform (NSP) |All | | +---------------------------------------+-------+-----------------------------+ |Network Threat Behavior Analysis (NTBA)|All | | +---------------------------------------+-------+-----------------------------+ |SIEM Enterprise Security Manager |All | | +---------------------------------------+-------+-----------------------------+ |Threat Intelligence Exchange (TIE) |All | | |Server | | | +---------------------------------------+-------+-----------------------------+ For a description of each product, see: https://www.mcafee.com/enterprise/en-us /products/a-z.html . Remediation To remediate this issue, go to the Product Downloads site , and download the applicable product update/hotfix file: +-------+-------+------+--------------+ |Product|Version|Type |Release Date | +-------+-------+------+--------------+ | |10.1.1,| | | |MWG |9.2.10,|Update|April 14, 2021| | |8.2.19 | | | +-------+-------+------+--------------+ | |10.1.1,| | | |MWGCS |9.2.10,|Update|April 14, 2021| | |8.2.19 | | | +-------+-------+------+--------------+ Download and Installation Instructions For instructions to download McAfee product updates and hotfixes, see: KB56057 - - How to download Enterprise product updates and documentation . Review the Release Notes and the Installation Guide for instructions on how to install these updates. All documentation is available at https://docs.mcafee.com . Frequently Asked Questions (FAQs) How do I know if my McAfee product is vulnerable or not For endpoint products: Use the following instructions for endpoint or client-based products: 1. Right-click the McAfee tray shield icon on the Windows taskbar. 2. Select Open Console . 3. In the console, select Action Menu . 4. In the Action Menu, select Product Details . The product version displays. For ePO/server products: Use the following instructions for server-based products: o Check the version and build of ePO that is installed. For instructions, see: KB52634 - How to determine what update is installed for ePO . o Create a query in ePO for the product version of the product installed within your organization. For Appliances: Use the following instructions for Appliance-based products: 1. Open the Administrator's User Interface (UI). 2. Click the About link. The product version displays. For DLPe ePO Extension: Use the following instructions: 1. Log on to the ePO server. 2. Click Menu , Data Protection , DLP Policy . 3. Inside the DLP console click Help , About . The product version displays. What is CVSS CVSS, or Common Vulnerability Scoring System, is the result of the National Infrastructure Advisory Council's effort to standardize a system of assessing the criticality of a vulnerability. This system offers an unbiased criticality score between 0 and 10 that customers can use to judge how critical a vulnerability is and plan accordingly. For more information, visit the CVSS website at: https://www.first.org/cvss/ . When calculating CVSS scores, McAfee has adopted a philosophy that fosters consistency and repeatability. Our guiding principle for CVSS scoring is to score the exploit under consideration by itself. We consider only the immediate and direct impact of the exploit under consideration. We do not factor into a score any potential follow-on exploits that might be made possible by the successful exploitation of the issue being scored. Where can I find a list of all Security Bulletins All Security Bulletins are published on our external PSIRT website at https:// www.mcafee.com/us/threat-center/product-security-bulletins.aspx . To see Security Bulletins for McAfee Enterprise products on this website click Enterprise Security Bulletins . Security Bulletins are retired (removed) once a product is both End of Sale and End of Support (End of Life). How do I report a product vulnerability to McAfee If you have information about a security issue or vulnerability with a McAfee product, visit the McAfee PSIRT website for instructions at https:// www.mcafee.com/us/threat-center/product-security-bulletins.aspx . To report an issue, click Report a Security Vulnerability . How does McAfee respond to this and any other reported security flaws Our key priority is the security of our customers. If a vulnerability is found within any McAfee software or services, we work closely with the relevant security software development team to ensure the rapid and effective development of a fix and communication plan. McAfee only publishes Security Bulletins if they include something actionable such as a workaround, mitigation, version update, or hotfix. Otherwise, we would simply be informing the hacker community that our products are a target, putting our customers at greater risk. For products that are updated automatically, a non-actionable Security Bulletin might be published to acknowledge the discoverer. View our PSIRT policy on the McAfee PSIRT website at https://www.mcafee.com/us/ threat-center/product-security-bulletins.aspx by clicking About PSIRT . Resources To contact Technical Support, log on to the ServicePortal and go to the Create a Service Request page at https://support.mcafee.com/ServicePortal/faces/ serviceRequests/createSR : o If you are a registered user, type your User ID and Password, and then click Log In . o If you are not a registered user, click Register and complete the required fields. Your password and logon instructions will be emailed to you. Disclaimer The information provided in this Security Bulletin is provided as is without warranty of any kind. McAfee disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall McAfee or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if McAfee or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the preceding limitation may not apply. Any future product release dates mentioned in this Security Bulletin are intended to outline our general product direction, and they should not be relied on in making a purchasing decision. The product release dates are for information purposes only, and may not be incorporated into any contract. The product release dates are not a commitment, promise, or legal obligation to deliver any material, code, or functionality. The development, release, and timing of any features or functionality described for our products remains at our sole discretion and may be changed or canceled at any time - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYHjhj+NLKJtyKPYoAQhF+BAAkyedDKyRa+WsmOGRQ4uvlL5vQpbmEmx/ 8TvTqzpmnfFAzqdxvUzcGeGJuOaJu/9zX+GfUNboCKJyIaonylQa7PUlw0TkCNnK G8L+H98VSOTFe/4eT0B44NffGfoNcVIw4qyC6GHAzzDqJYGgI3POnuKU0UKmXRpZ URfRMPZEh4INjka+w0Sc66eCgs1ZA3hsX8+1AtNr+jgsKRdxn2yoCfzvatlJF/Xe BnxtinQ7i7rElD5uq3SNGQVcUALaH53js7I4+Yt1m5D03eP7YFDOUzNc+IAegW7V 7qPZDMPGZBVxe97PzqRL1HnhXwEvrhJ+OWWTKVfhMhvqLa0Pi+SiPoZIy3EK9CKE 5zfGwZXPWGY7baBPgaSLKuCrdeOUhZZGHFTnr38ReDdgT+7npbeOEAWSaKgXRmVa 1p49I9ZdAhPJzjwT7XvxQKITtpZvFBt4Gagv6kt+MJHpoW3XV2Rj9g5l974G18Jz T5sCEpQ3nTm0oor+ezig0BSmZ1hWSfsaPXpWJUqcGCmVLAKngeiT3Oijxj7xc/mp 7+opS4SNjNDy98e4Pm3553fwEZ9OlFGIFgyW04s+ZhYkhk+urJIQ8lI1wVLDLIHu OVnCM/RINGBr9XpWvR5rAdZs/hGBFeQBlJi2KP3hFnwPPaeuUj/BozjsFZpHyNiK fBECPF30mzw= =zd2f -----END PGP SIGNATURE-----
2021. április 16.

ESB-2021.1292 - [Win] McAfee Data Loss Prevention (DLP) Endpoint for Windows: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1292 Data Loss Prevention Endpoint for Windows update fixes two vulnerabilities (CVE-2021-23886 and CVE-2021-23887) 16 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: McAfee Data Loss Prevention (DLP) Endpoint for Windows Publisher: McAfee Operating System: Windows Impact/Access: Increased Privileges -- Existing Account Denial of Service -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2021-23887 CVE-2021-23886 Original Bulletin: https://kc.mcafee.com/corporate/index?page=content&id=SB10357 - --------------------------BEGIN INCLUDED TEXT-------------------- McAfee Security Bulletin - Data Loss Prevention Endpoint for Windows update fixes two vulnerabilities (CVE-2021-23886 and CVE-2021-23887) Security Bulletins ID : SB10357 Last Modified : 4/14/2021 Summary First Published: April 14, 2021 +----------------+-----------+--------------+----------------+--------+--------+ | | | | | |CVSS | | |Impacted | |Impact of |Severity|v3.1 | |Product: |Versions: |CVE ID: |Vulnerabilities:|Ratings:|Base/ | | | | | | |Temporal| | | | | | |Scores: | +----------------+-----------+--------------+----------------+--------+--------+ |Data Loss | | |CWE-755: | | | |Prevention (DLP)|Prior to HF| |Improper | |5.5 / | |Endpoint for |11.6.100.41|CVE-2021-23886|Handling of |Medium |5.0 | |Windows | | |Exceptional | | | | | | |Conditions | | | +----------------+-----------+--------------+----------------+--------+--------+ | | | |CWE-269: | | | |DLP Endpoint for|Prior to HF|CVE-2021-23887|Privilege |High |7.8 / | |Windows |11.6.100.41| |escalation | |7.0 | | | | |vulnerability | | | +----------------+-----------+--------------+----------------+--------+--------+ |Recommendations:|Install or update DLP Endpoint for Windows to HF 11.6.100.41 | +----------------+-------------------------------------------------------------+ |Security | | |Bulletin |None | |Replacement: | | +----------------+-------------------------------------------------------------+ |Location of | | |updated |http://www.mcafee.com/us/downloads/downloads.aspx | |software: | | +----------------+-------------------------------------------------------------+ To receive email notification when this Security Bulletin is updated, click Subscribe on the right side of the page. You must be logged on to subscribe. Article contents: o Vulnerability Description o Remediation o Acknowledgments o Frequently Asked Questions (FAQs) o Resources o Disclaimer Vulnerability Description 1. CVE-2021-23886 Denial of Service vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.100 allows a local, low privileged, attacker to cause a BSoD through suspending a process, modifying the processes memory and restarting it. This is triggered by the hdlphook driver reading invalid memory. https://web.nvd.nist.gov/view/vuln/detailvulnId=CVE-2021-23886 https://cve.mitre.org/cgi-bin/cvename.cginame=CVE-2021-23886 2. CVE-2021-23887 Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.100 allows a local, low privileged, attacker to write to arbitrary controlled kernel addresses. This is achieved by launching applications, suspending them, modifying the memory and restarting them when they are monitored by McAfee DLP through the hdlphook driver. https://web.nvd.nist.gov/view/vuln/detailvulnId=CVE-2021-23887 https://cve.mitre.org/cgi-bin/cvename.cginame=CVE-2021-23887 Remediation To remediate this issue, customers should update to DLP Endpoint for Windows HF 11.6.100.41. Go to the Product Downloads site , and download the applicable product hotfix file: +------------------------+--------------+------+--------------+ |Product |Version |Type |Release Date | +------------------------+--------------+------+--------------+ |DLP Endpoint for Windows|HF 11.6.100.41|Hotfix|April 14, 2021| +------------------------+--------------+------+--------------+ Download and Installation Instructions For instructions to download McAfee product updates and hotfixes, see: KB56057 - - How to download Enterprise product updates and documentation . Review the Release Notes and the Installation Guide for instructions on how to install these updates. All documentation is available at https://docs.mcafee.com . Acknowledgments McAfee credits the following for responsibly reporting these flaws. CVE-2021-23886 - Assaf Kachlon from Morphisec CVE-2021-23887 - Andry Diment from Morphisec Frequently Asked Questions (FAQs) How do I know if my McAfee product is vulnerable or not For endpoint products: Use the following instructions for endpoint or client-based products: 1. Right-click the McAfee tray shield icon on the Windows taskbar. 2. Select Open Console . 3. In the console, select Action Menu . 4. In the Action Menu, select Product Details . The product version displays. What is CVSS CVSS, or Common Vulnerability Scoring System, is the result of the National Infrastructure Advisory Council's effort to standardize a system of assessing the criticality of a vulnerability. This system offers an unbiased criticality score between 0 and 10 that customers can use to judge how critical a vulnerability is and plan accordingly. For more information, visit the CVSS website at: https://www.first.org/cvss/ . When calculating CVSS scores, McAfee has adopted a philosophy that fosters consistency and repeatability. Our guiding principle for CVSS scoring is to score the exploit under consideration by itself. We consider only the immediate and direct impact of the exploit under consideration. We do not factor into a score any potential follow-on exploits that might be made possible by the successful exploitation of the issue being scored. What are the CVSS scoring metrics 1. CVE-2021-23886: Denial of Service in DLP Endpoint for Windows +------------------------+--------------------+ |Base Score |5.5 | +------------------------+--------------------+ |Attack Vector (AV) |Local (L) | +------------------------+--------------------+ |Attack Complexity (AC) |Low (L) | +------------------------+--------------------+ |Privileges Required (PR)|Low (L) | +------------------------+--------------------+ |User Interaction (UI) |None (N) | +------------------------+--------------------+ |Scope (S) |Unchanged (U) | +------------------------+--------------------+ |Confidentiality (C) |None (N) | +------------------------+--------------------+ |Integrity (I) |None (N) | +------------------------+--------------------+ |Availability (A) |High (H) | +------------------------+--------------------+ |Temporal Score (Overall)|5.0 | +------------------------+--------------------+ |Exploitability (E) |Proof-of-Concept (P)| +------------------------+--------------------+ |Remediation Level (RL) |Official Fix (O) | +------------------------+--------------------+ |Report Confidence (RC) |Confirmed (C) | +------------------------+--------------------+ NOTE: The below CVSS version 3.1 vector was used to generate this score. https://nvd.nist.gov/vuln-metrics/cvss/v3-calculatorvector=AV:L/AC:L/PR:L/ UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C&version=3.1 2. CVE-2021-23887: Privilege escalation in DLP Endpoint for Windows +------------------------+--------------------+ |Base Score |7.8 | +------------------------+--------------------+ |Attack Vector (AV) |Local (L) | +------------------------+--------------------+ |Attack Complexity (AC) |Low (L) | +------------------------+--------------------+ |Privileges Required (PR)|Low (L) | +------------------------+--------------------+ |User Interaction (UI) |None (N) | +------------------------+--------------------+ |Scope (S) |Unchanged (U) | +------------------------+--------------------+ |Confidentiality (C) |High (H) | +------------------------+--------------------+ |Integrity (I) |High (H) | +------------------------+--------------------+ |Availability (A) |High (H) | +------------------------+--------------------+ |Temporal Score (Overall)|7.0 | +------------------------+--------------------+ |Exploitability (E) |Proof-of-Concept (P)| +------------------------+--------------------+ |Remediation Level (RL) |Official Fix (O) | +------------------------+--------------------+ |Report Confidence (RC) |Confirmed (C) | +------------------------+--------------------+ NOTE: The below CVSS version 3.1 vector was used to generate this score. https://nvd.nist.gov/vuln-metrics/cvss/v3-calculatorvector=AV:L/AC:L/PR:L/ UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C&version=3.1 Where can I find a list of all Security Bulletins All Security Bulletins are published on our external PSIRT website at https:// www.mcafee.com/us/threat-center/product-security-bulletins.aspx . To see Security Bulletins for McAfee Enterprise products on this website click Enterprise Security Bulletins . Security Bulletins are retired (removed) once a product is both End of Sale and End of Support (End of Life). How do I report a product vulnerability to McAfee If you have information about a security issue or vulnerability with a McAfee product, visit the McAfee PSIRT website for instructions at https:// www.mcafee.com/us/threat-center/product-security-bulletins.aspx . To report an issue, click Report a Security Vulnerability . How does McAfee respond to this and any other reported security flaws Our key priority is the security of our customers. If a vulnerability is found within any McAfee software or services, we work closely with the relevant security software development team to ensure the rapid and effective development of a fix and communication plan. McAfee only publishes Security Bulletins if they include something actionable such as a workaround, mitigation, version update, or hotfix. Otherwise, we would simply be informing the hacker community that our products are a target, putting our customers at greater risk. For products that are updated automatically, a non-actionable Security Bulletin might be published to acknowledge the discoverer. View our PSIRT policy on the McAfee PSIRT website at https://www.mcafee.com/us/ threat-center/product-security-bulletins.aspx by clicking About PSIRT . Resources To contact Technical Support, log on to the ServicePortal and go to the Create a Service Request page at https://support.mcafee.com/ServicePortal/faces/ serviceRequests/createSR : o If you are a registered user, type your User ID and Password, and then click Log In . o If you are not a registered user, click Register and complete the required fields. Your password and logon instructions will be emailed to you. Disclaimer The information provided in this Security Bulletin is provided as is without warranty of any kind. McAfee disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall McAfee or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if McAfee or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the preceding limitation may not apply. Any future product release dates mentioned in this Security Bulletin are intended to outline our general product direction, and they should not be relied on in making a purchasing decision. The product release dates are for information purposes only, and may not be incorporated into any contract. The product release dates are not a commitment, promise, or legal obligation to deliver any material, code, or functionality. The development, release, and timing of any features or functionality described for our products remains at our sole discretion and may be changed or canceled at any time - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYHjhf+NLKJtyKPYoAQiUew//X9tCbJbfIBRzLgYOiIe+H9KeUvpakxw4 3+nxJTDTRiE/QZhiHjEPTgaiY/nYWWigoExS6DHXNFRuxxUrSYmQGcNaAdC2ecY5 ty+aMdsAp+jlihYGxEOfpQv/687i0olCrt3gl3JhmfiHTuU94avKogWIdEPLw0xO fsi/ivYa6Y0DWHVkIzxq5SZcFqnOExNtAbqzfDBhPCiEZh8IglfCe1ogwg9qhvAJ FSwe/9a/f+X5EKFhWwDI394bFLDHXXltwUsyfjuGD7DNfOPUWUmD7HcQFVywQPFU 50ScJ52lEUlZPGHVPmIXI26S+xPMF43CKTQ5qJEaMHH+lHOaavkvVQlLB3SMObEt NXP6/pxx3og4N7M7yhtMZ3xmbWiQ50FY7c3X3kQJo/NtXDjXF0xm7wNiFR0Y2Qhv /a9sTyrAH+gMUwzKolOo91u+rq9nOscAJrTCGwkDiDAMXiu8aNWG27q5bAziEIjz /NifQJQdgOqGxlZatlpgesDJ2VFD3wHDC9CpspRirp0LVVSdH6NNm48DaRQC8cC7 EpvnOBsIMpDWz9BiBMqAJml2Te2R5VM7Lue3XkN1IJMjV4XNpH/f3GYFIREdjUoL f1W4ggWhK7tiPqO4w+oYfKQegEn2OsbMVf+c2MTQKRI+aRr/VL8azs1dWa5698e8 ka0ua5Op5i0= =tcpw -----END PGP SIGNATURE-----
2021. április 16.

ESB-2021.1291 - [Appliance] McAfee Content Security Reporter (CSR): Access confidential data - Existing account

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1291 Content Security Reporter update fixes one vulnerability (CVE-2021-23884) 16 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: McAfee Content Security Reporter (CSR) Publisher: McAfee Operating System: Network Appliance Impact/Access: Access Confidential Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2021-23884 Original Bulletin: https://kc.mcafee.com/corporate/index?page=content&id=SB10353 - --------------------------BEGIN INCLUDED TEXT-------------------- McAfee Security Bulletin - Content Security Reporter update fixes one vulnerability (CVE-2021-23884) Security Bulletins ID : SB10353 Last Modified : 4/14/2021 Summary First Published: April 14, 2021 +----------------+---------+--------------+-----------------+--------+--------+ | | | | | |CVSS | | |Impacted | |Impact of |Severity|v3.1 | |Product: |Versions:|CVE ID: |Vulnerabilities: |Ratings:|Base/ | | | | | | |Temporal| | | | | | |Scores: | +----------------+---------+--------------+-----------------+--------+--------+ | | | |CWE-319: | | | |Content Security|Prior to | |Cleartext | |4.3 / | |Reporter (CSR) |2.8.0 |CVE-2021-23884|Transmission of |Medium |3.9 | | | | |Sensitive | | | | | | |Information | | | +----------------+---------+--------------+-----------------+--------+--------+ |Recommendations:|Upgrade to CSR 2.8.0 | +----------------+------------------------------------------------------------+ |Security | | |Bulletin |None | |Replacement: | | +----------------+------------------------------------------------------------+ |Location of | | |updated |http://www.mcafee.com/us/downloads/downloads.aspx | |software: | | +----------------+------------------------------------------------------------+ To receive email notification when this Security Bulletin is updated, click Subscribe on the right side of the page. You must be logged on to subscribe. Article contents: o Vulnerability Description o Remediation o Acknowledgments o Frequently Asked Questions (FAQs) o Resources o Disclaimer Vulnerability Description This feature is only available through on-premises ePO servers. The attacker would need to be on the same network as the ePO server, and know an ePO administrator's credentials, to exploit this vulnerability. The credentials for obtaining logs from Web Gateway and Web Gateway Cloud Server are configured in different parts of the ePO extension. The best practice is to have different passwords for each service. The passwords exposed through this vulnerability are stored encrypted in the CSR database, both before and post this fix. CVE-2021-23884 Cleartext Transmission of Sensitive Information vulnerability in the ePO Extension of McAfee Content Security Reporter (CSR) prior to 2.8.0 allows an ePO administrator to view the unencrypted password of the McAfee Web Gateway (MWG) or the password of the McAfee Web Gateway Cloud Server (MWGCS) read only user used to retrieve log files for analysis in CSR. https://web.nvd.nist.gov/view/vuln/detailvulnId=CVE-2021-23884 https://cve.mitre.org/cgi-bin/cvename.cginame=CVE-2021-23884 Remediation To remediate this issue, upgrade to CSR 2.8.0. Go to the Product Downloads site , and download the applicable product update file: +-------+-------+-----+--------------+ |Product|Version|Type |Release Date | +-------+-------+-----+--------------+ |CSR |2.8.0 |Minor|April 14, 2021| +-------+-------+-----+--------------+ Download and Installation Instructions For instructions to download McAfee product updates and hotfixes, see: KB56057 - - How to download Enterprise product updates and documentation . Review the Release Notes and the Installation Guide for instructions on how to install these updates. All documentation is available at https://docs.mcafee.com . Acknowledgments McAfee credits Derrick Berg from Eastman Kodak Company for responsibly reporting this flaw. Frequently Asked Questions (FAQs) How do I know if my McAfee product is vulnerable or not For endpoint products: Use the following instructions for endpoint or client-based products: 1. Right-click the McAfee tray shield icon on the Windows taskbar. 2. Select Open Console . 3. In the console, select Action Menu . 4. In the Action Menu, select Product Details . The product version displays. What is CVSS CVSS, or Common Vulnerability Scoring System, is the result of the National Infrastructure Advisory Council's effort to standardize a system of assessing the criticality of a vulnerability. This system offers an unbiased criticality score between 0 and 10 that customers can use to judge how critical a vulnerability is and plan accordingly. For more information, visit the CVSS website at: https://www.first.org/cvss/ . When calculating CVSS scores, McAfee has adopted a philosophy that fosters consistency and repeatability. Our guiding principle for CVSS scoring is to score the exploit under consideration by itself. We consider only the immediate and direct impact of the exploit under consideration. We do not factor into a score any potential follow-on exploits that might be made possible by the successful exploitation of the issue being scored. What are the CVSS scoring metrics CVE-2021-23884: Clear text exposure of password in CSR ePO extension +------------------------+--------------------+ |Base Score |4.3 | +------------------------+--------------------+ |Attack Vector (AV) |Adjacent Network (A)| +------------------------+--------------------+ |Attack Complexity (AC) |Low (L) | +------------------------+--------------------+ |Privileges Required (PR)|High (H) | +------------------------+--------------------+ |User Interaction (UI) |Required (R) | +------------------------+--------------------+ |Scope (S) |Unchanged (U) | +------------------------+--------------------+ |Confidentiality (C) |High (H) | +------------------------+--------------------+ |Integrity (I) |None (N) | +------------------------+--------------------+ |Availability (A) |None (N) | +------------------------+--------------------+ |Temporal Score (Overall)|3.9 | +------------------------+--------------------+ |Exploitability (E) |Proof-of-Concept (P)| +------------------------+--------------------+ |Remediation Level (RL) |Official Fix (O) | +------------------------+--------------------+ |Report Confidence (RC) |Confirmed (C) | +------------------------+--------------------+ NOTE: The below CVSS version 3.1 vector was used to generate this score. https://nvd.nist.gov/vuln-metrics/cvss/v3-calculatorvector=AV:A/AC:L/PR:H/UI:R /S:U/C:H/I:N/A:N/E:P/RL:O/RC:C&version=3.1 Where can I find a list of all Security Bulletins All Security Bulletins are published on our external PSIRT website at https:// www.mcafee.com/us/threat-center/product-security-bulletins.aspx . To see Security Bulletins for McAfee Enterprise products on this website click Enterprise Security Bulletins . Security Bulletins are retired (removed) once a product is both End of Sale and End of Support (End of Life). How do I report a product vulnerability to McAfee If you have information about a security issue or vulnerability with a McAfee product, visit the McAfee PSIRT website for instructions at https:// www.mcafee.com/us/threat-center/product-security-bulletins.aspx . To report an issue, click Report a Security Vulnerability . How does McAfee respond to this and any other reported security flaws Our key priority is the security of our customers. If a vulnerability is found within any McAfee software or services, we work closely with the relevant security software development team to ensure the rapid and effective development of a fix and communication plan. McAfee only publishes Security Bulletins if they include something actionable such as a workaround, mitigation, version update, or hotfix. Otherwise, we would simply be informing the hacker community that our products are a target, putting our customers at greater risk. For products that are updated automatically, a non-actionable Security Bulletin might be published to acknowledge the discoverer. View our PSIRT policy on the McAfee PSIRT website at https://www.mcafee.com/us/ threat-center/product-security-bulletins.aspx by clicking About PSIRT . Resources To contact Technical Support, log on to the ServicePortal and go to the Create a Service Request page at https://support.mcafee.com/ServicePortal/faces/ serviceRequests/createSR : o If you are a registered user, type your User ID and Password, and then click Log In . o If you are not a registered user, click Register and complete the required fields. Your password and logon instructions will be emailed to you. Disclaimer The information provided in this Security Bulletin is provided as is without warranty of any kind. McAfee disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall McAfee or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if McAfee or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the preceding limitation may not apply. Any future product release dates mentioned in this Security Bulletin are intended to outline our general product direction, and they should not be relied on in making a purchasing decision. The product release dates are for information purposes only, and may not be incorporated into any contract. The product release dates are not a commitment, promise, or legal obligation to deliver any material, code, or functionality. The development, release, and timing of any features or functionality described for our products remains at our sole discretion and may be changed or canceled at any time - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYHjfGONLKJtyKPYoAQjL+BAAiJ+ejhFXxG2IqkXZ60Kdh0PZLD1JdNI5 UQ3cTjt3YyQj5hjmRlyYLHHuiA2Dha4IiW7OB/QNOFrB6yXY7Qwz6yWkoxlkohPD r1eMVYoF0VekjOs8o+1FPqI0nTaOCDF1l5Qz4AfUAyQfjVuFsqAUwXae3kOiUV+/ Nt7waNJytESg+ShzW9vZERjLvzRb05bxWpD/NjCVDB879CN8Qdw4NhcGVPysAPOT oF5R7bEF2ZrIcShgZ6/Z6SdijdtKr7FYW4rX1y3nhknMLH3+u7nmpBjeHKcYx4qX ztv5vl7a2+MdosCk61z/30eTLQ0TgH/VNzVsUtNp4nuBSYGVo0FVjhWaevt8MdJ5 IhE2fPklVJE2LFhiTagiHBG0JnUgr0WeTeKTIezCs6PDcrlCoxj8agX7SawsToL1 TE2jd3LdWQWSAsFnvHPE1n03tPUTV2Cz3kY20BfUS7OdnOZswhhLmZu86ePwFYWB 1VejGJXQP4gKrM2uMVUF9AejSB1XhyOQskRk5amteiket6tTqrqZ3A8EaEGdvfnM Uiyt9gddF9OTcZXkA7agMPkssa1noNcOrZ8jNf5B+ALxotuV3aZtiJweJyYrvTX6 tT8769BDYv6IEH8umb/pvq7lpIUdTh/2C7al7Cob1rmjtwvUL2WbX/6Yhs9lPtkW yCxRT55NEDM= =l/1b -----END PGP SIGNATURE-----
2021. április 16.

ESB-2021.1290 - [Appliance] McAfee Advanced Threat Defense (ATD): Access confidential data - Existing account

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1290 Advanced Threat Defense update fixes two vulnerabilities (CVE-2020-7269 and CVE-2020-7270) 16 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: McAfee Advanced Threat Defense (ATD) Publisher: McAfee Operating System: Network Appliance Impact/Access: Access Confidential Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2020-7270 CVE-2020-7269 Original Bulletin: https://kc.mcafee.com/corporate/index?page=content&id=SB10336 - --------------------------BEGIN INCLUDED TEXT-------------------- McAfee Security Bulletin - Advanced Threat Defense update fixes two vulnerabilities (CVE-2020-7269 and CVE-2020-7270) Security Bulletins ID : SB10336 Last Modified : 4/14/2021 Summary First Published: April 14, 2021 +----------------+---------+-------------+------------------+--------+--------+ | | | | | |CVSS | | |Impacted | |Impact of |Severity|v3.1 | |Product: |Versions:|CVE ID: |Vulnerabilities: |Ratings:|Base/ | | | | | | |Temporal| | | | | | |Scores: | +----------------+---------+-------------+------------------+--------+--------+ | | | |CWE-200: | | | |Advanced Threat |Prior to | |Exposure of | |4.9 / | |Defense (ATD) |4.12.2 |CVE-2020-7269|Sensitive |Medium |4.4 | | | | |Information to an | | | | | | |Unauthorized Actor| | | +----------------+---------+-------------+------------------+--------+--------+ | | | |CWE-200: | | | | |Prior to | |Exposure of | |4.9 / | |ATD |4.12.2 |CVE-2020-7270|Sensitive |Medium |4.4 | | | | |Information to an | | | | | | |Unauthorized Actor| | | +----------------+---------+-------------+------------------+--------+--------+ |Recommendations:|Update to ATD 4.12.2 | +----------------+------------------------------------------------------------+ |Security | | |Bulletin |None | |Replacement: | | +----------------+------------------------------------------------------------+ |Location of | | |updated |http://www.mcafee.com/us/downloads/downloads.aspx | |software: | | +----------------+------------------------------------------------------------+ To receive email notification when this Security Bulletin is updated, click Subscribe on the right side of the page. You must be logged on to subscribe. Article contents: o Vulnerability Description o Remediation o Acknowledgments o Frequently Asked Questions (FAQs) o Resources o Disclaimer Vulnerability Description CVE-2020-7269 Exposure of Sensitive Information in the web interface in McAfee Advanced Threat Defense (ATD) prior to 4.12.2 allows remote authenticated users to view sensitive unencrypted information via a carefully crafted HTTP request parameter. The risk is partially mitigated if your ATD instances are deployed as recommended with no direct access from the Internet to them. https://web.nvd.nist.gov/view/vuln/detailvulnId=CVE-2020-7269 https://cve.mitre.org/cgi-bin/cvename.cginame=CVE-2020-7269 CVE-2020-7270 Exposure of Sensitive Information in the web interface in McAfee Advanced Threat Defense (ATD) prior to 4.12.2 allows remote authenticated users to view sensitive unencrypted information via a carefully crafted HTTP request parameter. The risk is partially mitigated if your ATD instances are deployed as recommended with no direct access from the Internet to them. https://web.nvd.nist.gov/view/vuln/detailvulnId=CVE-2020-7270 https://cve.mitre.org/cgi-bin/cvename.cginame=CVE-2020-7270 Remediation To remediate this issue, go to the Product Downloads site , and download the latest version. See the Frequently Asked Questions section for the path to upgrade from older versions to this version. +-------+-------+------+--------------+ |Product|Version|Type |Release Date | +-------+-------+------+--------------+ |ATD |4.12.2 |Update|April 14, 2021| +-------+-------+------+--------------+ Download and Installation Instructions See KB56057 for instructions on how to download McAfee products, documentation, updates, and hotfixes. Review the Release Notes and the Installation Guide for instructions on how to install these updates. All documentation is available at https://docs.mcafee.com . Migration See the Migration Guide for instructions to get to a protected version. IMPORTANT: When upgrading to the appropriate ATD version with the fix, you must use the migration package. Failure to use the correct migration package causes installation failures and requires a reimage of the appliance. Acknowledgments McAfee credits hoangcuongflp for responsibly reporting these flaws. Frequently Asked Questions (FAQs) How do I know if my McAfee product is vulnerable or not For Appliances: Use the following instructions for Appliance-based products: 1. Open the Administrator's User Interface (UI). 2. Click the About link. The product version displays. Is ATD 4.12.2 deployable to all ATD appliance models ATD Update 4.12.2 is applicable to all ATD models - both physical and virtual. What are the steps needed to get to a protected version +---------------+-------------------------+-----------------------------------+ | Starting | Total Number of Steps | | | Version | to Upgrade to Fixed | Upgrade Path | | | Version | | +---------------+-------------------------+-----------------------------------+ | 4.0.x | 4 | 4.0.x > 4.4.0 > 4.8.0 > 4.12.0 > | | | | 4.12.2 | +---------------+-------------------------+-----------------------------------+ | 4.2.x | 4 | 4.2.0 > 4.4.0 > 4.8.0 > 4.12.0 > | | | | 4.12.2 | +---------------+-------------------------+-----------------------------------+ | 4.4.x | 3 | 4.4.x > 4.8.0 > 4.12.0 > 4.12.2 | +---------------+-------------------------+-----------------------------------+ | 4.6.0 | 3 | 4.6.0 > 4.10.0 > 4.12.0 > 4.12.2 | +---------------+-------------------------+-----------------------------------+ | 4.6.2 | 3 | 4.6.2 > 4.10.0 > 4.12.0 > 4.12.2 | +---------------+-------------------------+-----------------------------------+ | 4.8.0 | 2 | 4.8.0 > 4.12.0 > 4.12.2 | +---------------+-------------------------+-----------------------------------+ | 4.8.2 | 2 | 4.8.2 > 4.12.0 > 4.12.2 | +---------------+-------------------------+-----------------------------------+ | 4.10 | 2 | 4.10.0 > 4.12.0 > 4.12.2 | +---------------+-------------------------+-----------------------------------+ | 4.12.0 | 1 | 4.12.0 > 4.12.2 | +---------------+-------------------------+-----------------------------------+ NOTES: o See Supported Upgrade Paths . o If you are running ATD version 3.8.x or earlier, McAfee strongly recommends a reimage of the ATD appliance directly to version 4.10. This reimage minimizes the number of upgrade steps and avoids potential upgrade failures. See Migration Criteria . o Installation could take a minimum of 30 minutes and up to two hours. The time depends on the number of virtual machines and the database size in the deployment. What are the migration packages recommended by version +---------+--------------------------------+-------------------------------------------------+ | Version | File Name | SHA | +---------+--------------------------------+-------------------------------------------------+ | 3.8.0 | system-3.8.0.29.58939.msu | 3BC121C870AC49FEF57EF406E40055B8867B3150369F013 | | | | E4395B5555A65FB3C | +---------+--------------------------------+-------------------------------------------------+ | 4.2.x | migration-4.2.0.20.64069.msu | 9CF6A0D7DC9CD8CD713F73FFAD3C81C12A1F3CFD0BF82 | | | | 713D79ABB069FEF1AEF | +---------+--------------------------------+-------------------------------------------------+ | 4.4.x | migration-4.4.0.26.a6835a.msu | 0FF4B2434FD24F13F3D23DBFC8C8E63F7F8B979991A2AC8 | | | | 7F61B2362447CCF3B | +---------+--------------------------------+-------------------------------------------------+ | 4.6.0 | migration-4.6.0.21.517580.msu | E9AD833DCCC47626B7AB48B6440CABC1183709A7F0BFE5 | | | | 4AD454DF2D993C99D5 | +---------+--------------------------------+-------------------------------------------------+ | 4.6.2 | system-4.6.2.13.8d1e42.msu | ED4A39A9E16237EF863F7E380799C49946DBACE0ABF1D | | | | 96225723AB4775F7FAF | +---------+--------------------------------+-------------------------------------------------+ | 4.8.0 | migration-4.8.0.17.c4d13a.msu | 58AF249F1F248B826127ECC861EBE5D50E61501C27376A | | | | B5893FE5E5370620A5 | +---------+--------------------------------+-------------------------------------------------+ | 4.8.2 | system-4.8.2.13.cc86f4.msu | 2E95F1A25D7E5369A7DCA795A840B765D221C188 | +---------+--------------------------------+-------------------------------------------------+ | 4.10.0 | system-4.10.0.13.4e84a5.msu | 2E95F1A25D7E5369A7DCA795A840B765D221C188 | +---------+--------------------------------+-------------------------------------------------+ | 4.12.0 | migration-4.12.0b.3.908cef.msu | d85c2ccd78ce452d80ded02a6fe2387a | +---------+--------------------------------+-------------------------------------------------+ | 4.12.2 | system-4.12.2.9.c38d50.msu | 78f79ade611382c0876b3d348e0040cc | +---------+--------------------------------+-------------------------------------------------+ What is CVSS CVSS, or Common Vulnerability Scoring System, is the result of the National Infrastructure Advisory Council's effort to standardize a system of assessing the criticality of a vulnerability. This system offers an unbiased criticality score between 0 and 10 that customers can use to judge how critical a vulnerability is and plan accordingly. For more information, visit the CVSS website at: https://www.first.org/cvss/ . When calculating CVSS scores, McAfee has adopted a philosophy that fosters consistency and repeatability. Our guiding principle for CVSS scoring is to score the exploit under consideration by itself. We consider only the immediate and direct impact of the exploit under consideration. We do not factor into a score any potential follow-on exploits that might be made possible by the successful exploitation of the issue being scored. What are the CVSS scoring metrics 1. CVE-2020-7269 - Sensitive Information Exposure in ATD +------------------------+-------------------------+ |Base Score |4.9 | +------------------------+-------------------------+ |Attack Vector (AV) |Adjacent (A) | +------------------------+-------------------------+ |Attack Complexity (AC) |Low (L) | +------------------------+-------------------------+ |Privileges Required (PR)|Low (L) | +------------------------+-------------------------+ |User Interaction (UI) |Required (R) | +------------------------+-------------------------+ |Scope (S) |Unchanged (U) | +------------------------+-------------------------+ |Confidentiality (C) |Low (L) | +------------------------+-------------------------+ |Integrity (I) |Low (L) | +------------------------+-------------------------+ |Availability (A) |Low (L) | +------------------------+-------------------------+ |Temporal Score (Overall)|4.4 | +------------------------+-------------------------+ |Exploitability (E) |Proof of concept code (P)| +------------------------+-------------------------+ |Remediation Level (RL) |Official Fix (O) | +------------------------+-------------------------+ |Report Confidence (RC) |Confirmed (C) | +------------------------+-------------------------+ NOTE: The below CVSS version 3.1 vector was used to generate this score. https://nvd.nist.gov/vuln-metrics/cvss/v3-calculatorvector=AV:A/AC:L/PR:L/ UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C&version=3.1 2. CVE-2020-7270 - Sensitive Information Exposure in ATD +------------------------+-------------------------+ |Base Score |4.9 | +------------------------+-------------------------+ |Attack Vector (AV) |Adjacent (A) | +------------------------+-------------------------+ |Attack Complexity (AC) |Low (L) | +------------------------+-------------------------+ |Privileges Required (PR)|Low (L) | +------------------------+-------------------------+ |User Interaction (UI) |Required (R) | +------------------------+-------------------------+ |Scope (S) |Unchanged (U) | +------------------------+-------------------------+ |Confidentiality (C) |Low (L) | +------------------------+-------------------------+ |Integrity (I) |Low (L) | +------------------------+-------------------------+ |Availability (A) |Low (L) | +------------------------+-------------------------+ |Temporal Score (Overall)|4.4 | +------------------------+-------------------------+ |Exploitability (E) |Proof of concept code (P)| +------------------------+-------------------------+ |Remediation Level (RL) |Official Fix (O) | +------------------------+-------------------------+ |Report Confidence (RC) |Confirmed (C) | +------------------------+-------------------------+ NOTE: The below CVSS version 3.1 vector was used to generate this score. https://nvd.nist.gov/vuln-metrics/cvss/v3-calculatorvector=AV:A/AC:L/PR:L/ UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C&version=3.1 Where can I find a list of all Security Bulletins All Security Bulletins are published on our external PSIRT website at https:// www.mcafee.com/us/threat-center/product-security-bulletins.aspx . To see Security Bulletins for McAfee Enterprise products on this website click Enterprise Security Bulletins . Security Bulletins are retired (removed) once a product is both End of Sale and End of Support (End of Life). How do I report a product vulnerability to McAfee If you have information about a security issue or vulnerability with a McAfee product, visit the McAfee PSIRT website for instructions at https:// www.mcafee.com/us/threat-center/product-security-bulletins.aspx . To report an issue, click Report a Security Vulnerability . How does McAfee respond to this and any other reported security flaws Our key priority is the security of our customers. If a vulnerability is found within any McAfee software or services, we work closely with the relevant security software development team to ensure the rapid and effective development of a fix and communication plan. McAfee only publishes Security Bulletins if they include something actionable such as a workaround, mitigation, version update, or hotfix. Otherwise, we would simply be informing the hacker community that our products are a target, putting our customers at greater risk. For products that are updated automatically, a non-actionable Security Bulletin might be published to acknowledge the discoverer. View our PSIRT policy on the McAfee PSIRT website at https://www.mcafee.com/us/ threat-center/product-security-bulletins.aspx by clicking About PSIRT . Resources To contact Technical Support, log on to the ServicePortal and go to the Create a Service Request page at https://support.mcafee.com/ServicePortal/faces/ serviceRequests/createSR : o If you are a registered user, type your User ID and Password, and then click Log In . o If you are not a registered user, click Register and complete the required fields. Your password and logon instructions will be emailed to you. Disclaimer The information provided in this Security Bulletin is provided as is without warranty of any kind. McAfee disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall McAfee or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if McAfee or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the preceding limitation may not apply. Any future product release dates mentioned in this Security Bulletin are intended to outline our general product direction, and they should not be relied on in making a purchasing decision. The product release dates are for information purposes only, and may not be incorporated into any contract. The product release dates are not a commitment, promise, or legal obligation to deliver any material, code, or functionality. The development, release, and timing of any features or functionality described for our products remains at our sole discretion and may be changed or canceled at any time - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYHjfB+NLKJtyKPYoAQjl/A//fhKoyd1A78DvWiUy/DyO4IedqWLzp9CE yOhoJxmO7QJPSpiMBpAtPxeSfLJFJ4yIMBing81x994bMaoA78J6unC/3rS5Ln9m a/c9MCWlv0O7hInctj3yEfd7tC5Zzrsu67dn3hCYop5DZxjZQPJHL2+Crtwi0Sze dfHC36oP2uOQNfat4dPKoD0yRABWAqSQjhH827KAxclLzf39wqhv9P5o199G6rte Im6OC7uF+k1h9g6qqBD09wxR2me/NY7ZsQ3XMKlwjkLvmy0vV+1Hv6+1QJ8aRgmT WM171Ie40HytuEpl/37B3H8A+FQ2xjaIVeHP009bkiHjACjF5T7IVIREQkaEtsni CXrxQMKrEZRlXYWWHJHiycFjHKhnGAstGm/hAhBsB6INvJv/MGGFobhXAkIWEooG xCsFUL2LnkxzMRBsC5GQTRpwsQmjiy4WHwHWka+TKSDHdFzFEhQZ8t0agblLzXH7 ooZ/eDHol+lhqQ23VRp//YbM/C9jxLmUQ5CjGrfacxaXPTGkCqEsbaiNY5hAEW21 j0oQkR5Svy2jthJhvob/6S3fQeITSNsWKlzsE9j6V79xhhoXw3dPyS5W6nd2r2mD 98vZ+SmOE0Wm4ae8MkBnT6wAfu4Rl5C1uRf053cUx3qCD3CUWQ2NGaP3jc3jy7or yHRI1Cy9rwc= =BTT5 -----END PGP SIGNATURE-----
2021. április 16.

ESB-2021.1289 - [Juniper] Junos OS: Denial of service - Remote/unauthenticated

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1289 JSA11149 - 2021-04 Security Bulletin: Junos OS: Kernel panic upon receipt of specific TCPv6 packet on management interface 16 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Junos OS Publisher: Juniper Networks Operating System: Juniper Impact/Access: Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2021-0258 Original Bulletin: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11149 - --------------------------BEGIN INCLUDED TEXT-------------------- 2021-04 Security Bulletin: Junos OS: Kernel panic upon receipt of specific TCPv6 packet on management interface (CVE-2021-0258) Article ID : JSA11149 Last Updated: 15 Apr 2021 Version : 2.0 Product Affected: This issue affects Junos OS 17.2, 17.3, 17.4, 18.1, 18.2, 18.3, 18.4, 19.1, 19.2, 19.3, 19.4. Problem: A vulnerability in the forwarding of transit TCPv6 packets received on the Ethernet management interface of Juniper Networks Junos OS allows an attacker to trigger a kernel panic, leading to a Denial of Service (DoS). Continued receipt and processing of these transit packets will create a sustained Denial of Service (DoS) condition. This issue only occurs when TCPv6 packets are routed through the management interface. Other transit traffic, and traffic destined to the management interface, are unaffected by this vulnerability. This issue was introduced as part of a TCP Parallelization feature added in Junos OS 17.2, and affects systems with concurrent network stack enabled. This feature is enabled by default, but can be disabled (see WORKAROUND section below). This issue affects Juniper Networks Junos OS: o 17.2R1-S7, 17.2R1-S8, 17.2R3 and later versions prior to 17.2R3-S4; o 17.3 versions prior to 17.3R3-S9; o 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; o 18.1 versions prior to 18.1R3-S11; o 18.2 versions prior to 18.2R3-S5; o 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; o 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; o 19.1 versions prior to 19.1R2-S2, 19.1R3; o 19.2 versions prior to 19.2R1-S5, 19.2R2; o 19.3 versions prior to 19.3R2-S4, 19.3R3; o 19.4 versions prior to 19.4R1-S3, 19.4R2. This issue does not affect Juniper Networks Junos OS 17.2 versions prior to 17.2R1-S7, or any version of 17.2R2. Any configuration with IPv6 enabled on the management interface is vulnerable to this issue. For example: [interfaces fxp0 unit 0 family inet6] Juniper SIRT is not aware of any malicious exploitation of this vulnerability. This issue was found during internal product security testing or research. This issue has been assigned CVE-2021-0258 . Solution: The following software releases have been updated to resolve this specific issue: Junos OS 17.2R3-S4, 17.3R3-S9, 17.4R2-S11, 17.4R3-S2, 18.1R3-S11, 18.2R3-S5, 18.3R2-S4, 18.3R3-S3, 18.4R2-S5, 18.4R3-S4, 19.1R2-S2, 19.1R3, 19.2R1-S5, 19.2R2, 19.3R2-S4, 19.3R3, 19.4R1-S3, 19.4R2, 20.1R1, and all subsequent releases. This issue is being tracked as 1477824 . Workaround: Disable TCP Parallelization: set system kernel-smp-features disable-concurrent-network-stack Implementation: Software releases or updates are available for download at https:// support.juniper.net/support/downloads/ Modification History: 2021-04-14: Initial Publication. 2021-04-15: Further clarification of Junos OS 17.2 affected releases. CVSS Score: 5.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) Severity Level: Medium Severity Assessment: Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories." - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYHje9uNLKJtyKPYoAQi+Rw/+OtONGHU0C16g+/nWw7obUGx5Xvr3JHta 6UzdF0vF4C0nXQCXr8brAYFly47cmVgnUFmcFhYx9weTUlu5zxJ3IPd/sCPse+wJ aNz/fHzv9ZvOpGQfKt59o8co8OlWTLGGWVPLL5edBjeIntKZRkb6N4RbhdDl1W0A 8SpChR5ZfIeBHwE+tKcl2SJjkvj25Kuo9T+eTSWGixvQTmcy7tO8tOM/Alk/o8bZ zzkT+tYhGJcrICS/uOD0TEiHnUpX2rZtaF1cf75wjyH3VaeAXr8JcrozHbV1w/aj McmjF3/jTMAsbw6N3T3fhsOI2P2an7kYizeKT//dXFEX5jtpHF5pxi+sdlRqIM+Z aJrVTukvorMl5YnW/jUC6xupHi9b9/Ts9g+KUa62LsrDblOPgRPeQugM1h8Imq5G TuzpzxOSkxUFxBHkDbUISpwPiTUjpAKunK1Lahn2fNrSWoFVDyaDhoefSVUXvsup cgclRmA8Lfq2xK9ahh1lrrpNcxTOpK4EWubYNJyrFSdHVfiifFatn8uAU6w54nN5 QEMWrylJiNYmZ3C08QAq4fOfr8r9TnhjaY7Vgsj2xvYc7ozpr0VrP/iJmWqEYGjq UUsx2IwfGDJGxkNszBtl3iBGuIWB/nCo600HQTHL2D6PBqxiszAJYuBUz1XH0/4K SVXZPo22EZo= =ROJv -----END PGP SIGNATURE-----
2021. április 16.

ESB-2021.1288 - [Juniper] Juniper Products: Unauthorised access - Existing account

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1288 JSA11140 - 2021-04 Security Bulletin: Junos OS: PTX Series, QFX Series: Due to a race condition input loopback firewall filters applied to interfaces may not operate even when listed in the running configuration. 16 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Junos OS: PTX Series Junos OS: QFX Series Publisher: Juniper Networks Operating System: Juniper Impact/Access: Unauthorised Access -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2021-0247 Original Bulletin: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11140 - --------------------------BEGIN INCLUDED TEXT-------------------- 2021-04 Security Bulletin: Junos OS: PTX Series, QFX Series: Due to a race condition input loopback firewall filters applied to interfaces may not operate even when listed in the running configuration. (CVE-2021-0247) Article ID : JSA11140 Last Updated: 15 Apr 2021 Version : 2.0 Product Affected: This issue affects Junos OS 14.1, 14.1X53, 15.1, 15.1X53, 16.1, 16.2, 17.1, 17.2, 17.3, 17.4, 18.1, 18.2, 18.3, 18.4, 19.1, 19.2. Affected platforms: PTX Series, QFX Series. Problem: A Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization) vulnerability in the firewall process (dfwd) of Juniper Networks Junos OS allows an attacker to bypass the firewall rule sets applied to the input loopback filter on any interfaces of a device. This issue is detectable by reviewing the PFE firewall rules, as well as the firewall counters and seeing if they are incrementing or not. For example: show firewall Filter: __default_bpdu_filter__ Filter: FILTER-INET-01 Counters: Name Bytes Packets output-match-inet 0 0 <<<<<< missing firewall packet count This issue affects: Juniper Networks Junos OS: o 14.1X53 versions prior to 14.1X53-D53 on QFX Series; o 14.1 versions 14.1R1 and later versions prior to 15.1 versions prior to 15.1R7-S6 on QFX Series, PTX Series; o 15.1X53 versions prior to 15.1X53-D593 on QFX Series; o 16.1 versions prior to 16.1R7-S7 on QFX Series, PTX Series; o 16.2 versions prior to 16.2R2-S11, 16.2R3 on QFX Series, PTX Series; o 17.1 versions prior to 17.1R2-S11, 17.1R3-S2 on QFX Series, PTX Series; o 17.2 versions prior to 17.2R1-S9, 17.2R3-S3 on QFX Series, PTX Series; o 17.3 versions prior to 17.3R2-S5, 17.3R3-S7 on QFX Series, PTX Series; o 17.4 versions prior to 17.4R2-S9, 17.4R3 on QFX Series, PTX Series; o 18.1 versions prior to 18.1R3-S9 on QFX Series, PTX Series; o 18.2 versions prior to 18.2R2-S6, 18.2R3-S3 on QFX Series, PTX Series; o 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3-S1 on QFX Series, PTX Series; o 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3 on QFX Series, PTX Series; o 19.1 versions prior to 19.1R1-S4, 19.1R2-S1, 19.1R3 on QFX Series, PTX Series; o 19.2 versions prior to 19.2R1-S3, 19.2R2 on QFX Series, PTX Series. This issue impact all filters families (inet, inet6, etc.) yet only on input loopback filters. It does not does not rely upon the location where a filter is set, impacting both logical and physical interfaces. Configuration examples for input filtering are posted on the support site and in product documentation. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. This issue was seen during production usage. This issue has been assigned CVE-2021-0247 . Solution: The following software releases have been updated to resolve this specific issue: Junos OS 14.1X53-D53, 15.1R7-S6, 15.1X53-D593, 16.1R7-S7, 16.2R2-S11, 16.2R3, 17.1R2-S11, 17.1R3-S2, 17.2R1-S9, 17.2R3-S3, 17.3R2-S5, 17.3R3-S7, 17.4R2-S9, 17.4R3, 18.1R3-S9, 18.2R2-S6, 18.2R3-S3, 18.3R1-S7, 18.3R2-S3, 18.3R3-S1, 18.4R1-S5, 18.4R2-S3, 18.4R3, 19.1R1-S4, 19.1R2-S1, 19.1R3, 19.2R1-S3, 19.2R2, 19.3R1, and all subsequent releases. This issue is being tracked as 1430385 . Workaround: There are no viable workarounds for this issue. Implementation: Software releases or updates are available for download at https:// support.juniper.net/support/downloads/ Modification History: 2021-04-14: Initial Publication. 2021-04-15: Removed spurious 18.4R2-S7 release entry in problem description. CVSS Score: 5.1 (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L) Severity Level: Medium Severity Assessment: Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories." - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYHje5ONLKJtyKPYoAQiMzQ/8DwTqk5HcKojdutRzMbTRaE3qR3Qn8hnU 0yquz/M+oA+TYA0YXK5hBPC9tmdhXkUEP/dtJc6wgeNIiCqNC2WUA3vtK/m3MViD +1lr9W9uB+VBCma68QDGBGdlfQpES/LxAICSu+65setPIc+GwYK7utYrkxTUPnBv 9DXdY+GWyGWXz8OnpR1jjLZpX+teZPGPJQPWm1Ai+aFj0G2m2lx1mxg8+BEz+fTK G+j3cPr/ciauhEEJyp6Tq5s3pYuT5PnoO+KnsTl/nq0L+IWu8HHToqkM1ggmj94s FzGTDThMUOzujeDXgy6Nm2VtflwK9QJsGpxpVpQwstzwrndvX28N2pZWU+RT2Ebo 9husVrgtEdqZFZuOthonQGXUSVc53SaW3+oXgpsUIdVkNLCsu2VnGBJodPHawlOi yPoFumr4/nAmxBiRPPckYLdVATNkjBY8MS19lPQkex3S5FTbrIFHlyIivZkqgAYx MbzW0dJoPmuryvtBRPSfKTbXmTlFTcPMzeJoaY3dQrjyDOCbO2D0p07l+/k+uA02 YiWsYjJmw0AEAuQNMONvwORbU26jXCIvg+fGnCdr3X4e1fKnmeuRAV7rdlWDE8+B /X1oZAXUwkG08E9WK6x9zQ4XxhQCO1khymG3qzUTWvEEFlRLKdVj6dCw3vWHQkGI hb54Y90MoOA= =x5yL -----END PGP SIGNATURE-----
2021. április 16.

ESB-2021.1171.2 - UPDATE [Cisco] Cisco Small Business RV Series Routers: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1171.2 Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities 16 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: RV132W ADSL2+ Wireless-N VPN Router RV134W VDSL2 Wireless-AC VPN Router RV160 VPN Router RV160W Wireless-AC VPN Router RV260 VPN Router RV260P VPN Router with PoE RV260W Wireless-AC VPN Router RV320 Dual Gigabit WAN VPN Router RV325 Dual Gigabit WAN VPN Router RV340 Dual WAN Gigabit VPN Router RV340W Dual WAN Gigabit Wireless-AC VPN Router RV345 Dual WAN Gigabit VPN Router RV345P Dual WAN Gigabit PoE VPN Router Publisher: Cisco Systems Operating System: Cisco Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2021-1309 CVE-2021-1308 CVE-2021-1251 Original Bulletin: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe Revision History: April 16 2021: Vendor updated vulnerable products and products confirmed not vulnerable. April 8 2021: Initial Release - --------------------------BEGIN INCLUDED TEXT-------------------- Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities Priority: High Advisory ID: cisco-sa-rv-multi-lldp-u7e4chCe First Published: 2021 April 7 16:00 GMT Last Updated: 2021 April 15 15:38 GMT Version 1.1: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvw62392 CSCvw62395 CSCvw62410 CSCvw62411 CSCvw62413 CSCvw62416 CSCvw62417 CSCvw62418 CSCvw94339 CSCvw94341 CSCvw95016 CSCvw95017 CSCvy01220 CVE Names: CVE-2021-1251 CVE-2021-1308 CVE-2021-1309 CWEs: CWE-119 CWE-130 CWE-400 Summary o Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe Affected Products o Vulnerable Products These vulnerabilities affect the following Cisco Small Business RV Series Routers if they are running a vulnerable firmware release and have LLDP enabled: RV132W ADSL2+ Wireless-N VPN Router RV134W VDSL2 Wireless-AC VPN Router RV160 VPN Router RV160W Wireless-AC VPN Router RV260 VPN Router RV260P VPN Router with PoE RV260W Wireless-AC VPN Router RV320 Dual Gigabit WAN VPN Router RV325 Dual Gigabit WAN VPN Router RV340 Dual WAN Gigabit VPN Router RV340W Dual WAN Gigabit Wireless-AC VPN Router RV345 Dual WAN Gigabit VPN Router RV345P Dual WAN Gigabit PoE VPN Router For information about which Cisco firmware releases are vulnerable, see the Fixed Software section of this advisory. LLDP Configurations For Cisco RV132W, RV134W, RV320, and RV325 Routers, LLDP is enabled by default on all LAN ports and WAN interfaces. For the following Cisco Small Business Routers, LLDP is enabled by default on the LAN ports and disabled by default on the WAN interfaces: RV160 VPN Router RV160W Wireless-AC VPN Router RV260 VPN Router RV260P VPN Router with PoE RV260W Wireless-AC VPN Router RV340 Dual WAN Gigabit VPN Router RV340W Dual WAN Gigabit Wireless-AC VPN Router RV345 Dual WAN Gigabit VPN Router RV345P Dual WAN Gigabit PoE VPN Router Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by these vulnerabilities. Cisco has confirmed that these vulnerabilities do not affect the following Cisco products: RV016 Multi-WAN VPN Router RV042 Dual WAN VPN Router RV042G Dual Gigabit WAN VPN Router RV082 Dual WAN VPN Router Details o These vulnerabilities are not dependent on one another. Exploitation of one of the vulnerabilities is not required to exploit another vulnerability. In addition, a software release that is affected by one of the vulnerabilities may not be affected by the other vulnerabilities. Details about the vulnerabilities are as follows: CVE-2021-1309: Cisco Small Business RV Series Routers Link Layer Discovery Protocol Remote Code Execution and Denial of Service Vulnerability A vulnerability in the LLDP implementation for Cisco Small Business RV Series Routers could allow an unauthenticated, adjacent attacker to execute arbitrary code on an affected device or cause the device to reload. This vulnerability is due to missing length validation of certain LLDP packet header fields. An attacker could exploit this vulnerability by sending a malicious LLDP packet to the targeted router. A successful exploit could allow the attacker to execute code on the affected router or cause it to reload unexpectedly, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Bug ID(s): CSCvw62392 , CSCvw62410 , CSCvw62413 , and CSCvw62416 CVE ID: CVE-2021-1309 Security Impact Rating (SIR): High CVSS Base Score: 8.8 CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-1251: Cisco Small Business RV Series Routers Link Layer Discovery Protocol Memory Leak Denial of Service Vulnerability A vulnerability in the LLDP implementation for Cisco Small Business RV Series Routers could allow an unauthenticated, adjacent attacker to cause a memory leak on an affected device. This vulnerability is due to missing length validation of certain LLDP packet header fields. An attacker could exploit this vulnerability by sending a malicious LLDP packet to the targeted router. A successful exploit could cause continuous memory consumption on an affected device and eventually cause it to reload, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Bug ID(s): CSCvw94339 , CSCvw94341 , CSCvw95016 , CSCvw95017 , and CSCvy01220 CVE ID: CVE-2021-1251 Security Impact Rating (SIR): High CVSS Base Score: 7.4 CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H CVE-2021-1308: Cisco Small Business RV Series Routers Link Layer Discovery Protocol Denial of Service Vulnerability A vulnerability in the LLDP implementation for Cisco Small Business RV Series Routers could allow an unauthenticated, adjacent attacker to cause an affected router to reload unexpectedly. This vulnerability is due to missing length validation of certain LLDP packet header fields. An attacker could exploit this vulnerability by sending a malicious LLDP packet to the targeted router. A successful exploit could allow the attacker to cause the affected router to reload unexpectedly, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Bug ID(s): CSCvw62395 , CSCvw62411 , CSCvw62417 , and CSCvw62418 CVE ID: CVE-2021-1308 Security Impact Rating (SIR): High CVSS Base Score: 7.4 CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Workarounds o There are no workarounds that address these vulnerabilities. Fixed Software o Cisco has released free software updates that address the vulnerabilities described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license: https://www.cisco.com/c/en/us/products/end-user-license-agreement.html Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades. When considering software upgrades , customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page , to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Customers Without Service Contracts Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c /en/us/support/web/tsd-cisco-worldwide-contacts.html Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade. Fixed Releases Customers are advised to upgrade to an appropriate fixed firmware release as indicated in the following table(s): Cisco Small Business Fixed Releases RV Series Routers RV132W 1.0.1.15 and later RV134W 1.0.1.21 and later RV160, RV160W, RV260, RV260P, and 1.0.01.03 and later RV260W Refer to End-of-Sale and End-of-Life Announcement for RV320 and RV325 the Cisco RV320 and RV325 Dual Gigabit WAN VPN Router . RV340, RV340W, 1.0.03.21 and later RV345, and RV345P To download the firmware from the Software Center on Cisco.com, do the following: 1. Click Browse all . 2. Choose Routers > Small Business Routers > Small Business RV Series Routers . 3. Choose the appropriate router. 4. Choose Small Business Router Firmware . 5. Choose a release from the left pane of the product page. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. Source o Cisco would like to thank Qian Chen of Qihoo 360 Nirvan Team for reporting these vulnerabilities. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy . This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe Revision History o +---------+------------------------+---------------+--------+-------------+ | Version | Description | Section | Status | Date | +---------+------------------------+---------------+--------+-------------+ | | Added that the RV320 | | | | | | and RV325 hardware | | | | | | platforms are | Vulnerable | | | | | vulnerable. Added that | Products, | | | | | RV016, RV042, and | Products | | | | 1.1 | RV082 are not | Confirmed Not | Final | 2021-APR-15 | | | vulnerable. Added | Vulnerable, | | | | | Cisco bug ID | Details, and | | | | | CSCvy01220 to advisory | Fixed | | | | | header and to the | Software | | | | | details for | | | | | | CVE-2021-1251. | | | | +---------+------------------------+---------------+--------+-------------+ | 1.0 | Initial public | - | Final | 2021-APR-07 | | | release. | | | | +---------+------------------------+---------------+--------+-------------+ - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYHj5UONLKJtyKPYoAQguqBAAo3v+zaSn5bQJ4+b+gGfp/FwJM8bZzsQa 9WpY3278TArYMdQFd0ToXE1bptUYovzKSbhcK7NFtKz34UGjc/AG1IyHbPhIj4DG 0xkKmfm0tR8BnI4BDvrk0EVOKkNuhMruD0F82qgLdDl0Kc2GREfXYrgbfPWvljvG GSZ2KWftCotFhDaslQBH6K8rldUsEtkS1kOABCHG4eyGVi6xDPOU7l4lPKNT6zIz 41s3hDWM2dT7xOmb8Pjdwge3I3Gk+MTfVHny7IC9r6vYPZXjtwvR+G3rmMQRMF0+ 4zMqj+PV75CgVmsVVdy4E8+Qj0yRP6mN5LTiCucq5t0twozMkks5/s8JSPyJVYR3 /79ax9b+kXu7bUNcyPTzgr8D4lq68cN/rOhnC1pTudtxbunhJvYFo6HXuA04q3YY F3QM8mgACMidsyaBPRj30aXHJ8NZm/LhJfPzLmqbblYealhnRJiNGql+sJYV2RZF fmNmFCwWEOzsxJ/OXRa8HeUAZFCjBywL25xiDz/7AiCQpvAOBwbI8vEdnTRqFo1r 3LZCIEBknjciXxTMcTlKCH3/FR/TGM2KT2x+TW2m+pasebTNbVx3ou301imZUZxG A3kTaXpt8E1Pu1aEUlqAuy/kQtQxgE4bl5A7ooZB7Zqvc3p7ImIITlPAvcfuwEmG 5rvB/hknNkA= =Jo9v -----END PGP SIGNATURE-----
2021. április 16.

ESB-2020.3249.3 - UPDATE [Appliance] FreeType: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.3249.3 F5 products: FreeType vulnerability CVE-2015-9382 16 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: FreeType Publisher: F5 Networks Operating System: Network Appliance Impact/Access: Denial of Service -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2015-9382 Reference: ESB-2019.3358 Original Bulletin: https://support.f5.com/csp/article/K46641512 Revision History: April 16 2021: Vendor released fixes for BIG-IP Products January 6 2021: Additional vulnerable versions added by vendor September 23 2020: Initial Release - --------------------------BEGIN INCLUDED TEXT-------------------- K46641512: FreeType vulnerability CVE-2015-9382 Original Publication Date: 23 Sep, 2020 Latest Publication Date: 16 Apr, 2021 Security Advisory Description FreeType before 2.6.1 has a buffer over-read in skip_comment in psaux/psobjs.c because ps_parser_skip_PS_token is mishandled in an FT_New_Memory_Face operation. (CVE-2015-9382) Impact An attacker may be able to use a maliciously crafted file to create a buffer overflow and potentially expose small amounts of memory from the PostScript process. Security Advisory Status F5 Product Development has assigned ID 945109 (BIG-IP) and ID 947305 (BIG-IQ) to this vulnerability. To determine if your product and version have been evaluated for this vulnerability, refer to the Applies to (see versions) box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases, point releases, or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to K51812227: Understanding security advisory versioning. +-------------------+------+----------+----------+----------+------+----------+ | | |Versions |Fixes | |CVSSv3|Vulnerable| |Product |Branch|known to |introduced|Severity |score^|component | | | |be |in | |1 |or feature| | | |vulnerable| | | | | +-------------------+------+----------+----------+----------+------+----------+ | |16.x |16.0.0 - |None | | | | | | |16.1.0 | | | | | | +------+----------+----------+ | | | | |15.x |15.1.0 - |None | | | | | | |15.1.2 | | | | | |BIG-IP (LTM, AAM, +------+----------+----------+ | | | |Advanced WAF, AFM, |14.x |14.1.0 - |14.1.4.1 | | | | |Analytics, APM, | |14.1.4 | | | |Linux | |ASM, DDHD, DNS, +------+----------+----------+Medium |4.3 |kernel | |FPS, GTM, Link |13.x |13.1.0 - |None | | |(BaseOS) | |Controller, PEM, | |13.1.3 | | | | | |SSLO) +------+----------+----------+ | | | | |12.x |12.1.0 - |12.1.6 | | | | | | |12.1.5 | | | | | | +------+----------+----------+ | | | | |11.x |11.6.1 - |11.6.5.3 | | | | | | |11.6.5 | | | | | +-------------------+------+----------+----------+----------+------+----------+ | |8.x |8.0.0 |None | | | | | +------+----------+----------+ | | | | |7.x |7.0.0 - |None | | | | |BIG-IQ Centralized | |7.1.0 | | | |Linux | |Management +------+----------+----------+Medium |4.3 |kernel | | |6.x |6.0.0 - |None | | |(BaseOS) | | | |6.1.0 | | | | | | +------+----------+----------+ | | | | |5.x |5.4.0 |None | | | | +-------------------+------+----------+----------+----------+------+----------+ |Traffix SDC |5.x |None |Not |Not |None |None | | | | |applicable|vulnerable| | | +-------------------+------+----------+----------+----------+------+----------+ ^1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge. Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Fixes introduced in column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists. Mitigation Do not allow Postscript files to be uploaded for customization or hosted content. Supplemental Information o K41942608: Overview of security advisory articles o K4602: Overview of the F5 security vulnerability response policy o K4918: Overview of the F5 critical issue hotfix policy o K9502: BIG-IP hotfix and point release matrix o K13123: Managing BIG-IP product hotfixes (11.x - 16.x) o K15106: Managing BIG-IQ product hotfixes o K15113: BIG-IQ hotfix and point release matrix o K48955220: Installing an OPSWAT Endpoint Security update on BIG-IP APM systems (11.4.x and later) o K167: Downloading software and firmware from F5 o K9970: Subscribing to email notifications regarding F5 products o K9957: Creating a custom RSS feed to view new and updated documents - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYHkAk+NLKJtyKPYoAQjloA//WQ4ZuAqrQV3WHmKvIpr8jZyTD6UzUCu1 Y+sqr6GtMOcFnhYdoWsQES0qlsMyj+c3siFa/TXRqm24/opzV9TiE+/m7i2JteaY i2d6QDIBmnzcTsL2+DGcqOZGL4BZjVpo7WFlmOquVkyghQUwhMpFo7p37nmR31/M Za9ASQW2oQrF5/R0an7L+ORrwh3jM48OU6D2/35wUF73+7mqCyG4O6IY7jC5gUSa yPI1mXFakVisTZkFRUUlPEjbns0eMpE676aJAnMqPpeR6DPp8XUTOfGITH2Xxf0f njJzBfJFNRwc0x2CSWANITf/efXUIDu5l3RFPw9SxWaltXSdKtUSQRnxRYYnSXt/ GicI0yDgvPXpo5OQRoMq+PaYWMX8vhzvXBtRjSg4Wl1/GLts02Xxbj2aP21iUpl4 1/2Fg1FlRbcydub/d1LDOJf5Q9VEwTOfg0hbDMHgNyqLkSoSN2kpT8uTiDGFvG2D ZLACEus2C3mdOdXCt88f6lY6V19oakfb5cB7LhdwqaqD0Zk/o0mFIOyPwQ1oKhev BVI8Jj7N6rDJgXRnLTDNT2TisOtcpuvXjF6iG2M8I18by8SLxgzed3FIYGhEUOIB 8IgVHd9NsXnPwedopQ2VvEbxy7YqnbWV+htsZ8H77MKX56rUGdF3HEk5+6DIcHCt i7a7aTLAGo8= =AliV -----END PGP SIGNATURE-----
2021. április 16.

ESB-2020.1562.3 - UPDATE [Appliance] F5 BIG-IP and BIG-IQ Products: Execute arbitrary code/commands - Existing account

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.1562.3 F5 secure shell vulnerability CVE-2020-5873 16 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: F5 BIG-IP Products F5 BIG-IQ Products Publisher: F5 Networks Operating System: Network Appliance Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2020-5873 Original Bulletin: https://support.f5.com/csp/article/K03585731 Revision History: April 16 2021: Vendor released fixes for BIG-IQ Centralized Management. May 14 2020: Vendor released minor update May 1 2020: Initial Release - --------------------------BEGIN INCLUDED TEXT-------------------- K03585731: F5 secure shell vulnerability CVE-2020-5873 Original Publication Date: 30 Apr, 2020 Latest Publication Date: 16 Apr, 2021 Security Advisory Description A user associated with the Resource Administrator role who has access to the secure copy (scp) utility but does not have access to Advanced Shell (bash) can execute arbitrary commands using a maliciously crafted scp request. ( CVE-2020-5873) Impact An authenticated user with Resource Administrator role can run shell commands with elevated privilege. Security Advisory Status F5 Product Development has assigned ID 780601 (BIG-IP), and ID 790469 (BIG-IQ) to this vulnerability. To determine if your product and version have been evaluated for this vulnerability, refer to the Applies to (see versions) box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to K51812227: Understanding Security Advisory versioning. +-------------------+------+----------+----------+----------+------+----------+ | | |Versions |Fixes | |CVSSv3|Vulnerable| |Product |Branch|known to |introduced|Severity |score^|component | | | |be |in | |1 |or feature| | | |vulnerable| | | | | +-------------------+------+----------+----------+----------+------+----------+ | |15.x |15.0.0 - |15.1.0 | | | | | | |15.0.1 |15.0.1.1 | | | | | +------+----------+----------+ | | | | |14.x |14.1.0 - |14.1.2.4^2| | | | |BIG-IP (LTM, AAM, | |14.1.2 | | | | | |AFM, Analytics, +------+----------+----------+ | | | |APM, ASM, DNS, FPS,|13.x |13.1.0 - |13.1.3.2 |High |7.8 |SSH | |GTM, Link | |13.1.3 | | | | | |Controller, PEM) +------+----------+----------+ | | | | |12.x |12.1.0 - |12.1.5.1 | | | | | | |12.1.5 | | | | | | +------+----------+----------+ | | | | |11.x |11.6.1 - |11.6.5.1 | | | | | | |11.6.5 | | | | | +-------------------+------+----------+----------+----------+------+----------+ | |8.x |None |8.0.0 | | | | | +------+----------+----------+ | | | | |7.x |7.0.0 - |None | | | | | | |7.1.0 | | | | | |BIG-IQ Centralized +------+----------+----------+High |7.8 |SSH | |Management |6.x |6.0.0 - |None | | | | | | |6.1.0 | | | | | | +------+----------+----------+ | | | | |5.x |5.3.0 - |None | | | | | | |5.4.0 | | | | | +-------------------+------+----------+----------+----------+------+----------+ |Traffix SDC |5.x |None |Not |Not |None |None | | | | |applicable|vulnerable| | | +-------------------+------+----------+----------+----------+------+----------+ ^1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge. ^2BIG-IP 14.1.2.4 is not a supported release; please use a later release. Refer to K5903: BIG-IP software support policy. Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Fixes introduced in column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists. Mitigation To mitigate this vulnerability, you can limit access to the management and self IP ports and limit login access to trusted users. For more information about securing access to the affected systems: o For BIG-IP or Enterprise Manager systems, refer to K13309: Restricting access to the Configuration utility by source IP address (11.x - 15.x) and K13092: Overview of securing access to the BIG-IP system. o For BIG-IQ systems, refer to K31401771: Restricting access to the BIG-IQ or F5 iWorkflow user interface by source IP address. For BIG-IQ systems, you may need to include addresses of the managed BIG-IP systems, high availability (HA) peers, and DCD nodes, depending on your configuration. Supplemental Information o K51812227: Understanding Security Advisory versioning o K41942608: Overview of Security Advisory articles o K4602: Overview of the F5 security vulnerability response policy o K4918: Overview of the F5 critical issue hotfix policy o K9502: BIG-IP hotfix and point release matrix o K13123: Managing BIG-IP product hotfixes (11.x - 15.x) o K15106: Managing BIG-IQ product hotfixes o K15113: BIG-IQ hotfix and point release matrix o K48955220: Installing an OPSWAT Endpoint Security update on BIG-IP APM systems (11.4.x and later) o K167: Downloading software and firmware from F5 o K9970: Subscribing to email notifications regarding F5 products o K9957: Creating a custom RSS feed to view new and updated documents - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYHkAgONLKJtyKPYoAQikzxAAqeqeCN9ykIlCBY61GerIMDybgi8/LKUf n5bGK+9NDCAq5WDuTneOvtNKhAv/pK1STQeaPsrwkrOcGB+0bQ+xyZsgw5ZaDNNq s40M+MrMgT8bNi9mDOUnJiJcolkA2oCWK7K0phAwH5i9A7lwENM7IURTmLa14qn1 USxzaVETafdhh/TXiBLeWLPq5afNQUV+t7IRSwEY36RWYai20Y8CnOZS17zG8ROG hoyh8edPJ6JZScrN05B1uAwIjihjHuX/VeyKJo9UvKbz//LoA06vzBvxmkL0S0FM OFQzFMbOJhCBX2T9eXXzjVbLvYXKr4a/fUiD2sb4M2rYiwKPJPcplos9MOgPrNyK K+vMZL2V5IZuPE2Zzm/6ZkmT/7vfqZRU+UV/8YqICxKOs5vI0bvbqoN820rUy6+9 UztodUNSHsRWBCTV9FzHKNNmmCd6FTDAYZSsbL5Y7HC0mhvX5RD1J7kDzQJgbINh 5p5EeBNjpUR26iAkuKz9Uei9uXCAyP/MNoh+bKr2NKAZHwW0zL8JB8VyAujRT6Md uyIlFTXHjXaFEaWoAd4PrB0opj/a9GG3ig/OIe8YCxmZdq60tg98+4KQJMGl1vdF jvnCiNxQFIok1I2ETYkQCIIqLzBZO47raHp0ghVEixFoCwuqTRZ1AfkFeYWig6N0 JEF/eOqEZK8= =c7na -----END PGP SIGNATURE-----
2021. április 15.

ESB-2021.1287 - [Win][UNIX/Linux] Google Chrome: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1287 Google Chrome Stable Channel Update for Desktop 15 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Google Chrome Publisher: Google Operating System: Windows UNIX variants (UNIX, Linux, OSX) Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Increased Privileges -- Remote with User Interaction Denial of Service -- Remote with User Interaction Provide Misleading Information -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Reduced Security -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2021-21221 CVE-2021-21219 CVE-2021-21218 CVE-2021-21217 CVE-2021-21216 CVE-2021-21215 CVE-2021-21214 CVE-2021-21213 CVE-2021-21212 CVE-2021-21211 CVE-2021-21210 CVE-2021-21209 CVE-2021-21208 CVE-2021-21207 CVE-2021-21205 CVE-2021-21204 CVE-2021-21203 CVE-2021-21202 CVE-2021-21201 Original Bulletin: https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html - --------------------------BEGIN INCLUDED TEXT-------------------- Stable Channel Update for Desktop Wednesday, April 14, 2021 The Chrome team is delighted to announce the promotion of Chrome 90 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 90.0.4430.72 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 90. Security Fixes and Rewards Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed. This update includes 37 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [$20000][1025683] High CVE-2021-21201: Use after free in permissions. Reported by Gengming Liu, Jianyu Chen at Tencent Keen Security Lab on 2019-11-18 [$10000][1188889] High CVE-2021-21202: Use after free in extensions. Reported by David Erceg on 2021-03-16 [$5000][1192054] High CVE-2021-21203: Use after free in Blink. Reported by asnine on 2021-03-24 [$1000][1189926] High CVE-2021-21204: Use after free in Blink. Reported by Chelse Tsai-Simek, Jeanette Ulloa, and Emily Voigtlander of Seesaw on 2021-03-19 [$TBD][1165654] High CVE-2021-21205: Insufficient policy enforcement in navigation. Reported by Alison Huffman, Microsoft Browser Vulnerability Research on 2021-01-12 [$TBD][1195333] High CVE-2021-21221: Insufficient validation of untrusted input in Mojo. Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2021-04-02 [$5000][1185732] Medium CVE-2021-21207: Use after free in IndexedDB. Reported by koocola (@alo_cook) and Nan Wang (@eternalsakura13) of 360 Alpha Lab on 2021-03-08 [$3000][1039539] Medium CVE-2021-21208: Insufficient data validation in QR scanner. Reported by Ahmed Elsobky (@0xsobky) on 2020-01-07 [$3000][1143526] Medium CVE-2021-21209: Inappropriate implementation in storage. Reported by Tom Van Goethem (@tomvangoethem) on 2020-10-29 [$3000][1184562] Medium CVE-2021-21210: Inappropriate implementation in Network. Reported by @bananabr on 2021-03-04 [$2000][1103119] Medium CVE-2021-21211: Inappropriate implementation in Navigation. Reported by Akash Labade (m0ns7er) on 2020-07-08 [$500][1145024] Medium CVE-2021-21212: Incorrect security UI in Network Config UI. Reported by Hugo Hue and Sze Yiu Chau of the Chinese University of Hong Kong on 2020-11-03 [$N/A][1161806] Medium CVE-2021-21213: Use after free in WebMIDI. Reported by raven (@raid_akame) on 2020-12-25 [$TBD][1170148] Medium CVE-2021-21214: Use after free in Network API. Reported by Anonymous on 2021-01-24 [$TBD][1172533] Medium CVE-2021-21215: Inappropriate implementation in Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-01-30 [$TBD][1173297] Medium CVE-2021-21216: Inappropriate implementation in Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-02-02 [$500][1166462] Low CVE-2021-21217: Uninitialized Use in PDFium. Reported by Zhou Aiting (@zhouat1) of Qihoo 360 Vulcan Team on 2021-01-14 [$500][1166478] Low CVE-2021-21218: Uninitialized Use in PDFium. Reported by Zhou Aiting (@zhouat1) of Qihoo 360 Vulcan Team on 2021-01-14 [$500][1166972] Low CVE-2021-21219: Uninitialized Use in PDFium. Reported by Zhou Aiting (@zhouat1) of Qihoo 360 Vulcan Team on 2021-01-15 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.As usual, our ongoing internal security work was responsible for a wide range of fixes: o [1198709] Various fixes from internal audits, fuzzing and other initiatives Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL. Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues. Thank you, Srinivas Sista - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYHfTVeNLKJtyKPYoAQj7DA//ZVNRnaZRkhrmlJsOeZa0hwrdkOo0n+aX S008CUbj5Hq+NU1sKxammywfpABC1pTmJt6DogMHSykKGv8w0g1iQc3Urkt83w7B jTTUAOHECyZQvJWa7D5y01fO6amrbImkCyDHdiorp7IzZ93EQSP9sxbcwv1cpdHu 94wPaEF0hw20Rv0PuLx6yXSnR/Uc7y1hzCXTk6UWONZQMzx2yaczhOq7YZ6wYKXN xDl8pV/jqAFR/g9SxyQqK+6TIPzRMwhLxkZKQhhDRfJG/bXHKT9KZLZRk8LSG8UY SAVlznckLekM/UUw9nkrCerZig5KHA8qV42OKQf3CiiBrE5ihQcqyyMeRacLohJX w+4nUQYqylMM0GiKl8ZQ1BuaoENj1yy70PqAXYE6+M8+gjYcT0L/6h9xHolfY9Y9 ++564AP7R/dFeHx/WxztiTqlClGSI8lvSP3D9V5SnkmOY3t8IwVvICGlPBVi2eHd 4NUGRRwcMfTxxZgo2diVjFLHeAmBcuxVXoBLKmxoh/ghoBUMLHpQ4IanOigNJhx3 Zzd9mkE8aO9dtU444vXqyLS0FKVevAKpKpqUTHCT4FGi5YEu5sBteN6ah/h/FDiY x1DcgNj6J0NoN1aulY8XGhoxM7RArx5+wjnvb/XEr7Fe/uFQxl4tBFt+p01L2Sp2 iOD2+eQubQY= =wW6X -----END PGP SIGNATURE-----
2021. április 15.

ESB-2021.1286 - [Win][UNIX/Linux] Joomla! CMS: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1286 [20210402] - Core - Inadequate filters on module layout settings 15 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Joomla! CMS Publisher: Joomla! Project Operating System: Windows UNIX variants (UNIX, Linux, OSX) Impact/Access: Access Confidential Data -- Unknown/Unspecified Reduced Security -- Unknown/Unspecified Resolution: Patch/Upgrade CVE Names: CVE-2021-26031 Original Bulletin: https://developer.joomla.org/security-centre/851-20210402-core-inadequate-filters-on-module-layout-settings.html - --------------------------BEGIN INCLUDED TEXT-------------------- Security Announcements [20210402] - Core - Inadequate filters on module layout settings o Project: Joomla! o SubProject: CMS o Impact: Low o Severity: Low o Versions: 3.0.0 - 3.9.25 o Exploit type: LFI o Reported Date: 2021-01-03 o Fixed Date: 2021-04-13 o CVE Number: CVE-2021-26031 Description Inadequate filters on module layout settings could lead to an LFI. Affected Installs Joomla! CMS versions 3.0.0 - 3.9.25 Solution Upgrade to version 3.9.26 Contact The JSST at the Joomla! Security Centre. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYHfTPeNLKJtyKPYoAQjpYA/6A+Ddfo5gFMpb1H472+jZiuDaO3wrKIgz sUXDZYTq2j/T3pCq+lHmdSzqx7K2crXDD8yCPRFum+Pqk7+PyVwWEQaRuR6I83gA qxrIGo8aG9oJuO8Mg46cDfFl78yZzNSh1S9zJh+Nt9scyi4SPa/fHxSSJ5a6+dfY b+0cAua9FcIIpbFr/yCZlQ0YdN/cZbWsMuXnaZl9hgL9rDtiHtCRyJOP+uD5JdwQ RqZTPpRpmJlqmGPwgzpa5K4en1tEkGcl6AQMbTthNQrfU9myQC1ftC7LNUnt1rRW QEatTxa0VozdLkZQQRRopZXM98mN5Ov9Z7qWa7rZT/sYrl8CR4y6PdXPugVlVTsO m+E2RbjXF+kS/Z3PqWKdPPttPkNgOHm56MeCoorC1LQoeOepLEmjCv3oRglQL1ZT BitafJlq3UK6GJ7WmS/VIqTgPcrTFBuC8RE8lkqemHsC0cBcd9FrNWH3h5QBQ8zI LJCGISWVyXWjlkXjNiJ4ttfzTgp4HCyOGIKg0bqVwttpvhFj4SM3xlagqZh5dL6e 2SDdrgOf9B9WD/ko6e9G9gjtUKJPsbReIg8hHmxn+XBpKGqhq38Y+531hGHey0Pm ztIp+GxFZ0n8DiJHophFdjEC8Ojx3OjDPzduK+R/buNnkW7qJkPwrmHvIWaoACY0 22f0HE61IU0= =6SMN -----END PGP SIGNATURE-----